diff --git a/0029-Add-support-for-the-LoongArch-architecture.patch b/0029-Add-support-for-the-LoongArch-architecture.patch deleted file mode 100644 index 4976d64..0000000 --- a/0029-Add-support-for-the-LoongArch-architecture.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff --git a/src/basic/architecture.c b/src/basic/architecture.c -index 409632c..e86aff3 100644 ---- a/src/basic/architecture.c -+++ b/src/basic/architecture.c -@@ -118,6 +118,8 @@ int uname_architecture(void) { - #elif defined(__arc__) - { "arc", ARCHITECTURE_ARC }, - { "arceb", ARCHITECTURE_ARC_BE }, -+#elif defined(__loongarch64) -+ { "loongarch64", ARCHITECTURE_LOONGARCH64 }, - #else - #error "Please register your architecture here!" - #endif -@@ -173,6 +175,7 @@ static const char *const architecture_table[_ARCHITECTURE_MAX] = { - [ARCHITECTURE_RISCV64] = "riscv64", - [ARCHITECTURE_ARC] = "arc", - [ARCHITECTURE_ARC_BE] = "arc-be", -+ [ARCHITECTURE_LOONGARCH64] = "loongarch64", - }; - - DEFINE_STRING_TABLE_LOOKUP(architecture, int); -diff --git a/src/basic/architecture.h b/src/basic/architecture.h -index 9abc183..758bd8c 100644 ---- a/src/basic/architecture.h -+++ b/src/basic/architecture.h -@@ -44,6 +44,7 @@ enum { - ARCHITECTURE_RISCV64, - ARCHITECTURE_ARC, - ARCHITECTURE_ARC_BE, -+ ARCHITECTURE_LOONGARCH64, - _ARCHITECTURE_MAX, - _ARCHITECTURE_INVALID = -EINVAL, - }; -@@ -229,6 +230,9 @@ int uname_architecture(void); - # define native_architecture() ARCHITECTURE_ARC - # define LIB_ARCH_TUPLE "arc-linux" - # endif -+#elif defined(__loongarch64) -+# define native_architecture() ARCHITECTURE_LOONGARCH64 -+# define LIB_ARCH_TUPLE "loongarch64-linux-gnu" - #else - # error "Please register your architecture here!" - #endif diff --git a/0030-Add-LoongArch-dmi-virt-detection-and-testcase.patch b/0030-Add-LoongArch-dmi-virt-detection-and-testcase.patch deleted file mode 100644 index 13cf40b..0000000 --- a/0030-Add-LoongArch-dmi-virt-detection-and-testcase.patch +++ /dev/null @@ -1,65 +0,0 @@ -diff --git a/src/basic/virt.c b/src/basic/virt.c -index 7e88f09..de1acf1 100644 ---- a/src/basic/virt.c -+++ b/src/basic/virt.c -@@ -140,7 +140,7 @@ static int detect_vm_device_tree(void) { - #endif - } - --#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) -+#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch64) - static int detect_vm_dmi_vendor(void) { - static const char *const dmi_vendors[] = { - "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */ -@@ -225,10 +225,10 @@ static int detect_vm_smbios(void) { - log_debug("DMI BIOS Extension table does not indicate virtualization."); - return SMBIOS_VM_BIT_UNSET; - } --#endif /* defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) */ -+#endif /* defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch64) */ - - static int detect_vm_dmi(void) { --#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) -+#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch64) - - int r; - r = detect_vm_dmi_vendor(); -diff --git a/src/test/test-execute.c b/src/test/test-execute.c -index 125e0bb..6e168d3 100644 ---- a/src/test/test-execute.c -+++ b/src/test/test-execute.c -@@ -284,6 +284,8 @@ static void test_exec_personality(Manager *m) { - - #elif defined(__i386__) - test(m, "exec-personality-x86.service", 0, CLD_EXITED); -+#elif defined(__loongarch64) -+ test(m, "exec-personality-loongarch64.service", 0, CLD_EXITED); - #else - log_notice("Unknown personality, skipping %s", __func__); - #endif -diff --git a/src/udev/meson.build b/src/udev/meson.build -index 4e80f9b..f2eb0b2 100644 ---- a/src/udev/meson.build -+++ b/src/udev/meson.build -@@ -129,7 +129,7 @@ udev_id_progs = [['ata_id/ata_id.c'], - 'mtd_probe/mtd_probe.h', - 'mtd_probe/probe_smartmedia.c']] - --dmi_arches = ['x86', 'x86_64', 'aarch64', 'arm', 'ia64', 'mips'] -+dmi_arches = ['x86', 'x86_64', 'aarch64', 'arm', 'ia64', 'loongarch64', 'mips'] - if dmi_arches.contains(host_machine.cpu_family()) - udev_id_progs += [['dmi_memory_id/dmi_memory_id.c']] - endif -diff --git a/test/test-execute/exec-personality-loongarch64.service b/test/test-execute/exec-personality-loongarch64.service -new file mode 100644 -index 0000000..0531ad1 ---- /dev/null -+++ b/test/test-execute/exec-personality-loongarch64.service -@@ -0,0 +1,7 @@ -+[Unit] -+Description=Test for Personality=loongarch64 -+ -+[Service] -+ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "loongarch64")' -+Type=oneshot -+Personality=loongarch64 diff --git a/Don-t-set-AlternativeNamesPolicy-by-default.patch b/Don-t-set-AlternativeNamesPolicy-by-default.patch deleted file mode 100644 index 24fe54b..0000000 --- a/Don-t-set-AlternativeNamesPolicy-by-default.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 1e3f74b7ca5ead53c10e5b37cf8660651f32d181 Mon Sep 17 00:00:00 2001 -From: xujing -Date: Thu, 11 Aug 2022 19:53:35 +0800 -Subject: [PATCH] Don't set AlternativeNamesPolicy by default - -When a network adapter is renamed, the altname of the network adapter may be -set based on AlternativeNamesPolicy. As a result, the network adapter name -fails to be restored. For example, after enp4s0 is renamed tmp, udev sets the -altname of tmp to enp4s0. If you want to restore tmp to enp4s0, it will fail. ---- - network/99-default.link | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/network/99-default.link b/network/99-default.link -index 31aee37..db48c4d 100644 ---- a/network/99-default.link -+++ b/network/99-default.link -@@ -12,5 +12,4 @@ OriginalName=* - - [Link] - NamePolicy=keep kernel database onboard slot path --AlternativeNamesPolicy=database onboard slot path - MACAddressPolicy=none --- -2.23.0 - diff --git a/Make-systemd-udevd.service-start-after-systemd-remou.patch b/Make-systemd-udevd.service-start-after-systemd-remou.patch deleted file mode 100644 index 18bdc37..0000000 --- a/Make-systemd-udevd.service-start-after-systemd-remou.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 4c230d1d73e9f9a6d1fe654599a63881c344a00c Mon Sep 17 00:00:00 2001 -From: openEuler Buildteam -Date: Tue, 29 Jan 2019 22:54:34 -0500 -Subject: [PATCH] Make systemd-udevd.service start after systemd-remount-fs.service. ---- - units/systemd-udevd.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in -index 9ada3a6a74..17f15bba83 100644 ---- a/units/systemd-udevd.service.in -+++ b/units/systemd-udevd.service.in -@@ -11,7 +11,7 @@ - Description=Rule-based Manager for Device Events and Files - Documentation=man:systemd-udevd.service(8) man:udev(7) - DefaultDependencies=no --After=systemd-sysusers.service systemd-hwdb-update.service -+After=systemd-sysusers.service systemd-hwdb-update.service systemd-remount-fs.service - Before=sysinit.target - ConditionPathIsReadWrite=/sys - --- -2.23.0 - diff --git a/Retry-to-handle-the-uevent-when-worker-is-terminated.patch b/Retry-to-handle-the-uevent-when-worker-is-terminated.patch deleted file mode 100644 index 39fa1d2..0000000 --- a/Retry-to-handle-the-uevent-when-worker-is-terminated.patch +++ /dev/null @@ -1,87 +0,0 @@ -From a3d2f4261ef9a953904e3e21abafba0dad7daa77 Mon Sep 17 00:00:00 2001 -From: gaoyi -Date: Mon, 28 Sep 2020 22:36:37 +0800 -Subject: [PATCH] Retry to handle the uevent when worker is terminated abnormal - -When processing uevent events fails, retry it. ---- - src/udev/udevd.c | 35 +++++++++++++++++++++++++++++++++-- - 1 file changed, 33 insertions(+), 2 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 75e2086..023fe55 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -69,6 +69,7 @@ - #include "version.h" - - #define WORKER_NUM_MAX 2048U -+#define UEVENT_MAX_RETRY_TIMES 3 - #define EVENT_RETRY_INTERVAL_USEC (200 * USEC_PER_MSEC) - #define EVENT_RETRY_TIMEOUT_USEC (3 * USEC_PER_MINUTE) - -@@ -123,6 +124,7 @@ typedef struct Event { - Manager *manager; - Worker *worker; - EventState state; -+ int retry; - - sd_device *dev; - -@@ -166,6 +168,32 @@ typedef enum EventResult { - _EVENT_RESULT_INVALID = -EINVAL, - } EventResult; - -+static bool event_retry(Event *event) { -+ if (!event) -+ return false; -+ -+ assert(event->manager); -+ -+ if (--event->retry < 0) { -+ log_device_error(event->dev, "Retry failed."); -+ return false; -+ } -+ -+ log_device_info(event->dev, "Retry %d times.", UEVENT_MAX_RETRY_TIMES - event->retry); -+ -+ event->timeout_warning_event = sd_event_source_unref(event->timeout_warning_event); -+ event->timeout_event = sd_event_source_unref(event->timeout_event); -+ -+ if (event->worker) { -+ event->worker->event = NULL; -+ event->worker = NULL; -+ } -+ -+ event->state = EVENT_QUEUED; -+ -+ return true; -+} -+ - static Event *event_free(Event *event) { - if (!event) - return NULL; -@@ -1118,6 +1146,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - .seqnum = seqnum, - .action = action, - .state = EVENT_QUEUED, -+ .retry = UEVENT_MAX_RETRY_TIMES, - }; - - if (LIST_IS_EMPTY(manager->events)) { -@@ -1547,8 +1576,10 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi - device_delete_db(worker->event->dev); - device_tag_index(worker->event->dev, NULL, false); - -- /* Forward kernel event to libudev listeners */ -- device_broadcast(manager->monitor, worker->event->dev); -+ if (event_retry(worker->event) == false) { -+ /* Forward kernel event to libudev listeners */ -+ device_broadcast(manager->monitor, worker->event->dev); -+ } - } - - worker_free(worker); --- -2.33.0 - diff --git a/Revert-core-one-step-back-again-for-nspawn-we-actual.patch b/Revert-core-one-step-back-again-for-nspawn-we-actual.patch deleted file mode 100644 index 2673f6b..0000000 --- a/Revert-core-one-step-back-again-for-nspawn-we-actual.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 9d0046ceca10911361137d6496987cb15ffff132 Mon Sep 17 00:00:00 2001 -From: Lukas Nykryn -Date: Thu, 25 Jun 2015 09:20:59 +0200 -Subject: [PATCH] Revert "core: one step back again, for nspawn we - actually can't wait for cgroups running empty since systemd will get exactly - zero notifications about it" - -This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7. - -https://bugzilla.redhat.com/show_bug.cgi?id=1141137 -https://github.com/systemd/systemd/pull/350 - -Resolves: #1703485 - ---- - src/core/unit.c | 11 +---------- - 1 file changed, 1 insertion(+), 10 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 1cadcd4..10e314f 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -4799,16 +4799,7 @@ int unit_kill_context( - - } else if (r > 0) { - -- /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if -- * we are running in a container or if this is a delegation unit, simply because cgroup -- * notification is unreliable in these cases. It doesn't work at all in containers, and outside -- * of containers it can be confused easily by left-over directories in the cgroup — which -- * however should not exist in non-delegated units. On the unified hierarchy that's different, -- * there we get proper events. Hence rely on them. */ -- -- if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 || -- (detect_container() == 0 && !unit_cgroup_delegate(u))) -- wait_for_exit = true; -+ wait_for_exit = true; - - if (send_sighup) { - set_free(pid_set); --- -2.19.1 - diff --git a/Systemd-Add-sw64-architecture.patch b/Systemd-Add-sw64-architecture.patch deleted file mode 100755 index e6d9b0c..0000000 --- a/Systemd-Add-sw64-architecture.patch +++ /dev/null @@ -1,872 +0,0 @@ -From b9043cf1d074497cf77272dd9bf24c2098e56265 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Tue, 25 Oct 2022 15:26:32 +0800 -Subject: [PATCH] Systemd Add sw64 architecture - -Signed-off-by: rpm-build ---- - src/basic/architecture.c | 3 + - src/basic/architecture.h | 4 + - src/basic/meson.build | 1 + - src/basic/missing_fcntl.h | 2 + - src/basic/missing_syscall_def.h | 35 ++ - src/basic/missing_syscalls.py | 2 + - src/basic/syscalls-sw_64.txt | 600 ++++++++++++++++++++++++++++++++ - 7 files changed, 647 insertions(+) - create mode 100644 src/basic/syscalls-sw_64.txt - -diff --git a/src/basic/architecture.c b/src/basic/architecture.c -index 409632c..8314aa5 100644 ---- a/src/basic/architecture.c -+++ b/src/basic/architecture.c -@@ -54,6 +54,8 @@ int uname_architecture(void) { - { "mips", ARCHITECTURE_MIPS }, - #elif defined(__alpha__) - { "alpha" , ARCHITECTURE_ALPHA }, -+#elif defined(__sw_64__) -+ { "sw_64" , ARCHITECTURE_SW_64 }, - #elif defined(__arm__) || defined(__aarch64__) - { "aarch64", ARCHITECTURE_ARM64 }, - { "aarch64_be", ARCHITECTURE_ARM64_BE }, -@@ -159,6 +161,7 @@ static const char *const architecture_table[_ARCHITECTURE_MAX] = { - [ARCHITECTURE_MIPS64] = "mips64", - [ARCHITECTURE_MIPS64_LE] = "mips64-le", - [ARCHITECTURE_ALPHA] = "alpha", -+ [ARCHITECTURE_SW_64] = "sw_64", - [ARCHITECTURE_ARM] = "arm", - [ARCHITECTURE_ARM_BE] = "arm-be", - [ARCHITECTURE_ARM64] = "arm64", -diff --git a/src/basic/architecture.h b/src/basic/architecture.h -index 9abc183..3361eaf 100644 ---- a/src/basic/architecture.h -+++ b/src/basic/architecture.h -@@ -30,6 +30,7 @@ enum { - ARCHITECTURE_MIPS64, - ARCHITECTURE_MIPS64_LE, - ARCHITECTURE_ALPHA, -+ ARCHITECTURE_SW_64, - ARCHITECTURE_ARM, - ARCHITECTURE_ARM_BE, - ARCHITECTURE_ARM64, -@@ -143,6 +144,9 @@ int uname_architecture(void); - #elif defined(__alpha__) - # define native_architecture() ARCHITECTURE_ALPHA - # define LIB_ARCH_TUPLE "alpha-linux-gnu" -+#elif defined(__sw_64__) -+# define native_architecture() ARCHITECTURE_SW_64 -+# define LIB_ARCH_TUPLE "sw_64-linux-gnu" - #elif defined(__aarch64__) - # if __BYTE_ORDER == __BIG_ENDIAN - # define native_architecture() ARCHITECTURE_ARM64_BE -diff --git a/src/basic/meson.build b/src/basic/meson.build -index 452b965..80dab1b 100644 ---- a/src/basic/meson.build -+++ b/src/basic/meson.build -@@ -325,6 +325,7 @@ basic_sources += generated_gperf_headers - - arch_list = [ - 'alpha', -+ 'sw_64', - 'arc', - 'arm', - 'arm64', -diff --git a/src/basic/missing_fcntl.h b/src/basic/missing_fcntl.h -index 00937d2..fff662b 100644 ---- a/src/basic/missing_fcntl.h -+++ b/src/basic/missing_fcntl.h -@@ -45,6 +45,8 @@ - #ifndef __O_TMPFILE - #if defined(__alpha__) - #define __O_TMPFILE 0100000000 -+#elif defined(__sw_64__) -+#define __O_TMPFILE 0100000000 - #elif defined(__parisc__) || defined(__hppa__) - #define __O_TMPFILE 0400000000 - #elif defined(__sparc__) || defined(__sparc64__) -diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h -index 29dfd2e..10a585b 100644 ---- a/src/basic/missing_syscall_def.h -+++ b/src/basic/missing_syscall_def.h -@@ -9,6 +9,7 @@ - * template as the per-syscall blocks below. */ - # if defined(__aarch64__) - # elif defined(__alpha__) -+# elif defined(__sw_64__) - # elif defined(__arc__) || defined(__tilegx__) - # elif defined(__arm__) - # elif defined(__i386__) -@@ -44,6 +45,8 @@ - # define systemd_NR_bpf 280 - # elif defined(__alpha__) - # define systemd_NR_bpf 515 -+# elif defined(__sw_64__) -+# define systemd_NR_bpf 170 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_bpf 280 - # elif defined(__arm__) -@@ -108,6 +111,8 @@ assert_cc(__NR_bpf == systemd_NR_bpf); - # define systemd_NR_close_range 436 - # elif defined(__alpha__) - # define systemd_NR_close_range 546 -+# elif defined(__sw_64__) -+# define systemd_NR_close_range 283 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_close_range 436 - # elif defined(__arm__) -@@ -172,6 +177,8 @@ assert_cc(__NR_close_range == systemd_NR_close_range); - # define systemd_NR_copy_file_range 285 - # elif defined(__alpha__) - # define systemd_NR_copy_file_range 519 -+# elif defined(__sw_64__) -+# define systemd_NR_copy_file_range 515 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_copy_file_range 285 - # elif defined(__arm__) -@@ -236,6 +243,8 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range); - # define systemd_NR_epoll_pwait2 441 - # elif defined(__alpha__) - # define systemd_NR_epoll_pwait2 551 -+# elif defined(__sw_64__) -+# define systemd_NR_epoll_pwait2 551 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_epoll_pwait2 441 - # elif defined(__arm__) -@@ -300,6 +309,8 @@ assert_cc(__NR_epoll_pwait2 == systemd_NR_epoll_pwait2); - # define systemd_NR_getrandom 278 - # elif defined(__alpha__) - # define systemd_NR_getrandom 511 -+# elif defined(__sw_64__) -+# define systemd_NR_getrandom 511 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_getrandom 278 - # elif defined(__arm__) -@@ -364,6 +375,8 @@ assert_cc(__NR_getrandom == systemd_NR_getrandom); - # define systemd_NR_memfd_create 279 - # elif defined(__alpha__) - # define systemd_NR_memfd_create 512 -+# elif defined(__sw_64__) -+# define systemd_NR_memfd_create 512 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_memfd_create 279 - # elif defined(__arm__) -@@ -428,6 +441,8 @@ assert_cc(__NR_memfd_create == systemd_NR_memfd_create); - # define systemd_NR_mount_setattr 442 - # elif defined(__alpha__) - # define systemd_NR_mount_setattr 552 -+# elif defined(__sw_64__) -+# define systemd_NR_mount_setattr 552 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_mount_setattr 442 - # elif defined(__arm__) -@@ -492,6 +507,8 @@ assert_cc(__NR_mount_setattr == systemd_NR_mount_setattr); - # define systemd_NR_move_mount 429 - # elif defined(__alpha__) - # define systemd_NR_move_mount 539 -+# elif defined(__sw_64__) -+# define systemd_NR_move_mount 276 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_move_mount 429 - # elif defined(__arm__) -@@ -556,6 +573,8 @@ assert_cc(__NR_move_mount == systemd_NR_move_mount); - # define systemd_NR_name_to_handle_at 264 - # elif defined(__alpha__) - # define systemd_NR_name_to_handle_at 497 -+# elif defined(__sw_64__) -+# define systemd_NR_name_to_handle_at 497 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_name_to_handle_at 264 - # elif defined(__arm__) -@@ -620,6 +639,8 @@ assert_cc(__NR_name_to_handle_at == systemd_NR_name_to_handle_at); - # define systemd_NR_open_tree 428 - # elif defined(__alpha__) - # define systemd_NR_open_tree 538 -+# elif defined(__sw_64__) -+# define systemd_NR_open_tree 275 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_open_tree 428 - # elif defined(__arm__) -@@ -684,6 +705,8 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree); - # define systemd_NR_openat2 437 - # elif defined(__alpha__) - # define systemd_NR_openat2 547 -+# elif defined(__sw_64__) -+# define systemd_NR_openat2 284 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_openat2 437 - # elif defined(__arm__) -@@ -750,6 +773,8 @@ assert_cc(__NR_openat2 == systemd_NR_openat2); - # define systemd_NR_pidfd_open 434 - # elif defined(__alpha__) - # define systemd_NR_pidfd_open 544 -+# elif defined(__sw_64__) -+# define systemd_NR_pidfd_open 281 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_pidfd_open 434 - # elif defined(__arm__) -@@ -814,6 +839,8 @@ assert_cc(__NR_pidfd_open == systemd_NR_pidfd_open); - # define systemd_NR_pidfd_send_signal 424 - # elif defined(__alpha__) - # define systemd_NR_pidfd_send_signal 534 -+# elif defined(__sw_64__) -+# define systemd_NR_pidfd_send_signal 271 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_pidfd_send_signal 424 - # elif defined(__arm__) -@@ -878,6 +905,8 @@ assert_cc(__NR_pidfd_send_signal == systemd_NR_pidfd_send_signal); - # define systemd_NR_pkey_mprotect 288 - # elif defined(__alpha__) - # define systemd_NR_pkey_mprotect 524 -+# elif defined(__sw_64__) -+# define systemd_NR_pkey_mprotect 288 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_pkey_mprotect 288 - # elif defined(__arm__) -@@ -942,6 +971,8 @@ assert_cc(__NR_pkey_mprotect == systemd_NR_pkey_mprotect); - # define systemd_NR_renameat2 276 - # elif defined(__alpha__) - # define systemd_NR_renameat2 510 -+# elif defined(__sw_64__) -+# define systemd_NR_renameat2 510 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_renameat2 276 - # elif defined(__arm__) -@@ -1006,6 +1037,8 @@ assert_cc(__NR_renameat2 == systemd_NR_renameat2); - # define systemd_NR_setns 268 - # elif defined(__alpha__) - # define systemd_NR_setns 501 -+# elif defined(__sw_64__) -+# define systemd_NR_setns 501 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_setns 268 - # elif defined(__arm__) -@@ -1070,6 +1103,8 @@ assert_cc(__NR_setns == systemd_NR_setns); - # define systemd_NR_statx 291 - # elif defined(__alpha__) - # define systemd_NR_statx 522 -+# elif defined(__sw_64__) -+# define systemd_NR_statx 518 - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_statx 291 - # elif defined(__arm__) -diff --git a/src/basic/missing_syscalls.py b/src/basic/missing_syscalls.py -index dd45899..cf448cc 100644 ---- a/src/basic/missing_syscalls.py -+++ b/src/basic/missing_syscalls.py -@@ -52,6 +52,8 @@ DEF_TEMPLATE_B = '''\ - # define systemd_NR_{syscall} {nr_arm64} - # elif defined(__alpha__) - # define systemd_NR_{syscall} {nr_alpha} -+# elif defined(__sw_64__) -+# define systemd_NR_{syscall} {nr_sw_64} - # elif defined(__arc__) || defined(__tilegx__) - # define systemd_NR_{syscall} {nr_arc} - # elif defined(__arm__) -diff --git a/src/basic/syscalls-sw_64.txt b/src/basic/syscalls-sw_64.txt -new file mode 100644 -index 0000000..5aef86b ---- /dev/null -+++ b/src/basic/syscalls-sw_64.txt -@@ -0,0 +1,600 @@ -+_llseek -+_newselect -+_sysctl 319 -+accept 99 -+accept4 502 -+access 33 -+acct 51 -+add_key 439 -+adjtimex 366 -+alarm -+arc_gettls -+arc_settls -+arc_usr_cmpxchg -+arch_prctl -+arm_fadvise64_64 -+atomic_barrier -+atomic_cmpxchg_32 -+bdflush 300 -+bind 104 -+bpf 515 -+brk 17 -+cachectl -+cacheflush -+capget 368 -+capset 369 -+chdir 12 -+chmod 15 -+chown 16 -+chown32 -+chroot 61 -+clock_adjtime 499 -+clock_adjtime64 -+clock_getres 421 -+clock_getres_time64 -+clock_gettime 420 -+clock_gettime64 -+clock_nanosleep 422 -+clock_nanosleep_time64 -+clock_settime 419 -+clock_settime64 -+clone 312 -+clone2 -+clone3 -+close 6 -+close_range 546 -+connect 98 -+copy_file_range 519 -+creat -+create_module 306 -+delete_module 308 -+dipc 373 -+dup 41 -+dup2 90 -+dup3 487 -+epoll_create 407 -+epoll_create1 486 -+epoll_ctl 408 -+epoll_ctl_old -+epoll_pwait 474 -+epoll_pwait2 551 -+epoll_wait 409 -+epoll_wait_old -+eventfd 478 -+eventfd2 485 -+exec_with_loader 25 -+execv -+execve 59 -+execveat 513 -+exit 1 -+exit_group 405 -+faccessat 462 -+faccessat2 549 -+fadvise64 413 -+fadvise64_64 -+fallocate 480 -+fanotify_init 494 -+fanotify_mark 495 -+fchdir 13 -+fchmod 124 -+fchmodat 461 -+fchown 123 -+fchown32 -+fchownat 453 -+fcntl 92 -+fcntl64 -+fdatasync 447 -+fgetxattr 387 -+finit_module 507 -+flistxattr 390 -+flock 131 -+fork 2 -+fp_udfiex_crtl -+fremovexattr 393 -+fsconfig 541 -+fsetxattr 384 -+fsmount 542 -+fsopen 540 -+fspick 543 -+fstat 91 -+fstat64 427 -+fstatat64 455 -+fstatfs 329 -+fstatfs64 529 -+fsync 95 -+ftruncate 130 -+ftruncate64 -+futex 394 -+futex_time64 -+futex_waitv 559 -+futimesat 454 -+get_kernel_syms 309 -+get_mempolicy 430 -+get_robust_list 467 -+get_thread_area -+getcpu 473 -+getcwd 367 -+getdents 305 -+getdents64 377 -+getdomainname -+getdtablesize 89 -+getegid 530 -+getegid32 -+geteuid 531 -+geteuid32 -+getgid 47 -+getgid32 -+getgroups 79 -+getgroups32 -+gethostname 87 -+getitimer 361 -+getpagesize 64 -+getpeername 141 -+getpgid 233 -+getpgrp 63 -+getpid 20 -+getpmsg -+getppid 532 -+getpriority 100 -+getrandom 511 -+getresgid 372 -+getresgid32 -+getresuid 344 -+getresuid32 -+getrlimit 144 -+getrusage 364 -+getsid 234 -+getsockname 150 -+getsockopt 118 -+gettid 378 -+gettimeofday 359 -+getuid 24 -+getuid32 -+getunwind -+getxattr 385 -+getxgid 47 -+getxpid 20 -+getxuid 24 -+idle -+init_module 307 -+inotify_add_watch 445 -+inotify_init 444 -+inotify_init1 489 -+inotify_rm_watch 446 -+io_cancel 402 -+io_destroy 399 -+io_getevents 400 -+io_pgetevents 523 -+io_pgetevents_time64 -+io_setup 398 -+io_submit 401 -+io_uring_enter 536 -+io_uring_register 537 -+io_uring_setup 535 -+ioctl 54 -+ioperm -+iopl -+ioprio_get 443 -+ioprio_set 442 -+ipc -+kcmp 506 -+kern_features -+kexec_file_load -+kexec_load 448 -+keyctl 441 -+kill 37 -+landlock_add_rule 555 -+landlock_create_ruleset 554 -+landlock_restrict_self 556 -+lchown 208 -+lchown32 -+lgetxattr 386 -+link 9 -+linkat 458 -+listen 106 -+listxattr 388 -+llistxattr 389 -+lookup_dcookie 406 -+lremovexattr 392 -+lseek 19 -+lsetxattr 383 -+lstat 68 -+lstat64 426 -+madvise 75 -+mbind 429 -+membarrier 517 -+memfd_create 512 -+memfd_secret -+memory_ordering -+migrate_pages 449 -+mincore 375 -+mkdir 136 -+mkdirat 451 -+mknod 14 -+mknodat 452 -+mlock 314 -+mlock2 518 -+mlockall 316 -+mmap 71 -+mmap2 -+modify_ldt -+mount 302 -+mount_setattr 552 -+move_mount 539 -+move_pages 472 -+mprotect 74 -+mq_getsetattr 437 -+mq_notify 436 -+mq_open 432 -+mq_timedreceive 435 -+mq_timedreceive_time64 -+mq_timedsend 434 -+mq_timedsend_time64 -+mq_unlink 433 -+mremap 341 -+msgctl 200 -+msgget 201 -+msgrcv 202 -+msgsnd 203 -+msync 217 -+multiplexer -+munlock 315 -+munlockall 317 -+munmap 73 -+name_to_handle_at 497 -+nanosleep 340 -+newfstatat -+nfsservctl 342 -+nice -+old_adjtimex 303 -+old_getpagesize -+oldfstat -+oldlstat -+oldolduname -+oldstat -+oldumount 321 -+olduname -+open 45 -+open_by_handle_at 498 -+open_tree 538 -+openat 450 -+openat2 547 -+or1k_atomic -+osf_adjtime 140 -+osf_afs_syscall 258 -+osf_alt_plock 181 -+osf_alt_setsid 188 -+osf_alt_sigpending 187 -+osf_asynch_daemon 163 -+osf_audcntl 252 -+osf_audgen 253 -+osf_chflags 34 -+osf_execve 11 -+osf_exportfs 169 -+osf_fchflags 35 -+osf_fdatasync 261 -+osf_fpathconf 248 -+osf_fstat 226 -+osf_fstatfs 161 -+osf_fstatfs64 228 -+osf_fuser 243 -+osf_getaddressconf 214 -+osf_getdirentries 159 -+osf_getdomainname 165 -+osf_getfh 164 -+osf_getfsstat 18 -+osf_gethostid 142 -+osf_getitimer 86 -+osf_getlogin 49 -+osf_getmnt 184 -+osf_getrusage 117 -+osf_getsysinfo 256 -+osf_gettimeofday 116 -+osf_kloadcall 223 -+osf_kmodcall 77 -+osf_lstat 225 -+osf_memcntl 260 -+osf_mincore 78 -+osf_mount 21 -+osf_mremap 65 -+osf_msfs_syscall 240 -+osf_msleep 215 -+osf_mvalid 213 -+osf_mwakeup 216 -+osf_naccept 30 -+osf_nfssvc 158 -+osf_ngetpeername 31 -+osf_ngetsockname 32 -+osf_nrecvfrom 29 -+osf_nrecvmsg 27 -+osf_nsendmsg 28 -+osf_ntp_adjtime 245 -+osf_ntp_gettime 246 -+osf_old_creat 8 -+osf_old_fstat 62 -+osf_old_getpgrp 81 -+osf_old_killpg 146 -+osf_old_lstat 40 -+osf_old_open 5 -+osf_old_sigaction 46 -+osf_old_sigblock 109 -+osf_old_sigreturn 139 -+osf_old_sigsetmask 110 -+osf_old_sigvec 108 -+osf_old_stat 38 -+osf_old_vadvise 72 -+osf_old_vtrace 115 -+osf_old_wait 84 -+osf_oldquota 149 -+osf_pathconf 247 -+osf_pid_block 153 -+osf_pid_unblock 154 -+osf_plock 107 -+osf_priocntlset 237 -+osf_profil 44 -+osf_proplist_syscall 244 -+osf_reboot 55 -+osf_revoke 56 -+osf_sbrk 69 -+osf_security 222 -+osf_select 93 -+osf_set_program_attributes 43 -+osf_set_speculative 239 -+osf_sethostid 143 -+osf_setitimer 83 -+osf_setlogin 50 -+osf_setsysinfo 257 -+osf_settimeofday 122 -+osf_shmat 209 -+osf_signal 218 -+osf_sigprocmask 48 -+osf_sigsendset 238 -+osf_sigstack 112 -+osf_sigwaitprim 157 -+osf_sstk 70 -+osf_stat 224 -+osf_statfs 160 -+osf_statfs64 227 -+osf_subsys_info 255 -+osf_swapctl 259 -+osf_swapon 199 -+osf_syscall 0 -+osf_sysinfo 241 -+osf_table 85 -+osf_uadmin 242 -+osf_usleep_thread 251 -+osf_uswitch 250 -+osf_utc_adjtime 220 -+osf_utc_gettime 219 -+osf_utimes 138 -+osf_utsname 207 -+osf_wait4 7 -+osf_waitid 236 -+pause -+pciconfig_iobase 376 -+pciconfig_read 345 -+pciconfig_write 346 -+perf_event_open 493 -+perfctr -+personality 324 -+pidfd_getfd 548 -+pidfd_open 544 -+pidfd_send_signal 534 -+pipe 42 -+pipe2 488 -+pivot_root 374 -+pkey_alloc 525 -+pkey_free 526 -+pkey_mprotect 524 -+poll 94 -+ppoll 464 -+ppoll_time64 -+prctl 348 -+pread64 349 -+preadv 490 -+preadv2 520 -+prlimit64 496 -+process_madvise 550 -+process_mrelease 558 -+process_vm_readv 504 -+process_vm_writev 505 -+pselect6 463 -+pselect6_time64 -+ptrace 26 -+pwrite64 350 -+pwritev 491 -+pwritev2 521 -+query_module 347 -+quotactl 148 -+quotactl_fd 553 -+read 3 -+readahead 379 -+readdir -+readlink 58 -+readlinkat 460 -+readv 120 -+reboot 311 -+recv 102 -+recvfrom 125 -+recvmmsg 479 -+recvmmsg_time64 -+recvmsg 113 -+remap_file_pages 410 -+removexattr 391 -+rename 128 -+renameat 457 -+renameat2 510 -+request_key 440 -+restart_syscall 412 -+riscv_flush_icache -+rmdir 137 -+rseq 527 -+rt_sigaction 352 -+rt_sigpending 354 -+rt_sigprocmask 353 -+rt_sigqueueinfo 356 -+rt_sigreturn 351 -+rt_sigsuspend 357 -+rt_sigtimedwait 355 -+rt_sigtimedwait_time64 -+rt_tgsigqueueinfo 492 -+rtas -+s390_guarded_storage -+s390_pci_mmio_read -+s390_pci_mmio_write -+s390_runtime_instr -+s390_sthyi -+sched_get_affinity -+sched_get_priority_max 335 -+sched_get_priority_min 336 -+sched_getaffinity 396 -+sched_getattr 509 -+sched_getparam 331 -+sched_getscheduler 333 -+sched_rr_get_interval 337 -+sched_rr_get_interval_time64 -+sched_set_affinity -+sched_setaffinity 395 -+sched_setattr 508 -+sched_setparam 330 -+sched_setscheduler 332 -+sched_yield 334 -+seccomp 514 -+select 358 -+semctl 204 -+semget 205 -+semop 206 -+semtimedop 423 -+semtimedop_time64 -+send 101 -+sendfile 370 -+sendfile64 -+sendmmsg 503 -+sendmsg 114 -+sendto 133 -+set_mempolicy 431 -+set_robust_list 466 -+set_thread_area -+set_tid_address 411 -+setdomainname 166 -+setfsgid 326 -+setfsgid32 -+setfsuid 325 -+setfsuid32 -+setgid 132 -+setgid32 -+setgroups 80 -+setgroups32 -+sethae 301 -+sethostname 88 -+setitimer 362 -+setns 501 -+setpgid 39 -+setpgrp 82 -+setpriority 96 -+setregid 127 -+setregid32 -+setresgid 371 -+setresgid32 -+setresuid 343 -+setresuid32 -+setreuid 126 -+setreuid32 -+setrlimit 145 -+setsid 147 -+setsockopt 105 -+settimeofday 360 -+setuid 23 -+setuid32 -+setxattr 382 -+sgetmask -+shmat 209 -+shmctl 210 -+shmdt 211 -+shmget 212 -+shutdown 134 -+sigaction 156 -+sigaltstack 235 -+signal -+signalfd 476 -+signalfd4 484 -+sigpending 52 -+sigprocmask -+sigreturn 103 -+sigsuspend 111 -+socket 97 -+socketcall -+socketpair 135 -+splice 468 -+spu_create -+spu_run -+ssetmask -+stat 67 -+stat64 425 -+statfs 328 -+statfs64 528 -+statx 522 -+stime -+subpage_prot -+swapcontext -+swapoff 304 -+swapon 322 -+switch_endian -+symlink 57 -+symlinkat 459 -+sync 36 -+sync_file_range 469 -+sync_file_range2 -+syncfs 500 -+sys_debug_setcontext -+syscall -+sysfs 254 -+sysinfo 318 -+syslog 310 -+sysmips -+tee 470 -+tgkill 424 -+time -+timer_create 414 -+timer_delete 418 -+timer_getoverrun 417 -+timer_gettime 416 -+timer_gettime64 -+timer_settime 415 -+timer_settime64 -+timerfd 477 -+timerfd_create 481 -+timerfd_gettime 483 -+timerfd_gettime64 -+timerfd_settime 482 -+timerfd_settime64 -+times 323 -+tkill 381 -+truncate 129 -+truncate64 -+ugetrlimit -+umask 60 -+umount 22 -+umount2 22 -+uname 339 -+unlink 10 -+unlinkat 456 -+unshare 465 -+uselib 313 -+userfaultfd 516 -+ustat 327 -+utime -+utimensat 475 -+utimensat_time64 -+utimes 363 -+utrap_install -+vfork 66 -+vhangup 76 -+vm86 -+vm86old -+vmsplice 471 -+wait4 365 -+waitid 438 -+waitpid -+write 4 -+writev 121 --- -2.33.0 - diff --git a/activation-service-must-be-restarted-when-reactivated.patch b/activation-service-must-be-restarted-when-reactivated.patch deleted file mode 100644 index a71eaa8..0000000 --- a/activation-service-must-be-restarted-when-reactivated.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 4acc8a3168e5f11b5308cf8558d68bf2a0503444 Mon Sep 17 00:00:00 2001 -From: huangkaibin -Date: Mon, 7 Aug 2017 17:06:30 +0800 -Subject: [PATCH] systemd: Activation service must be restarted when it is already started and re-actived -by dbus - -When dbus-daemon service is killed, every activation service must be restarted -to reestblished dbus connection between dbus-daemon and the service. -Otherwise, there will be problem on the dbus connection. This patch fix this -problem by set JobType to JOB_RESTART when it is re-actived in signal_activation_request function. ---- - src/core/dbus.c | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/src/core/dbus.c b/src/core/dbus.c -index 29524d4..38940ef 100644 ---- a/src/core/dbus.c -+++ b/src/core/dbus.c -@@ -152,6 +152,8 @@ static int signal_activation_request(sd_bus_message *message, void *userdata, sd - const char *name; - Unit *u; - int r; -+ int jobtype; -+ Service *s = NULL; - - assert(message); - assert(m); -@@ -177,7 +179,13 @@ static int signal_activation_request(sd_bus_message *message, void *userdata, sd - goto failed; - } - -- r = manager_add_job(m, JOB_START, u, JOB_REPLACE, NULL, &error, NULL); -+ jobtype = JOB_START; -+ s = SERVICE(u); -+ if(s && s->state != SERVICE_DEAD) { -+ jobtype = JOB_RESTART; -+ log_unit_info(u, "Service '%s' will be restarted to activate the service. The current service state is %d.", u->id, s->state); -+ } -+ r = manager_add_job(m, jobtype, u, JOB_REPLACE, NULL, &error, NULL); - if (r < 0) - goto failed; - --- -1.8.3.1 diff --git a/add-loongarch-for-missing_syscall_def.patch b/add-loongarch-for-missing_syscall_def.patch deleted file mode 100644 index 19952aa..0000000 --- a/add-loongarch-for-missing_syscall_def.patch +++ /dev/null @@ -1,165 +0,0 @@ -diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h -index 29dfd2e..629cad0 100644 ---- a/src/basic/missing_syscall_def.h -+++ b/src/basic/missing_syscall_def.h -@@ -28,6 +28,7 @@ - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) - # elif defined(__s390__) - # elif defined(__sparc__) - # elif defined(__x86_64__) -@@ -74,6 +75,8 @@ - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_bpf 280 - # elif defined(__s390__) - # define systemd_NR_bpf 351 - # elif defined(__sparc__) -@@ -138,6 +141,8 @@ assert_cc(__NR_bpf == systemd_NR_bpf); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_close_range 436 - # elif defined(__s390__) - # define systemd_NR_close_range 436 - # elif defined(__sparc__) -@@ -202,6 +207,8 @@ assert_cc(__NR_close_range == systemd_NR_close_range); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_copy_file_range 285 - # elif defined(__s390__) - # define systemd_NR_copy_file_range 375 - # elif defined(__sparc__) -@@ -266,6 +273,8 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_epoll_pwait2 441 - # elif defined(__s390__) - # define systemd_NR_epoll_pwait2 441 - # elif defined(__sparc__) -@@ -330,6 +339,8 @@ assert_cc(__NR_epoll_pwait2 == systemd_NR_epoll_pwait2); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_getrandom 278 - # elif defined(__s390__) - # define systemd_NR_getrandom 349 - # elif defined(__sparc__) -@@ -394,6 +405,8 @@ assert_cc(__NR_getrandom == systemd_NR_getrandom); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_memfd_create 279 - # elif defined(__s390__) - # define systemd_NR_memfd_create 350 - # elif defined(__sparc__) -@@ -458,6 +471,8 @@ assert_cc(__NR_memfd_create == systemd_NR_memfd_create); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_mount_setattr 442 - # elif defined(__s390__) - # define systemd_NR_mount_setattr 442 - # elif defined(__sparc__) -@@ -522,6 +537,8 @@ assert_cc(__NR_mount_setattr == systemd_NR_mount_setattr); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_move_mount 429 - # elif defined(__s390__) - # define systemd_NR_move_mount 429 - # elif defined(__sparc__) -@@ -586,6 +603,8 @@ assert_cc(__NR_move_mount == systemd_NR_move_mount); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_name_to_handle_at 264 - # elif defined(__s390__) - # define systemd_NR_name_to_handle_at 335 - # elif defined(__sparc__) -@@ -650,6 +669,8 @@ assert_cc(__NR_name_to_handle_at == systemd_NR_name_to_handle_at); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_open_tree 428 - # elif defined(__s390__) - # define systemd_NR_open_tree 428 - # elif defined(__sparc__) -@@ -692,7 +713,7 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree); - # define systemd_NR_openat2 437 - # elif defined(__ia64__) - # define systemd_NR_openat2 1461 --# elif defined(__loongarch64) -+# elif defined(__loongarch__) - # define systemd_NR_openat2 437 - # elif defined(__m68k__) - # define systemd_NR_openat2 437 -@@ -780,6 +801,8 @@ assert_cc(__NR_openat2 == systemd_NR_openat2); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_pidfd_open 434 - # elif defined(__s390__) - # define systemd_NR_pidfd_open 434 - # elif defined(__sparc__) -@@ -844,6 +867,8 @@ assert_cc(__NR_pidfd_open == systemd_NR_pidfd_open); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_pidfd_send_signal 424 - # elif defined(__s390__) - # define systemd_NR_pidfd_send_signal 424 - # elif defined(__sparc__) -@@ -908,6 +933,8 @@ assert_cc(__NR_pidfd_send_signal == systemd_NR_pidfd_send_signal); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_pkey_mprotect 288 - # elif defined(__s390__) - # define systemd_NR_pkey_mprotect 384 - # elif defined(__sparc__) -@@ -972,6 +999,8 @@ assert_cc(__NR_pkey_mprotect == systemd_NR_pkey_mprotect); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_renameat2 276 - # elif defined(__s390__) - # define systemd_NR_renameat2 347 - # elif defined(__sparc__) -@@ -1036,6 +1065,8 @@ assert_cc(__NR_renameat2 == systemd_NR_renameat2); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_setns 268 - # elif defined(__s390__) - # define systemd_NR_setns 339 - # elif defined(__sparc__) -@@ -1100,6 +1131,8 @@ assert_cc(__NR_setns == systemd_NR_setns); - # else - # error "Unknown RISC-V ABI" - # endif -+# elif defined(__loongarch__) -+# define systemd_NR_statx 291 - # elif defined(__s390__) - # define systemd_NR_statx 379 - # elif defined(__sparc__) diff --git a/backport-Add-meson-option-to-disable-urlify.patch b/backport-Add-meson-option-to-disable-urlify.patch deleted file mode 100644 index 0b1760f..0000000 --- a/backport-Add-meson-option-to-disable-urlify.patch +++ /dev/null @@ -1,66 +0,0 @@ -From e5d86ebed5624ef62342c820a5868b1075deb300 Mon Sep 17 00:00:00 2001 -From: James Hilliard -Date: Sun, 11 Jul 2021 04:39:33 -0600 -Subject: [PATCH] Add meson option to disable urlify. - -Useful for systems that don't use a version of less with hyperlink -support. - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e5d86ebed5624ef62342c820a5868b1075deb300 ---- - meson.build | 1 + - meson_options.txt | 2 ++ - src/shared/pretty-print.c | 4 ++++ - 3 files changed, 7 insertions(+) - -diff --git a/meson.build b/meson.build -index 5735cfc7ad..a2ee15bf32 100644 ---- a/meson.build -+++ b/meson.build -@@ -278,6 +278,7 @@ conf.set_quoted('USER_PRESET_DIR', userpresetdir) - conf.set_quoted('VENDOR_KEYRING_PATH', join_paths(rootlibexecdir, 'import-pubring.gpg')) - - conf.set('ANSI_OK_COLOR', 'ANSI_' + get_option('ok-color').underscorify().to_upper()) -+conf.set10('ENABLE_URLIFY', get_option('urlify')) - conf.set10('ENABLE_FEXECVE', get_option('fexecve')) - conf.set10('MEMORY_ACCOUNTING_DEFAULT', memory_accounting_default) - conf.set('STATUS_UNIT_FORMAT_DEFAULT', 'STATUS_UNIT_FORMAT_' + status_unit_format_default.to_upper()) -diff --git a/meson_options.txt b/meson_options.txt -index 163c8df87d..b60261ac24 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -444,6 +444,8 @@ option('ok-color', type : 'combo', - 'highlight-cyan', 'highlight-white'], - value : 'green', - description: 'color of the "OK" status message') -+option('urlify', type : 'boolean', value : 'true', -+ description : 'enable pager Hyperlink ANSI sequence support') - option('fexecve', type : 'boolean', value : 'false', - description : 'use fexecve() to spawn children') - -diff --git a/src/shared/pretty-print.c b/src/shared/pretty-print.c -index 137ba77b3a..7983c0a33a 100644 ---- a/src/shared/pretty-print.c -+++ b/src/shared/pretty-print.c -@@ -19,6 +19,7 @@ - #include "util.h" - - bool urlify_enabled(void) { -+#if ENABLE_URLIFY - static int cached_urlify_enabled = -1; - - if (cached_urlify_enabled < 0) { -@@ -32,6 +33,9 @@ bool urlify_enabled(void) { - } - - return cached_urlify_enabled; -+#else -+ return 0; -+#endif - } - - int terminal_urlify(const char *url, const char *text, char **ret) { --- -2.27.0 - diff --git a/backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch b/backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch deleted file mode 100644 index f4259c9..0000000 --- a/backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +++ /dev/null @@ -1,36 +0,0 @@ -From f58c5ced373c2532b5cc44ba2e0c3a28b41472f2 Mon Sep 17 00:00:00 2001 -From: Jan Synacek -Date: Tue, 15 May 2018 09:24:20 +0200 -Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's - will - -Conflict:adapt context; modify unit_add_dependency_by_name para because of -35d8c19ace6; don't modify because we need tmp.mount to be started when -basic.target is started. -Reference:https://git.centos.org/rpms/systemd/blob/4b8c80a811af8258c136f5e7000fc0cd0adf8dc5/f/SOURCES/0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch - -Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather -adds an After relationship. - -Resolves: #1578772 - ---- - src/core/unit.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index fd84818..e30c14b 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1271,7 +1271,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { - * tmp.mount so /tmp being masked is supported. However there's no reason to treat - * /tmp specifically and masking other mount units should be handled more - * gracefully too, see PR#16894. */ -- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE); -+ r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE); - if (r < 0) - return r; - --- -2.23.0 - diff --git a/backport-Bump-the-max-number-of-inodes-for-dev-to-128k.patch b/backport-Bump-the-max-number-of-inodes-for-dev-to-128k.patch deleted file mode 100644 index 02f65ce..0000000 --- a/backport-Bump-the-max-number-of-inodes-for-dev-to-128k.patch +++ /dev/null @@ -1,46 +0,0 @@ -From b1bb976219e4c63d4b8099a2820fedbedf0aa8a5 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Fri, 3 Dec 2021 11:23:36 +0100 -Subject: [PATCH] Bump the max number of inodes for /dev to 128k - -Follow-up for 7d85383edbab73274dc81cc888d884bb01070bc2. - -Apparently the previous limit set on the max number of inodes for /dev was too -small as a system with 4096 LUNs attached can consume up to 95k inodes for -symlinks: - - # /bin/df -i - Filesystem Inodes IUsed IFree IUse% Mounted on - devtmpfs 49274377 95075 49179302 1% /dev - -Hence this patch bumps the limit from 64k to 128k although the new limit is -still pretty arbitrary (that said, not sure if it really makes sense to put -such absolute limit number). - -(cherry picked from commit 4c733d3046942984c5f73b40c3af39cc218c103f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b1bb976219e4c63d4b8099a2820fedbedf0aa8a5 ---- - src/shared/mount-util.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h -index 36501c2c4a..c5bd881070 100644 ---- a/src/shared/mount-util.h -+++ b/src/shared/mount-util.h -@@ -11,9 +11,9 @@ - #include "errno-util.h" - #include "macro.h" - --/* 4MB for contents of regular files, 64k inodes for directories, symbolic links and device specials, using -+/* 4MB for contents of regular files, 128k inodes for directories, symbolic links and device specials, using - * large storage array systems as a baseline */ --#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=64k" -+#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=128k" - - /* Very little, if any use expected */ - #define TMPFS_LIMITS_EMPTY_OR_ALMOST ",size=4m,nr_inodes=1k" --- -2.33.0 - diff --git a/backport-Bump-the-max-number-of-inodes-for-dev-to-a-million.patch b/backport-Bump-the-max-number-of-inodes-for-dev-to-a-million.patch deleted file mode 100644 index 3b4470c..0000000 --- a/backport-Bump-the-max-number-of-inodes-for-dev-to-a-million.patch +++ /dev/null @@ -1,30 +0,0 @@ -From e98d0662ffbffe2c60492be6b4f5d579038d3282 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 9 Dec 2021 10:09:17 +0100 -Subject: [PATCH 1/2] Bump the max number of inodes for /dev to a million - -4c733d3046942984c5f73b40c3af39cc218c103f shows that 95k can be used easily on a large -system. Let's bump it up even more so that we have some "breathing room". ---- - src/shared/mount-util.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h -index 3622170297..ce73aebd4b 100644 ---- a/src/shared/mount-util.h -+++ b/src/shared/mount-util.h -@@ -11,9 +11,9 @@ - #include "errno-util.h" - #include "macro.h" - --/* 4MB for contents of regular files, 128k inodes for directories, symbolic links and device specials, using -+/* 4MB for contents of regular files, 1m inodes for directories, symbolic links and device nodes, using - * large storage array systems as a baseline */ --#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=128k" -+#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=1m" - - /* Very little, if any use expected */ - #define TMPFS_LIMITS_EMPTY_OR_ALMOST ",size=4m,nr_inodes=1k" --- -2.27.0 - diff --git a/backport-Bump-the-max-number-of-inodes-for-tmp-to-a-million-t.patch b/backport-Bump-the-max-number-of-inodes-for-tmp-to-a-million-t.patch deleted file mode 100644 index d2da5ff..0000000 --- a/backport-Bump-the-max-number-of-inodes-for-tmp-to-a-million-t.patch +++ /dev/null @@ -1,25 +0,0 @@ -From cac372a80177fb622806270eb0d810e4c6ad0c84 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 9 Dec 2021 10:20:46 +0100 -Subject: [PATCH] Bump the max number of inodes for /tmp to a million too - -Fixes #21626. (The bug report talks about /run, but the issue is actually with -/tmp.) People use /tmp for various things that fit in memory, e.g. unpacking -packages, and 400k is not much. Let's raise is a bit. ---- - units/tmp.mount | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/units/tmp.mount b/units/tmp.mount -index 516bd1621c..4e1bb8de24 100644 ---- a/units/tmp.mount -+++ b/units/tmp.mount -@@ -22,4 +22,4 @@ After=swap.target - What=tmpfs - Where=/tmp - Type=tmpfs --Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=400k -+Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m --- -2.27.0 - diff --git a/backport-CVE-2021-3997-rm-rf-optionally-fsync-after-removing-directory-tree.patch b/backport-CVE-2021-3997-rm-rf-optionally-fsync-after-removing-directory-tree.patch deleted file mode 100644 index 6847def..0000000 --- a/backport-CVE-2021-3997-rm-rf-optionally-fsync-after-removing-directory-tree.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 2426beacca09d84091759be45b25c88116302184 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 5 Oct 2021 10:32:56 +0200 -Subject: [PATCH] rm-rf: optionally fsync() after removing directory tree - -(cherry picked from commit bdfe7ada0d4d66e6d6e65f2822acbb1ec230f9c2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2426beacca09d84091759be45b25c88116302184 ---- - src/shared/rm-rf.c | 3 +++ - src/shared/rm-rf.h | 1 + - 2 files changed, 4 insertions(+) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index dffb9cf6ee..5ef7c662dd 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -250,6 +250,9 @@ int rm_rf_children( - ret = r; - } - -+ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0) -+ ret = -errno; -+ - return ret; - } - -diff --git a/src/shared/rm-rf.h b/src/shared/rm-rf.h -index 577a2795e0..24fd9a2aa2 100644 ---- a/src/shared/rm-rf.h -+++ b/src/shared/rm-rf.h -@@ -14,6 +14,7 @@ typedef enum RemoveFlags { - REMOVE_MISSING_OK = 1 << 4, /* If the top-level directory is missing, ignore the ENOENT for it */ - REMOVE_CHMOD = 1 << 5, /* chmod() for write access if we cannot delete or access something */ - REMOVE_CHMOD_RESTORE = 1 << 6, /* Restore the old mode before returning */ -+ REMOVE_SYNCFS = 1 << 7, /* syncfs() the root of the specified directory after removing everything in it */ - } RemoveFlags; - - int unlinkat_harder(int dfd, const char *filename, int unlink_flags, RemoveFlags remove_flags); --- -2.33.0 - diff --git a/backport-CVE-2021-3997-rm-rf-refactor-rm_rf_children-split-out-body-of-dire.patch b/backport-CVE-2021-3997-rm-rf-refactor-rm_rf_children-split-out-body-of-dire.patch deleted file mode 100644 index 00aa7c3..0000000 --- a/backport-CVE-2021-3997-rm-rf-refactor-rm_rf_children-split-out-body-of-dire.patch +++ /dev/null @@ -1,324 +0,0 @@ -From ca4a0e7d41f0b2a1fe2f99dbc3763187c16cf7ab Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 26 Jan 2021 16:30:06 +0100 -Subject: [PATCH] rm-rf: refactor rm_rf_children(), split out body of directory - iteration loop - -This splits out rm_rf_children_inner() as body of the loop. We can use -that to implement rm_rf_child() for deleting one specific entry in a -directory. - -(cherry picked from commit 1f0fb7d544711248cba34615e43c5a76bc902d74) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ca4a0e7d41f0b2a1fe2f99dbc3763187c16cf7ab ---- - src/shared/rm-rf.c | 223 ++++++++++++++++++++++++++------------------- - src/shared/rm-rf.h | 3 +- - 2 files changed, 131 insertions(+), 95 deletions(-) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index 900a7fb5ff..dffb9cf6ee 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -19,6 +19,9 @@ - #include "stat-util.h" - #include "string-util.h" - -+/* We treat tmpfs/ramfs + cgroupfs as non-physical file sytems. cgroupfs is similar to tmpfs in a way after -+ * all: we can create arbitrary directory hierarchies in it, and hence can also use rm_rf() on it to remove -+ * those again. */ - static bool is_physical_fs(const struct statfs *sfs) { - return !is_temporary_fs(sfs) && !is_cgroup_fs(sfs); - } -@@ -113,133 +116,145 @@ int fstatat_harder(int dfd, - return 0; - } - --int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) { -- _cleanup_closedir_ DIR *d = NULL; -- struct dirent *de; -- int ret = 0, r; -- struct statfs sfs; -+static int rm_rf_children_inner( -+ int fd, -+ const char *fname, -+ int is_dir, -+ RemoveFlags flags, -+ const struct stat *root_dev) { - -- assert(fd >= 0); -+ struct stat st; -+ int r; - -- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed -- * fd, in all cases, including on failure.. */ -+ assert(fd >= 0); -+ assert(fname); - -- if (!(flags & REMOVE_PHYSICAL)) { -+ if (is_dir < 0 || (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) { - -- r = fstatfs(fd, &sfs); -- if (r < 0) { -- safe_close(fd); -- return -errno; -- } -+ r = fstatat_harder(fd, fname, &st, AT_SYMLINK_NOFOLLOW, flags); -+ if (r < 0) -+ return r; - -- if (is_physical_fs(&sfs)) { -- /* We refuse to clean physical file systems with this call, -- * unless explicitly requested. This is extra paranoia just -- * to be sure we never ever remove non-state data. */ -- _cleanup_free_ char *path = NULL; -+ is_dir = S_ISDIR(st.st_mode); -+ } - -- (void) fd_get_path(fd, &path); -- log_error("Attempted to remove disk file system under \"%s\", and we can't allow that.", -- strna(path)); -+ if (is_dir) { -+ _cleanup_close_ int subdir_fd = -1; -+ int q; - -- safe_close(fd); -- return -EPERM; -- } -- } -+ /* if root_dev is set, remove subdirectories only if device is same */ -+ if (root_dev && st.st_dev != root_dev->st_dev) -+ return 0; - -- d = fdopendir(fd); -- if (!d) { -- safe_close(fd); -- return errno == ENOENT ? 0 : -errno; -- } -+ /* Stop at mount points */ -+ r = fd_is_mount_point(fd, fname, 0); -+ if (r < 0) -+ return r; -+ if (r > 0) -+ return 0; - -- FOREACH_DIRENT_ALL(de, d, return -errno) { -- bool is_dir; -- struct stat st; -+ if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) { - -- if (dot_or_dot_dot(de->d_name)) -- continue; -+ /* This could be a subvolume, try to remove it */ - -- if (de->d_type == DT_UNKNOWN || -- (de->d_type == DT_DIR && (root_dev || (flags & REMOVE_SUBVOLUME)))) { -- r = fstatat_harder(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW, flags); -+ r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); - if (r < 0) { -- if (ret == 0 && r != -ENOENT) -- ret = r; -- continue; -- } -+ if (!IN_SET(r, -ENOTTY, -EINVAL)) -+ return r; - -- is_dir = S_ISDIR(st.st_mode); -- } else -- is_dir = de->d_type == DT_DIR; -+ /* ENOTTY, then it wasn't a btrfs subvolume, continue below. */ -+ } else -+ /* It was a subvolume, done. */ -+ return 1; -+ } - -- if (is_dir) { -- _cleanup_close_ int subdir_fd = -1; -+ subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); -+ if (subdir_fd < 0) -+ return -errno; - -- /* if root_dev is set, remove subdirectories only if device is same */ -- if (root_dev && st.st_dev != root_dev->st_dev) -- continue; -+ /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type -+ * again for each directory */ -+ q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); - -- subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); -- if (subdir_fd < 0) { -- if (ret == 0 && errno != ENOENT) -- ret = -errno; -- continue; -- } -+ r = unlinkat_harder(fd, fname, AT_REMOVEDIR, flags); -+ if (r < 0) -+ return r; -+ if (q < 0) -+ return q; - -- /* Stop at mount points */ -- r = fd_is_mount_point(fd, de->d_name, 0); -- if (r < 0) { -- if (ret == 0 && r != -ENOENT) -- ret = r; -+ return 1; - -- continue; -- } -- if (r > 0) -- continue; -+ } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { -+ r = unlinkat_harder(fd, fname, 0, flags); -+ if (r < 0) -+ return r; - -- if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) { -+ return 1; -+ } - -- /* This could be a subvolume, try to remove it */ -+ return 0; -+} - -- r = btrfs_subvol_remove_fd(fd, de->d_name, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); -- if (r < 0) { -- if (!IN_SET(r, -ENOTTY, -EINVAL)) { -- if (ret == 0) -- ret = r; -+int rm_rf_children( -+ int fd, -+ RemoveFlags flags, -+ const struct stat *root_dev) { - -- continue; -- } -+ _cleanup_closedir_ DIR *d = NULL; -+ struct dirent *de; -+ int ret = 0, r; - -- /* ENOTTY, then it wasn't a btrfs subvolume, continue below. */ -- } else -- /* It was a subvolume, continue. */ -- continue; -- } -+ assert(fd >= 0); -+ -+ /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed -+ * fd, in all cases, including on failure. */ -+ -+ d = fdopendir(fd); -+ if (!d) { -+ safe_close(fd); -+ return -errno; -+ } - -- /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file -- * system type again for each directory */ -- r = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); -- if (r < 0 && ret == 0) -- ret = r; -+ if (!(flags & REMOVE_PHYSICAL)) { -+ struct statfs sfs; - -- r = unlinkat_harder(fd, de->d_name, AT_REMOVEDIR, flags); -- if (r < 0 && r != -ENOENT && ret == 0) -- ret = r; -+ if (fstatfs(dirfd(d), &sfs) < 0) -+ return -errno; -+ -+ if (is_physical_fs(&sfs)) { -+ /* We refuse to clean physical file systems with this call, unless explicitly -+ * requested. This is extra paranoia just to be sure we never ever remove non-state -+ * data. */ - -- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { -+ _cleanup_free_ char *path = NULL; - -- r = unlinkat_harder(fd, de->d_name, 0, flags); -- if (r < 0 && r != -ENOENT && ret == 0) -- ret = r; -+ (void) fd_get_path(fd, &path); -+ return log_error_errno(SYNTHETIC_ERRNO(EPERM), -+ "Attempted to remove disk file system under \"%s\", and we can't allow that.", -+ strna(path)); - } - } -+ -+ FOREACH_DIRENT_ALL(de, d, return -errno) { -+ int is_dir; -+ -+ if (dot_or_dot_dot(de->d_name)) -+ continue; -+ -+ is_dir = -+ de->d_type == DT_UNKNOWN ? -1 : -+ de->d_type == DT_DIR; -+ -+ r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev); -+ if (r < 0 && r != -ENOENT && ret == 0) -+ ret = r; -+ } -+ - return ret; - } - - int rm_rf(const char *path, RemoveFlags flags) { - int fd, r; -- struct statfs s; - - assert(path); - -@@ -284,9 +299,10 @@ int rm_rf(const char *path, RemoveFlags flags) { - if (FLAGS_SET(flags, REMOVE_ROOT)) { - - if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { -+ struct statfs s; -+ - if (statfs(path, &s) < 0) - return -errno; -- - if (is_physical_fs(&s)) - return log_error_errno(SYNTHETIC_ERRNO(EPERM), - "Attempted to remove files from a disk file system under \"%s\", refusing.", -@@ -314,3 +330,22 @@ int rm_rf(const char *path, RemoveFlags flags) { - - return r; - } -+ -+int rm_rf_child(int fd, const char *name, RemoveFlags flags) { -+ -+ /* Removes one specific child of the specified directory */ -+ -+ if (fd < 0) -+ return -EBADF; -+ -+ if (!filename_is_valid(name)) -+ return -EINVAL; -+ -+ if ((flags & (REMOVE_ROOT|REMOVE_MISSING_OK)) != 0) /* Doesn't really make sense here, we are not supposed to remove 'fd' anyway */ -+ return -EINVAL; -+ -+ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME)) -+ return -EINVAL; -+ -+ return rm_rf_children_inner(fd, name, -1, flags, NULL); -+} -diff --git a/src/shared/rm-rf.h b/src/shared/rm-rf.h -index 40f0894c96..577a2795e0 100644 ---- a/src/shared/rm-rf.h -+++ b/src/shared/rm-rf.h -@@ -23,7 +23,8 @@ int fstatat_harder(int dfd, - int fstatat_flags, - RemoveFlags remove_flags); - --int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev); -+int rm_rf_children(int fd, RemoveFlags flags, const struct stat *root_dev); -+int rm_rf_child(int fd, const char *name, RemoveFlags flags); - int rm_rf(const char *path, RemoveFlags flags); - - /* Useful for usage with _cleanup_(), destroys a directory and frees the pointer */ --- -2.33.0 - diff --git a/backport-CVE-2021-3997-shared-rm-rf-loop-over-nested-directories-instead-of.patch b/backport-CVE-2021-3997-shared-rm-rf-loop-over-nested-directories-instead-of.patch deleted file mode 100644 index 4858ff4..0000000 --- a/backport-CVE-2021-3997-shared-rm-rf-loop-over-nested-directories-instead-of.patch +++ /dev/null @@ -1,276 +0,0 @@ -From 6a28f8b55904c818b25e4db2e1511faac79fd471 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 30 Nov 2021 22:29:05 +0100 -Subject: [PATCH] shared/rm-rf: loop over nested directories instead of instead - of recursing - -To remove directory structures, we need to remove the innermost items first, -and then recursively remove higher-level directories. We would recursively -descend into directories and invoke rm_rf_children and rm_rm_children_inner. -This is problematic when too many directories are nested. - -Instead, let's create a "TODO" queue. In the the queue, for each level we -hold the DIR* object we were working on, and the name of the directory. This -allows us to leave a partially-processed directory, and restart the removal -loop one level down. When done with the inner directory, we use the name to -unlinkat() it from the parent, and proceed with the removal of other items. - -Because the nesting is increased by one level, it is best to view this patch -with -b/--ignore-space-change. - -This fixes CVE-2021-3997, https://bugzilla.redhat.com/show_bug.cgi?id=2024639. -The issue was reported and patches reviewed by Qualys Team. -Mauro Matteo Cascella and Riccardo Schirone from Red Hat handled the disclosure. - -(cherry picked from commit 5b1cf7a9be37e20133c0208005274ce4a5b5c6a1) -(cherry picked from commit 911516e1614e435755814ada5fc6064fa107a105) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6a28f8b55904c818b25e4db2e1511faac79fd471 ---- - src/shared/rm-rf.c | 161 +++++++++++++++++++++++++++++++-------------- - 1 file changed, 113 insertions(+), 48 deletions(-) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index 1bd2431d8a..954686ffc9 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -52,7 +52,6 @@ static int patch_dirfd_mode( - } - - int unlinkat_harder(int dfd, const char *filename, int unlink_flags, RemoveFlags remove_flags) { -- - mode_t old_mode; - int r; - -@@ -116,12 +115,13 @@ int fstatat_harder(int dfd, - return 0; - } - --static int rm_rf_children_inner( -+static int rm_rf_inner_child( - int fd, - const char *fname, - int is_dir, - RemoveFlags flags, -- const struct stat *root_dev) { -+ const struct stat *root_dev, -+ bool allow_recursion) { - - struct stat st; - int r, q = 0; -@@ -141,9 +141,7 @@ static int rm_rf_children_inner( - } - - if (is_dir) { -- _cleanup_close_ int subdir_fd = -1; -- -- /* if root_dev is set, remove subdirectories only if device is same */ -+ /* If root_dev is set, remove subdirectories only if device is same */ - if (root_dev && st.st_dev != root_dev->st_dev) - return 0; - -@@ -155,7 +153,6 @@ static int rm_rf_children_inner( - return 0; - - if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) { -- - /* This could be a subvolume, try to remove it */ - - r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); -@@ -169,13 +166,16 @@ static int rm_rf_children_inner( - return 1; - } - -- subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); -+ if (!allow_recursion) -+ return -EISDIR; -+ -+ int subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); - if (subdir_fd < 0) - return -errno; - - /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type - * again for each directory */ -- q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); -+ q = rm_rf_children(subdir_fd, flags | REMOVE_PHYSICAL, root_dev); - - } else if (flags & REMOVE_ONLY_DIRECTORIES) - return 0; -@@ -188,63 +188,128 @@ static int rm_rf_children_inner( - return 1; - } - -+typedef struct TodoEntry { -+ DIR *dir; /* A directory that we were operating on. */ -+ char *dirname; /* The filename of that directory itself. */ -+} TodoEntry; -+ -+static void free_todo_entries(TodoEntry **todos) { -+ for (TodoEntry *x = *todos; x && x->dir; x++) { -+ closedir(x->dir); -+ free(x->dirname); -+ } -+ -+ freep(todos); -+} -+ - int rm_rf_children( - int fd, - RemoveFlags flags, - const struct stat *root_dev) { - -- _cleanup_closedir_ DIR *d = NULL; -- struct dirent *de; -+ _cleanup_(free_todo_entries) TodoEntry *todos = NULL; -+ size_t n_todo = 0; -+ _cleanup_free_ char *dirname = NULL; /* Set when we are recursing and want to delete ourselves */ - int ret = 0, r; - -- assert(fd >= 0); -+ /* Return the first error we run into, but nevertheless try to go on. -+ * The passed fd is closed in all cases, including on failure. */ -+ -+ for (;;) { /* This loop corresponds to the directory nesting level. */ -+ _cleanup_closedir_ DIR *d = NULL; -+ -+ if (n_todo > 0) { -+ /* We know that we are in recursion here, because n_todo is set. -+ * We need to remove the inner directory we were operating on. */ -+ assert(dirname); -+ r = unlinkat_harder(dirfd(todos[n_todo-1].dir), dirname, AT_REMOVEDIR, flags); -+ if (r < 0 && r != -ENOENT && ret == 0) -+ ret = r; -+ dirname = mfree(dirname); -+ -+ /* And now let's back out one level up */ -+ n_todo --; -+ d = TAKE_PTR(todos[n_todo].dir); -+ dirname = TAKE_PTR(todos[n_todo].dirname); -+ -+ assert(d); -+ fd = dirfd(d); /* Retrieve the file descriptor from the DIR object */ -+ assert(fd >= 0); -+ } else { -+ next_fd: -+ assert(fd >= 0); -+ d = fdopendir(fd); -+ if (!d) { -+ safe_close(fd); -+ return -errno; -+ } -+ fd = dirfd(d); /* We donated the fd to fdopendir(). Let's make sure we sure we have -+ * the right descriptor even if it were to internally invalidate the -+ * one we passed. */ -+ -+ if (!(flags & REMOVE_PHYSICAL)) { -+ struct statfs sfs; -+ -+ if (fstatfs(fd, &sfs) < 0) -+ return -errno; -+ -+ if (is_physical_fs(&sfs)) { -+ /* We refuse to clean physical file systems with this call, unless -+ * explicitly requested. This is extra paranoia just to be sure we -+ * never ever remove non-state data. */ -+ -+ _cleanup_free_ char *path = NULL; -+ -+ (void) fd_get_path(fd, &path); -+ return log_error_errno(SYNTHETIC_ERRNO(EPERM), -+ "Attempted to remove disk file system under \"%s\", and we can't allow that.", -+ strna(path)); -+ } -+ } -+ } - -- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed -- * fd, in all cases, including on failure. */ -+ struct dirent *de; -+ FOREACH_DIRENT_ALL(de, d, return -errno) { -+ int is_dir; - -- d = fdopendir(fd); -- if (!d) { -- safe_close(fd); -- return -errno; -- } -+ if (dot_or_dot_dot(de->d_name)) -+ continue; - -- if (!(flags & REMOVE_PHYSICAL)) { -- struct statfs sfs; -+ is_dir = de->d_type == DT_UNKNOWN ? -1 : de->d_type == DT_DIR; - -- if (fstatfs(dirfd(d), &sfs) < 0) -- return -errno; -+ r = rm_rf_inner_child(fd, de->d_name, is_dir, flags, root_dev, false); -+ if (r == -EISDIR) { -+ /* Push the current working state onto the todo list */ - -- if (is_physical_fs(&sfs)) { -- /* We refuse to clean physical file systems with this call, unless explicitly -- * requested. This is extra paranoia just to be sure we never ever remove non-state -- * data. */ -+ if (!GREEDY_REALLOC0(todos, n_todo + 2)) -+ return log_oom(); - -- _cleanup_free_ char *path = NULL; -+ _cleanup_free_ char *newdirname = strdup(de->d_name); -+ if (!newdirname) -+ return log_oom(); - -- (void) fd_get_path(fd, &path); -- return log_error_errno(SYNTHETIC_ERRNO(EPERM), -- "Attempted to remove disk file system under \"%s\", and we can't allow that.", -- strna(path)); -- } -- } -+ int newfd = openat(fd, de->d_name, -+ O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); -+ if (newfd >= 0) { -+ todos[n_todo++] = (TodoEntry) { TAKE_PTR(d), TAKE_PTR(dirname) }; -+ fd = newfd; -+ dirname = TAKE_PTR(newdirname); - -- FOREACH_DIRENT_ALL(de, d, return -errno) { -- int is_dir; -+ goto next_fd; - -- if (dot_or_dot_dot(de->d_name)) -- continue; -+ } else if (errno != -ENOENT && ret == 0) -+ ret = -errno; - -- is_dir = -- de->d_type == DT_UNKNOWN ? -1 : -- de->d_type == DT_DIR; -+ } else if (r < 0 && r != -ENOENT && ret == 0) -+ ret = r; -+ } - -- r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev); -- if (r < 0 && r != -ENOENT && ret == 0) -- ret = r; -- } -+ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(fd) < 0 && ret >= 0) -+ ret = -errno; - -- if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0) -- ret = -errno; -+ if (n_todo == 0) -+ break; -+ } - - return ret; - } -@@ -337,5 +402,5 @@ int rm_rf_child(int fd, const char *name, RemoveFlags flags) { - if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME)) - return -EINVAL; - -- return rm_rf_children_inner(fd, name, -1, flags, NULL); -+ return rm_rf_inner_child(fd, name, -1, flags, NULL, true); - } --- -2.33.0 - diff --git a/backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch b/backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch deleted file mode 100644 index 8ba7906..0000000 --- a/backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 811b137d6137cc3e8932599e6ef9254ba43ff5eb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 23 Nov 2021 16:56:42 +0100 -Subject: [PATCH] shared/rm_rf: refactor rm_rf() to shorten code a bit - -(cherry picked from commit 84ced330020c0bae57bd4628f1f44eec91304e69) -(cherry picked from commit 664529efa9431edc043126013ea54e6c399ae2d3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/811b137d6137cc3e8932599e6ef9254ba43ff5eb ---- - src/shared/rm-rf.c | 54 +++++++++++++++++++++------------------------- - 1 file changed, 24 insertions(+), 30 deletions(-) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index 7362954116..1bd2431d8a 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -250,7 +250,7 @@ int rm_rf_children( - } - - int rm_rf(const char *path, RemoveFlags flags) { -- int fd, r; -+ int fd, r, q = 0; - - assert(path); - -@@ -282,49 +282,43 @@ int rm_rf(const char *path, RemoveFlags flags) { - } - - fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); -- if (fd < 0) { -+ if (fd >= 0) { -+ /* We have a dir */ -+ r = rm_rf_children(fd, flags, NULL); -+ -+ if (FLAGS_SET(flags, REMOVE_ROOT) && rmdir(path) < 0) -+ q = -errno; -+ } else { - if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) - return 0; - - if (!IN_SET(errno, ENOTDIR, ELOOP)) - return -errno; - -- if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES)) -+ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) || !FLAGS_SET(flags, REMOVE_ROOT)) - return 0; - -- if (FLAGS_SET(flags, REMOVE_ROOT)) { -- -- if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { -- struct statfs s; -- -- if (statfs(path, &s) < 0) -- return -errno; -- if (is_physical_fs(&s)) -- return log_error_errno(SYNTHETIC_ERRNO(EPERM), -- "Attempted to remove files from a disk file system under \"%s\", refusing.", -- path); -- } -- -- if (unlink(path) < 0) { -- if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) -- return 0; -+ if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { -+ struct statfs s; - -+ if (statfs(path, &s) < 0) - return -errno; -- } -+ if (is_physical_fs(&s)) -+ return log_error_errno(SYNTHETIC_ERRNO(EPERM), -+ "Attempted to remove files from a disk file system under \"%s\", refusing.", -+ path); - } - -- return 0; -+ r = 0; -+ if (unlink(path) < 0) -+ q = -errno; - } - -- r = rm_rf_children(fd, flags, NULL); -- -- if (FLAGS_SET(flags, REMOVE_ROOT) && -- rmdir(path) < 0 && -- r >= 0 && -- (!FLAGS_SET(flags, REMOVE_MISSING_OK) || errno != ENOENT)) -- r = -errno; -- -- return r; -+ if (r < 0) -+ return r; -+ if (q < 0 && (q != -ENOENT || !FLAGS_SET(flags, REMOVE_MISSING_OK))) -+ return q; -+ return 0; - } - - int rm_rf_child(int fd, const char *name, RemoveFlags flags) { --- -2.33.0 - diff --git a/backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch b/backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch deleted file mode 100644 index 3fcf1c9..0000000 --- a/backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 89395b63f04f1acc0db533c32637ea20379f97c0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 23 Nov 2021 15:55:45 +0100 -Subject: [PATCH] shared/rm_rf: refactor rm_rf_children_inner() to shorten code - a bit - -(cherry picked from commit 3bac86abfa1b1720180840ffb9d06b3d54841c11) -(cherry picked from commit 47741ff9eae6311a03e4d3d837128191826a4a3a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/89395b63f04f1acc0db533c32637ea20379f97c0 ---- - src/shared/rm-rf.c | 27 +++++++++------------------ - 1 file changed, 9 insertions(+), 18 deletions(-) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index 19f37e0f19..7362954116 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -124,7 +124,7 @@ static int rm_rf_children_inner( - const struct stat *root_dev) { - - struct stat st; -- int r; -+ int r, q = 0; - - assert(fd >= 0); - assert(fname); -@@ -142,7 +142,6 @@ static int rm_rf_children_inner( - - if (is_dir) { - _cleanup_close_ int subdir_fd = -1; -- int q; - - /* if root_dev is set, remove subdirectories only if device is same */ - if (root_dev && st.st_dev != root_dev->st_dev) -@@ -178,23 +177,15 @@ static int rm_rf_children_inner( - * again for each directory */ - q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); - -- r = unlinkat_harder(fd, fname, AT_REMOVEDIR, flags); -- if (r < 0) -- return r; -- if (q < 0) -- return q; -- -- return 1; -- -- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { -- r = unlinkat_harder(fd, fname, 0, flags); -- if (r < 0) -- return r; -- -- return 1; -- } -+ } else if (flags & REMOVE_ONLY_DIRECTORIES) -+ return 0; - -- return 0; -+ r = unlinkat_harder(fd, fname, is_dir ? AT_REMOVEDIR : 0, flags); -+ if (r < 0) -+ return r; -+ if (q < 0) -+ return q; -+ return 1; - } - - int rm_rf_children( --- -2.33.0 - diff --git a/backport-CVE-2021-3997-tmpfiles-st-may-have-been-used-uninitialized.patch b/backport-CVE-2021-3997-tmpfiles-st-may-have-been-used-uninitialized.patch deleted file mode 100644 index fd51c83..0000000 --- a/backport-CVE-2021-3997-tmpfiles-st-may-have-been-used-uninitialized.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 7563de501246dccf5a9ea229933481aa1e7bd5c9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 23 Nov 2021 15:05:58 +0100 -Subject: [PATCH] tmpfiles: 'st' may have been used uninitialized - -(cherry picked from commit 160dadc0350c77d612aa9d5569f57d9bc84c3dca) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7563de501246dccf5a9ea229933481aa1e7bd5c9 ---- - src/shared/rm-rf.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c -index 5ef7c662dd..19f37e0f19 100644 ---- a/src/shared/rm-rf.c -+++ b/src/shared/rm-rf.c -@@ -129,7 +129,9 @@ static int rm_rf_children_inner( - assert(fd >= 0); - assert(fname); - -- if (is_dir < 0 || (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) { -+ if (is_dir < 0 || -+ root_dev || -+ (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) { - - r = fstatat_harder(fd, fname, &st, AT_SYMLINK_NOFOLLOW, flags); - if (r < 0) --- -2.33.0 - diff --git a/backport-CVE-2022-4415-basic-add-STRERROR-wrapper-for-strerror_r.patch b/backport-CVE-2022-4415-basic-add-STRERROR-wrapper-for-strerror_r.patch deleted file mode 100644 index 11968cf..0000000 --- a/backport-CVE-2022-4415-basic-add-STRERROR-wrapper-for-strerror_r.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 2c5d05b3cd986568105d67891e4010b868dea24f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 7 Oct 2022 12:28:31 +0200 -Subject: [PATCH] basic: add STRERROR() wrapper for strerror_r() - -Conflict:Modify the content in meson.build. -Reference:https://github.com/systemd/systemd/commit/2c5d05b3cd986568105d67891e4010b868dea24f - ---- - src/basic/errno-util.h | 10 +++++++++ - src/test/meson.build | 2 ++ - src/test/test-errno-util.c | 44 ++++++++++++++++++++++++++++++++++++++ - 3 files changed, 56 insertions(+) - create mode 100644 src/test/test-errno-util.c - -diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h -index a71864ca60..f0d24d95cb 100644 ---- a/src/basic/errno-util.h -+++ b/src/basic/errno-util.h -@@ -6,6 +6,16 @@ - - #include "macro.h" - -+/* strerror(3) says that glibc uses a maximum length of 1024 bytes. */ -+#define ERRNO_BUF_LEN 1024 -+ -+/* Note: the lifetime of the compound literal is the immediately surrounding block, -+ * see C11 §6.5.2.5, and -+ * https://stackoverflow.com/questions/34880638/compound-literal-lifetime-and-if-blocks -+ * -+ * Note that we use the GNU variant of strerror_r() here. */ -+#define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN) -+ - static inline void _reset_errno_(int *saved_errno) { - if (*saved_errno < 0) /* Invalidated by UNPROTECT_ERRNO? */ - return; -diff --git a/src/test/meson.build b/src/test/meson.build -index 31ac149b96..86fc1d4fc0 100644 ---- a/src/test/meson.build -+++ b/src/test/meson.build -@@ -615,6 +615,8 @@ tests += [ - [['src/test/test-arphrd-list.c', - generated_gperf_headers]], - -+ [['src/test/test-errno-util.c']], -+ - [['src/test/test-ip-protocol-list.c', - shared_generated_gperf_headers]], - -diff --git a/src/test/test-errno-util.c b/src/test/test-errno-util.c -new file mode 100644 -index 0000000000..284f451002 ---- /dev/null -+++ b/src/test/test-errno-util.c -@@ -0,0 +1,44 @@ -+/* SPDX-License-Identifier: LGPL-2.1-or-later */ -+ -+#include "errno-util.h" -+#include "stdio-util.h" -+#include "string-util.h" -+#include "tests.h" -+ -+TEST(strerror_not_threadsafe) { -+ /* Just check that strerror really is not thread-safe. */ -+ log_info("strerror(%d) → %s", 200, strerror(200)); -+ log_info("strerror(%d) → %s", 201, strerror(201)); -+ log_info("strerror(%d) → %s", INT_MAX, strerror(INT_MAX)); -+ -+ log_info("strerror(%d), strerror(%d) → %p, %p", 200, 201, strerror(200), strerror(201)); -+ -+ /* This call is not allowed, because the first returned string becomes invalid when -+ * we call strerror the second time: -+ * -+ * log_info("strerror(%d), strerror(%d) → %s, %s", 200, 201, strerror(200), strerror(201)); -+ */ -+} -+ -+TEST(STRERROR) { -+ /* Just check that STRERROR really is thread-safe. */ -+ log_info("STRERROR(%d) → %s", 200, STRERROR(200)); -+ log_info("STRERROR(%d) → %s", 201, STRERROR(201)); -+ log_info("STRERROR(%d), STRERROR(%d) → %s, %s", 200, 201, STRERROR(200), STRERROR(201)); -+ -+ const char *a = STRERROR(200), *b = STRERROR(201); -+ assert_se(strstr(a, "200")); -+ assert_se(strstr(b, "201")); -+ -+ /* Check with negative values */ -+ assert_se(streq(a, STRERROR(-200))); -+ assert_se(streq(b, STRERROR(-201))); -+ -+ const char *c = STRERROR(INT_MAX); -+ char buf[DECIMAL_STR_MAX(int)]; -+ xsprintf(buf, "%d", INT_MAX); /* INT_MAX is hexadecimal, use printf to convert to decimal */ -+ log_info("STRERROR(%d) → %s", INT_MAX, c); -+ assert_se(strstr(c, buf)); -+} -+ -+DEFINE_TEST_MAIN(LOG_INFO); --- -2.33.0 - diff --git a/backport-CVE-2022-4415-coredump-adjust-whitespace.patch b/backport-CVE-2022-4415-coredump-adjust-whitespace.patch deleted file mode 100644 index 044b773..0000000 --- a/backport-CVE-2022-4415-coredump-adjust-whitespace.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 510a146634f3e095b34e2a26023b1b1f99dcb8c0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 29 Nov 2022 09:00:16 +0100 -Subject: [PATCH] coredump: adjust whitespace - -Conflict:Delete the modification of parse_config. -Reference:https://github.com/systemd/systemd/commit/510a146634f3e095b34e2a26023b1b1f99dcb8c0 - ---- - src/coredump/coredump.c | 56 ++++++++++++++++++++--------------------- - 1 file changed, 28 insertions(+), 28 deletions(-) - -diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c -index 50220c5ec7..9ce2b92ded 100644 ---- a/src/coredump/coredump.c -+++ b/src/coredump/coredump.c -@@ -111,16 +111,16 @@ enum { - }; - - static const char * const meta_field_names[_META_MAX] = { -- [META_ARGV_PID] = "COREDUMP_PID=", -- [META_ARGV_UID] = "COREDUMP_UID=", -- [META_ARGV_GID] = "COREDUMP_GID=", -- [META_ARGV_SIGNAL] = "COREDUMP_SIGNAL=", -- [META_ARGV_TIMESTAMP] = "COREDUMP_TIMESTAMP=", -- [META_ARGV_RLIMIT] = "COREDUMP_RLIMIT=", -- [META_ARGV_HOSTNAME] = "COREDUMP_HOSTNAME=", -- [META_COMM] = "COREDUMP_COMM=", -- [META_EXE] = "COREDUMP_EXE=", -- [META_UNIT] = "COREDUMP_UNIT=", -+ [META_ARGV_PID] = "COREDUMP_PID=", -+ [META_ARGV_UID] = "COREDUMP_UID=", -+ [META_ARGV_GID] = "COREDUMP_GID=", -+ [META_ARGV_SIGNAL] = "COREDUMP_SIGNAL=", -+ [META_ARGV_TIMESTAMP] = "COREDUMP_TIMESTAMP=", -+ [META_ARGV_RLIMIT] = "COREDUMP_RLIMIT=", -+ [META_ARGV_HOSTNAME] = "COREDUMP_HOSTNAME=", -+ [META_COMM] = "COREDUMP_COMM=", -+ [META_EXE] = "COREDUMP_EXE=", -+ [META_UNIT] = "COREDUMP_UNIT=", - }; - - typedef struct Context { -@@ -139,9 +139,9 @@ typedef enum CoredumpStorage { - } CoredumpStorage; - - static const char* const coredump_storage_table[_COREDUMP_STORAGE_MAX] = { -- [COREDUMP_STORAGE_NONE] = "none", -+ [COREDUMP_STORAGE_NONE] = "none", - [COREDUMP_STORAGE_EXTERNAL] = "external", -- [COREDUMP_STORAGE_JOURNAL] = "journal", -+ [COREDUMP_STORAGE_JOURNAL] = "journal", - }; - - DEFINE_PRIVATE_STRING_TABLE_LOOKUP(coredump_storage, CoredumpStorage); -@@ -209,15 +209,15 @@ static int fix_acl(int fd, uid_t uid) { - static int fix_xattr(int fd, const Context *context) { - - static const char * const xattrs[_META_MAX] = { -- [META_ARGV_PID] = "user.coredump.pid", -- [META_ARGV_UID] = "user.coredump.uid", -- [META_ARGV_GID] = "user.coredump.gid", -- [META_ARGV_SIGNAL] = "user.coredump.signal", -- [META_ARGV_TIMESTAMP] = "user.coredump.timestamp", -- [META_ARGV_RLIMIT] = "user.coredump.rlimit", -- [META_ARGV_HOSTNAME] = "user.coredump.hostname", -- [META_COMM] = "user.coredump.comm", -- [META_EXE] = "user.coredump.exe", -+ [META_ARGV_PID] = "user.coredump.pid", -+ [META_ARGV_UID] = "user.coredump.uid", -+ [META_ARGV_GID] = "user.coredump.gid", -+ [META_ARGV_SIGNAL] = "user.coredump.signal", -+ [META_ARGV_TIMESTAMP] = "user.coredump.timestamp", -+ [META_ARGV_RLIMIT] = "user.coredump.rlimit", -+ [META_ARGV_HOSTNAME] = "user.coredump.hostname", -+ [META_COMM] = "user.coredump.comm", -+ [META_EXE] = "user.coredump.exe", - }; - - int r = 0; --- -2.33.0 - diff --git a/backport-CVE-2022-4415-dont-allow-user-access-coredumps-with-changed-uid.patch b/backport-CVE-2022-4415-dont-allow-user-access-coredumps-with-changed-uid.patch deleted file mode 100644 index b9516a2..0000000 --- a/backport-CVE-2022-4415-dont-allow-user-access-coredumps-with-changed-uid.patch +++ /dev/null @@ -1,386 +0,0 @@ -From 3e4d0f6cf99f8677edd6a237382a65bfe758de03 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 28 Nov 2022 12:12:55 +0100 -Subject: [PATCH] coredump: do not allow user to access coredumps with changed - uid/gid/capabilities - -When the user starts a program which elevates its permissions via setuid, -setgid, or capabilities set on the file, it may access additional information -which would then be visible in the coredump. We shouldn't make the the coredump -visible to the user in such cases. - -Reported-by: Matthias Gerstner - -This reads the /proc//auxv file and attaches it to the process metadata as -PROC_AUXV. Before the coredump is submitted, it is parsed and if either -at_secure was set (which the kernel will do for processes that are setuid, -setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file -is not made accessible to the user. If we can't access this data, we assume the -file should not be made accessible either. In principle we could also access -the auxv data from a note in the core file, but that is much more complex and -it seems better to use the stand-alone file that is provided by the kernel. - -Attaching auxv is both convient for this patch (because this way it's passed -between the stages along with other fields), but I think it makes sense to save -it in general. - -We use the information early in the core file to figure out if the program was -32-bit or 64-bit and its endianness. This way we don't need heuristics to guess -whether the format of the auxv structure. This test might reject some cases on -fringe architecutes. But the impact would be limited: we just won't grant the -user permissions to view the coredump file. If people report that we're missing -some cases, we can always enhance this to support more architectures. - -I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and -ppc64el, but not the whole coredump handling. - -Conflict:Change 'r = fsync_full(fd);' to 'if (fsync(fd) < 0)'. -Reference:https://github.com/systemd/systemd/commit/3e4d0f6cf99f8677edd6a237382a65bfe758de03 - ---- - src/basic/io-util.h | 9 ++ - src/coredump/coredump.c | 196 +++++++++++++++++++++++++++++++++++++--- - 2 files changed, 192 insertions(+), 13 deletions(-) - -diff --git a/src/basic/io-util.h b/src/basic/io-util.h -index 39728e06bc..3afb134266 100644 ---- a/src/basic/io-util.h -+++ b/src/basic/io-util.h -@@ -91,7 +91,16 @@ struct iovec_wrapper *iovw_new(void); - struct iovec_wrapper *iovw_free(struct iovec_wrapper *iovw); - struct iovec_wrapper *iovw_free_free(struct iovec_wrapper *iovw); - void iovw_free_contents(struct iovec_wrapper *iovw, bool free_vectors); -+ - int iovw_put(struct iovec_wrapper *iovw, void *data, size_t len); -+static inline int iovw_consume(struct iovec_wrapper *iovw, void *data, size_t len) { -+ /* Move data into iovw or free on error */ -+ int r = iovw_put(iovw, data, len); -+ if (r < 0) -+ free(data); -+ return r; -+} -+ - int iovw_put_string_field(struct iovec_wrapper *iovw, const char *field, const char *value); - int iovw_put_string_field_free(struct iovec_wrapper *iovw, const char *field, char *value); - void iovw_rebase(struct iovec_wrapper *iovw, char *old, char *new); -diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c -index 9ce2b92ded..b6f3a2f256 100644 ---- a/src/coredump/coredump.c -+++ b/src/coredump/coredump.c -@@ -4,6 +4,7 @@ - #include - #include - #include -+#include - #include - #include - -@@ -107,6 +108,7 @@ enum { - - META_EXE = _META_MANDATORY_MAX, - META_UNIT, -+ META_PROC_AUXV, - _META_MAX - }; - -@@ -121,10 +123,12 @@ static const char * const meta_field_names[_META_MAX] = { - [META_COMM] = "COREDUMP_COMM=", - [META_EXE] = "COREDUMP_EXE=", - [META_UNIT] = "COREDUMP_UNIT=", -+ [META_PROC_AUXV] = "COREDUMP_PROC_AUXV=", - }; - - typedef struct Context { - const char *meta[_META_MAX]; -+ size_t meta_size[_META_MAX]; - pid_t pid; - bool is_pid1; - bool is_journald; -@@ -186,13 +190,16 @@ static uint64_t storage_size_max(void) { - return 0; - } - --static int fix_acl(int fd, uid_t uid) { -+static int fix_acl(int fd, uid_t uid, bool allow_user) { -+ assert(fd >= 0); -+ assert(uid_is_valid(uid)); - - #if HAVE_ACL - int r; - -- assert(fd >= 0); -- assert(uid_is_valid(uid)); -+ /* We don't allow users to read coredumps if the uid or capabilities were changed. */ -+ if (!allow_user) -+ return 0; - - if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY) - return 0; -@@ -252,7 +259,8 @@ static int fix_permissions( - const char *filename, - const char *target, - const Context *context, -- uid_t uid) { -+ uid_t uid, -+ bool allow_user) { - - int r; - -@@ -262,7 +270,7 @@ static int fix_permissions( - - /* Ignore errors on these */ - (void) fchmod(fd, 0640); -- (void) fix_acl(fd, uid); -+ (void) fix_acl(fd, uid, allow_user); - (void) fix_xattr(fd, context); - - if (fsync(fd) < 0) -@@ -332,6 +340,153 @@ static int make_filename(const Context *context, char **ret) { - return 0; - } - -+static int parse_auxv64( -+ const uint64_t *auxv, -+ size_t size_bytes, -+ int *at_secure, -+ uid_t *uid, -+ uid_t *euid, -+ gid_t *gid, -+ gid_t *egid) { -+ -+ assert(auxv || size_bytes == 0); -+ -+ if (size_bytes % (2 * sizeof(uint64_t)) != 0) -+ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes); -+ -+ size_t words = size_bytes / sizeof(uint64_t); -+ -+ /* Note that we set output variables even on error. */ -+ -+ for (size_t i = 0; i + 1 < words; i += 2) -+ switch (auxv[i]) { -+ case AT_SECURE: -+ *at_secure = auxv[i + 1] != 0; -+ break; -+ case AT_UID: -+ *uid = auxv[i + 1]; -+ break; -+ case AT_EUID: -+ *euid = auxv[i + 1]; -+ break; -+ case AT_GID: -+ *gid = auxv[i + 1]; -+ break; -+ case AT_EGID: -+ *egid = auxv[i + 1]; -+ break; -+ case AT_NULL: -+ if (auxv[i + 1] != 0) -+ goto error; -+ return 0; -+ } -+ error: -+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), -+ "AT_NULL terminator not found, cannot parse auxv structure."); -+} -+ -+static int parse_auxv32( -+ const uint32_t *auxv, -+ size_t size_bytes, -+ int *at_secure, -+ uid_t *uid, -+ uid_t *euid, -+ gid_t *gid, -+ gid_t *egid) { -+ -+ assert(auxv || size_bytes == 0); -+ -+ size_t words = size_bytes / sizeof(uint32_t); -+ -+ if (size_bytes % (2 * sizeof(uint32_t)) != 0) -+ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes); -+ -+ /* Note that we set output variables even on error. */ -+ -+ for (size_t i = 0; i + 1 < words; i += 2) -+ switch (auxv[i]) { -+ case AT_SECURE: -+ *at_secure = auxv[i + 1] != 0; -+ break; -+ case AT_UID: -+ *uid = auxv[i + 1]; -+ break; -+ case AT_EUID: -+ *euid = auxv[i + 1]; -+ break; -+ case AT_GID: -+ *gid = auxv[i + 1]; -+ break; -+ case AT_EGID: -+ *egid = auxv[i + 1]; -+ break; -+ case AT_NULL: -+ if (auxv[i + 1] != 0) -+ goto error; -+ return 0; -+ } -+ error: -+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), -+ "AT_NULL terminator not found, cannot parse auxv structure."); -+} -+ -+static int grant_user_access(int core_fd, const Context *context) { -+ int at_secure = -1; -+ uid_t uid = UID_INVALID, euid = UID_INVALID; -+ uid_t gid = GID_INVALID, egid = GID_INVALID; -+ int r; -+ -+ assert(core_fd >= 0); -+ assert(context); -+ -+ if (!context->meta[META_PROC_AUXV]) -+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), "No auxv data, not adjusting permissions."); -+ -+ uint8_t elf[EI_NIDENT]; -+ errno = 0; -+ if (pread(core_fd, &elf, sizeof(elf), 0) != sizeof(elf)) -+ return log_warning_errno(errno_or_else(EIO), -+ "Failed to pread from coredump fd: %s", STRERROR_OR_EOF(errno)); -+ -+ if (elf[EI_MAG0] != ELFMAG0 || -+ elf[EI_MAG1] != ELFMAG1 || -+ elf[EI_MAG2] != ELFMAG2 || -+ elf[EI_MAG3] != ELFMAG3 || -+ elf[EI_VERSION] != EV_CURRENT) -+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), -+ "Core file does not have ELF header, not adjusting permissions."); -+ if (!IN_SET(elf[EI_CLASS], ELFCLASS32, ELFCLASS64) || -+ !IN_SET(elf[EI_DATA], ELFDATA2LSB, ELFDATA2MSB)) -+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), -+ "Core file has strange ELF class, not adjusting permissions."); -+ -+ if ((elf[EI_DATA] == ELFDATA2LSB) != (__BYTE_ORDER == __LITTLE_ENDIAN)) -+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), -+ "Core file has non-native endianness, not adjusting permissions."); -+ -+ if (elf[EI_CLASS] == ELFCLASS64) -+ r = parse_auxv64((const uint64_t*) context->meta[META_PROC_AUXV], -+ context->meta_size[META_PROC_AUXV], -+ &at_secure, &uid, &euid, &gid, &egid); -+ else -+ r = parse_auxv32((const uint32_t*) context->meta[META_PROC_AUXV], -+ context->meta_size[META_PROC_AUXV], -+ &at_secure, &uid, &euid, &gid, &egid); -+ if (r < 0) -+ return r; -+ -+ /* We allow access if we got all the data and at_secure is not set and -+ * the uid/gid matches euid/egid. */ -+ bool ret = -+ at_secure == 0 && -+ uid != UID_INVALID && euid != UID_INVALID && uid == euid && -+ gid != GID_INVALID && egid != GID_INVALID && gid == egid; -+ log_debug("Will %s access (uid="UID_FMT " euid="UID_FMT " gid="GID_FMT " egid="GID_FMT " at_secure=%s)", -+ ret ? "permit" : "restrict", -+ uid, euid, gid, egid, yes_no(at_secure)); -+ return ret; -+} -+ - static int save_external_coredump( - const Context *context, - int input_fd, -@@ -454,6 +609,8 @@ static int save_external_coredump( - context->meta[META_ARGV_PID], context->meta[META_COMM]); - truncated = r == 1; - -+ bool allow_user = grant_user_access(fd, context) > 0; -+ - #if HAVE_COMPRESSION - if (arg_compress) { - _cleanup_(unlink_and_freep) char *tmp_compressed = NULL; -@@ -491,7 +648,7 @@ static int save_external_coredump( - uncompressed_size += partial_uncompressed_size; - } - -- r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid); -+ r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid, allow_user); - if (r < 0) - return r; - -@@ -518,7 +675,7 @@ static int save_external_coredump( - "SIZE_LIMIT=%"PRIu64, max_size, - "MESSAGE_ID=" SD_MESSAGE_TRUNCATED_CORE_STR); - -- r = fix_permissions(fd, tmp, fn, context, uid); -+ r = fix_permissions(fd, tmp, fn, context, uid, allow_user); - if (r < 0) - return log_error_errno(r, "Failed to fix permissions and finalize coredump %s into %s: %m", coredump_tmpfile_name(tmp), fn); - -@@ -766,7 +923,7 @@ static int change_uid_gid(const Context *context) { - } - - static int submit_coredump( -- Context *context, -+ const Context *context, - struct iovec_wrapper *iovw, - int input_fd) { - -@@ -945,16 +1102,15 @@ static int save_context(Context *context, const struct iovec_wrapper *iovw) { - struct iovec *iovec = iovw->iovec + n; - - for (size_t i = 0; i < ELEMENTSOF(meta_field_names); i++) { -- char *p; -- - /* Note that these strings are NUL terminated, because we made sure that a - * trailing NUL byte is in the buffer, though not included in the iov_len - * count (see process_socket() and gather_pid_metadata_*()) */ - assert(((char*) iovec->iov_base)[iovec->iov_len] == 0); - -- p = startswith(iovec->iov_base, meta_field_names[i]); -+ const char *p = startswith(iovec->iov_base, meta_field_names[i]); - if (p) { - context->meta[i] = p; -+ context->meta_size[i] = iovec->iov_len - strlen(meta_field_names[i]); - break; - } - } -@@ -1191,6 +1347,7 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) { - uid_t owner_uid; - pid_t pid; - char *t; -+ size_t size; - const char *p; - int r; - -@@ -1255,13 +1412,26 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) { - (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_LIMITS=", t); - - p = procfs_file_alloca(pid, "cgroup"); -- if (read_full_virtual_file(p, &t, NULL) >=0) -+ if (read_full_virtual_file(p, &t, NULL) >= 0) - (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_CGROUP=", t); - - p = procfs_file_alloca(pid, "mountinfo"); -- if (read_full_virtual_file(p, &t, NULL) >=0) -+ if (read_full_virtual_file(p, &t, NULL) >= 0) - (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_MOUNTINFO=", t); - -+ /* We attach /proc/auxv here. ELF coredumps also contain a note for this (NT_AUXV), see elf(5). */ -+ p = procfs_file_alloca(pid, "auxv"); -+ if (read_full_virtual_file(p, &t, &size) >= 0) { -+ char *buf = malloc(strlen("COREDUMP_PROC_AUXV=") + size + 1); -+ if (buf) { -+ /* Add a dummy terminator to make save_context() happy. */ -+ *((uint8_t*) mempcpy(stpcpy(buf, "COREDUMP_PROC_AUXV="), t, size)) = '\0'; -+ (void) iovw_consume(iovw, buf, size + strlen("COREDUMP_PROC_AUXV=")); -+ } -+ -+ free(t); -+ } -+ - if (get_process_cwd(pid, &t) >= 0) - (void) iovw_put_string_field_free(iovw, "COREDUMP_CWD=", t); - --- -2.33.0 - diff --git a/backport-CVE-2022-4415-test-Add-TEST_RET-macro.patch b/backport-CVE-2022-4415-test-Add-TEST_RET-macro.patch deleted file mode 100644 index 5a1e5d2..0000000 --- a/backport-CVE-2022-4415-test-Add-TEST_RET-macro.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 4c0acc0761aae0370e20e118b9db3b704e9045cd Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Thu, 25 Nov 2021 10:27:51 +0100 -Subject: [PATCH] test: Add TEST_RET macro - -This declares a test function whose return code will be passed from -main(). The first test that does not return EXIT_SUCCESS wins. - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4c0acc0761aae0370e20e118b9db3b704e9045cd - ---- - src/shared/tests.h | 54 ++++++++++++++++++++++++++++++++-------------- - 1 file changed, 38 insertions(+), 16 deletions(-) - -diff --git a/src/shared/tests.h b/src/shared/tests.h -index 872b9b2d6c..d1c96ef35b 100644 ---- a/src/shared/tests.h -+++ b/src/shared/tests.h -@@ -46,46 +46,68 @@ bool can_memlock(void); - const char *ci_environment(void); - - typedef struct TestFunc { -- void (*f)(void); -- const char * const n; -+ union f { -+ void (*void_func)(void); -+ int (*int_func)(void); -+ } f; -+ const char * const name; -+ bool has_ret; - } TestFunc; - - /* See static-destruct.h for an explanation of how this works. */ --#define REGISTER_TEST(func) \ -- static void func(void); \ -- _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \ -- static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \ -- .f = &(func), \ -- .n = STRINGIFY(func), \ -+#define REGISTER_TEST(func) \ -+ _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \ -+ static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \ -+ .f = (union f) &(func), \ -+ .name = STRINGIFY(func), \ -+ .has_ret = __builtin_types_compatible_p(typeof((union f){}.int_func), typeof(&(func))), \ - } - - extern const TestFunc _weak_ __start_SYSTEMD_TEST_TABLE[]; - extern const TestFunc _weak_ __stop_SYSTEMD_TEST_TABLE[]; - --#define TEST(name) \ -- REGISTER_TEST(test_##name); \ -+#define TEST(name) \ -+ static void test_##name(void); \ -+ REGISTER_TEST(test_##name); \ - static void test_##name(void) - --static inline void run_test_table(void) { -+#define TEST_RET(name) \ -+ static int test_##name(void); \ -+ REGISTER_TEST(test_##name); \ -+ static int test_##name(void) -+ -+static inline int run_test_table(void) { -+ int r = EXIT_SUCCESS; -+ - if (!__start_SYSTEMD_TEST_TABLE) -- return; -+ return r; - - const TestFunc *t = ALIGN_TO_PTR(__start_SYSTEMD_TEST_TABLE, sizeof(TestFunc*)); - while (t < __stop_SYSTEMD_TEST_TABLE) { -- log_info("/* %s */", t->n); -- t->f(); -+ log_info("/* %s */", t->name); -+ -+ if (t->has_ret) { -+ int r2 = t->f.int_func(); -+ if (r == EXIT_SUCCESS) -+ r = r2; -+ } else -+ t->f.void_func(); -+ - t = ALIGN_TO_PTR(t + 1, sizeof(TestFunc*)); - } -+ -+ return r; - } - - #define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \ - int main(int argc, char *argv[]) { \ -+ int _r = EXIT_SUCCESS; \ - test_setup_logging(log_level); \ - save_argc_argv(argc, argv); \ - intro; \ -- run_test_table(); \ -+ _r = run_test_table(); \ - outro; \ -- return EXIT_SUCCESS; \ -+ return _r; \ - } - - #define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, , ) --- -2.33.0 - diff --git a/backport-CVE-2022-4415-test-Add-sd_booted-condition-test-to-TEST-macro.patch b/backport-CVE-2022-4415-test-Add-sd_booted-condition-test-to-TEST-macro.patch deleted file mode 100644 index 1479550..0000000 --- a/backport-CVE-2022-4415-test-Add-sd_booted-condition-test-to-TEST-macro.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 0578dfe3eb2ceb8571b62a904dec0ddf410f6352 Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Thu, 25 Nov 2021 10:45:15 +0100 -Subject: [PATCH] test: Add sd_booted condition test to TEST macro - -Note that this will only report test skips if they use TEST_RET macro. -Regular TEST macros can still be skipped, but this will not be reported -back to main(); - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0578dfe3eb2ceb8571b62a904dec0ddf410f6352 - ---- - src/shared/tests.h | 43 ++++++++++++++++++++++++++----------------- - 1 file changed, 26 insertions(+), 17 deletions(-) - -diff --git a/src/shared/tests.h b/src/shared/tests.h -index d1c96ef35b..95283e2829 100644 ---- a/src/shared/tests.h -+++ b/src/shared/tests.h -@@ -39,7 +39,7 @@ bool can_memlock(void); - if (sd_booted() > 0) { \ - x; \ - } else { \ -- printf("systemd not booted skipping '%s'\n", #x); \ -+ printf("systemd not booted, skipping '%s'\n", #x); \ - } - - /* Provide a convenient way to check if we're running in CI. */ -@@ -51,29 +51,31 @@ typedef struct TestFunc { - int (*int_func)(void); - } f; - const char * const name; -- bool has_ret; -+ bool has_ret:1; -+ bool sd_booted:1; - } TestFunc; - - /* See static-destruct.h for an explanation of how this works. */ --#define REGISTER_TEST(func) \ -+#define REGISTER_TEST(func, ...) \ - _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \ - static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \ - .f = (union f) &(func), \ - .name = STRINGIFY(func), \ - .has_ret = __builtin_types_compatible_p(typeof((union f){}.int_func), typeof(&(func))), \ -+ ##__VA_ARGS__ \ - } - - extern const TestFunc _weak_ __start_SYSTEMD_TEST_TABLE[]; - extern const TestFunc _weak_ __stop_SYSTEMD_TEST_TABLE[]; - --#define TEST(name) \ -- static void test_##name(void); \ -- REGISTER_TEST(test_##name); \ -+#define TEST(name, ...) \ -+ static void test_##name(void); \ -+ REGISTER_TEST(test_##name, ##__VA_ARGS__); \ - static void test_##name(void) - --#define TEST_RET(name) \ -- static int test_##name(void); \ -- REGISTER_TEST(test_##name); \ -+#define TEST_RET(name, ...) \ -+ static int test_##name(void); \ -+ REGISTER_TEST(test_##name, ##__VA_ARGS__); \ - static int test_##name(void) - - static inline int run_test_table(void) { -@@ -84,14 +86,21 @@ static inline int run_test_table(void) { - - const TestFunc *t = ALIGN_TO_PTR(__start_SYSTEMD_TEST_TABLE, sizeof(TestFunc*)); - while (t < __stop_SYSTEMD_TEST_TABLE) { -- log_info("/* %s */", t->name); -- -- if (t->has_ret) { -- int r2 = t->f.int_func(); -- if (r == EXIT_SUCCESS) -- r = r2; -- } else -- t->f.void_func(); -+ -+ if (t->sd_booted && sd_booted() <= 0) { -+ log_info("/* systemd not booted, skipping %s */", t->name); -+ if (t->has_ret && r == EXIT_SUCCESS) -+ r = EXIT_TEST_SKIP; -+ } else { -+ log_info("/* %s */", t->name); -+ -+ if (t->has_ret) { -+ int r2 = t->f.int_func(); -+ if (r == EXIT_SUCCESS) -+ r = r2; -+ } else -+ t->f.void_func(); -+ } - - t = ALIGN_TO_PTR(t + 1, sizeof(TestFunc*)); - } --- -2.33.0 - diff --git a/backport-CVE-2022-4415-test-Create-convenience-macros-to-declare-tests.patch b/backport-CVE-2022-4415-test-Create-convenience-macros-to-declare-tests.patch deleted file mode 100644 index e5af4bf..0000000 --- a/backport-CVE-2022-4415-test-Create-convenience-macros-to-declare-tests.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 9cc615460830afdb51ad23e594906bbe60a3b25a Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Fri, 12 Nov 2021 10:54:44 +0100 -Subject: [PATCH] test: Create convenience macros to declare tests - -Conflict:Delete all contents in test-macro.c. -Reference:https://github.com/systemd/systemd/commit/9cc615460830afdb51ad23e594906bbe60a3b25a - ---- - src/shared/tests.h | 47 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 47 insertions(+) - -diff --git a/src/shared/tests.h b/src/shared/tests.h -index c1350763ad..f333ebd842 100644 ---- a/src/shared/tests.h -+++ b/src/shared/tests.h -@@ -43,3 +43,50 @@ bool can_memlock(void); - - /* Provide a convenient way to check if we're running in CI. */ - const char *ci_environment(void); -+ -+typedef struct TestFunc { -+ void (*f)(void); -+ const char * const n; -+} TestFunc; -+ -+/* See static-destruct.h for an explanation of how this works. */ -+#define REGISTER_TEST(func) \ -+ static void func(void); \ -+ _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \ -+ static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \ -+ .f = &(func), \ -+ .n = STRINGIFY(func), \ -+ } -+ -+extern const TestFunc _weak_ __start_SYSTEMD_TEST_TABLE[]; -+extern const TestFunc _weak_ __stop_SYSTEMD_TEST_TABLE[]; -+ -+#define TEST(name) \ -+ REGISTER_TEST(test_##name); \ -+ static void test_##name(void) -+ -+static inline void run_test_table(void) { -+ if (!__start_SYSTEMD_TEST_TABLE) -+ return; -+ -+ const TestFunc *t = ALIGN_TO_PTR(__start_SYSTEMD_TEST_TABLE, sizeof(TestFunc*)); -+ while (t < __stop_SYSTEMD_TEST_TABLE) { -+ log_info("/* %s */", t->n); -+ t->f(); -+ t = ALIGN_TO_PTR(t + 1, sizeof(TestFunc*)); -+ } -+} -+ -+#define DEFINE_TEST_MAIN \ -+ int main(int argc, char *argv[]) { \ -+ test_setup_logging(LOG_INFO); \ -+ run_test_table(); \ -+ return EXIT_SUCCESS; \ -+ } -+ -+#define DEFINE_CUSTOM_TEST_MAIN(impl) \ -+ int main(int argc, char *argv[]) { \ -+ test_setup_logging(LOG_INFO); \ -+ run_test_table(); \ -+ return impl(); \ -+ } --- -2.33.0 - diff --git a/backport-CVE-2022-4415-test-Slightly-rework-DEFINE_TEST_MAIN-macros.patch b/backport-CVE-2022-4415-test-Slightly-rework-DEFINE_TEST_MAIN-macros.patch deleted file mode 100644 index a32be71..0000000 --- a/backport-CVE-2022-4415-test-Slightly-rework-DEFINE_TEST_MAIN-macros.patch +++ /dev/null @@ -1,57 +0,0 @@ -From a40b728e1172cc07a09e12dd56089ab37c8c5924 Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Tue, 23 Nov 2021 13:40:27 +0100 -Subject: [PATCH] test: Slightly rework DEFINE_TEST_MAIN macros - -- A lot of tests want a different log level -- Provides saved_argc/saved_argv to tests -- Separate intro/outro is more flexible - -Conflict:Delete content in test-macro.c. -Reference:https://github.com/systemd/systemd/commit/a40b728e1172cc07a09e12dd56089ab37c8c5924 - ---- - src/shared/tests.h | 21 ++++++++++----------- - 1 file changed, 10 insertions(+), 11 deletions(-) - -diff --git a/src/shared/tests.h b/src/shared/tests.h -index f333ebd842..872b9b2d6c 100644 ---- a/src/shared/tests.h -+++ b/src/shared/tests.h -@@ -6,6 +6,7 @@ - #include "sd-daemon.h" - - #include "macro.h" -+#include "util.h" - - static inline bool manager_errno_skip_test(int r) { - return IN_SET(abs(r), -@@ -77,16 +78,14 @@ static inline void run_test_table(void) { - } - } - --#define DEFINE_TEST_MAIN \ -- int main(int argc, char *argv[]) { \ -- test_setup_logging(LOG_INFO); \ -- run_test_table(); \ -- return EXIT_SUCCESS; \ -+#define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \ -+ int main(int argc, char *argv[]) { \ -+ test_setup_logging(log_level); \ -+ save_argc_argv(argc, argv); \ -+ intro; \ -+ run_test_table(); \ -+ outro; \ -+ return EXIT_SUCCESS; \ - } - --#define DEFINE_CUSTOM_TEST_MAIN(impl) \ -- int main(int argc, char *argv[]) { \ -- test_setup_logging(LOG_INFO); \ -- run_test_table(); \ -- return impl(); \ -- } -+#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, , ) --- -2.33.0 - diff --git a/backport-CVE-2022-4415-tree-wide-define-and-use-STRERROR_OR_EOF.patch b/backport-CVE-2022-4415-tree-wide-define-and-use-STRERROR_OR_EOF.patch deleted file mode 100644 index e1f7a72..0000000 --- a/backport-CVE-2022-4415-tree-wide-define-and-use-STRERROR_OR_EOF.patch +++ /dev/null @@ -1,105 +0,0 @@ -From f69ae8585f5ce6cd8d1e6f3ccd6c9c2cf153e846 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 10 Oct 2022 21:19:43 +0200 -Subject: [PATCH] tree-wide: define and use STRERROR_OR_EOF() - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f69ae8585f5ce6cd8d1e6f3ccd6c9c2cf153e846 - ---- - src/basic/errno-util.h | 5 +++++ - src/journal-remote/journal-gatewayd.c | 4 ++-- - src/libsystemd/sd-bus/test-bus-chat.c | 2 +- - src/login/logind-seat.c | 8 ++++---- - src/test/test-errno-util.c | 6 ++++++ - 5 files changed, 18 insertions(+), 7 deletions(-) - -diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h -index f0d24d95cb..1e2e5b9f15 100644 ---- a/src/basic/errno-util.h -+++ b/src/basic/errno-util.h -@@ -16,6 +16,11 @@ - * Note that we use the GNU variant of strerror_r() here. */ - #define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN) - -+/* A helper to print an error message or message for functions that return 0 on EOF. -+ * Note that we can't use ({ … }) to define a temporary variable, so errnum is -+ * evaluated twice. */ -+#define STRERROR_OR_EOF(errnum) ((errnum) != 0 ? STRERROR(errnum) : "Unexpected EOF") -+ - static inline void _reset_errno_(int *saved_errno) { - if (*saved_errno < 0) /* Invalidated by UNPROTECT_ERRNO? */ - return; -diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c -index 3e2a85ce29..34def4670e 100644 ---- a/src/journal-remote/journal-gatewayd.c -+++ b/src/journal-remote/journal-gatewayd.c -@@ -256,7 +256,7 @@ static ssize_t request_reader_entries( - errno = 0; - k = fread(buf, 1, n, m->tmp); - if (k != n) { -- log_error("Failed to read from file: %s", errno != 0 ? strerror_safe(errno) : "Premature EOF"); -+ log_error("Failed to read from file: %s", STRERROR_OR_EOF(errno)); - return MHD_CONTENT_READER_END_WITH_ERROR; - } - -@@ -600,7 +600,7 @@ static ssize_t request_reader_fields( - errno = 0; - k = fread(buf, 1, n, m->tmp); - if (k != n) { -- log_error("Failed to read from file: %s", errno != 0 ? strerror_safe(errno) : "Premature EOF"); -+ log_error("Failed to read from file: %s", STRERROR_OR_EOF(errno)); - return MHD_CONTENT_READER_END_WITH_ERROR; - } - -diff --git a/src/libsystemd/sd-bus/test-bus-chat.c b/src/libsystemd/sd-bus/test-bus-chat.c -index df6dd62151..93e8ebfb1b 100644 ---- a/src/libsystemd/sd-bus/test-bus-chat.c -+++ b/src/libsystemd/sd-bus/test-bus-chat.c -@@ -308,7 +308,7 @@ static void* client1(void *p) { - - errno = 0; - if (read(pp[0], &x, 1) <= 0) { -- log_error("Failed to read from pipe: %s", errno != 0 ? strerror_safe(errno) : "early read"); -+ log_error("Failed to read from pipe: %s", STRERROR_OR_EOF(errno)); - goto finish; - } - -diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c -index 43c72da11f..d8ad424bfe 100644 ---- a/src/login/logind-seat.c -+++ b/src/login/logind-seat.c -@@ -389,11 +389,11 @@ int seat_read_active_vt(Seat *s) { - if (lseek(s->manager->console_active_fd, SEEK_SET, 0) < 0) - return log_error_errno(errno, "lseek on console_active_fd failed: %m"); - -+ errno = 0; - k = read(s->manager->console_active_fd, t, sizeof(t)-1); -- if (k <= 0) { -- log_error("Failed to read current console: %s", k < 0 ? strerror_safe(errno) : "EOF"); -- return k < 0 ? -errno : -EIO; -- } -+ if (k <= 0) -+ return log_error_errno(errno ?: EIO, -+ "Failed to read current console: %s", STRERROR_OR_EOF(errno)); - - t[k] = 0; - truncate_nl(t); -diff --git a/src/test/test-errno-util.c b/src/test/test-errno-util.c -index 284f451002..f858927c92 100644 ---- a/src/test/test-errno-util.c -+++ b/src/test/test-errno-util.c -@@ -41,4 +41,10 @@ TEST(STRERROR) { - assert_se(strstr(c, buf)); - } - -+TEST(STRERROR_OR_ELSE) { -+ log_info("STRERROR_OR_ELSE(0, \"EOF\") → %s", STRERROR_OR_EOF(0)); -+ log_info("STRERROR_OR_ELSE(EPERM, \"EOF\") → %s", STRERROR_OR_EOF(EPERM)); -+ log_info("STRERROR_OR_ELSE(-EPERM, \"EOF\") → %s", STRERROR_OR_EOF(-EPERM)); -+} -+ - DEFINE_TEST_MAIN(LOG_INFO); --- -2.33.0 - diff --git a/backport-Change-gendered-terms-to-be-gender-neutral-21325.patch b/backport-Change-gendered-terms-to-be-gender-neutral-21325.patch deleted file mode 100644 index 44c35d3..0000000 --- a/backport-Change-gendered-terms-to-be-gender-neutral-21325.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 3ba07929636e1a55c71767e40e23bf639b7a8db5 Mon Sep 17 00:00:00 2001 -From: Emily Gonyer -Date: Fri, 12 Nov 2021 10:09:56 -0500 -Subject: [PATCH] Change gendered terms to be gender-neutral (#21325) - -Some typos are also fixed. - -(cherry picked from commit be7148ebed5d73c4a76bc6089ebe2e82d8fa33e0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/3ba07929636e1a55c71767e40e23bf639b7a8db5 ---- - docs/CODING_STYLE.md | 2 +- - docs/PREDICTABLE_INTERFACE_NAMES.md | 2 +- - man/sd_bus_add_object.xml | 2 +- - src/core/manager.h | 2 +- - src/hostname/hostnamectl.c | 2 +- - src/libsystemd/sd-bus/bus-socket.c | 4 ++-- - src/libsystemd/sd-bus/sd-bus.c | 2 +- - src/udev/dmi_memory_id/dmi_memory_id.c | 2 +- - 8 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/docs/CODING_STYLE.md b/docs/CODING_STYLE.md -index 54150e1ee7..05fbb2ac9e 100644 ---- a/docs/CODING_STYLE.md -+++ b/docs/CODING_STYLE.md -@@ -287,7 +287,7 @@ layout: default - with a more brutal `assert()`. We are more forgiving to public users than for - ourselves! Note that `assert()` and `assert_return()` really only should be - used for detecting programming errors, not for runtime errors. `assert()` and -- `assert_return()` by usage of `_likely_()` inform the compiler that he should -+ `assert_return()` by usage of `_likely_()` inform the compiler that it should - not expect these checks to fail, and they inform fellow programmers about the - expected validity and range of parameters. - -diff --git a/docs/PREDICTABLE_INTERFACE_NAMES.md b/docs/PREDICTABLE_INTERFACE_NAMES.md -index 07529e7a70..890bd3935c 100644 ---- a/docs/PREDICTABLE_INTERFACE_NAMES.md -+++ b/docs/PREDICTABLE_INTERFACE_NAMES.md -@@ -53,7 +53,7 @@ With this new scheme you now get: - * The same on all distributions that adopted systemd/udev - * It's easy to opt out of the scheme (see below) - --Does this have any drawbacks? Yes, it does. Previously it was practically guaranteed that hosts equipped with a single ethernet card only had a single `eth0` interface. With this new scheme in place, an administrator now has to check first what the local interface name is before he can invoke commands on it where previously he had a good chance that `eth0` was the right name. -+Does this have any drawbacks? Yes, it does. Previously it was practically guaranteed that hosts equipped with a single ethernet card only had a single `eth0` interface. With this new scheme in place, an administrator now has to check first what the local interface name is before they can invoke commands on it, where previously they had a good chance that `eth0` was the right name. - - - ## I don't like this, how do I disable this? -diff --git a/man/sd_bus_add_object.xml b/man/sd_bus_add_object.xml -index 31a3344bbd..54683e4f11 100644 ---- a/man/sd_bus_add_object.xml -+++ b/man/sd_bus_add_object.xml -@@ -508,7 +508,7 @@ - - SD_BUS_VTABLE_METHOD_NO_REPLY - -- Mark his vtable entry as a method that will not return a reply using the -+ Mark this vtable entry as a method that will not return a reply using the - org.freedesktop.DBus.Method.NoReply annotation in introspection data. - - -diff --git a/src/core/manager.h b/src/core/manager.h -index b3e7c68e6d..14a80b396e 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -195,7 +195,7 @@ struct Manager { - - sd_event *event; - -- /* This maps PIDs we care about to units that are interested in. We allow multiple units to he interested in -+ /* This maps PIDs we care about to units that are interested in. We allow multiple units to be interested in - * the same PID and multiple PIDs to be relevant to the same unit. Since in most cases only a single unit will - * be interested in the same PID we use a somewhat special encoding here: the first unit interested in a PID is - * stored directly in the hashmap, keyed by the PID unmodified. If there are other units interested too they'll -diff --git a/src/hostname/hostnamectl.c b/src/hostname/hostnamectl.c -index 283038c7cb..2eca5feaca 100644 ---- a/src/hostname/hostnamectl.c -+++ b/src/hostname/hostnamectl.c -@@ -442,7 +442,7 @@ static int set_hostname(int argc, char **argv, void *userdata) { - * dot if there is one. If it was not valid, then it will be made fully valid by truncating, dropping - * multiple dots, and dropping weird chars. Note that we clean the name up only if we also are - * supposed to set the pretty name. If the pretty name is not being set we assume the user knows what -- * he does and pass the name as-is. */ -+ * they are doing and pass the name as-is. */ - h = strdup(hostname); - if (!h) - return log_oom(); -diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c -index 378774fe8b..09eb49c37f 100644 ---- a/src/libsystemd/sd-bus/bus-socket.c -+++ b/src/libsystemd/sd-bus/bus-socket.c -@@ -300,8 +300,8 @@ static int verify_external_token(sd_bus *b, const char *p, size_t l) { - uid_t u; - int r; - -- /* We don't do any real authentication here. Instead, we if -- * the owner of this bus wanted authentication he should have -+ /* We don't do any real authentication here. Instead, if -+ * the owner of this bus wanted authentication they should have - * checked SO_PEERCRED before even creating the bus object. */ - - if (!b->anonymous_auth && !b->ucred_valid) -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index 79c24fe703..ab8d4e4a60 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -3274,7 +3274,7 @@ static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec) { - return e; - - if (need_more) -- /* The caller really needs some more data, he doesn't -+ /* The caller really needs some more data, they don't - * care about what's already read, or any timeouts - * except its own. */ - e |= POLLIN; -diff --git a/src/udev/dmi_memory_id/dmi_memory_id.c b/src/udev/dmi_memory_id/dmi_memory_id.c -index 64eba0d314..00e46f8b9e 100644 ---- a/src/udev/dmi_memory_id/dmi_memory_id.c -+++ b/src/udev/dmi_memory_id/dmi_memory_id.c -@@ -539,7 +539,7 @@ static void dmi_table_decode(const uint8_t *buf, size_t len, uint16_t num) { - - /* If a short entry is found (less than 4 bytes), not only it - * is invalid, but we cannot reliably locate the next entry. -- * Better stop at this point, and let the user know his/her -+ * Better stop at this point, and let the user know their - * table is broken. */ - if (h.length < 4) - break; --- -2.33.0 - diff --git a/backport-Don-t-open-var-journals-in-volatile-mode-when-runtim.patch b/backport-Don-t-open-var-journals-in-volatile-mode-when-runtim.patch deleted file mode 100644 index a1e4176..0000000 --- a/backport-Don-t-open-var-journals-in-volatile-mode-when-runtim.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 00e7f0994a39852ab1adabfb7e19ff2634e916a0 Mon Sep 17 00:00:00 2001 -From: Milo Turner -Date: Fri, 13 Aug 2021 10:28:58 -0400 -Subject: [PATCH] Don't open /var journals in volatile mode when - runtime_journal==NULL - -(cherry picked from commit d64441b669932ab97fbbfc71cb143045f690039e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/00e7f0994a39852ab1adabfb7e19ff2634e916a0 ---- - src/journal/journald-server.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c -index 30f04f5383..a0695ec519 100644 ---- a/src/journal/journald-server.c -+++ b/src/journal/journald-server.c -@@ -415,6 +415,13 @@ static JournalFile* find_journal(Server *s, uid_t uid) { - if (s->runtime_journal) - return s->runtime_journal; - -+ /* If we are not in persistent mode, then we need return NULL immediately rather than opening a -+ * persistent journal of any sort. -+ * -+ * Fixes https://github.com/systemd/systemd/issues/20390 */ -+ if (!IN_SET(s->storage, STORAGE_AUTO, STORAGE_PERSISTENT)) -+ return NULL; -+ - if (uid_for_system_journal(uid)) - return s->system_journal; - --- -2.33.0 - diff --git a/backport-Drop-bundled-copy-of-linux-if_arp.h.patch b/backport-Drop-bundled-copy-of-linux-if_arp.h.patch deleted file mode 100644 index 6453c10..0000000 --- a/backport-Drop-bundled-copy-of-linux-if_arp.h.patch +++ /dev/null @@ -1,227 +0,0 @@ -From f27585b58a308454bf3409a77c8b1dd12fc64816 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 15 Sep 2021 16:33:05 +0200 -Subject: [PATCH] Drop bundled copy of linux/if_arp.h -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -As far as I can see, we use this to get a list of ARPHRD_* defines (used in -particular for Type= in .link files). If we drop our copy, and build against -old kernel headers, the user will have a shorter list of types available. This -seems OK, and I don't think it's worth carrying our own version of this file -just to have newest possible entries. - -7c5b9952c4f6e2b72f90edbe439982528b7cf223 recently updated this file, but we'd -have to update it every time the kernel adds new entries. But if we look at -the failure carefully: - -src/basic/arphrd-from-name.gperf:65:16: error: ‘ARPHRD_MCTP’ undeclared (first use in this function); did you mean ‘ARPHRD_FCPP’? - 65 | MCTP, ARPHRD_MCTP - | ^~ - | ARPHRD_FCPP - -we see that the list we were generating was from the system headers, so it was -only as good as the system headers anyway, without the newer entries in our -bundled copy, if there were any. So let's make things simpler by always using -system headers. - -And if somebody wants to fix things so that we always have the newest list, -then we should just generate and store the converted list, not the full header. - -(cherry picked from commit e7f46ee3ae1cc66a94b293957721d68dc09d7449) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f27585b58a308454bf3409a77c8b1dd12fc64816 ---- - src/basic/linux/if_arp.h | 165 --------------------------------------- - src/basic/meson.build | 1 - - 2 files changed, 166 deletions(-) - delete mode 100644 src/basic/linux/if_arp.h - -diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h -deleted file mode 100644 -index 4783af9fe5..0000000000 ---- a/src/basic/linux/if_arp.h -+++ /dev/null -@@ -1,165 +0,0 @@ --/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ --/* -- * INET An implementation of the TCP/IP protocol suite for the LINUX -- * operating system. INET is implemented using the BSD Socket -- * interface as the means of communication with the user level. -- * -- * Global definitions for the ARP (RFC 826) protocol. -- * -- * Version: @(#)if_arp.h 1.0.1 04/16/93 -- * -- * Authors: Original taken from Berkeley UNIX 4.3, (c) UCB 1986-1988 -- * Portions taken from the KA9Q/NOS (v2.00m PA0GRI) source. -- * Ross Biro -- * Fred N. van Kempen, -- * Florian La Roche, -- * Jonathan Layes -- * Arnaldo Carvalho de Melo ARPHRD_HWX25 -- * -- * This program is free software; you can redistribute it and/or -- * modify it under the terms of the GNU General Public License -- * as published by the Free Software Foundation; either version -- * 2 of the License, or (at your option) any later version. -- */ --#ifndef _UAPI_LINUX_IF_ARP_H --#define _UAPI_LINUX_IF_ARP_H -- --#include -- --/* ARP protocol HARDWARE identifiers. */ --#define ARPHRD_NETROM 0 /* from KA9Q: NET/ROM pseudo */ --#define ARPHRD_ETHER 1 /* Ethernet 10Mbps */ --#define ARPHRD_EETHER 2 /* Experimental Ethernet */ --#define ARPHRD_AX25 3 /* AX.25 Level 2 */ --#define ARPHRD_PRONET 4 /* PROnet token ring */ --#define ARPHRD_CHAOS 5 /* Chaosnet */ --#define ARPHRD_IEEE802 6 /* IEEE 802.2 Ethernet/TR/TB */ --#define ARPHRD_ARCNET 7 /* ARCnet */ --#define ARPHRD_APPLETLK 8 /* APPLEtalk */ --#define ARPHRD_DLCI 15 /* Frame Relay DLCI */ --#define ARPHRD_ATM 19 /* ATM */ --#define ARPHRD_METRICOM 23 /* Metricom STRIP (new IANA id) */ --#define ARPHRD_IEEE1394 24 /* IEEE 1394 IPv4 - RFC 2734 */ --#define ARPHRD_EUI64 27 /* EUI-64 */ --#define ARPHRD_INFINIBAND 32 /* InfiniBand */ -- --/* Dummy types for non ARP hardware */ --#define ARPHRD_SLIP 256 --#define ARPHRD_CSLIP 257 --#define ARPHRD_SLIP6 258 --#define ARPHRD_CSLIP6 259 --#define ARPHRD_RSRVD 260 /* Notional KISS type */ --#define ARPHRD_ADAPT 264 --#define ARPHRD_ROSE 270 --#define ARPHRD_X25 271 /* CCITT X.25 */ --#define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ --#define ARPHRD_CAN 280 /* Controller Area Network */ --#define ARPHRD_MCTP 290 --#define ARPHRD_PPP 512 --#define ARPHRD_CISCO 513 /* Cisco HDLC */ --#define ARPHRD_HDLC ARPHRD_CISCO --#define ARPHRD_LAPB 516 /* LAPB */ --#define ARPHRD_DDCMP 517 /* Digital's DDCMP protocol */ --#define ARPHRD_RAWHDLC 518 /* Raw HDLC */ --#define ARPHRD_RAWIP 519 /* Raw IP */ -- --#define ARPHRD_TUNNEL 768 /* IPIP tunnel */ --#define ARPHRD_TUNNEL6 769 /* IP6IP6 tunnel */ --#define ARPHRD_FRAD 770 /* Frame Relay Access Device */ --#define ARPHRD_SKIP 771 /* SKIP vif */ --#define ARPHRD_LOOPBACK 772 /* Loopback device */ --#define ARPHRD_LOCALTLK 773 /* Localtalk device */ --#define ARPHRD_FDDI 774 /* Fiber Distributed Data Interface */ --#define ARPHRD_BIF 775 /* AP1000 BIF */ --#define ARPHRD_SIT 776 /* sit0 device - IPv6-in-IPv4 */ --#define ARPHRD_IPDDP 777 /* IP over DDP tunneller */ --#define ARPHRD_IPGRE 778 /* GRE over IP */ --#define ARPHRD_PIMREG 779 /* PIMSM register interface */ --#define ARPHRD_HIPPI 780 /* High Performance Parallel Interface */ --#define ARPHRD_ASH 781 /* Nexus 64Mbps Ash */ --#define ARPHRD_ECONET 782 /* Acorn Econet */ --#define ARPHRD_IRDA 783 /* Linux-IrDA */ --/* ARP works differently on different FC media .. so */ --#define ARPHRD_FCPP 784 /* Point to point fibrechannel */ --#define ARPHRD_FCAL 785 /* Fibrechannel arbitrated loop */ --#define ARPHRD_FCPL 786 /* Fibrechannel public loop */ --#define ARPHRD_FCFABRIC 787 /* Fibrechannel fabric */ -- /* 787->799 reserved for fibrechannel media types */ --#define ARPHRD_IEEE802_TR 800 /* Magic type ident for TR */ --#define ARPHRD_IEEE80211 801 /* IEEE 802.11 */ --#define ARPHRD_IEEE80211_PRISM 802 /* IEEE 802.11 + Prism2 header */ --#define ARPHRD_IEEE80211_RADIOTAP 803 /* IEEE 802.11 + radiotap header */ --#define ARPHRD_IEEE802154 804 --#define ARPHRD_IEEE802154_MONITOR 805 /* IEEE 802.15.4 network monitor */ -- --#define ARPHRD_PHONET 820 /* PhoNet media type */ --#define ARPHRD_PHONET_PIPE 821 /* PhoNet pipe header */ --#define ARPHRD_CAIF 822 /* CAIF media type */ --#define ARPHRD_IP6GRE 823 /* GRE over IPv6 */ --#define ARPHRD_NETLINK 824 /* Netlink header */ --#define ARPHRD_6LOWPAN 825 /* IPv6 over LoWPAN */ --#define ARPHRD_VSOCKMON 826 /* Vsock monitor header */ -- --#define ARPHRD_VOID 0xFFFF /* Void type, nothing is known */ --#define ARPHRD_NONE 0xFFFE /* zero header length */ -- --/* ARP protocol opcodes. */ --#define ARPOP_REQUEST 1 /* ARP request */ --#define ARPOP_REPLY 2 /* ARP reply */ --#define ARPOP_RREQUEST 3 /* RARP request */ --#define ARPOP_RREPLY 4 /* RARP reply */ --#define ARPOP_InREQUEST 8 /* InARP request */ --#define ARPOP_InREPLY 9 /* InARP reply */ --#define ARPOP_NAK 10 /* (ATM)ARP NAK */ -- -- --/* ARP ioctl request. */ --struct arpreq { -- struct sockaddr arp_pa; /* protocol address */ -- struct sockaddr arp_ha; /* hardware address */ -- int arp_flags; /* flags */ -- struct sockaddr arp_netmask; /* netmask (only for proxy arps) */ -- char arp_dev[IFNAMSIZ]; --}; -- --struct arpreq_old { -- struct sockaddr arp_pa; /* protocol address */ -- struct sockaddr arp_ha; /* hardware address */ -- int arp_flags; /* flags */ -- struct sockaddr arp_netmask; /* netmask (only for proxy arps) */ --}; -- --/* ARP Flag values. */ --#define ATF_COM 0x02 /* completed entry (ha valid) */ --#define ATF_PERM 0x04 /* permanent entry */ --#define ATF_PUBL 0x08 /* publish entry */ --#define ATF_USETRAILERS 0x10 /* has requested trailers */ --#define ATF_NETMASK 0x20 /* want to use a netmask (only -- for proxy entries) */ --#define ATF_DONTPUB 0x40 /* don't answer this addresses */ -- --/* -- * This structure defines an ethernet arp header. -- */ -- --struct arphdr { -- __be16 ar_hrd; /* format of hardware address */ -- __be16 ar_pro; /* format of protocol address */ -- unsigned char ar_hln; /* length of hardware address */ -- unsigned char ar_pln; /* length of protocol address */ -- __be16 ar_op; /* ARP opcode (command) */ -- --#if 0 -- /* -- * Ethernet looks like this : This bit is variable sized however... -- */ -- unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */ -- unsigned char ar_sip[4]; /* sender IP address */ -- unsigned char ar_tha[ETH_ALEN]; /* target hardware address */ -- unsigned char ar_tip[4]; /* target IP address */ --#endif -- --}; -- -- --#endif /* _UAPI_LINUX_IF_ARP_H */ -diff --git a/src/basic/meson.build b/src/basic/meson.build -index 9b016ce5e8..452b965db3 100644 ---- a/src/basic/meson.build -+++ b/src/basic/meson.build -@@ -88,7 +88,6 @@ basic_sources = files(''' - linux/hdlc/ioctl.h - linux/if.h - linux/if_addr.h -- linux/if_arp.h - linux/if_bonding.h - linux/if_bridge.h - linux/if_ether.h --- -2.33.0 - diff --git a/backport-Fix-another-crash-due-to-missing-NHDR.patch b/backport-Fix-another-crash-due-to-missing-NHDR.patch deleted file mode 100644 index 6d8be87..0000000 --- a/backport-Fix-another-crash-due-to-missing-NHDR.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 60630b5e812ce103e9625bcc87778165374a455e Mon Sep 17 00:00:00 2001 -From: Kevin Orr -Date: Thu, 26 Aug 2021 17:04:53 -0400 -Subject: [PATCH] Fix another crash due to missing NHDR - -(cherry picked from commit a3a5446b7675696f43c2d8a2a0b898d72228a53d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/60630b5e812ce103e9625bcc87778165374a455e ---- - src/coredump/stacktrace.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/coredump/stacktrace.c b/src/coredump/stacktrace.c -index e46b324cdf..f855a370ff 100644 ---- a/src/coredump/stacktrace.c -+++ b/src/coredump/stacktrace.c -@@ -299,6 +299,8 @@ static int module_callback(Dwfl_Module *mod, void **userdata, const char *name, - program_header->p_offset, - program_header->p_filesz, - ELF_T_NHDR); -+ if (!data) -+ continue; - - Elf *memelf = elf_memory(data->d_buf, data->d_size); - if (!memelf) --- -2.33.0 - diff --git a/backport-Fix-error-building-repart-with-no-libcryptsetup-2073.patch b/backport-Fix-error-building-repart-with-no-libcryptsetup-2073.patch deleted file mode 100644 index dd74d47..0000000 --- a/backport-Fix-error-building-repart-with-no-libcryptsetup-2073.patch +++ /dev/null @@ -1,33 +0,0 @@ -From d3dfc9afa2297e2e15019adf974da8fb0ab7270c Mon Sep 17 00:00:00 2001 -From: Marcus Harrison -Date: Wed, 15 Sep 2021 03:55:07 +0200 -Subject: [PATCH] Fix error building repart with no libcryptsetup (#20739) - -(cherry picked from commit 2709d02906dd3ab5ecc2b3e19e2846b1714a7e5a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d3dfc9afa2297e2e15019adf974da8fb0ab7270c ---- - src/partition/repart.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/partition/repart.c b/src/partition/repart.c -index 589acaa49d..851c68cc4b 100644 ---- a/src/partition/repart.c -+++ b/src/partition/repart.c -@@ -206,7 +206,12 @@ static const char *encrypt_mode_table[_ENCRYPT_MODE_MAX] = { - [ENCRYPT_KEY_FILE_TPM2] = "key-file+tpm2", - }; - -+#if HAVE_LIBCRYPTSETUP - DEFINE_PRIVATE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE); -+#else -+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE); -+#endif -+ - - static uint64_t round_down_size(uint64_t v, uint64_t p) { - return (v / p) * p; --- -2.33.0 - diff --git a/backport-Fix-the-Failed-to-open-random-seed-.-message.patch b/backport-Fix-the-Failed-to-open-random-seed-.-message.patch deleted file mode 100644 index 7aca3b6..0000000 --- a/backport-Fix-the-Failed-to-open-random-seed-.-message.patch +++ /dev/null @@ -1,33 +0,0 @@ -From c1b4ee2e0fd28a0c802a3694107613e1689d1c96 Mon Sep 17 00:00:00 2001 -From: longpanda <59477474+ventoy@users.noreply.github.com> -Date: Thu, 5 Aug 2021 09:31:44 +0800 -Subject: [PATCH] Fix the "Failed to open random seed ..." message. - -When boot ArchLinux from Ventoy, it always print `Failed to open random seed file: write protected.` -As Ventoy emulate the ISO file as a read-only CDROM, I didn't test with a real physical CDROM drive, but maybe it also has such problem. -As we use `EFI_FILE_MODE_WRITE` to open the `loader\random-seed` file, so I think it's better to check the result with both `EFI_WRITE_PROTECTED` and `EFI_NOT_FOUND`. - -(cherry picked from commit 2846007ecfb1fc84005b942167d394294c707d7b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c1b4ee2e0fd28a0c802a3694107613e1689d1c96 ---- - src/boot/efi/random-seed.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/boot/efi/random-seed.c b/src/boot/efi/random-seed.c -index ff364695f3..3e179851b0 100644 ---- a/src/boot/efi/random-seed.c -+++ b/src/boot/efi/random-seed.c -@@ -245,7 +245,7 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { - - err = uefi_call_wrapper(root_dir->Open, 5, root_dir, &handle, (CHAR16*) L"\\loader\\random-seed", EFI_FILE_MODE_READ|EFI_FILE_MODE_WRITE, 0ULL); - if (EFI_ERROR(err)) { -- if (err != EFI_NOT_FOUND) -+ if (err != EFI_NOT_FOUND && err != EFI_WRITE_PROTECTED) - Print(L"Failed to open random seed file: %r\n", err); - return err; - } --- -2.33.0 - diff --git a/backport-Get-rid-of-dangling-setutxent.patch b/backport-Get-rid-of-dangling-setutxent.patch deleted file mode 100644 index cb35353..0000000 --- a/backport-Get-rid-of-dangling-setutxent.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 540389a690b1d6cb00620d8ad6f54077a90e15f8 Mon Sep 17 00:00:00 2001 -From: MertsA -Date: Tue, 10 Aug 2021 20:54:50 -0700 -Subject: [PATCH] Get rid of dangling setutxent() - -utmp_wall() and utmp_put_dead_process() called setutxent() directly instead of the stub in utmp-wtmp.h and never called endutxent(). This would leave /run/utmp left open by PID 1 or journald. This can be reproduced by e.g. lsof /run/utmp and systemd-cat -p 0 echo test. For utmp_put_dead_process() it would only leave it open if it returned early before calling write_utmp_wtmp() - -(cherry picked from commit bbd239f67a683fe63ee3698896fa503ff25031ed) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/540389a690b1d6cb00620d8ad6f54077a90e15f8 ---- - src/shared/utmp-wtmp.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/shared/utmp-wtmp.c b/src/shared/utmp-wtmp.c -index 3eeee24693..784aad2943 100644 ---- a/src/shared/utmp-wtmp.c -+++ b/src/shared/utmp-wtmp.c -@@ -215,13 +215,14 @@ int utmp_put_init_process(const char *id, pid_t pid, pid_t sid, const char *line - } - - int utmp_put_dead_process(const char *id, pid_t pid, int code, int status) { -+ _cleanup_(utxent_cleanup) bool utmpx = false; - struct utmpx lookup = { - .ut_type = INIT_PROCESS /* looks for DEAD_PROCESS, LOGIN_PROCESS, USER_PROCESS, too */ - }, store, store_wtmp, *found; - - assert(id); - -- setutxent(); -+ utmpx = utxent_start(); - - /* Copy the whole string if it fits, or just the suffix without the terminating NUL. */ - copy_suffix(store.ut_id, sizeof(store.ut_id), id); -@@ -339,6 +340,7 @@ int utmp_wall( - bool (*match_tty)(const char *tty, void *userdata), - void *userdata) { - -+ _cleanup_(utxent_cleanup) bool utmpx = false; - _cleanup_free_ char *text = NULL, *hn = NULL, *un = NULL, *stdin_tty = NULL; - char date[FORMAT_TIMESTAMP_MAX]; - struct utmpx *u; -@@ -368,7 +370,7 @@ int utmp_wall( - message) < 0) - return -ENOMEM; - -- setutxent(); -+ utmpx = utxent_start(); - - r = 0; - --- -2.33.0 - diff --git a/backport-Respect-install_sysconfdir.patch b/backport-Respect-install_sysconfdir.patch deleted file mode 100644 index c228b0f..0000000 --- a/backport-Respect-install_sysconfdir.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 0062322638aa36df8190326a6afd38780fb7a271 Mon Sep 17 00:00:00 2001 -From: Kai Wohlfahrt -Date: Tue, 14 Sep 2021 00:32:52 +0100 -Subject: [PATCH] Respect install_sysconfdir - -This was lost e11a25cadbe and c900d89faa0 while adding jinja2 -templating. Breaks builds on NixOS. - -(cherry picked from commit 679de141122ca30388bba6d132f8c0dddcdddd15) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0062322638aa36df8190326a6afd38780fb7a271 ---- - src/core/meson.build | 2 +- - src/login/meson.build | 8 +++++--- - 2 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/src/core/meson.build b/src/core/meson.build -index c66538eab1..367c085027 100644 ---- a/src/core/meson.build -+++ b/src/core/meson.build -@@ -193,7 +193,7 @@ foreach item : in_files - output: file, - command : [meson_render_jinja2, config_h, '@INPUT@'], - capture : true, -- install : (dir == pkgsysconfdir and install_sysconfdir_samples) or (dir != pkgsysconfdir and dir != 'no'), -+ install : (dir == pkgsysconfdir) ? install_sysconfdir_samples : (dir != 'no'), - install_dir : dir) - endforeach - -diff --git a/src/login/meson.build b/src/login/meson.build -index b637adc9a2..da704d238f 100644 ---- a/src/login/meson.build -+++ b/src/login/meson.build -@@ -71,18 +71,20 @@ in_files = [ - ['70-uaccess.rules', udevrulesdir, enable_logind and conf.get('HAVE_ACL') == 1], - ['71-seat.rules', udevrulesdir, enable_logind], - ['73-seat-late.rules', udevrulesdir, enable_logind], -- ['systemd-user', pamconfdir, enable_logind and pamconfdir != 'no']] -+ ['systemd-user', pamconfdir, enable_logind]] - - foreach tuple : in_files - file = tuple[0] -+ dir = tuple[1] -+ install = (dir == pkgsysconfdir) ? install_sysconfdir_samples : (dir != 'no') - custom_target( - file, - input : file + '.in', - output: file, - command : [meson_render_jinja2, config_h, '@INPUT@'], - capture : true, -- install : tuple[2], -- install_dir : tuple[1]) -+ install : tuple[2] and install, -+ install_dir : dir) - endforeach - - if enable_logind --- -2.33.0 - diff --git a/backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch b/backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch deleted file mode 100644 index 143d742..0000000 --- a/backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 47b256d63ac092137fe44e27560a14ee4aa5b7c8 Mon Sep 17 00:00:00 2001 -From: Lukas Nykryn -Date: Fri, 8 Feb 2019 10:54:34 +0100 -Subject: Revert "sysctl.d: switch net.ipv4.conf.all.rp_filter - from 1 to 2" - -Conflict:according def94437934 and 5d4fc0e665a, modify default.rp_filter -and *.rp_filter -Reference:https://github.com/systemd/systemd/commit/230450d4e4f1f5fc9fa4295ed9185eea5b6ea16e - -This reverts commit 75c9af80cf3529c76988451e63f98010c86f48f1. - -Resolves: #1653824 ---- - sysctl.d/50-default.conf | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf -index 1b76b9d..2717a4d 100644 ---- a/sysctl.d/50-default.conf -+++ b/sysctl.d/50-default.conf -@@ -26,8 +26,8 @@ kernel.core_uses_pid = 1 - kernel.core_uses_pid = 1 - - # Source route verification --net.ipv4.conf.default.rp_filter = 2 --net.ipv4.conf.*.rp_filter = 2 -+net.ipv4.conf.default.rp_filter = 1 -+net.ipv4.conf.*.rp_filter = 1 - -net.ipv4.conf.all.rp_filter - - # Do not accept source routing --- -2.23.0 - diff --git a/backport-TEST-15-add-one-more-test-for-drop-in-precedence.patch b/backport-TEST-15-add-one-more-test-for-drop-in-precedence.patch deleted file mode 100644 index 0196b2e..0000000 --- a/backport-TEST-15-add-one-more-test-for-drop-in-precedence.patch +++ /dev/null @@ -1,66 +0,0 @@ -From c3fa408dcc03bb6dbd11f180540fb9e684893c39 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sun, 16 Oct 2022 21:52:43 +0200 -Subject: [PATCH] TEST-15: add one more test for drop-in precedence - ---- - test/units/testsuite-15.sh | 36 ++++++++++++++++++++++++++++++++++++ - 1 file changed, 36 insertions(+) - -diff --git a/test/units/testsuite-15.sh b/test/units/testsuite-15.sh -index ed6d5f838d..079c8b290e 100755 ---- a/test/units/testsuite-15.sh -+++ b/test/units/testsuite-15.sh -@@ -282,6 +282,41 @@ MemoryMax=1000000001 - clear_services a-b-c.slice - } - -+test_transient_service_dropins () { -+ echo "Testing dropins for a transient service..." -+ echo "*** test transient service drop-ins" -+ -+ mkdir -p /etc/systemd/system/service.d -+ mkdir -p /etc/systemd/system/a-.service.d -+ mkdir -p /etc/systemd/system/a-b-.service.d -+ mkdir -p /etc/systemd/system/a-b-c.service.d -+ -+ echo -e '[Service]\nStandardInputText=aaa' >/etc/systemd/system/service.d/drop1.conf -+ echo -e '[Service]\nStandardInputText=bbb' >/etc/systemd/system/a-.service.d/drop2.conf -+ echo -e '[Service]\nStandardInputText=ccc' >/etc/systemd/system/a-b-.service.d/drop3.conf -+ echo -e '[Service]\nStandardInputText=ddd' >/etc/systemd/system/a-b-c.service.d/drop4.conf -+ -+ # There's no fragment yet, so this fails -+ systemctl cat a-b-c.service && exit 1 -+ -+ # xxx → eHh4Cg== -+ systemd-run -u a-b-c.service -p StandardInputData=eHh4Cg== sleep infinity -+ -+ data=$(systemctl show -P StandardInputData a-b-c.service) -+ # xxx\naaa\n\bbb\nccc\nddd\n → eHh4… -+ test "$data" = "eHh4CmFhYQpiYmIKY2NjCmRkZAo=" -+ -+ # Do a reload and check again -+ systemctl daemon-reload -+ data=$(systemctl show -P StandardInputData a-b-c.service) -+ test "$data" = "eHh4CmFhYQpiYmIKY2NjCmRkZAo=" -+ -+ clear_services a-b-c.service -+ rm /etc/systemd/system/service.d/drop1.conf \ -+ /etc/systemd/system/a-.service.d/drop2.conf \ -+ /etc/systemd/system/a-b-.service.d/drop3.conf -+} -+ - test_template_dropins () { - echo "Testing template dropins..." - -@@ -621,6 +656,7 @@ test_linked_units - test_template_alias - test_hierarchical_service_dropins - test_hierarchical_slice_dropins -+test_transient_service_dropins - test_template_dropins - test_alias_dropins - test_masked_dropins --- -2.33.0 - diff --git a/backport-TEST-15-add-test-for-transient-units-with-drop-ins.patch b/backport-TEST-15-add-test-for-transient-units-with-drop-ins.patch deleted file mode 100644 index e265339..0000000 --- a/backport-TEST-15-add-test-for-transient-units-with-drop-ins.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 6854434cfb5dda10c07d95835c38b75e5e71c2b5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sun, 16 Oct 2022 14:02:45 +0200 -Subject: [PATCH] TEST-15: add test for transient units with drop-ins - -We want to test four things: -- that the transient units are successfully started when drop-ins exist -- that the transient setings override the defaults -- the drop-ins override the transient settings (the same as for a normal unit) -- that things are the same before and after a reload - -To make things more fun, we start and stop units in two different ways: via -systemctl and via a direct busctl invocation. This gives us a bit more coverage -of different code paths. ---- - test/units/testsuite-15.sh | 62 ++++++++++++++++++++++++++++++++++---- - 1 file changed, 56 insertions(+), 6 deletions(-) - -diff --git a/test/units/testsuite-15.sh b/test/units/testsuite-15.sh -index 8b44d76982..ed6d5f838d 100755 ---- a/test/units/testsuite-15.sh -+++ b/test/units/testsuite-15.sh -@@ -181,19 +181,40 @@ test_hierarchical_service_dropins () { - echo "Testing hierarchical service dropins..." - echo "*** test service.d/ top level drop-in" - create_services a-b-c -- check_ko a-b-c ExecCondition "/bin/echo service.d" -- check_ko a-b-c ExecCondition "/bin/echo a-.service.d" -- check_ko a-b-c ExecCondition "/bin/echo a-b-.service.d" -- check_ko a-b-c ExecCondition "/bin/echo a-b-c.service.d" -+ check_ko a-b-c ExecCondition "echo service.d" -+ check_ko a-b-c ExecCondition "echo a-.service.d" -+ check_ko a-b-c ExecCondition "echo a-b-.service.d" -+ check_ko a-b-c ExecCondition "echo a-b-c.service.d" - - for dropin in service.d a-.service.d a-b-.service.d a-b-c.service.d; do - mkdir -p /usr/lib/systemd/system/$dropin - echo " - [Service] --ExecCondition=/bin/echo $dropin -+ExecCondition=echo $dropin - " >/usr/lib/systemd/system/$dropin/override.conf - systemctl daemon-reload -- check_ok a-b-c ExecCondition "/bin/echo $dropin" -+ check_ok a-b-c ExecCondition "echo $dropin" -+ -+ # Check that we can start a transient service in presence of the drop-ins -+ systemd-run -u a-b-c2.service -p Description='sleepy' sleep infinity -+ -+ # The transient setting replaces the default -+ check_ok a-b-c2.service Description "sleepy" -+ -+ # The override takes precedence for ExecCondition -+ # (except the last iteration when it only applies to the other service) -+ if [ "$dropin" != "a-b-c.service.d" ]; then -+ check_ok a-b-c2.service ExecCondition "echo $dropin" -+ fi -+ -+ # Check that things are the same after a reload -+ systemctl daemon-reload -+ check_ok a-b-c2.service Description "sleepy" -+ if [ "$dropin" != "a-b-c.service.d" ]; then -+ check_ok a-b-c2.service ExecCondition "echo $dropin" -+ fi -+ -+ systemctl stop a-b-c2.service - done - for dropin in service.d a-.service.d a-b-.service.d a-b-c.service.d; do - rm -rf /usr/lib/systemd/system/$dropin -@@ -218,6 +239,35 @@ MemoryMax=1000000000 - " >/usr/lib/systemd/system/$dropin/override.conf - systemctl daemon-reload - check_ok a-b-c.slice MemoryMax "1000000000" -+ -+ busctl call \ -+ org.freedesktop.systemd1 \ -+ /org/freedesktop/systemd1 \ -+ org.freedesktop.systemd1.Manager \ -+ StartTransientUnit 'ssa(sv)a(sa(sv))' \ -+ 'a-b-c.slice' 'replace' \ -+ 2 \ -+ 'Description' s 'slice too' \ -+ 'MemoryMax' t 1000000002 \ -+ 0 -+ -+ # The override takes precedence for MemoryMax -+ check_ok a-b-c.slice MemoryMax "1000000000" -+ # The transient setting replaces the default -+ check_ok a-b-c.slice Description "slice too" -+ -+ # Check that things are the same after a reload -+ systemctl daemon-reload -+ check_ok a-b-c.slice MemoryMax "1000000000" -+ check_ok a-b-c.slice Description "slice too" -+ -+ busctl call \ -+ org.freedesktop.systemd1 \ -+ /org/freedesktop/systemd1 \ -+ org.freedesktop.systemd1.Manager \ -+ StopUnit 'ss' \ -+ 'a-b-c.slice' 'replace' -+ - rm /usr/lib/systemd/system/$dropin/override.conf - done - --- -2.33.0 - diff --git a/backport-TEST-15-also-test-hierarchical-drop-ins-for-slices.patch b/backport-TEST-15-also-test-hierarchical-drop-ins-for-slices.patch deleted file mode 100644 index a4cab79..0000000 --- a/backport-TEST-15-also-test-hierarchical-drop-ins-for-slices.patch +++ /dev/null @@ -1,78 +0,0 @@ -From f80c874af376052b6b81f47cbbc43d7fecd98cd6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sun, 16 Oct 2022 12:54:34 +0200 -Subject: [PATCH] TEST-15: also test hierarchical drop-ins for slices - -Slices are worth testing too, because they don't need a fragment path so they -behave slightly differently than service units. I'm making this a separate -patch from the actual tests that I wanted to add later because it's complex -enough on its own. ---- - test/units/testsuite-15.sh | 37 ++++++++++++++++++++++++++++++++++--- - 1 file changed, 34 insertions(+), 3 deletions(-) - -diff --git a/test/units/testsuite-15.sh b/test/units/testsuite-15.sh -index c3784e2..8bae64d 100755 ---- a/test/units/testsuite-15.sh -+++ b/test/units/testsuite-15.sh -@@ -174,8 +174,8 @@ test_template_alias() { - clear_services test15-a@ test15-b@ - } - --test_hierarchical_dropins () { -- echo "Testing hierarchical dropins..." -+test_hierarchical_service_dropins () { -+ echo "Testing hierarchical service dropins..." - echo "*** test service.d/ top level drop-in" - create_services a-b-c - check_ko a-b-c ExecCondition "/bin/echo service.d" -@@ -199,6 +199,36 @@ ExecCondition=/bin/echo $dropin - clear_services a-b-c - } - -+test_hierarchical_slice_dropins () { -+ echo "Testing hierarchical slice dropins..." -+ echo "*** test slice.d/ top level drop-in" -+ # Slice units don't even need a fragment, so we test the defaults here -+ check_ok a-b-c.slice Description "Slice /a/b/c" -+ check_ok a-b-c.slice MemoryMax "infinity" -+ -+ # Test drop-ins -+ for dropin in slice.d a-.slice.d a-b-.slice.d a-b-c.slice.d; do -+ mkdir -p /usr/lib/systemd/system/$dropin -+ echo " -+[Slice] -+MemoryMax=1000000000 -+ " >/usr/lib/systemd/system/$dropin/override.conf -+ systemctl daemon-reload -+ check_ok a-b-c.slice MemoryMax "1000000000" -+ rm /usr/lib/systemd/system/$dropin/override.conf -+ done -+ -+ # Test unit with a fragment -+ echo " -+[Slice] -+MemoryMax=1000000001 -+ " >/usr/lib/systemd/system/a-b-c.slice -+ systemctl daemon-reload -+ check_ok a-b-c.slice MemoryMax "1000000001" -+ -+ clear_services a-b-c.slice -+} -+ - test_template_dropins () { - echo "Testing template dropins..." - -@@ -517,7 +547,8 @@ test_invalid_dropins () { - test_basic_dropins - test_linked_units - test_template_alias --test_hierarchical_dropins -+test_hierarchical_service_dropins -+test_hierarchical_slice_dropins - test_template_dropins - test_alias_dropins - test_masked_dropins --- -2.33.0 - diff --git a/backport-Use-correct-fcntl.h-include.patch b/backport-Use-correct-fcntl.h-include.patch deleted file mode 100644 index 87940c4..0000000 --- a/backport-Use-correct-fcntl.h-include.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 3450d8dc8ddb582816c6c481b6a9b7378706ab3b Mon Sep 17 00:00:00 2001 -From: David Seifert -Date: Mon, 2 Aug 2021 12:41:38 +0200 -Subject: [PATCH] Use correct `` include - -* `` is not specified in POSIX - -(cherry picked from commit f8d54f7810aeea5ff27a5db03e1aab7ea54c8268) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/3450d8dc8ddb582816c6c481b6a9b7378706ab3b ---- - src/basic/fileio.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index c28b17fef5..9bd2037f5b 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -2,11 +2,11 @@ - #pragma once - - #include -+#include - #include - #include - #include - #include --#include - #include - - #include "macro.h" --- -2.33.0 - diff --git a/backport-Use-correct-poll.h-include.patch b/backport-Use-correct-poll.h-include.patch deleted file mode 100644 index 6013564..0000000 --- a/backport-Use-correct-poll.h-include.patch +++ /dev/null @@ -1,43 +0,0 @@ -From fba9fd963bb3b5fafdb123788b3fabe6ed0830c9 Mon Sep 17 00:00:00 2001 -From: David Seifert -Date: Mon, 2 Aug 2021 16:09:10 +0200 -Subject: [PATCH] Use correct `` include - -* `` is not specified in POSIX - -(cherry picked from commit 2b6c0bb2a341c95223ce672249e43c743b03d78c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/fba9fd963bb3b5fafdb123788b3fabe6ed0830c9 ---- - src/shared/nscd-flush.c | 2 +- - src/shared/varlink.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/nscd-flush.c b/src/shared/nscd-flush.c -index dfc47c4234..19e16d9345 100644 ---- a/src/shared/nscd-flush.c -+++ b/src/shared/nscd-flush.c -@@ -1,5 +1,5 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ --#include -+#include - - #include "fd-util.h" - #include "io-util.h" -diff --git a/src/shared/varlink.c b/src/shared/varlink.c -index 6b0b343ae9..8da568e208 100644 ---- a/src/shared/varlink.c -+++ b/src/shared/varlink.c -@@ -1,7 +1,7 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - - #include --#include -+#include - - #include "alloc-util.h" - #include "errno-util.h" --- -2.33.0 - diff --git a/backport-analyze-add-forgotten-return-statement.patch b/backport-analyze-add-forgotten-return-statement.patch deleted file mode 100644 index c0c95b2..0000000 --- a/backport-analyze-add-forgotten-return-statement.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 53fd101c2144cb104d34aea8e68c7c24443107bd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 7 Oct 2022 15:52:33 +0200 -Subject: [PATCH] analyze: add forgotten return statement - -We would fail with an assert in sd_bus_message_enter_container() afterwards. - -(cherry picked from commit 5475e963c5e6ade35404384ba03caf79cb1bc2e5) -(cherry picked from commit e0ba044985ac33d5eb2fb0d09fc2ff1b2f9b73dc) -(cherry picked from commit 1316666e98accf6b8ab8cb0fb5ef73d275049a34) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/53fd101c2144cb104d34aea8e68c7c24443107bd ---- - src/analyze/analyze.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c -index 62c0ccbdfe..6452d23331 100644 ---- a/src/analyze/analyze.c -+++ b/src/analyze/analyze.c -@@ -1274,7 +1274,7 @@ static int dot(int argc, char *argv[], void *userdata) { - - r = bus_call_method(bus, bus_systemd_mgr, "ListUnits", &error, &reply, NULL); - if (r < 0) -- log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r)); -+ return log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r)); - - r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssssouso)"); - if (r < 0) --- -2.27.0 - diff --git a/backport-analyze-fix-printing-config-when-there-is-no-main-co.patch b/backport-analyze-fix-printing-config-when-there-is-no-main-co.patch deleted file mode 100644 index 4abd79e..0000000 --- a/backport-analyze-fix-printing-config-when-there-is-no-main-co.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 8621f957b6e3a7eed1c5965d332ad1c4c594f26e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 20 Nov 2021 11:42:31 +0100 -Subject: [PATCH] analyze: fix printing config when there is no main config - file - -Since 8b8024f1c231c166f5c450905c8fd91d11704ae7 and the follow-up commits, the -main config file may be located in /usr or in other paths. But the code in -analyze.c was still assuming that it must be in /etc. Things mostly worked for -our own config files because we usually install a comments-only file in /etc, -but was not correct in the general case. - -This fixes in particular 'systemd-analyze cat-config systemd/zram-generator.conf'. -In Fedora we distribute a config file in zram-generator-defaults.rpm that is in -/usr/lib, and 'cat-config' would refuse to show it because -/etc/systemd/zram-generator.conf does not exist. - -The main config file is optional, but let's print an informative message -because this is a slightly unusual case. - -The file paths that we printed were missing the root prefix. - -(cherry picked from commit 0895e87348e5fc02f50498cad5922eb3eb172323) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8621f957b6e3a7eed1c5965d332ad1c4c594f26e ---- - src/shared/pretty-print.c | 43 ++++++++++++++++++++++++++------------- - 1 file changed, 29 insertions(+), 14 deletions(-) - -diff --git a/src/shared/pretty-print.c b/src/shared/pretty-print.c -index 137ba77b3a..97baeda401 100644 ---- a/src/shared/pretty-print.c -+++ b/src/shared/pretty-print.c -@@ -300,24 +300,39 @@ int conf_files_cat(const char *root, const char *name) { - return log_error_errno(r, "Failed to build directory list: %m"); - } - -- r = conf_files_list_strv(&files, extension, root, 0, (const char* const*) dirs); -- if (r < 0) -- return log_error_errno(r, "Failed to query file list: %m"); -+ if (DEBUG_LOGGING) { -+ log_debug("Looking for configuration in:"); -+ if (!is_collection) -+ STRV_FOREACH(prefix, prefixes) -+ log_debug(" %s%s%s", strempty(root), *prefix, name); - -+ STRV_FOREACH(t, dirs) -+ log_debug(" %s%s/*%s", strempty(root), *t, extension); -+ } -+ -+ /* First locate the main config file, if any */ - if (!is_collection) { -- path = path_join(root, "/etc", name); -+ STRV_FOREACH(prefix, prefixes) { -+ path = path_join(root, *prefix, name); -+ if (!path) -+ return log_oom(); -+ if (access(path, F_OK) == 0) -+ break; -+ path = mfree(path); -+ } -+ - if (!path) -- return log_oom(); -+ printf("%s# Main configuration file %s not found%s\n", -+ ansi_highlight_magenta(), -+ name, -+ ansi_normal()); - } - -- if (DEBUG_LOGGING) { -- log_debug("Looking for configuration in:"); -- if (path) -- log_debug(" %s", path); -- STRV_FOREACH(t, dirs) -- log_debug(" %s/*%s", *t, extension); -- } -+ /* Then locate the drop-ins, if any */ -+ r = conf_files_list_strv(&files, extension, root, 0, (const char* const*) dirs); -+ if (r < 0) -+ return log_error_errno(r, "Failed to query file list: %m"); - -- /* show */ -- return cat_files(path, files, CAT_FLAGS_MAIN_FILE_OPTIONAL); -+ /* Show */ -+ return cat_files(path, files, 0); - } --- -2.33.0 - diff --git a/backport-argv-util-also-update-program_invocation_short_name.patch b/backport-argv-util-also-update-program_invocation_short_name.patch deleted file mode 100644 index 6ef6486..0000000 --- a/backport-argv-util-also-update-program_invocation_short_name.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 73be22c6f245ad86ef33d95bd4ab0a8e9fd121be Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 3 Feb 2023 18:29:36 +0900 -Subject: [PATCH] argv-util: also update program_invocation_short_name - -Our logging uses program_invocation_short_name. Without this patch, -logs from forked client may become broken; spuriously truncated or -the short invocation name is not completely shown in the log. - -(cherry picked from commit dd15e4cb57129b915e01495e113696bfe0b70214) -(cherry picked from commit ce4726468dc02bd7383cd7d90c8769576c6973e3) -(cherry picked from commit 7a862d9d1a7196a5576720959849f45fc68b041c) -(cherry picked from commit 9fbbd7bf28e5362b786e152a9ce4e8bd40621759) ---- - src/basic/process-util.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/basic/process-util.c b/src/basic/process-util.c -index b76ca6f7c5..10651a4564 100644 ---- a/src/basic/process-util.c -+++ b/src/basic/process-util.c -@@ -371,6 +371,10 @@ int rename_process(const char name[]) { - strncpy(program_invocation_name, name, k); - if (l > k) - truncated = true; -+ -+ /* Also update the short name. */ -+ char *p = strrchr(program_invocation_name, '/'); -+ program_invocation_short_name = p ? p + 1 : program_invocation_name; - } - - /* Third step, completely replace the argv[] array the kernel maintains for us. This requires privileges, but --- -2.27.0 - diff --git a/backport-backlight-ignore-error-if-the-backlight-device-is-al.patch b/backport-backlight-ignore-error-if-the-backlight-device-is-al.patch deleted file mode 100644 index c02cf02..0000000 --- a/backport-backlight-ignore-error-if-the-backlight-device-is-al.patch +++ /dev/null @@ -1,43 +0,0 @@ -From a69c240157e2ca066130c12bb061e0065f2c2425 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 5 Jan 2022 18:26:46 +0900 -Subject: [PATCH] backlight: ignore error if the backlight device is already - removed - -Fixes #21997. - -(cherry picked from commit f0f65087834198d4dabf8b389ddc34223400aab7) -(cherry picked from commit b4c57e1b1c249f28f13a86637d8854c920bcf26d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a69c240157e2ca066130c12bb061e0065f2c2425 ---- - src/backlight/backlight.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/src/backlight/backlight.c b/src/backlight/backlight.c -index 7c0970a60c..5aeee0de47 100644 ---- a/src/backlight/backlight.c -+++ b/src/backlight/backlight.c -@@ -395,8 +395,16 @@ static int run(int argc, char *argv[]) { - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Not a backlight or LED device: '%s:%s'", ss, sysname); - - r = sd_device_new_from_subsystem_sysname(&device, ss, sysname); -- if (r < 0) -- return log_error_errno(r, "Failed to get backlight or LED device '%s:%s': %m", ss, sysname); -+ if (r < 0) { -+ bool ignore = r == -ENODEV; -+ -+ /* Some drivers, e.g. for AMD GPU, removes acpi backlight device soon after it is added. -+ * See issue #21997. */ -+ log_full_errno(ignore ? LOG_DEBUG : LOG_ERR, r, -+ "Failed to get backlight or LED device '%s:%s'%s: %m", -+ ss, sysname, ignore ? ", ignoring" : ""); -+ return ignore ? 0 : r; -+ } - - /* If max_brightness is 0, then there is no actual backlight device. This happens on desktops - * with Asus mainboards that load the eeepc-wmi module. */ --- -2.33.0 - diff --git a/backport-basic-env-util-correctly-parse-extended-vars-after-n.patch b/backport-basic-env-util-correctly-parse-extended-vars-after-n.patch deleted file mode 100644 index 5db2bca..0000000 --- a/backport-basic-env-util-correctly-parse-extended-vars-after-n.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 74583cad5a3bf4051b879b8b1ac53934027ef485 Mon Sep 17 00:00:00 2001 -From: Andrew Soutar -Date: Tue, 5 Oct 2021 22:55:27 -0400 -Subject: [PATCH] basic/env-util: correctly parse extended vars after - non-extended vars (#20941) - -(cherry picked from commit 5ef97a712236f0ddddec52665c0aea7d4e6d3c13) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/74583cad5a3bf4051b879b8b1ac53934027ef485 ---- - src/basic/env-util.c | 1 + - src/test/test-env-util.c | 5 ++++- - 2 files changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/basic/env-util.c b/src/basic/env-util.c -index 81b1e3f10e..1ca445dab4 100644 ---- a/src/basic/env-util.c -+++ b/src/basic/env-util.c -@@ -577,6 +577,7 @@ char *replace_env_n(const char *format, size_t n, char **env, unsigned flags) { - - word = e+1; - state = WORD; -+ nest--; - } else if (*e == ':') { - if (flags & REPLACE_ENV_ALLOW_EXTENDED) { - len = e - word - 2; -diff --git a/src/test/test-env-util.c b/src/test/test-env-util.c -index ed4580e4af..3d5951c46e 100644 ---- a/src/test/test-env-util.c -+++ b/src/test/test-env-util.c -@@ -198,7 +198,7 @@ static void test_replace_env2(bool extended) { - "BAR=bar", - NULL - }; -- _cleanup_free_ char *t = NULL, *s = NULL, *q = NULL, *r = NULL, *p = NULL, *x = NULL; -+ _cleanup_free_ char *t = NULL, *s = NULL, *q = NULL, *r = NULL, *p = NULL, *x = NULL, *y = NULL; - unsigned flags = REPLACE_ENV_ALLOW_EXTENDED*extended; - - t = replace_env("FOO=${FOO:-${BAR}}", (char**) env, flags); -@@ -218,6 +218,9 @@ static void test_replace_env2(bool extended) { - - x = replace_env("XXX=${XXX:+${BAR}post}", (char**) env, flags); - assert_se(streq(x, extended ? "XXX=" : "XXX=${XXX:+barpost}")); -+ -+ y = replace_env("FOO=${FOO}between${BAR:-baz}", (char**) env, flags); -+ assert_se(streq(y, extended ? "FOO=foobetweenbar" : "FOO=foobetween${BAR:-baz}")); - } - - static void test_replace_env_argv(void) { --- -2.33.0 - diff --git a/backport-basic-escape-add-helper-for-quoting-command-lines.patch b/backport-basic-escape-add-helper-for-quoting-command-lines.patch deleted file mode 100644 index c405da8..0000000 --- a/backport-basic-escape-add-helper-for-quoting-command-lines.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 17d1b0d2dd109c5e413d8ef1eb5835344f9314b9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 16:27:51 +0200 -Subject: [PATCH] basic/escape: add helper for quoting command lines - -(cherry picked from commit eeb91d29b0279d6bf8a3f1c4da54c9e9c0881a19) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/17d1b0d2dd109c5e413d8ef1eb5835344f9314b9 ---- - src/basic/escape.c | 21 +++++++++++++++++++++ - src/basic/escape.h | 1 + - src/test/test-escape.c | 24 ++++++++++++++++++++++++ - 3 files changed, 46 insertions(+) - -diff --git a/src/basic/escape.c b/src/basic/escape.c -index 2a3a0e31a1..fcade5a1b4 100644 ---- a/src/basic/escape.c -+++ b/src/basic/escape.c -@@ -8,6 +8,7 @@ - #include "escape.h" - #include "hexdecoct.h" - #include "macro.h" -+#include "strv.h" - #include "utf8.h" - - int cescape_char(char c, char *buf) { -@@ -542,3 +543,23 @@ char* shell_maybe_quote(const char *s, ShellEscapeFlags flags) { - - return str_realloc(buf); - } -+ -+char* quote_command_line(char **argv) { -+ _cleanup_free_ char *result = NULL; -+ -+ assert(argv); -+ -+ char **a; -+ STRV_FOREACH(a, argv) { -+ _cleanup_free_ char *t = NULL; -+ -+ t = shell_maybe_quote(*a, SHELL_ESCAPE_EMPTY); -+ if (!t) -+ return NULL; -+ -+ if (!strextend_with_separator(&result, " ", t)) -+ return NULL; -+ } -+ -+ return TAKE_PTR(result); -+} -diff --git a/src/basic/escape.h b/src/basic/escape.h -index 907b572bd4..e9d48d227a 100644 ---- a/src/basic/escape.h -+++ b/src/basic/escape.h -@@ -68,3 +68,4 @@ char* escape_non_printable_full(const char *str, size_t console_width, XEscapeFl - - char* shell_escape(const char *s, const char *bad); - char* shell_maybe_quote(const char *s, ShellEscapeFlags flags); -+char* quote_command_line(char **argv); -diff --git a/src/test/test-escape.c b/src/test/test-escape.c -index 991b135a33..8bda9cdc8d 100644 ---- a/src/test/test-escape.c -+++ b/src/test/test-escape.c -@@ -192,6 +192,29 @@ static void test_shell_maybe_quote(void) { - test_shell_maybe_quote_one("głąb\002\003rząd", SHELL_ESCAPE_POSIX, "$'głąb\\002\\003rząd'"); - } - -+static void test_quote_command_line_one(char **argv, const char *expected) { -+ _cleanup_free_ char *s; -+ -+ assert_se(s = quote_command_line(argv)); -+ log_info("%s", s); -+ assert_se(streq(s, expected)); -+} -+ -+static void test_quote_command_line(void) { -+ log_info("/* %s */", __func__); -+ -+ test_quote_command_line_one(STRV_MAKE("true", "true"), -+ "true true"); -+ test_quote_command_line_one(STRV_MAKE("true", "with a space"), -+ "true \"with a space\""); -+ test_quote_command_line_one(STRV_MAKE("true", "with a 'quote'"), -+ "true \"with a 'quote'\""); -+ test_quote_command_line_one(STRV_MAKE("true", "with a \"quote\""), -+ "true \"with a \\\"quote\\\"\""); -+ test_quote_command_line_one(STRV_MAKE("true", "$dollar"), -+ "true \"\\$dollar\""); -+} -+ - int main(int argc, char *argv[]) { - test_setup_logging(LOG_DEBUG); - -@@ -202,6 +225,7 @@ int main(int argc, char *argv[]) { - test_cunescape(); - test_shell_escape(); - test_shell_maybe_quote(); -+ test_quote_command_line(); - - return 0; - } --- -2.33.0 - diff --git a/backport-basic-linux-Sync-if_arp.h-with-Linux-5.14.patch b/backport-basic-linux-Sync-if_arp.h-with-Linux-5.14.patch deleted file mode 100644 index a72d4d1..0000000 --- a/backport-basic-linux-Sync-if_arp.h-with-Linux-5.14.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 6674c65c74dcf52b6887e76642683b593d86cb69 Mon Sep 17 00:00:00 2001 -From: Chris Packham -Date: Fri, 10 Sep 2021 09:51:36 +1200 -Subject: [PATCH] basic/linux: Sync if_arp.h with Linux 5.14 - -ARPHRD_MCTP was added in 5.14. Sync if_arp.h to pick up the definition - -Fixes #20694 - -(cherry picked from commit 7c5b9952c4f6e2b72f90edbe439982528b7cf223) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6674c65c74dcf52b6887e76642683b593d86cb69 ---- - src/basic/linux/if_arp.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h -index c3cc5a9e5e..4783af9fe5 100644 ---- a/src/basic/linux/if_arp.h -+++ b/src/basic/linux/if_arp.h -@@ -54,6 +54,7 @@ - #define ARPHRD_X25 271 /* CCITT X.25 */ - #define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ - #define ARPHRD_CAN 280 /* Controller Area Network */ -+#define ARPHRD_MCTP 290 - #define ARPHRD_PPP 512 - #define ARPHRD_CISCO 513 /* Cisco HDLC */ - #define ARPHRD_HDLC ARPHRD_CISCO --- -2.33.0 - diff --git a/backport-basic-log-allow-errno-values-higher-than-255.patch b/backport-basic-log-allow-errno-values-higher-than-255.patch deleted file mode 100644 index 7e2d563..0000000 --- a/backport-basic-log-allow-errno-values-higher-than-255.patch +++ /dev/null @@ -1,48 +0,0 @@ -From fb824c90e5a83218e4252a2c21c7f365d0167458 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 3 Jan 2022 17:53:29 +0100 -Subject: [PATCH] basic/log: allow errno values higher than 255 - -When the support for "synthetic errno" was added, we started truncating -the errno value to just the least significant byte. This is generally OK, -because errno values are defined up to ~130. - -The docs don't really say what the maximum value is. But at least in principle -higher values could be added in the future. So let's stop truncating -the values needlessly. - -The kernel (or libbpf?) have an error where they return 524 as an errno -value (https://bugzilla.redhat.com/show_bug.cgi?id=2036145). We would -confusingly truncate this to 12 (ENOMEM). It seems much nicer to let -strerror() give us "Unknown error 524" rather than to print the bogus -message about ENOMEM. - -(cherry picked from commit 5f74fcd41cb1a1b26c23e0f2ab405ae9cf6bcc93) -(cherry picked from commit cd686fe4c719bfb894bd24d673c51f19cea64643) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/fb824c90e5a83218e4252a2c21c7f365d0167458 ---- - src/basic/log.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/basic/log.h b/src/basic/log.h -index 738c181070..8bfae8e0e5 100644 ---- a/src/basic/log.h -+++ b/src/basic/log.h -@@ -27,10 +27,10 @@ typedef enum LogTarget{ - _LOG_TARGET_INVALID = -EINVAL, - } LogTarget; - --/* Note to readers: << and >> have lower precedence than & and | */ -+/* Note to readers: << and >> have lower precedence (are evaluated earlier) than & and | */ - #define SYNTHETIC_ERRNO(num) (1 << 30 | (num)) - #define IS_SYNTHETIC_ERRNO(val) ((val) >> 30 & 1) --#define ERRNO_VALUE(val) (abs(val) & 255) -+#define ERRNO_VALUE(val) (abs(val) & ~(1 << 30)) - - const char *log_target_to_string(LogTarget target) _const_; - LogTarget log_target_from_string(const char *s) _pure_; --- -2.33.0 - diff --git a/backport-basic-mac_-selinux-smack-_apply_fd-does-not-work-whe.patch b/backport-basic-mac_-selinux-smack-_apply_fd-does-not-work-whe.patch deleted file mode 100644 index 94fd836..0000000 --- a/backport-basic-mac_-selinux-smack-_apply_fd-does-not-work-whe.patch +++ /dev/null @@ -1,76 +0,0 @@ -From fdb86800e854d5079c13d3a4597f73617db991f6 Mon Sep 17 00:00:00 2001 -From: Donald Chan -Date: Fri, 28 Jan 2022 22:53:46 +0000 -Subject: [PATCH] basic: mac_[selinux,smack]_apply_fd does not work when - applying labels - -Commit a7fdc6c introduced a regression where file descriptors are opened -using O_PATH option. mac_smack_apply_fd() calls fsetxattr() and would fail -with a -EBADF (Bad file descriptor) error. - -Use FORMAT_PROC_FD_PATH(fd) to convert the fd back into a full path and -call setxattr() or setfilecon() instead. - -Signed-off-by: Donald Chan -(cherry picked from commit a718364e9d9242cc2111c9860f2ab5bb9bb26db9) -(cherry picked from commit 9f596964f6e403b089450dc083724b48fb4b4bb1) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/fdb86800e854d5079c13d3a4597f73617db991f6 ---- - src/shared/selinux-util.c | 6 +++++- - src/shared/smack-util.c | 7 +++++-- - 2 files changed, 10 insertions(+), 3 deletions(-) - -diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c -index 03cee76f64..832c29435d 100644 ---- a/src/shared/selinux-util.c -+++ b/src/shared/selinux-util.c -@@ -344,12 +344,16 @@ int mac_selinux_apply_fd(int fd, const char *path, const char *label) { - assert(fd >= 0); - - #if HAVE_SELINUX -+ char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1]; -+ - if (!mac_selinux_use()) - return 0; - - assert(label); - -- if (fsetfilecon(fd, label) < 0) -+ xsprintf(procfs_path, "/proc/self/fd/%i", fd); -+ -+ if (setfilecon(procfs_path, label) < 0) - return log_enforcing_errno(errno, "Failed to set SELinux security context %s on path %s: %m", label, strna(path)); - #endif - return 0; -diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c -index 3362ee3924..8d88a7b49a 100644 ---- a/src/shared/smack-util.c -+++ b/src/shared/smack-util.c -@@ -86,6 +86,7 @@ int mac_smack_apply(const char *path, SmackAttr attr, const char *label) { - } - - int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) { -+ char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1]; - int r; - - assert(fd >= 0); -@@ -94,10 +95,12 @@ int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) { - if (!mac_smack_use()) - return 0; - -+ xsprintf(procfs_path, "/proc/self/fd/%i", fd); -+ - if (label) -- r = fsetxattr(fd, smack_attr_to_string(attr), label, strlen(label), 0); -+ r = setxattr(procfs_path, smack_attr_to_string(attr), label, strlen(label), 0); - else -- r = fremovexattr(fd, smack_attr_to_string(attr)); -+ r = removexattr(procfs_path, smack_attr_to_string(attr)); - if (r < 0) - return -errno; - --- -2.33.0 - diff --git a/backport-basic-mountpoint-util-detect-erofs-as-a-read-only-FS.patch b/backport-basic-mountpoint-util-detect-erofs-as-a-read-only-FS.patch deleted file mode 100644 index f944c57..0000000 --- a/backport-basic-mountpoint-util-detect-erofs-as-a-read-only-FS.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 74af5a3696cd3747fa814a21eb1b3d7cae3dea56 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Thu, 4 Nov 2021 20:29:43 +0000 -Subject: [PATCH] basic/mountpoint-util: detect erofs as a read-only FS - -(cherry picked from commit fac2c3e97d80fb356eb50abb429bdb5ed36afcf1) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/74af5a3696cd3747fa814a21eb1b3d7cae3dea56 ---- - src/basic/mountpoint-util.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c -index e7a5a99551..7e57d9a226 100644 ---- a/src/basic/mountpoint-util.c -+++ b/src/basic/mountpoint-util.c -@@ -424,6 +424,7 @@ bool fstype_is_ro(const char *fstype) { - return STR_IN_SET(fstype, - "DM_verity_hash", - "iso9660", -+ "erofs", - "squashfs"); - } - --- -2.33.0 - diff --git a/backport-basic-unit-file-don-t-filter-out-names-starting-with.patch b/backport-basic-unit-file-don-t-filter-out-names-starting-with.patch deleted file mode 100644 index 735b09c..0000000 --- a/backport-basic-unit-file-don-t-filter-out-names-starting-with.patch +++ /dev/null @@ -1,32 +0,0 @@ -From d21bfe5c06688a5b6aa0a0b4eae0b05bc45475fb Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Tue, 28 Sep 2021 23:52:39 -0700 -Subject: [PATCH] basic/unit-file: don't filter out names starting with dot - -Fixes #20859 -Reverts 3796bdc55d6ba499d1049f749072218879e619a7 - -(cherry picked from commit 14bb72953458caace048b55ead7ea06a592b864f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d21bfe5c06688a5b6aa0a0b4eae0b05bc45475fb ---- - src/basic/unit-file.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c -index 884a0674a9..0d58b1c4fe 100644 ---- a/src/basic/unit-file.c -+++ b/src/basic/unit-file.c -@@ -284,7 +284,7 @@ int unit_file_build_name_map( - continue; - } - -- FOREACH_DIRENT(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { -+ FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { - char *filename; - _cleanup_free_ char *_filename_free = NULL, *simplified = NULL; - const char *suffix, *dst = NULL; --- -2.33.0 - diff --git a/backport-binfmt-fix-exit-value.patch b/backport-binfmt-fix-exit-value.patch deleted file mode 100644 index 80ba1e3..0000000 --- a/backport-binfmt-fix-exit-value.patch +++ /dev/null @@ -1,32 +0,0 @@ -From d4406e94a32d423d8a73deb7757fb09890afe2c4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 10 Nov 2021 13:58:32 +0100 -Subject: [PATCH] binfmt: fix exit value - -Positive values are mapped to 0 by DEFINE_MAIN_FUNCTION(), so e.g. -systemd-binfmt --foobar would "succeed". - -(cherry picked from commit 52707598d5c0dbbc8a967e4874b0b08ee2486772) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d4406e94a32d423d8a73deb7757fb09890afe2c4 ---- - src/binfmt/binfmt.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c -index 29530bb691..981218f52f 100644 ---- a/src/binfmt/binfmt.c -+++ b/src/binfmt/binfmt.c -@@ -189,7 +189,7 @@ static int run(int argc, char *argv[]) { - - r = parse_argv(argc, argv); - if (r <= 0) -- return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; -+ return r; - - log_setup(); - --- -2.33.0 - diff --git a/backport-boot-timestamps-Discard-firmware-init-time-when-runn.patch b/backport-boot-timestamps-Discard-firmware-init-time-when-runn.patch deleted file mode 100644 index fdcfcc5..0000000 --- a/backport-boot-timestamps-Discard-firmware-init-time-when-runn.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 9ee300a0b6429b7af73f40edfb2330cbbd7828f3 Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Sun, 9 Jan 2022 14:22:15 +0100 -Subject: [PATCH] boot-timestamps: Discard firmware init time when running in a - VM - -Fixes: #22060 -(cherry picked from commit f699bd81e8e18da2d2fc11e7fb7dce95f8bb3f9e) -(cherry picked from commit 3c5c13f82c760c7067bb189484e1f672ff6713f6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9ee300a0b6429b7af73f40edfb2330cbbd7828f3 ---- - src/shared/boot-timestamps.c | 18 +++++++++++++----- - 1 file changed, 13 insertions(+), 5 deletions(-) - -diff --git a/src/shared/boot-timestamps.c b/src/shared/boot-timestamps.c -index 8786e89c0e..e00b37aa32 100644 ---- a/src/shared/boot-timestamps.c -+++ b/src/shared/boot-timestamps.c -@@ -5,11 +5,13 @@ - #include "efi-loader.h" - #include "macro.h" - #include "time-util.h" -+#include "virt.h" - - int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_timestamp *loader) { - usec_t x = 0, y = 0, a; - int r; - dual_timestamp _n; -+ bool use_firmware = true; - - assert(firmware); - assert(loader); -@@ -24,6 +26,10 @@ int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_time - r = efi_loader_get_boot_usec(&x, &y); - if (r < 0) - return r; -+ -+ /* If we are running in a VM, the init timestamp would -+ * be equivalent to the host uptime. */ -+ use_firmware = detect_vm() <= 0; - } - - /* Let's convert this to timestamps where the firmware -@@ -33,12 +39,14 @@ int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_time - * the monotonic timestamps here as negative of the actual - * value. */ - -- firmware->monotonic = y; -- loader->monotonic = y - x; -- -- a = n->monotonic + firmware->monotonic; -- firmware->realtime = n->realtime > a ? n->realtime - a : 0; -+ if (use_firmware) { -+ firmware->monotonic = y; -+ a = n->monotonic + firmware->monotonic; -+ firmware->realtime = n->realtime > a ? n->realtime - a : 0; -+ } else -+ firmware->monotonic = firmware->realtime = 0; - -+ loader->monotonic = y - x; - a = n->monotonic + loader->monotonic; - loader->realtime = n->realtime > a ? n->realtime - a : 0; - --- -2.33.0 - diff --git a/backport-bootctl-Fix-update-not-adding-EFI-entry-if-Boot-IDs-.patch b/backport-bootctl-Fix-update-not-adding-EFI-entry-if-Boot-IDs-.patch deleted file mode 100644 index c62801a..0000000 --- a/backport-bootctl-Fix-update-not-adding-EFI-entry-if-Boot-IDs-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 0028a3eb976dfa7209433dfa3a24b785f05fd352 Mon Sep 17 00:00:00 2001 -From: Anssi Hannula -Date: Thu, 23 Sep 2021 12:08:05 +0300 -Subject: [PATCH] bootctl: Fix update not adding EFI entry if Boot IDs are - non-consecutive - -"bootctl update" tries to add sd-boot to the EFI boot loader list if it -is not already there. To do so, it uses find_slot() which finds the -proper BootXXXX slot ID to use and also returns 1 if an existing sd-boot -entry was found at this ID or 0 if it is a new unused ID. In "update" -case install_variables() only writes the entry in case 0 (no existing -entry). - -However, find_slot() erroneously returns 1 if it finds a gap in the Boot -IDs (i.e. when not resorting to max(ids) + 1). This causes -"bootctl update" to not add a missing systemd-boot boot entry if the -existing BootXXXX entry IDs are not consecutive. - -Fix that by returning 0 in find_slot() when an empty gap ID is selected -to make it match the behavior when selecting an empty non-gap ID. - -(cherry picked from commit 26d54e1263dcb58daa6578595cc6ab1037315593) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0028a3eb976dfa7209433dfa3a24b785f05fd352 ---- - src/boot/bootctl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c -index fa8c600321..bd96812246 100644 ---- a/src/boot/bootctl.c -+++ b/src/boot/bootctl.c -@@ -711,7 +711,7 @@ static int find_slot(sd_id128_t uuid, const char *path, uint16_t *id) { - for (i = 0; i < n; i++) - if (i != options[i]) { - *id = i; -- return 1; -+ return 0; - } - - /* use the next one */ --- -2.33.0 - diff --git a/backport-bus-util-retrieve-bus-error-from-message.patch b/backport-bus-util-retrieve-bus-error-from-message.patch deleted file mode 100644 index 132b4da..0000000 --- a/backport-bus-util-retrieve-bus-error-from-message.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 443f25f3cd34ce504a4850373babcde5d572335f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 30 Jan 2022 05:36:56 +0900 -Subject: [PATCH] bus-util: retrieve bus error from message - -The error in argument is not input, but used for output. - -(cherry picked from commit 853b94863cf26d084454edd63ce987cc7ab0505a) -(cherry picked from commit b9e144629bdb7c3d4535fb0a0ad8639140a25034) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/443f25f3cd34ce504a4850373babcde5d572335f ---- - src/shared/bus-wait-for-units.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/shared/bus-wait-for-units.c b/src/shared/bus-wait-for-units.c -index 29620e0d1b..c867f1cbfd 100644 ---- a/src/shared/bus-wait-for-units.c -+++ b/src/shared/bus-wait-for-units.c -@@ -1,5 +1,6 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - -+#include "bus-error.h" - #include "bus-map-properties.h" - #include "bus-wait-for-units.h" - #include "hashmap.h" -@@ -288,19 +289,22 @@ static int on_properties_changed(sd_bus_message *m, void *userdata, sd_bus_error - return 0; - } - --static int on_get_all_properties(sd_bus_message *m, void *userdata, sd_bus_error *error) { -+static int on_get_all_properties(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { - WaitForItem *item = userdata; -+ const sd_bus_error *e; - int r; - - assert(item); - -- if (sd_bus_error_is_set(error)) { -+ e = sd_bus_message_get_error(m); -+ if (e) { - BusWaitForUnits *d = item->parent; - - d->has_failed = true; - -- log_debug_errno(sd_bus_error_get_errno(error), "GetAll() failed for %s: %s", -- item->bus_path, error->message); -+ r = sd_bus_error_get_errno(e); -+ log_debug_errno(r, "GetAll() failed for %s: %s", -+ item->bus_path, bus_error_message(e, r)); - - call_unit_callback_and_wait(d, item, false); - bus_wait_for_units_check_ready(d); --- -2.33.0 - diff --git a/backport-calendarspec-fix-possibly-skips-next-elapse.patch b/backport-calendarspec-fix-possibly-skips-next-elapse.patch deleted file mode 100644 index ec48ede..0000000 --- a/backport-calendarspec-fix-possibly-skips-next-elapse.patch +++ /dev/null @@ -1,82 +0,0 @@ -From bce3b46aaf8c7ad7ff7eeaafbf4b321ffdad9c07 Mon Sep 17 00:00:00 2001 -From: Gibeom Gwon -Date: Sun, 6 Mar 2022 09:45:38 +0900 -Subject: [PATCH] calendarspec: fix possibly skips next elapse - -If the time unit changes after adding the repetition value, the -timer may skip the next elapse. This patch reset sub time units -to minimum value when upper unit is changed. - -Fixes #22665. - -(cherry picked from commit 1e582ede3b04d12aae11fc5378a446a392054f1c) -(cherry picked from commit 8d4c0d2383e72f30753bf33f206387bc03879ff8) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/bce3b46aaf8c7ad7ff7eeaafbf4b321ffdad9c07 ---- - src/shared/calendarspec.c | 27 ++++++++++++++++++++------- - src/test/test-calendarspec.c | 2 ++ - 2 files changed, 22 insertions(+), 7 deletions(-) - -diff --git a/src/shared/calendarspec.c b/src/shared/calendarspec.c -index bf24d8d5bb..238766c96a 100644 ---- a/src/shared/calendarspec.c -+++ b/src/shared/calendarspec.c -@@ -1180,6 +1180,7 @@ static int find_matching_component( - - static int tm_within_bounds(struct tm *tm, bool utc) { - struct tm t; -+ int cmp; - assert(tm); - - /* -@@ -1194,13 +1195,25 @@ static int tm_within_bounds(struct tm *tm, bool utc) { - if (mktime_or_timegm(&t, utc) < 0) - return negative_errno(); - -- /* Did any normalization take place? If so, it was out of bounds before */ -- int cmp = CMP(t.tm_year, tm->tm_year) ?: -- CMP(t.tm_mon, tm->tm_mon) ?: -- CMP(t.tm_mday, tm->tm_mday) ?: -- CMP(t.tm_hour, tm->tm_hour) ?: -- CMP(t.tm_min, tm->tm_min) ?: -- CMP(t.tm_sec, tm->tm_sec); -+ /* -+ * Did any normalization take place? If so, it was out of bounds before. -+ * Normalization could skip next elapse, e.g. result of normalizing 3-33 -+ * is 4-2. This skips 4-1. So reset the sub time unit if upper unit was -+ * out of bounds. Normalization has occurred implies find_matching_component() > 0, -+ * other sub time units are already reset in find_next(). -+ */ -+ if ((cmp = CMP(t.tm_year, tm->tm_year)) != 0) -+ t.tm_mon = 0; -+ else if ((cmp = CMP(t.tm_mon, tm->tm_mon)) != 0) -+ t.tm_mday = 1; -+ else if ((cmp = CMP(t.tm_mday, tm->tm_mday)) != 0) -+ t.tm_hour = 0; -+ else if ((cmp = CMP(t.tm_hour, tm->tm_hour)) != 0) -+ t.tm_min = 0; -+ else if ((cmp = CMP(t.tm_min, tm->tm_min)) != 0) -+ t.tm_sec = 0; -+ else -+ cmp = CMP(t.tm_sec, tm->tm_sec); - - if (cmp < 0) - return -EDEADLK; /* Refuse to go backward */ -diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c -index 4f1d0f64d5..bc5e56a238 100644 ---- a/src/test/test-calendarspec.c -+++ b/src/test/test-calendarspec.c -@@ -201,6 +201,8 @@ int main(int argc, char* argv[]) { - test_next("2016-02~01 UTC", "", 12345, 1456704000000000); - test_next("Mon 2017-05~01..07 UTC", "", 12345, 1496016000000000); - test_next("Mon 2017-05~07/1 UTC", "", 12345, 1496016000000000); -+ test_next("*-*-01/5 04:00:00 UTC", "", 1646010000000000, 1646107200000000); -+ test_next("*-01/7-01 04:00:00 UTC", "", 1664607600000000, 1672545600000000); - test_next("2017-08-06 9,11,13,15,17:00 UTC", "", 1502029800000000, 1502031600000000); - test_next("2017-08-06 9..17/2:00 UTC", "", 1502029800000000, 1502031600000000); - test_next("2016-12-* 3..21/6:00 UTC", "", 1482613200000001, 1482634800000000); --- -2.33.0 - diff --git a/backport-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch b/backport-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch deleted file mode 100644 index 596dc39..0000000 --- a/backport-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 52ab3b8f534eafeed86908ad38f4cd0f169e23ff Mon Sep 17 00:00:00 2001 -From: Dan Streetman -Date: Sun, 11 Jul 2021 16:59:27 -0400 -Subject: [PATCH] cgroup: do 'catchup' for unit cgroup inotify watch files - -While reexec/reload, we drop the inotify watch on cgroup file(s), so -we need to re-check them in case they changed and we missed the event. - -Fixes: #20198 -(cherry picked from commit 869f52f21831b611160c4937bef822ca94c802ba) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/52ab3b8f534eafeed86908ad38f4cd0f169e23ff ---- - src/core/cgroup.c | 18 ++++++++++++++++++ - src/core/cgroup.h | 2 ++ - src/core/unit.c | 2 ++ - 3 files changed, 22 insertions(+) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 3a6f768c60..5c07aa71d1 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -3039,6 +3039,9 @@ static int unit_check_cgroup_events(Unit *u) { - - assert(u); - -+ if (!u->cgroup_path) -+ return 0; -+ - r = cg_get_keyed_attribute_graceful(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, "cgroup.events", - STRV_MAKE("populated", "frozen"), values); - if (r < 0) -@@ -3871,6 +3874,21 @@ void unit_invalidate_cgroup_bpf(Unit *u) { - } - } - -+void unit_cgroup_catchup(Unit *u) { -+ assert(u); -+ -+ if (!UNIT_HAS_CGROUP_CONTEXT(u)) -+ return; -+ -+ /* We dropped the inotify watch during reexec/reload, so we need to -+ * check these as they may have changed. -+ * Note that (currently) the kernel doesn't actually update cgroup -+ * file modification times, so we can't just serialize and then check -+ * the mtime for file(s) we are interested in. */ -+ (void) unit_check_cgroup_events(u); -+ unit_add_to_cgroup_oom_queue(u); -+} -+ - bool unit_cgroup_delegate(Unit *u) { - CGroupContext *c; - -diff --git a/src/core/cgroup.h b/src/core/cgroup.h -index ea929368cb..3f8cad899d 100644 ---- a/src/core/cgroup.h -+++ b/src/core/cgroup.h -@@ -313,6 +313,8 @@ void manager_invalidate_startup_units(Manager *m); - const char* cgroup_device_policy_to_string(CGroupDevicePolicy i) _const_; - CGroupDevicePolicy cgroup_device_policy_from_string(const char *s) _pure_; - -+void unit_cgroup_catchup(Unit *u); -+ - bool unit_cgroup_delegate(Unit *u); - - int compare_job_priority(const void *a, const void *b); -diff --git a/src/core/unit.c b/src/core/unit.c -index 47966bcf0d..7e3bd7505e 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3616,6 +3616,8 @@ void unit_catchup(Unit *u) { - - if (UNIT_VTABLE(u)->catchup) - UNIT_VTABLE(u)->catchup(u); -+ -+ unit_cgroup_catchup(u); - } - - static bool fragment_mtime_newer(const char *path, usec_t mtime, bool path_masked) { --- -2.33.0 - diff --git a/backport-cgroup-don-t-emit-BPF-firewall-warning-when-manager-.patch b/backport-cgroup-don-t-emit-BPF-firewall-warning-when-manager-.patch deleted file mode 100644 index 15d9e2e..0000000 --- a/backport-cgroup-don-t-emit-BPF-firewall-warning-when-manager-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From f4472e406eaa1087534066d09a4b7f2fd1de2a06 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Tue, 30 Nov 2021 23:49:33 +0000 -Subject: [PATCH] cgroup: don't emit BPF firewall warning when manager is in - test mode - -Support for BPF might not have been checked, since it's not necessary -in test mode (eg: running offline analysis of units). This causes an -assert: - -Assertion '(_error) != 0' failed at src/core/bpf-firewall.c:914, function emit_bpf_firewall_warning(). Aborting. - -Export SYSTEMD_LOG_LEVEl=debug in TEST-65-ANALYZE is enough to trigger -this assert while doing an offline analysis of a unit that has some -firewall/network restrictions set. - -Skip the warning if the manager is in test mode. - -(cherry picked from commit a42232a18c5716f69efc67c779dd2ef6c4b9d6c2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f4472e406eaa1087534066d09a4b7f2fd1de2a06 ---- - src/core/bpf-firewall.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c -index 4a92052925..c4989a3ea6 100644 ---- a/src/core/bpf-firewall.c -+++ b/src/core/bpf-firewall.c -@@ -911,7 +911,10 @@ int bpf_firewall_supported(void) { - void emit_bpf_firewall_warning(Unit *u) { - static bool warned = false; - -- if (!warned) { -+ assert(u); -+ assert(u->manager); -+ -+ if (!warned && !MANAGER_IS_TEST_RUN(u->manager)) { - bool quiet = bpf_firewall_unsupported_reason == -EPERM && detect_container() > 0; - - log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason, --- -2.33.0 - diff --git a/backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch b/backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch deleted file mode 100644 index 67decec..0000000 --- a/backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch +++ /dev/null @@ -1,41 +0,0 @@ -From a59a7227a29a73e8e1b0d80153f258e20354c0d7 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 15 Jul 2022 11:02:40 +0200 -Subject: [PATCH] cgroups-agent: connect stdin/stdout/stderr to /dev/null - -Inspired by https://github.com/systemd/systemd/pull/24024 this is -another user mode helper, where this might be an issue. hence let's -rather be safe than sorry, and also connect stdin/stdout/stderr -explicitly with /dev/null. - -(cherry picked from commit 50492ce81589773df2d82b4fc8047778e86c6edf) -(cherry picked from commit 689487785f776815e71642f89685ff01f0bc4fde) -(cherry picked from commit d8464304f03e6644bfc6ed42e13fb3a460b9ff60) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a59a7227a29a73e8e1b0d80153f258e20354c0d7 ---- - src/cgroups-agent/cgroups-agent.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/cgroups-agent/cgroups-agent.c b/src/cgroups-agent/cgroups-agent.c -index 071cba3099..9126736235 100644 ---- a/src/cgroups-agent/cgroups-agent.c -+++ b/src/cgroups-agent/cgroups-agent.c -@@ -16,6 +16,13 @@ int main(int argc, char *argv[]) { - _cleanup_close_ int fd = -1; - ssize_t n; - size_t l; -+ int r; -+ -+ r = rearrange_stdio(-1, -1, -1); -+ if (r < 0) { -+ log_error_errno(r, "Failed to connect stdin/stdout/stderr with /dev/null: %m"); -+ return EXIT_FAILURE; -+ } - - if (argc != 2) { - log_error("Incorrect number of arguments."); --- -2.27.0 - diff --git a/backport-change-indicator-used-for-later-versions-of-VirtualB.patch b/backport-change-indicator-used-for-later-versions-of-VirtualB.patch deleted file mode 100644 index 24ab4b0..0000000 --- a/backport-change-indicator-used-for-later-versions-of-VirtualB.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 7459b7f4a63de87a6e76e9187893c65291b7931f Mon Sep 17 00:00:00 2001 -From: Greg Zuro -Date: Tue, 26 Oct 2021 21:02:37 -0700 -Subject: [PATCH] change indicator used for later versions of VirtualBox - (#21127) - -Detection of VirtualBox is accomplished in the existing code by *either* `innotek GmbH` -or `Oracle Corporation` existing in any of: - -- /sys/class/dmi/id/product_name -- /sys/class/dmi/id/sys_vendor -- /sys/class/dmi/id/board_vendor -- /sys/class/dmi/id/bios_vendor - -With Oracle's physical servers, both `/sys/class/dmi/id/sys_vendor` and -`/sys/class/dmi/id/board_vendor` contain `Oracle Corporation`, so those -servers are detected as `oracle` (VirtualBox). - -VirtualBox has the following values in the latest versions: - -- /sys/class/dmi/id/product_name: `VirtualBox` -- /sys/class/dmi/id/sys_vendor: `innotek GmbH` -- /sys/class/dmi/id/board_vendor: `Oracle Corporation` -- /sys/class/dmi/id/bios_vendor: `innotek GmbH` - -Presumably the existing check for `innotek GmbH` is meant to detect -older versions of VirtualBox, while changing the second checked value -from `Oracle Corporation` to `VirtualBox` will reliably detect later and future -versions. - -(cherry picked from commit cfee6b955154c30be31ffcf0e3b7b89374a52fff) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7459b7f4a63de87a6e76e9187893c65291b7931f ---- - src/basic/virt.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/virt.c b/src/basic/virt.c -index 0243b2d2a8..cc123a286f 100644 ---- a/src/basic/virt.c -+++ b/src/basic/virt.c -@@ -159,7 +159,7 @@ static int detect_vm_dmi_vendor(void) { - { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */ - { "VMW", VIRTUALIZATION_VMWARE }, - { "innotek GmbH", VIRTUALIZATION_ORACLE }, -- { "Oracle Corporation", VIRTUALIZATION_ORACLE }, -+ { "VirtualBox", VIRTUALIZATION_ORACLE }, - { "Xen", VIRTUALIZATION_XEN }, - { "Bochs", VIRTUALIZATION_BOCHS }, - { "Parallels", VIRTUALIZATION_PARALLELS }, --- -2.33.0 - diff --git a/backport-ci-cancel-previous-jobs-on-ref-update.patch b/backport-ci-cancel-previous-jobs-on-ref-update.patch deleted file mode 100644 index 08ecd81..0000000 --- a/backport-ci-cancel-previous-jobs-on-ref-update.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 47b12629b47d9dfc857874a1b680f60ffc0af0bd Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 10 Nov 2021 16:45:12 +0100 -Subject: [PATCH] ci: cancel previous jobs on ref update - -Let's save the environment (and reduce the number of jobs in GH Actions -queues) by cancelling old jobs on a ref update (force push). - -See: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#concurrency -(cherry picked from commit 3884837610168e6fb69fc2d5709f6c017a30beb9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/47b12629b47d9dfc857874a1b680f60ffc0af0bd ---- - .github/workflows/build_test.yml | 3 +++ - .github/workflows/cifuzz.yml | 3 +++ - .github/workflows/mkosi.yml | 3 +++ - .github/workflows/unit_tests.yml | 3 +++ - 4 files changed, 12 insertions(+) - -diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml -index 486016abc1..fa86236c2a 100644 ---- a/.github/workflows/build_test.yml -+++ b/.github/workflows/build_test.yml -@@ -14,6 +14,9 @@ on: - jobs: - build: - runs-on: ubuntu-20.04 -+ concurrency: -+ group: ${{ github.workflow }}-${{ matrix.env.COMPILER }}-${{ matrix.env.COMPILER_VERSION }}-${{ github.ref }} -+ cancel-in-progress: true - strategy: - fail-fast: false - matrix: -diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml -index 5296dc7069..df1fb15ace 100644 ---- a/.github/workflows/cifuzz.yml -+++ b/.github/workflows/cifuzz.yml -@@ -19,6 +19,9 @@ jobs: - Fuzzing: - runs-on: ubuntu-latest - if: github.repository == 'systemd/systemd' -+ concurrency: -+ group: ${{ github.workflow }}-${{ github.ref }} -+ cancel-in-progress: true - strategy: - fail-fast: false - matrix: -diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml -index babdf7ae6e..f67fd23b1c 100644 ---- a/.github/workflows/mkosi.yml -+++ b/.github/workflows/mkosi.yml -@@ -13,6 +13,9 @@ on: - jobs: - ci: - runs-on: ubuntu-20.04 -+ concurrency: -+ group: ${{ github.workflow }}-${{ matrix.distro }}-${{ github.ref }} -+ cancel-in-progress: true - strategy: - fail-fast: false - matrix: -diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml -index ca1e6e0c30..aaf8fcad3d 100644 ---- a/.github/workflows/unit_tests.yml -+++ b/.github/workflows/unit_tests.yml -@@ -10,6 +10,9 @@ on: - jobs: - build: - runs-on: ubuntu-20.04 -+ concurrency: -+ group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ github.ref }} -+ cancel-in-progress: true - strategy: - fail-fast: false - matrix: --- -2.33.0 - diff --git a/backport-ci-fix-clang-13-installation.patch b/backport-ci-fix-clang-13-installation.patch deleted file mode 100644 index 5f08531..0000000 --- a/backport-ci-fix-clang-13-installation.patch +++ /dev/null @@ -1,59 +0,0 @@ -From eaa74c30212d62f546692731ec3cef498f3edb08 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Tue, 22 Feb 2022 14:43:40 +0100 -Subject: [PATCH] ci: fix clang-13 installation - -For some reason Ubuntu Focal repositories now have `llvm-13` virtual -package which can't be installed, but successfully fools our check, -resulting in no clang/llvm being installed... - -``` -$ apt show llvm-13 -Package: llvm-13 -State: not a real package (virtual) -N: Can't select candidate version from package llvm-13 as it has no candidate -N: Can't select versions from package 'llvm-13' as it is purely virtual -N: No packages found - -$ apt install --dry-run llvm-13 -Reading package lists... Done -Building dependency tree -Reading state information... Done -Package llvm-13 is not available, but is referred to by another package. -This may mean that the package is missing, has been obsoleted, or -is only available from another source - -E: Package 'llvm-13' has no installation candidate -``` - -(cherry picked from commit b491d74064f9d5e17a71b38b014434237169a077) -(cherry picked from commit fa6e263273905cfc9e4528e8175ace3d19d881e3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/eaa74c30212d62f546692731ec3cef498f3edb08 ---- - .github/workflows/build_test.sh | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh -index db38554d97..1200fa23f3 100755 ---- a/.github/workflows/build_test.sh -+++ b/.github/workflows/build_test.sh -@@ -75,12 +75,12 @@ if [[ "$COMPILER" == clang ]]; then - # ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11 - # provided by the apt.llvm.org repositories. Let's use the system - # llvm package if available in such cases to avoid that. -- if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then -+ if ! apt install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then - # Latest LLVM stack deb packages provided by https://apt.llvm.org/ - # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh - wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg - printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \ -- "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list -+ "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list - PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION") - fi - elif [[ "$COMPILER" == gcc ]]; then --- -2.33.0 - diff --git a/backport-ci-fix-indentation.patch b/backport-ci-fix-indentation.patch deleted file mode 100644 index 99caf2e..0000000 --- a/backport-ci-fix-indentation.patch +++ /dev/null @@ -1,82 +0,0 @@ -From 6db77b2c9f31c8246ec920a189fe44873111566f Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 10 Nov 2021 16:42:07 +0100 -Subject: [PATCH] ci: fix indentation - -(cherry picked from commit 46573ee1319ee8ae5b292a0a737740eca1a68184) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6db77b2c9f31c8246ec920a189fe44873111566f ---- - .github/workflows/cifuzz.yml | 58 ++++++++++++++++++------------------ - 1 file changed, 29 insertions(+), 29 deletions(-) - -diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml -index 14d81a67ff..5296dc7069 100644 ---- a/.github/workflows/cifuzz.yml -+++ b/.github/workflows/cifuzz.yml -@@ -16,32 +16,32 @@ on: - branches: - - main - jobs: -- Fuzzing: -- runs-on: ubuntu-latest -- if: github.repository == 'systemd/systemd' -- strategy: -- fail-fast: false -- matrix: -- sanitizer: [address, undefined, memory] -- steps: -- - name: Build Fuzzers (${{ matrix.sanitizer }}) -- id: build -- uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master -- with: -- oss-fuzz-project-name: 'systemd' -- dry-run: false -- allowed-broken-targets-percentage: 0 -- sanitizer: ${{ matrix.sanitizer }} -- - name: Run Fuzzers (${{ matrix.sanitizer }}) -- uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master -- with: -- oss-fuzz-project-name: 'systemd' -- fuzz-seconds: 600 -- dry-run: false -- sanitizer: ${{ matrix.sanitizer }} -- - name: Upload Crash -- uses: actions/upload-artifact@v1 -- if: failure() && steps.build.outcome == 'success' -- with: -- name: ${{ matrix.sanitizer }}-artifacts -- path: ./out/artifacts -+ Fuzzing: -+ runs-on: ubuntu-latest -+ if: github.repository == 'systemd/systemd' -+ strategy: -+ fail-fast: false -+ matrix: -+ sanitizer: [address, undefined, memory] -+ steps: -+ - name: Build Fuzzers (${{ matrix.sanitizer }}) -+ id: build -+ uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master -+ with: -+ oss-fuzz-project-name: 'systemd' -+ dry-run: false -+ allowed-broken-targets-percentage: 0 -+ sanitizer: ${{ matrix.sanitizer }} -+ - name: Run Fuzzers (${{ matrix.sanitizer }}) -+ uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master -+ with: -+ oss-fuzz-project-name: 'systemd' -+ fuzz-seconds: 600 -+ dry-run: false -+ sanitizer: ${{ matrix.sanitizer }} -+ - name: Upload Crash -+ uses: actions/upload-artifact@v1 -+ if: failure() && steps.build.outcome == 'success' -+ with: -+ name: ${{ matrix.sanitizer }}-artifacts -+ path: ./out/artifacts --- -2.33.0 - diff --git a/backport-ci-pin-the-debian-systemd-repo-to-a-specific-revisio.patch b/backport-ci-pin-the-debian-systemd-repo-to-a-specific-revisio.patch deleted file mode 100644 index d5fb67e..0000000 --- a/backport-ci-pin-the-debian-systemd-repo-to-a-specific-revisio.patch +++ /dev/null @@ -1,32 +0,0 @@ -From cdc1cd4eb3f86f3100d6d04b1b5d12a2d87b8704 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Sun, 14 Nov 2021 12:28:21 +0100 -Subject: [PATCH] ci: pin the debian systemd repo to a specific revision - -to work around missing systemd/systemd#20056 in pre-v250 stable -branches. - -v249-stable-only - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/cdc1cd4eb3f86f3100d6d04b1b5d12a2d87b8704 ---- - .semaphore/semaphore.yml | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml -index 06f162007e..7fc38a553d 100644 ---- a/.semaphore/semaphore.yml -+++ b/.semaphore/semaphore.yml -@@ -25,3 +25,8 @@ blocks: - - checkout --use-cache - - .semaphore/semaphore-runner.sh SETUP - - .semaphore/semaphore-runner.sh RUN -+ env_vars: -+ # Pin the debian systemd repo to a specific revision, to work around -+ # missing systemd/systemd#20056 in pre-v250 stable branches -+ - name: BRANCH -+ value: e138f8573a14f8f094bd6c9582bc26ed62c1347f --- -2.33.0 - diff --git a/backport-ci-replace-apt-key-with-signed-by.patch b/backport-ci-replace-apt-key-with-signed-by.patch deleted file mode 100644 index ba60037..0000000 --- a/backport-ci-replace-apt-key-with-signed-by.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 84230ae4e3a10fccfb4750b832d2c70fe56df128 Mon Sep 17 00:00:00 2001 -From: Evgeny Vereshchagin -Date: Sun, 26 Dec 2021 01:11:00 +0000 -Subject: [PATCH] ci: replace apt-key with signed-by - -to limit the scope of the key to apt.llvm.org only. - -This is mostly inspired by https://blog.cloudflare.com/dont-use-apt-key/ - -(cherry picked from commit bfa6bd1be098adc4710e1819b9cd34d65b3855da) -(cherry picked from commit c92297a20c13b7e15b0026b1f36ebe99d86cfce8) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/84230ae4e3a10fccfb4750b832d2c70fe56df128 ---- - .github/workflows/build_test.sh | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh -index 10fa1ea9b0..db38554d97 100755 ---- a/.github/workflows/build_test.sh -+++ b/.github/workflows/build_test.sh -@@ -77,9 +77,10 @@ if [[ "$COMPILER" == clang ]]; then - # llvm package if available in such cases to avoid that. - if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then - # Latest LLVM stack deb packages provided by https://apt.llvm.org/ -- # Following snippet was borrowed from https://apt.llvm.org/llvm.sh -- wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - -- add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main" -+ # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh -+ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg -+ printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \ -+ "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list - PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION") - fi - elif [[ "$COMPILER" == gcc ]]; then --- -2.33.0 - diff --git a/backport-ci-run-the-unit_tests-and-mkosi-jobs-on-stable-branc.patch b/backport-ci-run-the-unit_tests-and-mkosi-jobs-on-stable-branc.patch deleted file mode 100644 index e9988f4..0000000 --- a/backport-ci-run-the-unit_tests-and-mkosi-jobs-on-stable-branc.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 9d08ba9b3fa7542037e0522c10d63517366afda6 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Fri, 12 Nov 2021 17:37:15 +0100 -Subject: [PATCH] ci: run the unit_tests and mkosi jobs on stable branches as - well - -To provide more coverage for the systemd-stable repo. - -See: https://github.com/systemd/systemd-stable/issues/24 -(cherry picked from commit c76a83858996148fea36d1018b4707ce5334363b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9d08ba9b3fa7542037e0522c10d63517366afda6 ---- - .github/workflows/mkosi.yml | 2 ++ - .github/workflows/unit_tests.yml | 1 + - 2 files changed, 3 insertions(+) - -diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml -index f67fd23b1c..489eb01880 100644 ---- a/.github/workflows/mkosi.yml -+++ b/.github/workflows/mkosi.yml -@@ -6,9 +6,11 @@ on: - push: - branches: - - main -+ - v[0-9]+-stable - pull_request: - branches: - - main -+ - v[0-9]+-stable - - jobs: - ci: -diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml -index aaf8fcad3d..4a19a6a1c8 100644 ---- a/.github/workflows/unit_tests.yml -+++ b/.github/workflows/unit_tests.yml -@@ -6,6 +6,7 @@ on: - pull_request: - branches: - - main -+ - v[0-9]+-stable - - jobs: - build: --- -2.33.0 - diff --git a/backport-ci-take-CIFuzz-s-matrix-into-consideration.patch b/backport-ci-take-CIFuzz-s-matrix-into-consideration.patch deleted file mode 100644 index e9dcbb1..0000000 --- a/backport-ci-take-CIFuzz-s-matrix-into-consideration.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 428d4988d2bc68e189481f7b46ffd1f84090aadd Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 10 Nov 2021 20:15:41 +0100 -Subject: [PATCH] ci: take CIFuzz's matrix into consideration - -Otherwise the jobs will try to cancel each other out. - -Follow-up to 3884837610168e6fb69fc2d5709f6c017a30beb9. - -(cherry picked from commit 8b212f3596d03f8e1025cd151d17f9a82433844a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/428d4988d2bc68e189481f7b46ffd1f84090aadd ---- - .github/workflows/cifuzz.yml | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml -index df1fb15ace..8ab2a4cf55 100644 ---- a/.github/workflows/cifuzz.yml -+++ b/.github/workflows/cifuzz.yml -@@ -20,7 +20,7 @@ jobs: - runs-on: ubuntu-latest - if: github.repository == 'systemd/systemd' - concurrency: -- group: ${{ github.workflow }}-${{ github.ref }} -+ group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} - cancel-in-progress: true - strategy: - fail-fast: false --- -2.33.0 - diff --git a/backport-ci-use-the-system-llvm-11-package-on-Focal.patch b/backport-ci-use-the-system-llvm-11-package-on-Focal.patch deleted file mode 100644 index 8c9591d..0000000 --- a/backport-ci-use-the-system-llvm-11-package-on-Focal.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 441c959460217ba81591ada9185bed2665cdc994 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Mon, 11 Oct 2021 21:12:42 +0200 -Subject: [PATCH] ci: use the system llvm-11 package on Focal - -ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11 -provided by the apt.llvm.org repositories. Let's use the system -llvm package if available in such cases to avoid that. - -(cherry picked from commit 1c71302f70c7d0712d49b5214f5f29b4d6a2c73e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/441c959460217ba81591ada9185bed2665cdc994 ---- - .github/workflows/build_test.sh | 16 +++++++++++----- - 1 file changed, 11 insertions(+), 5 deletions(-) - -diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh -index bdcb71ba9c..10fa1ea9b0 100755 ---- a/.github/workflows/build_test.sh -+++ b/.github/workflows/build_test.sh -@@ -71,11 +71,17 @@ if [[ "$COMPILER" == clang ]]; then - CC="clang-$COMPILER_VERSION" - CXX="clang++-$COMPILER_VERSION" - AR="llvm-ar-$COMPILER_VERSION" -- # Latest LLVM stack deb packages provided by https://apt.llvm.org/ -- # Following snippet was borrowed from https://apt.llvm.org/llvm.sh -- wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - -- add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main" -- PACKAGES+=(clang-$COMPILER_VERSION lldb-$COMPILER_VERSION lld-$COMPILER_VERSION clangd-$COMPILER_VERSION) -+ -+ # ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11 -+ # provided by the apt.llvm.org repositories. Let's use the system -+ # llvm package if available in such cases to avoid that. -+ if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then -+ # Latest LLVM stack deb packages provided by https://apt.llvm.org/ -+ # Following snippet was borrowed from https://apt.llvm.org/llvm.sh -+ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - -+ add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main" -+ PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION") -+ fi - elif [[ "$COMPILER" == gcc ]]; then - CC="gcc-$COMPILER_VERSION" - CXX="g++-$COMPILER_VERSION" --- -2.33.0 - diff --git a/backport-clang-format-we-actually-typically-use-16ch-continua.patch b/backport-clang-format-we-actually-typically-use-16ch-continua.patch deleted file mode 100644 index e373bc7..0000000 --- a/backport-clang-format-we-actually-typically-use-16ch-continua.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 8282cc686bedb0cf3702ea4ac2856b39ae351ef3 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 22 Feb 2022 16:51:58 +0100 -Subject: [PATCH] clang-format: we actually typically use 16ch continuation - indentation - -We use 8 for blocks, and 16 for continuation in most cases afaics, hence -say so in .clang-format too - -(cherry picked from commit 92148fb77766767fdb6ad6e52747317dae2aae85) -(cherry picked from commit 4a90c12f4f09f23e071e649422754f04eda6d273) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8282cc686bedb0cf3702ea4ac2856b39ae351ef3 ---- - .clang-format | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/.clang-format b/.clang-format -index 651249c701..c94866fcd5 100644 ---- a/.clang-format -+++ b/.clang-format -@@ -46,7 +46,7 @@ ColumnLimit: 109 - CompactNamespaces: true - ConstructorInitializerAllOnOneLineOrOnePerLine: true - ConstructorInitializerIndentWidth: 8 --ContinuationIndentWidth: 8 -+ContinuationIndentWidth: 16 - Cpp11BracedListStyle: false - ForEachMacros: - - BITMAP_FOREACH --- -2.33.0 - diff --git a/backport-condition-fix-device-tree-firmware-path.patch b/backport-condition-fix-device-tree-firmware-path.patch deleted file mode 100644 index fbfced5..0000000 --- a/backport-condition-fix-device-tree-firmware-path.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 2065d03c1592ff0e9027e1c06b40f55fb3e1d1ae Mon Sep 17 00:00:00 2001 -From: Daniel Braunwarth -Date: Sun, 28 Aug 2022 20:02:50 +0200 -Subject: [PATCH] condition: fix device-tree firmware path - -The path /sys/firmware/device-tree doesn't exist. This should be either -/proc/device-tree or /sys/firmware/devicetree. - -The first path is only a link. So lets use the second path. - -See https://github.com/torvalds/linux/blob/v4.14/drivers/of/base.c#L218. - -(cherry picked from commit 1037178acfd093fb10d8f5e74f3072f78afdf7e8) -(cherry picked from commit 254b77e73cb81265146de653563a7fe3f9936b56) -(cherry picked from commit ba29bb342deb4eeb55debfa7abb4ba97d50df076) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2065d03c1592ff0e9027e1c06b40f55fb3e1d1ae ---- - src/shared/condition.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/condition.c b/src/shared/condition.c -index 6645f771dd..b0520566ed 100644 ---- a/src/shared/condition.c -+++ b/src/shared/condition.c -@@ -555,9 +555,9 @@ static int condition_test_firmware(Condition *c, char **env) { - assert(c->type == CONDITION_FIRMWARE); - - if (streq(c->parameter, "device-tree")) { -- if (access("/sys/firmware/device-tree/", F_OK) < 0) { -+ if (access("/sys/firmware/devicetree/", F_OK) < 0) { - if (errno != ENOENT) -- log_debug_errno(errno, "Unexpected error when checking for /sys/firmware/device-tree/: %m"); -+ log_debug_errno(errno, "Unexpected error when checking for /sys/firmware/devicetree/: %m"); - return false; - } else - return true; --- -2.27.0 - diff --git a/backport-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch b/backport-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch deleted file mode 100644 index 853ac72..0000000 --- a/backport-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 59894983693d36c6017ad995864b5541d7132563 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20Koutn=C3=BD?= -Date: Wed, 4 Aug 2021 18:59:35 +0200 -Subject: [PATCH] core: Make sure cgroup_oom_queue is flushed on manager exit - -The unit queues are not serialized/deserialized (they are recreated -after reexec/reload instead). The destroyed units are not removed from -the cgroup_oom_queue. That means the queue may contain possibly invalid -pointers to released units. - -Fix this by removing the units from cgroup_oom_queue as we do for -others. When at it, sync assert checks with currently existing queues -and put them in order in the manager cleanup code. - -(cherry picked from commit 13e721036bf4ba15eb255d8f0a14800f969ac0d7) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/59894983693d36c6017ad995864b5541d7132563 ---- - src/core/manager.c | 4 ++++ - src/core/unit.c | 7 +++++-- - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/src/core/manager.c b/src/core/manager.c -index 8884437347..34891a8754 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -1410,6 +1410,10 @@ static void manager_clear_jobs_and_units(Manager *m) { - assert(!m->cleanup_queue); - assert(!m->gc_unit_queue); - assert(!m->gc_job_queue); -+ assert(!m->cgroup_realize_queue); -+ assert(!m->cgroup_empty_queue); -+ assert(!m->cgroup_oom_queue); -+ assert(!m->target_deps_queue); - assert(!m->stop_when_unneeded_queue); - assert(!m->start_when_upheld_queue); - assert(!m->stop_when_bound_queue); -diff --git a/src/core/unit.c b/src/core/unit.c -index 7e3bd7505e..e469beb534 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -733,6 +733,9 @@ Unit* unit_free(Unit *u) { - if (u->in_dbus_queue) - LIST_REMOVE(dbus_queue, u->manager->dbus_unit_queue, u); - -+ if (u->in_cleanup_queue) -+ LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u); -+ - if (u->in_gc_queue) - LIST_REMOVE(gc_queue, u->manager->gc_unit_queue, u); - -@@ -742,8 +745,8 @@ Unit* unit_free(Unit *u) { - if (u->in_cgroup_empty_queue) - LIST_REMOVE(cgroup_empty_queue, u->manager->cgroup_empty_queue, u); - -- if (u->in_cleanup_queue) -- LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u); -+ if (u->in_cgroup_oom_queue) -+ LIST_REMOVE(cgroup_oom_queue, u->manager->cgroup_oom_queue, u); - - if (u->in_target_deps_queue) - LIST_REMOVE(target_deps_queue, u->manager->target_deps_queue, u); --- -2.33.0 - diff --git a/backport-core-Parse-log-environment-settings-again-after-appl.patch b/backport-core-Parse-log-environment-settings-again-after-appl.patch deleted file mode 100644 index 0612288..0000000 --- a/backport-core-Parse-log-environment-settings-again-after-appl.patch +++ /dev/null @@ -1,36 +0,0 @@ -From b246b5370e95756e9597d8ec967ae030b442e73f Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 7 Sep 2021 16:13:56 +0100 -Subject: [PATCH] core: Parse log environment settings again after applying - manager environment - -Currently, SYSTEMD_LOG_LEVEL set in the ManagerEnvironment property in system.conf -or user.conf doesn't affect the manager's logging level. Parsing the logging environment -variables again after pushing the manager environment into the process environment -block makes sure any new environment changes also get taken into account for logging. - -(cherry picked from commit a4303b4096d9a75acd09c5b897ed3d20c9bca6de) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b246b5370e95756e9597d8ec967ae030b442e73f ---- - src/core/main.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/core/main.c b/src/core/main.c -index b32a19a1d8..c64c73883e 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -2454,6 +2454,9 @@ static int parse_configuration(const struct rlimit *saved_rlimit_nofile, - /* Push variables into the manager environment block */ - setenv_manager_environment(); - -+ /* Parse log environment variables again to take into account any new environment variables. */ -+ log_parse_environment(); -+ - return 0; - } - --- -2.33.0 - diff --git a/backport-core-Remove-circular-include.patch b/backport-core-Remove-circular-include.patch deleted file mode 100644 index 14fbb02..0000000 --- a/backport-core-Remove-circular-include.patch +++ /dev/null @@ -1,45 +0,0 @@ -From a203879ae5914fa1a676dbd480a7ad41ca0d8e40 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 24 Aug 2021 16:19:03 +0100 -Subject: [PATCH] core: Remove circular include - -service.h includes socket.h and socket.h includes service.h. Move -service.h include from socket.h to socket.c to remove the circular -dependency. - -(cherry picked from commit a243128d1fcfc378df9fce1b4997148a17ef23a5) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a203879ae5914fa1a676dbd480a7ad41ca0d8e40 ---- - src/core/socket.c | 1 + - src/core/socket.h | 1 - - 2 files changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/socket.c b/src/core/socket.c -index 8144780bf8..f362a5baa8 100644 ---- a/src/core/socket.c -+++ b/src/core/socket.c -@@ -34,6 +34,7 @@ - #include "process-util.h" - #include "selinux-util.h" - #include "serialize.h" -+#include "service.h" - #include "signal-util.h" - #include "smack-util.h" - #include "socket.h" -diff --git a/src/core/socket.h b/src/core/socket.h -index a65195f2aa..6813bdcf8c 100644 ---- a/src/core/socket.h -+++ b/src/core/socket.h -@@ -5,7 +5,6 @@ typedef struct Socket Socket; - typedef struct SocketPeer SocketPeer; - - #include "mount.h" --#include "service.h" - #include "socket-util.h" - #include "unit.h" - --- -2.33.0 - diff --git a/backport-core-bpf-firewall-make-bpf_firewall_supported-always.patch b/backport-core-bpf-firewall-make-bpf_firewall_supported-always.patch deleted file mode 100644 index 61b9130..0000000 --- a/backport-core-bpf-firewall-make-bpf_firewall_supported-always.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 27028ef0f0bc128d14f41e233ad256687fd7e379 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Dec 2021 21:07:22 +0900 -Subject: [PATCH] core/bpf-firewall: make bpf_firewall_supported() always set - unsupported reason when BPF_FIREWALL_UNSUPPORTED is returned - -Otherwise, log_unit_full_errno() in emit_bpf_firewall_warning() will -trigger an assertion. - -(cherry picked from commit 8751bb6f5e89562d438566c374b9c3a1059c9211) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/27028ef0f0bc128d14f41e233ad256687fd7e379 ---- - src/core/bpf-firewall.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c -index 9317edeb4c..4a92052925 100644 ---- a/src/core/bpf-firewall.c -+++ b/src/core/bpf-firewall.c -@@ -869,7 +869,10 @@ int bpf_firewall_supported(void) { - - /* YAY! */ - } else { -- log_debug("Wut? Kernel accepted our invalid BPF_PROG_DETACH call? Something is weird, assuming BPF firewalling is broken and hence not supported."); -+ bpf_firewall_unsupported_reason = -+ log_debug_errno(SYNTHETIC_ERRNO(EBADE), -+ "Wut? Kernel accepted our invalid BPF_PROG_DETACH call? " -+ "Something is weird, assuming BPF firewalling is broken and hence not supported."); - return supported = BPF_FIREWALL_UNSUPPORTED; - } - -@@ -897,7 +900,10 @@ int bpf_firewall_supported(void) { - - return supported = BPF_FIREWALL_SUPPORTED; - } else { -- log_debug("Wut? Kernel accepted our invalid BPF_PROG_ATTACH+BPF_F_ALLOW_MULTI call? Something is weird, assuming BPF firewalling is broken and hence not supported."); -+ bpf_firewall_unsupported_reason = -+ log_debug_errno(SYNTHETIC_ERRNO(EBADE), -+ "Wut? Kernel accepted our invalid BPF_PROG_ATTACH+BPF_F_ALLOW_MULTI call? " -+ "Something is weird, assuming BPF firewalling is broken and hence not supported."); - return supported = BPF_FIREWALL_UNSUPPORTED; - } - } --- -2.33.0 - diff --git a/backport-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch b/backport-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch deleted file mode 100644 index 08a26a1..0000000 --- a/backport-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 7e79bfce0674c58068d2a125ed666986544e790f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 5 Aug 2021 03:13:48 +0900 -Subject: [PATCH] core/cgroup: fix error handling of cg_remove_xattr() - -(cherry picked from commit 0cddb53c85588fbfb8043f622895c7bd15819198) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7e79bfce0674c58068d2a125ed666986544e790f ---- - src/core/cgroup.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 2cbb789978..eab0929dc5 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -724,13 +724,13 @@ void cgroup_oomd_xattr_apply(Unit *u, const char *cgroup_path) { - - if (c->moom_preference != MANAGED_OOM_PREFERENCE_AVOID) { - r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_avoid"); -- if (r != -ENODATA) -+ if (r < 0 && r != -ENODATA) - log_unit_debug_errno(u, r, "Failed to remove oomd_avoid flag on control group %s, ignoring: %m", cgroup_path); - } - - if (c->moom_preference != MANAGED_OOM_PREFERENCE_OMIT) { - r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_omit"); -- if (r != -ENODATA) -+ if (r < 0 && r != -ENODATA) - log_unit_debug_errno(u, r, "Failed to remove oomd_omit flag on control group %s, ignoring: %m", cgroup_path); - } - } -@@ -762,7 +762,7 @@ static void cgroup_xattr_apply(Unit *u) { - log_unit_debug_errno(u, r, "Failed to set delegate flag on control group %s, ignoring: %m", u->cgroup_path); - } else { - r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, "trusted.delegate"); -- if (r != -ENODATA) -+ if (r < 0 && r != -ENODATA) - log_unit_debug_errno(u, r, "Failed to remove delegate flag on control group %s, ignoring: %m", u->cgroup_path); - } - --- -2.33.0 - diff --git a/backport-core-cgroup-set-bfq.weight-first-and-fixes-blkio.wei.patch b/backport-core-cgroup-set-bfq.weight-first-and-fixes-blkio.wei.patch deleted file mode 100644 index 26d4754..0000000 --- a/backport-core-cgroup-set-bfq.weight-first-and-fixes-blkio.wei.patch +++ /dev/null @@ -1,119 +0,0 @@ -From 55af1d4ce32a32ebd3106cbdf1ef8b6cda55175f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 25 Aug 2021 01:28:47 +0900 -Subject: [PATCH] core/cgroup: set bfq.weight first, and fixes blkio.weight - value - -Fixes issues introduced by 29eb0eefd14afc9a2424781a28b376db47c3c570. - -This also fixes the value sets to blkio.weight, that is, "default" is dropped. - -Moreover, This also changes the logic for mapping weight -> bfq.weight, -to always matches the min, max, and default values. - -Fixes #20519 and #21187. - -(cherry picked from commit 17283ce7b6035775f125585d1b228226942daf4b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/55af1d4ce32a32ebd3106cbdf1ef8b6cda55175f ---- - src/core/cgroup.c | 55 +++++++++++++++++++++++++++++++++++++---------- - 1 file changed, 44 insertions(+), 11 deletions(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 79e10ca3c0..8b5b403ae8 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -37,6 +37,12 @@ - - #define CGROUP_CPU_QUOTA_DEFAULT_PERIOD_USEC ((usec_t) 100 * USEC_PER_MSEC) - -+/* Special values for the bfq.weight attribute */ -+#define CGROUP_BFQ_WEIGHT_INVALID UINT64_MAX -+#define CGROUP_BFQ_WEIGHT_MIN UINT64_C(1) -+#define CGROUP_BFQ_WEIGHT_MAX UINT64_C(1000) -+#define CGROUP_BFQ_WEIGHT_DEFAULT UINT64_C(100) -+ - /* Returns the log level to use when cgroup attribute writes fail. When an attribute is missing or we have access - * problems we downgrade to LOG_DEBUG. This is supposed to be nice to container managers and kernels which want to mask - * out specific attributes from us. */ -@@ -1194,21 +1200,48 @@ static int cgroup_apply_devices(Unit *u) { - return r; - } - --static void set_io_weight(Unit *u, const char *controller, uint64_t weight) { -- char buf[8+DECIMAL_STR_MAX(uint64_t)+1]; -- const char *p; -+static void set_io_weight(Unit *u, uint64_t weight) { -+ char buf[STRLEN("default \n")+DECIMAL_STR_MAX(uint64_t)]; -+ uint64_t bfq_weight; -+ -+ assert(u); -+ -+ /* FIXME: drop this when distro kernels properly support BFQ through "io.weight" -+ * See also: https://github.com/systemd/systemd/pull/13335 and -+ * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. -+ * The range is 1..1000 apparently, and the default is 100. */ -+ if (weight <= CGROUP_WEIGHT_DEFAULT) -+ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_WEIGHT_DEFAULT - CGROUP_WEIGHT_MIN); -+ else -+ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_WEIGHT_MAX - CGROUP_WEIGHT_DEFAULT); -+ -+ xsprintf(buf, "%" PRIu64 "\n", bfq_weight); -+ (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf); - -- p = strjoina(controller, ".weight"); - xsprintf(buf, "default %" PRIu64 "\n", weight); -- (void) set_attribute_and_warn(u, controller, p, buf); -+ (void) set_attribute_and_warn(u, "io", "io.weight", buf); -+} -+ -+static void set_blkio_weight(Unit *u, uint64_t weight) { -+ char buf[STRLEN("\n")+DECIMAL_STR_MAX(uint64_t)]; -+ uint64_t bfq_weight; -+ -+ assert(u); - - /* FIXME: drop this when distro kernels properly support BFQ through "io.weight" - * See also: https://github.com/systemd/systemd/pull/13335 and - * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. -- * The range is 1..1000 apparently. */ -- p = strjoina(controller, ".bfq.weight"); -- xsprintf(buf, "%" PRIu64 "\n", (weight + 9) / 10); -- (void) set_attribute_and_warn(u, controller, p, buf); -+ * The range is 1..1000 apparently, and the default is 100. */ -+ if (weight <= CGROUP_BLKIO_WEIGHT_DEFAULT) -+ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_BLKIO_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_BLKIO_WEIGHT_DEFAULT - CGROUP_BLKIO_WEIGHT_MIN); -+ else -+ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_BLKIO_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_BLKIO_WEIGHT_MAX - CGROUP_BLKIO_WEIGHT_DEFAULT); -+ -+ xsprintf(buf, "%" PRIu64 "\n", bfq_weight); -+ (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf); -+ -+ xsprintf(buf, "%" PRIu64 "\n", weight); -+ (void) set_attribute_and_warn(u, "blkio", "blkio.weight", buf); - } - - static void cgroup_apply_bpf_foreign_program(Unit *u) { -@@ -1322,7 +1355,7 @@ static void cgroup_context_apply( - } else - weight = CGROUP_WEIGHT_DEFAULT; - -- set_io_weight(u, "io", weight); -+ set_io_weight(u, weight); - - if (has_io) { - CGroupIODeviceLatency *latency; -@@ -1392,7 +1425,7 @@ static void cgroup_context_apply( - else - weight = CGROUP_BLKIO_WEIGHT_DEFAULT; - -- set_io_weight(u, "blkio", weight); -+ set_blkio_weight(u, weight); - - if (has_io) { - CGroupIODeviceWeight *w; --- -2.33.0 - diff --git a/backport-core-cgroup-use-helper-macro-for-bfq-conversion.patch b/backport-core-cgroup-use-helper-macro-for-bfq-conversion.patch deleted file mode 100644 index 9fa8c71..0000000 --- a/backport-core-cgroup-use-helper-macro-for-bfq-conversion.patch +++ /dev/null @@ -1,82 +0,0 @@ -From d98169555c07668d999ac8ad62718da0ae9eec0f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 10 Nov 2021 11:37:15 +0100 -Subject: [PATCH] core/cgroup: use helper macro for bfq conversion - -As suggested in https://github.com/systemd/systemd/pull/20522#discussion_r696699984. - -(cherry picked from commit 311822ac28c99e2fb0e25286bdb72c9188314a66) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d98169555c07668d999ac8ad62718da0ae9eec0f ---- - src/core/cgroup.c | 34 ++++++++++++++++------------------ - 1 file changed, 16 insertions(+), 18 deletions(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 8b5b403ae8..6e4780f2f6 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -1200,9 +1200,21 @@ static int cgroup_apply_devices(Unit *u) { - return r; - } - -+/* Convert the normal io.weight value to io.bfq.weight */ -+#define BFQ_WEIGHT(weight) \ -+ (weight <= CGROUP_WEIGHT_DEFAULT ? \ -+ CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_WEIGHT_DEFAULT - CGROUP_WEIGHT_MIN) : \ -+ CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_WEIGHT_MAX - CGROUP_WEIGHT_DEFAULT)) -+ -+assert_cc(BFQ_WEIGHT(1) == 1); -+assert_cc(BFQ_WEIGHT(50) == 50); -+assert_cc(BFQ_WEIGHT(100) == 100); -+assert_cc(BFQ_WEIGHT(500) == 136); -+assert_cc(BFQ_WEIGHT(5000) == 545); -+assert_cc(BFQ_WEIGHT(10000) == 1000); -+ - static void set_io_weight(Unit *u, uint64_t weight) { - char buf[STRLEN("default \n")+DECIMAL_STR_MAX(uint64_t)]; -- uint64_t bfq_weight; - - assert(u); - -@@ -1210,12 +1222,7 @@ static void set_io_weight(Unit *u, uint64_t weight) { - * See also: https://github.com/systemd/systemd/pull/13335 and - * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. - * The range is 1..1000 apparently, and the default is 100. */ -- if (weight <= CGROUP_WEIGHT_DEFAULT) -- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_WEIGHT_DEFAULT - CGROUP_WEIGHT_MIN); -- else -- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_WEIGHT_MAX - CGROUP_WEIGHT_DEFAULT); -- -- xsprintf(buf, "%" PRIu64 "\n", bfq_weight); -+ xsprintf(buf, "%" PRIu64 "\n", BFQ_WEIGHT(weight)); - (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf); - - xsprintf(buf, "default %" PRIu64 "\n", weight); -@@ -1224,20 +1231,11 @@ static void set_io_weight(Unit *u, uint64_t weight) { - - static void set_blkio_weight(Unit *u, uint64_t weight) { - char buf[STRLEN("\n")+DECIMAL_STR_MAX(uint64_t)]; -- uint64_t bfq_weight; - - assert(u); - -- /* FIXME: drop this when distro kernels properly support BFQ through "io.weight" -- * See also: https://github.com/systemd/systemd/pull/13335 and -- * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. -- * The range is 1..1000 apparently, and the default is 100. */ -- if (weight <= CGROUP_BLKIO_WEIGHT_DEFAULT) -- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_BLKIO_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_BLKIO_WEIGHT_DEFAULT - CGROUP_BLKIO_WEIGHT_MIN); -- else -- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_BLKIO_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_BLKIO_WEIGHT_MAX - CGROUP_BLKIO_WEIGHT_DEFAULT); -- -- xsprintf(buf, "%" PRIu64 "\n", bfq_weight); -+ /* FIXME: see comment in set_io_weight(). */ -+ xsprintf(buf, "%" PRIu64 "\n", BFQ_WEIGHT(weight)); - (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf); - - xsprintf(buf, "%" PRIu64 "\n", weight); --- -2.33.0 - diff --git a/backport-core-check-size-before-mmap.patch b/backport-core-check-size-before-mmap.patch deleted file mode 100644 index b18b157..0000000 --- a/backport-core-check-size-before-mmap.patch +++ /dev/null @@ -1,148 +0,0 @@ -From d7ff7e3b6e2bd9eee809880d3632b293097e22e7 Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann -Date: Wed, 2 Mar 2022 22:03:26 +0100 -Subject: [PATCH] core: check size before mmap - -The data type off_t can be 64 on 32 bit systems if they have large -file support. Since mmap expects a size_t with 32 bits as second -argument truncation could occur. At worst these huge files could -lead to mmaps smaller than the previous check for small files. - -This in turn shouldn't have a lot of impact because mmap allocates -at page size boundaries. This also made the PAGE_ALIGN call in -open_mmap unneeded. In fact it was neither in sync with other mmap -calls nor with its own munmap counterpart in error path. - -If such large files are encountered, which is very unlikely in these -code paths, treat them with the same error as if they are too small. - -(cherry picked from commit 1a823cdeb9faea3849843e0b3dae0fbdd607e8b7) -(cherry picked from commit 6b37adf4a16c8f7e917dfd9f19dab259cda878b2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d7ff7e3b6e2bd9eee809880d3632b293097e22e7 ---- - src/basic/fileio.h | 6 ++++++ - src/basic/locale-util.c | 4 ++++ - src/boot/bootctl.c | 2 +- - src/libsystemd/sd-hwdb/sd-hwdb.c | 4 ++++ - src/libsystemd/sd-journal/catalog.c | 4 ++-- - src/libsystemd/sd-journal/compress.c | 4 ++++ - 6 files changed, 21 insertions(+), 3 deletions(-) - -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index 9bd2037f5b..ee356ddb02 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -112,6 +112,12 @@ typedef enum ReadLineFlags { - - int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret); - -+static inline bool file_offset_beyond_memory_size(off_t x) { -+ if (x < 0) /* off_t is signed, filter that out */ -+ return false; -+ return (uint64_t) x > (uint64_t) SIZE_MAX; -+} -+ - static inline int read_line(FILE *f, size_t limit, char **ret) { - return read_line_full(f, limit, 0, ret); - } -diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c -index fd6b01cfaa..b181646abe 100644 ---- a/src/basic/locale-util.c -+++ b/src/basic/locale-util.c -@@ -15,6 +15,7 @@ - #include "dirent-util.h" - #include "env-util.h" - #include "fd-util.h" -+#include "fileio.h" - #include "hashmap.h" - #include "locale-util.h" - #include "path-util.h" -@@ -113,6 +114,9 @@ static int add_locales_from_archive(Set *locales) { - if (st.st_size < (off_t) sizeof(struct locarhead)) - return -EBADMSG; - -+ if (file_offset_beyond_memory_size(st.st_size)) -+ return -EFBIG; -+ - p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0); - if (p == MAP_FAILED) - return -errno; -diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c -index bd96812246..d6eb6d00a5 100644 ---- a/src/boot/bootctl.c -+++ b/src/boot/bootctl.c -@@ -145,7 +145,7 @@ static int get_file_version(int fd, char **v) { - if (r < 0) - return log_error_errno(r, "EFI binary is not a regular file: %m"); - -- if (st.st_size < 27) { -+ if (st.st_size < 27 || file_offset_beyond_memory_size(st.st_size)) { - *v = NULL; - return 0; - } -diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c -index 53601765fe..748cf26934 100644 ---- a/src/libsystemd/sd-hwdb/sd-hwdb.c -+++ b/src/libsystemd/sd-hwdb/sd-hwdb.c -@@ -15,6 +15,7 @@ - - #include "alloc-util.h" - #include "fd-util.h" -+#include "fileio.h" - #include "hashmap.h" - #include "hwdb-internal.h" - #include "nulstr-util.h" -@@ -312,6 +313,9 @@ _public_ int sd_hwdb_new(sd_hwdb **ret) { - if (hwdb->st.st_size < (off_t) offsetof(struct trie_header_f, strings_len) + 8) - return log_debug_errno(SYNTHETIC_ERRNO(EIO), - "File %s is too short: %m", hwdb_bin_path); -+ if (file_offset_beyond_memory_size(hwdb->st.st_size)) -+ return log_debug_errno(SYNTHETIC_ERRNO(EFBIG), -+ "File %s is too long: %m", hwdb_bin_path); - - hwdb->map = mmap(0, hwdb->st.st_size, PROT_READ, MAP_SHARED, fileno(hwdb->f), 0); - if (hwdb->map == MAP_FAILED) -diff --git a/src/libsystemd/sd-journal/catalog.c b/src/libsystemd/sd-journal/catalog.c -index ce8d47ccc3..f2ad1a2039 100644 ---- a/src/libsystemd/sd-journal/catalog.c -+++ b/src/libsystemd/sd-journal/catalog.c -@@ -524,10 +524,10 @@ static int open_mmap(const char *database, int *_fd, struct stat *_st, void **_p - if (fstat(fd, &st) < 0) - return -errno; - -- if (st.st_size < (off_t) sizeof(CatalogHeader)) -+ if (st.st_size < (off_t) sizeof(CatalogHeader) || file_offset_beyond_memory_size(st.st_size)) - return -EINVAL; - -- p = mmap(NULL, PAGE_ALIGN(st.st_size), PROT_READ, MAP_SHARED, fd, 0); -+ p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0); - if (p == MAP_FAILED) - return -errno; - -diff --git a/src/libsystemd/sd-journal/compress.c b/src/libsystemd/sd-journal/compress.c -index 837abab76c..cb2e82667f 100644 ---- a/src/libsystemd/sd-journal/compress.c -+++ b/src/libsystemd/sd-journal/compress.c -@@ -25,6 +25,7 @@ - #include "alloc-util.h" - #include "compress.h" - #include "fd-util.h" -+#include "fileio.h" - #include "io-util.h" - #include "journal-def.h" - #include "macro.h" -@@ -807,6 +808,9 @@ int decompress_stream_lz4(int in, int out, uint64_t max_bytes) { - if (fstat(in, &st) < 0) - return log_debug_errno(errno, "fstat() failed: %m"); - -+ if (file_offset_beyond_memory_size(st.st_size)) -+ return -EFBIG; -+ - buf = malloc(LZ4_BUFSIZE); - if (!buf) - return -ENOMEM; --- -2.33.0 - diff --git a/backport-core-command-argument-can-be-longer-than-PATH_MAX.patch b/backport-core-command-argument-can-be-longer-than-PATH_MAX.patch deleted file mode 100644 index 8826eea..0000000 --- a/backport-core-command-argument-can-be-longer-than-PATH_MAX.patch +++ /dev/null @@ -1,69 +0,0 @@ -From a8a4d9a65902b8bfb15395479451070e9644560a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 5 Apr 2022 21:47:46 +0900 -Subject: [PATCH] core: command argument can be longer than PATH_MAX - -Fixes a bug introduced by 065364920281e1cf59cab989e17aff21790505c4. - -Fixes #22957. - -(cherry picked from commit 58dd4999dcc81a0ed92fbd78bce3592c3e3afe9e) -(cherry picked from commit 9727b9ee7b90afb8fa0e6328dcb6c34b1522d4fd) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/a8a4d9a65902b8bfb15395479451070e9644560a ---- - src/core/load-fragment.c | 2 +- - src/test/test-load-fragment.c | 16 ++++++++++++++++ - 2 files changed, 17 insertions(+), 1 deletion(-) - -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 399a759ad0..cd07f3e60d 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -849,7 +849,7 @@ int config_parse_exec( - if (r < 0) - return ignore ? 0 : -ENOEXEC; - -- r = unit_path_printf(u, word, &resolved); -+ r = unit_full_printf(u, word, &resolved); - if (r < 0) { - log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r, - "Failed to resolve unit specifiers in %s%s: %m", -diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c -index b41a8abf7b..1a0a0579b2 100644 ---- a/src/test/test-load-fragment.c -+++ b/src/test/test-load-fragment.c -@@ -10,6 +10,7 @@ - #include "capability-util.h" - #include "conf-parser.h" - #include "fd-util.h" -+#include "fileio.h" - #include "format-util.h" - #include "fs-util.h" - #include "hashmap.h" -@@ -412,6 +413,21 @@ static void test_config_parse_exec(void) { - assert_se(r == 0); - assert_se(c1->command_next == NULL); - -+ log_info("/* long arg */"); /* See issue #22957. */ -+ -+ char x[LONG_LINE_MAX-100], *y; -+ y = mempcpy(x, "/bin/echo ", STRLEN("/bin/echo ")); -+ memset(y, 'x', sizeof(x) - STRLEN("/bin/echo ") - 1); -+ x[sizeof(x) - 1] = '\0'; -+ -+ r = config_parse_exec(NULL, "fake", 5, "section", 1, -+ "LValue", 0, x, -+ &c, u); -+ assert_se(r >= 0); -+ c1 = c1->command_next; -+ check_execcommand(c1, -+ "/bin/echo", NULL, y, NULL, false); -+ - log_info("/* empty argument, reset */"); - r = config_parse_exec(NULL, "fake", 4, "section", 1, - "LValue", 0, "", --- -2.33.0 - diff --git a/backport-core-device-also-serialize-deserialize-device-syspat.patch b/backport-core-device-also-serialize-deserialize-device-syspat.patch deleted file mode 100644 index 32b057f..0000000 --- a/backport-core-device-also-serialize-deserialize-device-syspat.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 1ea74fca3a3c737f3901bc10d879b7830b3528bf Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 25 Oct 2022 21:41:17 +0900 -Subject: [PATCH] core/device: also serialize/deserialize device syspath - -The field will be used in later commits. ---- - src/core/device.c | 13 ++++++++++++- - src/core/device.h | 2 +- - 2 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 9d694aa..26a6d1f 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -114,6 +114,7 @@ static void device_done(Unit *u) { - assert(d); - - device_unset_sysfs(d); -+ d->deserialized_sysfs = mfree(d->deserialized_sysfs); - d->wants_property = strv_free(d->wants_property); - } - -@@ -295,6 +296,9 @@ static int device_serialize(Unit *u, FILE *f, FDSet *fds) { - assert(f); - assert(fds); - -+ if (d->sysfs) -+ (void) serialize_item(f, "sysfs", d->sysfs); -+ - (void) serialize_item(f, "state", device_state_to_string(d->state)); - - if (device_found_to_string_many(d->found, &s) >= 0) -@@ -312,7 +316,14 @@ static int device_deserialize_item(Unit *u, const char *key, const char *value, - assert(value); - assert(fds); - -- if (streq(key, "state")) { -+ if (streq(key, "sysfs")) { -+ if (!d->deserialized_sysfs) { -+ d->deserialized_sysfs = strdup(value); -+ if (!d->deserialized_sysfs) -+ log_oom_debug(); -+ } -+ -+ } else if (streq(key, "state")) { - DeviceState state; - - state = device_state_from_string(value); -diff --git a/src/core/device.h b/src/core/device.h -index dfe8a13..99bf134 100644 ---- a/src/core/device.h -+++ b/src/core/device.h -@@ -20,7 +20,7 @@ typedef enum DeviceFound { - struct Device { - Unit meta; - -- char *sysfs; -+ char *sysfs, *deserialized_sysfs; - - /* In order to be able to distinguish dependencies on different device nodes we might end up creating multiple - * devices for the same sysfs path. We chain them up here. */ --- -2.33.0 - diff --git a/backport-core-device-device_coldplug-don-t-set-DEVICE_DEAD.patch b/backport-core-device-device_coldplug-don-t-set-DEVICE_DEAD.patch deleted file mode 100644 index 2f3964c..0000000 --- a/backport-core-device-device_coldplug-don-t-set-DEVICE_DEAD.patch +++ /dev/null @@ -1,43 +0,0 @@ -From cf1ac0cfe44997747b0f857a1d0b67cea1298272 Mon Sep 17 00:00:00 2001 -From: Martin Wilck -Date: Wed, 25 May 2022 12:01:00 +0200 -Subject: [PATCH] core/device: device_coldplug(): don't set DEVICE_DEAD - -dm-crypt device units generated by systemd-cryptsetup-generator -habe BindsTo= dependencies on their backend devices. The dm-crypt -devices have the db_persist flag set, and thus survive the udev db -cleanup while switching root. But backend devices usually don't survive. -These devices are neither mounted nor used for swap, thus they will -seen as DEVICE_NOT_FOUND after switching root. - -The BindsTo dependency will cause systemd to schedule a stop -job for the dm-crypt device, breaking boot: - -[ 68.929457] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Unit is stopped because bound to inactive unit dev-disk-by\x2duuid-3bf91f73\x2d1ee8\x2d4cfc\x2d9048\x2d93ba349b786d.device. -[ 68.945660] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Trying to enqueue job systemd-cryptsetup@cr_root.service/stop/replace -[ 69.473459] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Installed new job systemd-cryptsetup@cr_root.service/stop as 343 - -Avoid this by not setting the state of the backend devices to -DEVICE_DEAD. - -Fixes the LUKS setup issue reported in #23429. ---- - src/core/device.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 4c261ec554..8728630523 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -205,8 +205,6 @@ static int device_coldplug(Unit *u) { - found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ - if (state == DEVICE_PLUGGED) - state = DEVICE_TENTATIVE; /* downgrade state */ -- if (found == DEVICE_NOT_FOUND) -- state = DEVICE_DEAD; /* If nobody sees the device, downgrade more */ - } - - if (d->found == found && d->state == state) --- -2.33.0 - diff --git a/backport-core-device-do-not-downgrade-device-state-if-it-is-a.patch b/backport-core-device-do-not-downgrade-device-state-if-it-is-a.patch deleted file mode 100644 index 7607580..0000000 --- a/backport-core-device-do-not-downgrade-device-state-if-it-is-a.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 4fc69e8a0949c2537019466f839d9b7aee5628c9 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 20 May 2022 10:25:12 +0200 -Subject: [PATCH] core/device: do not downgrade device state if it is already - enumerated - -On switching root, a device may have a persistent databse. In that case, -Device.enumerated_found may have DEVICE_FOUND_UDEV flag, and it is not -necessary to downgrade the Device.deserialized_found and -Device.deserialized_state. Otherwise, the state of the device unit may -be changed plugged -> dead -> plugged, if the device has not been mounted. - -Fixes #23429. - -[mwilck: cherry-picked from #23437] ---- - src/core/device.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 8728630523..fcde8a420e 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -201,7 +201,8 @@ static int device_coldplug(Unit *u) { - * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by - * device_catchup() or uevents. */ - -- if (!m->honor_device_enumeration && !MANAGER_IS_USER(m)) { -+ if (!m->honor_device_enumeration && !MANAGER_IS_USER(m) && -+ !FLAGS_SET(d->enumerated_found, DEVICE_FOUND_UDEV)) { - found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ - if (state == DEVICE_PLUGGED) - state = DEVICE_TENTATIVE; /* downgrade state */ --- -2.33.0 - diff --git a/backport-core-device-drop-unnecessary-condition.patch b/backport-core-device-drop-unnecessary-condition.patch deleted file mode 100644 index 1e8b7bf..0000000 --- a/backport-core-device-drop-unnecessary-condition.patch +++ /dev/null @@ -1,28 +0,0 @@ -From f33bc87989a87475ed41bc9cd715c4cbb18ee389 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 1 May 2022 21:42:43 +0900 -Subject: [PATCH] core/device: drop unnecessary condition - ---- - src/core/device.c | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 44425cda3c..934676287e 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -179,10 +179,7 @@ static void device_catchup(Unit *u) { - - assert(d); - -- /* Second, let's update the state with the enumerated state if it's different */ -- if (d->enumerated_found == d->found) -- return; -- -+ /* Second, let's update the state with the enumerated state */ - device_update_found_one(d, d->enumerated_found, DEVICE_FOUND_MASK); - } - --- -2.33.0 - diff --git a/backport-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch b/backport-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch deleted file mode 100644 index f2b4096..0000000 --- a/backport-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch +++ /dev/null @@ -1,117 +0,0 @@ -From 75d7b5989f99125e52d5c0e5656fa1cd0fae2405 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 29 Apr 2022 20:29:11 +0900 -Subject: [PATCH] core/device: ignore DEVICE_FOUND_UDEV bit on switching root - -The issue #12953 is caused by the following: -On switching root, -- deserialized_found == DEVICE_FOUND_UDEV | DEVICE_FOUND_MOUNT, -- deserialized_state == DEVICE_PLUGGED, -- enumerated_found == DEVICE_FOUND_MOUNT, -On switching root, most devices are not found by the enumeration process. -Hence, the device state is set to plugged by device_coldplug(), and then -changed to the dead state in device_catchup(). So the corresponding -mount point is unmounted. Later when the device is processed by udevd, it -will be changed to plugged state again. - -The issue #23208 is caused by the fact that generated udev database in -initramfs and the main system are often different. - -So, the two issues have the same root; we should not honor -DEVICE_FOUND_UDEV bit in the deserialized_found on switching root. - -This partially reverts c6e892bc0eebe1d42c282bd2d8bae149fbeba85f. - -Fixes #12953 and #23208. -Replaces #23215. - -Co-authored-by: Martin Wilck ---- - src/core/device.c | 59 +++++++++++++++++++++++++++++++++++++++-------- - 1 file changed, 49 insertions(+), 10 deletions(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 934676287e..1a4563a3d9 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -163,14 +163,57 @@ static int device_coldplug(Unit *u) { - assert(d->state == DEVICE_DEAD); - - /* First, let's put the deserialized state and found mask into effect, if we have it. */ -+ if (d->deserialized_state < 0) -+ return 0; -+ -+ Manager *m = u->manager; -+ DeviceFound found = d->deserialized_found; -+ DeviceState state = d->deserialized_state; -+ -+ /* On initial boot, switch-root, reload, reexecute, the following happen: -+ * 1. MANAGER_IS_RUNNING() == false -+ * 2. enumerate devices: manager_enumerate() -> device_enumerate() -+ * Device.enumerated_found is set. -+ * 3. deserialize devices: manager_deserialize() -> device_deserialize() -+ * Device.deserialize_state and Device.deserialized_found are set. -+ * 4. coldplug devices: manager_coldplug() -> device_coldplug() -+ * deserialized properties are copied to the main properties. -+ * 5. MANAGER_IS_RUNNING() == true: manager_ready() -+ * 6. catchup devices: manager_catchup() -> device_catchup() -+ * Device.enumerated_found is applied to Device.found, and state is updated based on that. -+ * -+ * Notes: -+ * - On initial boot, no udev database exists. Hence, no devices are enumerated in the step 2. -+ * Also, there is no deserialized device. Device units are (a) generated based on dependencies of -+ * other units, or (b) generated when uevents are received. -+ * -+ * - On switch-root, the udev databse may be cleared, except for devices with sticky bit, i.e. -+ * OPTIONS="db_persist". Hence, almost no devices are enumerated in the step 2. However, in general, -+ * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the deserialized_found must be -+ * ignored, as udev rules in initramfs and the main system are often different. If the deserialized -+ * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE (or DEVICE_DEAD if nobody -+ * sees the device). Unlike the other starting mode, Manager.honor_device_enumeration == false -+ * (maybe, it is better to rename the flag) when device_coldplug() and device_catchup() are called. -+ * Hence, let's conditionalize the operations by using the flag. After switch-root, systemd-udevd -+ * will (re-)process all devices, and the Device.found and Device.state will be adjusted. -+ * -+ * - On reload or reexecute, we can trust enumerated_found, deserialized_found, and deserialized_state. -+ * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by -+ * device_catchup() or uevents. */ -+ -+ if (!m->honor_device_enumeration && !MANAGER_IS_USER(m)) { -+ found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ -+ if (state == DEVICE_PLUGGED) -+ state = DEVICE_TENTATIVE; /* downgrade state */ -+ if (found == DEVICE_NOT_FOUND) -+ state = DEVICE_DEAD; /* If nobody sees the device, downgrade more */ -+ } - -- if (d->deserialized_state < 0 || -- (d->deserialized_state == d->state && -- d->deserialized_found == d->found)) -+ if (d->found == found && d->state == state) - return 0; - -- d->found = d->deserialized_found; -- device_set_state(d, d->deserialized_state); -+ d->found = found; -+ device_set_state(d, state); - return 0; - } - -@@ -644,13 +687,9 @@ static void device_found_changed(Device *d, DeviceFound previous, DeviceFound no - } - - static void device_update_found_one(Device *d, DeviceFound found, DeviceFound mask) { -- Manager *m; -- - assert(d); - -- m = UNIT(d)->manager; -- -- if (MANAGER_IS_RUNNING(m) && (m->honor_device_enumeration || MANAGER_IS_USER(m))) { -+ if (MANAGER_IS_RUNNING(UNIT(d)->manager)) { - DeviceFound n, previous; - - /* When we are already running, then apply the new mask right-away, and trigger state changes --- -2.33.0 - diff --git a/backport-core-device-update-comment.patch b/backport-core-device-update-comment.patch deleted file mode 100644 index c52fbdb..0000000 --- a/backport-core-device-update-comment.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 54a4d71509c0f3401aa576346754a0781795214a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 25 Oct 2022 21:40:21 +0900 -Subject: [PATCH] core/device: update comment - ---- - src/core/device.c | 29 +++++++++++++++++------------ - 1 file changed, 17 insertions(+), 12 deletions(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 0bca0ff..9d694aa 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -172,7 +172,7 @@ static int device_coldplug(Unit *u) { - * 1. MANAGER_IS_RUNNING() == false - * 2. enumerate devices: manager_enumerate() -> device_enumerate() - * Device.enumerated_found is set. -- * 3. deserialize devices: manager_deserialize() -> device_deserialize() -+ * 3. deserialize devices: manager_deserialize() -> device_deserialize_item() - * Device.deserialize_state and Device.deserialized_found are set. - * 4. coldplug devices: manager_coldplug() -> device_coldplug() - * deserialized properties are copied to the main properties. -@@ -187,22 +187,27 @@ static int device_coldplug(Unit *u) { - * - * - On switch-root, the udev databse may be cleared, except for devices with sticky bit, i.e. - * OPTIONS="db_persist". Hence, almost no devices are enumerated in the step 2. However, in general, -- * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the deserialized_found must be -- * ignored, as udev rules in initramfs and the main system are often different. If the deserialized -- * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE. Unlike the other starting -- * mode, MANAGER_IS_SWITCHING_ROOT() is true when device_coldplug() and device_catchup() are called. -- * Hence, let's conditionalize the operations by using the flag. After switch-root, systemd-udevd -- * will (re-)process all devices, and the Device.found and Device.state will be adjusted. -+ * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the -+ * Device.deserialized_found must be ignored, as udev rules in initrd and the main system are often -+ * different. If the deserialized state is DEVICE_PLUGGED, we need to downgrade it to -+ * DEVICE_TENTATIVE. Unlike the other starting mode, MANAGER_IS_SWITCHING_ROOT() is true when -+ * device_coldplug() and device_catchup() are called. Hence, let's conditionalize the operations by -+ * using the flag. After switch-root, systemd-udevd will (re-)process all devices, and the -+ * Device.found and Device.state will be adjusted. - * -- * - On reload or reexecute, we can trust enumerated_found, deserialized_found, and deserialized_state. -- * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by -- * device_catchup() or uevents. */ -+ * - On reload or reexecute, we can trust Device.enumerated_found, Device.deserialized_found, and -+ * Device.deserialized_state. Of course, deserialized parameters may be outdated, but the unit -+ * state can be adjusted later by device_catchup() or uevents. */ - - if (MANAGER_IS_SWITCHING_ROOT(m) && - !FLAGS_SET(d->enumerated_found, DEVICE_FOUND_UDEV)) { -- found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ -+ /* The device has not been enumerated. On switching-root, such situation is natural. See the -+ * above comment. To prevent problematic state transition active → dead → active, let's -+ * drop the DEVICE_FOUND_UDEV flag and downgrade state to DEVICE_TENTATIVE(activating). See -+ * issue #12953 and #23208. */ -+ found &= ~DEVICE_FOUND_UDEV; - if (state == DEVICE_PLUGGED) -- state = DEVICE_TENTATIVE; /* downgrade state */ -+ state = DEVICE_TENTATIVE; - } - - if (d->found == found && d->state == state) --- -2.33.0 - diff --git a/backport-core-device-verify-device-syspath-on-switching-root.patch b/backport-core-device-verify-device-syspath-on-switching-root.patch deleted file mode 100644 index eae111e..0000000 --- a/backport-core-device-verify-device-syspath-on-switching-root.patch +++ /dev/null @@ -1,42 +0,0 @@ -From b6c86ae28149c4abb2f0bd6acab13153382da9e7 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 26 Oct 2022 01:18:05 +0900 -Subject: [PATCH] core/device: verify device syspath on switching root - -Otherwise, if a device is removed while switching root, then the -corresponding .device unit will never go to inactive state. - -This replaces the code dropped by cf1ac0cfe44997747b0f857a1d0b67cea1298272. - -Fixes #25106. ---- - src/core/device.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/src/core/device.c b/src/core/device.c -index 7e354b2b4a..6e07f2745b 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -305,6 +305,19 @@ static int device_coldplug(Unit *u) { - found &= ~DEVICE_FOUND_UDEV; - if (state == DEVICE_PLUGGED) - state = DEVICE_TENTATIVE; -+ -+ /* Also check the validity of the device syspath. Without this check, if the device was -+ * removed while switching root, it would never go to inactive state, as both Device.found -+ * and Device.enumerated_found do not have the DEVICE_FOUND_UDEV flag, so device_catchup() in -+ * device_update_found_one() does nothing in most cases. See issue #25106. Note that the -+ * syspath field is only serialized when systemd is sufficiently new and the device has been -+ * already processed by udevd. */ -+ if (d->deserialized_sysfs) { -+ _cleanup_(sd_device_unrefp) sd_device *dev = NULL; -+ -+ if (sd_device_new_from_syspath(&dev, d->deserialized_sysfs) < 0) -+ state = DEVICE_DEAD; -+ } - } - - if (d->found == found && d->state == state) --- -2.33.0 - diff --git a/backport-core-don-t-fail-on-EEXIST-when-creating-mount-point.patch b/backport-core-don-t-fail-on-EEXIST-when-creating-mount-point.patch deleted file mode 100644 index 2aac40f..0000000 --- a/backport-core-don-t-fail-on-EEXIST-when-creating-mount-point.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 37e8b3a312e64886c6fb1401c741dee7c8c102f4 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Fri, 28 Jan 2022 22:56:10 +0000 -Subject: [PATCH] core: don't fail on EEXIST when creating mount point - -systemd[1016]: Failed to mount /tmp/app1 (type n/a) on /run/systemd/unit-extensions/1 (MS_BIND ): No such file or directory -systemd[1016]: Failed to create destination mount point node '/run/systemd/unit-extensions/1': File exists - -(cherry picked from commit 9d6d4c305ab8d65aab7f546450d7331f760b7259) -(cherry picked from commit ae8bc570a81e1286eb5b59a77ef179a500b95f9d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/37e8b3a312e64886c6fb1401c741dee7c8c102f4 ---- - src/core/namespace.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index a6c6963bb7..19942d912f 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -1380,7 +1380,7 @@ static int apply_one_mount( - (void) mkdir_parents(mount_entry_path(m), 0755); - - q = make_mount_point_inode_from_path(what, mount_entry_path(m), 0755); -- if (q < 0) -+ if (q < 0 && q != -EEXIST) - log_error_errno(q, "Failed to create destination mount point node '%s': %m", - mount_entry_path(m)); - else --- -2.33.0 - diff --git a/backport-core-fix-SIGABRT-on-empty-exec-command-argv.patch b/backport-core-fix-SIGABRT-on-empty-exec-command-argv.patch deleted file mode 100644 index 1102871..0000000 --- a/backport-core-fix-SIGABRT-on-empty-exec-command-argv.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 7a58bf7aac8b2c812ee0531b0cc426e0067edd35 Mon Sep 17 00:00:00 2001 -From: Henri Chain -Date: Tue, 5 Oct 2021 13:10:31 +0200 -Subject: [PATCH] core: fix SIGABRT on empty exec command argv - -This verifies that the argv part of any exec_command parameters that -are sent through dbus is not empty at deserialization time. - -There is an additional check in service.c service_verify() that again -checks if all exec_commands are correctly populated, after the service -has been loaded, whether through dbus or otherwise. - -Fixes #20933. - -(cherry picked from commit 29500cf8c47e6eb0518d171d62aa8213020c9152) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7a58bf7aac8b2c812ee0531b0cc426e0067edd35 ---- - src/core/dbus-execute.c | 4 ++++ - src/core/service.c | 10 ++++++++++ - test/units/testsuite-23.sh | 31 +++++++++++++++++++++++++++++++ - 3 files changed, 45 insertions(+) - -diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c -index 50daef6702..902e074bd2 100644 ---- a/src/core/dbus-execute.c -+++ b/src/core/dbus-execute.c -@@ -1421,6 +1421,10 @@ int bus_set_transient_exec_command( - if (r < 0) - return r; - -+ if (strv_isempty(argv)) -+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, -+ "\"%s\" argv cannot be empty", name); -+ - r = is_ex_prop ? sd_bus_message_read_strv(message, &ex_opts) : sd_bus_message_read(message, "b", &b); - if (r < 0) - return r; -diff --git a/src/core/service.c b/src/core/service.c -index b7cfc04c84..e061d488c7 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -548,6 +548,16 @@ static int service_verify(Service *s) { - assert(s); - assert(UNIT(s)->load_state == UNIT_LOADED); - -+ for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) { -+ ExecCommand *command; -+ -+ LIST_FOREACH(command, command, s->exec_command[c]) -+ if (strv_isempty(command->argv)) -+ return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), -+ "Service has an empty argv in %s=. Refusing.", -+ service_exec_command_to_string(c)); -+ } -+ - if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP] && - UNIT(s)->success_action == EMERGENCY_ACTION_NONE) - /* FailureAction= only makes sense if one of the start or stop commands is specified. -diff --git a/test/units/testsuite-23.sh b/test/units/testsuite-23.sh -index 4ef7c878a8..5488447a87 100755 ---- a/test/units/testsuite-23.sh -+++ b/test/units/testsuite-23.sh -@@ -27,6 +27,37 @@ test "$(systemctl show --value -p RestartKillSignal seven.service)" -eq 2 - systemctl restart seven.service - systemctl stop seven.service - -+# For issue #20933 -+ -+# Should work normally -+busctl call \ -+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \ -+ org.freedesktop.systemd1.Manager StartTransientUnit \ -+ "ssa(sv)a(sa(sv))" test-20933-ok.service replace 1 \ -+ ExecStart "a(sasb)" 1 \ -+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \ -+ 0 -+ -+# DBus call should fail but not crash systemd -+busctl call \ -+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \ -+ org.freedesktop.systemd1.Manager StartTransientUnit \ -+ "ssa(sv)a(sa(sv))" test-20933-bad.service replace 1 \ -+ ExecStart "a(sasb)" 1 \ -+ /usr/bin/sleep 0 true \ -+ 0 && { echo 'unexpected success'; exit 1; } -+ -+# Same but with the empty argv in the middle -+busctl call \ -+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \ -+ org.freedesktop.systemd1.Manager StartTransientUnit \ -+ "ssa(sv)a(sa(sv))" test-20933-bad-middle.service replace 1 \ -+ ExecStart "a(sasb)" 3 \ -+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \ -+ /usr/bin/sleep 0 true \ -+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \ -+ 0 && { echo 'unexpected success'; exit 1; } -+ - systemd-analyze log-level info - - echo OK >/testok --- -2.33.0 - diff --git a/backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch b/backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch deleted file mode 100644 index ad3d401..0000000 --- a/backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch +++ /dev/null @@ -1,39 +0,0 @@ -From b5162039b2309b78a9c1feb6cc1355988e02b6c3 Mon Sep 17 00:00:00 2001 -From: xujing <17826839720@163.com> -Date: Wed, 8 Sep 2021 14:26:20 +0800 -Subject: [PATCH] core: fix free undefined pointer when strdup failed in the - first loop - -(cherry picked from commit 1509274359979079e3e61899ce12fc8b0f0958d9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b5162039b2309b78a9c1feb6cc1355988e02b6c3 ---- - src/core/load-fragment.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 8fb3c378ee..399a759ad0 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -800,7 +800,7 @@ int config_parse_exec( - if (!separate_argv0) { - char *w = NULL; - -- if (!GREEDY_REALLOC(n, nlen + 2)) -+ if (!GREEDY_REALLOC0(n, nlen + 2)) - return log_oom(); - - w = strdup(path); -@@ -832,7 +832,7 @@ int config_parse_exec( - p += 2; - p += strspn(p, WHITESPACE); - -- if (!GREEDY_REALLOC(n, nlen + 2)) -+ if (!GREEDY_REALLOC0(n, nlen + 2)) - return log_oom(); - - w = strdup(";"); --- -2.33.0 - diff --git a/backport-core-ignore-failure-on-setting-smack-process-label-w.patch b/backport-core-ignore-failure-on-setting-smack-process-label-w.patch deleted file mode 100644 index 4ee196a..0000000 --- a/backport-core-ignore-failure-on-setting-smack-process-label-w.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 4e057fc39be6ce27afcf0371ebcb7e224a7eeb2d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 1 Nov 2021 13:48:32 +0900 -Subject: [PATCH] core: ignore failure on setting smack process label when - allowed - -(cherry picked from commit 29ff62473b119c0e1d3467148eddcdccc2c9b732) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4e057fc39be6ce27afcf0371ebcb7e224a7eeb2d ---- - src/core/execute.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index e324db87cc..2f2de4d9cf 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -4408,7 +4408,7 @@ static int exec_child( - * process. This is the latest place before dropping capabilities. Other MAC context are set later. */ - if (use_smack) { - r = setup_smack(context, executable_fd); -- if (r < 0) { -+ if (r < 0 && !context->smack_process_label_ignore) { - *exit_status = EXIT_SMACK_PROCESS_LABEL; - return log_unit_error_errno(unit, r, "Failed to set SMACK process label: %m"); - } --- -2.33.0 - diff --git a/backport-core-introduce-MANAGER_IS_SWITCHING_ROOT-helper-func.patch b/backport-core-introduce-MANAGER_IS_SWITCHING_ROOT-helper-func.patch deleted file mode 100644 index 29f5352..0000000 --- a/backport-core-introduce-MANAGER_IS_SWITCHING_ROOT-helper-func.patch +++ /dev/null @@ -1,91 +0,0 @@ -From d35fe8c0afaa55441608cb7bbfa4af908e1ea8e3 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Thu, 5 May 2022 08:49:56 +0200 -Subject: [PATCH] core: introduce MANAGER_IS_SWITCHING_ROOT() helper function - -Will be used by the following commit. ---- - src/core/main.c | 3 +++ - src/core/manager.c | 6 ++++++ - src/core/manager.h | 6 ++++++ - 3 files changed, 15 insertions(+) - -diff --git a/src/core/main.c b/src/core/main.c -index 1213ad6..df4fb9d 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -1981,6 +1981,8 @@ static int invoke_main_loop( - return 0; - - case MANAGER_SWITCH_ROOT: -+ manager_set_switching_root(m, true); -+ - if (!m->switch_root_init) { - r = prepare_reexecute(m, &arg_serialization, ret_fds, true); - if (r < 0) { -@@ -2899,6 +2901,7 @@ int main(int argc, char *argv[]) { - set_manager_defaults(m); - set_manager_settings(m); - manager_set_first_boot(m, first_boot); -+ manager_set_switching_root(m, arg_switched_root); - - /* Remember whether we should queue the default job */ - queue_default_job = !arg_serialization || arg_switched_root; -diff --git a/src/core/manager.c b/src/core/manager.c -index abc63a7..d3b7fc5 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -756,6 +756,10 @@ static int manager_setup_sigchld_event_source(Manager *m) { - return 0; - } - -+void manager_set_switching_root(Manager *m, bool switching_root) { -+ m->switching_root = MANAGER_IS_SYSTEM(m) && switching_root; -+} -+ - int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager **_m) { - _cleanup_(manager_freep) Manager *m = NULL; - const char *e; -@@ -1799,6 +1803,8 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { - - manager_ready(m); - -+ manager_set_switching_root(m, false); -+ - return 0; - } - -diff --git a/src/core/manager.h b/src/core/manager.h -index 14a80b3..453706c 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -400,6 +400,9 @@ struct Manager { - char *switch_root; - char *switch_root_init; - -+ /* This is true before and after switching root. */ -+ bool switching_root; -+ - /* This maps all possible path prefixes to the units needing - * them. It's a hashmap with a path string as key and a Set as - * value where Unit objects are contained. */ -@@ -461,6 +464,8 @@ static inline usec_t manager_default_timeout_abort_usec(Manager *m) { - /* The objective is set to OK as soon as we enter the main loop, and set otherwise as soon as we are done with it */ - #define MANAGER_IS_RUNNING(m) ((m)->objective == MANAGER_OK) - -+#define MANAGER_IS_SWITCHING_ROOT(m) ((m)->switching_root) -+ - #define MANAGER_IS_TEST_RUN(m) ((m)->test_run_flags != 0) - - int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager **m); -@@ -525,6 +530,7 @@ void manager_set_show_status(Manager *m, ShowStatus mode, const char *reason); - void manager_override_show_status(Manager *m, ShowStatus mode, const char *reason); - - void manager_set_first_boot(Manager *m, bool b); -+void manager_set_switching_root(Manager *m, bool switching_root); - - void manager_status_printf(Manager *m, StatusType type, const char *status, const char *format, ...) _printf_(4,5); - --- -2.33.0 - diff --git a/backport-core-mount-add-implicit-unit-dependencies-even-if-wh.patch b/backport-core-mount-add-implicit-unit-dependencies-even-if-wh.patch deleted file mode 100644 index 4f4dfc3..0000000 --- a/backport-core-mount-add-implicit-unit-dependencies-even-if-wh.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 1bb8af46d1181a407cbc858025b85392f3af7812 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 29 Aug 2021 21:20:43 +0900 -Subject: [PATCH] core/mount: add implicit unit dependencies even if when mount - unit is generated from /proc/self/mountinfo - -Hopefully fixes #20566. - -(cherry picked from commit aebff2e7ce209fc2d75b894a3ae8b80f6f36ec11) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1bb8af46d1181a407cbc858025b85392f3af7812 ---- - src/core/mount.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/core/mount.c b/src/core/mount.c -index cde4b52731..9bec190cb6 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -1576,6 +1576,10 @@ static int mount_setup_new_unit( - if (r < 0) - return r; - -+ r = mount_add_non_exec_dependencies(MOUNT(u)); -+ if (r < 0) -+ return r; -+ - /* This unit was generated because /proc/self/mountinfo reported it. Remember this, so that by the time we load - * the unit file for it (and thus add in extra deps right after) we know what source to attributes the deps - * to. */ --- -2.33.0 - diff --git a/backport-core-namespace-allow-using-ProtectSubset-pid-and-Pro.patch b/backport-core-namespace-allow-using-ProtectSubset-pid-and-Pro.patch deleted file mode 100644 index 0406216..0000000 --- a/backport-core-namespace-allow-using-ProtectSubset-pid-and-Pro.patch +++ /dev/null @@ -1,53 +0,0 @@ -From eeb50421761e3ac562e96c47fb5f0f6ed622cfe1 Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Fri, 21 Jan 2022 13:08:19 +0100 -Subject: [PATCH] core/namespace: allow using ProtectSubset=pid and - ProtectHostname=true together - -If a service requests both ProtectSubset=pid and ProtectHostname=true -then it will currently fail to start. The ProcSubset=pid option -instructs systemd to mount procfs for the service with subset=pid which -hides all entries other than /proc/. Consequently trying to -interact with the two files /proc/sys/kernel/{hostname,domainname} -covered by ProtectHostname=true will fail. - -Fix this by only performing this check when ProtectSubset=pid is not -requested. Essentially ProtectSubset=pid implies/provides -ProtectHostname=true. - -(cherry picked from commit 1361f015773e3b4d74e382edf1565f3315a3396b) -(cherry picked from commit a727941affa7821592d503c8a5033c92d615f64c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/eeb50421761e3ac562e96c47fb5f0f6ed622cfe1 ---- - src/core/namespace.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index e3aebe8b5e..5961b14f98 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -2115,14 +2115,19 @@ int setup_namespace( - goto finish; - } - -+ /* Note, if proc is mounted with subset=pid then neither of the -+ * two paths will exist, i.e. they are implicitly protected by -+ * the mount option. */ - if (ns_info->protect_hostname) { - *(m++) = (MountEntry) { - .path_const = "/proc/sys/kernel/hostname", - .mode = READONLY, -+ .ignore = ignore_protect_proc, - }; - *(m++) = (MountEntry) { - .path_const = "/proc/sys/kernel/domainname", - .mode = READONLY, -+ .ignore = ignore_protect_proc, - }; - } - --- -2.33.0 - diff --git a/backport-core-namespace-s-normalize_mounts-drop_unused_mounts.patch b/backport-core-namespace-s-normalize_mounts-drop_unused_mounts.patch deleted file mode 100644 index a87e2ed..0000000 --- a/backport-core-namespace-s-normalize_mounts-drop_unused_mounts.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 2540b0e3e0aa3e9bc4eef39723aa869f235923dd Mon Sep 17 00:00:00 2001 -From: Christian Brauner -Date: Mon, 24 Jan 2022 10:12:57 +0100 -Subject: [PATCH] core/namespace: s/normalize_mounts()/drop_unused_mounts() - -Rename the normalize_mounts() helper to drop_unused_mounts. All the -helpers called in there get rid of mounts that are unused for a variety -of reasons. And whereas the helpers are aptly prefixed with "drop" the -overall helper isn't and instead uses "normalize". - -Make it more obvious what the helper actually does by renaming it from -normalize_mounts() to drop_unused_mounts(). Readers of code calling this -helper will immediately see that it will get rid of unused mounts. - -Link: https://github.com/systemd/systemd/issues/22206 -(cherry picked from commit fbf90c0d5cadc5d1e95485f770f45a7d4cd39daa) -(cherry picked from commit 09936a7ec92c859b3c4c9520ecd49c2909a8b35c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2540b0e3e0aa3e9bc4eef39723aa869f235923dd ---- - src/core/namespace.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index 5961b14f98..a6c6963bb7 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -1578,7 +1578,14 @@ static size_t namespace_calculate_mounts( - ns_info->private_ipc; /* /dev/mqueue */ - } - --static void normalize_mounts(const char *root_directory, MountEntry *mounts, size_t *n_mounts) { -+/* Walk all mount entries and dropping any unused mounts. This affects all -+ * mounts: -+ * - that are implicitly protected by a path that has been rendered inaccessible -+ * - whose immediate parent requests the same protection mode as the mount itself -+ * - that are outside of the relevant root directory -+ * - which are duplicates -+ */ -+static void drop_unused_mounts(const char *root_directory, MountEntry *mounts, size_t *n_mounts) { - assert(root_directory); - assert(n_mounts); - assert(mounts || *n_mounts == 0); -@@ -1659,7 +1666,7 @@ static int apply_mounts( - if (!again) - break; - -- normalize_mounts(root, mounts, n_mounts); -+ drop_unused_mounts(root, mounts, n_mounts); - } - - /* Create a deny list we can pass to bind_mount_recursive() */ -@@ -2208,7 +2215,7 @@ int setup_namespace( - if (r < 0) - goto finish; - -- normalize_mounts(root, mounts, &n_mounts); -+ drop_unused_mounts(root, mounts, &n_mounts); - } - - /* All above is just preparation, figuring out what to do. Let's now actually start doing something. */ --- -2.33.0 - diff --git a/backport-core-normalize-r-variable-handling-in-unit_attach_pi.patch b/backport-core-normalize-r-variable-handling-in-unit_attach_pi.patch deleted file mode 100644 index 038642f..0000000 --- a/backport-core-normalize-r-variable-handling-in-unit_attach_pi.patch +++ /dev/null @@ -1,125 +0,0 @@ -From 84ec6a0043f7a447157753fb12e991ebce6e14b7 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 27 Oct 2021 23:08:58 +0200 -Subject: [PATCH] core: normalize 'r' variable handling in - unit_attach_pids_to_cgroup() a bit - -The 'r' variable is our "go-to" variable for error return codes, all -across our codebase. In unit_attach_pids_to_cgroup() it was so far used -in a strange way for most of the function: instead of directly storing -the error codes of functions we call we'd store it in a local variable -'q' instead, and propagate it to 'r' only in some cases finally we'd -return the ultimate result of 'r'. - -Let's normalize this a bit: let's always store error return values in -'r', and then use 'ret' as the variable to sometimes propagate errors -to, and then return that. - -This also allows us to get rid of one local variable. - -No actual codeflow changes, just some renaming of variables that allows -us to remove one. - -(cherry picked from commit db4229d12f48663400802171b336c7cadbbe04ef) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/84ec6a0043f7a447157753fb12e991ebce6e14b7 ---- - src/core/cgroup.c | 38 +++++++++++++++++++------------------- - 1 file changed, 19 insertions(+), 19 deletions(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 5c07aa71d1..1551d57e90 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -2137,7 +2137,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - CGroupMask delegated_mask; - const char *p; - void *pidp; -- int r, q; -+ int ret, r; - - assert(u); - -@@ -2164,16 +2164,16 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - - delegated_mask = unit_get_delegate_mask(u); - -- r = 0; -+ ret = 0; - SET_FOREACH(pidp, pids) { - pid_t pid = PTR_TO_PID(pidp); - - /* First, attach the PID to the main cgroup hierarchy */ -- q = cg_attach(SYSTEMD_CGROUP_CONTROLLER, p, pid); -- if (q < 0) { -- bool again = MANAGER_IS_USER(u->manager) && ERRNO_IS_PRIVILEGE(q); -+ r = cg_attach(SYSTEMD_CGROUP_CONTROLLER, p, pid); -+ if (r < 0) { -+ bool again = MANAGER_IS_USER(u->manager) && ERRNO_IS_PRIVILEGE(r); - -- log_unit_full_errno(u, again ? LOG_DEBUG : LOG_INFO, q, -+ log_unit_full_errno(u, again ? LOG_DEBUG : LOG_INFO, r, - "Couldn't move process "PID_FMT" to%s requested cgroup '%s': %m", - pid, again ? " directly" : "", empty_to_root(p)); - -@@ -2192,16 +2192,16 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - continue; /* When the bus thing worked via the bus we are fully done for this PID. */ - } - -- if (r >= 0) -- r = q; /* Remember first error */ -+ if (ret >= 0) -+ ret = r; /* Remember first error */ - - continue; - } - -- q = cg_all_unified(); -- if (q < 0) -- return q; -- if (q > 0) -+ r = cg_all_unified(); -+ if (r < 0) -+ return r; -+ if (r > 0) - continue; - - /* In the legacy hierarchy, attach the process to the request cgroup if possible, and if not to the -@@ -2216,11 +2216,11 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - - /* If this controller is delegated and realized, honour the caller's request for the cgroup suffix. */ - if (delegated_mask & u->cgroup_realized_mask & bit) { -- q = cg_attach(cgroup_controller_to_string(c), p, pid); -- if (q >= 0) -+ r = cg_attach(cgroup_controller_to_string(c), p, pid); -+ if (r >= 0) - continue; /* Success! */ - -- log_unit_debug_errno(u, q, "Failed to attach PID " PID_FMT " to requested cgroup %s in controller %s, falling back to unit's cgroup: %m", -+ log_unit_debug_errno(u, r, "Failed to attach PID " PID_FMT " to requested cgroup %s in controller %s, falling back to unit's cgroup: %m", - pid, empty_to_root(p), cgroup_controller_to_string(c)); - } - -@@ -2231,14 +2231,14 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - if (!realized) - continue; /* Not even realized in the root slice? Then let's not bother */ - -- q = cg_attach(cgroup_controller_to_string(c), realized, pid); -- if (q < 0) -- log_unit_debug_errno(u, q, "Failed to attach PID " PID_FMT " to realized cgroup %s in controller %s, ignoring: %m", -+ r = cg_attach(cgroup_controller_to_string(c), realized, pid); -+ if (r < 0) -+ log_unit_debug_errno(u, r, "Failed to attach PID " PID_FMT " to realized cgroup %s in controller %s, ignoring: %m", - pid, realized, cgroup_controller_to_string(c)); - } - } - -- return r; -+ return ret; - } - - static bool unit_has_mask_realized( --- -2.33.0 - diff --git a/backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch b/backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch deleted file mode 100644 index 5542dac..0000000 --- a/backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch +++ /dev/null @@ -1,91 +0,0 @@ -From fe432460c2ecbd3dd7f0fa16278b9d4ca57a0de3 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Wed, 10 May 2023 13:54:15 +0800 -Subject: [PATCH] core: only refuse Type=dbus service enqueuing if dbus has - stop job - -Follow-up for #27579 - -In #27579 we refused all StartUnit requests for Type=dbus units -if dbus is not running, which means if dbus is manually stopped, -user can't use systemctl to start Type=dbus units again, which -is incorrect. - -The only culprit that leads to the cancellation of the whole -transaction mentioned in #26799 is job type conflict on dbus. -So let's relax the restriction and only refuse job enqueuing -if dbus has a stop job. - -To summarize, the case we want to avoid is: - -1. dbus has a stop job installed -2. StartUnit/ActivationRequest is received -3. Type=dbus service gets started, which has Requires=dbus.socket -4. dbus is pulled in again, resulting in job type conflict - -What we can support is: - -1. dbus is already stopped -2. StartUnit is received (possibly through systemctl, i.e. on private bus) -3. Type=dbus service gets started, which will wait for dbus to start -4. dbus is started again, thus the job for Type=dbus service - -Replaces #27590 -Fixes #27588 ---- - src/core/dbus-unit.c | 32 +++++++++++++++++++++++++------- - 1 file changed, 25 insertions(+), 7 deletions(-) - -diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c -index 295e271..24e4d25 100644 ---- a/src/core/dbus-unit.c -+++ b/src/core/dbus-unit.c -@@ -1849,6 +1849,7 @@ int bus_unit_queue_job( - sd_bus_error *error) { - - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; -+ const char *dbus_unit; - int r; - - assert(message); -@@ -1879,13 +1880,30 @@ int bus_unit_queue_job( - (type == JOB_STOP && u->refuse_manual_stop) || - (IN_SET(type, JOB_RESTART, JOB_TRY_RESTART) && (u->refuse_manual_start || u->refuse_manual_stop)) || - (type == JOB_RELOAD_OR_START && job_type_collapse(type, u) == JOB_START && u->refuse_manual_start)) -- return sd_bus_error_setf(error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).", u->id); -- -- /* dbus-broker issues StartUnit for activation requests, so let's apply the same check -- * used in signal_activation_request(). */ -- if (type == JOB_START && u->type == UNIT_SERVICE && -- SERVICE(u)->type == SERVICE_DBUS && !manager_dbus_is_running(u->manager)) -- return sd_bus_error_set(error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is not running."); -+ return sd_bus_error_setf(error, -+ BUS_ERROR_ONLY_BY_DEPENDENCY, -+ "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).", -+ u->id); -+ -+ /* dbus-broker issues StartUnit for activation requests, and Type=dbus services automatically -+ * gain dependency on dbus.socket. Therefore, if dbus has a pending stop job, the new start -+ * job that pulls in dbus again would cause job type conflict. Let's avoid that by rejecting -+ * job enqueuing early. -+ * -+ * Note that unlike signal_activation_request(), we can't use unit_inactive_or_pending() -+ * here. StartUnit is a more generic interface, and thus users are allowed to use e.g. systemctl -+ * to start Type=dbus services even when dbus is inactive. */ -+ if (type == JOB_START && u->type == UNIT_SERVICE && SERVICE(u)->type == SERVICE_DBUS) -+ FOREACH_STRING(dbus_unit, SPECIAL_DBUS_SOCKET, SPECIAL_DBUS_SERVICE) { -+ Unit *dbus; -+ -+ dbus = manager_get_unit(u->manager, dbus_unit); -+ if (dbus && unit_stop_pending(dbus)) -+ return sd_bus_error_setf(error, -+ BUS_ERROR_SHUTTING_DOWN, -+ "Operation for unit %s refused, D-Bus is shutting down.", -+ u->id); -+ } - - r = sd_bus_message_new_method_return(message, &reply); - if (r < 0) --- -2.33.0 - diff --git a/backport-core-really-skip-automatic-restart-when-a-JOB_STOP-j.patch b/backport-core-really-skip-automatic-restart-when-a-JOB_STOP-j.patch deleted file mode 100644 index 0b72004..0000000 --- a/backport-core-really-skip-automatic-restart-when-a-JOB_STOP-j.patch +++ /dev/null @@ -1,54 +0,0 @@ -From b17f9c7c8db6959227cebf1b30ed1698d024382e Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Fri, 18 Feb 2022 10:06:24 +0100 -Subject: [PATCH] core: really skip automatic restart when a JOB_STOP job is - pending - -It's not clear why we rescheduled a service auto restart while a stop job for -the unit was pending. The comment claims that the unit shouldn't be restarted -but the code did reschedule an auto restart meanwhile. - -In practice that was rarely an issue because the service waited for the next -auto restart to be rescheduled, letting the queued stop job to be proceed and -service_stop() to be called preventing the next restart to complete. - -However when RestartSec=0, the timer expired right away making PID1 to -reschedule the unit again, making the timer expired right away... and so -on. This busy loop prevented PID1 to handle any queued jobs (and hence giving -no chance to the start rate limiting to trigger), which made the busy loop last -forever. - -This patch breaks this loop by skipping the reschedule of the unit auto restart -and hence not depending on the value of u->restart_usec anymore. - -Fixes: #13667 -(cherry picked from commit c972880640ee19e89ce9265d8eae1b3aae190332) -(cherry picked from commit 2198c08d0786c5cec1b39283831969b2cc1adf40) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b17f9c7c8db6959227cebf1b30ed1698d024382e ---- - src/core/service.c | 7 +------ - 1 file changed, 1 insertion(+), 6 deletions(-) - -diff --git a/src/core/service.c b/src/core/service.c -index a480edc439..21bf3dc28c 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -2267,12 +2267,7 @@ static void service_enter_restart(Service *s) { - - if (unit_has_job_type(UNIT(s), JOB_STOP)) { - /* Don't restart things if we are going down anyway */ -- log_unit_info(UNIT(s), "Stop job pending for unit, delaying automatic restart."); -- -- r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->restart_usec)); -- if (r < 0) -- goto fail; -- -+ log_unit_info(UNIT(s), "Stop job pending for unit, skipping automatic restart."); - return; - } - --- -2.33.0 - diff --git a/backport-core-refuse-dbus-activation-if-dbus-is-not-running.patch b/backport-core-refuse-dbus-activation-if-dbus-is-not-running.patch deleted file mode 100644 index a13a210..0000000 --- a/backport-core-refuse-dbus-activation-if-dbus-is-not-running.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 53964fd26b4a01191609ffc064aa8ccccd28e377 Mon Sep 17 00:00:00 2001 -From: Mike Yuan -Date: Tue, 9 May 2023 00:07:45 +0800 -Subject: [PATCH] core: refuse dbus activation if dbus is not running - -dbus-broker issues StartUnit directly for activation requests, -so let's add a check on bus state in bus_unit_queue_job to refuse -that if dbus is not running. - -Replaces #27570 -Closes #26799 ---- - src/core/dbus-unit.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c -index c42ae5e..295e271 100644 ---- a/src/core/dbus-unit.c -+++ b/src/core/dbus-unit.c -@@ -21,6 +21,7 @@ - #include "path-util.h" - #include "process-util.h" - #include "selinux-access.h" -+#include "service.h" - #include "signal-util.h" - #include "special.h" - #include "string-table.h" -@@ -1880,6 +1881,12 @@ int bus_unit_queue_job( - (type == JOB_RELOAD_OR_START && job_type_collapse(type, u) == JOB_START && u->refuse_manual_start)) - return sd_bus_error_setf(error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).", u->id); - -+ /* dbus-broker issues StartUnit for activation requests, so let's apply the same check -+ * used in signal_activation_request(). */ -+ if (type == JOB_START && u->type == UNIT_SERVICE && -+ SERVICE(u)->type == SERVICE_DBUS && !manager_dbus_is_running(u->manager)) -+ return sd_bus_error_set(error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is not running."); -+ - r = sd_bus_message_new_method_return(message, &reply); - if (r < 0) - return r; --- -2.33.0 - diff --git a/backport-core-refuse-to-mount-ExtensionImages-if-the-base-lay.patch b/backport-core-refuse-to-mount-ExtensionImages-if-the-base-lay.patch deleted file mode 100644 index 0996f58..0000000 --- a/backport-core-refuse-to-mount-ExtensionImages-if-the-base-lay.patch +++ /dev/null @@ -1,34 +0,0 @@ -From af8d87d6bc8506629f1e73599ccdc4b8f8eaa6c8 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Wed, 19 Jan 2022 00:08:57 +0000 -Subject: [PATCH] core: refuse to mount ExtensionImages if the base layer - doesn't at least have ID in os-release - -We can't match an extension if we don't at least have an ID, -so refuse to continue - -(cherry picked from commit 78ab2b5064a0f87579ce5430f9cb83bba0db069a) -(cherry picked from commit 179bd47f04c538ed1f2c1de2cf2c18f17b027a51) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/af8d87d6bc8506629f1e73599ccdc4b8f8eaa6c8 ---- - src/core/namespace.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index b933d46cf6..e3aebe8b5e 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -1151,6 +1151,8 @@ static int mount_image(const MountEntry *m, const char *root_directory) { - NULL); - if (r < 0) - return log_debug_errno(r, "Failed to acquire 'os-release' data of OS tree '%s': %m", empty_to_root(root_directory)); -+ if (isempty(host_os_release_id)) -+ return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'ID' field not found or empty in 'os-release' data of OS tree '%s': %m", empty_to_root(root_directory)); - } - - r = verity_dissect_and_mount( --- -2.33.0 - diff --git a/backport-core-replace-m-honor_device_enumeration-with-MANAGER.patch b/backport-core-replace-m-honor_device_enumeration-with-MANAGER.patch deleted file mode 100644 index 98c27fa..0000000 --- a/backport-core-replace-m-honor_device_enumeration-with-MANAGER.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 7870de03c52982290f9b8ae11eb4d89db66f4be3 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Thu, 5 May 2022 11:11:57 +0200 -Subject: [PATCH] core: replace m->honor_device_enumeration with - MANAGER_IS_SWITCHING_ROOT() - ---- - src/core/device.c | 7 +++---- - src/core/manager.c | 21 +-------------------- - src/core/manager.h | 2 -- - 3 files changed, 4 insertions(+), 26 deletions(-) - -diff --git a/src/core/device.c b/src/core/device.c -index d9669e3..0bca0ff 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -189,9 +189,8 @@ static int device_coldplug(Unit *u) { - * OPTIONS="db_persist". Hence, almost no devices are enumerated in the step 2. However, in general, - * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the deserialized_found must be - * ignored, as udev rules in initramfs and the main system are often different. If the deserialized -- * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE (or DEVICE_DEAD if nobody -- * sees the device). Unlike the other starting mode, Manager.honor_device_enumeration == false -- * (maybe, it is better to rename the flag) when device_coldplug() and device_catchup() are called. -+ * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE. Unlike the other starting -+ * mode, MANAGER_IS_SWITCHING_ROOT() is true when device_coldplug() and device_catchup() are called. - * Hence, let's conditionalize the operations by using the flag. After switch-root, systemd-udevd - * will (re-)process all devices, and the Device.found and Device.state will be adjusted. - * -@@ -199,7 +198,7 @@ static int device_coldplug(Unit *u) { - * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by - * device_catchup() or uevents. */ - -- if (!m->honor_device_enumeration && !MANAGER_IS_USER(m) && -+ if (MANAGER_IS_SWITCHING_ROOT(m) && - !FLAGS_SET(d->enumerated_found, DEVICE_FOUND_UDEV)) { - found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */ - if (state == DEVICE_PLUGGED) -diff --git a/src/core/manager.c b/src/core/manager.c -index 5ed7191..91e9b2a 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -1689,8 +1689,6 @@ static void manager_ready(Manager *m) { - - /* Let's finally catch up with any changes that took place while we were reloading/reexecing */ - manager_catchup(m); -- -- m->honor_device_enumeration = true; - } - - static Manager* manager_reloading_start(Manager *m) { -@@ -3259,9 +3257,6 @@ int manager_serialize( - (void) serialize_bool(f, "taint-logged", m->taint_logged); - (void) serialize_bool(f, "service-watchdogs", m->service_watchdogs); - -- /* After switching root, udevd has not been started yet. So, enumeration results should not be emitted. */ -- (void) serialize_bool(f, "honor-device-enumeration", !switching_root); -- - if (m->show_status_overridden != _SHOW_STATUS_INVALID) - (void) serialize_item(f, "show-status-overridden", - show_status_to_string(m->show_status_overridden)); -@@ -3635,15 +3630,6 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { - else - m->service_watchdogs = b; - -- } else if ((val = startswith(l, "honor-device-enumeration="))) { -- int b; -- -- b = parse_boolean(val); -- if (b < 0) -- log_notice("Failed to parse honor-device-enumeration flag '%s', ignoring.", val); -- else -- m->honor_device_enumeration = b; -- - } else if ((val = startswith(l, "show-status-overridden="))) { - ShowStatus s; - -@@ -3767,7 +3753,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { - - if (q < _MANAGER_TIMESTAMP_MAX) /* found it */ - (void) deserialize_dual_timestamp(val, m->timestamps + q); -- else if (!startswith(l, "kdbus-fd=")) /* ignore kdbus */ -+ else if (!STARTSWITH_SET(l, "kdbus-fd=", "honor-device-enumeration=")) /* ignore deprecated values */ - log_notice("Unknown serialization item '%s', ignoring.", l); - } - } -@@ -3860,11 +3846,6 @@ int manager_reload(Manager *m) { - assert(m->n_reloading > 0); - m->n_reloading--; - -- /* On manager reloading, device tag data should exists, thus, we should honor the results of device -- * enumeration. The flag should be always set correctly by the serialized data, but it may fail. So, -- * let's always set the flag here for safety. */ -- m->honor_device_enumeration = true; -- - manager_ready(m); - - m->send_reloading_done = true; -diff --git a/src/core/manager.h b/src/core/manager.h -index 453706c..67c204f 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -442,8 +442,6 @@ struct Manager { - unsigned sigchldgen; - unsigned notifygen; - -- bool honor_device_enumeration; -- - VarlinkServer *varlink_server; - /* Only systemd-oomd should be using this to subscribe to changes in ManagedOOM settings */ - Varlink *managed_oom_varlink_request; --- -2.33.0 - diff --git a/backport-core-replace-slice-dependencies-as-they-get-added.patch b/backport-core-replace-slice-dependencies-as-they-get-added.patch deleted file mode 100644 index 158be33..0000000 --- a/backport-core-replace-slice-dependencies-as-they-get-added.patch +++ /dev/null @@ -1,178 +0,0 @@ -From b68731eeb692a4cfcdf5790ae118ebf21d827301 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Tue, 9 Nov 2021 15:26:28 -0800 -Subject: [PATCH] core: replace slice dependencies as they get added - -Defines a "UNIT_DEPENDENCY_SLICE_PROPERTY" UnitDependencyMask type that -is used when adding slices to the dependencies hashmap. This type is -used to remove slice dependencies when they get overridden by new ones. - -Fixes #20182 - -Reference:https://github.com/systemd/systemd/commit/899acf5c2d4b89caa891d05ccfa4be828a999c2d -Conflict: NA ---- - src/core/dbus-unit.c | 2 +- - src/core/load-fragment.c | 2 +- - src/core/unit-serialize.c | 1 + - src/core/unit.c | 10 +++++++--- - src/core/unit.h | 7 +++++-- - src/test/test-engine.c | 31 ++++++++++++++++++++++++++++++- - 6 files changed, 45 insertions(+), 8 deletions(-) - -diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c -index aa10939..c42ae5e 100644 ---- a/src/core/dbus-unit.c -+++ b/src/core/dbus-unit.c -@@ -2272,7 +2272,7 @@ static int bus_unit_set_transient_property( - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unit name '%s' is not a slice", s); - - if (!UNIT_WRITE_FLAGS_NOOP(flags)) { -- r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); -+ r = unit_set_slice(u, slice); - if (r < 0) - return r; - -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 399a759..3f5d6d3 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -3575,7 +3575,7 @@ int config_parse_unit_slice( - return 0; - } - -- r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); -+ r = unit_set_slice(u, slice); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id); - return 0; -diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c -index 689a536..3544f18 100644 ---- a/src/core/unit-serialize.c -+++ b/src/core/unit-serialize.c -@@ -571,6 +571,7 @@ static void print_unit_dependency_mask(FILE *f, const char *kind, UnitDependency - { UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT, "mountinfo-implicit" }, - { UNIT_DEPENDENCY_MOUNTINFO_DEFAULT, "mountinfo-default" }, - { UNIT_DEPENDENCY_PROC_SWAP, "proc-swap" }, -+ { UNIT_DEPENDENCY_SLICE_PROPERTY, "slice-property" }, - }; - - assert(f); -diff --git a/src/core/unit.c b/src/core/unit.c -index ffcf8eb..bff0527 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3267,7 +3267,7 @@ reset: - return r; - } - --int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask) { -+int unit_set_slice(Unit *u, Unit *slice) { - int r; - - assert(u); -@@ -3300,7 +3300,11 @@ int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask) { - if (UNIT_GET_SLICE(u) && u->cgroup_realized) - return -EBUSY; - -- r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, mask); -+ /* Remove any slices assigned prior; we should only have one UNIT_IN_SLICE dependency */ -+ if (UNIT_GET_SLICE(u)) -+ unit_remove_dependencies(u, UNIT_DEPENDENCY_SLICE_PROPERTY); -+ -+ r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, UNIT_DEPENDENCY_SLICE_PROPERTY); - if (r < 0) - return r; - -@@ -3353,7 +3357,7 @@ int unit_set_default_slice(Unit *u) { - if (r < 0) - return r; - -- return unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); -+ return unit_set_slice(u, slice); - } - - const char *unit_slice_name(Unit *u) { -diff --git a/src/core/unit.h b/src/core/unit.h -index 759104f..6dc2bcb 100644 ---- a/src/core/unit.h -+++ b/src/core/unit.h -@@ -88,7 +88,10 @@ typedef enum UnitDependencyMask { - /* A dependency created because of data read from /proc/swaps and no other configuration source */ - UNIT_DEPENDENCY_PROC_SWAP = 1 << 7, - -- _UNIT_DEPENDENCY_MASK_FULL = (1 << 8) - 1, -+ /* A dependency for units in slices assigned by directly setting Slice= */ -+ UNIT_DEPENDENCY_SLICE_PROPERTY = 1 << 8, -+ -+ _UNIT_DEPENDENCY_MASK_FULL = (1 << 9) - 1, - } UnitDependencyMask; - - /* The Unit's dependencies[] hashmaps use this structure as value. It has the same size as a void pointer, and thus can -@@ -761,7 +764,7 @@ Unit *unit_follow_merge(Unit *u) _pure_; - int unit_load_fragment_and_dropin(Unit *u, bool fragment_required); - int unit_load(Unit *unit); - --int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask); -+int unit_set_slice(Unit *u, Unit *slice); - int unit_set_default_slice(Unit *u); - - const char *unit_description(Unit *u) _pure_; -diff --git a/src/test/test-engine.c b/src/test/test-engine.c -index 6dc1619..1ac15a8 100644 ---- a/src/test/test-engine.c -+++ b/src/test/test-engine.c -@@ -8,6 +8,7 @@ - #include "manager-dump.h" - #include "rm-rf.h" - #include "service.h" -+#include "slice.h" - #include "special.h" - #include "strv.h" - #include "tests.h" -@@ -75,7 +76,8 @@ int main(int argc, char *argv[]) { - _cleanup_(sd_bus_error_free) sd_bus_error err = SD_BUS_ERROR_NULL; - _cleanup_(manager_freep) Manager *m = NULL; - Unit *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *g = NULL, -- *h = NULL, *i = NULL, *a_conj = NULL, *unit_with_multiple_dashes = NULL, *stub = NULL; -+ *h = NULL, *i = NULL, *a_conj = NULL, *unit_with_multiple_dashes = NULL, *stub = NULL, -+ *tomato = NULL, *sauce = NULL, *fruit = NULL, *zupa = NULL; - Job *j; - int r; - -@@ -260,5 +262,32 @@ int main(int argc, char *argv[]) { - - verify_dependency_atoms(); - -+ /* Test adding multiple Slice= dependencies; only the last should remain */ -+ assert_se(unit_new_for_name(m, sizeof(Service), "tomato.service", &tomato) >= 0); -+ assert_se(unit_new_for_name(m, sizeof(Slice), "sauce.slice", &sauce) >= 0); -+ assert_se(unit_new_for_name(m, sizeof(Slice), "fruit.slice", &fruit) >= 0); -+ assert_se(unit_new_for_name(m, sizeof(Slice), "zupa.slice", &zupa) >= 0); -+ -+ unit_set_slice(tomato, sauce); -+ unit_set_slice(tomato, fruit); -+ unit_set_slice(tomato, zupa); -+ -+ assert_se(UNIT_GET_SLICE(tomato) == zupa); -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, sauce)); -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, fruit)); -+ assert_se(unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, zupa)); -+ -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, sauce)); -+ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, fruit)); -+ assert_se(unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, zupa)); -+ -+ assert_se(!unit_has_dependency(sauce, UNIT_ATOM_SLICE_OF, tomato)); -+ assert_se(!unit_has_dependency(fruit, UNIT_ATOM_SLICE_OF, tomato)); -+ assert_se(unit_has_dependency(zupa, UNIT_ATOM_SLICE_OF, tomato)); -+ -+ assert_se(!unit_has_dependency(sauce, UNIT_ATOM_REFERENCED_BY, tomato)); -+ assert_se(!unit_has_dependency(fruit, UNIT_ATOM_REFERENCED_BY, tomato)); -+ assert_se(unit_has_dependency(zupa, UNIT_ATOM_REFERENCED_BY, tomato)); -+ - return 0; - } --- -1.8.3.1 - diff --git a/backport-core-respect-install_sysconfdir_samples-in-meson-fil.patch b/backport-core-respect-install_sysconfdir_samples-in-meson-fil.patch deleted file mode 100644 index b5477b1..0000000 --- a/backport-core-respect-install_sysconfdir_samples-in-meson-fil.patch +++ /dev/null @@ -1,34 +0,0 @@ -From d36785b19b10ec04ae7b87cdb402de4126e17bca Mon Sep 17 00:00:00 2001 -From: Andreas Rammhold -Date: Mon, 26 Jul 2021 16:57:43 +0200 -Subject: [PATCH] core: respect install_sysconfdir_samples in meson file - -The refactoring done in e11a25cadbe caused the configuration files to be -installed into the pkgsysconfdir regardless of the state of the -install_sysconfdir_samples boolean that indicates whether or not the -sample files should be installed. - -(cherry picked from commit cfd760b6a77808d0b9451ed618a23b6259fe525f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d36785b19b10ec04ae7b87cdb402de4126e17bca ---- - src/core/meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/meson.build b/src/core/meson.build -index f0d2c6f642..c66538eab1 100644 ---- a/src/core/meson.build -+++ b/src/core/meson.build -@@ -193,7 +193,7 @@ foreach item : in_files - output: file, - command : [meson_render_jinja2, config_h, '@INPUT@'], - capture : true, -- install : dir != 'no', -+ install : (dir == pkgsysconfdir and install_sysconfdir_samples) or (dir != pkgsysconfdir and dir != 'no'), - install_dir : dir) - endforeach - --- -2.33.0 - diff --git a/backport-core-service-also-check-path-in-exec-commands.patch b/backport-core-service-also-check-path-in-exec-commands.patch deleted file mode 100644 index f7d6552..0000000 --- a/backport-core-service-also-check-path-in-exec-commands.patch +++ /dev/null @@ -1,39 +0,0 @@ -From b3978cf401306a793c7531299a5e9b3c63e53a27 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 6 Oct 2021 00:19:41 +0900 -Subject: [PATCH] core/service: also check path in exec commands - -(cherry picked from commit 8688a389cabdff61efe187bb85cc1776de03c460) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b3978cf401306a793c7531299a5e9b3c63e53a27 ---- - src/core/service.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/src/core/service.c b/src/core/service.c -index e061d488c7..701c145565 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -551,11 +551,17 @@ static int service_verify(Service *s) { - for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) { - ExecCommand *command; - -- LIST_FOREACH(command, command, s->exec_command[c]) -+ LIST_FOREACH(command, command, s->exec_command[c]) { -+ if (!path_is_absolute(command->path) && !filename_is_valid(command->path)) -+ return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), -+ "Service %s= binary path \"%s\" is neither a valid executable name nor an absolute path. Refusing.", -+ command->path, -+ service_exec_command_to_string(c)); - if (strv_isempty(command->argv)) - return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC), - "Service has an empty argv in %s=. Refusing.", - service_exec_command_to_string(c)); -+ } - } - - if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP] && --- -2.33.0 - diff --git a/backport-core-slice-make-slice_freezer_action-return-0-if-fre.patch b/backport-core-slice-make-slice_freezer_action-return-0-if-fre.patch deleted file mode 100644 index 08a96a1..0000000 --- a/backport-core-slice-make-slice_freezer_action-return-0-if-fre.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 4617bad0a3b5d8026243cb4e72a5cae25ca106f0 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 6 May 2022 14:01:22 +0900 -Subject: [PATCH] core/slice: make slice_freezer_action() return 0 if freezing - state is unchanged - -Fixes #23278. - -(cherry picked from commit d171e72e7afa11b238ba20758384d223b0c76e39) ---- - src/core/slice.c | 6 +----- - src/core/unit.c | 2 ++ - 2 files changed, 3 insertions(+), 5 deletions(-) - -diff --git a/src/core/slice.c b/src/core/slice.c -index 2e43c00119..c453aa033e 100644 ---- a/src/core/slice.c -+++ b/src/core/slice.c -@@ -389,11 +389,7 @@ static int slice_freezer_action(Unit *s, FreezerAction action) { - return r; - } - -- r = unit_cgroup_freezer_action(s, action); -- if (r < 0) -- return r; -- -- return 1; -+ return unit_cgroup_freezer_action(s, action); - } - - static int slice_freeze(Unit *s) { -diff --git a/src/core/unit.c b/src/core/unit.c -index b233aca28c..3bceba1317 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -5831,6 +5831,8 @@ static int unit_freezer_action(Unit *u, FreezerAction action) { - if (r <= 0) - return r; - -+ assert(IN_SET(u->freezer_state, FREEZER_FREEZING, FREEZER_THAWING)); -+ - return 1; - } - --- -2.33.0 - diff --git a/backport-core-timer-fix-memleak.patch b/backport-core-timer-fix-memleak.patch deleted file mode 100644 index 2d04881..0000000 --- a/backport-core-timer-fix-memleak.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 82362b16ac842fc38340d21ebf39b259c5edaed3 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 10 May 2022 14:09:24 +0900 -Subject: [PATCH] core/timer: fix memleak - -Fixes #23326. - -(cherry picked from commit d3ab7b8078944db28bc621f43dd942a3c878fffb) ---- - src/core/timer.c | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/src/core/timer.c b/src/core/timer.c -index a13b864741..0dc49dd46b 100644 ---- a/src/core/timer.c -+++ b/src/core/timer.c -@@ -135,6 +135,7 @@ static int timer_add_trigger_dependencies(Timer *t) { - } - - static int timer_setup_persistent(Timer *t) { -+ _cleanup_free_ char *stamp_path = NULL; - int r; - - assert(t); -@@ -148,13 +149,13 @@ static int timer_setup_persistent(Timer *t) { - if (r < 0) - return r; - -- t->stamp_path = strjoin("/var/lib/systemd/timers/stamp-", UNIT(t)->id); -+ stamp_path = strjoin("/var/lib/systemd/timers/stamp-", UNIT(t)->id); - } else { - const char *e; - - e = getenv("XDG_DATA_HOME"); - if (e) -- t->stamp_path = strjoin(e, "/systemd/timers/stamp-", UNIT(t)->id); -+ stamp_path = strjoin(e, "/systemd/timers/stamp-", UNIT(t)->id); - else { - - _cleanup_free_ char *h = NULL; -@@ -163,14 +164,14 @@ static int timer_setup_persistent(Timer *t) { - if (r < 0) - return log_unit_error_errno(UNIT(t), r, "Failed to determine home directory: %m"); - -- t->stamp_path = strjoin(h, "/.local/share/systemd/timers/stamp-", UNIT(t)->id); -+ stamp_path = strjoin(h, "/.local/share/systemd/timers/stamp-", UNIT(t)->id); - } - } - -- if (!t->stamp_path) -+ if (!stamp_path) - return log_oom(); - -- return 0; -+ return free_and_replace(t->stamp_path, stamp_path); - } - - static uint64_t timer_get_fixed_delay_hash(Timer *t) { --- -2.33.0 - diff --git a/backport-core-timer-fix-potential-use-after-free.patch b/backport-core-timer-fix-potential-use-after-free.patch deleted file mode 100644 index fc0569e..0000000 --- a/backport-core-timer-fix-potential-use-after-free.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 38410e13ec9b1b67364f2f0af3b27d9e934bcd96 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 10 May 2022 14:10:17 +0900 -Subject: [PATCH] core/timer: fix potential use-after-free - -(cherry picked from commit 756491af392a99c4286d876b0041535e50df80ad) ---- - src/core/timer.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/timer.c b/src/core/timer.c -index 0dc49dd46b..b439802bc2 100644 ---- a/src/core/timer.c -+++ b/src/core/timer.c -@@ -68,7 +68,7 @@ static void timer_done(Unit *u) { - t->monotonic_event_source = sd_event_source_disable_unref(t->monotonic_event_source); - t->realtime_event_source = sd_event_source_disable_unref(t->realtime_event_source); - -- free(t->stamp_path); -+ t->stamp_path = mfree(t->stamp_path); - } - - static int timer_verify(Timer *t) { --- -2.33.0 - diff --git a/backport-core-unit-drop-dependency-to-the-unit-being-merged.patch b/backport-core-unit-drop-dependency-to-the-unit-being-merged.patch deleted file mode 100644 index da217a1..0000000 --- a/backport-core-unit-drop-dependency-to-the-unit-being-merged.patch +++ /dev/null @@ -1,65 +0,0 @@ -From c8b3b524134539846917269ddd644ee93a35623f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 16 Nov 2022 03:08:22 +0900 -Subject: [PATCH] core/unit: drop dependency to the unit being merged - -Fixes a bug in 15ed3c3a188cf7fa5a60ae508fc7a3ed048d2220. - -Fixes #24990. Also, hopefully fixes #24577. ---- - src/core/unit.c | 21 +++++++++++++-------- - 1 file changed, 13 insertions(+), 8 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 36e3afd7fb..1a580157af 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1044,10 +1044,10 @@ static int unit_add_dependency_hashmap( - return unit_per_dependency_type_hashmap_update(per_type, other, origin_mask, destination_mask); - } - --static void unit_merge_dependencies( -- Unit *u, -- Unit *other) { -- -+static void unit_merge_dependencies(Unit *u, Unit *other) { -+ Hashmap *deps; -+ void *dt; /* Actually of type UnitDependency, except that we don't bother casting it here, -+ * since the hashmaps all want it as void pointer. */ - int r; - - assert(u); -@@ -1056,12 +1056,19 @@ static void unit_merge_dependencies( - if (u == other) - return; - -+ /* First, remove dependency to other. */ -+ HASHMAP_FOREACH_KEY(deps, dt, u->dependencies) { -+ if (hashmap_remove(deps, other)) -+ unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); -+ -+ if (hashmap_isempty(deps)) -+ hashmap_free(hashmap_remove(u->dependencies, dt)); -+ } -+ - for (;;) { - _cleanup_(hashmap_freep) Hashmap *other_deps = NULL; - UnitDependencyInfo di_back; - Unit *back; -- void *dt; /* Actually of type UnitDependency, except that we don't bother casting it here, -- * since the hashmaps all want it as void pointer. */ - - /* Let's focus on one dependency type at a time, that 'other' has defined. */ - other_deps = hashmap_steal_first_key_and_value(other->dependencies, &dt); -@@ -1103,8 +1110,6 @@ static void unit_merge_dependencies( - * them per type wholesale. */ - r = hashmap_put(u->dependencies, dt, other_deps); - if (r == -EEXIST) { -- Hashmap *deps; -- - /* The target unit already has dependencies of this type, let's then merge this individually. */ - - assert_se(deps = hashmap_get(u->dependencies, dt)); --- -2.27.0 - diff --git a/backport-core-unit-fix-log-message.patch b/backport-core-unit-fix-log-message.patch deleted file mode 100644 index b6b44e1..0000000 --- a/backport-core-unit-fix-log-message.patch +++ /dev/null @@ -1,112 +0,0 @@ -From ed9911630e4bca844381d7caeb850dad9a9fa122 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 15 Nov 2022 22:59:01 +0900 -Subject: [PATCH] core/unit: fix log message - -As you can see in the below, the dropped dependency Before=issue-24990.service -is not logged, but the dependency Before=test1.service which is not owned by -the units generated by the TEST-26 is logged. - -Before: -systemd[1]: issue-24990.service: Dependency After=test1.service dropped, merged into issue-24990.service -systemd[1]: issue-24990.service: Dependency Before=test1.service dropped, merged into issue-24990.service - -After: -systemd[1]: issue-24990.service: Dependency After=test1.service is dropped, as test1.service is merged into issue-24990.service. -systemd[1]: issue-24990.service: Dependency Before=issue-24990.service in test1.service is dropped, as test1.service is merged into issue-24990.service. ---- - src/core/unit.c | 49 ++++++++++++++++++++++--------------------------- - 1 file changed, 22 insertions(+), 27 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index ea09416be5..988ba8e34a 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -937,29 +937,17 @@ static int unit_reserve_dependencies(Unit *u, Unit *other) { - return 0; - } - --static void unit_maybe_warn_about_dependency( -- Unit *u, -- const char *other_id, -- UnitDependency dependency) { -- -- assert(u); -- -+static bool unit_should_warn_about_dependency(UnitDependency dependency) { - /* Only warn about some unit types */ -- if (!IN_SET(dependency, -- UNIT_CONFLICTS, -- UNIT_CONFLICTED_BY, -- UNIT_BEFORE, -- UNIT_AFTER, -- UNIT_ON_SUCCESS, -- UNIT_ON_FAILURE, -- UNIT_TRIGGERS, -- UNIT_TRIGGERED_BY)) -- return; -- -- if (streq_ptr(u->id, other_id)) -- log_unit_warning(u, "Dependency %s=%s dropped", unit_dependency_to_string(dependency), u->id); -- else -- log_unit_warning(u, "Dependency %s=%s dropped, merged into %s", unit_dependency_to_string(dependency), strna(other_id), u->id); -+ return IN_SET(dependency, -+ UNIT_CONFLICTS, -+ UNIT_CONFLICTED_BY, -+ UNIT_BEFORE, -+ UNIT_AFTER, -+ UNIT_ON_SUCCESS, -+ UNIT_ON_FAILURE, -+ UNIT_TRIGGERS, -+ UNIT_TRIGGERED_BY); - } - - static int unit_per_dependency_type_hashmap_update( -@@ -1057,8 +1045,10 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { - - /* First, remove dependency to other. */ - HASHMAP_FOREACH_KEY(deps, dt, u->dependencies) { -- if (hashmap_remove(deps, other)) -- unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); -+ if (hashmap_remove(deps, other) && unit_should_warn_about_dependency(UNIT_DEPENDENCY_FROM_PTR(dt))) -+ log_unit_warning(u, "Dependency %s=%s is dropped, as %s is merged into %s.", -+ unit_dependency_to_string(UNIT_DEPENDENCY_FROM_PTR(dt)), -+ other->id, other->id, u->id); - - if (hashmap_isempty(deps)) - hashmap_free(hashmap_remove(u->dependencies, dt)); -@@ -1085,7 +1075,11 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { - if (back == u) { - /* This is a dependency pointing back to the unit we want to merge with? - * Suppress it (but warn) */ -- unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); -+ if (unit_should_warn_about_dependency(UNIT_DEPENDENCY_FROM_PTR(dt))) -+ log_unit_warning(u, "Dependency %s=%s in %s is dropped, as %s is merged into %s.", -+ unit_dependency_to_string(UNIT_DEPENDENCY_FROM_PTR(dt)), -+ u->id, other->id, other->id, u->id); -+ - hashmap_remove(other_deps, back); - continue; - } -@@ -3055,7 +3049,6 @@ int unit_add_dependency( - [UNIT_IN_SLICE] = UNIT_SLICE_OF, - [UNIT_SLICE_OF] = UNIT_IN_SLICE, - }; -- Unit *original_u = u, *original_other = other; - UnitDependencyAtom a; - int r; - -@@ -3074,7 +3067,9 @@ int unit_add_dependency( - - /* We won't allow dependencies on ourselves. We will not consider them an error however. */ - if (u == other) { -- unit_maybe_warn_about_dependency(original_u, original_other->id, d); -+ if (unit_should_warn_about_dependency(d)) -+ log_unit_warning(u, "Dependency %s=%s is dropped.", -+ unit_dependency_to_string(d), u->id); - return 0; - } - --- -2.27.0 - diff --git a/backport-core-unit-fix-logic-of-dropping-self-referencing-dep.patch b/backport-core-unit-fix-logic-of-dropping-self-referencing-dep.patch deleted file mode 100644 index 09e19cb..0000000 --- a/backport-core-unit-fix-logic-of-dropping-self-referencing-dep.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 53e0e6ef0eea396bb432cbfc1f2f6ea1272ff1f1 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 15 Nov 2022 23:08:35 +0900 -Subject: [PATCH] core/unit: fix logic of dropping self-referencing - dependencies - -Fixes a bug in 15ed3c3a188cf7fa5a60ae508fc7a3ed048d2220. ---- - src/core/unit.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 1a580157af..a9052428e4 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1131,10 +1131,11 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { - } - } else { - assert_se(r >= 0); -- TAKE_PTR(other_deps); - - if (hashmap_remove(other_deps, u)) - unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); -+ -+ TAKE_PTR(other_deps); - } - } - --- -2.27.0 - diff --git a/backport-core-unit-fix-use-after-free.patch b/backport-core-unit-fix-use-after-free.patch deleted file mode 100644 index 9998e8f..0000000 --- a/backport-core-unit-fix-use-after-free.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 3daae8785764304a65892ddcd548b6aae16c9463 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 9 May 2022 00:56:05 +0900 -Subject: [PATCH] core/unit: fix use-after-free - -Fixes #23312. - -(cherry picked from commit 734582830b58e000a26e18807ea277c18778573c) ---- - src/core/unit.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index af6cf097fc..b233aca28c 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -671,8 +671,8 @@ Unit* unit_free(Unit *u) { - - unit_dequeue_rewatch_pids(u); - -- sd_bus_slot_unref(u->match_bus_slot); -- sd_bus_track_unref(u->bus_track); -+ u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot); -+ u->bus_track = sd_bus_track_unref(u->bus_track); - u->deserialized_refs = strv_free(u->deserialized_refs); - u->pending_freezer_message = sd_bus_message_unref(u->pending_freezer_message); - --- -2.33.0 - diff --git a/backport-core-unit-merge-two-loops-into-one.patch b/backport-core-unit-merge-two-loops-into-one.patch deleted file mode 100644 index 3b792d0..0000000 --- a/backport-core-unit-merge-two-loops-into-one.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 4b7918a65cc2571a2b3fc166229e1b8db463e217 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Nov 2022 12:46:45 +0900 -Subject: [PATCH] core/unit: merge two loops into one - -No functional change, just refactoring. ---- - src/core/unit.c | 47 +++++++++++++++-------------------------------- - 1 file changed, 15 insertions(+), 32 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index a9052428e4..0d52e4bf1a 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1048,7 +1048,6 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { - Hashmap *deps; - void *dt; /* Actually of type UnitDependency, except that we don't bother casting it here, - * since the hashmaps all want it as void pointer. */ -- int r; - - assert(u); - assert(other); -@@ -1075,6 +1074,8 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { - if (!other_deps) - break; /* done! */ - -+ deps = hashmap_get(u->dependencies, dt); -+ - /* Now iterate through all dependencies of this dependency type, of 'other'. We refer to the - * referenced units as 'back'. */ - HASHMAP_FOREACH_KEY(di_back.data, back, other_deps) { -@@ -1085,6 +1086,7 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { - /* This is a dependency pointing back to the unit we want to merge with? - * Suppress it (but warn) */ - unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); -+ hashmap_remove(other_deps, back); - continue; - } - -@@ -1103,40 +1105,21 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { - di_move.origin_mask, - di_move.destination_mask) >= 0); - } -- } - -- /* Now all references towards 'other' of the current type 'dt' are corrected to point to -- * 'u'. Lets's now move the deps of type 'dt' from 'other' to 'u'. First, let's try to move -- * them per type wholesale. */ -- r = hashmap_put(u->dependencies, dt, other_deps); -- if (r == -EEXIST) { - /* The target unit already has dependencies of this type, let's then merge this individually. */ -- -- assert_se(deps = hashmap_get(u->dependencies, dt)); -- -- for (;;) { -- UnitDependencyInfo di_move; -- -- /* Get first dep */ -- di_move.data = hashmap_steal_first_key_and_value(other_deps, (void**) &back); -- if (!di_move.data) -- break; /* done */ -- if (back == u) { -- /* Would point back to us, ignore */ -- unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); -- continue; -- } -- -- assert_se(unit_per_dependency_type_hashmap_update(deps, back, di_move.origin_mask, di_move.destination_mask) >= 0); -- } -- } else { -- assert_se(r >= 0); -- -- if (hashmap_remove(other_deps, u)) -- unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); -- -- TAKE_PTR(other_deps); -+ if (deps) -+ assert_se(unit_per_dependency_type_hashmap_update( -+ deps, -+ back, -+ di_back.origin_mask, -+ di_back.destination_mask) >= 0); - } -+ -+ /* Now all references towards 'other' of the current type 'dt' are corrected to point to 'u'. -+ * Lets's now move the deps of type 'dt' from 'other' to 'u'. If the unit does not have -+ * dependencies of this type, let's move them per type wholesale. */ -+ if (!deps) -+ assert_se(hashmap_put(u->dependencies, dt, TAKE_PTR(other_deps)) >= 0); - } - - other->dependencies = hashmap_free(other->dependencies); --- -2.27.0 - diff --git a/backport-core-unit-merge-unit-names-after-merging-deps.patch b/backport-core-unit-merge-unit-names-after-merging-deps.patch deleted file mode 100644 index ec6e096..0000000 --- a/backport-core-unit-merge-unit-names-after-merging-deps.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 1d0c81a05b1605a5fc3db44d5a157a1d6876eda9 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 16 Nov 2022 03:18:30 +0900 -Subject: [PATCH] core/unit: merge unit names after merging deps - -Before: -systemd[1]: issue-24990.service: Dependency Before=n/a dropped, merged into issue-24990.service -After: -systemd[1]: issue-24990.service: Dependency Before=test1.service dropped, merged into issue-24990.service ---- - src/core/unit.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 0d52e4bf1a..ea09416be5 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1165,11 +1165,6 @@ int unit_merge(Unit *u, Unit *other) { - if (r < 0) - return r; - -- /* Merge names */ -- r = unit_merge_names(u, other); -- if (r < 0) -- return r; -- - /* Redirect all references */ - while (other->refs_by_target) - unit_ref_set(other->refs_by_target, other->refs_by_target->source, u); -@@ -1177,6 +1172,11 @@ int unit_merge(Unit *u, Unit *other) { - /* Merge dependencies */ - unit_merge_dependencies(u, other); - -+ /* Merge names. It is better to do that after merging deps, otherwise the log message contains n/a. */ -+ r = unit_merge_names(u, other); -+ if (r < 0) -+ return r; -+ - other->load_state = UNIT_MERGED; - other->merged_into = u; - --- -2.27.0 - diff --git a/backport-core-unit-use-bus_error_message-at-one-more-place.patch b/backport-core-unit-use-bus_error_message-at-one-more-place.patch deleted file mode 100644 index be4658f..0000000 --- a/backport-core-unit-use-bus_error_message-at-one-more-place.patch +++ /dev/null @@ -1,36 +0,0 @@ -From aa25320dbbc2b239d9f551cffac39263814a3dfa Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 30 Jan 2022 05:38:01 +0900 -Subject: [PATCH] core/unit: use bus_error_message() at one more place - -(cherry picked from commit 33322185554799b08e94aca036dd109aaee52408) -(cherry picked from commit 81e59411161078f4f90d80e2e111755adc16db33) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/aa25320dbbc2b239d9f551cffac39263814a3dfa ---- - src/core/unit.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index dfe200ee20..0e8a01966a 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3422,8 +3422,12 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu - - e = sd_bus_message_get_error(message); - if (e) { -- if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) -- log_unit_error(u, "Unexpected error response from GetNameOwner(): %s", e->message); -+ if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) { -+ r = sd_bus_error_get_errno(e); -+ log_unit_error_errno(u, r, -+ "Unexpected error response from GetNameOwner(): %s", -+ bus_error_message(e, r)); -+ } - - new_owner = NULL; - } else { --- -2.33.0 - diff --git a/backport-core-use-correct-level-for-CPU-time-log-message.patch b/backport-core-use-correct-level-for-CPU-time-log-message.patch deleted file mode 100644 index f4db746..0000000 --- a/backport-core-use-correct-level-for-CPU-time-log-message.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 034a23c640c74856df76b3af5fdc4af5cb48256b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= -Date: Mon, 6 Dec 2021 16:57:42 +0100 -Subject: [PATCH] core: use correct level for CPU time log message - -raise_level() takes the info condition as second argument and the notice -one as third. For the consumed CPU time these conditions are swapped. - -Fixes: 37109b856aeb ("pid1: use LOG_DEBUG/INFO/NOTICE for unit resource consumption message") -(cherry picked from commit ef6bb4dd3e3bb9c210c310026b4d827a46acc762) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/034a23c640c74856df76b3af5fdc4af5cb48256b ---- - src/core/unit.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index c792bd8e82..dfe200ee20 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -2296,8 +2296,8 @@ static int unit_log_resources(Unit *u) { - message_parts[n_message_parts++] = t; - - log_level = raise_level(log_level, -- nsec > NOTICEWORTHY_CPU_NSEC, -- nsec > MENTIONWORTHY_CPU_NSEC); -+ nsec > MENTIONWORTHY_CPU_NSEC, -+ nsec > NOTICEWORTHY_CPU_NSEC); - } - - for (CGroupIOAccountingMetric k = 0; k < _CGROUP_IO_ACCOUNTING_METRIC_MAX; k++) { --- -2.33.0 - diff --git a/backport-core-use-the-new-quoting-helper.patch b/backport-core-use-the-new-quoting-helper.patch deleted file mode 100644 index e2d969e..0000000 --- a/backport-core-use-the-new-quoting-helper.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 284781bcb00be27737b52ffb974b66b7d5e990d5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 16:28:19 +0200 -Subject: [PATCH] core: use the new quoting helper - -(cherry picked from commit 8a62620ebe23945021075df7e1b0759102c286ae) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/284781bcb00be27737b52ffb974b66b7d5e990d5 ---- - src/core/execute.c | 64 ++++++++++------------------------------------ - 1 file changed, 13 insertions(+), 51 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index e24775c150..28efe5c36f 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -51,6 +51,7 @@ - #include "env-file.h" - #include "env-util.h" - #include "errno-list.h" -+#include "escape.h" - #include "execute.h" - #include "exit-status.h" - #include "fd-util.h" -@@ -3596,8 +3597,6 @@ static int compile_suggested_paths(const ExecContext *c, const ExecParameters *p - return 0; - } - --static char *exec_command_line(char **argv); -- - static int exec_parameters_get_cgroup_path(const ExecParameters *params, char **ret) { - bool using_subcgroup; - char *p; -@@ -3800,7 +3799,7 @@ static int exec_child( - const char *vc = params->confirm_spawn; - _cleanup_free_ char *cmdline = NULL; - -- cmdline = exec_command_line(command->argv); -+ cmdline = quote_command_line(command->argv); - if (!cmdline) { - *exit_status = EXIT_MEMORY; - return log_oom(); -@@ -4650,12 +4649,15 @@ static int exec_child( - if (DEBUG_LOGGING) { - _cleanup_free_ char *line = NULL; - -- line = exec_command_line(final_argv); -- if (line) -- log_unit_struct(unit, LOG_DEBUG, -- "EXECUTABLE=%s", executable, -- LOG_UNIT_MESSAGE(unit, "Executing: %s", line), -- LOG_UNIT_INVOCATION_ID(unit)); -+ line = quote_command_line(final_argv); -+ if (!line) { -+ *exit_status = EXIT_MEMORY; -+ return log_oom(); -+ } -+ -+ log_unit_struct(unit, LOG_DEBUG, -+ "EXECUTABLE=%s", executable, -+ LOG_UNIT_MESSAGE(unit, "Executing: %s", line)); - } - - if (exec_fd >= 0) { -@@ -4739,7 +4741,7 @@ int exec_spawn(Unit *unit, - if (r < 0) - return log_unit_error_errno(unit, r, "Failed to load environment files: %m"); - -- line = exec_command_line(command->argv); -+ line = quote_command_line(command->argv); - if (!line) - return log_oom(); - -@@ -5954,46 +5956,6 @@ void exec_status_dump(const ExecStatus *s, FILE *f, const char *prefix) { - prefix, s->status); - } - --static char *exec_command_line(char **argv) { -- size_t k; -- char *n, *p, **a; -- bool first = true; -- -- assert(argv); -- -- k = 1; -- STRV_FOREACH(a, argv) -- k += strlen(*a)+3; -- -- n = new(char, k); -- if (!n) -- return NULL; -- -- p = n; -- STRV_FOREACH(a, argv) { -- -- if (!first) -- *(p++) = ' '; -- else -- first = false; -- -- if (strpbrk(*a, WHITESPACE)) { -- *(p++) = '\''; -- p = stpcpy(p, *a); -- *(p++) = '\''; -- } else -- p = stpcpy(p, *a); -- -- } -- -- *p = 0; -- -- /* FIXME: this doesn't really handle arguments that have -- * spaces and ticks in them */ -- -- return n; --} -- - static void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) { - _cleanup_free_ char *cmd = NULL; - const char *prefix2; -@@ -6004,7 +5966,7 @@ static void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) { - prefix = strempty(prefix); - prefix2 = strjoina(prefix, "\t"); - -- cmd = exec_command_line(c->argv); -+ cmd = quote_command_line(c->argv); - fprintf(f, - "%sCommand Line: %s\n", - prefix, cmd ? cmd : strerror_safe(ENOMEM)); --- -2.33.0 - diff --git a/backport-core-wrap-cgroup-path-with-empty_to_root-in-log-mess.patch b/backport-core-wrap-cgroup-path-with-empty_to_root-in-log-mess.patch deleted file mode 100644 index 729a427..0000000 --- a/backport-core-wrap-cgroup-path-with-empty_to_root-in-log-mess.patch +++ /dev/null @@ -1,261 +0,0 @@ -From 24a40953d3d6ad8b1429d19da2f66399ae3f7e0b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 5 Aug 2021 03:14:41 +0900 -Subject: [PATCH] core: wrap cgroup path with empty_to_root() in log messages - -This fixes e.g. the following log message: ---- -systemd[1]: -.slice: Failed to migrate controller cgroups from , ignoring: Read-only file system ---- - -(cherry picked from commit 6178e2f88956e1900f445908ed053865cc22e879) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/24a40953d3d6ad8b1429d19da2f66399ae3f7e0b ---- - src/core/bpf-devices.c | 3 ++- - src/core/cgroup.c | 46 +++++++++++++++++++++--------------------- - src/core/unit.c | 6 +++--- - 3 files changed, 28 insertions(+), 27 deletions(-) - -diff --git a/src/core/bpf-devices.c b/src/core/bpf-devices.c -index 8a345a4498..4daa7f76b0 100644 ---- a/src/core/bpf-devices.c -+++ b/src/core/bpf-devices.c -@@ -9,6 +9,7 @@ - #include "fileio.h" - #include "nulstr-util.h" - #include "parse-util.h" -+#include "path-util.h" - #include "stat-util.h" - #include "stdio-util.h" - #include "string-util.h" -@@ -260,7 +261,7 @@ int bpf_devices_apply_policy( - r = bpf_program_cgroup_attach(prog, BPF_CGROUP_DEVICE, controller_path, BPF_F_ALLOW_MULTI); - if (r < 0) - return log_error_errno(r, "Attaching device control BPF program to cgroup %s failed: %m", -- cgroup_path); -+ empty_to_root(cgroup_path)); - - finish: - /* Unref the old BPF program (which will implicitly detach it) right before attaching the new program. */ -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index eab0929dc5..3a6f768c60 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -84,7 +84,7 @@ static int set_attribute_and_warn(Unit *u, const char *controller, const char *a - r = cg_set_attribute(controller, u->cgroup_path, attribute, value); - if (r < 0) - log_unit_full_errno(u, LOG_LEVEL_CGROUP_WRITE(r), r, "Failed to set '%s' attribute on '%s' to '%.*s': %m", -- strna(attribute), isempty(u->cgroup_path) ? "/" : u->cgroup_path, (int) strcspn(value, NEWLINE), value); -+ strna(attribute), empty_to_root(u->cgroup_path), (int) strcspn(value, NEWLINE), value); - - return r; - } -@@ -713,25 +713,25 @@ void cgroup_oomd_xattr_apply(Unit *u, const char *cgroup_path) { - if (c->moom_preference == MANAGED_OOM_PREFERENCE_OMIT) { - r = cg_set_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_omit", "1", 1, 0); - if (r < 0) -- log_unit_debug_errno(u, r, "Failed to set oomd_omit flag on control group %s, ignoring: %m", cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to set oomd_omit flag on control group %s, ignoring: %m", empty_to_root(cgroup_path)); - } - - if (c->moom_preference == MANAGED_OOM_PREFERENCE_AVOID) { - r = cg_set_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_avoid", "1", 1, 0); - if (r < 0) -- log_unit_debug_errno(u, r, "Failed to set oomd_avoid flag on control group %s, ignoring: %m", cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to set oomd_avoid flag on control group %s, ignoring: %m", empty_to_root(cgroup_path)); - } - - if (c->moom_preference != MANAGED_OOM_PREFERENCE_AVOID) { - r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_avoid"); - if (r < 0 && r != -ENODATA) -- log_unit_debug_errno(u, r, "Failed to remove oomd_avoid flag on control group %s, ignoring: %m", cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to remove oomd_avoid flag on control group %s, ignoring: %m", empty_to_root(cgroup_path)); - } - - if (c->moom_preference != MANAGED_OOM_PREFERENCE_OMIT) { - r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_omit"); - if (r < 0 && r != -ENODATA) -- log_unit_debug_errno(u, r, "Failed to remove oomd_omit flag on control group %s, ignoring: %m", cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to remove oomd_omit flag on control group %s, ignoring: %m", empty_to_root(cgroup_path)); - } - } - -@@ -750,7 +750,7 @@ static void cgroup_xattr_apply(Unit *u) { - sd_id128_to_string(u->invocation_id, ids), 32, - 0); - if (r < 0) -- log_unit_debug_errno(u, r, "Failed to set invocation ID on control group %s, ignoring: %m", u->cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to set invocation ID on control group %s, ignoring: %m", empty_to_root(u->cgroup_path)); - } - - if (unit_cgroup_delegate(u)) { -@@ -759,11 +759,11 @@ static void cgroup_xattr_apply(Unit *u) { - "1", 1, - 0); - if (r < 0) -- log_unit_debug_errno(u, r, "Failed to set delegate flag on control group %s, ignoring: %m", u->cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to set delegate flag on control group %s, ignoring: %m", empty_to_root(u->cgroup_path)); - } else { - r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, "trusted.delegate"); - if (r < 0 && r != -ENODATA) -- log_unit_debug_errno(u, r, "Failed to remove delegate flag on control group %s, ignoring: %m", u->cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to remove delegate flag on control group %s, ignoring: %m", empty_to_root(u->cgroup_path)); - } - - cgroup_oomd_xattr_apply(u, u->cgroup_path); -@@ -1921,12 +1921,12 @@ int unit_watch_cgroup(Unit *u) { - * is not an error */ - return 0; - -- return log_unit_error_errno(u, errno, "Failed to add control inotify watch descriptor for control group %s: %m", u->cgroup_path); -+ return log_unit_error_errno(u, errno, "Failed to add control inotify watch descriptor for control group %s: %m", empty_to_root(u->cgroup_path)); - } - - r = hashmap_put(u->manager->cgroup_control_inotify_wd_unit, INT_TO_PTR(u->cgroup_control_inotify_wd), u); - if (r < 0) -- return log_unit_error_errno(u, r, "Failed to add control inotify watch descriptor to hash map: %m"); -+ return log_unit_error_errno(u, r, "Failed to add control inotify watch descriptor for control group %s to hash map: %m", empty_to_root(u->cgroup_path)); - - return 0; - } -@@ -1984,12 +1984,12 @@ int unit_watch_cgroup_memory(Unit *u) { - * is not an error */ - return 0; - -- return log_unit_error_errno(u, errno, "Failed to add memory inotify watch descriptor for control group %s: %m", u->cgroup_path); -+ return log_unit_error_errno(u, errno, "Failed to add memory inotify watch descriptor for control group %s: %m", empty_to_root(u->cgroup_path)); - } - - r = hashmap_put(u->manager->cgroup_memory_inotify_wd_unit, INT_TO_PTR(u->cgroup_memory_inotify_wd), u); - if (r < 0) -- return log_unit_error_errno(u, r, "Failed to add memory inotify watch descriptor to hash map: %m"); -+ return log_unit_error_errno(u, r, "Failed to add memory inotify watch descriptor for control group %s to hash map: %m", empty_to_root(u->cgroup_path)); - - return 0; - } -@@ -2012,9 +2012,9 @@ int unit_pick_cgroup_path(Unit *u) { - - r = unit_set_cgroup_path(u, path); - if (r == -EEXIST) -- return log_unit_error_errno(u, r, "Control group %s exists already.", path); -+ return log_unit_error_errno(u, r, "Control group %s exists already.", empty_to_root(path)); - if (r < 0) -- return log_unit_error_errno(u, r, "Failed to set unit's control group path to %s: %m", path); -+ return log_unit_error_errno(u, r, "Failed to set unit's control group path to %s: %m", empty_to_root(path)); - - return 0; - } -@@ -2042,7 +2042,7 @@ static int unit_update_cgroup( - /* First, create our own group */ - r = cg_create_everywhere(u->manager->cgroup_supported, target_mask, u->cgroup_path); - if (r < 0) -- return log_unit_error_errno(u, r, "Failed to create cgroup %s: %m", u->cgroup_path); -+ return log_unit_error_errno(u, r, "Failed to create cgroup %s: %m", empty_to_root(u->cgroup_path)); - created = r; - - /* Start watching it */ -@@ -2058,7 +2058,7 @@ static int unit_update_cgroup( - /* Enable all controllers we need */ - r = cg_enable_everywhere(u->manager->cgroup_supported, enable_mask, u->cgroup_path, &result_mask); - if (r < 0) -- log_unit_warning_errno(u, r, "Failed to enable/disable controllers on cgroup %s, ignoring: %m", u->cgroup_path); -+ log_unit_warning_errno(u, r, "Failed to enable/disable controllers on cgroup %s, ignoring: %m", empty_to_root(u->cgroup_path)); - - /* Remember what's actually enabled now */ - u->cgroup_enabled_mask = result_mask; -@@ -2080,12 +2080,12 @@ static int unit_update_cgroup( - if (cg_all_unified() == 0) { - r = cg_migrate_v1_controllers(u->manager->cgroup_supported, migrate_mask, u->cgroup_path, migrate_callback, u); - if (r < 0) -- log_unit_warning_errno(u, r, "Failed to migrate controller cgroups from %s, ignoring: %m", u->cgroup_path); -+ log_unit_warning_errno(u, r, "Failed to migrate controller cgroups from %s, ignoring: %m", empty_to_root(u->cgroup_path)); - - is_root_slice = unit_has_name(u, SPECIAL_ROOT_SLICE); - r = cg_trim_v1_controllers(u->manager->cgroup_supported, ~target_mask, u->cgroup_path, !is_root_slice); - if (r < 0) -- log_unit_warning_errno(u, r, "Failed to delete controller cgroups %s, ignoring: %m", u->cgroup_path); -+ log_unit_warning_errno(u, r, "Failed to delete controller cgroups %s, ignoring: %m", empty_to_root(u->cgroup_path)); - } - - /* Set attributes */ -@@ -2175,7 +2175,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - - log_unit_full_errno(u, again ? LOG_DEBUG : LOG_INFO, q, - "Couldn't move process "PID_FMT" to%s requested cgroup '%s': %m", -- pid, again ? " directly" : "", p); -+ pid, again ? " directly" : "", empty_to_root(p)); - - if (again) { - int z; -@@ -2187,7 +2187,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - - z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path); - if (z < 0) -- log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, p); -+ log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, empty_to_root(p)); - else - continue; /* When the bus thing worked via the bus we are fully done for this PID. */ - } -@@ -2221,7 +2221,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - continue; /* Success! */ - - log_unit_debug_errno(u, q, "Failed to attach PID " PID_FMT " to requested cgroup %s in controller %s, falling back to unit's cgroup: %m", -- pid, p, cgroup_controller_to_string(c)); -+ pid, empty_to_root(p), cgroup_controller_to_string(c)); - } - - /* So this controller is either not delegate or realized, or something else weird happened. In -@@ -2656,7 +2656,7 @@ void unit_prune_cgroup(Unit *u) { - * the containing slice is stopped. So even if we failed now, this unit shouldn't assume - * that the cgroup is still realized the next time it is started. Do not return early - * on error, continue cleanup. */ -- log_unit_full_errno(u, r == -EBUSY ? LOG_DEBUG : LOG_WARNING, r, "Failed to destroy cgroup %s, ignoring: %m", u->cgroup_path); -+ log_unit_full_errno(u, r == -EBUSY ? LOG_DEBUG : LOG_WARNING, r, "Failed to destroy cgroup %s, ignoring: %m", empty_to_root(u->cgroup_path)); - - if (is_root_slice) - return; -@@ -2869,7 +2869,7 @@ void unit_add_to_cgroup_empty_queue(Unit *u) { - - r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path); - if (r < 0) { -- log_unit_debug_errno(u, r, "Failed to determine whether cgroup %s is empty: %m", u->cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to determine whether cgroup %s is empty: %m", empty_to_root(u->cgroup_path)); - return; - } - if (r == 0) -diff --git a/src/core/unit.c b/src/core/unit.c -index 30afd5a776..47966bcf0d 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -427,7 +427,7 @@ bool unit_may_gc(Unit *u) { - - r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path); - if (r < 0) -- log_unit_debug_errno(u, r, "Failed to determine whether cgroup %s is empty: %m", u->cgroup_path); -+ log_unit_debug_errno(u, r, "Failed to determine whether cgroup %s is empty: %m", empty_to_root(u->cgroup_path)); - if (r <= 0) - return false; - } -@@ -4553,7 +4553,7 @@ int unit_kill_context( - log_func, u); - if (r < 0) { - if (!IN_SET(r, -EAGAIN, -ESRCH, -ENOENT)) -- log_unit_warning_errno(u, r, "Failed to kill control group %s, ignoring: %m", u->cgroup_path); -+ log_unit_warning_errno(u, r, "Failed to kill control group %s, ignoring: %m", empty_to_root(u->cgroup_path)); - - } else if (r > 0) { - -@@ -5011,7 +5011,7 @@ int unit_fork_helper_process(Unit *u, const char *name, pid_t *ret) { - if (u->cgroup_path) { - r = cg_attach_everywhere(u->manager->cgroup_supported, u->cgroup_path, 0, NULL, NULL); - if (r < 0) { -- log_unit_error_errno(u, r, "Failed to join unit cgroup %s: %m", u->cgroup_path); -+ log_unit_error_errno(u, r, "Failed to join unit cgroup %s: %m", empty_to_root(u->cgroup_path)); - _exit(EXIT_CGROUP); - } - } --- -2.33.0 - diff --git a/backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch b/backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch deleted file mode 100644 index f6f3bcb..0000000 --- a/backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 098a25754b0835ffe078b12f75a1862cf528a986 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 15 Jul 2022 01:49:25 +0200 -Subject: [PATCH] coredump: Connect stdout/stderr to /dev/null before doing - anything - -When invoked as the coredump handler by the kernel, systemd-coredump's -stdout and stderr streams are closed. This is dangerous as this means -the fd's can get reallocated, leading to hard to debug errors such as -log messages ending up being appended to a compressed coredump file. - -To avoid such issues in the future, let's bind stdout/stderr to -/dev/null so the file descriptors can't get used for anything else. - -(cherry picked from commit 1f9d2a8199c261593aa6a11df9cce5d31e23c714) -(cherry picked from commit fba50bc0fc5a69e5573ceadb5d6224f365d3c3f5) -(cherry picked from commit 3e1224d4ac3f44558c7bc3ceec2d6080afe21dc3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/098a25754b0835ffe078b12f75a1862cf528a986 ---- - src/coredump/coredump.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c -index c6639c0100..72df958bc3 100644 ---- a/src/coredump/coredump.c -+++ b/src/coredump/coredump.c -@@ -1268,6 +1268,13 @@ static int process_kernel(int argc, char* argv[]) { - struct iovec_wrapper *iovw; - int r; - -+ /* When we're invoked by the kernel, stdout/stderr are closed which is dangerous because the fds -+ * could get reallocated. To avoid hard to debug issues, let's instead bind stdout/stderr to -+ * /dev/null. */ -+ r = rearrange_stdio(STDIN_FILENO, -1, -1); -+ if (r < 0) -+ return log_error_errno(r, "Failed to connect stdout/stderr to /dev/null: %m"); -+ - log_debug("Processing coredump received from the kernel..."); - - iovw = iovw_new(); --- -2.27.0 - diff --git a/backport-coredump-Don-t-log-an-error-if-D-Bus-isn-t-running.patch b/backport-coredump-Don-t-log-an-error-if-D-Bus-isn-t-running.patch deleted file mode 100644 index eddefb4..0000000 --- a/backport-coredump-Don-t-log-an-error-if-D-Bus-isn-t-running.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 6745eaa6308b835e2c5e68d49e9bece29fd37fa2 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 6 Oct 2021 13:20:36 +0100 -Subject: [PATCH] coredump: Don't log an error if D-Bus isn't running - -coredumpctl could be used in a chroot where D-Bus isn't running. If -that's the case, we shouldn't consider it an error if we can't connect -to the D-Bus daemon so let's reduce the severity of the error we log -when we can't connect to D-Bus because the socket doesn't exist. - -(cherry picked from commit 414bd2e786f9912f51b82e5fe4a1126179a5652a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6745eaa6308b835e2c5e68d49e9bece29fd37fa2 ---- - src/coredump/coredumpctl.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/coredump/coredumpctl.c b/src/coredump/coredumpctl.c -index def3650bb4..3d44e51e32 100644 ---- a/src/coredump/coredumpctl.c -+++ b/src/coredump/coredumpctl.c -@@ -1186,6 +1186,10 @@ static int check_units_active(void) { - return false; - - r = sd_bus_default_system(&bus); -+ if (r == -ENOENT) { -+ log_debug("D-Bus is not running, skipping active unit check"); -+ return 0; -+ } - if (r < 0) - return log_error_errno(r, "Failed to acquire bus: %m"); - --- -2.33.0 - diff --git a/backport-coredump-Fix-format-string-type-mismatch.patch b/backport-coredump-Fix-format-string-type-mismatch.patch deleted file mode 100644 index ae3e024..0000000 --- a/backport-coredump-Fix-format-string-type-mismatch.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 08e86b15fc22a8e9f1ee0a791dfd35b2fc25e4c4 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Sun, 22 May 2022 14:36:07 +0200 -Subject: [PATCH] coredump: Fix format string type mismatch - -Fixes #23471 - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/08e86b15fc22a8e9f1ee0a791dfd35b2fc25e4c4 - ---- - src/coredump/coredump.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c -index c9747416ad..994d968d87 100644 ---- a/src/coredump/coredump.c -+++ b/src/coredump/coredump.c -@@ -512,8 +512,8 @@ static int save_external_coredump( - - if (truncated) - log_struct(LOG_INFO, -- LOG_MESSAGE("Core file was truncated to %zu bytes.", max_size), -- "SIZE_LIMIT=%zu", max_size, -+ LOG_MESSAGE("Core file was truncated to %"PRIu64" bytes.", max_size), -+ "SIZE_LIMIT=%"PRIu64, max_size, - "MESSAGE_ID=" SD_MESSAGE_TRUNCATED_CORE_STR); - - r = fix_permissions(fd, tmp, fn, context, uid); --- -2.33.0 - diff --git a/backport-coredump-drop-an-unused-variable.patch b/backport-coredump-drop-an-unused-variable.patch deleted file mode 100644 index 8f3af80..0000000 --- a/backport-coredump-drop-an-unused-variable.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 9abe4cfc39579037937c63602ce8fe4f51746d38 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Sat, 20 Aug 2022 21:04:24 +0200 -Subject: [PATCH] coredump: drop an unused variable - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9abe4cfc39579037937c63602ce8fe4f51746d38 - ---- - src/coredump/coredump.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c -index 3ec41a32c3..98e7492811 100644 ---- a/src/coredump/coredump.c -+++ b/src/coredump/coredump.c -@@ -931,7 +931,6 @@ log: - } - - static int save_context(Context *context, const struct iovec_wrapper *iovw) { -- unsigned count = 0; - const char *unit; - int r; - -@@ -955,7 +954,6 @@ static int save_context(Context *context, const struct iovec_wrapper *iovw) { - p = startswith(iovec->iov_base, meta_field_names[i]); - if (p) { - context->meta[i] = p; -- count++; - break; - } - } --- -2.33.0 - diff --git a/backport-coredump-fix-filename-in-journal-when-not-compressed.patch b/backport-coredump-fix-filename-in-journal-when-not-compressed.patch deleted file mode 100644 index c328f72..0000000 --- a/backport-coredump-fix-filename-in-journal-when-not-compressed.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 01cf580c235ac4725051e6101ce5bcef1b97cc48 Mon Sep 17 00:00:00 2001 -From: xdavidwu -Date: Fri, 5 Nov 2021 22:37:06 +0800 -Subject: [PATCH] coredump: fix filename in journal when not compressed - -Since 587f2a5e564cf434c2e0a653f52b8f73e86092d8, filename for -not-compressed coredump is missing from save_external_coredump, making -it write COREDUMP_FILENAME= (empty) in journal, making `coredumpctl` -report it missing but it is actually saved. -This fixes it. - -(cherry picked from commit 0cfb0971f0fcd345cae76f6837d9801b6cbde407) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/01cf580c235ac4725051e6101ce5bcef1b97cc48 ---- - src/coredump/coredump.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c -index 444b9ec374..1e34c4b5be 100644 ---- a/src/coredump/coredump.c -+++ b/src/coredump/coredump.c -@@ -525,6 +525,7 @@ static int save_external_coredump( - if (lseek(fd, 0, SEEK_SET) == (off_t) -1) - return log_error_errno(errno, "Failed to seek on coredump %s: %m", fn); - -+ *ret_filename = TAKE_PTR(fn); - *ret_data_fd = TAKE_FD(fd); - *ret_size = (uint64_t) st.st_size; - *ret_truncated = truncated; --- -2.33.0 - diff --git a/backport-coredump-stacktrace.c-avoid-crash-on-binaries-withou.patch b/backport-coredump-stacktrace.c-avoid-crash-on-binaries-withou.patch deleted file mode 100644 index ef501bb..0000000 --- a/backport-coredump-stacktrace.c-avoid-crash-on-binaries-withou.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 765c366274db3ff841da237769f2b20a4ec3a045 Mon Sep 17 00:00:00 2001 -From: Sergei Trofimovich -Date: Sat, 31 Jul 2021 13:07:54 +0100 -Subject: [PATCH] coredump/stacktrace.c: avoid crash on binaries without NHDR - -Observed as a crash on binaries built with gcc-master: - -``` - 3 0x00005573b8841d6a in parse_package_metadata (name=name@entry=0x5573b901a620 "/a", id_json=0x0, - elf=0x5573b9028730, c=c@entry=0x7fffc688f790) at ../systemd-stable-249.2/src/coredump/stacktrace.c:157 - 4 0x00005573b884209e in module_callback (mod=0x7fffc688f6c0, userdata=, - name=0x5573b901a620 "/a", start=, arg=0x7fffc688f790) - at ../systemd-stable-249.2/src/coredump/stacktrace.c:306 - 5 0x00007f56d60dcbd5 in dwfl_getmodules (dwfl=0x5573b901fda0, - callback=callback@entry=0x5573b8841eb0 , arg=arg@entry=0x7fffc688f790, offset=offset@entry=0) - at ../../elfutils-0.185/libdwfl/dwfl_getmodules.c:86 - 6 0x00005573b884231b in parse_core (ret_package_metadata=0x7fffc688f848, ret=0x7fffc688f850, - executable=0x7fffc688f790 "\200\332\001\271sU", fd=21) at ../systemd-stable-249.2/src/coredump/stacktrace.c:366 - 7 coredump_parse_core (fd=fd@entry=6, executable=0x7fffc688f790 "\200\332\001\271sU", ret=ret@entry=0x7fffc688f850, - ret_package_metadata=ret_package_metadata@entry=0x7fffc688f848) - at ../systemd-stable-249.2/src/coredump/stacktrace.c:406 - 8 0x00005573b883f897 in submit_coredump (context=context@entry=0x7fffc688fa10, iovw=iovw@entry=0x7fffc688f990, - input_fd=input_fd@entry=5) at ../systemd-stable-249.2/src/coredump/coredump.c:827 - 9 0x00005573b883d339 in process_socket (fd=3) at ../systemd-stable-249.2/src/coredump/coredump.c:1041 - 10 run (argv=, argc=-964101648) at ../systemd-stable-249.2/src/coredump/coredump.c:1416 - 11 main (argc=-964101648, argv=) at ../systemd-stable-249.2/src/coredump/coredump.c:1422 -``` - -Happens only on enabled elfutils symbolizer. - -Signed-off-by: Sergei Trofimovich -(cherry picked from commit 1da3eef262078905ec14c707eeab655a17ae8bd2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/765c366274db3ff841da237769f2b20a4ec3a045 ---- - src/coredump/stacktrace.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/coredump/stacktrace.c b/src/coredump/stacktrace.c -index 0edb1b40a7..e46b324cdf 100644 ---- a/src/coredump/stacktrace.c -+++ b/src/coredump/stacktrace.c -@@ -153,6 +153,8 @@ static int parse_package_metadata(const char *name, JsonVariant *id_json, Elf *e - program_header->p_offset, - program_header->p_filesz, - ELF_T_NHDR); -+ if (!data) -+ continue; - - while (note_offset < data->d_size && - (note_offset = gelf_getnote(data, note_offset, ¬e_header, &name_offset, &desc_offset)) > 0) { --- -2.33.0 - diff --git a/backport-coredumpctl-stop-truncating-information-about-coredu.patch b/backport-coredumpctl-stop-truncating-information-about-coredu.patch deleted file mode 100644 index 072fb9a..0000000 --- a/backport-coredumpctl-stop-truncating-information-about-coredu.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 473627e1c9fcdf8f819ced2bb79cb7e9ff598b0c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 12 Oct 2021 19:46:25 +0200 -Subject: [PATCH] coredumpctl: stop truncating information about coredump -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -With the changes to limit that print 'Found module …' over and over, we were -hitting the journal field message limit, effectively truncating the info output. - -Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1998488. - -(cherry picked from commit 384c6207669eb0d92aa0043dbc01957c6c7ff41e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/473627e1c9fcdf8f819ced2bb79cb7e9ff598b0c ---- - src/coredump/coredumpctl.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/coredump/coredumpctl.c b/src/coredump/coredumpctl.c -index 3d44e51e32..7eba8330d7 100644 ---- a/src/coredump/coredumpctl.c -+++ b/src/coredump/coredumpctl.c -@@ -555,6 +555,8 @@ static int print_info(FILE *file, sd_journal *j, bool need_space) { - assert(file); - assert(j); - -+ (void) sd_journal_set_data_threshold(j, 0); -+ - SD_JOURNAL_FOREACH_DATA(j, d, l) { - RETRIEVE(d, l, "MESSAGE_ID", mid); - RETRIEVE(d, l, "COREDUMP_PID", pid); --- -2.33.0 - diff --git a/backport-creds-util-switch-to-OpenSSL-3.0-APIs.patch b/backport-creds-util-switch-to-OpenSSL-3.0-APIs.patch deleted file mode 100644 index e63c2e8..0000000 --- a/backport-creds-util-switch-to-OpenSSL-3.0-APIs.patch +++ /dev/null @@ -1,995 +0,0 @@ -From 5f4862e5e1cd2a7ef302947b8634f7980e8d6275 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 Sep 2021 09:47:08 +0200 -Subject: [PATCH] creds-util: switch to OpenSSL 3.0 APIs - -Let's switch from the low-level SHA256 APIs to EVP APIs. The former are -deprecated on OpenSSL 3.0, the latter are supported both by old -OpenSSL and by OpenSSL 3.0, hence are the better choice. - -Fixes: #20775 -(cherry picked from commit 18f568b8e64b48f6aee204cc6384b4796cd27eb0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5f4862e5e1cd2a7ef302947b8634f7980e8d6275 ---- - src/shared/creds-util.c | 954 ++++++++++++++++++++++++++++++++++++++ - src/shared/openssl-util.h | 1 + - 2 files changed, 955 insertions(+) - create mode 100644 src/shared/creds-util.c - -diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c -new file mode 100644 -index 0000000000..b764198b76 ---- /dev/null -+++ b/src/shared/creds-util.c -@@ -0,0 +1,954 @@ -+/* SPDX-License-Identifier: LGPL-2.1-or-later */ -+ -+#include -+ -+#if HAVE_OPENSSL -+#include -+#endif -+ -+#include "sd-id128.h" -+ -+#include "blockdev-util.h" -+#include "chattr-util.h" -+#include "creds-util.h" -+#include "env-util.h" -+#include "fd-util.h" -+#include "fileio.h" -+#include "fs-util.h" -+#include "io-util.h" -+#include "memory-util.h" -+#include "mkdir.h" -+#include "openssl-util.h" -+#include "path-util.h" -+#include "random-util.h" -+#include "sparse-endian.h" -+#include "stat-util.h" -+#include "tpm2-util.h" -+#include "virt.h" -+ -+bool credential_name_valid(const char *s) { -+ /* We want that credential names are both valid in filenames (since that's our primary way to pass -+ * them around) and as fdnames (which is how we might want to pass them around eventually) */ -+ return filename_is_valid(s) && fdname_is_valid(s); -+} -+ -+int get_credentials_dir(const char **ret) { -+ const char *e; -+ -+ assert(ret); -+ -+ e = secure_getenv("CREDENTIALS_DIRECTORY"); -+ if (!e) -+ return -ENXIO; -+ -+ if (!path_is_absolute(e) || !path_is_normalized(e)) -+ return -EINVAL; -+ -+ *ret = e; -+ return 0; -+} -+ -+int read_credential(const char *name, void **ret, size_t *ret_size) { -+ _cleanup_free_ char *fn = NULL; -+ const char *d; -+ int r; -+ -+ assert(ret); -+ -+ if (!credential_name_valid(name)) -+ return -EINVAL; -+ -+ r = get_credentials_dir(&d); -+ if (r < 0) -+ return r; -+ -+ fn = path_join(d, name); -+ if (!fn) -+ return -ENOMEM; -+ -+ return read_full_file_full( -+ AT_FDCWD, fn, -+ UINT64_MAX, SIZE_MAX, -+ READ_FULL_FILE_SECURE, -+ NULL, -+ (char**) ret, ret_size); -+} -+ -+#if HAVE_OPENSSL -+ -+#define CREDENTIAL_HOST_SECRET_SIZE 4096 -+ -+static const sd_id128_t credential_app_id = -+ SD_ID128_MAKE(d3,ac,ec,ba,0d,ad,4c,df,b8,c9,38,15,28,93,6c,58); -+ -+struct credential_host_secret_format { -+ /* The hashed machine ID of the machine this belongs to. Why? We want to ensure that each machine -+ * gets its own secret, even if people forget to flush out this secret file. Hence we bind it to the -+ * machine ID, for which there's hopefully a better chance it will be flushed out. We use a hashed -+ * machine ID instead of the literal one, because it's trivial to, and it might be a good idea not -+ * being able to directly associate a secret key file with a host. */ -+ sd_id128_t machine_id; -+ -+ /* The actual secret key */ -+ uint8_t data[CREDENTIAL_HOST_SECRET_SIZE]; -+} _packed_; -+ -+static int make_credential_host_secret( -+ int dfd, -+ const sd_id128_t machine_id, -+ const char *fn, -+ void **ret_data, -+ size_t *ret_size) { -+ -+ struct credential_host_secret_format buf; -+ _cleanup_free_ char *t = NULL; -+ _cleanup_close_ int fd = -1; -+ int r; -+ -+ assert(dfd >= 0); -+ assert(fn); -+ -+ fd = openat(dfd, ".", O_CLOEXEC|O_WRONLY|O_TMPFILE, 0400); -+ if (fd < 0) { -+ log_debug_errno(errno, "Failed to create temporary credential file with O_TMPFILE, proceeding without: %m"); -+ -+ if (asprintf(&t, "credential.secret.%016" PRIx64, random_u64()) < 0) -+ return -ENOMEM; -+ -+ fd = openat(dfd, t, O_CLOEXEC|O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW, 0400); -+ if (fd < 0) -+ return -errno; -+ } -+ -+ r = chattr_secret(fd, 0); -+ if (r < 0) -+ log_debug_errno(r, "Failed to set file attributes for secrets file, ignoring: %m"); -+ -+ buf = (struct credential_host_secret_format) { -+ .machine_id = machine_id, -+ }; -+ -+ r = genuine_random_bytes(buf.data, sizeof(buf.data), RANDOM_BLOCK); -+ if (r < 0) -+ goto finish; -+ -+ r = loop_write(fd, &buf, sizeof(buf), false); -+ if (r < 0) -+ goto finish; -+ -+ if (fsync(fd) < 0) { -+ r = -errno; -+ goto finish; -+ } -+ -+ if (t) { -+ r = rename_noreplace(dfd, t, dfd, fn); -+ if (r < 0) -+ goto finish; -+ -+ t = mfree(t); -+ } else if (linkat(fd, "", dfd, fn, AT_EMPTY_PATH) < 0) { -+ r = -errno; -+ goto finish; -+ } -+ -+ if (fsync(dfd) < 0) { -+ r = -errno; -+ goto finish; -+ } -+ -+ if (ret_data) { -+ void *copy; -+ -+ copy = memdup(buf.data, sizeof(buf.data)); -+ if (!copy) { -+ r = -ENOMEM; -+ goto finish; -+ } -+ -+ *ret_data = copy; -+ } -+ -+ if (ret_size) -+ *ret_size = sizeof(buf.data); -+ -+ r = 0; -+ -+finish: -+ if (t && unlinkat(dfd, t, 0) < 0) -+ log_debug_errno(errno, "Failed to remove temporary credential key: %m"); -+ -+ explicit_bzero_safe(&buf, sizeof(buf)); -+ return r; -+} -+ -+int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *ret_size) { -+ _cleanup_free_ char *efn = NULL, *ep = NULL; -+ _cleanup_close_ int dfd = -1; -+ sd_id128_t machine_id; -+ const char *e, *fn, *p; -+ int r; -+ -+ r = sd_id128_get_machine_app_specific(credential_app_id, &machine_id); -+ if (r < 0) -+ return r; -+ -+ e = secure_getenv("SYSTEMD_CREDENTIAL_SECRET"); -+ if (e) { -+ if (!path_is_normalized(e)) -+ return -EINVAL; -+ if (!path_is_absolute(e)) -+ return -EINVAL; -+ -+ r = path_extract_directory(e, &ep); -+ if (r < 0) -+ return r; -+ -+ r = path_extract_filename(e, &efn); -+ if (r < 0) -+ return r; -+ -+ p = ep; -+ fn = efn; -+ } else { -+ p = "/var/lib/systemd"; -+ fn = "credential.secret"; -+ } -+ -+ (void) mkdir_p(p, 0755); -+ dfd = open(p, O_CLOEXEC|O_DIRECTORY|O_RDONLY); -+ if (dfd < 0) -+ return -errno; -+ -+ if (FLAGS_SET(flags, CREDENTIAL_SECRET_FAIL_ON_TEMPORARY_FS)) { -+ r = fd_is_temporary_fs(dfd); -+ if (r < 0) -+ return r; -+ if (r > 0) -+ return -ENOMEDIUM; -+ } -+ -+ for (unsigned attempt = 0;; attempt++) { -+ _cleanup_(erase_and_freep) struct credential_host_secret_format *f = NULL; -+ _cleanup_close_ int fd = -1; -+ size_t l = 0; -+ ssize_t n = 0; -+ struct stat st; -+ -+ if (attempt >= 3) /* Somebody is playing games with us */ -+ return -EIO; -+ -+ fd = openat(dfd, fn, O_CLOEXEC|O_RDONLY|O_NOCTTY|O_NOFOLLOW); -+ if (fd < 0) { -+ if (errno != ENOENT || !FLAGS_SET(flags, CREDENTIAL_SECRET_GENERATE)) -+ return -errno; -+ -+ r = make_credential_host_secret(dfd, machine_id, fn, ret, ret_size); -+ if (r == -EEXIST) { -+ log_debug_errno(r, "Credential secret was created while we were creating it. Trying to read new secret."); -+ continue; -+ } -+ if (r < 0) -+ return r; -+ -+ return 0; -+ } -+ -+ if (fstat(fd, &st) < 0) -+ return -errno; -+ -+ r = stat_verify_regular(&st); -+ if (r < 0) -+ return r; -+ if (st.st_nlink == 0) /* Deleted by now, try again */ -+ continue; -+ if (st.st_nlink > 1) -+ return -EPERM; /* Our deletion check won't work if hardlinked somewhere else */ -+ if ((st.st_mode & 07777) != 0400) /* Don't use file if not 0400 access mode */ -+ return -EPERM; -+ if (st.st_size > 16*1024*1024) -+ return -E2BIG; -+ l = st.st_size; -+ if (l < offsetof(struct credential_host_secret_format, data) + 1) -+ return -EINVAL; -+ -+ f = malloc(l+1); -+ if (!f) -+ return -ENOMEM; -+ -+ n = read(fd, f, l+1); -+ if (n < 0) -+ return -errno; -+ if ((size_t) n != l) /* What? The size changed? */ -+ return -EIO; -+ -+ if (sd_id128_equal(machine_id, f->machine_id)) { -+ size_t sz; -+ -+ if (FLAGS_SET(flags, CREDENTIAL_SECRET_WARN_NOT_ENCRYPTED)) { -+ r = fd_is_encrypted(fd); -+ if (r < 0) -+ log_debug_errno(r, "Failed to determine if credential secret file '%s/%s' is encrypted.", p, fn); -+ else if (r == 0) -+ log_warning("Credential secret file '%s/%s' is not located on encrypted media, using anyway.", p, fn); -+ } -+ -+ sz = l - offsetof(struct credential_host_secret_format, data); -+ assert(sz > 0); -+ -+ if (ret) { -+ void *copy; -+ -+ assert(sz <= sizeof(f->data)); /* Ensure we don't read past f->data bounds */ -+ -+ copy = memdup(f->data, sz); -+ if (!copy) -+ return -ENOMEM; -+ -+ *ret = copy; -+ } -+ -+ if (ret_size) -+ *ret_size = sz; -+ -+ return 0; -+ } -+ -+ /* Hmm, this secret is from somewhere else. Let's delete the file. Let's first acquire a lock -+ * to ensure we are the only ones accessing the file while we delete it. */ -+ -+ if (flock(fd, LOCK_EX) < 0) -+ return -errno; -+ -+ /* Before we delete it check that the file is still linked into the file system */ -+ if (fstat(fd, &st) < 0) -+ return -errno; -+ if (st.st_nlink == 0) /* Already deleted by now? */ -+ continue; -+ if (st.st_nlink != 1) /* Safety check, someone is playing games with us */ -+ return -EPERM; -+ -+ if (unlinkat(dfd, fn, 0) < 0) -+ return -errno; -+ -+ /* And now try again */ -+ } -+} -+ -+/* Construction is like this: -+ * -+ * A symmetric encryption key is derived from: -+ * -+ * 1. Either the "host" key (a key stored in /var/lib/credential.secret) -+ * -+ * 2. A key generated by letting the TPM2 calculate an HMAC hash of some nonce we pass to it, keyed -+ * by a key derived from its internal seed key. -+ * -+ * 3. The concatenation of the above. -+ * -+ * The above is hashed with SHA256 which is then used as encryption key for AES256-GCM. The encrypted -+ * credential is a short (unencrypted) header describing which of the three keys to use, the IV to use for -+ * AES256-GCM and some more meta information (sizes of certain objects) that is strictly speaking redundant, -+ * but kinda nice to have since we can have a more generic parser. If the TPM2 key is used this is followed -+ * by another (unencrypted) header, with information about the TPM2 policy used (specifically: the PCR mask -+ * to bind against, and a hash of the resulting policy — the latter being redundant, but speeding up things a -+ * bit, since we can more quickly refuse PCR state), followed by a sealed/exported TPM2 HMAC key. This is -+ * then followed by the encrypted data, which begins with a metadata header (which contains validity -+ * timestamps as well as the credential name), followed by the actual credential payload. The file ends in -+ * the AES256-GCM tag. To make things simple, the AES256-GCM AAD covers the main and the TPM2 header in -+ * full. This means the whole file is either protected by AAD, or is ciphertext, or is the tag. No -+ * unprotected data is included. -+ */ -+ -+struct _packed_ encrypted_credential_header { -+ sd_id128_t id; -+ le32_t key_size; -+ le32_t block_size; -+ le32_t iv_size; -+ le32_t tag_size; -+ uint8_t iv[]; -+ /* Followed by NUL bytes until next 8 byte boundary */ -+}; -+ -+struct _packed_ tpm2_credential_header { -+ le64_t pcr_mask; /* Note that the spec for PC Clients only mandates 24 PCRs, and that's what systems -+ * generally have. But keep the door open for more. */ -+ le16_t pcr_bank; /* For now, either TPM2_ALG_SHA256 or TPM2_ALG_SHA1 */ -+ le16_t primary_alg; /* Primary key algorithm (either TPM2_ALG_RSA or TPM2_ALG_ECC for now) */ -+ le32_t blob_size; -+ le32_t policy_hash_size; -+ uint8_t policy_hash_and_blob[]; -+ /* Followed by NUL bytes until next 8 byte boundary */ -+}; -+ -+struct _packed_ metadata_credential_header { -+ le64_t timestamp; -+ le64_t not_after; -+ le32_t name_size; -+ char name[]; -+ /* Followed by NUL bytes until next 8 byte boundary */ -+}; -+ -+/* Some generic limit for parts of the encrypted credential for which we don't know the right size ahead of -+ * time, but where we are really sure it won't be larger than this. Should be larger than any possible IV, -+ * padding, tag size and so on. This is purely used for early filtering out of invalid sizes. */ -+#define CREDENTIAL_FIELD_SIZE_MAX (16U*1024U) -+ -+static int sha256_hash_host_and_tpm2_key( -+ const void *host_key, -+ size_t host_key_size, -+ const void *tpm2_key, -+ size_t tpm2_key_size, -+ uint8_t ret[static SHA256_DIGEST_LENGTH]) { -+ -+ _cleanup_(EVP_MD_CTX_freep) EVP_MD_CTX *md = NULL; -+ unsigned l; -+ -+ assert(host_key_size == 0 || host_key); -+ assert(tpm2_key_size == 0 || tpm2_key); -+ assert(ret); -+ -+ /* Combines the host key and the TPM2 HMAC hash into a SHA256 hash value we'll use as symmetric encryption key. */ -+ -+ md = EVP_MD_CTX_new(); -+ if (!md) -+ return log_oom(); -+ -+ if (EVP_DigestInit_ex(md, EVP_sha256(), NULL) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initial SHA256 context."); -+ -+ if (host_key && EVP_DigestUpdate(md, host_key, host_key_size) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to hash host key."); -+ -+ if (tpm2_key && EVP_DigestUpdate(md, tpm2_key, tpm2_key_size) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to hash TPM2 key."); -+ -+ assert(EVP_MD_CTX_size(md) == SHA256_DIGEST_LENGTH); -+ -+ if (EVP_DigestFinal_ex(md, ret, &l) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize SHA256 hash."); -+ -+ assert(l == SHA256_DIGEST_LENGTH); -+ return 0; -+} -+ -+int encrypt_credential_and_warn( -+ sd_id128_t with_key, -+ const char *name, -+ usec_t timestamp, -+ usec_t not_after, -+ const char *tpm2_device, -+ uint32_t tpm2_pcr_mask, -+ const void *input, -+ size_t input_size, -+ void **ret, -+ size_t *ret_size) { -+ -+ _cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL; -+ _cleanup_(erase_and_freep) void *host_key = NULL, *tpm2_key = NULL; -+ size_t host_key_size = 0, tpm2_key_size = 0, tpm2_blob_size = 0, tpm2_policy_hash_size = 0, output_size, p, ml; -+ _cleanup_free_ void *tpm2_blob = NULL, *tpm2_policy_hash = NULL, *iv = NULL, *output = NULL; -+ _cleanup_free_ struct metadata_credential_header *m = NULL; -+ uint16_t tpm2_pcr_bank = 0, tpm2_primary_alg = 0; -+ struct encrypted_credential_header *h; -+ int ksz, bsz, ivsz, tsz, added, r; -+ uint8_t md[SHA256_DIGEST_LENGTH]; -+ const EVP_CIPHER *cc; -+#if HAVE_TPM2 -+ bool try_tpm2 = false; -+#endif -+ sd_id128_t id; -+ -+ assert(input || input_size == 0); -+ assert(ret); -+ assert(ret_size); -+ -+ if (name && !credential_name_valid(name)) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid credential name: %s", name); -+ -+ if (not_after != USEC_INFINITY && timestamp != USEC_INFINITY && not_after < timestamp) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Credential is invalidated before it is valid (" USEC_FMT " < " USEC_FMT ").", not_after, timestamp); -+ -+ if (DEBUG_LOGGING) { -+ char buf[FORMAT_TIMESTAMP_MAX]; -+ -+ if (name) -+ log_debug("Including credential name '%s' in encrypted credential.", name); -+ if (timestamp != USEC_INFINITY) -+ log_debug("Including timestamp '%s' in encrypted credential.", format_timestamp(buf, sizeof(buf), timestamp)); -+ if (not_after != USEC_INFINITY) -+ log_debug("Including not-after timestamp '%s' in encrypted credential.", format_timestamp(buf, sizeof(buf), not_after)); -+ } -+ -+ if (sd_id128_is_null(with_key) || -+ sd_id128_in_set(with_key, CRED_AES256_GCM_BY_HOST, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC)) { -+ -+ r = get_credential_host_secret( -+ CREDENTIAL_SECRET_GENERATE| -+ CREDENTIAL_SECRET_WARN_NOT_ENCRYPTED| -+ (sd_id128_is_null(with_key) ? CREDENTIAL_SECRET_FAIL_ON_TEMPORARY_FS : 0), -+ &host_key, -+ &host_key_size); -+ if (r == -ENOMEDIUM && sd_id128_is_null(with_key)) -+ log_debug_errno(r, "Credential host secret location on temporary file system, not using."); -+ else if (r < 0) -+ return log_error_errno(r, "Failed to determine local credential host secret: %m"); -+ } -+ -+#if HAVE_TPM2 -+ if (sd_id128_is_null(with_key)) { -+ /* If automatic mode is selected and we are running in a container, let's not try TPM2. OTOH -+ * if user picks TPM2 explicitly, let's always honour the request and try. */ -+ -+ r = detect_container(); -+ if (r < 0) -+ log_debug_errno(r, "Failed to determine whether we are running in a container, ignoring: %m"); -+ else if (r > 0) -+ log_debug("Running in container, not attempting to use TPM2."); -+ -+ try_tpm2 = r <= 0; -+ } -+ -+ if (try_tpm2 || -+ sd_id128_in_set(with_key, CRED_AES256_GCM_BY_TPM2_HMAC, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC)) { -+ -+ r = tpm2_seal(tpm2_device, -+ tpm2_pcr_mask, -+ &tpm2_key, -+ &tpm2_key_size, -+ &tpm2_blob, -+ &tpm2_blob_size, -+ &tpm2_policy_hash, -+ &tpm2_policy_hash_size, -+ &tpm2_pcr_bank, -+ &tpm2_primary_alg); -+ if (r < 0) { -+ if (!sd_id128_is_null(with_key)) -+ return r; -+ -+ log_debug_errno(r, "TPM2 sealing didn't work, not using: %m"); -+ } -+ -+ assert(tpm2_blob_size <= CREDENTIAL_FIELD_SIZE_MAX); -+ assert(tpm2_policy_hash_size <= CREDENTIAL_FIELD_SIZE_MAX); -+ } -+#endif -+ -+ if (sd_id128_is_null(with_key)) { -+ /* Let's settle the key type in auto mode now. */ -+ -+ if (host_key && tpm2_key) -+ id = CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC; -+ else if (tpm2_key) -+ id = CRED_AES256_GCM_BY_TPM2_HMAC; -+ else if (host_key) -+ id = CRED_AES256_GCM_BY_HOST; -+ else -+ return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), -+ "TPM2 not available and host key located on temporary file system, no encryption key available."); -+ } else -+ id = with_key; -+ -+ /* Let's now take the host key and the TPM2 key and hash it together, to use as encryption key for the data */ -+ r = sha256_hash_host_and_tpm2_key(host_key, host_key_size, tpm2_key, tpm2_key_size, md); -+ if (r < 0) -+ return r; -+ -+ assert_se(cc = EVP_aes_256_gcm()); -+ -+ ksz = EVP_CIPHER_key_length(cc); -+ assert(ksz == sizeof(md)); -+ -+ bsz = EVP_CIPHER_block_size(cc); -+ assert(bsz > 0); -+ assert((size_t) bsz <= CREDENTIAL_FIELD_SIZE_MAX); -+ -+ ivsz = EVP_CIPHER_iv_length(cc); -+ if (ivsz > 0) { -+ assert((size_t) ivsz <= CREDENTIAL_FIELD_SIZE_MAX); -+ -+ iv = malloc(ivsz); -+ if (!iv) -+ return log_oom(); -+ -+ r = genuine_random_bytes(iv, ivsz, RANDOM_BLOCK); -+ if (r < 0) -+ return log_error_errno(r, "Failed to acquired randomized IV: %m"); -+ } -+ -+ tsz = 16; /* FIXME: On OpenSSL 3 there is EVP_CIPHER_CTX_get_tag_length(), until then let's hardcode this */ -+ -+ context = EVP_CIPHER_CTX_new(); -+ if (!context) -+ return log_error_errno(SYNTHETIC_ERRNO(ENOMEM), "Failed to allocate encryption object: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ if (EVP_EncryptInit_ex(context, cc, NULL, md, iv) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize encryption context: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ /* Just an upper estimate */ -+ output_size = -+ ALIGN8(offsetof(struct encrypted_credential_header, iv) + ivsz) + -+ ALIGN8(tpm2_key ? offsetof(struct tpm2_credential_header, policy_hash_and_blob) + tpm2_blob_size + tpm2_policy_hash_size : 0) + -+ ALIGN8(offsetof(struct metadata_credential_header, name) + strlen_ptr(name)) + -+ input_size + 2U * (size_t) bsz + -+ tsz; -+ -+ output = malloc0(output_size); -+ if (!output) -+ return log_oom(); -+ -+ h = (struct encrypted_credential_header*) output; -+ h->id = id; -+ h->block_size = htole32(bsz); -+ h->key_size = htole32(ksz); -+ h->tag_size = htole32(tsz); -+ h->iv_size = htole32(ivsz); -+ memcpy(h->iv, iv, ivsz); -+ -+ p = ALIGN8(offsetof(struct encrypted_credential_header, iv) + ivsz); -+ -+ if (tpm2_key) { -+ struct tpm2_credential_header *t; -+ -+ t = (struct tpm2_credential_header*) ((uint8_t*) output + p); -+ t->pcr_mask = htole64(tpm2_pcr_mask); -+ t->pcr_bank = htole16(tpm2_pcr_bank); -+ t->primary_alg = htole16(tpm2_primary_alg); -+ t->blob_size = htole32(tpm2_blob_size); -+ t->policy_hash_size = htole32(tpm2_policy_hash_size); -+ memcpy(t->policy_hash_and_blob, tpm2_blob, tpm2_blob_size); -+ memcpy(t->policy_hash_and_blob + tpm2_blob_size, tpm2_policy_hash, tpm2_policy_hash_size); -+ -+ p += ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + tpm2_blob_size + tpm2_policy_hash_size); -+ } -+ -+ /* Pass the encrypted + TPM2 header as AAD */ -+ if (EVP_EncryptUpdate(context, NULL, &added, output, p) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to write AAD data: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ /* Now construct the metadata header */ -+ ml = strlen_ptr(name); -+ m = malloc0(ALIGN8(offsetof(struct metadata_credential_header, name) + ml)); -+ if (!m) -+ return log_oom(); -+ -+ m->timestamp = htole64(timestamp); -+ m->not_after = htole64(not_after); -+ m->name_size = htole32(ml); -+ memcpy_safe(m->name, name, ml); -+ -+ /* And encrypt the metadata header */ -+ if (EVP_EncryptUpdate(context, (uint8_t*) output + p, &added, (const unsigned char*) m, ALIGN8(offsetof(struct metadata_credential_header, name) + ml)) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to encrypt metadata header: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ assert(added >= 0); -+ assert((size_t) added <= output_size - p); -+ p += added; -+ -+ /* Then encrypt the plaintext */ -+ if (EVP_EncryptUpdate(context, (uint8_t*) output + p, &added, input, input_size) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to encrypt data: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ assert(added >= 0); -+ assert((size_t) added <= output_size - p); -+ p += added; -+ -+ /* Finalize */ -+ if (EVP_EncryptFinal_ex(context, (uint8_t*) output + p, &added) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to finalize data encryption: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ assert(added >= 0); -+ assert((size_t) added <= output_size - p); -+ p += added; -+ -+ assert(p <= output_size - tsz); -+ -+ /* Append tag */ -+ if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_GET_TAG, tsz, (uint8_t*) output + p) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to get tag: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ p += tsz; -+ assert(p <= output_size); -+ -+ if (DEBUG_LOGGING && input_size > 0) { -+ size_t base64_size; -+ -+ base64_size = DIV_ROUND_UP(p * 4, 3); /* Include base64 size increase in debug output */ -+ assert(base64_size >= input_size); -+ log_debug("Input of %zu bytes grew to output of %zu bytes (+%2zu%%).", input_size, base64_size, base64_size * 100 / input_size - 100); -+ } -+ -+ *ret = TAKE_PTR(output); -+ *ret_size = p; -+ -+ return 0; -+} -+ -+int decrypt_credential_and_warn( -+ const char *validate_name, -+ usec_t validate_timestamp, -+ const char *tpm2_device, -+ const void *input, -+ size_t input_size, -+ void **ret, -+ size_t *ret_size) { -+ -+ _cleanup_(erase_and_freep) void *host_key = NULL, *tpm2_key = NULL, *plaintext = NULL; -+ _cleanup_(EVP_CIPHER_CTX_freep) EVP_CIPHER_CTX *context = NULL; -+ size_t host_key_size = 0, tpm2_key_size = 0, plaintext_size, p, hs; -+ struct encrypted_credential_header *h; -+ struct metadata_credential_header *m; -+ uint8_t md[SHA256_DIGEST_LENGTH]; -+ bool with_tpm2, with_host_key; -+ const EVP_CIPHER *cc; -+ int r, added; -+ -+ assert(input || input_size == 0); -+ assert(ret); -+ assert(ret_size); -+ -+ h = (struct encrypted_credential_header*) input; -+ -+ /* The ID must fit in, for the current and all future formats */ -+ if (input_size < sizeof(h->id)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short."); -+ -+ with_host_key = sd_id128_in_set(h->id, CRED_AES256_GCM_BY_HOST, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC); -+ with_tpm2 = sd_id128_in_set(h->id, CRED_AES256_GCM_BY_TPM2_HMAC, CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC); -+ -+ if (!with_host_key && !with_tpm2) -+ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Unknown encryption format, or corrupted data: %m"); -+ -+ /* Now we know the minimum header size */ -+ if (input_size < offsetof(struct encrypted_credential_header, iv)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short."); -+ -+ /* Verify some basic header values */ -+ if (le32toh(h->key_size) != sizeof(md)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected key size in header."); -+ if (le32toh(h->block_size) <= 0 || le32toh(h->block_size) > CREDENTIAL_FIELD_SIZE_MAX) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected block size in header."); -+ if (le32toh(h->iv_size) > CREDENTIAL_FIELD_SIZE_MAX) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "IV size too large."); -+ if (le32toh(h->tag_size) != 16) /* FIXME: On OpenSSL 3, let's verify via EVP_CIPHER_CTX_get_tag_length() */ -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected tag size in header."); -+ -+ /* Ensure we have space for the full header now (we don't know the size of the name hence this is a -+ * lower limit only) */ -+ if (input_size < -+ ALIGN8(offsetof(struct encrypted_credential_header, iv) + le32toh(h->iv_size)) + -+ ALIGN8((with_tpm2 ? offsetof(struct tpm2_credential_header, policy_hash_and_blob) : 0)) + -+ ALIGN8(offsetof(struct metadata_credential_header, name)) + -+ le32toh(h->tag_size)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short."); -+ -+ p = ALIGN8(offsetof(struct encrypted_credential_header, iv) + le32toh(h->iv_size)); -+ -+ if (with_tpm2) { -+#if HAVE_TPM2 -+ struct tpm2_credential_header* t = (struct tpm2_credential_header*) ((uint8_t*) input + p); -+ -+ if (le64toh(t->pcr_mask) >= (UINT64_C(1) << TPM2_PCRS_MAX)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR mask out of range."); -+ if (!tpm2_pcr_bank_to_string(le16toh(t->pcr_bank))) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR bank invalid or not supported"); -+ if (!tpm2_primary_alg_to_string(le16toh(t->primary_alg))) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 primary key algorithm invalid or not supported."); -+ if (le32toh(t->blob_size) > CREDENTIAL_FIELD_SIZE_MAX) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected TPM2 blob size."); -+ if (le32toh(t->policy_hash_size) > CREDENTIAL_FIELD_SIZE_MAX) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected TPM2 policy hash size."); -+ -+ /* Ensure we have space for the full TPM2 header now (still don't know the name, and its size -+ * though, hence still just a lower limit test only) */ -+ if (input_size < -+ ALIGN8(offsetof(struct encrypted_credential_header, iv) + le32toh(h->iv_size)) + -+ ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + le32toh(t->blob_size) + le32toh(t->policy_hash_size)) + -+ ALIGN8(offsetof(struct metadata_credential_header, name)) + -+ le32toh(h->tag_size)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Encrypted file too short."); -+ -+ r = tpm2_unseal(tpm2_device, -+ le64toh(t->pcr_mask), -+ le16toh(t->pcr_bank), -+ le16toh(t->primary_alg), -+ t->policy_hash_and_blob, -+ le32toh(t->blob_size), -+ t->policy_hash_and_blob + le32toh(t->blob_size), -+ le32toh(t->policy_hash_size), -+ &tpm2_key, -+ &tpm2_key_size); -+ if (r < 0) -+ return r; -+ -+ p += ALIGN8(offsetof(struct tpm2_credential_header, policy_hash_and_blob) + -+ le32toh(t->blob_size) + -+ le32toh(t->policy_hash_size)); -+#else -+ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Credential requires TPM2 support, but TPM2 support not available."); -+#endif -+ } -+ -+ if (with_host_key) { -+ r = get_credential_host_secret( -+ 0, -+ &host_key, -+ &host_key_size); -+ if (r < 0) -+ return log_error_errno(r, "Failed to determine local credential key: %m"); -+ } -+ -+ sha256_hash_host_and_tpm2_key(host_key, host_key_size, tpm2_key, tpm2_key_size, md); -+ -+ assert_se(cc = EVP_aes_256_gcm()); -+ -+ /* Make sure cipher expectations match the header */ -+ if (EVP_CIPHER_key_length(cc) != (int) le32toh(h->key_size)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected key size in header."); -+ if (EVP_CIPHER_block_size(cc) != (int) le32toh(h->block_size)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected block size in header."); -+ -+ context = EVP_CIPHER_CTX_new(); -+ if (!context) -+ return log_error_errno(SYNTHETIC_ERRNO(ENOMEM), "Failed to allocate decryption object: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ if (EVP_DecryptInit_ex(context, cc, NULL, NULL, NULL) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize decryption context: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_SET_IVLEN, le32toh(h->iv_size), NULL) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set IV size on decryption context: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ if (EVP_DecryptInit_ex(context, NULL, NULL, md, h->iv) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set IV and key: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ if (EVP_DecryptUpdate(context, NULL, &added, input, p) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to write AAD data: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ plaintext = malloc(input_size - p - le32toh(h->tag_size)); -+ if (!plaintext) -+ return -ENOMEM; -+ -+ if (EVP_DecryptUpdate( -+ context, -+ plaintext, -+ &added, -+ (uint8_t*) input + p, -+ input_size - p - le32toh(h->tag_size)) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to decrypt data: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ assert(added >= 0); -+ assert((size_t) added <= input_size - p - le32toh(h->tag_size)); -+ plaintext_size = added; -+ -+ if (EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_SET_TAG, le32toh(h->tag_size), (uint8_t*) input + input_size - le32toh(h->tag_size)) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to set tag: %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ if (EVP_DecryptFinal_ex(context, (uint8_t*) plaintext + plaintext_size, &added) != 1) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Decryption failed (incorrect key?): %s", -+ ERR_error_string(ERR_get_error(), NULL)); -+ -+ plaintext_size += added; -+ -+ if (plaintext_size < ALIGN8(offsetof(struct metadata_credential_header, name))) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Metadata header incomplete."); -+ -+ m = plaintext; -+ -+ if (le64toh(m->timestamp) != USEC_INFINITY && -+ le64toh(m->not_after) != USEC_INFINITY && -+ le64toh(m->timestamp) >= le64toh(m->not_after)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Timestamps of credential are not in order, refusing."); -+ -+ if (le32toh(m->name_size) > CREDENTIAL_NAME_MAX) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Embedded credential name too long, refusing."); -+ -+ hs = ALIGN8(offsetof(struct metadata_credential_header, name) + le32toh(m->name_size)); -+ if (plaintext_size < hs) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Metadata header incomplete."); -+ -+ if (le32toh(m->name_size) > 0) { -+ _cleanup_free_ char *embedded_name = NULL; -+ -+ if (memchr(m->name, 0, le32toh(m->name_size))) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Embedded credential name contains NUL byte, refusing."); -+ -+ embedded_name = memdup_suffix0(m->name, le32toh(m->name_size)); -+ if (!embedded_name) -+ return log_oom(); -+ -+ if (!credential_name_valid(embedded_name)) -+ return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Embedded credential name is not valid, refusing."); -+ -+ if (validate_name && !streq(embedded_name, validate_name)) { -+ -+ r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NAME"); -+ if (r < 0 && r != -ENXIO) -+ log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NAME: %m"); -+ if (r != 0) -+ return log_error_errno(SYNTHETIC_ERRNO(EREMOTE), "Embedded credential name '%s' does not match filename '%s', refusing.", embedded_name, validate_name); -+ -+ log_debug("Embedded credential name '%s' does not match expected name '%s', but configured to use credential anyway.", embedded_name, validate_name); -+ } -+ } -+ -+ if (validate_timestamp != USEC_INFINITY) { -+ if (le64toh(m->timestamp) != USEC_INFINITY && le64toh(m->timestamp) > validate_timestamp) -+ log_debug("Credential timestamp is from the future, assuming clock skew."); -+ -+ if (le64toh(m->not_after) != USEC_INFINITY && le64toh(m->not_after) < validate_timestamp) { -+ -+ r = getenv_bool_secure("SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER"); -+ if (r < 0 && r != -ENXIO) -+ log_debug_errno(r, "Failed to parse $SYSTEMD_CREDENTIAL_VALIDATE_NOT_AFTER: %m"); -+ if (r != 0) -+ return log_error_errno(SYNTHETIC_ERRNO(ESTALE), "Credential's time passed, refusing to use."); -+ -+ log_debug("Credential not-after timestamp has passed, but configured to use credential anyway."); -+ } -+ } -+ -+ if (ret) { -+ char *without_metadata; -+ -+ without_metadata = memdup((uint8_t*) plaintext + hs, plaintext_size - hs); -+ if (!without_metadata) -+ return log_oom(); -+ -+ *ret = without_metadata; -+ } -+ -+ if (ret_size) -+ *ret_size = plaintext_size - hs; -+ -+ return 0; -+} -+ -+#else -+ -+int get_credential_host_secret(CredentialSecretFlags flags, void **ret, size_t *ret_size) { -+ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available."); -+} -+ -+int encrypt_credential_and_warn(sd_id128_t with_key, const char *name, usec_t timestamp, usec_t not_after, const char *tpm2_device, uint32_t tpm2_pcr_mask, const void *input, size_t input_size, void **ret, size_t *ret_size) { -+ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available."); -+} -+ -+int decrypt_credential_and_warn(const char *validate_name, usec_t validate_timestamp, const char *tpm2_device, const void *input, size_t input_size, void **ret, size_t *ret_size) { -+ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Support for encrypted credentials not available."); -+} -+ -+#endif -diff --git a/src/shared/openssl-util.h b/src/shared/openssl-util.h -index e6c2bd9310..ce8207414f 100644 ---- a/src/shared/openssl-util.h -+++ b/src/shared/openssl-util.h -@@ -11,6 +11,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509*, X509_free, NULL); - DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME*, X509_NAME_free, NULL); - DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL); - DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL); -+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_MD_CTX*, EVP_MD_CTX_free, NULL); - - int rsa_encrypt_bytes(EVP_PKEY *pkey, const void *decrypted_key, size_t decrypted_key_size, void **ret_encrypt_key, size_t *ret_encrypt_key_size); - --- -2.33.0 - diff --git a/backport-cryptenroll-fix-wrong-error-messages.patch b/backport-cryptenroll-fix-wrong-error-messages.patch deleted file mode 100644 index b234f97..0000000 --- a/backport-cryptenroll-fix-wrong-error-messages.patch +++ /dev/null @@ -1,40 +0,0 @@ -From a9149ef71dbfafd964b4e509690418be602c6eb6 Mon Sep 17 00:00:00 2001 -From: Gibeom Gwon -Date: Fri, 3 Dec 2021 15:10:50 +0900 -Subject: [PATCH] cryptenroll: fix wrong error messages - -PKCS#11 -> FIDO2 in cryptenroll-fido2.c - -(cherry picked from commit 4b9aa29bc9ded35147f9fa77f77e13c3c6fa7fcf) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a9149ef71dbfafd964b4e509690418be602c6eb6 ---- - src/cryptenroll/cryptenroll-fido2.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/cryptenroll/cryptenroll-fido2.c b/src/cryptenroll/cryptenroll-fido2.c -index fbf76ee586..9e1d94bd16 100644 ---- a/src/cryptenroll/cryptenroll-fido2.c -+++ b/src/cryptenroll/cryptenroll-fido2.c -@@ -67,7 +67,7 @@ int enroll_fido2( - base64_encoded, - strlen(base64_encoded)); - if (keyslot < 0) -- return log_error_errno(keyslot, "Failed to add new PKCS#11 key to %s: %m", node); -+ return log_error_errno(keyslot, "Failed to add new FIDO2 key to %s: %m", node); - - if (asprintf(&keyslot_as_string, "%i", keyslot) < 0) - return log_oom(); -@@ -83,7 +83,7 @@ int enroll_fido2( - JSON_BUILD_PAIR("fido2-up-required", JSON_BUILD_BOOLEAN(FLAGS_SET(lock_with, FIDO2ENROLL_UP))), - JSON_BUILD_PAIR("fido2-uv-required", JSON_BUILD_BOOLEAN(FLAGS_SET(lock_with, FIDO2ENROLL_UV))))); - if (r < 0) -- return log_error_errno(r, "Failed to prepare PKCS#11 JSON token object: %m"); -+ return log_error_errno(r, "Failed to prepare FIDO2 JSON token object: %m"); - - r = cryptsetup_add_token_json(cd, v); - if (r < 0) --- -2.33.0 - diff --git a/backport-dbus-wait-for-jobs-add-extra_args-to-bus_wait_for_jo.patch b/backport-dbus-wait-for-jobs-add-extra_args-to-bus_wait_for_jo.patch deleted file mode 100644 index db4033d..0000000 --- a/backport-dbus-wait-for-jobs-add-extra_args-to-bus_wait_for_jo.patch +++ /dev/null @@ -1,143 +0,0 @@ -From 84188acc6fe4a2f04c91c2c4d7b20a3166caa63b Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Thu, 30 Dec 2021 00:53:29 +0000 -Subject: [PATCH] dbus-wait-for-jobs: add extra_args to bus_wait_for_jobs_one() - -And pass it through to bus_wait_for_jobs() - -(cherry picked from commit 86980de64bf8c03505eec729808f52f3b3042998) -(cherry picked from commit 0c4fe2e3dcde8225006a36cff643c112bd6c6523) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/84188acc6fe4a2f04c91c2c4d7b20a3166caa63b ---- - src/mount/mount-tool.c | 6 +++--- - src/nspawn/nspawn-register.c | 2 +- - src/run/run.c | 6 +++--- - src/shared/bus-wait-for-jobs.c | 4 ++-- - src/shared/bus-wait-for-jobs.h | 2 +- - src/shared/tests.c | 2 +- - 6 files changed, 11 insertions(+), 11 deletions(-) - -diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c -index 70b4c5a765..9659355c33 100644 ---- a/src/mount/mount-tool.c -+++ b/src/mount/mount-tool.c -@@ -600,7 +600,7 @@ static int start_transient_mount( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); - if (r < 0) - return r; - } -@@ -709,7 +709,7 @@ static int start_transient_automount( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); - if (r < 0) - return r; - } -@@ -875,7 +875,7 @@ static int stop_mount( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); - if (r < 0) - return r; - } -diff --git a/src/nspawn/nspawn-register.c b/src/nspawn/nspawn-register.c -index 2e6c12b3b7..c78bead4a4 100644 ---- a/src/nspawn/nspawn-register.c -+++ b/src/nspawn/nspawn-register.c -@@ -313,7 +313,7 @@ int allocate_scope( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, false); -+ r = bus_wait_for_jobs_one(w, object, false, NULL); - if (r < 0) - return r; - -diff --git a/src/run/run.c b/src/run/run.c -index 1c83e36e4e..9a7e1efaca 100644 ---- a/src/run/run.c -+++ b/src/run/run.c -@@ -1228,7 +1228,7 @@ static int start_transient_service( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); - if (r < 0) - return r; - } -@@ -1473,7 +1473,7 @@ static int start_transient_scope(sd_bus *bus) { - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); - if (r < 0) - return r; - -@@ -1693,7 +1693,7 @@ static int start_transient_trigger( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); - if (r < 0) - return r; - -diff --git a/src/shared/bus-wait-for-jobs.c b/src/shared/bus-wait-for-jobs.c -index e4a3ab9a95..0cd47d5787 100644 ---- a/src/shared/bus-wait-for-jobs.c -+++ b/src/shared/bus-wait-for-jobs.c -@@ -323,12 +323,12 @@ int bus_wait_for_jobs_add(BusWaitForJobs *d, const char *path) { - return set_put_strdup(&d->jobs, path); - } - --int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet) { -+int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet, const char* const* extra_args) { - int r; - - r = bus_wait_for_jobs_add(d, path); - if (r < 0) - return log_oom(); - -- return bus_wait_for_jobs(d, quiet, NULL); -+ return bus_wait_for_jobs(d, quiet, extra_args); - } -diff --git a/src/shared/bus-wait-for-jobs.h b/src/shared/bus-wait-for-jobs.h -index 68c9d604ad..5acf8b9241 100644 ---- a/src/shared/bus-wait-for-jobs.h -+++ b/src/shared/bus-wait-for-jobs.h -@@ -11,6 +11,6 @@ int bus_wait_for_jobs_new(sd_bus *bus, BusWaitForJobs **ret); - BusWaitForJobs* bus_wait_for_jobs_free(BusWaitForJobs *d); - int bus_wait_for_jobs_add(BusWaitForJobs *d, const char *path); - int bus_wait_for_jobs(BusWaitForJobs *d, bool quiet, const char* const* extra_args); --int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet); -+int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet, const char* const* extra_args); - - DEFINE_TRIVIAL_CLEANUP_FUNC(BusWaitForJobs*, bus_wait_for_jobs_free); -diff --git a/src/shared/tests.c b/src/shared/tests.c -index ab7d799029..6d35bc6a8d 100644 ---- a/src/shared/tests.c -+++ b/src/shared/tests.c -@@ -247,7 +247,7 @@ static int allocate_scope(void) { - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, false); -+ r = bus_wait_for_jobs_one(w, object, false, NULL); - if (r < 0) - return r; - --- -2.33.0 - diff --git a/backport-devnode-acl-use-_cleanup_-to-free-acl_t.patch b/backport-devnode-acl-use-_cleanup_-to-free-acl_t.patch deleted file mode 100644 index 49eba0c..0000000 --- a/backport-devnode-acl-use-_cleanup_-to-free-acl_t.patch +++ /dev/null @@ -1,146 +0,0 @@ -From 541ada330879dd928b33b55f1fc437ec1bbd349f Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Thu, 3 Mar 2022 15:58:24 +0100 -Subject: [PATCH] devnode-acl: use _cleanup_ to free acl_t - -(cherry picked from commit 203ea2c8f158288fea56c5be980715b2b7e002fe) -(cherry picked from commit 543c73300e3b9298e5316555bf4df6ff7dfc210f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/541ada330879dd928b33b55f1fc437ec1bbd349f ---- - src/shared/devnode-acl.c | 73 ++++++++++++++-------------------------- - 1 file changed, 25 insertions(+), 48 deletions(-) - -diff --git a/src/shared/devnode-acl.c b/src/shared/devnode-acl.c -index 07e29e1019..394422b164 100644 ---- a/src/shared/devnode-acl.c -+++ b/src/shared/devnode-acl.c -@@ -52,8 +52,8 @@ int devnode_acl(const char *path, - bool del, uid_t old_uid, - bool add, uid_t new_uid) { - -- acl_t acl; -- int r = 0; -+ _cleanup_(acl_freep) acl_t acl = NULL; -+ int r; - bool changed = false; - - assert(path); -@@ -66,7 +66,7 @@ int devnode_acl(const char *path, - - r = flush_acl(acl); - if (r < 0) -- goto finish; -+ return r; - if (r > 0) - changed = true; - -@@ -75,13 +75,11 @@ int devnode_acl(const char *path, - - r = acl_find_uid(acl, old_uid, &entry); - if (r < 0) -- goto finish; -+ return r; - - if (r > 0) { -- if (acl_delete_entry(acl, entry) < 0) { -- r = -errno; -- goto finish; -- } -+ if (acl_delete_entry(acl, entry) < 0) -+ return -errno; - - changed = true; - } -@@ -94,68 +92,47 @@ int devnode_acl(const char *path, - - r = acl_find_uid(acl, new_uid, &entry); - if (r < 0) -- goto finish; -+ return r; - - if (r == 0) { -- if (acl_create_entry(&acl, &entry) < 0) { -- r = -errno; -- goto finish; -- } -+ if (acl_create_entry(&acl, &entry) < 0) -+ return -errno; - - if (acl_set_tag_type(entry, ACL_USER) < 0 || -- acl_set_qualifier(entry, &new_uid) < 0) { -- r = -errno; -- goto finish; -- } -+ acl_set_qualifier(entry, &new_uid) < 0) -+ return -errno; - } - -- if (acl_get_permset(entry, &permset) < 0) { -- r = -errno; -- goto finish; -- } -+ if (acl_get_permset(entry, &permset) < 0) -+ return -errno; - - rd = acl_get_perm(permset, ACL_READ); -- if (rd < 0) { -- r = -errno; -- goto finish; -- } -+ if (rd < 0) -+ return -errno; - - wt = acl_get_perm(permset, ACL_WRITE); -- if (wt < 0) { -- r = -errno; -- goto finish; -- } -+ if (wt < 0) -+ return -errno; - - if (!rd || !wt) { - -- if (acl_add_perm(permset, ACL_READ|ACL_WRITE) < 0) { -- r = -errno; -- goto finish; -- } -+ if (acl_add_perm(permset, ACL_READ|ACL_WRITE) < 0) -+ return -errno; - - changed = true; - } - } - - if (!changed) -- goto finish; -- -- if (acl_calc_mask(&acl) < 0) { -- r = -errno; -- goto finish; -- } -- -- if (acl_set_file(path, ACL_TYPE_ACCESS, acl) < 0) { -- r = -errno; -- goto finish; -- } -+ return 0; - -- r = 0; -+ if (acl_calc_mask(&acl) < 0) -+ return -errno; - --finish: -- acl_free(acl); -+ if (acl_set_file(path, ACL_TYPE_ACCESS, acl) < 0) -+ return -errno; - -- return r; -+ return 0; - } - - int devnode_acl_all(const char *seat, --- -2.33.0 - diff --git a/backport-dhcp-fix-assertion-failure.patch b/backport-dhcp-fix-assertion-failure.patch deleted file mode 100644 index ff9c40c..0000000 --- a/backport-dhcp-fix-assertion-failure.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d59f045a9341f33df161a83a0a5428e137381206 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 8 Dec 2021 05:47:11 +0900 -Subject: [PATCH] dhcp: fix assertion failure - -Fixes #21671. - -(cherry picked from commit 990d0aa98023140d1efc897c3dcd5e0599a60203) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d59f045a9341f33df161a83a0a5428e137381206 ---- - src/libsystemd-network/sd-dhcp-lease.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c -index 095a4ee683..9a0d7f6fea 100644 ---- a/src/libsystemd-network/sd-dhcp-lease.c -+++ b/src/libsystemd-network/sd-dhcp-lease.c -@@ -691,7 +691,7 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const void *option, void - } - - if (!timezone_is_valid(tz, LOG_DEBUG)) { -- log_debug_errno(r, "Timezone is not valid, ignoring: %m"); -+ log_debug("Timezone is not valid, ignoring."); - return 0; - } - --- -2.33.0 - diff --git a/backport-dhcp-fix-potential-buffer-overflow.patch b/backport-dhcp-fix-potential-buffer-overflow.patch deleted file mode 100644 index d704e41..0000000 --- a/backport-dhcp-fix-potential-buffer-overflow.patch +++ /dev/null @@ -1,102 +0,0 @@ -From d903e94e8ea532d2128c5c4686ae440ebf17a07d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 6 Aug 2022 13:05:59 +0900 -Subject: [PATCH] dhcp: fix potential buffer overflow - -Fixes a bug introduced by 324f818781a250b60f2fcfa74ff1c9101d2d1315. - -This also renames several macros for DHCP packet size. - -(cherry picked from commit 4473cd7f61b9eb0860f2daab81491ad2145d554b) -(cherry picked from commit 037b1a8acc50cbeeebb82f95594a4909375577c2) -(cherry picked from commit 887837a5a9425945b91488db661122459af94c52) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d903e94e8ea532d2128c5c4686ae440ebf17a07d ---- - src/libsystemd-network/dhcp-protocol.h | 7 ++++--- - src/libsystemd-network/sd-dhcp-client.c | 11 +++++------ - src/libsystemd-network/sd-dhcp-lease.c | 6 +++--- - 3 files changed, 12 insertions(+), 12 deletions(-) - -diff --git a/src/libsystemd-network/dhcp-protocol.h b/src/libsystemd-network/dhcp-protocol.h -index 11f4201ab2..686cf67e84 100644 ---- a/src/libsystemd-network/dhcp-protocol.h -+++ b/src/libsystemd-network/dhcp-protocol.h -@@ -43,9 +43,10 @@ typedef struct DHCPPacket DHCPPacket; - - #define DHCP_IP_SIZE (int32_t)(sizeof(struct iphdr)) - #define DHCP_IP_UDP_SIZE (int32_t)(sizeof(struct udphdr) + DHCP_IP_SIZE) --#define DHCP_MESSAGE_SIZE (int32_t)(sizeof(DHCPMessage)) --#define DHCP_DEFAULT_MIN_SIZE 576 /* the minimum internet hosts must be able to receive */ --#define DHCP_MIN_OPTIONS_SIZE (DHCP_DEFAULT_MIN_SIZE - DHCP_IP_UDP_SIZE - DHCP_MESSAGE_SIZE) -+#define DHCP_HEADER_SIZE (int32_t)(sizeof(DHCPMessage)) -+#define DHCP_MIN_MESSAGE_SIZE 576 /* the minimum internet hosts must be able to receive, see RFC 2132 Section 9.10 */ -+#define DHCP_MIN_OPTIONS_SIZE (DHCP_MIN_MESSAGE_SIZE - DHCP_HEADER_SIZE) -+#define DHCP_MIN_PACKET_SIZE (DHCP_MIN_MESSAGE_SIZE + DHCP_IP_UDP_SIZE) - #define DHCP_MAGIC_COOKIE (uint32_t)(0x63825363) - - enum { -diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c -index 46191e58f5..b9c5748fed 100644 ---- a/src/libsystemd-network/sd-dhcp-client.c -+++ b/src/libsystemd-network/sd-dhcp-client.c -@@ -637,7 +637,7 @@ int sd_dhcp_client_set_client_port( - - int sd_dhcp_client_set_mtu(sd_dhcp_client *client, uint32_t mtu) { - assert_return(client, -EINVAL); -- assert_return(mtu >= DHCP_DEFAULT_MIN_SIZE, -ERANGE); -+ assert_return(mtu >= DHCP_MIN_PACKET_SIZE, -ERANGE); - - client->mtu = mtu; - -@@ -804,7 +804,6 @@ static int client_message_init( - - _cleanup_free_ DHCPPacket *packet = NULL; - size_t optlen, optoffset, size; -- be16_t max_size; - usec_t time_now; - uint16_t secs; - int r; -@@ -955,9 +954,9 @@ static int client_message_init( - */ - /* RFC7844 section 3: - SHOULD NOT contain any other option. */ -- if (!client->anonymize && type != DHCP_RELEASE) { -- max_size = htobe16(size); -- r = dhcp_option_append(&packet->dhcp, client->mtu, &optoffset, 0, -+ if (!client->anonymize && IN_SET(type, DHCP_DISCOVER, DHCP_REQUEST)) { -+ be16_t max_size = htobe16(MIN(client->mtu - DHCP_IP_UDP_SIZE, (uint32_t) UINT16_MAX)); -+ r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0, - SD_DHCP_OPTION_MAXIMUM_MESSAGE_SIZE, - 2, &max_size); - if (r < 0) -@@ -2267,7 +2266,7 @@ int sd_dhcp_client_new(sd_dhcp_client **ret, int anonymize) { - .state = DHCP_STATE_INIT, - .ifindex = -1, - .fd = -1, -- .mtu = DHCP_DEFAULT_MIN_SIZE, -+ .mtu = DHCP_MIN_PACKET_SIZE, - .port = DHCP_PORT_CLIENT, - .anonymize = !!anonymize, - .max_attempts = UINT64_MAX, -diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c -index 89386f6809..b818020589 100644 ---- a/src/libsystemd-network/sd-dhcp-lease.c -+++ b/src/libsystemd-network/sd-dhcp-lease.c -@@ -621,9 +621,9 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const void *option, void - r = lease_parse_u16(option, len, &lease->mtu, 68); - if (r < 0) - log_debug_errno(r, "Failed to parse MTU, ignoring: %m"); -- if (lease->mtu < DHCP_DEFAULT_MIN_SIZE) { -- log_debug("MTU value of %" PRIu16 " too small. Using default MTU value of %d instead.", lease->mtu, DHCP_DEFAULT_MIN_SIZE); -- lease->mtu = DHCP_DEFAULT_MIN_SIZE; -+ if (lease->mtu < DHCP_MIN_PACKET_SIZE) { -+ log_debug("MTU value of %" PRIu16 " too small. Using default MTU value of %d instead.", lease->mtu, DHCP_MIN_PACKET_SIZE); -+ lease->mtu = DHCP_MIN_PACKET_SIZE; - } - - break; --- -2.27.0 - diff --git a/backport-discover-image-mount-as-read-only-when-extracting-me.patch b/backport-discover-image-mount-as-read-only-when-extracting-me.patch deleted file mode 100644 index 83b1f7b..0000000 --- a/backport-discover-image-mount-as-read-only-when-extracting-me.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 783b787a3aecbd2c9d6908546f89c9690728aa79 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Thu, 22 Jul 2021 22:21:10 +0100 -Subject: [PATCH] discover-image: mount as read-only when extracting metadata - -We don't need to modify the image, and the loopback device is already set to read-only. - -(cherry picked from commit f6f4ec7951f429e8a470f8912cbeacde8fa1206e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/783b787a3aecbd2c9d6908546f89c9690728aa79 ---- - src/shared/discover-image.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/shared/discover-image.c b/src/shared/discover-image.c -index 5c833afc78..521264ec29 100644 ---- a/src/shared/discover-image.c -+++ b/src/shared/discover-image.c -@@ -1208,6 +1208,7 @@ int image_read_metadata(Image *i) { - DISSECT_IMAGE_GENERIC_ROOT | - DISSECT_IMAGE_REQUIRE_ROOT | - DISSECT_IMAGE_RELAX_VAR_CHECK | -+ DISSECT_IMAGE_READ_ONLY | - DISSECT_IMAGE_USR_NO_ROOT, - &m); - if (r < 0) --- -2.33.0 - diff --git a/backport-discover-image-pass-the-right-fd-to-fd_getcrtime.patch b/backport-discover-image-pass-the-right-fd-to-fd_getcrtime.patch deleted file mode 100644 index 978d488..0000000 --- a/backport-discover-image-pass-the-right-fd-to-fd_getcrtime.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 64b025686f36ae4385811be6f81d5f7d94da3437 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 18 Aug 2021 22:41:08 +0200 -Subject: [PATCH] discover-image: pass the right fd to fd_getcrtime() - -(cherry picked from commit 12a7f04a2b9135a4751dba71e2f688525d7c93e7) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/64b025686f36ae4385811be6f81d5f7d94da3437 ---- - src/shared/discover-image.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/discover-image.c b/src/shared/discover-image.c -index 521264ec29..5f8bf43776 100644 ---- a/src/shared/discover-image.c -+++ b/src/shared/discover-image.c -@@ -305,7 +305,7 @@ static int image_make( - } - - /* Get directory creation time (not available everywhere, but that's OK */ -- (void) fd_getcrtime(dfd, &crtime); -+ (void) fd_getcrtime(fd, &crtime); - - /* If the IMMUTABLE bit is set, we consider the directory read-only. Since the ioctl is not - * supported everywhere we ignore failures. */ --- -2.33.0 - diff --git a/backport-dissect-image-add-extension-specific-validation-flag.patch b/backport-dissect-image-add-extension-specific-validation-flag.patch deleted file mode 100644 index 8c523a6..0000000 --- a/backport-dissect-image-add-extension-specific-validation-flag.patch +++ /dev/null @@ -1,126 +0,0 @@ -From 1d1b529d7781c7ac28fd6130eeda76bf2d70fe79 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Wed, 18 Aug 2021 16:08:14 +0100 -Subject: [PATCH] dissect-image: add extension-specific validation flag - -Allows callers to specify which image type they are looking for - -(cherry picked from commit 9ccb531a5f99a7f399f352e79079188957f5a170) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1d1b529d7781c7ac28fd6130eeda76bf2d70fe79 ---- - src/portable/portable.c | 9 ++++++++- - src/shared/dissect-image.c | 26 +++++++++++++++++++------- - src/shared/dissect-image.h | 23 ++++++++++++----------- - 3 files changed, 39 insertions(+), 19 deletions(-) - -diff --git a/src/portable/portable.c b/src/portable/portable.c -index 4cf5fb4f0a..5ecbeec2de 100644 ---- a/src/portable/portable.c -+++ b/src/portable/portable.c -@@ -424,9 +424,16 @@ static int portable_extract_by_path( - if (r < 0) - return r; - if (r == 0) { -+ DissectImageFlags flags = DISSECT_IMAGE_READ_ONLY; -+ - seq[0] = safe_close(seq[0]); - -- r = dissected_image_mount(m, tmpdir, UID_INVALID, UID_INVALID, DISSECT_IMAGE_READ_ONLY); -+ if (!extract_os_release) -+ flags |= DISSECT_IMAGE_VALIDATE_OS_EXT; -+ else -+ flags |= DISSECT_IMAGE_VALIDATE_OS; -+ -+ r = dissected_image_mount(m, tmpdir, UID_INVALID, UID_INVALID, flags); - if (r < 0) { - log_debug_errno(r, "Failed to mount dissected image: %m"); - goto child_finish; -diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c -index 9b30c86a53..3a24f5041f 100644 ---- a/src/shared/dissect-image.c -+++ b/src/shared/dissect-image.c -@@ -1725,17 +1725,28 @@ int dissected_image_mount( - if (r < 0) - return r; - -- if (flags & DISSECT_IMAGE_VALIDATE_OS) { -- r = path_is_os_tree(where); -- if (r < 0) -- return r; -- if (r == 0) { -+ if ((flags & (DISSECT_IMAGE_VALIDATE_OS|DISSECT_IMAGE_VALIDATE_OS_EXT)) != 0) { -+ /* If either one of the validation flags are set, ensure that the image qualifies -+ * as one or the other (or both). */ -+ bool ok = false; -+ -+ if (FLAGS_SET(flags, DISSECT_IMAGE_VALIDATE_OS)) { -+ r = path_is_os_tree(where); -+ if (r < 0) -+ return r; -+ if (r > 0) -+ ok = true; -+ } -+ if (!ok && FLAGS_SET(flags, DISSECT_IMAGE_VALIDATE_OS_EXT)) { - r = path_is_extension_tree(where, m->image_name); - if (r < 0) - return r; -- if (r == 0) -- return -EMEDIUMTYPE; -+ if (r > 0) -+ ok = true; - } -+ -+ if (!ok) -+ return -ENOMEDIUM; - } - } - -@@ -2617,6 +2628,7 @@ int dissected_image_acquire_metadata(DissectedImage *m) { - DISSECT_IMAGE_READ_ONLY| - DISSECT_IMAGE_MOUNT_ROOT_ONLY| - DISSECT_IMAGE_VALIDATE_OS| -+ DISSECT_IMAGE_VALIDATE_OS_EXT| - DISSECT_IMAGE_USR_NO_ROOT); - if (r < 0) { - /* Let parent know the error */ -diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h -index 1ce14e915e..9db2719afb 100644 ---- a/src/shared/dissect-image.h -+++ b/src/shared/dissect-image.h -@@ -100,19 +100,20 @@ typedef enum DissectImageFlags { - DISSECT_IMAGE_MOUNT_ROOT_ONLY = 1 << 6, /* Mount only the root and /usr partitions */ - DISSECT_IMAGE_MOUNT_NON_ROOT_ONLY = 1 << 7, /* Mount only the non-root and non-/usr partitions */ - DISSECT_IMAGE_VALIDATE_OS = 1 << 8, /* Refuse mounting images that aren't identifiable as OS images */ -- DISSECT_IMAGE_NO_UDEV = 1 << 9, /* Don't wait for udev initializing things */ -- DISSECT_IMAGE_RELAX_VAR_CHECK = 1 << 10, /* Don't insist that the UUID of /var is hashed from /etc/machine-id */ -- DISSECT_IMAGE_FSCK = 1 << 11, /* File system check the partition before mounting (no effect when combined with DISSECT_IMAGE_READ_ONLY) */ -- DISSECT_IMAGE_NO_PARTITION_TABLE = 1 << 12, /* Only recognize single file system images */ -- DISSECT_IMAGE_VERITY_SHARE = 1 << 13, /* When activating a verity device, reuse existing one if already open */ -- DISSECT_IMAGE_MKDIR = 1 << 14, /* Make top-level directory to mount right before mounting, if missing */ -- DISSECT_IMAGE_USR_NO_ROOT = 1 << 15, /* If no root fs is in the image, but /usr is, then allow this (so that we can mount the rootfs as tmpfs or so */ -- DISSECT_IMAGE_REQUIRE_ROOT = 1 << 16, /* Don't accept disks without root partition (or at least /usr partition if DISSECT_IMAGE_USR_NO_ROOT is set) */ -- DISSECT_IMAGE_MOUNT_READ_ONLY = 1 << 17, /* Make mounts read-only */ -+ DISSECT_IMAGE_VALIDATE_OS_EXT = 1 << 9, /* Refuse mounting images that aren't identifiable as OS extension images */ -+ DISSECT_IMAGE_NO_UDEV = 1 << 10, /* Don't wait for udev initializing things */ -+ DISSECT_IMAGE_RELAX_VAR_CHECK = 1 << 11, /* Don't insist that the UUID of /var is hashed from /etc/machine-id */ -+ DISSECT_IMAGE_FSCK = 1 << 12, /* File system check the partition before mounting (no effect when combined with DISSECT_IMAGE_READ_ONLY) */ -+ DISSECT_IMAGE_NO_PARTITION_TABLE = 1 << 13, /* Only recognize single file system images */ -+ DISSECT_IMAGE_VERITY_SHARE = 1 << 14, /* When activating a verity device, reuse existing one if already open */ -+ DISSECT_IMAGE_MKDIR = 1 << 15, /* Make top-level directory to mount right before mounting, if missing */ -+ DISSECT_IMAGE_USR_NO_ROOT = 1 << 16, /* If no root fs is in the image, but /usr is, then allow this (so that we can mount the rootfs as tmpfs or so */ -+ DISSECT_IMAGE_REQUIRE_ROOT = 1 << 17, /* Don't accept disks without root partition (or at least /usr partition if DISSECT_IMAGE_USR_NO_ROOT is set) */ -+ DISSECT_IMAGE_MOUNT_READ_ONLY = 1 << 18, /* Make mounts read-only */ - DISSECT_IMAGE_READ_ONLY = DISSECT_IMAGE_DEVICE_READ_ONLY | - DISSECT_IMAGE_MOUNT_READ_ONLY, -- DISSECT_IMAGE_GROWFS = 1 << 18, /* Grow file systems in partitions marked for that to the size of the partitions after mount */ -- DISSECT_IMAGE_MOUNT_IDMAPPED = 1 << 19, /* Mount mounts with kernel 5.12-style userns ID mapping, if file system type doesn't support uid=/gid= */ -+ DISSECT_IMAGE_GROWFS = 1 << 19, /* Grow file systems in partitions marked for that to the size of the partitions after mount */ -+ DISSECT_IMAGE_MOUNT_IDMAPPED = 1 << 20, /* Mount mounts with kernel 5.12-style userns ID mapping, if file system type doesn't support uid=/gid= */ - } DissectImageFlags; - - struct DissectedImage { --- -2.33.0 - diff --git a/backport-dissect-image-validate-extension-release-even-if-the.patch b/backport-dissect-image-validate-extension-release-even-if-the.patch deleted file mode 100644 index bea0bf6..0000000 --- a/backport-dissect-image-validate-extension-release-even-if-the.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 4b14a6aafe45270b50b4a0b75d0cce11a9ac738d Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Wed, 19 Jan 2022 00:01:48 +0000 -Subject: [PATCH] dissect-image: validate extension-release even if the host - has only ID in os-release - -A rolling distro won't set VERSION_ID or SYSEXT_LEVEL in os-release, -which means we skip validation of ExtensionImages. -Validate even with just an ID, the lower level helper already -recognizes and accepts this use case. - -Fixes https://github.com/systemd/systemd/issues/22146 - -(cherry picked from commit 37361f46d571ad0b71ef99dec6a9b76edbab38bb) -(cherry picked from commit 0dab9e5f057380322755e90ee4d35716d5bf6232) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4b14a6aafe45270b50b4a0b75d0cce11a9ac738d ---- - src/shared/dissect-image.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c -index 714baa8572..9b30c86a53 100644 ---- a/src/shared/dissect-image.c -+++ b/src/shared/dissect-image.c -@@ -3015,9 +3015,9 @@ int verity_dissect_and_mount( - /* If we got os-release values from the caller, then we need to match them with the image's - * extension-release.d/ content. Return -EINVAL if there's any mismatch. - * First, check the distro ID. If that matches, then check the new SYSEXT_LEVEL value if -- * available, or else fallback to VERSION_ID. */ -- if (required_host_os_release_id && -- (required_host_os_release_version_id || required_host_os_release_sysext_level)) { -+ * available, or else fallback to VERSION_ID. If neither is present (eg: rolling release), -+ * then a simple match on the ID will be performed. */ -+ if (required_host_os_release_id) { - _cleanup_strv_free_ char **extension_release = NULL; - - r = load_extension_release_pairs(dest, dissected_image->image_name, &extension_release); --- -2.33.0 - diff --git a/backport-dns-domain-make-each-label-nul-terminated.patch b/backport-dns-domain-make-each-label-nul-terminated.patch deleted file mode 100644 index 11d9d70..0000000 --- a/backport-dns-domain-make-each-label-nul-terminated.patch +++ /dev/null @@ -1,50 +0,0 @@ -From ec5a6e5a3011f095e739fa0636c3273fe868f2cf Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 11 Jun 2022 05:51:03 +0900 -Subject: [PATCH] dns-domain: make each label nul-terminated - -dns_label_unescape() does not nul-terminate the buffer if it does not -have enough space. Hence, if a lable is enough long, then strjoin() -triggers buffer-overflow. - -Fixes #23705. - -(cherry picked from commit 9db01ca5b0322bc035e1ccd6b8a0d98a26533b4a) -(cherry picked from commit 25158b294482f793f962e8ee5f34e99a01214321) -(cherry picked from commit ac4e64939d05ed81739028c0a45c3f99d2f91ba4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ec5a6e5a3011f095e739fa0636c3273fe868f2cf ---- - src/shared/dns-domain.c | 2 +- - src/test/test-dns-domain.c | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c -index 787bb8fec9..517fe85600 100644 ---- a/src/shared/dns-domain.c -+++ b/src/shared/dns-domain.c -@@ -1035,7 +1035,7 @@ static bool dns_service_name_label_is_valid(const char *label, size_t n) { - int dns_service_split(const char *joined, char **_name, char **_type, char **_domain) { - _cleanup_free_ char *name = NULL, *type = NULL, *domain = NULL; - const char *p = joined, *q = NULL, *d = NULL; -- char a[DNS_LABEL_MAX], b[DNS_LABEL_MAX], c[DNS_LABEL_MAX]; -+ char a[DNS_LABEL_MAX+1], b[DNS_LABEL_MAX+1], c[DNS_LABEL_MAX+1]; - int an, bn, cn, r; - unsigned x = 0; - -diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c -index 2df2380de4..10916dd057 100644 ---- a/src/test/test-dns-domain.c -+++ b/src/test/test-dns-domain.c -@@ -560,6 +560,7 @@ static void test_dns_service_split(void) { - test_dns_service_split_one("_foo._bar", NULL, "_foo._bar", ".", 0); - test_dns_service_split_one("_meh._foo._bar", "_meh", "_foo._bar", ".", 0); - test_dns_service_split_one("Wuff\\032Wuff._foo._bar.waldo.com", "Wuff Wuff", "_foo._bar", "waldo.com", 0); -+ test_dns_service_split_one("_Q._Q-------------------------------------------------------------", NULL, "_Q._Q-------------------------------------------------------------", ".", 0); - } - - static void test_dns_name_change_suffix_one(const char *name, const char *old_suffix, const char *new_suffix, int r, const char *result) { --- -2.27.0 - diff --git a/backport-dns-domain-re-introduce-dns_name_is_empty.patch b/backport-dns-domain-re-introduce-dns_name_is_empty.patch deleted file mode 100644 index 19d4d66..0000000 --- a/backport-dns-domain-re-introduce-dns_name_is_empty.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 435a9af906c02d8024811311b012c9d7a2400009 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 24 Jan 2022 06:06:55 +0900 -Subject: [PATCH] dns-domain: re-introduce dns_name_is_empty() - -(cherry picked from commit 7bdf41983044268b4bc2f9d34462db7f89ba284a) -(cherry picked from commit df08c12062dfd9903edec371598412a47a3055e0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/435a9af906c02d8024811311b012c9d7a2400009 ---- - src/shared/dns-domain.h | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h -index c25fcaacc2..24bf00bd58 100644 ---- a/src/shared/dns-domain.h -+++ b/src/shared/dns-domain.h -@@ -60,6 +60,10 @@ static inline int dns_name_is_valid_ldh(const char *s) { - return 1; - } - -+static inline bool dns_name_is_empty(const char *s) { -+ return isempty(s) || streq(s, "."); -+} -+ - void dns_name_hash_func(const char *s, struct siphash *state); - int dns_name_compare_func(const char *a, const char *b); - extern const struct hash_ops dns_name_hash_ops; --- -2.33.0 - diff --git a/backport-docs-SYSTEMD_NSS_BYPASS_BUS-is-not-honoured-anymore-.patch b/backport-docs-SYSTEMD_NSS_BYPASS_BUS-is-not-honoured-anymore-.patch deleted file mode 100644 index bd99668..0000000 --- a/backport-docs-SYSTEMD_NSS_BYPASS_BUS-is-not-honoured-anymore-.patch +++ /dev/null @@ -1,37 +0,0 @@ -From a7cfaa555379f19ab229c024027a74a5d22991d6 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 17 Feb 2022 14:47:34 +0100 -Subject: [PATCH] docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't - document it - -It was removed back in 1684c56f40f020e685e70b3d1785d596ff16f892 - -Follow-up for: 1684c56f40f020e685e70b3d1785d596ff16f892 - -(cherry picked from commit cec16155e3dab4f123ba073223477a4ef2cf10f9) -(cherry picked from commit 4ec9aec4b695e1f0a26dc9cd55719c2f91ebdd6a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a7cfaa555379f19ab229c024027a74a5d22991d6 ---- - docs/ENVIRONMENT.md | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md -index 2cec3bdc16..efb360f0a4 100644 ---- a/docs/ENVIRONMENT.md -+++ b/docs/ENVIRONMENT.md -@@ -208,10 +208,6 @@ All tools: - user/group records for dynamically registered service users (i.e. users - registered through `DynamicUser=1`). - --* `$SYSTEMD_NSS_BYPASS_BUS=1` — if set, `nss-systemd` won't use D-Bus to do -- dynamic user lookups. This is primarily useful to make `nss-systemd` work -- safely from within `dbus-daemon`. -- - `systemd-timedated`: - - * `$SYSTEMD_TIMEDATED_NTP_SERVICES=…` — colon-separated list of unit names of --- -2.33.0 - diff --git a/backport-docs-improve-wording-when-mentioning-the-acronym-ESP.patch b/backport-docs-improve-wording-when-mentioning-the-acronym-ESP.patch deleted file mode 100644 index c9e9ba0..0000000 --- a/backport-docs-improve-wording-when-mentioning-the-acronym-ESP.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 6822cfa5f066fcbf79ded85419d59a97decc67b9 Mon Sep 17 00:00:00 2001 -From: nl6720 -Date: Fri, 9 Jul 2021 12:56:54 +0300 -Subject: [PATCH] docs: improve wording when mentioning the acronym "ESP" - -"ESP" is "EFI system partition", so "ESP partition" is redundant. - -(cherry picked from commit 250db1bf02b9fd73f2e0604acddbc20937c67d19) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6822cfa5f066fcbf79ded85419d59a97decc67b9 ---- - docs/BOOT_LOADER_INTERFACE.md | 8 ++++---- - docs/BOOT_LOADER_SPECIFICATION.md | 4 ++-- - man/systemd-boot.xml | 4 ++-- - src/boot/bootctl.c | 2 +- - src/systemctl/systemctl-start-special.c | 2 +- - 5 files changed, 10 insertions(+), 10 deletions(-) - -diff --git a/docs/BOOT_LOADER_INTERFACE.md b/docs/BOOT_LOADER_INTERFACE.md -index be3b6e401d..e9155117b9 100644 ---- a/docs/BOOT_LOADER_INTERFACE.md -+++ b/docs/BOOT_LOADER_INTERFACE.md -@@ -76,10 +76,10 @@ variables. All EFI variables use the vendor UUID - * `1 << 6` → The boot loader supports passing a random seed to the OS. - - * The EFI variable `LoaderRandomSeed` contains a binary random seed if set. It -- is set by the boot loader to pass an entropy seed read from the ESP partition -- to the OS. The system manager then credits this seed to the kernel's entropy -- pool. It is the responsibility of the boot loader to ensure the quality and -- integrity of the random seed. -+ is set by the boot loader to pass an entropy seed read from the ESP to the OS. -+ The system manager then credits this seed to the kernel's entropy pool. It is -+ the responsibility of the boot loader to ensure the quality and integrity of -+ the random seed. - - * The EFI variable `LoaderSystemToken` contains binary random data, - persistently set by the OS installer. Boot loaders that support passing -diff --git a/docs/BOOT_LOADER_SPECIFICATION.md b/docs/BOOT_LOADER_SPECIFICATION.md -index b87246ede1..7b5b19700a 100644 ---- a/docs/BOOT_LOADER_SPECIFICATION.md -+++ b/docs/BOOT_LOADER_SPECIFICATION.md -@@ -61,8 +61,8 @@ Everything described below is located on a placeholder file system `$BOOT`. The - * On disks with GPT (GUID Partition Table) - * If the OS is installed on a disk with GPT, and an Extended Boot Loader Partition or XBOOTLDR partition for short, i.e. a partition with GPT type GUID of `bc13c2ff-59e6-4262-a352-b275fd6f7172`, already exists, it should be used as `$BOOT`. - * Otherwise, if the OS is installed on a disk with GPT, and an EFI System Partition or ESP for short, i.e. a partition with GPT type UID of `c12a7328-f81f-11d2-ba4b-00a0c93ec93b`) already exists and is large enough (let's say 250MB) and otherwise qualifies, it should be used as `$BOOT`. -- * Otherwise, if the OS is installed on a disk with GPT, and if the ESP partition already exists but is too small, a new suitably sized (let's say 500MB) XBOOTLDR partition shall be created and used as `$BOOT`. -- * Otherwise, if the OS is installed on a disk with GPT, and no ESP partition exists yet, a new suitably sized (let's say 500MB) ESP should be created and used as `$BOOT`. -+ * Otherwise, if the OS is installed on a disk with GPT, and if the ESP already exists but is too small, a new suitably sized (let's say 500MB) XBOOTLDR partition shall be created and used as `$BOOT`. -+ * Otherwise, if the OS is installed on a disk with GPT, and no ESP exists yet, a new suitably sized (let's say 500MB) ESP should be created and used as `$BOOT`. - - This placeholder file system shall be determined during _installation time_, and an fstab entry may be created. It should be mounted to either `/boot/` or `/efi/`. Additional locations like `/boot/efi/`, with `/boot/` being a separate file system, might be supported by implementations. This is not recommended because the mounting of `$BOOT` is then dependent on and requires the mounting of the intermediate file system. - -diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml -index 139f79fa6b..2135d9eb36 100644 ---- a/man/systemd-boot.xml -+++ b/man/systemd-boot.xml -@@ -73,8 +73,8 @@ - systemctl1 for - details. - -- An EFI variable set by the boot loader informs the OS about the ESP partition used -- during boot. This is then used to automatically mount the correct ESP partition to -+ An EFI variable set by the boot loader informs the OS about the EFI System Partition used -+ during boot. This is then used to automatically mount the correct EFI System Partition to - /efi/ or /boot/ during OS runtime. See - systemd-gpt-auto-generator8 - for details. -diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c -index df8b0542c9..fa8c600321 100644 ---- a/src/boot/bootctl.c -+++ b/src/boot/bootctl.c -@@ -1337,7 +1337,7 @@ static int verb_status(int argc, char *argv[], void *userdata) { - sd_id128_t bootloader_esp_uuid; - bool have_bootloader_esp_uuid = efi_loader_get_device_part_uuid(&bootloader_esp_uuid) >= 0; - -- print_yes_no_line(false, have_bootloader_esp_uuid, "Boot loader sets ESP partition information"); -+ print_yes_no_line(false, have_bootloader_esp_uuid, "Boot loader sets ESP information"); - if (have_bootloader_esp_uuid && !sd_id128_equal(esp_uuid, bootloader_esp_uuid)) - printf("WARNING: The boot loader reports a different ESP UUID than detected!\n"); - -diff --git a/src/systemctl/systemctl-start-special.c b/src/systemctl/systemctl-start-special.c -index 3edb65be61..56068d25f5 100644 ---- a/src/systemctl/systemctl-start-special.c -+++ b/src/systemctl/systemctl-start-special.c -@@ -36,7 +36,7 @@ static int load_kexec_kernel(void) { - return log_error_errno(r, - "No kexec kernel loaded and autodetection failed.\n%s", - is_efi_boot() -- ? "Cannot automatically load kernel: ESP partition mount point not found." -+ ? "Cannot automatically load kernel: ESP mount point not found." - : "Automatic loading works only on systems booted with EFI."); - if (r < 0) - return r; --- -2.33.0 - diff --git a/backport-docs-portablectl-is-in-bin.patch b/backport-docs-portablectl-is-in-bin.patch deleted file mode 100644 index fc62618..0000000 --- a/backport-docs-portablectl-is-in-bin.patch +++ /dev/null @@ -1,40 +0,0 @@ -From b4221cca108f46f58cc15d83a298714b4de0bebf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 7 Sep 2021 18:43:58 +0200 -Subject: [PATCH] docs: portablectl is in bin/ - -Follow-up for 80f39b81f3876ed3816061f1093db991f72269ec. - -(cherry picked from commit a00ff6717b98580136d46cde0e8f9543e60c8f76) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b4221cca108f46f58cc15d83a298714b4de0bebf ---- - docs/PORTABLE_SERVICES.md | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/docs/PORTABLE_SERVICES.md b/docs/PORTABLE_SERVICES.md -index d9171c7b65..ec4a50373c 100644 ---- a/docs/PORTABLE_SERVICES.md -+++ b/docs/PORTABLE_SERVICES.md -@@ -86,7 +86,7 @@ If you have a portable service image, maybe in a raw disk image called - `foobar_0.7.23.raw`, then attaching the services to the host is as easy as: - - ``` --# /usr/lib/systemd/portablectl attach foobar_0.7.23.raw -+# portablectl attach foobar_0.7.23.raw - ``` - - This command does the following: -@@ -268,7 +268,7 @@ include template units such as `foobar@.service`, so that instantiation is as - simple as: - - ``` --# /usr/lib/systemd/portablectl attach foobar_0.7.23.raw -+# portablectl attach foobar_0.7.23.raw - # systemctl enable --now foobar@instancea.service - # systemctl enable --now foobar@instanceb.service - … --- -2.33.0 - diff --git a/backport-errno-util-add-ERRNO_IS_DEVICE_ABSENT-macro.patch b/backport-errno-util-add-ERRNO_IS_DEVICE_ABSENT-macro.patch deleted file mode 100644 index 4332d61..0000000 --- a/backport-errno-util-add-ERRNO_IS_DEVICE_ABSENT-macro.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 3f2ada89f3a277625390bf6789ccd4e7aba08743 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 24 Mar 2022 13:50:50 +0100 -Subject: [PATCH] errno-util: add ERRNO_IS_DEVICE_ABSENT() macro - -Inspired by: https://github.com/systemd/systemd/pull/22717#discussion_r834254495 - -Reference:https://github.com/systemd/systemd/commit/3f2ada89f3a277625390bf6789ccd4e7aba08743 -Conflict:discard change on homework-luks.c - ---- - src/basic/errno-util.h | 10 +++++++++- - src/rfkill/rfkill.c | 2 +- - src/udev/udev-builtin-btrfs.c | 3 ++- - 3 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h -index 09abf0b7512d..648de50eb497 100644 ---- a/src/basic/errno-util.h -+++ b/src/basic/errno-util.h -@@ -138,10 +138,18 @@ static inline bool ERRNO_IS_PRIVILEGE(int r) { - EPERM); - } - --/* Three difference errors for "not enough disk space" */ -+/* Three different errors for "not enough disk space" */ - static inline bool ERRNO_IS_DISK_SPACE(int r) { - return IN_SET(abs(r), - ENOSPC, - EDQUOT, - EFBIG); - } -+ -+/* Three different errors for "this device does not quite exist" */ -+static inline bool ERRNO_IS_DEVICE_ABSENT(int r) { -+ return IN_SET(abs(r), -+ ENODEV, -+ ENXIO, -+ ENOENT); -+} -diff --git a/src/rfkill/rfkill.c b/src/rfkill/rfkill.c -index 656afa06ac8b..a833771d97f2 100644 ---- a/src/rfkill/rfkill.c -+++ b/src/rfkill/rfkill.c -@@ -80,7 +80,7 @@ static int find_device( - - r = sd_device_new_from_subsystem_sysname(&device, "rfkill", sysname); - if (r < 0) -- return log_full_errno(IN_SET(r, -ENOENT, -ENXIO, -ENODEV) ? LOG_DEBUG : LOG_ERR, r, -+ return log_full_errno(ERRNO_IS_DEVICE_ABSENT(r) ? LOG_DEBUG : LOG_ERR, r, - "Failed to open device '%s': %m", sysname); - - r = sd_device_get_sysattr_value(device, "name", &name); -diff --git a/src/udev/udev-builtin-btrfs.c b/src/udev/udev-builtin-btrfs.c -index a0093cb42347..f9d4f1dd4ef4 100644 ---- a/src/udev/udev-builtin-btrfs.c -+++ b/src/udev/udev-builtin-btrfs.c -@@ -6,6 +6,7 @@ - #include - - #include "device-util.h" -+#include "errno-util.h" - #include "fd-util.h" - #include "string-util.h" - #include "strxcpyx.h" -@@ -22,7 +23,7 @@ static int builtin_btrfs(sd_device *dev, sd_netlink **rtnl, int argc, char *argv - - fd = open("/dev/btrfs-control", O_RDWR|O_CLOEXEC); - if (fd < 0) { -- if (IN_SET(errno, ENOENT, ENXIO, ENODEV)) { -+ if (ERRNO_IS_DEVICE_ABSENT(errno)) { - /* Driver not installed? Then we aren't ready. This is useful in initrds that lack - * btrfs.ko. After the host transition (where btrfs.ko will hopefully become - * available) the device can be retriggered and will then be considered ready. */ - diff --git a/backport-ether-addr-util-make-hw_addr_to_string-return-valid-.patch b/backport-ether-addr-util-make-hw_addr_to_string-return-valid-.patch deleted file mode 100644 index 5980741..0000000 --- a/backport-ether-addr-util-make-hw_addr_to_string-return-valid-.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 798baafc027d829bdf6fc41163e6d12085a2c620 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 15 Sep 2021 22:59:52 +0900 -Subject: [PATCH] ether-addr-util: make hw_addr_to_string() return valid string - even if hardware address is null - -Previously, when the length of the hardware address is zero, then the -buffer was not nul-terminated. - -This also replaces sprintf() with hexchar(). - -(cherry picked from commit 914ac555cd40f9c09e655a737214bfb7de21b8d9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/798baafc027d829bdf6fc41163e6d12085a2c620 ---- - src/basic/ether-addr-util.c | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git a/src/basic/ether-addr-util.c b/src/basic/ether-addr-util.c -index e660ac2c6f..dc5b5b833d 100644 ---- a/src/basic/ether-addr-util.c -+++ b/src/basic/ether-addr-util.c -@@ -7,6 +7,7 @@ - #include - - #include "ether-addr-util.h" -+#include "hexdecoct.h" - #include "macro.h" - #include "string-util.h" - -@@ -15,12 +16,13 @@ char* hw_addr_to_string(const struct hw_addr_data *addr, char buffer[HW_ADDR_TO_ - assert(buffer); - assert(addr->length <= HW_ADDR_MAX_SIZE); - -- for (size_t i = 0; i < addr->length; i++) { -- sprintf(&buffer[3*i], "%02"PRIx8, addr->bytes[i]); -- if (i < addr->length - 1) -- buffer[3*i + 2] = ':'; -+ for (size_t i = 0, j = 0; i < addr->length; i++) { -+ buffer[j++] = hexchar(addr->bytes[i] >> 4); -+ buffer[j++] = hexchar(addr->bytes[i] & 0x0f); -+ buffer[j++] = ':'; - } - -+ buffer[addr->length > 0 ? addr->length * 3 - 1 : 0] = '\0'; - return buffer; - } - --- -2.33.0 - diff --git a/backport-event-util-introduce-event_reset_time_relative.patch b/backport-event-util-introduce-event_reset_time_relative.patch deleted file mode 100644 index 5279c50..0000000 --- a/backport-event-util-introduce-event_reset_time_relative.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 52c3bc708fb6a3eb68a3cac780b49192818bd409 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 13 Nov 2021 10:33:08 +0900 -Subject: [PATCH] event-util: introduce event_reset_time_relative() - -Reference:https://github.com/systemd/systemd/commit/52c3bc708fb6a3eb68a3cac780b49192818bd409 -Conflict:NA - ---- - src/libsystemd/sd-event/event-util.c | 24 ++++++++++++++++++++++++ - src/libsystemd/sd-event/event-util.h | 26 ++++++++++++++++++++++---- - 2 files changed, 46 insertions(+), 4 deletions(-) - -diff --git a/src/libsystemd/sd-event/event-util.c b/src/libsystemd/sd-event/event-util.c -index 132796f..0e53406 100644 ---- a/src/libsystemd/sd-event/event-util.c -+++ b/src/libsystemd/sd-event/event-util.c -@@ -84,6 +84,30 @@ int event_reset_time( - return created; - } - -+int event_reset_time_relative( -+ sd_event *e, -+ sd_event_source **s, -+ clockid_t clock, -+ uint64_t usec, -+ uint64_t accuracy, -+ sd_event_time_handler_t callback, -+ void *userdata, -+ int64_t priority, -+ const char *description, -+ bool force_reset) { -+ -+ usec_t usec_now; -+ int r; -+ -+ assert(e); -+ -+ r = sd_event_now(e, clock, &usec_now); -+ if (r < 0) -+ return log_debug_errno(r, "sd-event: Failed to get the current time: %m"); -+ -+ return event_reset_time(e, s, clock, usec_add(usec_now, usec), accuracy, callback, userdata, priority, description, force_reset); -+} -+ - int event_source_disable(sd_event_source *s) { - if (!s) - return 0; -diff --git a/src/libsystemd/sd-event/event-util.h b/src/libsystemd/sd-event/event-util.h -index c8f97bc..64a4199 100644 ---- a/src/libsystemd/sd-event/event-util.h -+++ b/src/libsystemd/sd-event/event-util.h -@@ -5,9 +5,27 @@ - - #include "sd-event.h" - --int event_reset_time(sd_event *e, sd_event_source **s, -- clockid_t clock, uint64_t usec, uint64_t accuracy, -- sd_event_time_handler_t callback, void *userdata, -- int64_t priority, const char *description, bool force_reset); -+int event_reset_time( -+ sd_event *e, -+ sd_event_source **s, -+ clockid_t clock, -+ uint64_t usec, -+ uint64_t accuracy, -+ sd_event_time_handler_t callback, -+ void *userdata, -+ int64_t priority, -+ const char *description, -+ bool force_reset); -+int event_reset_time_relative( -+ sd_event *e, -+ sd_event_source **s, -+ clockid_t clock, -+ uint64_t usec, -+ uint64_t accuracy, -+ sd_event_time_handler_t callback, -+ void *userdata, -+ int64_t priority, -+ const char *description, -+ bool force_reset); - int event_source_disable(sd_event_source *s); - int event_source_is_enabled(sd_event_source *s); --- -2.33.0 - diff --git a/backport-execute-document-that-the-env-param-is-input-and-out.patch b/backport-execute-document-that-the-env-param-is-input-and-out.patch deleted file mode 100644 index 0e386ac..0000000 --- a/backport-execute-document-that-the-env-param-is-input-and-out.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 5c8437361d54bd6c04d613619f71c161df32024f Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 1 Feb 2022 13:50:28 +0100 -Subject: [PATCH] execute: document that the 'env' param is input *and* output - -(cherry picked from commit 421bb42d1b366c00392ef5bbab6a67412295b6dc) -(cherry picked from commit c4357f31da66b1917d3612d02c28adb300d4b0c6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5c8437361d54bd6c04d613619f71c161df32024f ---- - src/core/execute.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 1129905b61..e24775c150 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -1152,7 +1152,7 @@ static int setup_pam( - uid_t uid, - gid_t gid, - const char *tty, -- char ***env, -+ char ***env, /* updated on success */ - const int fds[], size_t n_fds) { - - #if HAVE_PAM --- -2.33.0 - diff --git a/backport-execute-line-break-comments-a-bit-less-aggressively.patch b/backport-execute-line-break-comments-a-bit-less-aggressively.patch deleted file mode 100644 index b10e32d..0000000 --- a/backport-execute-line-break-comments-a-bit-less-aggressively.patch +++ /dev/null @@ -1,107 +0,0 @@ -From ee7db04c13f5b46ad2437762caa7b4c239780de5 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 1 Feb 2022 13:50:13 +0100 -Subject: [PATCH] execute: line break comments a bit less aggressively - -(cherry picked from commit cafc5ca147cb05b90bd731661d8594c299601f79) -(cherry picked from commit 14567dc93d5c498bfaadd28478f59952f6da320c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ee7db04c13f5b46ad2437762caa7b4c239780de5 ---- - src/core/execute.c | 41 +++++++++++++++++------------------------ - 1 file changed, 17 insertions(+), 24 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index b6c54493d3..1129905b61 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -1238,8 +1238,7 @@ static int setup_pam( - goto fail; - } - -- /* Block SIGTERM, so that we know that it won't get lost in -- * the child */ -+ /* Block SIGTERM, so that we know that it won't get lost in the child */ - - assert_se(sigprocmask_many(SIG_BLOCK, &old_ss, SIGTERM, -1) >= 0); - -@@ -1251,18 +1250,16 @@ static int setup_pam( - if (r == 0) { - int sig, ret = EXIT_PAM; - -- /* The child's job is to reset the PAM session on -- * termination */ -+ /* The child's job is to reset the PAM session on termination */ - barrier_set_role(&barrier, BARRIER_CHILD); - - /* Make sure we don't keep open the passed fds in this child. We assume that otherwise only - * those fds are open here that have been opened by PAM. */ - (void) close_many(fds, n_fds); - -- /* Drop privileges - we don't need any to pam_close_session -- * and this will make PR_SET_PDEATHSIG work in most cases. -- * If this fails, ignore the error - but expect sd-pam threads -- * to fail to exit normally */ -+ /* Drop privileges - we don't need any to pam_close_session and this will make -+ * PR_SET_PDEATHSIG work in most cases. If this fails, ignore the error - but expect sd-pam -+ * threads to fail to exit normally */ - - r = maybe_setgroups(0, NULL); - if (r < 0) -@@ -1274,20 +1271,16 @@ static int setup_pam( - - (void) ignore_signals(SIGPIPE); - -- /* Wait until our parent died. This will only work if -- * the above setresuid() succeeds, otherwise the kernel -- * will not allow unprivileged parents kill their privileged -- * children this way. We rely on the control groups kill logic -- * to do the rest for us. */ -+ /* Wait until our parent died. This will only work if the above setresuid() succeeds, -+ * otherwise the kernel will not allow unprivileged parents kill their privileged children -+ * this way. We rely on the control groups kill logic to do the rest for us. */ - if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0) - goto child_finish; - -- /* Tell the parent that our setup is done. This is especially -- * important regarding dropping privileges. Otherwise, unit -- * setup might race against our setresuid(2) call. -+ /* Tell the parent that our setup is done. This is especially important regarding dropping -+ * privileges. Otherwise, unit setup might race against our setresuid(2) call. - * -- * If the parent aborted, we'll detect this below, hence ignore -- * return failure here. */ -+ * If the parent aborted, we'll detect this below, hence ignore return failure here. */ - (void) barrier_place(&barrier); - - /* Check if our parent process might already have died? */ -@@ -1332,19 +1325,19 @@ static int setup_pam( - - barrier_set_role(&barrier, BARRIER_PARENT); - -- /* If the child was forked off successfully it will do all the -- * cleanups, so forget about the handle here. */ -+ /* If the child was forked off successfully it will do all the cleanups, so forget about the handle -+ * here. */ - handle = NULL; - - /* Unblock SIGTERM again in the parent */ - assert_se(sigprocmask(SIG_SETMASK, &old_ss, NULL) >= 0); - -- /* We close the log explicitly here, since the PAM modules -- * might have opened it, but we don't want this fd around. */ -+ /* We close the log explicitly here, since the PAM modules might have opened it, but we don't want -+ * this fd around. */ - closelog(); - -- /* Synchronously wait for the child to initialize. We don't care for -- * errors as we cannot recover. However, warn loudly if it happens. */ -+ /* Synchronously wait for the child to initialize. We don't care for errors as we cannot -+ * recover. However, warn loudly if it happens. */ - if (!barrier_place_and_sync(&barrier)) - log_error("PAM initialization failed"); - --- -2.33.0 - diff --git a/backport-execute-respect-selinux_context_ignore.patch b/backport-execute-respect-selinux_context_ignore.patch deleted file mode 100644 index 7dacf3c..0000000 --- a/backport-execute-respect-selinux_context_ignore.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 38d0d41e0fc5d559cff5a1bcf46482aec9d6f5ef Mon Sep 17 00:00:00 2001 -From: Topi Miettinen -Date: Sat, 30 Oct 2021 19:58:41 +0300 -Subject: [PATCH] execute: respect selinux_context_ignore - -When `SELinuxContext=` parameter is prefixed with `-`, the documentation states -that any errors determining or changing context should be ignored, but this -doesn't actually happen and the service may fail with `229/SELINUX_CONTEXT`. - -Fix by adding checks to `context->selinux_context_ignore`. - -Closes: #21057 -(cherry picked from commit 2ad2925de5f258d128ec8cdb07f10f3c52fa4fcf) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/38d0d41e0fc5d559cff5a1bcf46482aec9d6f5ef ---- - src/core/execute.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 6ff757ff04..e324db87cc 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -4361,7 +4361,7 @@ static int exec_child( - - if (fd >= 0) { - r = mac_selinux_get_child_mls_label(fd, executable, context->selinux_context, &mac_selinux_context_net); -- if (r < 0) { -+ if (r < 0 && !context->selinux_context_ignore) { - *exit_status = EXIT_SELINUX_CONTEXT; - return log_unit_error_errno(unit, r, "Failed to determine SELinux context: %m"); - } -@@ -4495,7 +4495,7 @@ static int exec_child( - - if (exec_context) { - r = setexeccon(exec_context); -- if (r < 0) { -+ if (r < 0 && !context->selinux_context_ignore) { - *exit_status = EXIT_SELINUX_CONTEXT; - return log_unit_error_errno(unit, r, "Failed to change SELinux context to %s: %m", exec_context); - } --- -2.33.0 - diff --git a/backport-execute-use-_cleanup_-logic-where-appropriate.patch b/backport-execute-use-_cleanup_-logic-where-appropriate.patch deleted file mode 100644 index 07b41e7..0000000 --- a/backport-execute-use-_cleanup_-logic-where-appropriate.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 1fa6abd4ae2445b08e3c3fc3d4eade1e833f43da Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 1 Feb 2022 13:49:56 +0100 -Subject: [PATCH] execute: use _cleanup_ logic where appropriate - -(cherry picked from commit 46e5bbab5895b7137b03453dee08bd1c89c710e9) -(cherry picked from commit 9b2954b79435eaf54be208acdce8026b83bdc249) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1fa6abd4ae2445b08e3c3fc3d4eade1e833f43da ---- - src/core/execute.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 04c0513453..b6c54493d3 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -1163,10 +1163,11 @@ static int setup_pam( - }; - - _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL; -+ _cleanup_strv_free_ char **e = NULL; - pam_handle_t *handle = NULL; - sigset_t old_ss; - int pam_code = PAM_SUCCESS, r; -- char **nv, **e = NULL; -+ char **nv; - bool close_session = false; - pid_t pam_pid = 0, parent_pid; - int flags = 0; -@@ -1363,9 +1364,7 @@ fail: - (void) pam_end(handle, pam_code | flags); - } - -- strv_free(e); - closelog(); -- - return r; - #else - return 0; --- -2.33.0 - diff --git a/backport-explicitly-close-FIDO2-devices.patch b/backport-explicitly-close-FIDO2-devices.patch deleted file mode 100644 index c1b7926..0000000 --- a/backport-explicitly-close-FIDO2-devices.patch +++ /dev/null @@ -1,66 +0,0 @@ -From d6e4920b10c3da1665cb44f4686893b865003d12 Mon Sep 17 00:00:00 2001 -From: pedro martelletto -Date: Wed, 8 Sep 2021 10:42:56 +0200 -Subject: [PATCH] explicitly close FIDO2 devices - -FIDO2 device access is serialised by libfido2 using flock(). -Therefore, make sure to close a FIDO2 device once we are done -with it, or we risk opening it again at a later point and -deadlocking. Fixes #20664. - -(cherry picked from commit b6aa89b0a399992c8ea762e6ec4f30cff90618f2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d6e4920b10c3da1665cb44f4686893b865003d12 ---- - src/shared/libfido2-util.c | 2 ++ - src/shared/libfido2-util.h | 5 ++++- - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c -index 12c644dcfc..6d18178b68 100644 ---- a/src/shared/libfido2-util.c -+++ b/src/shared/libfido2-util.c -@@ -58,6 +58,7 @@ bool (*sym_fido_dev_is_fido2)(const fido_dev_t *) = NULL; - int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *) = NULL; - fido_dev_t* (*sym_fido_dev_new)(void) = NULL; - int (*sym_fido_dev_open)(fido_dev_t *, const char *) = NULL; -+int (*sym_fido_dev_close)(fido_dev_t *) = NULL; - const char* (*sym_fido_strerr)(int) = NULL; - - int dlopen_libfido2(void) { -@@ -106,6 +107,7 @@ int dlopen_libfido2(void) { - DLSYM_ARG(fido_dev_make_cred), - DLSYM_ARG(fido_dev_new), - DLSYM_ARG(fido_dev_open), -+ DLSYM_ARG(fido_dev_close), - DLSYM_ARG(fido_strerr)); - } - -diff --git a/src/shared/libfido2-util.h b/src/shared/libfido2-util.h -index 5640cca5e3..4ebf8ab775 100644 ---- a/src/shared/libfido2-util.h -+++ b/src/shared/libfido2-util.h -@@ -60,6 +60,7 @@ extern bool (*sym_fido_dev_is_fido2)(const fido_dev_t *); - extern int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *); - extern fido_dev_t* (*sym_fido_dev_new)(void); - extern int (*sym_fido_dev_open)(fido_dev_t *, const char *); -+extern int (*sym_fido_dev_close)(fido_dev_t *); - extern const char* (*sym_fido_strerr)(int); - - int dlopen_libfido2(void); -@@ -75,8 +76,10 @@ static inline void fido_assert_free_wrapper(fido_assert_t **p) { - } - - static inline void fido_dev_free_wrapper(fido_dev_t **p) { -- if (*p) -+ if (*p) { -+ sym_fido_dev_close(*p); - sym_fido_dev_free(p); -+ } - } - - static inline void fido_cred_free_wrapper(fido_cred_t **p) { --- -2.33.0 - diff --git a/backport-fileio-fix-truncated-read-handling-in-read_virtual_f.patch b/backport-fileio-fix-truncated-read-handling-in-read_virtual_f.patch deleted file mode 100644 index 7b02708..0000000 --- a/backport-fileio-fix-truncated-read-handling-in-read_virtual_f.patch +++ /dev/null @@ -1,44 +0,0 @@ -From c9e0daf821b3e1e6504ca4c4e3a8b73513e28fa7 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 16 Sep 2021 12:20:09 +0200 -Subject: [PATCH] fileio: fix truncated read handling in read_virtual_file() - -We mishandled the case where the size we read from the file actually -matched the maximum size fully. In that case we cannot really make a -determination whether the file was fully read or only partially. In that -case let's do another loop, so that we operate with a buffer, and -we can detect the EOF (which will be signalled to us via a short read). - -(cherry picked from commit 00bd9a4a82ed57bc0c7f158da4564fc1eab808b4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c9e0daf821b3e1e6504ca4c4e3a8b73513e28fa7 ---- - src/basic/fileio.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 1046e5b9b4..6c8ebe63e0 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -470,9 +470,14 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents - if (n <= size) - break; - -- /* If a maximum size is specified and we already read as much, no need to try again */ -- if (max_size != SIZE_MAX && n >= max_size) { -- n = max_size; -+ /* If a maximum size is specified and we already read more we know the file is larger, and -+ * can handle this as truncation case. Note that if the size of what we read equals the -+ * maximum size then this doesn't mean truncation, the file might or might not end on that -+ * byte. We need to rerun the loop in that case, with a larger buffer size, so that we read -+ * at least one more byte to be able to distinguish EOF from truncation. */ -+ if (max_size != SIZE_MAX && n > max_size) { -+ n = size; /* Make sure we never use more than what we sized the buffer for (so that -+ * we have one free byte in it for the trailing NUL we add below).*/ - truncated = true; - break; - } --- -2.33.0 - diff --git a/backport-fileio-lower-maximum-virtual-file-buffer-size-by-one.patch b/backport-fileio-lower-maximum-virtual-file-buffer-size-by-one.patch deleted file mode 100644 index e883954..0000000 --- a/backport-fileio-lower-maximum-virtual-file-buffer-size-by-one.patch +++ /dev/null @@ -1,71 +0,0 @@ -From feb68f6aad36930f0b0c6c70164287c5bc46b64c Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 14 Sep 2021 23:03:37 +0200 -Subject: [PATCH] fileio: lower maximum virtual file buffer size by one byte -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When reading virtual files (i.e. procfs, sysfs, …) we currently put a -limit of 4M-1 on that. We have to pick something, and we have to read -these files in a single read() (since the kernel generally doesn't -support continuation read()s for them). 4M-1 is actually the maximum -size the kernel allows for reads from files in /proc/sys/, all larger -reads will result in an ENOMEM error (which is really weird, but the -kernel does what the kernel does). Hence 4M-1 sounds like a smart -choice. - -However, we made one mistake here: in order to be able to detect EOFs -properly we actually read one byte more than we actually intend to -return: if that extra byte can be read, then we know the file is -actually larger than our limit and we can generate an EFBIG error from -that. However, if it cannot be read then we know EOF was hit, and we are -good. So ultimately after all we issued a single 4M read, which the -kernel then responds with ENOMEM to. And that means read_virtual_file() -actually doesn't work properly right now on /proc/sys/. Let's fix that. - -The fix is simple, lower the limit of the the buffer we intend to return -by one, i.e. 4M-2. That way, the read() we'll issue is exactly as large -as the limit the kernel allows, and we still get safely detect EOF from -it. - -(cherry picked from commit 7ab7547a40d456d34120b2f44b26385ac1338ebd) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/feb68f6aad36930f0b0c6c70164287c5bc46b64c ---- - src/basic/fileio.c | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 99a44fdea2..ba0ca98d72 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -30,14 +30,16 @@ - /* The maximum size of the file we'll read in one go in read_full_file() (64M). */ - #define READ_FULL_BYTES_MAX (64U*1024U*1024U - 1U) - --/* The maximum size of virtual files we'll read in one go in read_virtual_file() (4M). Note that this limit -- * is different (and much lower) than the READ_FULL_BYTES_MAX limit. This reflects the fact that we use -- * different strategies for reading virtual and regular files: virtual files are generally size constrained: -- * there we allocate the full buffer size in advance. Regular files OTOH can be much larger, and here we grow -- * the allocations exponentially in a loop. In glibc large allocations are immediately backed by mmap() -- * making them relatively slow (measurably so). Thus, when allocating the full buffer in advance the large -- * limit is a problem. When allocating piecemeal it's not. Hence pick two distinct limits. */ --#define READ_VIRTUAL_BYTES_MAX (4U*1024U*1024U - 1U) -+/* The maximum size of virtual files (i.e. procfs, sysfs, and other virtual "API" files) we'll read in one go -+ * in read_virtual_file(). Note that this limit is different (and much lower) than the READ_FULL_BYTES_MAX -+ * limit. This reflects the fact that we use different strategies for reading virtual and regular files: -+ * virtual files we generally have to read in a single read() syscall since the kernel doesn't support -+ * continuation read()s for them. Thankfully they are somewhat size constrained. Thus we can allocate the -+ * full potential buffer in advance. Regular files OTOH can be much larger, and there we grow the allocations -+ * exponentially in a loop. We use a size limit of 4M-2 because 4M-1 is the maximum buffer that /proc/sys/ -+ * allows us to read() (larger reads will fail with ENOMEM), and we want to read one extra byte so that we -+ * can detect EOFs. */ -+#define READ_VIRTUAL_BYTES_MAX (4U*1024U*1024U - 2U) - - int fopen_unlocked(const char *path, const char *options, FILE **ret) { - assert(ret); --- -2.33.0 - diff --git a/backport-fileio-set-O_NOCTTY-when-reading-virtual-files.patch b/backport-fileio-set-O_NOCTTY-when-reading-virtual-files.patch deleted file mode 100644 index 2d7ae85..0000000 --- a/backport-fileio-set-O_NOCTTY-when-reading-virtual-files.patch +++ /dev/null @@ -1,32 +0,0 @@ -From ca6c93956879e368e40bbf5a742fcb1689712d81 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 14 Sep 2021 23:11:55 +0200 -Subject: [PATCH] fileio: set O_NOCTTY when reading virtual files - -Better be safe than sorry, maybe someone points this call to a TTY one -day, and we'd rather not make it our controlling TTY in that case. - -(cherry picked from commit be991d7678c35aa037ef79672c0c70781eebed9c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ca6c93956879e368e40bbf5a742fcb1689712d81 ---- - src/basic/fileio.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index ba0ca98d72..39abf985eb 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -395,7 +395,7 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents - * contents* may be returned. (Though the read is still done using one syscall.) Returns 0 on - * partial success, 1 if untruncated contents were read. */ - -- fd = open(filename, O_RDONLY|O_CLOEXEC); -+ fd = open(filename, O_RDONLY|O_NOCTTY|O_CLOEXEC); - if (fd < 0) - return -errno; - --- -2.33.0 - diff --git a/backport-fileio-start-with-4k-buffer-for-procfs.patch b/backport-fileio-start-with-4k-buffer-for-procfs.patch deleted file mode 100644 index ed9f02a..0000000 --- a/backport-fileio-start-with-4k-buffer-for-procfs.patch +++ /dev/null @@ -1,46 +0,0 @@ -From b3f5d2f4044751a4a741e033a9bc621ede573cb2 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Tue, 14 Sep 2021 16:33:10 -0700 -Subject: [PATCH] fileio: start with 4k buffer for procfs - -There's a very gradual increase of anonymous memory in systemd-journald that -blames to 2ac67221bb6270f0fbe7cbd0076653832cd49de2. - -systemd-journald makes many calls to read /proc/PID/cmdline and -/proc/PID/status, both of which tend to be well under 4K. However the -combination of allocating 4M read buffers, then using `realloc()` to -shrink the buffer in `read_virtual_file()` appears to be creating -fragmentation in the heap (when combined with the other allocations -systemd-journald is doing). - -To help mitigate this, try reading /proc with a 4K buffer as -`read_virtual_file()` did before 2ac67221bb6270f0fbe7cbd0076653832cd49de2. -If it isn't big enough then try again with the larger buffers. - -(cherry picked from commit 5aaa55d841249f057fd69e50cf12a52e9781a6ce) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b3f5d2f4044751a4a741e033a9bc621ede573cb2 ---- - src/basic/fileio.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 39abf985eb..1046e5b9b4 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -433,6 +433,11 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents - } - - n_retries--; -+ } else if (n_retries > 1) { -+ /* Files in /proc are generally smaller than the page size so let's start with a page size -+ * buffer from malloc and only use the max buffer on the final try. */ -+ size = MIN3(page_size() - 1, READ_VIRTUAL_BYTES_MAX, max_size); -+ n_retries = 1; - } else { - size = MIN(READ_VIRTUAL_BYTES_MAX, max_size); - n_retries = 0; --- -2.33.0 - diff --git a/backport-fix-CVE-2021-33910.patch b/backport-fix-CVE-2021-33910.patch deleted file mode 100644 index cf702e5..0000000 --- a/backport-fix-CVE-2021-33910.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 764b74113e36ac5219a4b82a05f311b5a92136ce Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 23 Jun 2021 11:46:41 +0200 -Subject: [PATCH] basic/unit-name: do not use strdupa() on a path - -The path may have unbounded length, for example through a fuse mount. - -CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and -ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo -and each mountpoint is passed to mount_setup_unit(), which calls -unit_name_path_escape() underneath. A local attacker who is able to mount a -filesystem with a very long path can crash systemd and the whole system. - -https://bugzilla.redhat.com/show_bug.cgi?id=1970887 - -The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we -can't easily check the length after simplification before doing the -simplification, which in turns uses a copy of the string we can write to. -So we can't reject paths that are too long before doing the duplication. -Hence the most obvious solution is to switch back to strdup(), as before -7410616cd9dbbec97cf98d75324da5cda2b2f7a2. - -(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/764b74113e36ac5219a4b82a05f311b5a92136ce ---- - src/basic/unit-name.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c -index 284a773483..a22763443f 100644 ---- a/src/basic/unit-name.c -+++ b/src/basic/unit-name.c -@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) { - } - - int unit_name_path_escape(const char *f, char **ret) { -- char *p, *s; -+ _cleanup_free_ char *p = NULL; -+ char *s; - - assert(f); - assert(ret); - -- p = strdupa(f); -+ p = strdup(f); - if (!p) - return -ENOMEM; - -@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) { - if (!path_is_normalized(p)) - return -EINVAL; - -- /* Truncate trailing slashes */ -+ /* Truncate trailing slashes and skip leading slashes */ - delete_trailing_chars(p, "/"); -- -- /* Truncate leading slashes */ -- p = skip_leading_chars(p, "/"); -- -- s = unit_name_escape(p); -+ s = unit_name_escape(skip_leading_chars(p, "/")); - } - if (!s) - return -ENOMEM; --- -2.33.0 - diff --git a/backport-fix-CVE-2022-3821.patch b/backport-fix-CVE-2022-3821.patch deleted file mode 100644 index 0c26aa6..0000000 --- a/backport-fix-CVE-2022-3821.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 8d2d0895229cfbe39c1c5c16e61e426812a72e8b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 7 Jul 2022 18:27:02 +0900 -Subject: [PATCH] time-util: fix buffer-over-run - -Fixes #23928. -Conflict:adapt test context -Reference:https://github.com/systemd/systemd/pull/23933/commits/8d2d0895229cfbe39c1c5c16e61e426812a72e8b ---- - src/basic/time-util.c | 2 +- - src/test/test-time-util.c | 5 +++++ - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/basic/time-util.c b/src/basic/time-util.c -index 5d162e8..2cc0b92 100644 ---- a/src/basic/time-util.c -+++ b/src/basic/time-util.c -@@ -590,7 +590,7 @@ char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) { - t = b; - } - -- n = MIN((size_t) k, l); -+ n = MIN((size_t) k, l-1); - - l -= n; - p += n; -diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c -index 6f4675a..d7cb71c 100644 ---- a/src/test/test-time-util.c -+++ b/src/test/test-time-util.c -@@ -241,6 +241,11 @@ static void test_format_timespan(usec_t accuracy) { - test_format_timespan_one(500 * USEC_PER_MSEC, accuracy); - test_format_timespan_one(9*USEC_PER_YEAR/5 - 23, accuracy); - test_format_timespan_one(USEC_INFINITY, accuracy); -+ -+ /* See issue #23928. */ -+ _cleanup_free_ char *buf; -+ assert_se(buf = new(char, 5)); -+ assert_se(buf == format_timespan(buf, 5, 100005, 1000)); - } - - static void test_verify_timezone(void) { --- -2.27.0 - diff --git a/backport-fix-ConditionDirectoryNotEmpty-when-it-comes-to-a-No.patch b/backport-fix-ConditionDirectoryNotEmpty-when-it-comes-to-a-No.patch deleted file mode 100644 index 182e9c6..0000000 --- a/backport-fix-ConditionDirectoryNotEmpty-when-it-comes-to-a-No.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 10fc8b7775a8cfd9519a1c6628d813b1aa315a33 Mon Sep 17 00:00:00 2001 -From: jiangchuangang -Date: Mon, 29 Nov 2021 22:30:37 +0800 -Subject: [PATCH] fix ConditionDirectoryNotEmpty when it comes to a - Non-directory file - -(cherry picked from commit 193105f2d0408e2d96265935174b3cf0f100ef2e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/10fc8b7775a8cfd9519a1c6628d813b1aa315a33 ---- - src/shared/condition.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/condition.c b/src/shared/condition.c -index ec9d57b292..163ddc1208 100644 ---- a/src/shared/condition.c -+++ b/src/shared/condition.c -@@ -934,7 +934,7 @@ static int condition_test_directory_not_empty(Condition *c, char **env) { - assert(c->type == CONDITION_DIRECTORY_NOT_EMPTY); - - r = dir_is_empty(c->parameter); -- return r <= 0 && r != -ENOENT; -+ return r <= 0 && !IN_SET(r, -ENOENT, -ENOTDIR); - } - - static int condition_test_file_not_empty(Condition *c, char **env) { --- -2.33.0 - diff --git a/backport-fix-ConditionPathIsReadWrite-when-path-does-not-exis.patch b/backport-fix-ConditionPathIsReadWrite-when-path-does-not-exis.patch deleted file mode 100644 index b70ba2c..0000000 --- a/backport-fix-ConditionPathIsReadWrite-when-path-does-not-exis.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 80b7a4276abb832b6af1d1d060affb0988ab7fa0 Mon Sep 17 00:00:00 2001 -From: jiangchuangang -Date: Tue, 30 Nov 2021 15:25:27 +0800 -Subject: [PATCH] fix ConditionPathIsReadWrite when path does not exist. - -(cherry picked from commit 7c4c9948d02ceda903ed4e4deea0d0084612625a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/80b7a4276abb832b6af1d1d060affb0988ab7fa0 ---- - src/shared/condition.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/shared/condition.c b/src/shared/condition.c -index 163ddc1208..6645f771dd 100644 ---- a/src/shared/condition.c -+++ b/src/shared/condition.c -@@ -897,11 +897,15 @@ static int condition_test_path_is_mount_point(Condition *c, char **env) { - } - - static int condition_test_path_is_read_write(Condition *c, char **env) { -+ int r; -+ - assert(c); - assert(c->parameter); - assert(c->type == CONDITION_PATH_IS_READ_WRITE); - -- return path_is_read_only_fs(c->parameter) <= 0; -+ r = path_is_read_only_fs(c->parameter); -+ -+ return r <= 0 && r != -ENOENT; - } - - static int condition_test_cpufeature(Condition *c, char **env) { --- -2.33.0 - diff --git a/backport-fix-DirectoryNotEmpty-when-it-comes-to-a-Non-directo.patch b/backport-fix-DirectoryNotEmpty-when-it-comes-to-a-Non-directo.patch deleted file mode 100644 index 0e0f6d6..0000000 --- a/backport-fix-DirectoryNotEmpty-when-it-comes-to-a-Non-directo.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0fdcae09c44486e30e4fe0469606c02d034577be Mon Sep 17 00:00:00 2001 -From: yangmingtai <961612727@qq.com> -Date: Mon, 6 Dec 2021 17:06:13 +0800 -Subject: [PATCH] fix DirectoryNotEmpty when it comes to a Non-directory file - -(cherry picked from commit 5896a9ebdbe4d38c01390d0a5e82f9fcb4971059) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0fdcae09c44486e30e4fe0469606c02d034577be ---- - src/core/path.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/path.c b/src/core/path.c -index e098e83a31..684e17f433 100644 ---- a/src/core/path.c -+++ b/src/core/path.c -@@ -215,7 +215,7 @@ static bool path_spec_check_good(PathSpec *s, bool initial, bool from_trigger_no - int k; - - k = dir_is_empty(s->path); -- good = !(k == -ENOENT || k > 0); -+ good = !(IN_SET(k, -ENOENT, -ENOTDIR) || k > 0); - break; - } - --- -2.33.0 - diff --git a/backport-fix-test-string-util-failed-when-locale-is-not-utf8.patch b/backport-fix-test-string-util-failed-when-locale-is-not-utf8.patch deleted file mode 100644 index bab8745..0000000 --- a/backport-fix-test-string-util-failed-when-locale-is-not-utf8.patch +++ /dev/null @@ -1,71 +0,0 @@ -From bad124022e97195191d3dd1ea2b5b9aa9df57aea Mon Sep 17 00:00:00 2001 -From: yangmingtai <961612727@qq.com> -Date: Tue, 11 Jan 2022 20:22:11 +0800 -Subject: [PATCH] fix test-string-util failed when locale is not utf8 - -(cherry picked from commit 647082cf7f07a87c65601626e86c3ed9f78fb387) -(cherry picked from commit 32f33c9474ab89061d799a92a1273b106468e8c6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bad124022e97195191d3dd1ea2b5b9aa9df57aea ---- - src/test/test-string-util.c | 32 ++++++++++++++++---------------- - 1 file changed, 16 insertions(+), 16 deletions(-) - -diff --git a/src/test/test-string-util.c b/src/test/test-string-util.c -index 4d9d0260c9..266aee9115 100644 ---- a/src/test/test-string-util.c -+++ b/src/test/test-string-util.c -@@ -176,33 +176,33 @@ static void test_cellescape(void) { - assert_se(streq(cellescape(buf, 1, "\020"), "")); - assert_se(streq(cellescape(buf, 2, "\020"), ".")); - assert_se(streq(cellescape(buf, 3, "\020"), "..")); -- assert_se(streq(cellescape(buf, 4, "\020"), "…")); -+ assert_se(streq(cellescape(buf, 4, "\020"), is_locale_utf8() ? "…" : "...")); - assert_se(streq(cellescape(buf, 5, "\020"), "\\020")); - -- assert_se(streq(cellescape(buf, 5, "1234\020"), "1…")); -- assert_se(streq(cellescape(buf, 6, "1234\020"), "12…")); -- assert_se(streq(cellescape(buf, 7, "1234\020"), "123…")); -- assert_se(streq(cellescape(buf, 8, "1234\020"), "1234…")); -+ assert_se(streq(cellescape(buf, 5, "1234\020"), is_locale_utf8() ? "1…" : "1...")); -+ assert_se(streq(cellescape(buf, 6, "1234\020"), is_locale_utf8() ? "12…" : "12...")); -+ assert_se(streq(cellescape(buf, 7, "1234\020"), is_locale_utf8() ? "123…" : "123...")); -+ assert_se(streq(cellescape(buf, 8, "1234\020"), is_locale_utf8() ? "1234…" : "1234...")); - assert_se(streq(cellescape(buf, 9, "1234\020"), "1234\\020")); - - assert_se(streq(cellescape(buf, 1, "\t\n"), "")); - assert_se(streq(cellescape(buf, 2, "\t\n"), ".")); - assert_se(streq(cellescape(buf, 3, "\t\n"), "..")); -- assert_se(streq(cellescape(buf, 4, "\t\n"), "…")); -+ assert_se(streq(cellescape(buf, 4, "\t\n"), is_locale_utf8() ? "…" : "...")); - assert_se(streq(cellescape(buf, 5, "\t\n"), "\\t\\n")); - -- assert_se(streq(cellescape(buf, 5, "1234\t\n"), "1…")); -- assert_se(streq(cellescape(buf, 6, "1234\t\n"), "12…")); -- assert_se(streq(cellescape(buf, 7, "1234\t\n"), "123…")); -- assert_se(streq(cellescape(buf, 8, "1234\t\n"), "1234…")); -+ assert_se(streq(cellescape(buf, 5, "1234\t\n"), is_locale_utf8() ? "1…" : "1...")); -+ assert_se(streq(cellescape(buf, 6, "1234\t\n"), is_locale_utf8() ? "12…" : "12...")); -+ assert_se(streq(cellescape(buf, 7, "1234\t\n"), is_locale_utf8() ? "123…" : "123...")); -+ assert_se(streq(cellescape(buf, 8, "1234\t\n"), is_locale_utf8() ? "1234…" : "1234...")); - assert_se(streq(cellescape(buf, 9, "1234\t\n"), "1234\\t\\n")); - -- assert_se(streq(cellescape(buf, 4, "x\t\020\n"), "…")); -- assert_se(streq(cellescape(buf, 5, "x\t\020\n"), "x…")); -- assert_se(streq(cellescape(buf, 6, "x\t\020\n"), "x…")); -- assert_se(streq(cellescape(buf, 7, "x\t\020\n"), "x\\t…")); -- assert_se(streq(cellescape(buf, 8, "x\t\020\n"), "x\\t…")); -- assert_se(streq(cellescape(buf, 9, "x\t\020\n"), "x\\t…")); -+ assert_se(streq(cellescape(buf, 4, "x\t\020\n"), is_locale_utf8() ? "…" : "...")); -+ assert_se(streq(cellescape(buf, 5, "x\t\020\n"), is_locale_utf8() ? "x…" : "x...")); -+ assert_se(streq(cellescape(buf, 6, "x\t\020\n"), is_locale_utf8() ? "x…" : "x...")); -+ assert_se(streq(cellescape(buf, 7, "x\t\020\n"), is_locale_utf8() ? "x\\t…" : "x\\t...")); -+ assert_se(streq(cellescape(buf, 8, "x\t\020\n"), is_locale_utf8() ? "x\\t…" : "x\\t...")); -+ assert_se(streq(cellescape(buf, 9, "x\t\020\n"), is_locale_utf8() ? "x\\t…" : "x\\t...")); - assert_se(streq(cellescape(buf, 10, "x\t\020\n"), "x\\t\\020\\n")); - - assert_se(streq(cellescape(buf, 6, "1\011"), "1\\t")); --- -2.33.0 - diff --git a/backport-fstab-generator-Respect-nofail-when-ordering.patch b/backport-fstab-generator-Respect-nofail-when-ordering.patch deleted file mode 100644 index 11b4c20..0000000 --- a/backport-fstab-generator-Respect-nofail-when-ordering.patch +++ /dev/null @@ -1,30 +0,0 @@ -From efd98964fb9202451293043dcffb3898b176a7d0 Mon Sep 17 00:00:00 2001 -From: Vladimir Panteleev -Date: Tue, 17 Aug 2021 18:30:29 +0000 -Subject: [PATCH] fstab-generator: Respect nofail when ordering - -(cherry picked from commit e9aee932409754c9f709a8ea3ad13caf39fce7d2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/efd98964fb9202451293043dcffb3898b176a7d0 ---- - src/fstab-generator/fstab-generator.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c -index a4e3ea5311..b6582c9538 100644 ---- a/src/fstab-generator/fstab-generator.c -+++ b/src/fstab-generator/fstab-generator.c -@@ -435,7 +435,8 @@ static int add_mount( - - /* Order the mount unit we generate relative to the post unit, so that DefaultDependencies= on the - * target unit won't affect us. */ -- if (post && !FLAGS_SET(flags, MOUNT_AUTOMOUNT) && !FLAGS_SET(flags, MOUNT_NOAUTO)) -+ if (post && !FLAGS_SET(flags, MOUNT_AUTOMOUNT) && !FLAGS_SET(flags, MOUNT_NOAUTO) && -+ !FLAGS_SET(flags, MOUNT_NOFAIL)) - fprintf(f, "Before=%s\n", post); - - if (passno != 0) { --- -2.33.0 - diff --git a/backport-fstab-generator-do-not-remount-sys-when-running-in-a.patch b/backport-fstab-generator-do-not-remount-sys-when-running-in-a.patch deleted file mode 100644 index c79e2da..0000000 --- a/backport-fstab-generator-do-not-remount-sys-when-running-in-a.patch +++ /dev/null @@ -1,43 +0,0 @@ -From cee7e40200b5eba60a5fed04fe006e8b48944fb2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 12 Dec 2021 11:43:21 +0900 -Subject: [PATCH] fstab-generator: do not remount /sys when running in a - container - -Closes #21744. - -(cherry picked from commit 18f0eaafd7f180f5d0d2d65349835374146efdb3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/cee7e40200b5eba60a5fed04fe006e8b48944fb2 ---- - src/fstab-generator/fstab-generator.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c -index b6582c9538..1dee728233 100644 ---- a/src/fstab-generator/fstab-generator.c -+++ b/src/fstab-generator/fstab-generator.c -@@ -601,9 +601,16 @@ static int parse_fstab(bool initrd) { - if (!what) - return log_oom(); - -- if (is_device_path(what) && path_is_read_only_fs("/sys") > 0) { -- log_info("Running in a container, ignoring fstab device entry for %s.", what); -- continue; -+ if (path_is_read_only_fs("/sys") > 0) { -+ if (streq(what, "sysfs")) { -+ log_info("Running in a container, ignoring fstab entry for %s.", what); -+ continue; -+ } -+ -+ if (is_device_path(what)) { -+ log_info("Running in a container, ignoring fstab device entry for %s.", what); -+ continue; -+ } - } - - where = strdup(me->mnt_dir); --- -2.33.0 - diff --git a/backport-fstab-generator-skip-root-directory-handling-when-nf.patch b/backport-fstab-generator-skip-root-directory-handling-when-nf.patch deleted file mode 100644 index 34e5b38..0000000 --- a/backport-fstab-generator-skip-root-directory-handling-when-nf.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 60d4ac20d8b02dd8f67150aaf55a4e0d019f58d2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 5 Jan 2022 19:24:46 +0900 -Subject: [PATCH] fstab-generator: skip root directory handling when nfsroot is - requested - -Fixes RHBZ#2037233 (https://bugzilla.redhat.com/show_bug.cgi?id=2037233). - -(cherry picked from commit 77b8e92de8264c0b656a7d2fb437dd8d598ab597) -(cherry picked from commit 7ca41c509e6549abbfc753e560c822b5e32a63cc) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/60d4ac20d8b02dd8f67150aaf55a4e0d019f58d2 ---- - src/fstab-generator/fstab-generator.c | 59 ++++++++++++++++++++++++++- - 1 file changed, 57 insertions(+), 2 deletions(-) - -diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c -index 1dee728233..0f3892789f 100644 ---- a/src/fstab-generator/fstab-generator.c -+++ b/src/fstab-generator/fstab-generator.c -@@ -10,6 +10,7 @@ - #include "fs-util.h" - #include "fstab-util.h" - #include "generator.h" -+#include "in-addr-util.h" - #include "log.h" - #include "main-func.h" - #include "mkdir.h" -@@ -691,6 +692,57 @@ static int parse_fstab(bool initrd) { - return r; - } - -+static int sysroot_is_nfsroot(void) { -+ union in_addr_union u; -+ const char *sep, *a; -+ int r; -+ -+ assert(arg_root_what); -+ -+ /* From dracut.cmdline(7). -+ * -+ * root=[:][:] -+ * root=nfs:[:][:], -+ * root=nfs4:[:][:], -+ * root={dhcp|dhcp6} -+ * -+ * mount nfs share from :/, if no server-ip is given, use dhcp next_server. -+ * If server-ip is an IPv6 address it has to be put in brackets, e.g. [2001:DB8::1]. NFS options -+ * can be appended with the prefix ":" or "," and are separated by ",". */ -+ -+ if (path_equal(arg_root_what, "/dev/nfs") || -+ STR_IN_SET(arg_root_what, "dhcp", "dhcp6") || -+ STARTSWITH_SET(arg_root_what, "nfs:", "nfs4:")) -+ return true; -+ -+ /* IPv6 address */ -+ if (arg_root_what[0] == '[') { -+ sep = strchr(arg_root_what + 1, ']'); -+ if (!sep) -+ return -EINVAL; -+ -+ a = strndupa(arg_root_what + 1, sep - arg_root_what - 1); -+ -+ r = in_addr_from_string(AF_INET6, a, &u); -+ if (r < 0) -+ return r; -+ -+ return true; -+ } -+ -+ /* IPv4 address */ -+ sep = strchr(arg_root_what, ':'); -+ if (sep) { -+ a = strndupa(arg_root_what, sep - arg_root_what); -+ -+ if (in_addr_from_string(AF_INET, a, &u) >= 0) -+ return true; -+ } -+ -+ /* root directory without address */ -+ return path_is_absolute(arg_root_what) && !path_startswith(arg_root_what, "/dev"); -+} -+ - static int add_sysroot_mount(void) { - _cleanup_free_ char *what = NULL; - const char *opts, *fstype; -@@ -708,9 +760,12 @@ static int add_sysroot_mount(void) { - return 0; - } - -- if (path_equal(arg_root_what, "/dev/nfs")) { -+ r = sysroot_is_nfsroot(); -+ if (r < 0) -+ log_debug_errno(r, "Failed to determine if the root directory is on NFS, assuming not: %m"); -+ else if (r > 0) { - /* This is handled by the kernel or the initrd */ -- log_debug("Skipping root directory handling, as /dev/nfs was requested."); -+ log_debug("Skipping root directory handling, as root on NFS was requested."); - return 0; - } - --- -2.33.0 - diff --git a/backport-growfs-don-t-actually-resize-on-dry-run.patch b/backport-growfs-don-t-actually-resize-on-dry-run.patch deleted file mode 100644 index 4e2b237..0000000 --- a/backport-growfs-don-t-actually-resize-on-dry-run.patch +++ /dev/null @@ -1,37 +0,0 @@ -From e9a1f6237f281b4bf05386bd9b2c921ea999232f Mon Sep 17 00:00:00 2001 -From: undef -Date: Thu, 14 Jul 2022 05:53:15 +0000 -Subject: [PATCH] growfs: don't actually resize on dry-run - -This causes systemd-growfs to exit before resizing the partition when -`--dry-run` is passed. Resizing during a dry run of a change breaks the -users expectations. - -(cherry picked from commit d26c0f7243a709cfa7b8bdc87e8131746bb0e2d0) -(cherry picked from commit 00c6c62845c560ef09f845aeedabdc9027be5678) -(cherry picked from commit e39019fd1065c8e2eb078b72359c5e755b013493) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e9a1f6237f281b4bf05386bd9b2c921ea999232f ---- - src/partition/growfs.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/partition/growfs.c b/src/partition/growfs.c -index 15c56d0584..a7e745208b 100644 ---- a/src/partition/growfs.c -+++ b/src/partition/growfs.c -@@ -241,6 +241,10 @@ static int run(int argc, char *argv[]) { - return log_error_errno(errno, "Failed to query size of \"%s\": %m", devpath); - - log_debug("Resizing \"%s\" to %"PRIu64" bytes...", arg_target, size); -+ -+ if (arg_dry_run) -+ return 0; -+ - r = resize_fs(mountfd, size, &newsize); - if (r < 0) - return log_error_errno(r, "Failed to resize \"%s\" to %"PRIu64" bytes: %m", --- -2.27.0 - diff --git a/backport-home-fix-heap-use-after-free.patch b/backport-home-fix-heap-use-after-free.patch deleted file mode 100644 index 47e6799..0000000 --- a/backport-home-fix-heap-use-after-free.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 5ed20345db356121bc72e0092c17b74e2de67ff7 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 14 Dec 2021 15:38:12 +0900 -Subject: [PATCH] home: fix heap-use-after-free - -`bus_home_emit_remove()` may be called from manager_free() -> home_free(). -In that case, manager->bus is already unref()ed. - -Fixes #21767. - -(cherry picked from commit 2ff457720bd3bc59985e807b748f6305bdf27826) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5ed20345db356121bc72e0092c17b74e2de67ff7 ---- - src/home/homed-home-bus.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/home/homed-home-bus.c b/src/home/homed-home-bus.c -index c71256d15e..601ecc5cf5 100644 ---- a/src/home/homed-home-bus.c -+++ b/src/home/homed-home-bus.c -@@ -940,6 +940,12 @@ int bus_home_emit_remove(Home *h) { - if (!h->announced) - return 0; - -+ if (!h->manager) -+ return 0; -+ -+ if (!h->manager->bus) -+ return 0; -+ - r = bus_home_path(h, &path); - if (r < 0) - return r; --- -2.33.0 - diff --git a/backport-home-secret-argument-of-handle_generic_user_record_e.patch b/backport-home-secret-argument-of-handle_generic_user_record_e.patch deleted file mode 100644 index ffb203f..0000000 --- a/backport-home-secret-argument-of-handle_generic_user_record_e.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 5179b3a071535610be2b55efa77f174c87c3c2b6 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 5 Sep 2021 11:16:26 +0900 -Subject: [PATCH] home: 'secret' argument of handle_generic_user_record_error - may be null - -When RefHome() bus method is called in acquire_home(), secret is NULL. - -Fixes #20639. - -(cherry picked from commit 6a09dbb89507449d158af6c7097d2c51ce83205f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5179b3a071535610be2b55efa77f174c87c3c2b6 ---- - src/home/pam_systemd_home.c | 19 ++++++++++++++++++- - 1 file changed, 18 insertions(+), 1 deletion(-) - -diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c -index b7db39dab9..27b292f460 100644 ---- a/src/home/pam_systemd_home.c -+++ b/src/home/pam_systemd_home.c -@@ -281,7 +281,6 @@ static int handle_generic_user_record_error( - const sd_bus_error *error) { - - assert(user_name); -- assert(secret); - assert(error); - - int r; -@@ -301,6 +300,8 @@ static int handle_generic_user_record_error( - } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD)) { - _cleanup_(erase_and_freep) char *newp = NULL; - -+ assert(secret); -+ - /* This didn't work? Ask for an (additional?) password */ - - if (strv_isempty(secret->password)) -@@ -326,6 +327,8 @@ static int handle_generic_user_record_error( - } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN)) { - _cleanup_(erase_and_freep) char *newp = NULL; - -+ assert(secret); -+ - if (strv_isempty(secret->password)) { - (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token of user %s not inserted.", user_name); - r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Try again with password: "); -@@ -350,6 +353,8 @@ static int handle_generic_user_record_error( - } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PIN_NEEDED)) { - _cleanup_(erase_and_freep) char *newp = NULL; - -+ assert(secret); -+ - r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Security token PIN: "); - if (r != PAM_SUCCESS) - return PAM_CONV_ERR; /* no logging here */ -@@ -367,6 +372,8 @@ static int handle_generic_user_record_error( - - } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED)) { - -+ assert(secret); -+ - (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please authenticate physically on security token of user %s.", user_name); - - r = user_record_set_pkcs11_protected_authentication_path_permitted(secret, true); -@@ -377,6 +384,8 @@ static int handle_generic_user_record_error( - - } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED)) { - -+ assert(secret); -+ - (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please confirm presence on security token of user %s.", user_name); - - r = user_record_set_fido2_user_presence_permitted(secret, true); -@@ -387,6 +396,8 @@ static int handle_generic_user_record_error( - - } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED)) { - -+ assert(secret); -+ - (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please verify user on security token of user %s.", user_name); - - r = user_record_set_fido2_user_verification_permitted(secret, true); -@@ -403,6 +414,8 @@ static int handle_generic_user_record_error( - } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN)) { - _cleanup_(erase_and_freep) char *newp = NULL; - -+ assert(secret); -+ - (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN incorrect for user %s.", user_name); - r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: "); - if (r != PAM_SUCCESS) -@@ -422,6 +435,8 @@ static int handle_generic_user_record_error( - } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT)) { - _cleanup_(erase_and_freep) char *newp = NULL; - -+ assert(secret); -+ - (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only a few tries left!)", user_name); - r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: "); - if (r != PAM_SUCCESS) -@@ -441,6 +456,8 @@ static int handle_generic_user_record_error( - } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT)) { - _cleanup_(erase_and_freep) char *newp = NULL; - -+ assert(secret); -+ - (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only one try left!)", user_name); - r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: "); - if (r != PAM_SUCCESS) --- -2.33.0 - diff --git a/backport-homed-add-missing-SYNTHETIC_ERRNO.patch b/backport-homed-add-missing-SYNTHETIC_ERRNO.patch deleted file mode 100644 index 56b670c..0000000 --- a/backport-homed-add-missing-SYNTHETIC_ERRNO.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 00eff1d423d2cb336d1e378cc8f348d2d19c2ed4 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 31 Aug 2021 10:47:29 +0200 -Subject: [PATCH] homed: add missing SYNTHETIC_ERRNO() - -(cherry picked from commit 9191142ddfb3ccd2007245c01197d3f42943815c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/00eff1d423d2cb336d1e378cc8f348d2d19c2ed4 ---- - src/home/homework-cifs.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/home/homework-cifs.c b/src/home/homework-cifs.c -index a697f7e5ee..04a4db8a94 100644 ---- a/src/home/homework-cifs.c -+++ b/src/home/homework-cifs.c -@@ -86,7 +86,8 @@ int home_prepare_cifs( - } - - if (!mounted) -- return log_error_errno(ENOKEY, "Failed to mount home directory with supplied password."); -+ return log_error_errno(SYNTHETIC_ERRNO(ENOKEY), -+ "Failed to mount home directory with supplied password."); - - setup->root_fd = open("/run/systemd/user-home-mount", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); - } --- -2.33.0 - diff --git a/backport-homed-fix-log-message-referring-to-fsck-when-we-actu.patch b/backport-homed-fix-log-message-referring-to-fsck-when-we-actu.patch deleted file mode 100644 index 31da36a..0000000 --- a/backport-homed-fix-log-message-referring-to-fsck-when-we-actu.patch +++ /dev/null @@ -1,30 +0,0 @@ -From f41b77e9788541244ad6d6bafe3e130fbabace84 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 31 Aug 2021 10:47:02 +0200 -Subject: [PATCH] homed: fix log message referring to fsck, when we actually - mean mount - -(cherry picked from commit e070b9eac92993422db25c72ebdbdcc1cf424a0f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f41b77e9788541244ad6d6bafe3e130fbabace84 ---- - src/home/homework-cifs.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/home/homework-cifs.c b/src/home/homework-cifs.c -index cf3c58431a..a697f7e5ee 100644 ---- a/src/home/homework-cifs.c -+++ b/src/home/homework-cifs.c -@@ -71,7 +71,7 @@ int home_prepare_cifs( - h->cifs_service, "/run/systemd/user-home-mount", - "-o", options, NULL); - -- log_error_errno(errno, "Failed to execute fsck: %m"); -+ log_error_errno(errno, "Failed to execute mount: %m"); - _exit(EXIT_FAILURE); - } - --- -2.33.0 - diff --git a/backport-homed-make-sure-to-use-right-asssesors-for-GID-acces.patch b/backport-homed-make-sure-to-use-right-asssesors-for-GID-acces.patch deleted file mode 100644 index ba15a3e..0000000 --- a/backport-homed-make-sure-to-use-right-asssesors-for-GID-acces.patch +++ /dev/null @@ -1,34 +0,0 @@ -From b2420e2f911455b57edbb67e16883485ba75a638 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 31 Aug 2021 10:46:06 +0200 -Subject: [PATCH] homed: make sure to use right asssesors for GID + access mode - -Don't reach directly into the UserRecord struct, but use the right -assessors, so that the "unspecified" case is covered. - -(cherry picked from commit 279e060e2549183101ebf94e9739b70ed499c4c1) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b2420e2f911455b57edbb67e16883485ba75a638 ---- - src/home/homework-cifs.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/home/homework-cifs.c b/src/home/homework-cifs.c -index 2254eb59cd..cf3c58431a 100644 ---- a/src/home/homework-cifs.c -+++ b/src/home/homework-cifs.c -@@ -58,8 +58,8 @@ int home_prepare_cifs( - - f = safe_fclose(f); - -- if (asprintf(&options, "credentials=%s,uid=" UID_FMT ",forceuid,gid=" UID_FMT ",forcegid,file_mode=0%3o,dir_mode=0%3o", -- p, h->uid, h->uid, h->access_mode, h->access_mode) < 0) -+ if (asprintf(&options, "credentials=%s,uid=" UID_FMT ",forceuid,gid=" GID_FMT ",forcegid,file_mode=0%3o,dir_mode=0%3o", -+ p, h->uid, user_record_gid(h), user_record_access_mode(h), user_record_access_mode(h)) < 0) - return log_oom(); - - r = safe_fork("(mount)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR, &mount_pid); --- -2.33.0 - diff --git a/backport-homed-remove-misplaced-assert.patch b/backport-homed-remove-misplaced-assert.patch deleted file mode 100644 index a541e8d..0000000 --- a/backport-homed-remove-misplaced-assert.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 3c8240a44dc28a4c7c60c1599799383776f9e6dc Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 31 Aug 2021 10:47:40 +0200 -Subject: [PATCH] homed: remove misplaced assert() - -(cherry picked from commit 67f9bf897c762ecb61872a5e8e0707a97c8ccd3d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/3c8240a44dc28a4c7c60c1599799383776f9e6dc ---- - src/home/homework-mount.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/home/homework-mount.c b/src/home/homework-mount.c -index 5e737687d1..da4f14e08d 100644 ---- a/src/home/homework-mount.c -+++ b/src/home/homework-mount.c -@@ -69,9 +69,10 @@ int home_move_mount(const char *user_name_and_realm, const char *target) { - const char *d; - int r; - -- assert(user_name_and_realm); - assert(target); - -+ /* If user_name_and_realm is set, then we'll mount a subdir of the source mount into the host. If -+ * it's NULL we'll move the mount itself */ - if (user_name_and_realm) { - subdir = path_join("/run/systemd/user-home-mount/", user_name_and_realm); - if (!subdir) --- -2.33.0 - diff --git a/backport-homed-shutdown-call-valgrind-magic-after-LOOP_GET_ST.patch b/backport-homed-shutdown-call-valgrind-magic-after-LOOP_GET_ST.patch deleted file mode 100644 index 83bced0..0000000 --- a/backport-homed-shutdown-call-valgrind-magic-after-LOOP_GET_ST.patch +++ /dev/null @@ -1,84 +0,0 @@ -From bf6bd21f7c887ffa4591ed0cee00b234835ca2be Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 15 Oct 2021 17:58:13 +0200 -Subject: [PATCH] homed,shutdown: call valgrind magic after LOOP_GET_STATUS64 - -valgrind doesn't understand LOOP_GET_STATUS64. We already work around -this in various placed, via VALGRIND_MAKE_MEM_DEFINE(), but we forgot -three places. Let's fix that. - -(cherry picked from commit 48f462547d63e1d03bee612e1c77073263e71293) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bf6bd21f7c887ffa4591ed0cee00b234835ca2be ---- - src/home/homework-luks.c | 8 ++++++++ - src/shutdown/umount.c | 12 ++++++++++++ - 2 files changed, 20 insertions(+) - -diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c -index 38d7d7cc70..05a0ed861e 100644 ---- a/src/home/homework-luks.c -+++ b/src/home/homework-luks.c -@@ -8,6 +8,10 @@ - #include - #include - -+#if HAVE_VALGRIND_MEMCHECK_H -+#include -+#endif -+ - #include "blkid-util.h" - #include "blockdev-util.h" - #include "btrfs-util.h" -@@ -1136,6 +1140,10 @@ int home_prepare_luks( - offset *= 512U; - } - } else { -+#if HAVE_VALGRIND_MEMCHECK_H -+ VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info)); -+#endif -+ - offset = info.lo_offset; - size = info.lo_sizelimit; - } -diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c -index c2a26242c0..1f945b7875 100644 ---- a/src/shutdown/umount.c -+++ b/src/shutdown/umount.c -@@ -15,6 +15,10 @@ - #include - #include - -+#if HAVE_VALGRIND_MEMCHECK_H -+#include -+#endif -+ - #include "sd-device.h" - - #include "alloc-util.h" -@@ -409,6 +413,10 @@ static int delete_loopback(const char *device) { - return -EBUSY; /* propagate original error */ - } - -+#if HAVE_VALGRIND_MEMCHECK_H -+ VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info)); -+#endif -+ - if (FLAGS_SET(info.lo_flags, LO_FLAGS_AUTOCLEAR)) /* someone else already set LO_FLAGS_AUTOCLEAR for us? fine by us */ - return -EBUSY; /* propagate original error */ - -@@ -434,6 +442,10 @@ static int delete_loopback(const char *device) { - return 1; - } - -+#if HAVE_VALGRIND_MEMCHECK_H -+ VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info)); -+#endif -+ - /* Linux makes LOOP_CLR_FD succeed whenever LO_FLAGS_AUTOCLEAR is set without actually doing - * anything. Very confusing. Let's hence not claim we did anything in this case. */ - if (FLAGS_SET(info.lo_flags, LO_FLAGS_AUTOCLEAR)) --- -2.33.0 - diff --git a/backport-homework-don-t-bother-with-BLKRRPART-on-images-that-.patch b/backport-homework-don-t-bother-with-BLKRRPART-on-images-that-.patch deleted file mode 100644 index 84b46be..0000000 --- a/backport-homework-don-t-bother-with-BLKRRPART-on-images-that-.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7b3ff9a957630535ec58aeca7e41e6c63fa99114 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 15 Oct 2021 11:23:00 +0200 -Subject: [PATCH] homework: don't bother with BLKRRPART on images that aren't - block devices - -We currently call this ioctl even if we are backed by a regular file, -which is actually the common case. While this doesn't really hurt, it -does result in very confusing logs. - -(cherry picked from commit 6a1301d8c97dc650e4355bb7c193f5821b3383a8) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7b3ff9a957630535ec58aeca7e41e6c63fa99114 ---- - src/home/homework-luks.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c -index 64bbfe3c77..38d7d7cc70 100644 ---- a/src/home/homework-luks.c -+++ b/src/home/homework-luks.c -@@ -2813,7 +2813,7 @@ int home_resize_luks( - if (r > 0) - log_info("Growing of partition completed."); - -- if (ioctl(image_fd, BLKRRPART, 0) < 0) -+ if (S_ISBLK(st.st_mode) && ioctl(image_fd, BLKRRPART, 0) < 0) - log_debug_errno(errno, "BLKRRPART failed on block device, ignoring: %m"); - - /* Tell LUKS about the new bigger size too */ -@@ -2887,7 +2887,7 @@ int home_resize_luks( - if (r > 0) - log_info("Shrinking of partition completed."); - -- if (ioctl(image_fd, BLKRRPART, 0) < 0) -+ if (S_ISBLK(st.st_mode) && ioctl(image_fd, BLKRRPART, 0) < 0) - log_debug_errno(errno, "BLKRRPART failed on block device, ignoring: %m"); - } else { - r = home_store_embedded_identity(new_home, setup->root_fd, h->uid, embedded_home); --- -2.33.0 - diff --git a/backport-homework-fix-a-bad-error-propagation.patch b/backport-homework-fix-a-bad-error-propagation.patch deleted file mode 100644 index 8f04f0b..0000000 --- a/backport-homework-fix-a-bad-error-propagation.patch +++ /dev/null @@ -1,29 +0,0 @@ -From e05915315fdf21ee51ec1501e02d04ba1e9af045 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 24 Nov 2021 18:36:00 +0100 -Subject: [PATCH] homework: fix a bad error propagation - -(cherry picked from commit b05f4495bd374dc28d39ea43ac7cec3f0fea4071) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e05915315fdf21ee51ec1501e02d04ba1e9af045 ---- - src/home/homework.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/home/homework.c b/src/home/homework.c -index b20b4bdf3e..32a42c5d09 100644 ---- a/src/home/homework.c -+++ b/src/home/homework.c -@@ -485,7 +485,7 @@ static int write_identity_file(int root_fd, JsonVariant *v, uid_t uid) { - } - - if (fchown(fileno(identity_file), uid, uid) < 0) { -- log_error_errno(r, "Failed to change ownership of identity file: %m"); -+ r = log_error_errno(errno, "Failed to change ownership of identity file: %m"); - goto fail; - } - --- -2.33.0 - diff --git a/backport-homework-fix-incorrect-error-variable-use.patch b/backport-homework-fix-incorrect-error-variable-use.patch deleted file mode 100644 index 3b7d747..0000000 --- a/backport-homework-fix-incorrect-error-variable-use.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 3e9dbda7d5efbe642e6254cc086b4cf54c862618 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 14 Oct 2021 15:40:59 +0200 -Subject: [PATCH] homework: fix incorrect error variable use - -(cherry picked from commit 82fb0911fc0aa2aaf39428ef36e78898ece2b4ea) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/3e9dbda7d5efbe642e6254cc086b4cf54c862618 ---- - src/home/homework-luks.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c -index 6448883fe0..64bbfe3c77 100644 ---- a/src/home/homework-luks.c -+++ b/src/home/homework-luks.c -@@ -1146,7 +1146,7 @@ int home_prepare_luks( - - root_fd = open(user_record_home_directory(h), O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); - if (root_fd < 0) { -- r = log_error_errno(r, "Failed to open home directory: %m"); -+ r = log_error_errno(errno, "Failed to open home directory: %m"); - goto fail; - } - } else { -@@ -1233,7 +1233,7 @@ int home_prepare_luks( - - root_fd = open(subdir, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); - if (root_fd < 0) { -- r = log_error_errno(r, "Failed to open home directory: %m"); -+ r = log_error_errno(errno, "Failed to open home directory: %m"); - goto fail; - } - --- -2.33.0 - diff --git a/backport-homework-repart-turn-on-cryptsetup-logging-before-we.patch b/backport-homework-repart-turn-on-cryptsetup-logging-before-we.patch deleted file mode 100644 index 21dc8b5..0000000 --- a/backport-homework-repart-turn-on-cryptsetup-logging-before-we.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 7b49704dfe47474be0d74996db45e6ba42d6b2e1 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 28 Oct 2021 19:06:52 +0200 -Subject: [PATCH] homework,repart: turn on cryptsetup logging before we have a - context - -Otherwise we'll miss the log message from allocation of the context. We -already made this change in most of our tools that interface with -libcryptsetup, but we forgot two. - -As suggested: - -https://github.com/systemd/systemd/pull/21135#discussion_r738287504 -(cherry picked from commit 30f194001ff647280ad49b68597c223e57ad7f6e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7b49704dfe47474be0d74996db45e6ba42d6b2e1 ---- - src/home/homework.c | 2 ++ - src/partition/repart.c | 4 ++++ - 2 files changed, 6 insertions(+) - -diff --git a/src/home/homework.c b/src/home/homework.c -index bdd9ac649e..b20b4bdf3e 100644 ---- a/src/home/homework.c -+++ b/src/home/homework.c -@@ -1651,6 +1651,8 @@ static int run(int argc, char *argv[]) { - - log_setup(); - -+ cryptsetup_enable_logging(NULL); -+ - umask(0022); - - if (argc < 2 || argc > 3) -diff --git a/src/partition/repart.c b/src/partition/repart.c -index 3c80d1380a..7602ac6aa8 100644 ---- a/src/partition/repart.c -+++ b/src/partition/repart.c -@@ -4863,6 +4863,10 @@ static int run(int argc, char *argv[]) { - if (r < 0) - return r; - -+#if HAVE_LIBCRYPTSETUP -+ cryptsetup_enable_logging(NULL); -+#endif -+ - if (arg_image) { - assert(!arg_root); - --- -2.33.0 - diff --git a/backport-hostname-fix-off-by-one-issue-in-gethostname.patch b/backport-hostname-fix-off-by-one-issue-in-gethostname.patch deleted file mode 100644 index 30fdc7d..0000000 --- a/backport-hostname-fix-off-by-one-issue-in-gethostname.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 6a8b886fef4ad101108126cab2125a90f7aa6441 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 11 Aug 2021 00:12:40 +0900 -Subject: [PATCH] hostname: fix off-by-one issue in gethostname() - -gethostname() returns null-terminated hostname. - -Fixes #20309 and #20417. - -(cherry picked from commit ccdf235464297c2ca4c1dea8733a6bad423084d5) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6a8b886fef4ad101108126cab2125a90f7aa6441 ---- - src/shared/hostname-setup.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/shared/hostname-setup.c b/src/shared/hostname-setup.c -index 511aa7d031..742174d6c8 100644 ---- a/src/shared/hostname-setup.c -+++ b/src/shared/hostname-setup.c -@@ -20,11 +20,11 @@ - #include "util.h" - - static int sethostname_idempotent_full(const char *s, bool really) { -- char buf[HOST_NAME_MAX + 1] = {}; -+ char buf[HOST_NAME_MAX + 1]; - - assert(s); - -- if (gethostname(buf, sizeof(buf) - 1) < 0) -+ if (gethostname(buf, sizeof(buf)) < 0) - return -errno; - - if (streq(buf, s)) -@@ -42,11 +42,11 @@ int sethostname_idempotent(const char *s) { - } - - bool get_hostname_filtered(char ret[static HOST_NAME_MAX + 1]) { -- char buf[HOST_NAME_MAX + 1] = {}; -+ char buf[HOST_NAME_MAX + 1]; - - /* Returns true if we got a good hostname, false otherwise. */ - -- if (gethostname(buf, sizeof(buf) - 1) < 0) -+ if (gethostname(buf, sizeof(buf)) < 0) - return false; /* This can realistically only fail with ENAMETOOLONG. - * Let's treat that case the same as an invalid hostname. */ - --- -2.33.0 - diff --git a/backport-hostnamed-correct-variable-with-errno-in-fallback_ch.patch b/backport-hostnamed-correct-variable-with-errno-in-fallback_ch.patch deleted file mode 100644 index 184cfdf..0000000 --- a/backport-hostnamed-correct-variable-with-errno-in-fallback_ch.patch +++ /dev/null @@ -1,59 +0,0 @@ -From b873f52871845b769f739e9d6954080ba490200c Mon Sep 17 00:00:00 2001 -From: Jan Palus -Date: Thu, 8 Jul 2021 00:23:21 +0200 -Subject: [PATCH] hostnamed: correct variable with errno in fallback_chassis - -fixes assertion failure on arm: - -systemd-hostnamed[642]: Assertion '(_error) != 0' failed at src/hostname/hostnamed.c:207, function fallback_chassis(). Aborting. - -(cherry picked from commit 105a4245ff13d588e1e848e8ee3cffd6185bd0ae) -(cherry picked from commit 4a44597bdd725f504ebd520b0deef7797dc46daa) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b873f52871845b769f739e9d6954080ba490200c ---- - src/hostname/hostnamed.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c -index bd535ddc4d..36702f2fb0 100644 ---- a/src/hostname/hostnamed.c -+++ b/src/hostname/hostnamed.c -@@ -204,14 +204,14 @@ static const char* fallback_chassis(void) { - - r = read_one_line_file("/sys/class/dmi/id/chassis_type", &type); - if (r < 0) { -- log_debug_errno(v, "Failed to read DMI chassis type, ignoring: %m"); -+ log_debug_errno(r, "Failed to read DMI chassis type, ignoring: %m"); - goto try_acpi; - } - - r = safe_atou(type, &t); - free(type); - if (r < 0) { -- log_debug_errno(v, "Failed to parse DMI chassis type, ignoring: %m"); -+ log_debug_errno(r, "Failed to parse DMI chassis type, ignoring: %m"); - goto try_acpi; - } - -@@ -260,14 +260,14 @@ static const char* fallback_chassis(void) { - try_acpi: - r = read_one_line_file("/sys/firmware/acpi/pm_profile", &type); - if (r < 0) { -- log_debug_errno(v, "Failed read ACPI PM profile, ignoring: %m"); -+ log_debug_errno(r, "Failed read ACPI PM profile, ignoring: %m"); - return NULL; - } - - r = safe_atou(type, &t); - free(type); - if (r < 0) { -- log_debug_errno(v, "Failed parse ACPI PM profile, ignoring: %m"); -+ log_debug_errno(r, "Failed parse ACPI PM profile, ignoring: %m"); - return NULL; - } - --- -2.33.0 - diff --git a/backport-hwdb-Allow-console-users-access-to-media-nodes.patch b/backport-hwdb-Allow-console-users-access-to-media-nodes.patch deleted file mode 100644 index 991bd32..0000000 --- a/backport-hwdb-Allow-console-users-access-to-media-nodes.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 920d0d1b14dfb94788a5b2794860cac583b982c3 Mon Sep 17 00:00:00 2001 -From: Bastien Nocera -Date: Tue, 26 Oct 2021 11:57:30 +0200 -Subject: [PATCH] hwdb: Allow console users access to media* nodes - -Newer webcams and video devices have controls only available through -/dev/media* nodes. Make sure they're accessible in the same way as -/dev/video* nodes. - -Closes: #21054 -(cherry picked from commit 63fbfc598f9f6d3ce34cc00a7687089dab24daff) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/920d0d1b14dfb94788a5b2794860cac583b982c3 ---- - src/login/70-uaccess.rules.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/login/70-uaccess.rules.in b/src/login/70-uaccess.rules.in -index 56e1087fef..1b6be82703 100644 ---- a/src/login/70-uaccess.rules.in -+++ b/src/login/70-uaccess.rules.in -@@ -33,6 +33,7 @@ SUBSYSTEM=="sound", TAG+="uaccess", \ - # Webcams, frame grabber, TV cards - SUBSYSTEM=="video4linux", TAG+="uaccess" - SUBSYSTEM=="dvb", TAG+="uaccess" -+SUBSYSTEM=="media", TAG+="uaccess" - - # industrial cameras, some webcams, camcorders, set-top boxes, TV sets, audio devices, and more - SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_MIDI}=="1", TAG+="uaccess" --- -2.33.0 - diff --git a/backport-hwdb-fix-parsing-options.patch b/backport-hwdb-fix-parsing-options.patch deleted file mode 100644 index 00eb94e..0000000 --- a/backport-hwdb-fix-parsing-options.patch +++ /dev/null @@ -1,34 +0,0 @@ -From eee4da4d240bef47a6cc8ab60838d6c443ab8ab8 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 6 Apr 2022 01:08:35 +0900 -Subject: [PATCH] hwdb: fix parsing options - -Fixes #22976. - -(cherry picked from commit 5674b74c4f99e433fd8e7242e9f16f6ddfece94c) -(cherry picked from commit df6253cbda3e5d1b3c694de223cb7899f3aecc74) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/eee4da4d240bef47a6cc8ab60838d6c443ab8ab8 ---- - src/hwdb/hwdb.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/hwdb/hwdb.c b/src/hwdb/hwdb.c -index 50b4cb304a..a3a050530b 100644 ---- a/src/hwdb/hwdb.c -+++ b/src/hwdb/hwdb.c -@@ -73,8 +73,8 @@ static int parse_argv(int argc, char *argv[]) { - assert(argc >= 0); - assert(argv); - -- while ((c = getopt_long(argc, argv, "ust:r:h", options, NULL)) >= 0) -- switch(c) { -+ while ((c = getopt_long(argc, argv, "sr:h", options, NULL)) >= 0) -+ switch (c) { - - case 'h': - return help(); --- -2.33.0 - diff --git a/backport-hwdb-remove-double-empty-line-in-help-text.patch b/backport-hwdb-remove-double-empty-line-in-help-text.patch deleted file mode 100644 index 7189fea..0000000 --- a/backport-hwdb-remove-double-empty-line-in-help-text.patch +++ /dev/null @@ -1,29 +0,0 @@ -From da61fe147e40ba26ed8cf405dbf0a0e71e060d0b Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 30 Aug 2021 13:20:59 +0200 -Subject: [PATCH] hwdb: remove double empty line in --help text - -(cherry picked from commit aecc04f1800c87e0479e74e0225e288a403ba77e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/da61fe147e40ba26ed8cf405dbf0a0e71e060d0b ---- - src/hwdb/hwdb.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/hwdb/hwdb.c b/src/hwdb/hwdb.c -index 26cc83f31b..50b4cb304a 100644 ---- a/src/hwdb/hwdb.c -+++ b/src/hwdb/hwdb.c -@@ -43,7 +43,7 @@ static int help(void) { - " --version Show package version\n" - " -s --strict When updating, return non-zero exit value on any parsing error\n" - " --usr Generate in " UDEVLIBEXECDIR " instead of /etc/udev\n" -- " -r --root=PATH Alternative root path in the filesystem\n\n" -+ " -r --root=PATH Alternative root path in the filesystem\n" - "\nSee the %s for details.\n", - program_invocation_short_name, - ansi_highlight(), --- -2.33.0 - diff --git a/backport-icmp6-drop-unnecessary-assertion.patch b/backport-icmp6-drop-unnecessary-assertion.patch deleted file mode 100644 index 4b4dbae..0000000 --- a/backport-icmp6-drop-unnecessary-assertion.patch +++ /dev/null @@ -1,30 +0,0 @@ -From aff2bf0465f677ba60e1cc701ae73968991e4a3f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 20 Aug 2021 08:44:27 +0900 -Subject: [PATCH] icmp6: drop unnecessary assertion - -Follow-up for 3691bcf3c5eebdcca5b4f1c51c745441c57a6cd1. - -(cherry picked from commit 6da22a2fa592cc908d26c732b537d8b4fc004280) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/aff2bf0465f677ba60e1cc701ae73968991e4a3f ---- - src/libsystemd-network/icmp6-util.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/libsystemd-network/icmp6-util.c b/src/libsystemd-network/icmp6-util.c -index 67c6b55d84..0b8c3e4cc3 100644 ---- a/src/libsystemd-network/icmp6-util.c -+++ b/src/libsystemd-network/icmp6-util.c -@@ -186,7 +186,6 @@ int icmp6_receive(int fd, void *buffer, size_t size, struct in6_addr *ret_dst, - - /* namelen == 0 only happens when running the test-suite over a socketpair */ - -- assert(!(msg.msg_flags & MSG_CTRUNC)); - assert(!(msg.msg_flags & MSG_TRUNC)); - - CMSG_FOREACH(cmsg, &msg) { --- -2.33.0 - diff --git a/backport-import-turn-off-weird-protocols-in-curl.patch b/backport-import-turn-off-weird-protocols-in-curl.patch deleted file mode 100644 index 5994c12..0000000 --- a/backport-import-turn-off-weird-protocols-in-curl.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 4d8fd88b9641fce81272f60f556543f713175403 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 19 Aug 2021 18:12:56 +0200 -Subject: [PATCH] import: turn off weird protocols in curl - -Let's lock things down a bit and now allow curl's weirder protocols to -be used with our use. i.e. stick to http:// + https:// + file:// and -turn everything else off. (Gopher!) - -This is cde that interfaces with the network after all, and we better -shouldn't support protocols needlessly that are much less tested. - -(Given that HTTP redirects (and other redirects) exist, this should give -us a security benefit, since we will then be sure that noone can forward -us to a weird protocol, which we never tested, and other people test -neither) - -(cherry picked from commit 55b90ee00b78a449c8f187a5e8141f8ccb100bf4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4d8fd88b9641fce81272f60f556543f713175403 ---- - src/import/curl-util.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/import/curl-util.c b/src/import/curl-util.c -index ed2ac0a654..d6a16b4f57 100644 ---- a/src/import/curl-util.c -+++ b/src/import/curl-util.c -@@ -256,6 +256,9 @@ int curl_glue_make(CURL **ret, const char *url, void *userdata) { - if (curl_easy_setopt(c, CURLOPT_LOW_SPEED_LIMIT, 30L) != CURLE_OK) - return -EIO; - -+ if (curl_easy_setopt(c, CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS|CURLPROTO_FILE) != CURLE_OK) -+ return -EIO; -+ - *ret = TAKE_PTR(c); - return 0; - } --- -2.33.0 - diff --git a/backport-journactl-show-info-about-journal-range-only-at-debu.patch b/backport-journactl-show-info-about-journal-range-only-at-debu.patch deleted file mode 100644 index 8ade4a1..0000000 --- a/backport-journactl-show-info-about-journal-range-only-at-debu.patch +++ /dev/null @@ -1,51 +0,0 @@ -From cc9ef67919c33b253bed86db415f5970e96440d9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 14 Dec 2021 22:30:15 +0100 -Subject: [PATCH] journactl: show info about journal range only at debug level - (#21775) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The message that the "journal begins … ends …" has been always confusing to -users. (Before b91ae210e62 it was "logs begin … end …" which was arguably even -more confusing, but really the change in b91ae210e62 didn't substantially change -this.) - -When the range shown is limited (by -e, -f, --since, or other options), it -doesn't really matter to the user what the oldest entries are, since they are -purposefully limiting the range. In fact, if we are showing the last few -entries with -e or -f, knowing that many months the oldest entries have is -completely useless. - -And when such options are *not* used, the first entry generally corresponds to -the beginning of the range shown, and the last entry corresponds to the end of -that range. So again, it's not particularly useful, except when debugging -journalctl or such. Let's just treat it as a debug message. - -Fixes #21491. - -(cherry picked from commit a2d7654f99eba250eddf988db262abef96ebbe7a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/cc9ef67919c33b253bed86db415f5970e96440d9 ---- - src/journal/journalctl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c -index 3eac97510d..decdf14145 100644 ---- a/src/journal/journalctl.c -+++ b/src/journal/journalctl.c -@@ -2598,7 +2598,7 @@ int main(int argc, char *argv[]) { - if (!arg_follow) - (void) pager_open(arg_pager_flags); - -- if (!arg_quiet && (arg_lines != 0 || arg_follow)) { -+ if (!arg_quiet && (arg_lines != 0 || arg_follow) && DEBUG_LOGGING) { - usec_t start, end; - char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX]; - --- -2.33.0 - diff --git a/backport-journal-Deduplicate-entry-items-before-they-are-stor.patch b/backport-journal-Deduplicate-entry-items-before-they-are-stor.patch deleted file mode 100644 index 757d1da..0000000 --- a/backport-journal-Deduplicate-entry-items-before-they-are-stor.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 71976e91c5a887585b9fb8a162116824b141eecf Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 12 Nov 2021 14:32:40 +0000 -Subject: [PATCH] journal: Deduplicate entry items before they are stored in - the entry object - -If the iovec contains the same data more than once, we'll end up with -duplicate offsets in the items array. Let's make sure we remove any -duplicates before we store the items in an entry object. - -(cherry picked from commit 5ec9fbae64bef896368f744a875dd0437a4c42f2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/71976e91c5a887585b9fb8a162116824b141eecf ---- - src/libsystemd/sd-journal/journal-file.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c -index ae19c1c1f2..a8029c2868 100644 ---- a/src/libsystemd/sd-journal/journal-file.c -+++ b/src/libsystemd/sd-journal/journal-file.c -@@ -2082,6 +2082,21 @@ static int entry_item_cmp(const EntryItem *a, const EntryItem *b) { - return CMP(le64toh(a->object_offset), le64toh(b->object_offset)); - } - -+static size_t remove_duplicate_entry_items(EntryItem items[], size_t n) { -+ -+ /* This function relies on the items array being sorted. */ -+ size_t j = 1; -+ -+ if (n <= 1) -+ return n; -+ -+ for (size_t i = 1; i < n; i++) -+ if (items[i].object_offset != items[j - 1].object_offset) -+ items[j++] = items[i]; -+ -+ return j; -+} -+ - int journal_file_append_entry( - JournalFile *f, - const dual_timestamp *ts, -@@ -2151,6 +2166,7 @@ int journal_file_append_entry( - /* Order by the position on disk, in order to improve seek - * times for rotating media. */ - typesafe_qsort(items, n_iovec, entry_item_cmp); -+ n_iovec = remove_duplicate_entry_items(items, n_iovec); - - r = journal_file_append_entry_internal(f, ts, boot_id, xor_hash, items, n_iovec, seqnum, ret, ret_offset); - --- -2.33.0 - diff --git a/backport-journal-Only-move-to-objects-when-necessary.patch b/backport-journal-Only-move-to-objects-when-necessary.patch deleted file mode 100644 index 68b0eee..0000000 --- a/backport-journal-Only-move-to-objects-when-necessary.patch +++ /dev/null @@ -1,244 +0,0 @@ -From 57ba83ddd33d8ed5e8cee6a35f6ee780532a7a0d Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 25 Jan 2022 11:50:40 +0000 -Subject: [PATCH] journal: Only move to objects when necessary - -Conflict:don't modify journal_file_read_object because 117e2112 isn't merged; -don't modify generic_array_get because 8d801e35cb isn't merged; adapt context -Reference:https://github.com/systemd/systemd/commit/ded10e3a5f4c9a9fca9a57f5feb7e77db4155dbd - -Let's make sure we only move to objects when it's required. If "ret" -is NULL, the caller isn't interested in the actual object and the -function being called shouldn't move to it unless it has to -inspect/modify the object itself. ---- - src/libsystemd/sd-journal/journal-file.c | 99 +++++++++-------------- - 1 file changed, 39 insertions(+), 60 deletions(-) - -diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c -index e3e926b..efc5018 100644 ---- a/src/libsystemd/sd-journal/journal-file.c -+++ b/src/libsystemd/sd-journal/journal-file.c -@@ -931,7 +931,6 @@ int journal_file_move_to_object(JournalFile *f, ObjectType type, uint64_t offset - uint64_t s; - - assert(f); -- assert(ret); - - /* Objects may only be located at multiple of 64 bit */ - if (!VALID64(offset)) -@@ -986,7 +985,9 @@ int journal_file_move_to_object(JournalFile *f, ObjectType type, uint64_t offset - if (r < 0) - return r; - -- *ret = o; -+ if (ret) -+ *ret = o; -+ - return 0; - } - -@@ -1584,19 +1585,11 @@ static int journal_file_append_field( - - hash = journal_file_hash_data(f, field, size); - -- r = journal_file_find_field_object_with_hash(f, field, size, hash, &o, &p); -+ r = journal_file_find_field_object_with_hash(f, field, size, hash, ret, ret_offset); - if (r < 0) - return r; -- if (r > 0) { -- -- if (ret) -- *ret = o; -- -- if (ret_offset) -- *ret_offset = p; -- -+ if (r > 0) - return 0; -- } - - osize = offsetof(Object, field.payload) + size; - r = journal_file_append_object(f, OBJECT_FIELD, osize, &o, &p); -@@ -1610,20 +1603,20 @@ static int journal_file_append_field( - if (r < 0) - return r; - -- /* The linking might have altered the window, so let's -- * refresh our pointer */ -- r = journal_file_move_to_object(f, OBJECT_FIELD, p, &o); -- if (r < 0) -- return r; -+ /* The linking might have altered the window, so let's only pass the offset to hmac which will -+ * move to the object again if needed. */ - - #if HAVE_GCRYPT -- r = journal_file_hmac_put_object(f, OBJECT_FIELD, o, p); -+ r = journal_file_hmac_put_object(f, OBJECT_FIELD, NULL, p); - if (r < 0) - return r; - #endif - -- if (ret) -- *ret = o; -+ if (ret) { -+ r = journal_file_move_to_object(f, OBJECT_FIELD, p, ret); -+ if (r < 0) -+ return r; -+ } - - if (ret_offset) - *ret_offset = p; -@@ -1647,19 +1640,11 @@ static int journal_file_append_data( - - hash = journal_file_hash_data(f, data, size); - -- r = journal_file_find_data_object_with_hash(f, data, size, hash, &o, &p); -+ r = journal_file_find_data_object_with_hash(f, data, size, hash, ret, ret_offset); - if (r < 0) - return r; -- if (r > 0) { -- -- if (ret) -- *ret = o; -- -- if (ret_offset) -- *ret_offset = p; -- -+ if (r > 0) - return 0; -- } - - osize = offsetof(Object, data.payload) + size; - r = journal_file_append_object(f, OBJECT_DATA, osize, &o, &p); -@@ -1693,17 +1678,16 @@ static int journal_file_append_data( - if (r < 0) - return r; - --#if HAVE_GCRYPT -- r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p); -+ /* The linking might have altered the window, so let's refresh our pointer. */ -+ r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); - if (r < 0) - return r; --#endif - -- /* The linking might have altered the window, so let's -- * refresh our pointer */ -- r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); -+#if HAVE_GCRYPT -+ r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p); - if (r < 0) - return r; -+#endif - - if (!data) - eq = NULL; -@@ -2307,20 +2290,15 @@ static int generic_array_get_plus_one( - uint64_t i, - Object **ret, uint64_t *ret_offset) { - -- Object *o; -- - assert(f); - - if (i == 0) { - int r; - -- r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, &o); -+ r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, ret); - if (r < 0) - return r; - -- if (ret) -- *ret = o; -- - if (ret_offset) - *ret_offset = extra; - -@@ -2349,7 +2327,7 @@ static int generic_array_bisect( - - uint64_t a, p, t = 0, i = 0, last_p = 0, last_index = UINT64_MAX; - bool subtract_one = false; -- Object *o, *array = NULL; -+ Object *array = NULL; - int r; - ChainCacheItem *ci; - -@@ -2537,12 +2515,11 @@ found: - else - p = le64toh(array->entry_array.items[i]); - -- r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o); -- if (r < 0) -- return r; -- -- if (ret) -- *ret = o; -+ if (ret) { -+ r = journal_file_move_to_object(f, OBJECT_ENTRY, p, ret); -+ if (r < 0) -+ return r; -+ } - - if (ret_offset) - *ret_offset = p; -@@ -2567,7 +2544,6 @@ static int generic_array_bisect_plus_one( - - int r; - bool step_back = false; -- Object *o; - - assert(f); - assert(test_object); -@@ -2610,12 +2586,11 @@ static int generic_array_bisect_plus_one( - return r; - - found: -- r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, &o); -- if (r < 0) -- return r; -- -- if (ret) -- *ret = o; -+ if (ret) { -+ r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, ret); -+ if (r < 0) -+ return r; -+ } - - if (ret_offset) - *ret_offset = extra; -@@ -3088,7 +3063,6 @@ int journal_file_move_to_entry_by_monotonic_for_data( - * exists in both bisection arrays */ - - for (;;) { -- Object *qo; - uint64_t p, q; - - r = journal_file_move_to_object(f, OBJECT_DATA, data_offset, &d); -@@ -3117,14 +3091,18 @@ int journal_file_move_to_entry_by_monotonic_for_data( - p, - test_object_offset, - direction, -- &qo, &q, NULL); -+ NULL, &q, NULL); - - if (r <= 0) - return r; - - if (p == q) { -- if (ret) -- *ret = qo; -+ if (ret) { -+ r = journal_file_move_to_object(f, OBJECT_ENTRY, q, ret); -+ if (r < 0) -+ return r; -+ } -+ - if (ret_offset) - *ret_offset = q; - --- -2.23.0 - diff --git a/backport-journal-Remove-entry-seqnum-revert-logic.patch b/backport-journal-Remove-entry-seqnum-revert-logic.patch deleted file mode 100644 index b2a1a51..0000000 --- a/backport-journal-Remove-entry-seqnum-revert-logic.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 06a0e8283ed87773795f28e58318d5d1b46b1088 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 12 Nov 2021 14:29:02 +0000 -Subject: [PATCH] journal: Remove entry seqnum revert logic - -This actually causes mismatches between the header tail entry seqnum -and the last entry seqnum since when we revert the header seqnum, we -don't remove the entry object we added. If adding the entry object -itself fails, we don't need to revert the seqnum since it's never -incremented so let's remove this logic alltogether. - -(cherry picked from commit b41b682bd6f1290caa4220291b22cae317cb6413) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/06a0e8283ed87773795f28e58318d5d1b46b1088 ---- - src/libsystemd/sd-journal/journal-file.c | 32 ++---------------------- - 1 file changed, 2 insertions(+), 30 deletions(-) - -diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c -index 2c17435de2..ae19c1c1f2 100644 ---- a/src/libsystemd/sd-journal/journal-file.c -+++ b/src/libsystemd/sd-journal/journal-file.c -@@ -1021,30 +1021,6 @@ static uint64_t journal_file_entry_seqnum( - return ret; - } - --static void journal_file_revert_entry_seqnum( -- JournalFile *f, -- uint64_t *seqnum, -- uint64_t revert_seqnum) { -- -- assert(f); -- assert(f->header); -- -- if (revert_seqnum == 0) /* sequence number 0? can't go back */ -- return; -- -- /* Undoes the effect of journal_file_entry_seqnum() above: if we fail to append an entry to a file, -- * let's revert the seqnum we were about to use, so that we can use it on the next entry. */ -- -- if (le64toh(f->header->tail_entry_seqnum) == revert_seqnum) -- f->header->tail_entry_seqnum = htole64(revert_seqnum - 1); -- -- if (le64toh(f->header->head_entry_seqnum) == revert_seqnum) -- f->header->head_entry_seqnum = 0; -- -- if (seqnum && *seqnum == revert_seqnum) -- *seqnum = revert_seqnum - 1; --} -- - int journal_file_append_object( - JournalFile *f, - ObjectType type, -@@ -2004,12 +1980,12 @@ static int journal_file_append_entry_internal( - #if HAVE_GCRYPT - r = journal_file_hmac_put_object(f, OBJECT_ENTRY, o, np); - if (r < 0) -- goto fail; -+ return r; - #endif - - r = journal_file_link_entry(f, o, np); - if (r < 0) -- goto fail; -+ return r; - - if (ret) - *ret = o; -@@ -2017,10 +1993,6 @@ static int journal_file_append_entry_internal( - if (ret_offset) - *ret_offset = np; - -- return 0; -- --fail: -- journal_file_revert_entry_seqnum(f, seqnum, le64toh(o->entry.seqnum)); - return r; - } - --- -2.33.0 - diff --git a/backport-journal-Skip-corrupt-Data-objects-in-sd_journal_get_.patch b/backport-journal-Skip-corrupt-Data-objects-in-sd_journal_get_.patch deleted file mode 100644 index 82b2269..0000000 --- a/backport-journal-Skip-corrupt-Data-objects-in-sd_journal_get_.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 2124893b258ffc23ae034bce388b61fb148c805f Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 17 Nov 2021 16:46:29 +0000 -Subject: [PATCH] journal: Skip corrupt Data objects in sd_journal_get_data() - -Similar to the change we made for sd_journal_enumerate_data(), let's -skip corrupt entry items and data objects in sd_journal_get_data(). - -(cherry picked from commit 8a799bed4c25be5792acf4d375bd2cdf0a4a3165) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2124893b258ffc23ae034bce388b61fb148c805f ---- - src/libsystemd/sd-journal/sd-journal.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index 18ede19e26..71875a4dc8 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -2309,11 +2309,17 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** - p = le64toh(o->entry.items[i].object_offset); - le_hash = o->entry.items[i].hash; - r = journal_file_move_to_object(f, OBJECT_DATA, p, &d); -+ if (r == -EBADMSG) { -+ log_debug("Entry item %"PRIu64" data object is bad, skipping over it.", i); -+ continue; -+ } - if (r < 0) - return r; - -- if (le_hash != d->data.hash) -- return -EBADMSG; -+ if (le_hash != d->data.hash) { -+ log_debug("Entry item %"PRIu64" hash is bad, skipping over it.", i); -+ continue; -+ } - - l = le64toh(d->object.size) - offsetof(Object, data.payload); - --- -2.33.0 - diff --git a/backport-journal-Skip-data-objects-with-invalid-offsets.patch b/backport-journal-Skip-data-objects-with-invalid-offsets.patch deleted file mode 100644 index e2af7d6..0000000 --- a/backport-journal-Skip-data-objects-with-invalid-offsets.patch +++ /dev/null @@ -1,68 +0,0 @@ -From bf022f9f4841368bb84372ee5605ce5c0f936c79 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 12 Jan 2022 14:44:50 +0000 -Subject: [PATCH] journal: Skip data objects with invalid offsets -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We already skip invalid objects, but don't yet skip invalid offsets. -Let's skip these as well to improve robustness when we're dealing with -corrupted journals. - -Before: - -``` -➜ systemd git:(main) build/journalctl -r -n 5 --file ~/Downloads/system@0005d2b275abaaf8-f243a2818cb39b98.journal_ -Failed to get journal fields: Cannot assign requested address --- No entries -- -``` - -After: - -``` -➜ systemd git:(main) ✗ build/journalctl -r -n 5 --file ~/Downloads/system@0005d2b275abaaf8-f243a2818cb39b98.journal_ -Dec 09 08:32:38 snowball3 NetworkManager[911]: [1639038758.1464] device (wlp1s0): supplicant interface state: scanning -> authenticating -Dec 09 08:32:38 snowball3 kernel: wlp1s0: send auth to ec:a9:40:79:fb:ad (try 1/3) -Dec 09 08:32:38 snowball3 kernel: wlp1s0: authenticate with ec:a9:40:79:fb:ad -Dec 09 08:32:38 snowball3 wpa_supplicant[1003]: wlp1s0: SME: Trying to authenticate with ec:a9:40:79:fb:ad (SSID='UPC949397B' freq=5500 MHz) -``` - -(cherry picked from commit df207ccb7be02b1ca6bdd0a2066a898e5b24ee86) -(cherry picked from commit 556f46aa3b17f4ed6768521137405297c8a99d35) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bf022f9f4841368bb84372ee5605ce5c0f936c79 ---- - src/libsystemd/sd-journal/sd-journal.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index dd28b8008f..3cdc629a8d 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -2310,8 +2310,8 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** - p = le64toh(o->entry.items[i].object_offset); - le_hash = o->entry.items[i].hash; - r = journal_file_move_to_object(f, OBJECT_DATA, p, &d); -- if (r == -EBADMSG) { -- log_debug("Entry item %"PRIu64" data object is bad, skipping over it.", i); -+ if (IN_SET(r, -EADDRNOTAVAIL, -EBADMSG)) { -+ log_debug_errno(r, "Entry item %"PRIu64" data object is bad, skipping over it: %m", i); - continue; - } - if (r < 0) -@@ -2455,8 +2455,8 @@ _public_ int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t - p = le64toh(o->entry.items[j->current_field].object_offset); - le_hash = o->entry.items[j->current_field].hash; - r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); -- if (r == -EBADMSG) { -- log_debug("Entry item %"PRIu64" data object is bad, skipping over it.", j->current_field); -+ if (IN_SET(r, -EADDRNOTAVAIL, -EBADMSG)) { -+ log_debug_errno(r, "Entry item %"PRIu64" data object is bad, skipping over it: %m", j->current_field); - continue; - } - if (r < 0) --- -2.33.0 - diff --git a/backport-journal-Skip-over-corrupt-entry-items-in-enumerate_d.patch b/backport-journal-Skip-over-corrupt-entry-items-in-enumerate_d.patch deleted file mode 100644 index 9cfa077..0000000 --- a/backport-journal-Skip-over-corrupt-entry-items-in-enumerate_d.patch +++ /dev/null @@ -1,93 +0,0 @@ -From e8a54526d8a89097742d808a53956a54431ded06 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 17 Nov 2021 15:54:35 +0000 -Subject: [PATCH] journal: Skip over corrupt entry items in enumerate_data() - -Similar to sd_journal_next(), if trying to access an entry item -offset's data results in EBADMSG, skip to the next entry item so -we handle corruption better. - -Fixes #21407 - -(cherry picked from commit 5a94a2bf2b9c9ae362dd4a7c2e6b263c55545036) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e8a54526d8a89097742d808a53956a54431ded06 ---- - src/libsystemd/sd-journal/sd-journal.c | 47 ++++++++++++++++---------- - 1 file changed, 29 insertions(+), 18 deletions(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index b3240177cb..02d4582c98 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -2425,10 +2425,8 @@ static int return_data( - - _public_ int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t *size) { - JournalFile *f; -- uint64_t p, n; -- le64_t le_hash; -- int r; - Object *o; -+ int r; - - assert_return(j, -EINVAL); - assert_return(!journal_pid_changed(j), -ECHILD); -@@ -2446,26 +2444,39 @@ _public_ int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t - if (r < 0) - return r; - -- n = journal_file_entry_n_items(o); -- if (j->current_field >= n) -- return 0; -+ for (uint64_t n = journal_file_entry_n_items(o); j->current_field < n; j->current_field++) { -+ uint64_t p; -+ le64_t le_hash; - -- p = le64toh(o->entry.items[j->current_field].object_offset); -- le_hash = o->entry.items[j->current_field].hash; -- r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); -- if (r < 0) -- return r; -+ p = le64toh(o->entry.items[j->current_field].object_offset); -+ le_hash = o->entry.items[j->current_field].hash; -+ r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); -+ if (r == -EBADMSG) { -+ log_debug("Entry item %"PRIu64" data object is bad, skipping over it.", j->current_field); -+ continue; -+ } -+ if (r < 0) -+ return r; - -- if (le_hash != o->data.hash) -- return -EBADMSG; -+ if (le_hash != o->data.hash) { -+ log_debug("Entry item %"PRIu64" hash is bad, skipping over it.", j->current_field); -+ continue; -+ } - -- r = return_data(j, f, o, data, size); -- if (r < 0) -- return r; -+ r = return_data(j, f, o, data, size); -+ if (r == -EBADMSG) { -+ log_debug("Entry item %"PRIu64" data payload is bad, skipping over it.", j->current_field); -+ continue; -+ } -+ if (r < 0) -+ return r; - -- j->current_field++; -+ j->current_field++; - -- return 1; -+ return 1; -+ } -+ -+ return 0; - } - - _public_ int sd_journal_enumerate_available_data(sd_journal *j, const void **data, size_t *size) { --- -2.33.0 - diff --git a/backport-journal-Use-separate-variable-for-Data-object-in-sd_.patch b/backport-journal-Use-separate-variable-for-Data-object-in-sd_.patch deleted file mode 100644 index be58cca..0000000 --- a/backport-journal-Use-separate-variable-for-Data-object-in-sd_.patch +++ /dev/null @@ -1,95 +0,0 @@ -From a1ca5320ec74f5112d32338e3061a34f17c4b954 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 17 Nov 2021 16:44:21 +0000 -Subject: [PATCH] journal: Use separate variable for Data object in - sd_journal_get_data() - -A little cleanup to make the next change easier. We're not moving to a -new Entry object in the for loop so there's no danger of changing the -Entry object window. - -(cherry picked from commit 847c7ee8c3c1a6cecd02501562b1afd8dd3c51de) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a1ca5320ec74f5112d32338e3061a34f17c4b954 ---- - src/libsystemd/sd-journal/sd-journal.c | 23 ++++++++++------------- - 1 file changed, 10 insertions(+), 13 deletions(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index 02d4582c98..18ede19e26 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -2300,6 +2300,7 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** - - n = journal_file_entry_n_items(o); - for (i = 0; i < n; i++) { -+ Object *d; - uint64_t p, l; - le64_t le_hash; - size_t t; -@@ -2307,20 +2308,20 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** - - p = le64toh(o->entry.items[i].object_offset); - le_hash = o->entry.items[i].hash; -- r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); -+ r = journal_file_move_to_object(f, OBJECT_DATA, p, &d); - if (r < 0) - return r; - -- if (le_hash != o->data.hash) -+ if (le_hash != d->data.hash) - return -EBADMSG; - -- l = le64toh(o->object.size) - offsetof(Object, data.payload); -+ l = le64toh(d->object.size) - offsetof(Object, data.payload); - -- compression = o->object.flags & OBJECT_COMPRESSION_MASK; -+ compression = d->object.flags & OBJECT_COMPRESSION_MASK; - if (compression) { - #if HAVE_COMPRESSION - r = decompress_startswith(compression, -- o->data.payload, l, -+ d->data.payload, l, - &f->compress_buffer, - field, field_length, '='); - if (r < 0) -@@ -2331,7 +2332,7 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** - size_t rsize; - - r = decompress_blob(compression, -- o->data.payload, l, -+ d->data.payload, l, - &f->compress_buffer, &rsize, - j->data_threshold); - if (r < 0) -@@ -2346,23 +2347,19 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** - return -EPROTONOSUPPORT; - #endif - } else if (l >= field_length+1 && -- memcmp(o->data.payload, field, field_length) == 0 && -- o->data.payload[field_length] == '=') { -+ memcmp(d->data.payload, field, field_length) == 0 && -+ d->data.payload[field_length] == '=') { - - t = (size_t) l; - - if ((uint64_t) t != l) - return -E2BIG; - -- *data = o->data.payload; -+ *data = d->data.payload; - *size = t; - - return 0; - } -- -- r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o); -- if (r < 0) -- return r; - } - - return -ENOENT; --- -2.33.0 - diff --git a/backport-journal-file-if-we-are-going-down-don-t-use-event-lo.patch b/backport-journal-file-if-we-are-going-down-don-t-use-event-lo.patch deleted file mode 100644 index 2156ec1..0000000 --- a/backport-journal-file-if-we-are-going-down-don-t-use-event-lo.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 88afe98fa9887ba636d5f271c7b9c9b7c5a65960 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 24 Mar 2022 21:24:23 +0100 -Subject: [PATCH] journal-file: if we are going down, don't use event loop to - schedule post - -The event loop is already shutting down, hence no point in using it -anymore, it's not going to run any further iteration. - -(cherry picked from commit 47f04c2a69d5a604411f17a2e660021165d09c89) -(cherry picked from commit 6253eb576cdde2230b75f84532f745b4409f71ad) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/88afe98fa9887ba636d5f271c7b9c9b7c5a65960 ---- - src/libsystemd/sd-journal/journal-file.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c -index a8029c2868..e3e926b0f0 100644 ---- a/src/libsystemd/sd-journal/journal-file.c -+++ b/src/libsystemd/sd-journal/journal-file.c -@@ -2022,11 +2022,18 @@ static int post_change_thunk(sd_event_source *timer, uint64_t usec, void *userda - } - - static void schedule_post_change(JournalFile *f) { -+ sd_event *e; - int r; - - assert(f); - assert(f->post_change_timer); - -+ assert_se(e = sd_event_source_get_event(f->post_change_timer)); -+ -+ /* If we are aleady going down, post the change immediately. */ -+ if (IN_SET(sd_event_get_state(e), SD_EVENT_EXITING, SD_EVENT_FINISHED)) -+ goto fail; -+ - r = sd_event_source_get_enabled(f->post_change_timer, NULL); - if (r < 0) { - log_debug_errno(r, "Failed to get ftruncate timer state: %m"); --- -2.33.0 - diff --git a/backport-journal-network-timesync-fix-segfault-on-32bit-timev.patch b/backport-journal-network-timesync-fix-segfault-on-32bit-timev.patch deleted file mode 100644 index 93f3cb6..0000000 --- a/backport-journal-network-timesync-fix-segfault-on-32bit-timev.patch +++ /dev/null @@ -1,71 +0,0 @@ -From bacb991ea76b4a8ad41e74273b65549ac926a694 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 15 Sep 2021 23:29:11 +0900 -Subject: [PATCH] journal,network,timesync: fix segfault on 32bit - timeval/timespec systems - -Fixes #20741. - -(cherry picked from commit f782eee68aea996c68b8cfeba5f288dae7fc876f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bacb991ea76b4a8ad41e74273b65549ac926a694 ---- - src/journal/journald-server.c | 7 +++++-- - src/libsystemd-network/icmp6-util.c | 3 ++- - src/timesync/timesyncd-manager.c | 3 ++- - 3 files changed, 9 insertions(+), 4 deletions(-) - -diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c -index abd52f7c14..2d1d9e66d7 100644 ---- a/src/journal/journald-server.c -+++ b/src/journal/journald-server.c -@@ -1275,11 +1275,14 @@ int server_process_datagram( - /* We use NAME_MAX space for the SELinux label here. The kernel currently enforces no limit, but - * according to suggestions from the SELinux people this will change and it will probably be - * identical to NAME_MAX. For now we use that, but this should be updated one day when the final -- * limit is known. */ -+ * limit is known. -+ * -+ * Here, we need to explicitly initialize the buffer with zero, as glibc has a bug in -+ * __convert_scm_timestamps(), which assumes the buffer is initialized. See #20741. */ - CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred)) + - CMSG_SPACE_TIMEVAL + - CMSG_SPACE(sizeof(int)) + /* fd */ -- CMSG_SPACE(NAME_MAX) /* selinux label */) control; -+ CMSG_SPACE(NAME_MAX) /* selinux label */) control = {}; - - union sockaddr_union sa = {}; - -diff --git a/src/libsystemd-network/icmp6-util.c b/src/libsystemd-network/icmp6-util.c -index 823be0f275..3832bbd920 100644 ---- a/src/libsystemd-network/icmp6-util.c -+++ b/src/libsystemd-network/icmp6-util.c -@@ -148,8 +148,9 @@ int icmp6_send_router_solicitation(int s, const struct ether_addr *ether_addr) { - int icmp6_receive(int fd, void *buffer, size_t size, struct in6_addr *ret_dst, - triple_timestamp *ret_timestamp) { - -+ /* This needs to be initialized with zero. See #20741. */ - CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int)) + /* ttl */ -- CMSG_SPACE_TIMEVAL) control; -+ CMSG_SPACE_TIMEVAL) control = {}; - struct iovec iov = {}; - union sockaddr_union sa = {}; - struct msghdr msg = { -diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c -index 648e804105..e37db1c570 100644 ---- a/src/timesync/timesyncd-manager.c -+++ b/src/timesync/timesyncd-manager.c -@@ -412,7 +412,8 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re - .iov_base = &ntpmsg, - .iov_len = sizeof(ntpmsg), - }; -- CMSG_BUFFER_TYPE(CMSG_SPACE_TIMESPEC) control; -+ /* This needs to be initialized with zero. See #20741. */ -+ CMSG_BUFFER_TYPE(CMSG_SPACE_TIMESPEC) control = {}; - union sockaddr_union server_addr; - struct msghdr msghdr = { - .msg_iov = &iov, --- -2.33.0 - diff --git a/backport-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch b/backport-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch deleted file mode 100644 index c123614..0000000 --- a/backport-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch +++ /dev/null @@ -1,52 +0,0 @@ -From c4d12459c6bc065bd255c9f5555ca20bf735e16a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 20 Dec 2021 20:48:32 +0900 -Subject: [PATCH] journal-remote: use MHD_HTTP_CONTENT_TOO_LARGE as - MHD_HTTP_PAYLOAD_TOO_LARGE is deprecated since 0.9.74 - -(cherry picked from commit 30df858f43b14a55c6650b43bea12cbf2cc0bc67) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c4d12459c6bc065bd255c9f5555ca20bf735e16a ---- - src/journal-remote/journal-remote-main.c | 2 +- - src/journal-remote/microhttpd-util.h | 10 +++++++--- - 2 files changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c -index ae1d43756a..9ff31763da 100644 ---- a/src/journal-remote/journal-remote-main.c -+++ b/src/journal-remote/journal-remote-main.c -@@ -319,7 +319,7 @@ static mhd_result request_handler( - /* When serialized, an entry of maximum size might be slightly larger, - * so this does not correspond exactly to the limit in journald. Oh well. - */ -- return mhd_respondf(connection, 0, MHD_HTTP_PAYLOAD_TOO_LARGE, -+ return mhd_respondf(connection, 0, MHD_HTTP_CONTENT_TOO_LARGE, - "Payload larger than maximum size of %u bytes", ENTRY_SIZE_MAX); - } - -diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h -index a92ba57d0f..7e7d1b56b1 100644 ---- a/src/journal-remote/microhttpd-util.h -+++ b/src/journal-remote/microhttpd-util.h -@@ -38,9 +38,13 @@ - # define MHD_HTTP_NOT_ACCEPTABLE MHD_HTTP_METHOD_NOT_ACCEPTABLE - #endif - --/* Renamed in µhttpd 0.9.53 */ --#ifndef MHD_HTTP_PAYLOAD_TOO_LARGE --# define MHD_HTTP_PAYLOAD_TOO_LARGE MHD_HTTP_REQUEST_ENTITY_TOO_LARGE -+/* Renamed in µhttpd 0.9.74 (8c644fc1f4d498ea489add8d40a68f5d3e5899fa) */ -+#ifndef MHD_HTTP_CONTENT_TOO_LARGE -+# ifdef MHD_HTTP_PAYLOAD_TOO_LARGE -+# define MHD_HTTP_CONTENT_TOO_LARGE MHD_HTTP_PAYLOAD_TOO_LARGE /* 0.9.53 or newer */ -+# else -+# define MHD_HTTP_CONTENT_TOO_LARGE MHD_HTTP_REQUEST_ENTITY_TOO_LARGE -+# endif - #endif - - #if MHD_VERSION < 0x00094203 --- -2.33.0 - diff --git a/backport-journal-send-close-fd-on-exit-when-running-with-valg.patch b/backport-journal-send-close-fd-on-exit-when-running-with-valg.patch deleted file mode 100644 index 20b5b3d..0000000 --- a/backport-journal-send-close-fd-on-exit-when-running-with-valg.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 6e5141ba038c1d8e22933f969b2bfe25bbc031d8 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 23 Feb 2022 02:03:54 +0900 -Subject: [PATCH] journal-send: close fd on exit when running with valgrind - -Fixes an issue reported in #22576. - -(cherry picked from commit eb9752d2be82d994cd6a17f271be27c4d56423d6) -(cherry picked from commit a7ec2be1509372974f44f1d98bf243a155cd203f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6e5141ba038c1d8e22933f969b2bfe25bbc031d8 ---- - src/libsystemd/meson.build | 1 + - src/libsystemd/sd-journal/journal-send.c | 26 +++++++++++++++++-- - src/libsystemd/sd-journal/journal-send.h | 8 ++++++ - src/libsystemd/sd-journal/test-journal-send.c | 3 +++ - 4 files changed, 36 insertions(+), 2 deletions(-) - create mode 100644 src/libsystemd/sd-journal/journal-send.h - -diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build -index 489ed12a73..3be5b3ec5e 100644 ---- a/src/libsystemd/meson.build -+++ b/src/libsystemd/meson.build -@@ -12,6 +12,7 @@ sd_journal_sources = files( - 'sd-journal/journal-file.h', - 'sd-journal/journal-internal.h', - 'sd-journal/journal-send.c', -+ 'sd-journal/journal-send.h', - 'sd-journal/journal-vacuum.c', - 'sd-journal/journal-vacuum.h', - 'sd-journal/journal-verify.c', -diff --git a/src/libsystemd/sd-journal/journal-send.c b/src/libsystemd/sd-journal/journal-send.c -index fd3fd7ef9c..d96e422d3b 100644 ---- a/src/libsystemd/sd-journal/journal-send.c -+++ b/src/libsystemd/sd-journal/journal-send.c -@@ -6,6 +6,9 @@ - #include - #include - #include -+#if HAVE_VALGRIND_VALGRIND_H -+#include -+#endif - - #define SD_JOURNAL_SUPPRESS_LOCATION - -@@ -14,8 +17,9 @@ - #include "alloc-util.h" - #include "errno-util.h" - #include "fd-util.h" --#include "io-util.h" - #include "fileio.h" -+#include "io-util.h" -+#include "journal-send.h" - #include "memfd-util.h" - #include "socket-util.h" - #include "stdio-util.h" -@@ -39,10 +43,10 @@ - * all its threads, and all its subprocesses. This means we need to - * initialize it atomically, and need to operate on it atomically - * never assuming we are the only user */ -+static int fd_plus_one = 0; - - static int journal_fd(void) { - int fd; -- static int fd_plus_one = 0; - - retry: - if (fd_plus_one > 0) -@@ -62,6 +66,24 @@ retry: - return fd; - } - -+#if VALGRIND -+void close_journal_fd(void) { -+ /* Be nice to valgrind. This is not atomic. This must be used only in tests. */ -+ -+ if (!RUNNING_ON_VALGRIND) -+ return; -+ -+ if (getpid() != gettid()) -+ return; -+ -+ if (fd_plus_one <= 0) -+ return; -+ -+ safe_close(fd_plus_one - 1); -+ fd_plus_one = 0; -+} -+#endif -+ - _public_ int sd_journal_print(int priority, const char *format, ...) { - int r; - va_list ap; -diff --git a/src/libsystemd/sd-journal/journal-send.h b/src/libsystemd/sd-journal/journal-send.h -new file mode 100644 -index 0000000000..cf8b199297 ---- /dev/null -+++ b/src/libsystemd/sd-journal/journal-send.h -@@ -0,0 +1,8 @@ -+/* SPDX-License-Identifier: LGPL-2.1-or-later */ -+#pragma once -+ -+#if VALGRIND -+void close_journal_fd(void); -+#else -+static inline void close_journal_fd(void) {} -+#endif -diff --git a/src/libsystemd/sd-journal/test-journal-send.c b/src/libsystemd/sd-journal/test-journal-send.c -index b6644e65c1..533b8d91e6 100644 ---- a/src/libsystemd/sd-journal/test-journal-send.c -+++ b/src/libsystemd/sd-journal/test-journal-send.c -@@ -5,7 +5,9 @@ - #include - - #include "sd-journal.h" -+ - #include "fileio.h" -+#include "journal-send.h" - #include "macro.h" - #include "memory-util.h" - -@@ -103,5 +105,6 @@ int main(int argc, char *argv[]) { - /* Sleep a bit to make it easy for journald to collect metadata. */ - sleep(1); - -+ close_journal_fd(); - return 0; - } --- -2.33.0 - diff --git a/backport-journalctl-never-fail-at-flushing-when-the-flushed-f.patch b/backport-journalctl-never-fail-at-flushing-when-the-flushed-f.patch deleted file mode 100644 index 3be690d..0000000 --- a/backport-journalctl-never-fail-at-flushing-when-the-flushed-f.patch +++ /dev/null @@ -1,44 +0,0 @@ -From dc331f4c9268d17a66f4393cfd0dba14c7022d41 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Wed, 4 Aug 2021 11:20:07 +0200 -Subject: [PATCH] journalctl: never fail at flushing when the flushed flag is - set - -Even if journald was not running, flushing the volatile journal used to work if -the journal was already flushed (ie the flushed flag -/run/systemd/journald/flushed was created). - -However since commit 4f413af2a0a, this behavior changed and now '--flush' fails -because it tries to contact journald without checking the presence of the -flushed flag anymore. - -This patch restores the previous behavior since there's no reason to fail when -journalctl can figure out that the flush is not necessary. - -(cherry picked from commit f6fca35e642a112e80cc9bddb9a2b4805ad40df2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/dc331f4c9268d17a66f4393cfd0dba14c7022d41 ---- - src/journal/journalctl.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c -index c8fb726d42..3eac97510d 100644 ---- a/src/journal/journalctl.c -+++ b/src/journal/journalctl.c -@@ -2074,6 +2074,11 @@ static int simple_varlink_call(const char *option, const char *method) { - } - - static int flush_to_var(void) { -+ if (access("/run/systemd/journal/flushed", F_OK) >= 0) -+ return 0; /* Already flushed, no need to contact journald */ -+ if (errno != ENOENT) -+ return log_error_errno(errno, "Unable to check for existence of /run/systemd/journal/flushed: %m"); -+ - return simple_varlink_call("--flush", "io.systemd.Journal.FlushToVar"); - } - --- -2.33.0 - diff --git a/backport-journald-make-sure-SIGTERM-handling-doesn-t-get-star.patch b/backport-journald-make-sure-SIGTERM-handling-doesn-t-get-star.patch deleted file mode 100644 index a460e10..0000000 --- a/backport-journald-make-sure-SIGTERM-handling-doesn-t-get-star.patch +++ /dev/null @@ -1,125 +0,0 @@ -From a98f2d7a0b017505720477d9fc89de2b56470dfa Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 24 Mar 2022 20:37:43 +0100 -Subject: [PATCH] journald: make sure SIGTERM handling doesn't get starved out - -Fixes: #22642 -(cherry picked from commit 19252b254861d8c9b56e2acaeb182812c8f07e52) -(cherry picked from commit c901bc8680d1835737de116f2bf1f522bdb083c2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a98f2d7a0b017505720477d9fc89de2b56470dfa ---- - src/journal/journald-server.c | 76 +++++++++++++++++++++++++++++++++-- - 1 file changed, 73 insertions(+), 3 deletions(-) - -diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c -index a212079758..86302e31e3 100644 ---- a/src/journal/journald-server.c -+++ b/src/journal/journald-server.c -@@ -1443,12 +1443,82 @@ static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo * - } - - static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) { -+ _cleanup_(sd_event_source_disable_unrefp) sd_event_source *news = NULL; - Server *s = userdata; -+ int r; - - assert(s); - - log_received_signal(LOG_INFO, si); - -+ (void) sd_event_source_set_enabled(es, false); /* Make sure this handler is called at most once */ -+ -+ /* So on one hand we want to ensure that SIGTERMs are definitely handled in appropriate, bounded -+ * time. On the other hand we want that everything pending is first comprehensively processed and -+ * written to disk. These goals are incompatible, hence we try to find a middle ground: we'll process -+ * SIGTERM with high priority, but from the handler (this one right here) we'll install two new event -+ * sources: one low priority idle one that will issue the exit once everything else is processed (and -+ * which is hopefully the regular, clean codepath); and one high priority timer that acts as safety -+ * net: if our idle handler isn't run within 10s, we'll exit anyway. -+ * -+ * TLDR: we'll exit either when everything is processed, or after 10s max, depending on what happens -+ * first. -+ * -+ * Note that exiting before the idle event is hit doesn't typically mean that we lose any data, as -+ * messages will remain queued in the sockets they came in from, and thus can be processed when we -+ * start up next – unless we are going down for the final system shutdown, in which case everything -+ * is lost. */ -+ -+ r = sd_event_add_defer(s->event, &news, NULL, NULL); /* NULL handler means → exit when triggered */ -+ if (r < 0) { -+ log_error_errno(r, "Failed to allocate exit idle event handler: %m"); -+ goto fail; -+ } -+ -+ (void) sd_event_source_set_description(news, "exit-idle"); -+ -+ /* Run everything relevant before this. */ -+ r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_NORMAL+20); -+ if (r < 0) { -+ log_error_errno(r, "Failed to adjust priority of exit idle event handler: %m"); -+ goto fail; -+ } -+ -+ /* Give up ownership, so that this event source is freed automatically when the event loop is freed. */ -+ r = sd_event_source_set_floating(news, true); -+ if (r < 0) { -+ log_error_errno(r, "Failed to make exit idle event handler floating: %m"); -+ goto fail; -+ } -+ -+ news = sd_event_source_unref(news); -+ -+ r = sd_event_add_time_relative(s->event, &news, CLOCK_MONOTONIC, 10 * USEC_PER_SEC, 0, NULL, NULL); -+ if (r < 0) { -+ log_error_errno(r, "Failed to allocate exit timeout event handler: %m"); -+ goto fail; -+ } -+ -+ (void) sd_event_source_set_description(news, "exit-timeout"); -+ -+ r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_IMPORTANT-20); /* This is a safety net, with highest priority */ -+ if (r < 0) { -+ log_error_errno(r, "Failed to adjust priority of exit timeout event handler: %m"); -+ goto fail; -+ } -+ -+ r = sd_event_source_set_floating(news, true); -+ if (r < 0) { -+ log_error_errno(r, "Failed to make exit timeout event handler floating: %m"); -+ goto fail; -+ } -+ -+ news = sd_event_source_unref(news); -+ -+ log_debug("Exit event sources are now pending."); -+ return 0; -+ -+fail: - sd_event_exit(s->event, 0); - return 0; - } -@@ -1500,8 +1570,8 @@ static int setup_signals(Server *s) { - if (r < 0) - return r; - -- /* Let's process SIGTERM late, so that we flush all queued messages to disk before we exit */ -- r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_NORMAL+20); -+ /* Let's process SIGTERM early, so that we definitely react to it */ -+ r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_IMPORTANT-10); - if (r < 0) - return r; - -@@ -1511,7 +1581,7 @@ static int setup_signals(Server *s) { - if (r < 0) - return r; - -- r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_NORMAL+20); -+ r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_IMPORTANT-10); - if (r < 0) - return r; - --- -2.33.0 - diff --git a/backport-json-do-something-remotely-reasonable-when-we-see-Na.patch b/backport-json-do-something-remotely-reasonable-when-we-see-Na.patch deleted file mode 100644 index c4c0f5c..0000000 --- a/backport-json-do-something-remotely-reasonable-when-we-see-Na.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 06444b314b863facdb173f10f2d1ff11196755d2 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 26 Oct 2021 15:45:49 +0200 -Subject: [PATCH] json: do something remotely reasonable when we see - NaN/infinity - -JSON doesn't have NaN/infinity/-infinity concepts in the spec. -Implementations vary what they do with it. JSON5 + Python simply -generate special words "NAN" and "Inifinity" from it. Others generate -"null" for it. - -At this point we never actually want to output this, so let's be -conservative and generate RFC compliant JSON, i.e. convert to null. - -One day should JSON5 actually become a thing we can revisit this, but in -that case we should implement things via a flag, and only optinally -process nan/infinity/-infinity. - -This patch is extremely simple: whenever accepting a -nan/infinity/-infinity from outside it converts it to NULL. I.e. we -convert on input, not output. - -(cherry picked from commit 8f1daefce6e952f2fad9510e5101b5fc675d363f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/06444b314b863facdb173f10f2d1ff11196755d2 ---- - src/shared/json.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/shared/json.c b/src/shared/json.c -index c52460a3ec..d72b1e3a38 100644 ---- a/src/shared/json.c -+++ b/src/shared/json.c -@@ -359,6 +359,12 @@ int json_variant_new_real(JsonVariant **ret, long double d) { - } - REENABLE_WARNING; - -+ /* JSON doesn't know NaN, +Infinity or -Infinity. Let's silently convert to 'null'. */ -+ if (isnan(d) || isinf(d)) { -+ *ret = JSON_VARIANT_MAGIC_NULL; -+ return 0; -+ } -+ - r = json_variant_new(&v, JSON_VARIANT_REAL, sizeof(d)); - if (r < 0) - return r; --- -2.33.0 - diff --git a/backport-kernel-install-also-remove-modules.builtin.alias.bin.patch b/backport-kernel-install-also-remove-modules.builtin.alias.bin.patch deleted file mode 100644 index 1aa7a99..0000000 --- a/backport-kernel-install-also-remove-modules.builtin.alias.bin.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 44e060dd1641068752b79d49322d379c2ef2a1c1 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 15 Jan 2022 03:37:40 +0900 -Subject: [PATCH] kernel-install: also remove modules.builtin.alias.bin - -Fixes RHBZ#2016630. - -(cherry picked from commit 06006691b5c56b6123044179d934b3ed81c237ca) -(cherry picked from commit fdcb1bf67371615f12c4b11283f2bd6a25bda019) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/44e060dd1641068752b79d49322d379c2ef2a1c1 ---- - src/kernel-install/50-depmod.install | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install -index 2fd959865f..fd00c43632 100644 ---- a/src/kernel-install/50-depmod.install -+++ b/src/kernel-install/50-depmod.install -@@ -36,7 +36,7 @@ case "$COMMAND" in - remove) - [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ - echo "Removing /lib/modules/${KERNEL_VERSION}/modules.dep and associated files" -- exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin.bin,dep{,.bin},devname,softdep,symbols{,.bin}} -+ exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin{,.alias}.bin,dep{,.bin},devname,softdep,symbols{,.bin}} - ;; - *) - exit 0 --- -2.33.0 - diff --git a/backport-libsystemd-network-disable-event-sources-before-unre.patch b/backport-libsystemd-network-disable-event-sources-before-unre.patch deleted file mode 100644 index d947eff..0000000 --- a/backport-libsystemd-network-disable-event-sources-before-unre.patch +++ /dev/null @@ -1,194 +0,0 @@ -From 00a2361bb5d3fccfa5b4fdb4d73b7aa7938e2449 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 24 Sep 2021 17:26:35 +0900 -Subject: [PATCH] libsystemd-network: disable event sources before unref them - -Fixes #20825. - -(cherry picked from commit eb2f750242d6c4c0963887dbd561d8bafa318685) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/00a2361bb5d3fccfa5b4fdb4d73b7aa7938e2449 ---- - src/libsystemd-network/sd-dhcp-client.c | 12 +++++------- - src/libsystemd-network/sd-dhcp-server.c | 4 ++-- - src/libsystemd-network/sd-ipv4acd.c | 5 ++--- - src/libsystemd-network/sd-lldp.c | 7 ++++--- - src/libsystemd-network/sd-ndisc.c | 9 +++++---- - src/libsystemd-network/sd-radv.c | 6 ++---- - 6 files changed, 20 insertions(+), 23 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c -index 030b50cf2a..46191e58f5 100644 ---- a/src/libsystemd-network/sd-dhcp-client.c -+++ b/src/libsystemd-network/sd-dhcp-client.c -@@ -726,7 +726,7 @@ static int client_notify(sd_dhcp_client *client, int event) { - static int client_initialize(sd_dhcp_client *client) { - assert_return(client, -EINVAL); - -- client->receive_message = sd_event_source_unref(client->receive_message); -+ client->receive_message = sd_event_source_disable_unref(client->receive_message); - - client->fd = safe_close(client->fd); - -@@ -1492,7 +1492,7 @@ static int client_timeout_t2(sd_event_source *s, uint64_t usec, void *userdata) - - assert(client); - -- client->receive_message = sd_event_source_unref(client->receive_message); -+ client->receive_message = sd_event_source_disable_unref(client->receive_message); - client->fd = safe_close(client->fd); - - client->state = DHCP_STATE_REBINDING; -@@ -1847,7 +1847,7 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i - - client->start_delay = 0; - (void) event_source_disable(client->timeout_resend); -- client->receive_message = sd_event_source_unref(client->receive_message); -+ client->receive_message = sd_event_source_disable_unref(client->receive_message); - client->fd = safe_close(client->fd); - - client->state = DHCP_STATE_BOUND; -@@ -2229,17 +2229,15 @@ static sd_dhcp_client *dhcp_client_free(sd_dhcp_client *client) { - - log_dhcp_client(client, "FREE"); - -+ client_initialize(client); -+ - client->timeout_resend = sd_event_source_unref(client->timeout_resend); - client->timeout_t1 = sd_event_source_unref(client->timeout_t1); - client->timeout_t2 = sd_event_source_unref(client->timeout_t2); - client->timeout_expire = sd_event_source_unref(client->timeout_expire); - -- client_initialize(client); -- - sd_dhcp_client_detach_event(client); - -- sd_dhcp_lease_unref(client->lease); -- - set_free(client->req_opts); - free(client->hostname); - free(client->vendor_class_identifier); -diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c -index 9ae884b0fc..3f4af8440e 100644 ---- a/src/libsystemd-network/sd-dhcp-server.c -+++ b/src/libsystemd-network/sd-dhcp-server.c -@@ -267,8 +267,8 @@ int sd_dhcp_server_stop(sd_dhcp_server *server) { - if (!server) - return 0; - -- server->receive_message = sd_event_source_unref(server->receive_message); -- server->receive_broadcast = sd_event_source_unref(server->receive_broadcast); -+ server->receive_message = sd_event_source_disable_unref(server->receive_message); -+ server->receive_broadcast = sd_event_source_disable_unref(server->receive_broadcast); - - server->fd_raw = safe_close(server->fd_raw); - server->fd = safe_close(server->fd); -diff --git a/src/libsystemd-network/sd-ipv4acd.c b/src/libsystemd-network/sd-ipv4acd.c -index 9a77a33317..ebd4764840 100644 ---- a/src/libsystemd-network/sd-ipv4acd.c -+++ b/src/libsystemd-network/sd-ipv4acd.c -@@ -120,7 +120,7 @@ static void ipv4acd_reset(sd_ipv4acd *acd) { - assert(acd); - - (void) event_source_disable(acd->timer_event_source); -- acd->receive_message_event_source = sd_event_source_unref(acd->receive_message_event_source); -+ acd->receive_message_event_source = sd_event_source_disable_unref(acd->receive_message_event_source); - - acd->fd = safe_close(acd->fd); - -@@ -130,9 +130,8 @@ static void ipv4acd_reset(sd_ipv4acd *acd) { - static sd_ipv4acd *ipv4acd_free(sd_ipv4acd *acd) { - assert(acd); - -- acd->timer_event_source = sd_event_source_unref(acd->timer_event_source); -- - ipv4acd_reset(acd); -+ sd_event_source_unref(acd->timer_event_source); - sd_ipv4acd_detach_event(acd); - free(acd->ifname); - return mfree(acd); -diff --git a/src/libsystemd-network/sd-lldp.c b/src/libsystemd-network/sd-lldp.c -index 49aa876a53..b38d6dbd1e 100644 ---- a/src/libsystemd-network/sd-lldp.c -+++ b/src/libsystemd-network/sd-lldp.c -@@ -239,7 +239,7 @@ static void lldp_reset(sd_lldp *lldp) { - assert(lldp); - - (void) event_source_disable(lldp->timer_event_source); -- lldp->io_event_source = sd_event_source_unref(lldp->io_event_source); -+ lldp->io_event_source = sd_event_source_disable_unref(lldp->io_event_source); - lldp->fd = safe_close(lldp->fd); - } - -@@ -365,10 +365,11 @@ const char *sd_lldp_get_ifname(sd_lldp *lldp) { - static sd_lldp* lldp_free(sd_lldp *lldp) { - assert(lldp); - -- lldp->timer_event_source = sd_event_source_unref(lldp->timer_event_source); -- - lldp_reset(lldp); -+ -+ sd_event_source_unref(lldp->timer_event_source); - sd_lldp_detach_event(lldp); -+ - lldp_flush_neighbors(lldp); - - hashmap_free(lldp->neighbor_by_id); -diff --git a/src/libsystemd-network/sd-ndisc.c b/src/libsystemd-network/sd-ndisc.c -index 4d5f1b54cd..9b3a89378c 100644 ---- a/src/libsystemd-network/sd-ndisc.c -+++ b/src/libsystemd-network/sd-ndisc.c -@@ -133,18 +133,19 @@ static void ndisc_reset(sd_ndisc *nd) { - (void) event_source_disable(nd->timeout_event_source); - (void) event_source_disable(nd->timeout_no_ra); - nd->retransmit_time = 0; -- nd->recv_event_source = sd_event_source_unref(nd->recv_event_source); -+ nd->recv_event_source = sd_event_source_disable_unref(nd->recv_event_source); - nd->fd = safe_close(nd->fd); - } - - static sd_ndisc *ndisc_free(sd_ndisc *nd) { - assert(nd); - -- nd->timeout_event_source = sd_event_source_unref(nd->timeout_event_source); -- nd->timeout_no_ra = sd_event_source_unref(nd->timeout_no_ra); -- - ndisc_reset(nd); -+ -+ sd_event_source_unref(nd->timeout_event_source); -+ sd_event_source_unref(nd->timeout_no_ra); - sd_ndisc_detach_event(nd); -+ - free(nd->ifname); - return mfree(nd); - } -diff --git a/src/libsystemd-network/sd-radv.c b/src/libsystemd-network/sd-radv.c -index 857401bf6e..eac8aa385b 100644 ---- a/src/libsystemd-network/sd-radv.c -+++ b/src/libsystemd-network/sd-radv.c -@@ -89,8 +89,7 @@ static void radv_reset(sd_radv *ra) { - - (void) event_source_disable(ra->timeout_event_source); - -- ra->recv_event_source = -- sd_event_source_unref(ra->recv_event_source); -+ ra->recv_event_source = sd_event_source_disable_unref(ra->recv_event_source); - - ra->ra_sent = 0; - } -@@ -116,10 +115,9 @@ static sd_radv *radv_free(sd_radv *ra) { - free(ra->rdnss); - free(ra->dnssl); - -- ra->timeout_event_source = sd_event_source_unref(ra->timeout_event_source); -- - radv_reset(ra); - -+ sd_event_source_unref(ra->timeout_event_source); - sd_radv_detach_event(ra); - - ra->fd = safe_close(ra->fd); --- -2.33.0 - diff --git a/backport-list-introduce-LIST_FOREACH_BACKWARDS-macro-and-drop.patch b/backport-list-introduce-LIST_FOREACH_BACKWARDS-macro-and-drop.patch deleted file mode 100644 index 7766b87..0000000 --- a/backport-list-introduce-LIST_FOREACH_BACKWARDS-macro-and-drop.patch +++ /dev/null @@ -1,102 +0,0 @@ -From bd335c961fed6982e5ad8c2322414ff33a46e92e Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 16:12:06 +0900 -Subject: [PATCH] list: introduce LIST_FOREACH_BACKWARDS() macro and drop - LIST_FOREACH_AFTER/BEFORE() - -Reference:https://github.com/systemd/systemd/commit/bd335c961fed6982e5ad8c2322414ff33a46e92e -Conflict:NA - ---- - src/basic/list.h | 7 ++----- - src/core/device.c | 8 ++++---- - src/core/swap.c | 4 ++-- - src/udev/udev-rules.c | 2 +- - 4 files changed, 9 insertions(+), 12 deletions(-) - -diff --git a/src/basic/list.h b/src/basic/list.h -index 256b718..e488fff 100644 ---- a/src/basic/list.h -+++ b/src/basic/list.h -@@ -142,11 +142,8 @@ - #define LIST_FOREACH_SAFE(name,i,n,head) \ - for ((i) = (head); (i) && (((n) = (i)->name##_next), 1); (i) = (n)) - --#define LIST_FOREACH_BEFORE(name,i,p) \ -- for ((i) = (p)->name##_prev; (i); (i) = (i)->name##_prev) -- --#define LIST_FOREACH_AFTER(name,i,p) \ -- for ((i) = (p)->name##_next; (i); (i) = (i)->name##_next) -+#define LIST_FOREACH_BACKWARDS(name,i,p) \ -+ for ((i) = (p); (i); (i) = (i)->name##_prev) - - /* Iterate through all the members of the list p is included in, but skip over p */ - #define LIST_FOREACH_OTHERS(name,i,p) \ -diff --git a/src/core/device.c b/src/core/device.c -index c24bc12..06270e7 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -785,11 +785,11 @@ static Unit *device_following(Unit *u) { - return NULL; - - /* Make everybody follow the unit that's named after the sysfs path */ -- LIST_FOREACH_AFTER(same_sysfs, other, d) -+ LIST_FOREACH(same_sysfs, other, d->same_sysfs_next) - if (startswith(UNIT(other)->id, "sys-")) - return UNIT(other); - -- LIST_FOREACH_BEFORE(same_sysfs, other, d) { -+ LIST_FOREACH_BACKWARDS(same_sysfs, other, d->same_sysfs_prev) { - if (startswith(UNIT(other)->id, "sys-")) - return UNIT(other); - -@@ -816,13 +816,13 @@ static int device_following_set(Unit *u, Set **_set) { - if (!set) - return -ENOMEM; - -- LIST_FOREACH_AFTER(same_sysfs, other, d) { -+ LIST_FOREACH(same_sysfs, other, d->same_sysfs_next) { - r = set_put(set, other); - if (r < 0) - return r; - } - -- LIST_FOREACH_BEFORE(same_sysfs, other, d) { -+ LIST_FOREACH_BACKWARDS(same_sysfs, other, d->same_sysfs_prev) { - r = set_put(set, other); - if (r < 0) - return r; -diff --git a/src/core/swap.c b/src/core/swap.c -index 83e77d2..7a9628e 100644 ---- a/src/core/swap.c -+++ b/src/core/swap.c -@@ -1323,11 +1323,11 @@ static Unit *swap_following(Unit *u) { - if (streq_ptr(s->what, s->devnode)) - return NULL; - -- LIST_FOREACH_AFTER(same_devnode, other, s) -+ LIST_FOREACH(same_devnode, other, s->same_devnode_next) - if (streq_ptr(other->what, other->devnode)) - return UNIT(other); - -- LIST_FOREACH_BEFORE(same_devnode, other, s) { -+ LIST_FOREACH_BACKWARDS(same_devnode, other, s->same_devnode_prev) { - if (streq_ptr(other->what, other->devnode)) - return UNIT(other); - -diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c -index bf997fc..5e8dad2 100644 ---- a/src/udev/udev-rules.c -+++ b/src/udev/udev-rules.c -@@ -1154,7 +1154,7 @@ static void rule_resolve_goto(UdevRuleFile *rule_file) { - if (!FLAGS_SET(line->type, LINE_HAS_GOTO)) - continue; - -- LIST_FOREACH_AFTER(rule_lines, i, line) -+ LIST_FOREACH(rule_lines, i, line->rule_lines_next) - if (streq_ptr(i->label, line->goto_label)) { - line->goto_line = i; - break; --- -2.33.0 - diff --git a/backport-localed-use-PROJECT_FILE-rather-than-__FILE__-for-lo.patch b/backport-localed-use-PROJECT_FILE-rather-than-__FILE__-for-lo.patch deleted file mode 100644 index f6961b3..0000000 --- a/backport-localed-use-PROJECT_FILE-rather-than-__FILE__-for-lo.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 00b0393e65252bf631670604f58b844780b08c50 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 11 Oct 2021 13:56:22 +0200 -Subject: [PATCH] localed: use PROJECT_FILE rather than __FILE__ for logging - -All our log.h code uses PROJECT_FILE for this, let's hence use it here -too. - -(cherry picked from commit 11c8b1f1031d368358286f4bb26abebd73cd2868) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/00b0393e65252bf631670604f58b844780b08c50 ---- - src/locale/localed.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/locale/localed.c b/src/locale/localed.c -index df0eb030d4..c228385d0e 100644 ---- a/src/locale/localed.c -+++ b/src/locale/localed.c -@@ -560,7 +560,7 @@ static void log_xkb(struct xkb_context *ctx, enum xkb_log_level lvl, const char - - fmt = strjoina("libxkbcommon: ", format); - DISABLE_WARNING_FORMAT_NONLITERAL; -- log_internalv(LOG_DEBUG, 0, __FILE__, __LINE__, __func__, fmt, args); -+ log_internalv(LOG_DEBUG, 0, PROJECT_FILE, __LINE__, __func__, fmt, args); - REENABLE_WARNING; - } - --- -2.33.0 - diff --git a/backport-log-don-t-attempt-to-duplicate-closed-fd.patch b/backport-log-don-t-attempt-to-duplicate-closed-fd.patch deleted file mode 100644 index d8cf413..0000000 --- a/backport-log-don-t-attempt-to-duplicate-closed-fd.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 417f37c1455fe770d96559205b864766188d9866 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 2 Sep 2022 18:35:03 +0200 -Subject: [PATCH] log: don't attempt to duplicate closed fd -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -if the console fd is not open we shouldn#t try to move it out of the 0…2 -range. - -Fixes: #24535 -Alternative-for: #24537 -(cherry picked from commit f1ee066840eea748ad4074ac2bc859bb897953b9) -(cherry picked from commit e0dde8a14f8b05b88e1add1abdb68c364913346b) -(cherry picked from commit 40cedddab7e5c84c8fa4738de423971997d9aef5) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/417f37c1455fe770d96559205b864766188d9866 ---- - src/basic/log.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/log.c b/src/basic/log.c -index 1d68b49963..4a1d3c0d6d 100644 ---- a/src/basic/log.c -+++ b/src/basic/log.c -@@ -1477,7 +1477,7 @@ int log_dup_console(void) { - /* Duplicate the fd we use for fd logging if it's < 3 and use the copy from now on. This call is useful - * whenever we want to continue logging through the original fd, but want to rearrange stderr. */ - -- if (console_fd >= 3) -+ if (console_fd < 0 || console_fd >= 3) - return 0; - - copy = fcntl(console_fd, F_DUPFD_CLOEXEC, 3); --- -2.27.0 - diff --git a/backport-login-drop-non-default-value-for-RuntimeDirectoryIno.patch b/backport-login-drop-non-default-value-for-RuntimeDirectoryIno.patch deleted file mode 100644 index a453599..0000000 --- a/backport-login-drop-non-default-value-for-RuntimeDirectoryIno.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 0bc055cf52251a98e41391a7587b7222120c67d2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 28 Apr 2022 19:53:12 +0900 -Subject: [PATCH] login: drop non-default value for RuntimeDirectoryInodesMax= - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0bc055cf52251a98e41391a7587b7222120c67d2 ---- - src/login/logind.conf.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in -index 8ec979e0e8..08a89c351c 100644 ---- a/src/login/logind.conf.in -+++ b/src/login/logind.conf.in -@@ -42,7 +42,7 @@ - #IdleAction=ignore - #IdleActionSec=30min - #RuntimeDirectorySize=10% --#RuntimeDirectoryInodesMax=400k -+#RuntimeDirectoryInodesMax= - #RemoveIPC=yes - #InhibitorsMax=8192 - #SessionsMax=8192 --- -2.33.0 \ No newline at end of file diff --git a/backport-login-make-RuntimeDirectoryInodesMax-support-K-G-M-s.patch b/backport-login-make-RuntimeDirectoryInodesMax-support-K-G-M-s.patch deleted file mode 100644 index a363efe..0000000 --- a/backport-login-make-RuntimeDirectoryInodesMax-support-K-G-M-s.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 08a767f1e03bd59c0960a96ad585dbc3ef0bc78d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 27 Apr 2022 17:44:46 +0900 -Subject: [PATCH] login: make RuntimeDirectoryInodesMax= support K, G, M - suffixes - -Fixes #23017. - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/08a767f1e03bd59c0960a96ad585dbc3ef0bc78d ---- - src/login/logind-gperf.gperf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/login/logind-gperf.gperf b/src/login/logind-gperf.gperf -index 867db36533..f11ab8ada5 100644 ---- a/src/login/logind-gperf.gperf -+++ b/src/login/logind-gperf.gperf -@@ -45,7 +45,7 @@ Login.HoldoffTimeoutSec, config_parse_sec, 0, offse - Login.IdleAction, config_parse_handle_action, 0, offsetof(Manager, idle_action) - Login.IdleActionSec, config_parse_sec, 0, offsetof(Manager, idle_action_usec) - Login.RuntimeDirectorySize, config_parse_tmpfs_size, 0, offsetof(Manager, runtime_dir_size) --Login.RuntimeDirectoryInodesMax, config_parse_uint64, 0, offsetof(Manager, runtime_dir_inodes) -+Login.RuntimeDirectoryInodesMax, config_parse_iec_uint64, 0, offsetof(Manager, runtime_dir_inodes) - Login.RemoveIPC, config_parse_bool, 0, offsetof(Manager, remove_ipc) - Login.InhibitorsMax, config_parse_uint64, 0, offsetof(Manager, inhibitors_max) - Login.SessionsMax, config_parse_uint64, 0, offsetof(Manager, sessions_max) --- -2.27.0 - diff --git a/backport-login-respect-install_sysconfdir_samples-in-meson-fi.patch b/backport-login-respect-install_sysconfdir_samples-in-meson-fi.patch deleted file mode 100644 index 16c0e9d..0000000 --- a/backport-login-respect-install_sysconfdir_samples-in-meson-fi.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 426cd32268f6068b843bc24d54b3f969034ab998 Mon Sep 17 00:00:00 2001 -From: Andreas Rammhold -Date: Mon, 26 Jul 2021 17:20:34 +0200 -Subject: [PATCH] login: respect install_sysconfdir_samples in meson file - -The refactoring done in c900d89faa0 caused the configuration files to be -installed into the pkgsysconfdir regardless of the state of the -install_sysconfdir_samples boolean that indicates whether or not the -sample files should be installed. - -(cherry picked from commit 72964d047a7a8f79ae12ab41168feb0080eef6c3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/426cd32268f6068b843bc24d54b3f969034ab998 ---- - src/login/meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/login/meson.build b/src/login/meson.build -index 8c20e6be65..b637adc9a2 100644 ---- a/src/login/meson.build -+++ b/src/login/meson.build -@@ -67,7 +67,7 @@ pam_systemd_c = files('pam_systemd.c') - - enable_logind = conf.get('ENABLE_LOGIND') == 1 - in_files = [ -- ['logind.conf', pkgsysconfdir, enable_logind], -+ ['logind.conf', pkgsysconfdir, enable_logind and install_sysconfdir_samples], - ['70-uaccess.rules', udevrulesdir, enable_logind and conf.get('HAVE_ACL') == 1], - ['71-seat.rules', udevrulesdir, enable_logind], - ['73-seat-late.rules', udevrulesdir, enable_logind], --- -2.33.0 - diff --git a/backport-login-use-bus_error_message-at-one-more-place.patch b/backport-login-use-bus_error_message-at-one-more-place.patch deleted file mode 100644 index ef14f13..0000000 --- a/backport-login-use-bus_error_message-at-one-more-place.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 98f8c18db0edda121db05171fbaf35c342fd86b2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 30 Jan 2022 05:38:35 +0900 -Subject: [PATCH] login: use bus_error_message() at one more place - -(cherry picked from commit 80c8c786a314bceba180fac5506e72aa48c0764a) -(cherry picked from commit 048487c094a149e99b4067c8cd2d3974a8f17397) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/98f8c18db0edda121db05171fbaf35c342fd86b2 ---- - src/login/logind-user.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/src/login/logind-user.c b/src/login/logind-user.c -index a2c468e8dd..3c65867cb6 100644 ---- a/src/login/logind-user.c -+++ b/src/login/logind-user.c -@@ -358,15 +358,19 @@ static void user_start_service(User *u) { - - static int update_slice_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { - _cleanup_(user_record_unrefp) UserRecord *ur = userdata; -+ const sd_bus_error *e; -+ int r; - - assert(m); - assert(ur); - -- if (sd_bus_message_is_method_error(m, NULL)) { -- log_warning_errno(sd_bus_message_get_errno(m), -+ e = sd_bus_message_get_error(m); -+ if (e) { -+ r = sd_bus_error_get_errno(e); -+ log_warning_errno(r, - "Failed to update slice of %s, ignoring: %s", - ur->user_name, -- sd_bus_message_get_error(m)->message); -+ bus_error_message(e, r)); - - return 0; - } --- -2.33.0 - diff --git a/backport-logind-do-not-propagate-error-in-delayed-action.patch b/backport-logind-do-not-propagate-error-in-delayed-action.patch deleted file mode 100644 index 6dddc40..0000000 --- a/backport-logind-do-not-propagate-error-in-delayed-action.patch +++ /dev/null @@ -1,65 +0,0 @@ -From e6ca5aa8ac8d79217d11240b09dfbdb9364cdb36 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 5 Jan 2022 15:10:33 +0100 -Subject: [PATCH] logind: do not propagate error in delayed action - -If the action failed, we should log about the issue, and continue. -Exiting would bring the graphical session down, which of course is not -appreciated by users. - -As documented in previous commits, a non-negative return from the callback -doesn't matter, so the callback is simplified a bit. - -Fixes #21991. - -(cherry picked from commit 8207b8321bbbcbd19a345deb77d455d98e6ffb84) -(cherry picked from commit fb9bbbee6a3c09b75817f9f343176fa2170fdb31) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e6ca5aa8ac8d79217d11240b09dfbdb9364cdb36 ---- - src/login/logind-dbus.c | 8 ++------ - 1 file changed, 2 insertions(+), 6 deletions(-) - -diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c -index 19c3f9bd6e..b3c204f0b0 100644 ---- a/src/login/logind-dbus.c -+++ b/src/login/logind-dbus.c -@@ -1639,7 +1639,6 @@ error: - } - - int manager_dispatch_delayed(Manager *manager, bool timeout) { -- - _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; - Inhibitor *offending = NULL; - int r; -@@ -1671,10 +1670,9 @@ int manager_dispatch_delayed(Manager *manager, bool timeout) { - - manager->action_unit = NULL; - manager->action_what = 0; -- return r; - } - -- return 1; -+ return 1; /* We did some work. */ - } - - static int manager_inhibit_timeout_handler( -@@ -1683,13 +1681,11 @@ static int manager_inhibit_timeout_handler( - void *userdata) { - - Manager *manager = userdata; -- int r; - - assert(manager); - assert(manager->inhibit_timeout_source == s); - -- r = manager_dispatch_delayed(manager, true); -- return (r < 0) ? r : 0; -+ return manager_dispatch_delayed(manager, true); - } - - static int delay_shutdown_or_sleep( --- -2.33.0 - diff --git a/backport-logind-downgrade-message-about-run-utmp-missing-to-L.patch b/backport-logind-downgrade-message-about-run-utmp-missing-to-L.patch deleted file mode 100644 index 0ca9190..0000000 --- a/backport-logind-downgrade-message-about-run-utmp-missing-to-L.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 5ac75f556c2ff3c28a815414dab92b58c3726dbd Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 8 Nov 2021 23:08:13 +0100 -Subject: [PATCH] logind: downgrade message about /run/utmp missing to - LOG_DEBUG - -This isn't really anything to really complain about, let's debug log -about this, and continue quietly as if utmp was empty. - -(cherry picked from commit 9830d716147c4e35026457027af95f303e690ae9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5ac75f556c2ff3c28a815414dab92b58c3726dbd ---- - src/login/logind-core.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/login/logind-core.c b/src/login/logind-core.c -index 22031f485a..e08929e52a 100644 ---- a/src/login/logind-core.c -+++ b/src/login/logind-core.c -@@ -707,7 +707,9 @@ int manager_read_utmp(Manager *m) { - errno = 0; - u = getutxent(); - if (!u) { -- if (errno != 0) -+ if (errno == ENOENT) -+ log_debug_errno(errno, _PATH_UTMPX " does not exist, ignoring."); -+ else if (errno != 0) - log_warning_errno(errno, "Failed to read " _PATH_UTMPX ", ignoring: %m"); - return 0; - } --- -2.33.0 - diff --git a/backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch b/backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch deleted file mode 100644 index 562f739..0000000 --- a/backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 848586f6f46e58c4960c2675102757d8c11ce046 Mon Sep 17 00:00:00 2001 -From: Michael Biebl -Date: Wed, 12 Oct 2022 11:07:57 +0200 -Subject: [PATCH] logind: fix getting property OnExternalPower via D-Bus - -The BUS_DEFINE_PROPERTY_GET_GLOBAL macro requires a value as third -argument, so we need to call manager_is_on_external_power(). Otherwise -the function pointer is interpreted as a boolean and always returns -true: - -``` -$ busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager OnExternalPower -b true -$ /lib/systemd/systemd-ac-power --verbose -no -``` - -Thanks: Helmut Grohne -Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021644 -(cherry picked from commit 63168cb517a556b2f4f175b365f5a4b4c7e85150) -(cherry picked from commit 3028e05955f1d1a43d57bbbe05321546d56c70a9) -(cherry picked from commit c622de4c9d474c2b666881ccbf60c7e2bf1fb484) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/848586f6f46e58c4960c2675102757d8c11ce046 ---- - src/login/logind-dbus.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c -index b3c204f0b0..1d0cf904bc 100644 ---- a/src/login/logind-dbus.c -+++ b/src/login/logind-dbus.c -@@ -353,7 +353,7 @@ static int property_get_scheduled_shutdown( - static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_handle_action, handle_action, HandleAction); - static BUS_DEFINE_PROPERTY_GET(property_get_docked, "b", Manager, manager_is_docked_or_external_displays); - static BUS_DEFINE_PROPERTY_GET(property_get_lid_closed, "b", Manager, manager_is_lid_closed); --static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power); -+static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power()); - static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_compat_user_tasks_max, "t", CGROUP_LIMIT_MAX); - static BUS_DEFINE_PROPERTY_GET_REF(property_get_hashmap_size, "t", Hashmap *, (uint64_t) hashmap_size); - --- -2.27.0 - diff --git a/backport-logind.conf-Fix-name-of-option-RuntimeDirectoryInode.patch b/backport-logind.conf-Fix-name-of-option-RuntimeDirectoryInode.patch deleted file mode 100644 index 411c6b5..0000000 --- a/backport-logind.conf-Fix-name-of-option-RuntimeDirectoryInode.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 927898c86d121a2985bc6c8d261f505197df8e80 Mon Sep 17 00:00:00 2001 -From: Arfrever Frehtes Taifersar Arahesis -Date: Thu, 27 Jan 2022 00:00:00 +0000 -Subject: [PATCH] logind.conf: Fix name of option: RuntimeDirectoryInodes -> - RuntimeDirectoryInodesMax - -(cherry picked from commit a42a93830fcc18da073a5ac06f93c386efc9109d) -(cherry picked from commit 5b20a2b19c847b8ad8b354f1b735fbbaf88d2f8f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/927898c86d121a2985bc6c8d261f505197df8e80 ---- - src/login/logind.conf.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in -index 27ba77ce79..be2eb790bf 100644 ---- a/src/login/logind.conf.in -+++ b/src/login/logind.conf.in -@@ -38,7 +38,7 @@ - #IdleAction=ignore - #IdleActionSec=30min - #RuntimeDirectorySize=10% --#RuntimeDirectoryInodes=400k -+#RuntimeDirectoryInodesMax=400k - #RemoveIPC=yes - #InhibitorsMax=8192 - #SessionsMax=8192 --- -2.33.0 - diff --git a/backport-machined-set-TTYPath-for-container-shell.patch b/backport-machined-set-TTYPath-for-container-shell.patch deleted file mode 100644 index 61634ff..0000000 --- a/backport-machined-set-TTYPath-for-container-shell.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 6076f379d6911abd69c9565cbbecc60d34be8ce8 Mon Sep 17 00:00:00 2001 -From: Ludwig Nussel -Date: Tue, 21 Dec 2021 11:38:49 +0100 -Subject: [PATCH] machined: set TTYPath for container shell - -TTYPath is needed for proper utmp registration of the shell to -receive wall messages. - -(cherry picked from commit a9c97bbbfb271d68b2ca4f3aa346fdf5e9c70c27) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6076f379d6911abd69c9565cbbecc60d34be8ce8 ---- - src/machine/machine-dbus.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c -index 0022a980c5..404ff1ca46 100644 ---- a/src/machine/machine-dbus.c -+++ b/src/machine/machine-dbus.c -@@ -688,7 +688,7 @@ int bus_machine_method_open_shell(sd_bus_message *message, void *userdata, sd_bu - - description = strjoina("Shell for User ", user); - r = sd_bus_message_append(tm, -- "(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)", -+ "(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)", - "Description", "s", description, - "StandardInputFileDescriptor", "h", slave, - "StandardOutputFileDescriptor", "h", slave, -@@ -696,6 +696,7 @@ int bus_machine_method_open_shell(sd_bus_message *message, void *userdata, sd_bu - "SendSIGHUP", "b", true, - "IgnoreSIGPIPE", "b", false, - "KillMode", "s", "mixed", -+ "TTYPath", "s", pty_name, - "TTYReset", "b", true, - "UtmpIdentifier", "s", utmp_id, - "UtmpMode", "s", "user", --- -2.33.0 - diff --git a/backport-machined-varlink-fix-double-free.patch b/backport-machined-varlink-fix-double-free.patch deleted file mode 100644 index b98a6ae..0000000 --- a/backport-machined-varlink-fix-double-free.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 1600b38cd2029533547f8c3d4abfa12911ca0630 Mon Sep 17 00:00:00 2001 -From: David Tardon -Date: Mon, 2 Aug 2021 13:31:04 +0200 -Subject: [PATCH] machined-varlink: fix double free - -Fixes: #18599 -(cherry picked from commit feac9a1d1bf3f59adaa85f58b655ec01a111a29a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1600b38cd2029533547f8c3d4abfa12911ca0630 ---- - src/machine/machined-varlink.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c -index 009d283acc..fc0b0f11ad 100644 ---- a/src/machine/machined-varlink.c -+++ b/src/machine/machined-varlink.c -@@ -297,7 +297,7 @@ static int group_lookup_name(Manager *m, const char *name, gid_t *ret_gid, char - desc = mfree(desc); - - *ret_gid = converted_gid; -- *ret_description = desc; -+ *ret_description = TAKE_PTR(desc); - return 0; - } - --- -2.33.0 - diff --git a/backport-macro-account-for-negative-values-in-DECIMAL_STR_WID.patch b/backport-macro-account-for-negative-values-in-DECIMAL_STR_WID.patch deleted file mode 100644 index 740c0c1..0000000 --- a/backport-macro-account-for-negative-values-in-DECIMAL_STR_WID.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 19c0ce4c68fd424f48a71afbc9d8b7b67ba58709 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Sun, 13 Mar 2022 14:45:03 +0100 -Subject: [PATCH] macro: account for negative values in DECIMAL_STR_WIDTH() - -With negative numbers we wouldn't account for the minus sign, thus -returning a string with one character too short, triggering buffer -overflows in certain situations. - -(cherry picked from commit e3dd9ea8ea4510221f73071ad30ee657ca77565d) -(cherry picked from commit 25b3c48ec5203a1220daaf33b8df6e50e79fd74a) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/19c0ce4c68fd424f48a71afbc9d8b7b67ba58709 ---- - src/basic/macro.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/macro.h b/src/basic/macro.h -index 072fed4378..5a3027ae5c 100644 ---- a/src/basic/macro.h -+++ b/src/basic/macro.h -@@ -349,7 +349,7 @@ static inline int __coverity_check_and_return__(int condition) { - #define DECIMAL_STR_WIDTH(x) \ - ({ \ - typeof(x) _x_ = (x); \ -- unsigned ans = 1; \ -+ unsigned ans = 2; \ - while ((_x_ /= 10) != 0) \ - ans++; \ - ans; \ --- -2.33.0 - diff --git a/backport-main-drop-get_process_cmdline-from-crash-handler.patch b/backport-main-drop-get_process_cmdline-from-crash-handler.patch deleted file mode 100644 index 423b559..0000000 --- a/backport-main-drop-get_process_cmdline-from-crash-handler.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 28c5859fa30572950a24a7638a3a8191d65daf68 Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Thu, 10 Mar 2022 09:22:29 +0800 -Subject: [PATCH] main: drop get_process_cmdline from crash handler - get_process_cmdline calls malloc, which should be avoid in signal handler. - -Fixes: #22690 ---- - src/core/main.c | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/src/core/main.c b/src/core/main.c -index 41a4b4225f..7c9265f394 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -274,11 +274,12 @@ _noreturn_ static void crash(int sig, siginfo_t *siginfo, void *context) { - int r; - - if (siginfo) { -- _cleanup_free_ char *cmdline = NULL; -- pid_t sender_pid = siginfo->si_pid; -- -- (void) get_process_cmdline(sender_pid, SIZE_MAX, 0, &cmdline); -- log_emergency("Caught <%s> from PID "PID_FMT" (%s)", signal_to_string(sig), sender_pid, strna(cmdline)); -+ if (siginfo->si_pid == 0) -+ log_emergency("Caught <%s> from unknown sender process.", signal_to_string(sig)); -+ else if (siginfo->si_pid == 1) -+ log_emergency("Caught <%s> from our own process.", signal_to_string(sig)); -+ else -+ log_emergency("Caught <%s> from PID "PID_FMT".", signal_to_string(sig), siginfo->si_pid); - } - - /* Order things nicely. */ --- -2.27.0 - diff --git a/backport-main-log-which-process-send-SIGNAL-to-PID1.patch b/backport-main-log-which-process-send-SIGNAL-to-PID1.patch deleted file mode 100644 index 184cecd..0000000 --- a/backport-main-log-which-process-send-SIGNAL-to-PID1.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 7347b3db838ea3f02afc6c8a6dccac1ff8e7edbd Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Tue, 8 Mar 2022 19:18:36 +0800 -Subject: [PATCH] main: log which process send SIGNAL to PID1 This can help - users to figure out what makes systemd freeze. 1. Someone kills systemd - accidentally, then the sender_pid won't be 1; 2. systemd triggers segfault or - assert, then the sender_pid will be 1; - ---- - src/core/main.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/src/core/main.c b/src/core/main.c -index 5009b8d85f..41a4b4225f 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -228,7 +228,7 @@ _noreturn_ static void freeze_or_exit_or_reboot(void) { - freeze(); - } - --_noreturn_ static void crash(int sig) { -+_noreturn_ static void crash(int sig, siginfo_t *siginfo, void *context) { - struct sigaction sa; - pid_t pid; - -@@ -273,6 +273,14 @@ _noreturn_ static void crash(int sig) { - siginfo_t status; - int r; - -+ if (siginfo) { -+ _cleanup_free_ char *cmdline = NULL; -+ pid_t sender_pid = siginfo->si_pid; -+ -+ (void) get_process_cmdline(sender_pid, SIZE_MAX, 0, &cmdline); -+ log_emergency("Caught <%s> from PID "PID_FMT" (%s)", signal_to_string(sig), sender_pid, strna(cmdline)); -+ } -+ - /* Order things nicely. */ - r = wait_for_terminate(pid, &status); - if (r < 0) -@@ -330,8 +338,8 @@ _noreturn_ static void crash(int sig) { - - static void install_crash_handler(void) { - static const struct sigaction sa = { -- .sa_handler = crash, -- .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */ -+ .sa_sigaction = crash, -+ .sa_flags = SA_NODEFER | SA_SIGINFO, /* So that we can raise the signal again from the signal handler */ - }; - int r; - --- -2.27.0 - diff --git a/backport-malloc-uses-getrandom-now.patch b/backport-malloc-uses-getrandom-now.patch deleted file mode 100644 index 3f9220f..0000000 --- a/backport-malloc-uses-getrandom-now.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 08c99e5600f92c5143b931a507980a2655380cb3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= -Date: Fri, 9 Jul 2021 17:19:05 -0400 -Subject: [PATCH] malloc() uses getrandom now - -glibc master uses getrandom in malloc since https://sourceware.org/git/?p=glibc.git;a=commit;h=fc859c304898a5ec72e0ba5269ed136ed0ea10e1 , getrandom should be in the default set so to avoid all non trivial programs to fallback to a PRNG. - -(cherry picked from commit 14f4b1b568907350d023d1429c1aa4aaa8925f22) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/08c99e5600f92c5143b931a507980a2655380cb3 ---- - src/shared/seccomp-util.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index e0f88aec73..cad0af89f2 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -310,6 +310,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - "getpgrp\0" - "getpid\0" - "getppid\0" -+ "getrandom\0" - "getresgid\0" - "getresgid32\0" - "getresuid\0" --- -2.33.0 - diff --git a/backport-manager-allow-transient-units-to-have-drop-ins.patch b/backport-manager-allow-transient-units-to-have-drop-ins.patch deleted file mode 100644 index 32d6250..0000000 --- a/backport-manager-allow-transient-units-to-have-drop-ins.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 1a09fb995e0e84c2a5f40945248644b174863c6b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 14 Oct 2022 15:02:20 +0200 -Subject: [PATCH] manager: allow transient units to have drop-ins - -In https://github.com/containers/podman/issues/16107, starting of a transient -slice unit fails because there's a "global" drop-in -/usr/lib/systemd/user/slice.d/10-oomd-per-slice-defaults.conf (provided by -systemd-oomd-defaults package to install some default oomd policy). This means -that the unit_is_pristine() check fails and starting of the unit is forbidden. - -It seems pretty clear to me that dropins at any other level then the unit -should be ignored in this check: we now have multiple layers of drop-ins -(for each level of the cgroup path, and also "global" ones for a specific -unit type). If we install a "global" drop-in, we wouldn't be able to start -any transient units of that type, which seems undesired. - -In principle we could reject dropins at the unit level, but I don't think that -is useful. The whole reason for drop-ins is that they are "add ons", and there -isn't any particular reason to disallow them for transient units. It would also -make things harder to implement and describe: one place for drop-ins is good, -but another is bad. (And as a corner case: for instanciated units, a drop-in -in the template would be acceptable, but a instance-specific drop-in bad?) - -Thus, $subject. - -While at it, adjust the message. All the conditions in unit_is_pristine() -essentially mean that it wasn't loaded (e.g. it might be in an error state), -and that it doesn't have a fragment path (now that drop-ins are acceptable). -If there's a job for it, it necessarilly must have been loaded. If it is -merged into another unit, it also was loaded and found to be an alias. -Based on the discussion in the bugs, it seems that the current message -is far from obvious ;) - -Fixes https://github.com/containers/podman/issues/16107, -https://bugzilla.redhat.com/show_bug.cgi?id=2133792. - -(cherry picked from commit 1f83244641f13a9cb28fdac7e3c17c5446242dfb) -(cherry picked from commit 98a45608c4bf5aa1ba9b603ac2e5730f13659d88) ---- - src/core/dbus-manager.c | 2 +- - src/core/unit.c | 14 ++++++++------ - 2 files changed, 9 insertions(+), 7 deletions(-) - -diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c -index 1a3098ceb1..9a2a5531c6 100644 ---- a/src/core/dbus-manager.c -+++ b/src/core/dbus-manager.c -@@ -901,7 +901,7 @@ static int transient_unit_from_message( - - if (!unit_is_pristine(u)) - return sd_bus_error_setf(error, BUS_ERROR_UNIT_EXISTS, -- "Unit %s already exists.", name); -+ "Unit %s was already loaded or has a fragment file.", name); - - /* OK, the unit failed to load and is unreferenced, now let's - * fill in the transient data instead */ -diff --git a/src/core/unit.c b/src/core/unit.c -index a7b3208432..60e4e42d2f 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -4806,16 +4806,18 @@ int unit_fail_if_noncanonical(Unit *u, const char* where) { - bool unit_is_pristine(Unit *u) { - assert(u); - -- /* Check if the unit already exists or is already around, -- * in a number of different ways. Note that to cater for unit -- * types such as slice, we are generally fine with units that -- * are marked UNIT_LOADED even though nothing was actually -- * loaded, as those unit types don't require a file on disk. */ -+ /* Check if the unit already exists or is already around, in a number of different ways. Note that to -+ * cater for unit types such as slice, we are generally fine with units that are marked UNIT_LOADED -+ * even though nothing was actually loaded, as those unit types don't require a file on disk. -+ * -+ * Note that we don't check for drop-ins here, because we allow drop-ins for transient units -+ * identically to non-transient units, both unit-specific and hierarchical. E.g. for a-b-c.service: -+ * service.d/….conf, a-.service.d/….conf, a-b-.service.d/….conf, a-b-c.service.d/….conf. -+ */ - - return IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) && - !u->fragment_path && - !u->source_path && -- strv_isempty(u->dropin_paths) && - !u->job && - !u->merged_into; - } --- -2.33.0 - diff --git a/backport-manager-reformat-boolean-expression-in-unit_is_prist.patch b/backport-manager-reformat-boolean-expression-in-unit_is_prist.patch deleted file mode 100644 index 7a0d94d..0000000 --- a/backport-manager-reformat-boolean-expression-in-unit_is_prist.patch +++ /dev/null @@ -1,40 +0,0 @@ -From b146a7345b69de16e88347acadb3783ffeeaad9d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 14 Oct 2022 14:40:24 +0200 -Subject: [PATCH] manager: reformat boolean expression in unit_is_pristine() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Not not IN_SET(…) is just too much for my poor brain. Let's invert -the expression to make it easier to undertand. ---- - src/core/unit.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index d6bea2080f..5016114cb4 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -4850,12 +4850,12 @@ bool unit_is_pristine(Unit *u) { - * are marked UNIT_LOADED even though nothing was actually - * loaded, as those unit types don't require a file on disk. */ - -- return !(!IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) || -- u->fragment_path || -- u->source_path || -- !strv_isempty(u->dropin_paths) || -- u->job || -- u->merged_into); -+ return IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_LOADED) && -+ !u->fragment_path && -+ !u->source_path && -+ strv_isempty(u->dropin_paths) && -+ !u->job && -+ !u->merged_into; - } - - pid_t unit_control_pid(Unit *u) { --- -2.33.0 - diff --git a/backport-meson.build-change-operator-combining-bools-from-to-.patch b/backport-meson.build-change-operator-combining-bools-from-to-.patch deleted file mode 100644 index 55fe2f5..0000000 --- a/backport-meson.build-change-operator-combining-bools-from-to-.patch +++ /dev/null @@ -1,35 +0,0 @@ -From c29537f39e4f413a6cbfe9669fa121bdd6d8b36f Mon Sep 17 00:00:00 2001 -From: Dan Streetman -Date: Fri, 3 Sep 2021 12:43:33 -0400 -Subject: [PATCH] meson.build: change operator combining bools from + to and - -upstream meson stopped allowing combining boolean with the plus -operator, and now requires using the logical and operator - -reference: -https://github.com/mesonbuild/meson/commit/43302d3296baff6aeaf8e03f5d701b0402e37a6c - -Fixes: #20632 - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c29537f39e4f413a6cbfe9669fa121bdd6d8b36f ---- - meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/meson.build b/meson.build -index 6e1a8b1e50..0fe996adba 100644 ---- a/meson.build -+++ b/meson.build -@@ -35,7 +35,7 @@ conf.set10('BUILD_MODE_DEVELOPER', get_option('mode') == 'developer', - - want_ossfuzz = get_option('oss-fuzz') - want_libfuzzer = get_option('llvm-fuzz') --if want_ossfuzz + want_libfuzzer > 1 -+if want_ossfuzz and want_libfuzzer - error('only one of oss-fuzz or llvm-fuzz can be specified') - endif - --- -2.33.0 - diff --git a/backport-missing-syscall-add-__NR_openat2.patch b/backport-missing-syscall-add-__NR_openat2.patch deleted file mode 100644 index ef7c146..0000000 --- a/backport-missing-syscall-add-__NR_openat2.patch +++ /dev/null @@ -1,107 +0,0 @@ -From 31f64a65423414bf1d11fc9035450e9b6256858c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 3 Jan 2022 03:44:50 +0900 -Subject: [PATCH] missing-syscall: add __NR_openat2 - -(cherry picked from commit d96ad9e8cb9fc8a9adfeebf69a645b809705daa0) -(cherry picked from commit cd88d010e862d26ce816eb3bd6735a80999ac41e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/31f64a65423414bf1d11fc9035450e9b6256858c ---- - src/basic/missing_syscall_def.h | 66 +++++++++++++++++++++++++++++++++ - src/basic/missing_syscalls.py | 1 + - 2 files changed, 67 insertions(+) - -diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h -index 6a48c2a0c5..29dfd2e5fa 100644 ---- a/src/basic/missing_syscall_def.h -+++ b/src/basic/missing_syscall_def.h -@@ -679,6 +679,72 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree); - # endif - #endif - -+#ifndef __IGNORE_openat2 -+# if defined(__aarch64__) -+# define systemd_NR_openat2 437 -+# elif defined(__alpha__) -+# define systemd_NR_openat2 547 -+# elif defined(__arc__) || defined(__tilegx__) -+# define systemd_NR_openat2 437 -+# elif defined(__arm__) -+# define systemd_NR_openat2 437 -+# elif defined(__i386__) -+# define systemd_NR_openat2 437 -+# elif defined(__ia64__) -+# define systemd_NR_openat2 1461 -+# elif defined(__loongarch64) -+# define systemd_NR_openat2 437 -+# elif defined(__m68k__) -+# define systemd_NR_openat2 437 -+# elif defined(_MIPS_SIM) -+# if _MIPS_SIM == _MIPS_SIM_ABI32 -+# define systemd_NR_openat2 4437 -+# elif _MIPS_SIM == _MIPS_SIM_NABI32 -+# define systemd_NR_openat2 6437 -+# elif _MIPS_SIM == _MIPS_SIM_ABI64 -+# define systemd_NR_openat2 5437 -+# else -+# error "Unknown MIPS ABI" -+# endif -+# elif defined(__powerpc__) -+# define systemd_NR_openat2 437 -+# elif defined(__riscv) -+# if __riscv_xlen == 32 -+# define systemd_NR_openat2 437 -+# elif __riscv_xlen == 64 -+# define systemd_NR_openat2 437 -+# else -+# error "Unknown RISC-V ABI" -+# endif -+# elif defined(__s390__) -+# define systemd_NR_openat2 437 -+# elif defined(__sparc__) -+# define systemd_NR_openat2 437 -+# elif defined(__x86_64__) -+# if defined(__ILP32__) -+# define systemd_NR_openat2 (437 | /* __X32_SYSCALL_BIT */ 0x40000000) -+# else -+# define systemd_NR_openat2 437 -+# endif -+# elif !defined(missing_arch_template) -+# warning "openat2() syscall number is unknown for your architecture" -+# endif -+ -+/* may be an (invalid) negative number due to libseccomp, see PR 13319 */ -+# if defined __NR_openat2 && __NR_openat2 >= 0 -+# if defined systemd_NR_openat2 -+assert_cc(__NR_openat2 == systemd_NR_openat2); -+# endif -+# else -+# if defined __NR_openat2 -+# undef __NR_openat2 -+# endif -+# if defined systemd_NR_openat2 && systemd_NR_openat2 >= 0 -+# define __NR_openat2 systemd_NR_openat2 -+# endif -+# endif -+#endif -+ - #ifndef __IGNORE_pidfd_open - # if defined(__aarch64__) - # define systemd_NR_pidfd_open 434 -diff --git a/src/basic/missing_syscalls.py b/src/basic/missing_syscalls.py -index 19f9726d4e..dd458994f2 100644 ---- a/src/basic/missing_syscalls.py -+++ b/src/basic/missing_syscalls.py -@@ -16,6 +16,7 @@ SYSCALLS = [ - 'move_mount', - 'name_to_handle_at', - 'open_tree', -+ 'openat2', - 'pidfd_open', - 'pidfd_send_signal', - 'pkey_mprotect', --- -2.33.0 - diff --git a/backport-mkosi-Build-Fedora-35-images.patch b/backport-mkosi-Build-Fedora-35-images.patch deleted file mode 100644 index 748d1c2..0000000 --- a/backport-mkosi-Build-Fedora-35-images.patch +++ /dev/null @@ -1,29 +0,0 @@ -From e5c19733785558e6fc17f96e6c18219d46179a2d Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Thu, 9 Dec 2021 12:35:23 +0100 -Subject: [PATCH] mkosi: Build Fedora 35 images - -(cherry picked from commit 808b23ecf681c12493cbb84958e75ea300ebbeab) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e5c19733785558e6fc17f96e6c18219d46179a2d ---- - .mkosi/mkosi.fedora | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/.mkosi/mkosi.fedora b/.mkosi/mkosi.fedora -index cc3a5a2d1a..3e7462e477 100644 ---- a/.mkosi/mkosi.fedora -+++ b/.mkosi/mkosi.fedora -@@ -5,7 +5,7 @@ - - [Distribution] - Distribution=fedora --Release=34 -+Release=35 - - [Packages] - BuildPackages= --- -2.33.0 - diff --git a/backport-mkosi-Fix-openSUSE-Jinja2-package-name.patch b/backport-mkosi-Fix-openSUSE-Jinja2-package-name.patch deleted file mode 100644 index 1188a08..0000000 --- a/backport-mkosi-Fix-openSUSE-Jinja2-package-name.patch +++ /dev/null @@ -1,34 +0,0 @@ -From c135c18d0aedeb6043ea4e54a252b7d2452d0937 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20Koutn=C3=BD?= -Date: Thu, 10 Jun 2021 14:39:13 +0200 -Subject: [PATCH] mkosi: Fix openSUSE Jinja2 package name -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Dare to be different ¯\_(ツ)_/¯ - -(cherry picked from commit ed802c44da7918ba1c14944b711a20b14d9e0fd4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c135c18d0aedeb6043ea4e54a252b7d2452d0937 ---- - .mkosi/mkosi.opensuse | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/.mkosi/mkosi.opensuse b/.mkosi/mkosi.opensuse -index fdbbdeb1f8..7eb7b857ca 100644 ---- a/.mkosi/mkosi.opensuse -+++ b/.mkosi/mkosi.opensuse -@@ -36,7 +36,7 @@ BuildPackages= - pcre-devel - python3 - python3-lxml -- python3-jinja2 -+ python3-Jinja2 - qrencode-devel - system-user-nobody - systemd-sysvinit --- -2.33.0 - diff --git a/backport-mkosi-Remove-Arch-nspawn-workaround.patch b/backport-mkosi-Remove-Arch-nspawn-workaround.patch deleted file mode 100644 index bbc1d4c..0000000 --- a/backport-mkosi-Remove-Arch-nspawn-workaround.patch +++ /dev/null @@ -1,43 +0,0 @@ -From c24f4e86781d866894128a56fbc03f4302f737f6 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Fri, 25 Feb 2022 11:01:07 +0000 -Subject: [PATCH] mkosi: Remove Arch nspawn workaround - -This has been fixed so the workaround can be removed. - -(cherry picked from commit 6b2ab8fc5cc0f706b85cbd559e8dcf4e05d7687d) -(cherry picked from commit f0cc6d2f99b2510c57fa36ad7f28cc42c0b724b3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c24f4e86781d866894128a56fbc03f4302f737f6 ---- - .github/workflows/mkosi.yml | 13 ------------- - 1 file changed, 13 deletions(-) - -diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml -index 489eb01880..c8d572a4d8 100644 ---- a/.github/workflows/mkosi.yml -+++ b/.github/workflows/mkosi.yml -@@ -37,19 +37,6 @@ jobs: - - name: Symlink - run: ln -s .mkosi/mkosi.${{ matrix.distro }} mkosi.default - -- # Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is -- # required, since current Arch's glibc implements faccessat() via faccessat2(). -- - name: Update systemd-nspawn -- if: ${{ matrix.distro == 'arch' }} -- run: | -- echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list -- sudo apt update -- sudo apt build-dep systemd -- meson build -- ninja -C build -- sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn` -- systemd-nspawn --version -- - - name: Build ${{ matrix.distro }} - run: sudo python3 -m mkosi --password= --qemu-headless build - --- -2.33.0 - diff --git a/backport-mkosi-openSUSE-update-bootable-no-dependencies.patch b/backport-mkosi-openSUSE-update-bootable-no-dependencies.patch deleted file mode 100644 index 4e81ba4..0000000 --- a/backport-mkosi-openSUSE-update-bootable-no-dependencies.patch +++ /dev/null @@ -1,31 +0,0 @@ -From e4e572117b41f6e8152a30acc6f60a0385090137 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Michal=20Koutn=C3=BD?= -Date: Fri, 12 Feb 2021 18:11:18 +0100 -Subject: [PATCH] mkosi: openSUSE update --bootable=no dependencies - -Since we can build --bootable=no images without dracut->systemd, we need -to add systemd runtime dependencies explicitely. - -(cherry picked from commit f2bb8857cd093eb9bd5e1dad6fb996a0a4463556) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e4e572117b41f6e8152a30acc6f60a0385090137 ---- - .mkosi/mkosi.opensuse | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/.mkosi/mkosi.opensuse b/.mkosi/mkosi.opensuse -index b468433f34..fdbbdeb1f8 100644 ---- a/.mkosi/mkosi.opensuse -+++ b/.mkosi/mkosi.opensuse -@@ -60,6 +60,7 @@ Packages= - libapparmor1 - libcrypt1 - libcryptsetup12 -+ libgcrypt20 - libkmod2 - liblz4-1 - libmount1 --- -2.33.0 - diff --git a/backport-mmap-cache-LIST_REMOVE-after-w-unused_prev.patch b/backport-mmap-cache-LIST_REMOVE-after-w-unused_prev.patch deleted file mode 100644 index 4bd7350..0000000 --- a/backport-mmap-cache-LIST_REMOVE-after-w-unused_prev.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 42ca0ab5082344004c0f26b2d6ec57b7a9d4ff03 Mon Sep 17 00:00:00 2001 -From: Vito Caputo -Date: Thu, 25 Nov 2021 07:05:06 -0800 -Subject: [PATCH] mmap-cache: LIST_REMOVE() *after* w->unused_prev - -The LIST_REMOVE() macro always assigns NULL to w->unused_prev, -meaning every time this window was in last_unused, the remainder -of the unused list was lost to the ether. - -Turns out there's been a memory leak in journald after all, this -code has been there since at least 2013... - -(cherry picked from commit b82aca89a5b366c4377b3b140e54313e817e8f57) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/42ca0ab5082344004c0f26b2d6ec57b7a9d4ff03 ---- - src/libsystemd/sd-journal/mmap-cache.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-journal/mmap-cache.c b/src/libsystemd/sd-journal/mmap-cache.c -index 9e0be01d41..02d2d721cf 100644 ---- a/src/libsystemd/sd-journal/mmap-cache.c -+++ b/src/libsystemd/sd-journal/mmap-cache.c -@@ -224,9 +224,9 @@ static void context_attach_window(Context *c, Window *w) { - - if (w->in_unused) { - /* Used again? */ -- LIST_REMOVE(unused, c->cache->unused, w); - if (c->cache->last_unused == w) - c->cache->last_unused = w->unused_prev; -+ LIST_REMOVE(unused, c->cache->unused, w); - - w->in_unused = false; - } --- -2.33.0 - diff --git a/backport-mount-util-fix-error-code.patch b/backport-mount-util-fix-error-code.patch deleted file mode 100644 index d4dc3b4..0000000 --- a/backport-mount-util-fix-error-code.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 561205a9c4fd0db341a93e227d249a6b6d03e2e1 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 4 Sep 2022 22:34:38 +0900 -Subject: [PATCH] mount-util: fix error code - -If multiple service is starting simultaneously with a shared image, -then one of the service may fail to create a mount node: - -systemd[695]: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... -systemd[696]: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... -systemd[695]: Failed to mount /usr/lib/os-release (type n/a) on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC ""): No such file or directory -systemd[696]: Failed to mount /usr/lib/os-release (type n/a) on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC ""): No such file or directory -systemd[695]: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... -systemd[696]: Failed to create destination mount point node '/run/systemd/unit-root/run/host/os-release': Operation not permitted -systemd[695]: Successfully mounted /usr/lib/os-release to /run/systemd/unit-root/run/host/os-release - -The function apply_one_mount() in src/core/namespace.c gracefully -handles -EEXIST from make_mount_point_inode_from_path(), but it erroneously -returned -EPERM previously. This fixes the issue. - -Fixes one of the issues in #24147, especially reported at -https://github.com/systemd/systemd/issues/24147#issuecomment-1236194671. - -(cherry picked from commit b6ca2b281eff254dce2293990360e799af806ad4) -(cherry picked from commit 24238be484e6d7633bc68c784f7b3180299a80d4) -(cherry picked from commit 260633c50b5da5522b714d7989a138ecd73febd6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/561205a9c4fd0db341a93e227d249a6b6d03e2e1 ---- - src/shared/mount-util.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c -index 26618bb113..199ff6163d 100644 ---- a/src/shared/mount-util.c -+++ b/src/shared/mount-util.c -@@ -1089,8 +1089,10 @@ int make_mount_point_inode_from_stat(const struct stat *st, const char *dest, mo - - if (S_ISDIR(st->st_mode)) - return mkdir_label(dest, mode); -+ else if (mknod(dest, S_IFREG|(mode & ~0111), 0) < 0) -+ return -errno; - else -- return mknod(dest, S_IFREG|(mode & ~0111), 0); -+ return 0; - } - - int make_mount_point_inode_from_path(const char *source, const char *dest, mode_t mode) { --- -2.27.0 - diff --git a/backport-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch b/backport-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch deleted file mode 100644 index acdfb33..0000000 --- a/backport-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch +++ /dev/null @@ -1,125 +0,0 @@ -From 8de173ff933510200ac3db77f1ae713f2c4acdc3 Mon Sep 17 00:00:00 2001 -From: Franck Bui -Date: Thu, 30 Sep 2021 14:05:36 +0200 -Subject: [PATCH] mount-util: fix fd_is_mount_point() when both the parent and - directory are network fs - -The second call to name_to_handle_at_loop() didn't check for the specific -errors that can happen when the parent dir is mounted by nfs and instead of -falling back like it's done for the child dir, fd_is_mount_point() failed in -this case. - -(cherry picked from commit 964ccab8286a7e75d7e9107f574f5cb23752bd5d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8de173ff933510200ac3db77f1ae713f2c4acdc3 ---- - src/basic/mountpoint-util.c | 68 ++++++++++++++++++++++--------------- - 1 file changed, 41 insertions(+), 27 deletions(-) - -diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c -index 8c836a1b74..e7a5a99551 100644 ---- a/src/basic/mountpoint-util.c -+++ b/src/basic/mountpoint-util.c -@@ -157,6 +157,19 @@ static bool filename_possibly_with_slash_suffix(const char *s) { - return filename_is_valid(copied); - } - -+static bool is_name_to_handle_at_fatal_error(int err) { -+ /* name_to_handle_at() can return "acceptable" errors that are due to the context. For -+ * example the kernel does not support name_to_handle_at() at all (ENOSYS), or the syscall -+ * was blocked (EACCES/EPERM; maybe through seccomp, because we are running inside of a -+ * container), or the mount point is not triggered yet (EOVERFLOW, think nfs4), or some -+ * general name_to_handle_at() flakiness (EINVAL). However other errors are not supposed to -+ * happen and therefore are considered fatal ones. */ -+ -+ assert(err < 0); -+ -+ return !IN_SET(err, -EOPNOTSUPP, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL); -+} -+ - int fd_is_mount_point(int fd, const char *filename, int flags) { - _cleanup_free_ struct file_handle *h = NULL, *h_parent = NULL; - int mount_id = -1, mount_id_parent = -1; -@@ -206,39 +219,40 @@ int fd_is_mount_point(int fd, const char *filename, int flags) { - return false; /* symlinks are never mount points */ - - r = name_to_handle_at_loop(fd, filename, &h, &mount_id, flags); -- if (IN_SET(r, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL)) -- /* This kernel does not support name_to_handle_at() at all (ENOSYS), or the syscall was blocked -- * (EACCES/EPERM; maybe through seccomp, because we are running inside of a container?), or the mount -- * point is not triggered yet (EOVERFLOW, think nfs4), or some general name_to_handle_at() flakiness -- * (EINVAL): fall back to simpler logic. */ -- goto fallback_fdinfo; -- else if (r == -EOPNOTSUPP) -- /* This kernel or file system does not support name_to_handle_at(), hence let's see if the upper fs -- * supports it (in which case it is a mount point), otherwise fall back to the traditional stat() -- * logic */ -+ if (r < 0) { -+ if (is_name_to_handle_at_fatal_error(r)) -+ return r; -+ if (r != -EOPNOTSUPP) -+ goto fallback_fdinfo; -+ -+ /* This kernel or file system does not support name_to_handle_at(), hence let's see -+ * if the upper fs supports it (in which case it is a mount point), otherwise fall -+ * back to the traditional stat() logic */ - nosupp = true; -- else if (r < 0) -- return r; -+ } - - r = name_to_handle_at_loop(fd, "", &h_parent, &mount_id_parent, AT_EMPTY_PATH); -- if (r == -EOPNOTSUPP) { -+ if (r < 0) { -+ if (is_name_to_handle_at_fatal_error(r)) -+ return r; -+ if (r != -EOPNOTSUPP) -+ goto fallback_fdinfo; - if (nosupp) -- /* Neither parent nor child do name_to_handle_at()? We have no choice but to fall back. */ -+ /* Both the parent and the directory can't do name_to_handle_at() */ - goto fallback_fdinfo; -- else -- /* The parent can't do name_to_handle_at() but the directory we are interested in can? If so, -- * it must be a mount point. */ -- return 1; -- } else if (r < 0) -- return r; - -- /* The parent can do name_to_handle_at() but the directory we are interested in can't? If so, it must -- * be a mount point. */ -+ /* The parent can't do name_to_handle_at() but the directory we are -+ * interested in can? If so, it must be a mount point. */ -+ return 1; -+ } -+ -+ /* The parent can do name_to_handle_at() but the directory we are interested in can't? If -+ * so, it must be a mount point. */ - if (nosupp) - return 1; - -- /* If the file handle for the directory we are interested in and its parent are identical, we assume -- * this is the root directory, which is a mount point. */ -+ /* If the file handle for the directory we are interested in and its parent are identical, -+ * we assume this is the root directory, which is a mount point. */ - - if (h->handle_bytes == h_parent->handle_bytes && - h->handle_type == h_parent->handle_type && -@@ -338,10 +352,10 @@ int path_get_mnt_id(const char *path, int *ret) { - } - - r = name_to_handle_at_loop(AT_FDCWD, path, NULL, ret, 0); -- if (IN_SET(r, -EOPNOTSUPP, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL)) /* kernel/fs don't support this, or seccomp blocks access, or untriggered mount, or name_to_handle_at() is flaky */ -- return fd_fdinfo_mnt_id(AT_FDCWD, path, 0, ret); -+ if (r == 0 || is_name_to_handle_at_fatal_error(r)) -+ return r; - -- return r; -+ return fd_fdinfo_mnt_id(AT_FDCWD, path, 0, ret); - } - - bool fstype_is_network(const char *fstype) { --- -2.33.0 - diff --git a/backport-namespace-allow-ProcSubset-pid-with-some-ProtectKern.patch b/backport-namespace-allow-ProcSubset-pid-with-some-ProtectKern.patch deleted file mode 100644 index 7175d71..0000000 --- a/backport-namespace-allow-ProcSubset-pid-with-some-ProtectKern.patch +++ /dev/null @@ -1,116 +0,0 @@ -From c789d2f457d2e160d00760aa3ecfd6883c64cf5f Mon Sep 17 00:00:00 2001 -From: Topi Miettinen -Date: Sat, 27 Nov 2021 12:51:39 +0200 -Subject: [PATCH] namespace: allow ProcSubset=pid with some ProtectKernel - options - -In case `/proc` is successfully mounted with pid tree subset only due to -`ProcSubset=pid`, the protective mounts for `ProtectKernelTunables=yes` and -`ProtectKernelLogs=yes` to non-pid `/proc` paths are failing because the paths -don't exist. But the pid only option may have failed gracefully (for example -because of ancient kernel), so let's try the mounts but it's not fatal if they -don't succeed. - -(cherry picked from commit 788e720181aead8c85ba30fc7ec9a1455a865cbe) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c789d2f457d2e160d00760aa3ecfd6883c64cf5f ---- - src/core/namespace.c | 42 ++++++++++++++++++++++++++++++++++-------- - 1 file changed, 34 insertions(+), 8 deletions(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index 9251871384..b933d46cf6 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -101,7 +101,7 @@ static const MountEntry apivfs_table[] = { - }; - - /* ProtectKernelTunables= option and the related filesystem APIs */ --static const MountEntry protect_kernel_tunables_table[] = { -+static const MountEntry protect_kernel_tunables_proc_table[] = { - { "/proc/acpi", READONLY, true }, - { "/proc/apm", READONLY, true }, /* Obsolete API, there's no point in permitting access to this, ever */ - { "/proc/asound", READONLY, true }, -@@ -116,6 +116,9 @@ static const MountEntry protect_kernel_tunables_table[] = { - { "/proc/sys", READONLY, true }, - { "/proc/sysrq-trigger", READONLY, true }, - { "/proc/timer_stats", READONLY, true }, -+}; -+ -+static const MountEntry protect_kernel_tunables_sys_table[] = { - { "/sys", READONLY, false }, - { "/sys/fs/bpf", READONLY, true }, - { "/sys/fs/cgroup", READWRITE_IMPLICIT, false }, /* READONLY is set by ProtectControlGroups= option */ -@@ -133,8 +136,11 @@ static const MountEntry protect_kernel_modules_table[] = { - }; - - /* ProtectKernelLogs= option */ --static const MountEntry protect_kernel_logs_table[] = { -+static const MountEntry protect_kernel_logs_proc_table[] = { - { "/proc/kmsg", INACCESSIBLE, true }, -+}; -+ -+static const MountEntry protect_kernel_logs_dev_table[] = { - { "/dev/kmsg", INACCESSIBLE, true }, - }; - -@@ -1554,9 +1560,11 @@ static size_t namespace_calculate_mounts( - (n_extension_images > 0 ? n_hierarchies + n_extension_images : 0) + /* Mount each image plus an overlay per hierarchy */ - n_temporary_filesystems + - ns_info->private_dev + -- (ns_info->protect_kernel_tunables ? ELEMENTSOF(protect_kernel_tunables_table) : 0) + -+ (ns_info->protect_kernel_tunables ? -+ ELEMENTSOF(protect_kernel_tunables_proc_table) + ELEMENTSOF(protect_kernel_tunables_sys_table) : 0) + - (ns_info->protect_kernel_modules ? ELEMENTSOF(protect_kernel_modules_table) : 0) + -- (ns_info->protect_kernel_logs ? ELEMENTSOF(protect_kernel_logs_table) : 0) + -+ (ns_info->protect_kernel_logs ? -+ ELEMENTSOF(protect_kernel_logs_proc_table) + ELEMENTSOF(protect_kernel_logs_dev_table) : 0) + - (ns_info->protect_control_groups ? 1 : 0) + - protect_home_cnt + protect_system_cnt + - (ns_info->protect_hostname ? 2 : 0) + -@@ -2037,10 +2045,21 @@ int setup_namespace( - .flags = DEV_MOUNT_OPTIONS, - }; - -+ /* In case /proc is successfully mounted with pid tree subset only (ProcSubset=pid), the -+ protective mounts to non-pid /proc paths would fail. But the pid only option may have -+ failed gracefully, so let's try the mounts but it's not fatal if they don't succeed. */ -+ bool ignore_protect_proc = ns_info->ignore_protect_paths || ns_info->proc_subset == PROC_SUBSET_PID; - if (ns_info->protect_kernel_tunables) { - r = append_static_mounts(&m, -- protect_kernel_tunables_table, -- ELEMENTSOF(protect_kernel_tunables_table), -+ protect_kernel_tunables_proc_table, -+ ELEMENTSOF(protect_kernel_tunables_proc_table), -+ ignore_protect_proc); -+ if (r < 0) -+ goto finish; -+ -+ r = append_static_mounts(&m, -+ protect_kernel_tunables_sys_table, -+ ELEMENTSOF(protect_kernel_tunables_sys_table), - ns_info->ignore_protect_paths); - if (r < 0) - goto finish; -@@ -2057,8 +2076,15 @@ int setup_namespace( - - if (ns_info->protect_kernel_logs) { - r = append_static_mounts(&m, -- protect_kernel_logs_table, -- ELEMENTSOF(protect_kernel_logs_table), -+ protect_kernel_logs_proc_table, -+ ELEMENTSOF(protect_kernel_logs_proc_table), -+ ignore_protect_proc); -+ if (r < 0) -+ goto finish; -+ -+ r = append_static_mounts(&m, -+ protect_kernel_logs_dev_table, -+ ELEMENTSOF(protect_kernel_logs_dev_table), - ns_info->ignore_protect_paths); - if (r < 0) - goto finish; --- -2.33.0 - diff --git a/backport-namespace-make-tmp-dir-handling-code-independent-of-.patch b/backport-namespace-make-tmp-dir-handling-code-independent-of-.patch deleted file mode 100644 index 581e66a..0000000 --- a/backport-namespace-make-tmp-dir-handling-code-independent-of-.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 78858632566c30d2299bcdbd6efe3cbd1cc99d5a Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 12 Nov 2021 11:16:02 +0100 -Subject: [PATCH] namespace: make tmp dir handling code independent of umask - too - -Let's make all code in namespace.c robust towards weird umask. This -doesn't matter too much given that the parent dirs we deal here almost -certainly exist anyway, but let's clean this up anyway and make it fully -clean. - -(cherry picked from commit 30443439274cc223583c6c57f7d9041e440e346f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/78858632566c30d2299bcdbd6efe3cbd1cc99d5a ---- - src/core/namespace.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index b10a53ad2e..9251871384 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -2466,7 +2466,8 @@ static int make_tmp_prefix(const char *prefix) { - if (errno != ENOENT) - return -errno; - -- r = mkdir_parents(prefix, 0755); -+ RUN_WITH_UMASK(000) -+ r = mkdir_parents(prefix, 0755); - if (r < 0) - return r; - -@@ -2474,7 +2475,8 @@ static int make_tmp_prefix(const char *prefix) { - if (r < 0) - return r; - -- if (mkdir(t, 0777) < 0) -+ if (mkdir(t, 0777) < 0) /* umask will corrupt this access mode, but that doesn't matter, we need to -+ * call chmod() anyway for the suid bit, below. */ - return -errno; - - if (chmod(t, 01777) < 0) { -@@ -2533,10 +2535,9 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch - if (!y) - return -ENOMEM; - -- RUN_WITH_UMASK(0000) { -+ RUN_WITH_UMASK(0000) - if (mkdir(y, 0777 | S_ISVTX) < 0) - return -errno; -- } - - r = label_fix_container(y, prefix, 0); - if (r < 0) -@@ -2548,7 +2549,8 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch - /* Trouble: we failed to create the directory. Instead of failing, let's simulate /tmp being - * read-only. This way the service will get the EROFS result as if it was writing to the real - * file system. */ -- r = mkdir_p(RUN_SYSTEMD_EMPTY, 0500); -+ RUN_WITH_UMASK(0000) -+ r = mkdir_p(RUN_SYSTEMD_EMPTY, 0500); - if (r < 0) - return r; - --- -2.33.0 - diff --git a/backport-namespace-make-whole-namespace_setup-work-regardless.patch b/backport-namespace-make-whole-namespace_setup-work-regardless.patch deleted file mode 100644 index 3631c59..0000000 --- a/backport-namespace-make-whole-namespace_setup-work-regardless.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 569ef9413c2ef3275b45458367342112e5d5f991 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 12 Nov 2021 11:11:27 +0100 -Subject: [PATCH] namespace: make whole namespace_setup() work regardless of - configured umask - -Let's reset the umask during the whole namespace_setup() logic, so that -all our mkdir() + mknod() are not subjected to whatever umask might -currently be set. - -This mostly moves the umask save/restore logic out of -mount_private_dev() and into the stack frame of namespace_setup() that -is further out. - -Fixes #19899 - -(cherry picked from commit cdf42f9bd40ff21a67d58b948efea055d56ad398) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/569ef9413c2ef3275b45458367342112e5d5f991 ---- - src/core/namespace.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index 233ee7be40..b10a53ad2e 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -852,13 +852,10 @@ static int mount_private_dev(MountEntry *m) { - char temporary_mount[] = "/tmp/namespace-dev-XXXXXX"; - const char *d, *dev = NULL, *devpts = NULL, *devshm = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL; - bool can_mknod = true; -- _cleanup_umask_ mode_t u; - int r; - - assert(m); - -- u = umask(0000); -- - if (!mkdtemp(temporary_mount)) - return log_debug_errno(errno, "Failed to create temporary directory '%s': %m", temporary_mount); - -@@ -1864,6 +1861,10 @@ int setup_namespace( - - assert(ns_info); - -+ /* Make sure that all mknod(), mkdir() calls we do are unaffected by the umask, and the access modes -+ * we configure take effect */ -+ BLOCK_WITH_UMASK(0000); -+ - if (!isempty(propagate_dir) && !isempty(incoming_dir)) - setup_propagate = true; - --- -2.33.0 - diff --git a/backport-namespace-rebreak-a-few-comments.patch b/backport-namespace-rebreak-a-few-comments.patch deleted file mode 100644 index dd72581..0000000 --- a/backport-namespace-rebreak-a-few-comments.patch +++ /dev/null @@ -1,92 +0,0 @@ -From bce7fb14df960aee57f0ad5c9c12a0d35c3e504e Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 12 Nov 2021 11:09:40 +0100 -Subject: [PATCH] namespace: rebreak a few comments - -(cherry picked from commit d73020f2420aa3f220481016829aaa2602abf081) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bce7fb14df960aee57f0ad5c9c12a0d35c3e504e ---- - src/core/namespace.c | 30 ++++++++++++++---------------- - 1 file changed, 14 insertions(+), 16 deletions(-) - -diff --git a/src/core/namespace.c b/src/core/namespace.c -index 982aeeac19..233ee7be40 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c -@@ -806,8 +806,7 @@ static int clone_device_node( - *make_devnode = false; - } - -- /* We're about to fall back to bind-mounting the device -- * node. So create a dummy bind-mount target. -+ /* We're about to fall back to bind-mounting the device node. So create a dummy bind-mount target. - * Do not prepare device-node SELinux label (see issue 13762) */ - r = mknod(dn, S_IFREG, 0); - if (r < 0 && errno != EEXIST) -@@ -930,10 +929,8 @@ static int mount_private_dev(MountEntry *m) { - if (r < 0) - log_debug_errno(r, "Failed to set up basic device tree at '%s', ignoring: %m", temporary_mount); - -- /* Create the /dev directory if missing. It is more likely to be -- * missing when the service is started with RootDirectory. This is -- * consistent with mount units creating the mount points when missing. -- */ -+ /* Create the /dev directory if missing. It is more likely to be missing when the service is started -+ * with RootDirectory. This is consistent with mount units creating the mount points when missing. */ - (void) mkdir_p_label(mount_entry_path(m), 0755); - - /* Unmount everything in old /dev */ -@@ -975,8 +972,8 @@ static int mount_bind_dev(const MountEntry *m) { - - assert(m); - -- /* Implements the little brother of mount_private_dev(): simply bind mounts the host's /dev into the service's -- * /dev. This is only used when RootDirectory= is set. */ -+ /* Implements the little brother of mount_private_dev(): simply bind mounts the host's /dev into the -+ * service's /dev. This is only used when RootDirectory= is set. */ - - (void) mkdir_p_label(mount_entry_path(m), 0755); - -@@ -1085,7 +1082,8 @@ static int mount_tmpfs(const MountEntry *m) { - entry_path = mount_entry_path(m); - inner_path = mount_entry_unprefixed_path(m); - -- /* First, get rid of everything that is below if there is anything. Then, overmount with our new tmpfs */ -+ /* First, get rid of everything that is below if there is anything. Then, overmount with our new -+ * tmpfs */ - - (void) mkdir_p_label(entry_path, 0755); - (void) umount_recursive(entry_path, 0); -@@ -1930,11 +1928,11 @@ int setup_namespace( - * we create it if it doesn't already exist. */ - (void) mkdir_p_label("/run/systemd", 0755); - -- /* Always create the mount namespace in a temporary directory, instead of operating -- * directly in the root. The temporary directory prevents any mounts from being -- * potentially obscured my other mounts we already applied. -- * We use the same mount point for all images, which is safe, since they all live -- * in their own namespaces after all, and hence won't see each other. */ -+ /* Always create the mount namespace in a temporary directory, instead of operating directly -+ * in the root. The temporary directory prevents any mounts from being potentially obscured -+ * my other mounts we already applied. We use the same mount point for all images, which is -+ * safe, since they all live in their own namespaces after all, and hence won't see each -+ * other. */ - - root = "/run/systemd/unit-root"; - (void) mkdir_label(root, 0700); -@@ -2198,8 +2196,8 @@ int setup_namespace( - (void) mkdir_p(propagate_dir, 0600); - - if (n_extension_images > 0) -- /* ExtensionImages mountpoint directories will be created -- * while parsing the mounts to create, so have the parent ready */ -+ /* ExtensionImages mountpoint directories will be created while parsing the mounts to create, -+ * so have the parent ready */ - (void) mkdir_p(extension_dir, 0600); - - /* Remount / as SLAVE so that nothing now mounted in the namespace --- -2.33.0 - diff --git a/backport-network-add-comments.patch b/backport-network-add-comments.patch deleted file mode 100644 index 1558354..0000000 --- a/backport-network-add-comments.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 7522b239b865f851e7834b53367dc196244e48fd Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 4 Aug 2021 13:52:52 +0900 -Subject: [PATCH] network: add comments - -(cherry picked from commit 17d808a8bf55471009f5e0e1ccb06b1ffccdfa1a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7522b239b865f851e7834b53367dc196244e48fd ---- - src/network/networkd-setlink.c | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) - -diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c -index a316a6c59b..fa1dd9b3ba 100644 ---- a/src/network/networkd-setlink.c -+++ b/src/network/networkd-setlink.c -@@ -106,7 +106,7 @@ on_error: - static int link_set_addrgen_mode_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { - int r; - -- r = set_link_handler_internal(rtnl, m, link, SET_LINK_ADDRESS_GENERATION_MODE, true, NULL); -+ r = set_link_handler_internal(rtnl, m, link, SET_LINK_ADDRESS_GENERATION_MODE, /* ignore = */ true, NULL); - if (r <= 0) - return r; - -@@ -120,31 +120,31 @@ static int link_set_addrgen_mode_handler(sd_netlink *rtnl, sd_netlink_message *m - } - - static int link_set_bond_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_BOND, false, NULL); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_BOND, /* ignore = */ false, NULL); - } - - static int link_set_bridge_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE, false, NULL); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE, /* ignore = */ false, NULL); - } - - static int link_set_bridge_vlan_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE_VLAN, false, NULL); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE_VLAN, /* ignore = */ false, NULL); - } - - static int link_set_can_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_CAN, false, NULL); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_CAN, /* ignore = */ false, NULL); - } - - static int link_set_flags_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_FLAGS, false, get_link_update_flag_handler); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_FLAGS, /* ignore = */ false, get_link_update_flag_handler); - } - - static int link_set_group_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_GROUP, false, NULL); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_GROUP, /* ignore = */ false, NULL); - } - - static int link_set_mac_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_MAC, true, get_link_default_handler); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_MAC, /* ignore = */ true, get_link_default_handler); - } - - static int link_set_mac_allow_retry_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -@@ -180,13 +180,13 @@ static int link_set_mac_allow_retry_handler(sd_netlink *rtnl, sd_netlink_message - } - - static int link_set_master_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_MASTER, false, get_link_master_handler); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_MASTER, /* ignore = */ false, get_link_master_handler); - } - - static int link_set_mtu_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { - int r; - -- r = set_link_handler_internal(rtnl, m, link, SET_LINK_MTU, true, get_link_default_handler); -+ r = set_link_handler_internal(rtnl, m, link, SET_LINK_MTU, /* ignore = */ true, get_link_default_handler); - if (r <= 0) - return r; - --- -2.33.0 - diff --git a/backport-network-address-read-flags-from-message-header-when-.patch b/backport-network-address-read-flags-from-message-header-when-.patch deleted file mode 100644 index d47827e..0000000 --- a/backport-network-address-read-flags-from-message-header-when-.patch +++ /dev/null @@ -1,40 +0,0 @@ -From a6c264cbd6fc8c10c905ee2c1cd22717247c3c25 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 8 Dec 2021 05:35:37 +0900 -Subject: [PATCH] network: address: read flags from message header when - IFA_FLAGS is not supported by kernel - -Follow-up for 0828a38605975b68c14c9194a1ee2c5c2ff7038f. - -Fixes #21670. - -(cherry picked from commit 8ed68422e1bafc84afe524bc5020d343bc6163ca) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a6c264cbd6fc8c10c905ee2c1cd22717247c3c25 ---- - src/network/networkd-address.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c -index 7b221516d7..bfc2e19bee 100644 ---- a/src/network/networkd-address.c -+++ b/src/network/networkd-address.c -@@ -1368,6 +1368,14 @@ int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, - } - - r = sd_netlink_message_read_u32(message, IFA_FLAGS, &tmp->flags); -+ if (r == -ENODATA) { -+ unsigned char flags; -+ -+ /* For old kernels. */ -+ r = sd_rtnl_message_addr_get_flags(message, &flags); -+ if (r >= 0) -+ tmp->flags = flags; -+ } - if (r < 0) { - log_link_warning_errno(link, r, "rtnl: received address message without flags, ignoring: %m"); - return 0; --- -2.33.0 - diff --git a/backport-network-allow-users-to-forbid-passthru-MACVLAN-from-.patch b/backport-network-allow-users-to-forbid-passthru-MACVLAN-from-.patch deleted file mode 100644 index 06bef70..0000000 --- a/backport-network-allow-users-to-forbid-passthru-MACVLAN-from-.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 1d1b7de63902e5fa8d1ba900e9bf608e2ccd2b23 Mon Sep 17 00:00:00 2001 -From: Tom Yan -Date: Mon, 16 Aug 2021 18:00:42 +0800 -Subject: [PATCH] network: allow users to forbid passthru MACVLAN from putting - its link into promiscuous mode - -While we haven't implemented a key for users to set MACVLAN/MACVTAP flags, -we can at least allow them to make use of the Promiscuous= key of -the corresponding link to set the nopromisc flag. - -(cherry picked from commit 17a6a4ae2e7104a1105a0cef0ba049799f3ef6bc) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1d1b7de63902e5fa8d1ba900e9bf608e2ccd2b23 ---- - src/network/netdev/macvlan.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/src/network/netdev/macvlan.c b/src/network/netdev/macvlan.c -index 46b0826148..9d037c2f36 100644 ---- a/src/network/netdev/macvlan.c -+++ b/src/network/netdev/macvlan.c -@@ -5,6 +5,7 @@ - #include "conf-parser.h" - #include "macvlan.h" - #include "macvlan-util.h" -+#include "networkd-network.h" - #include "parse-util.h" - - DEFINE_CONFIG_PARSE_ENUM(config_parse_macvlan_mode, macvlan_mode, MacVlanMode, "Failed to parse macvlan mode"); -@@ -16,6 +17,7 @@ static int netdev_macvlan_fill_message_create(NetDev *netdev, Link *link, sd_net - assert(netdev); - assert(link); - assert(netdev->ifname); -+ assert(link->network); - - if (netdev->kind == NETDEV_KIND_MACVLAN) - m = MACVLAN(netdev); -@@ -52,6 +54,13 @@ static int netdev_macvlan_fill_message_create(NetDev *netdev, Link *link, sd_net - return log_netdev_error_errno(netdev, r, "Could not append IFLA_MACVLAN_MODE attribute: %m"); - } - -+ /* set the nopromisc flag if Promiscuous= of the link is explicitly set to false */ -+ if (m->mode == NETDEV_MACVLAN_MODE_PASSTHRU && link->network->promiscuous == 0) { -+ r = sd_netlink_message_append_u16(req, IFLA_MACVLAN_FLAGS, MACVLAN_FLAG_NOPROMISC); -+ if (r < 0) -+ return log_netdev_error_errno(netdev, r, "Could not append IFLA_MACVLAN_FLAGS attribute: %m"); -+ } -+ - if (m->bc_queue_length != UINT32_MAX) { - r = sd_netlink_message_append_u32(req, IFLA_MACVLAN_BC_QUEUE_LEN, m->bc_queue_length); - if (r < 0) --- -2.33.0 - diff --git a/backport-network-also-check-addresses-when-determine-a-gatewa.patch b/backport-network-also-check-addresses-when-determine-a-gatewa.patch deleted file mode 100644 index b42298b..0000000 --- a/backport-network-also-check-addresses-when-determine-a-gatewa.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 2f599380f1ab1ee5fe3f7b02926ae2dd642bed9b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 12 Jul 2021 15:46:44 +0900 -Subject: [PATCH] network: also check addresses when determine a gateway - address is reachable or not - -Fixes #20201. - -(cherry picked from commit 11046cea1414c70b5d7aab37ea88d5a839cbd209) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2f599380f1ab1ee5fe3f7b02926ae2dd642bed9b ---- - src/network/networkd-route.c | 34 ++++++++++++++++++++++++++++++++++ - 1 file changed, 34 insertions(+) - -diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c -index 77a93beca9..068915616e 100644 ---- a/src/network/networkd-route.c -+++ b/src/network/networkd-route.c -@@ -746,6 +746,26 @@ static bool route_address_is_reachable(const Route *route, int family, const uni - FAMILY_ADDRESS_SIZE(family) * 8) > 0; - } - -+static bool prefix_route_address_is_reachable(const Address *a, int family, const union in_addr_union *address) { -+ assert(a); -+ assert(IN_SET(family, AF_INET, AF_INET6)); -+ assert(address); -+ -+ if (a->family != family) -+ return false; -+ if (FLAGS_SET(a->flags, IFA_F_NOPREFIXROUTE)) -+ return false; -+ if (in_addr_is_set(a->family, &a->in_addr_peer)) -+ return false; -+ -+ return in_addr_prefix_intersect( -+ family, -+ &a->in_addr, -+ a->prefixlen, -+ address, -+ FAMILY_ADDRESS_SIZE(family) * 8) > 0; -+} -+ - bool manager_address_is_reachable(Manager *manager, int family, const union in_addr_union *address) { - Link *link; - -@@ -764,6 +784,20 @@ bool manager_address_is_reachable(Manager *manager, int family, const union in_a - return true; - } - -+ /* If we do not manage foreign routes, then there may exist a prefix route we do not know, -+ * which was created on configuring an address. Hence, also check the addresses. */ -+ if (!manager->manage_foreign_routes) -+ HASHMAP_FOREACH(link, manager->links_by_index) { -+ Address *a; -+ -+ SET_FOREACH(a, link->addresses) -+ if (prefix_route_address_is_reachable(a, family, address)) -+ return true; -+ SET_FOREACH(a, link->addresses_foreign) -+ if (prefix_route_address_is_reachable(a, family, address)) -+ return true; -+ } -+ - return false; - } - --- -2.33.0 - diff --git a/backport-network-bridge-fix-endian-of-vlan-protocol.patch b/backport-network-bridge-fix-endian-of-vlan-protocol.patch deleted file mode 100644 index 59cdde4..0000000 --- a/backport-network-bridge-fix-endian-of-vlan-protocol.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 7b9aa956fbf9fc342a4e35fbcf90e7083cccbf6c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 10 Feb 2022 17:47:14 +0900 -Subject: [PATCH] network: bridge: fix endian of vlan protocol - -Fixes #22469. - -(cherry picked from commit 6eb35be8e0fa5f1f00dddd558cf4dc3642d9e53e) -(cherry picked from commit 514a4c051ce6cceaa5417a2044e708bd5105131d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7b9aa956fbf9fc342a4e35fbcf90e7083cccbf6c ---- - src/network/netdev/bridge.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/network/netdev/bridge.c b/src/network/netdev/bridge.c -index 99fb9e1c3c..b9a0136843 100644 ---- a/src/network/netdev/bridge.c -+++ b/src/network/netdev/bridge.c -@@ -126,7 +126,7 @@ static int netdev_bridge_post_create(NetDev *netdev, Link *link, sd_netlink_mess - } - - if (b->vlan_protocol >= 0) { -- r = sd_netlink_message_append_u16(req, IFLA_BR_VLAN_PROTOCOL, b->vlan_protocol); -+ r = sd_netlink_message_append_u16(req, IFLA_BR_VLAN_PROTOCOL, htobe16(b->vlan_protocol)); - if (r < 0) - return log_netdev_error_errno(netdev, r, "Could not append IFLA_BR_VLAN_PROTOCOL attribute: %m"); - } --- -2.33.0 - diff --git a/backport-network-check-the-received-interface-name-is-actuall.patch b/backport-network-check-the-received-interface-name-is-actuall.patch deleted file mode 100644 index b23ec35..0000000 --- a/backport-network-check-the-received-interface-name-is-actuall.patch +++ /dev/null @@ -1,71 +0,0 @@ -From d2895063305712cd9e5d7f4361f9343bf3b3f00b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 12 Jul 2021 21:23:41 +0900 -Subject: [PATCH] network: check the received interface name is actually new - -For some reasons I do not know, on interface renaming, kernel once send -netlink message with old interface name, and then send with new name. -If eth0 is renamed, and then new interface appears as eth0, then the -message with the old name 'eth0' makes the interface enters failed -state. - -To ignore such invalid(?) rename event messages, let's confirm the -received interface name. - -Fixes #20203. - -(cherry picked from commit 176b8be10ffce2f8c1fc931a37904a528057016f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d2895063305712cd9e5d7f4361f9343bf3b3f00b ---- - src/network/networkd-link.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c -index 9421ce1aa6..d58b700050 100644 ---- a/src/network/networkd-link.c -+++ b/src/network/networkd-link.c -@@ -1,5 +1,6 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - -+#include - #include - #include - #include -@@ -21,6 +22,7 @@ - #include "ethtool-util.h" - #include "fd-util.h" - #include "fileio.h" -+#include "format-util.h" - #include "fs-util.h" - #include "ipvlan.h" - #include "missing_network.h" -@@ -2161,6 +2163,7 @@ static int link_update_alternative_names(Link *link, sd_netlink_message *message - } - - static int link_update_name(Link *link, sd_netlink_message *message) { -+ char ifname_from_index[IF_NAMESIZE + 1]; - const char *ifname; - int r; - -@@ -2177,6 +2180,16 @@ static int link_update_name(Link *link, sd_netlink_message *message) { - if (streq(ifname, link->ifname)) - return 0; - -+ if (!format_ifname(link->ifindex, ifname_from_index)) -+ return log_link_debug_errno(link, SYNTHETIC_ERRNO(ENXIO), "Could not get interface name for index %i.", link->ifindex); -+ -+ if (!streq(ifname, ifname_from_index)) { -+ log_link_debug(link, "New interface name '%s' received from the kernel does not correspond " -+ "with the name currently configured on the actual interface '%s'. Ignoring.", -+ ifname, ifname_from_index); -+ return 0; -+ } -+ - log_link_info(link, "Interface name change detected, renamed to %s.", ifname); - - hashmap_remove(link->manager->links_by_name, link->ifname); --- -2.33.0 - diff --git a/backport-network-configure-address-with-requested-lifetime.patch b/backport-network-configure-address-with-requested-lifetime.patch deleted file mode 100644 index 9489fae..0000000 --- a/backport-network-configure-address-with-requested-lifetime.patch +++ /dev/null @@ -1,50 +0,0 @@ -From d18f1ad555a0b0b03fe8eb176f763b50a1aab215 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 19 Jul 2021 15:18:37 +0900 -Subject: [PATCH] network: configure address with requested lifetime - -When assigning the same address provided by a dynamic addressing -protocol, the new lifetime is stored on Request::Address, but not -Address object in Link object, which can be obtained by address_get(). -So, we need to configure address with Address object in Request. - -Fixes #20245. - -(cherry picked from commit 2d302d88e4dfd48b18486c5ce2c7dfeb229a1b0a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d18f1ad555a0b0b03fe8eb176f763b50a1aab215 ---- - src/network/networkd-address.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c -index 6b2230b725..7b221516d7 100644 ---- a/src/network/networkd-address.c -+++ b/src/network/networkd-address.c -@@ -1272,17 +1272,17 @@ int request_process_address(Request *req) { - if (r <= 0) - return r; - -- r = address_get(link, req->address, &a); -- if (r < 0) -- return r; -- -- r = address_configure(a, link, req->netlink_handler); -+ r = address_configure(req->address, link, req->netlink_handler); - if (r < 0) - return r; - - /* To prevent a double decrement on failure in after_configure(). */ - req->message_counter = NULL; - -+ r = address_get(link, req->address, &a); -+ if (r < 0) -+ return r; -+ - if (req->after_configure) { - r = req->after_configure(req, a); - if (r < 0) --- -2.33.0 - diff --git a/backport-network-disable-event-sources-before-unref-them.patch b/backport-network-disable-event-sources-before-unref-them.patch deleted file mode 100644 index e084d88..0000000 --- a/backport-network-disable-event-sources-before-unref-them.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 847168ed320e9ff14ed95dbde0a1f392acbe4a44 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 24 Sep 2021 17:26:10 +0900 -Subject: [PATCH] network: disable event sources before unref them - -(cherry picked from commit d105befc976ad704d3b17b3a5ee1b659a5f624d4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/847168ed320e9ff14ed95dbde0a1f392acbe4a44 ---- - src/network/networkd-lldp-tx.c | 2 +- - src/network/networkd-route.c | 6 +++--- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/network/networkd-lldp-tx.c b/src/network/networkd-lldp-tx.c -index 45a087b301..82a403fe21 100644 ---- a/src/network/networkd-lldp-tx.c -+++ b/src/network/networkd-lldp-tx.c -@@ -413,7 +413,7 @@ int link_lldp_emit_start(Link *link) { - void link_lldp_emit_stop(Link *link) { - assert(link); - -- link->lldp_emit_event_source = sd_event_source_unref(link->lldp_emit_event_source); -+ link->lldp_emit_event_source = sd_event_source_disable_unref(link->lldp_emit_event_source); - } - - int config_parse_lldp_mud( -diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c -index b7852f6eec..791fd64c39 100644 ---- a/src/network/networkd-route.c -+++ b/src/network/networkd-route.c -@@ -290,7 +290,7 @@ Route *route_free(Route *route) { - - ordered_set_free_with_destructor(route->multipath_routes, multipath_route_free); - -- sd_event_source_unref(route->expire); -+ sd_event_source_disable_unref(route->expire); - - return mfree(route); - } -@@ -1273,7 +1273,7 @@ static int route_expire_handler(sd_event_source *s, uint64_t usec, void *userdat - } - - static int route_add_and_setup_timer_one(Link *link, const Route *route, const MultipathRoute *m, const NextHop *nh, uint8_t nh_weight, Route **ret) { -- _cleanup_(sd_event_source_unrefp) sd_event_source *expire = NULL; -+ _cleanup_(sd_event_source_disable_unrefp) sd_event_source *expire = NULL; - Route *nr; - int r; - -@@ -1311,7 +1311,7 @@ static int route_add_and_setup_timer_one(Link *link, const Route *route, const M - return log_link_error_errno(link, r, "Could not arm expiration timer: %m"); - } - -- sd_event_source_unref(nr->expire); -+ sd_event_source_disable_unref(nr->expire); - nr->expire = TAKE_PTR(expire); - - *ret = nr; --- -2.33.0 - diff --git a/backport-network-do-not-assume-the-highest-priority-when-Prio.patch b/backport-network-do-not-assume-the-highest-priority-when-Prio.patch deleted file mode 100644 index b7059d9..0000000 --- a/backport-network-do-not-assume-the-highest-priority-when-Prio.patch +++ /dev/null @@ -1,292 +0,0 @@ -From c5ff3ea39882609b307c4a9925d1c17413d17dfc Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 17 Aug 2021 14:03:19 +0900 -Subject: [PATCH] network: do not assume the highest priority when Priority= is - unspecified - -Previously, when Priority= is unspecified, networkd configured the rule with -the highest (=0) priority. This commit makes networkd distinguish the case -the setting is unspecified and one explicitly specified as Priority=0. - -Note. -1) If the priority is unspecified on configure, then kernel dynamically picks - a priority for the rule. -2) The new behavior is consistent with 'ip rule' command. - -Replaces #15606. - -(cherry picked from commit c4f7a347566b8926382029593b4d9957fef2564c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c5ff3ea39882609b307c4a9925d1c17413d17dfc ---- - man/systemd.network.xml | 4 +- - src/network/networkd-routing-policy-rule.c | 120 +++++++++++++++++--- - src/network/networkd-routing-policy-rule.h | 1 + - test/test-network/systemd-networkd-tests.py | 2 +- - 4 files changed, 110 insertions(+), 17 deletions(-) - -diff --git a/man/systemd.network.xml b/man/systemd.network.xml -index 3b7680eb8b..9de9816ced 100644 ---- a/man/systemd.network.xml -+++ b/man/systemd.network.xml -@@ -1238,7 +1238,9 @@ IPv6Token=prefixstable:2002:da8:1:: - Priority= - - Specifies the priority of this rule. Priority= is an unsigned -- integer. Higher number means lower priority, and rules get processed in order of increasing number. -+ integer in the range 0…4294967295. Higher number means lower priority, and rules get -+ processed in order of increasing number. Defaults to unset, and the kernel will pick -+ a value dynamically. - - - -diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c -index af7e8a973c..03ccbd8e85 100644 ---- a/src/network/networkd-routing-policy-rule.c -+++ b/src/network/networkd-routing-policy-rule.c -@@ -163,7 +163,9 @@ void routing_policy_rule_hash_func(const RoutingPolicyRule *rule, struct siphash - siphash24_compress(&rule->type, sizeof(rule->type), state); - siphash24_compress(&rule->fwmark, sizeof(rule->fwmark), state); - siphash24_compress(&rule->fwmask, sizeof(rule->fwmask), state); -- siphash24_compress(&rule->priority, sizeof(rule->priority), state); -+ siphash24_compress_boolean(rule->priority_set, state); -+ if (rule->priority_set) -+ siphash24_compress(&rule->priority, sizeof(rule->priority), state); - siphash24_compress(&rule->table, sizeof(rule->table), state); - siphash24_compress(&rule->suppress_prefixlen, sizeof(rule->suppress_prefixlen), state); - -@@ -229,10 +231,16 @@ int routing_policy_rule_compare_func(const RoutingPolicyRule *a, const RoutingPo - if (r != 0) - return r; - -- r = CMP(a->priority, b->priority); -+ r = CMP(a->priority_set, b->priority_set); - if (r != 0) - return r; - -+ if (a->priority_set) { -+ r = CMP(a->priority, b->priority); -+ if (r != 0) -+ return r; -+ } -+ - r = CMP(a->table, b->table); - if (r != 0) - return r; -@@ -293,8 +301,9 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( - routing_policy_rule_compare_func, - routing_policy_rule_free); - --static int routing_policy_rule_get(Manager *m, const RoutingPolicyRule *rule, RoutingPolicyRule **ret) { -+static int routing_policy_rule_get(Manager *m, const RoutingPolicyRule *rule, bool require_priority, RoutingPolicyRule **ret) { - RoutingPolicyRule *existing; -+ int r; - - assert(m); - -@@ -312,6 +321,23 @@ static int routing_policy_rule_get(Manager *m, const RoutingPolicyRule *rule, Ro - return 0; - } - -+ if (!require_priority && rule->priority_set) { -+ _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *tmp = NULL; -+ -+ r = routing_policy_rule_dup(rule, &tmp); -+ if (r < 0) -+ return r; -+ -+ tmp->priority_set = false; -+ -+ existing = set_get(m->rules, tmp); -+ if (existing) { -+ if (ret) -+ *ret = existing; -+ return 1; -+ } -+ } -+ - return -ENOENT; - } - -@@ -328,7 +354,7 @@ static int routing_policy_rule_add(Manager *m, const RoutingPolicyRule *in, Rout - if (r < 0) - return r; - -- r = routing_policy_rule_get(m, rule, &existing); -+ r = routing_policy_rule_get(m, rule, true, &existing); - if (r == -ENOENT) { - /* Rule does not exist, use a new one. */ - r = set_ensure_put(&m->rules, &routing_policy_rule_hash_ops, rule); -@@ -371,6 +397,32 @@ static int routing_policy_rule_consume_foreign(Manager *m, RoutingPolicyRule *ru - return 1; - } - -+static int routing_policy_rule_update_priority(RoutingPolicyRule *rule, uint32_t priority) { -+ int r; -+ -+ assert(rule); -+ assert(rule->manager); -+ -+ if (rule->priority_set) -+ return 0; -+ -+ if (!set_remove(rule->manager->rules, rule)) -+ return -ENOENT; -+ -+ rule->priority = priority; -+ rule->priority_set = true; -+ -+ r = set_put(rule->manager->rules, rule); -+ if (r <= 0) { -+ /* Undo */ -+ rule->priority_set = false; -+ assert_se(set_put(rule->manager->rules, rule) > 0); -+ return r == 0 ? -EEXIST : r; -+ } -+ -+ return 1; -+} -+ - static void log_routing_policy_rule_debug(const RoutingPolicyRule *rule, const char *str, const Link *link, const Manager *m) { - _cleanup_free_ char *from = NULL, *to = NULL, *table = NULL; - -@@ -422,9 +474,11 @@ static int routing_policy_rule_set_netlink_message(const RoutingPolicyRule *rule - return log_link_error_errno(link, r, "Could not set destination prefix length: %m"); - } - -- r = sd_netlink_message_append_u32(m, FRA_PRIORITY, rule->priority); -- if (r < 0) -- return log_link_error_errno(link, r, "Could not append FRA_PRIORITY attribute: %m"); -+ if (rule->priority_set) { -+ r = sd_netlink_message_append_u32(m, FRA_PRIORITY, rule->priority); -+ if (r < 0) -+ return log_link_error_errno(link, r, "Could not append FRA_PRIORITY attribute: %m"); -+ } - - if (rule->tos > 0) { - r = sd_rtnl_message_routing_policy_rule_set_tos(m, rule->tos); -@@ -662,6 +716,28 @@ int manager_drop_routing_policy_rules_internal(Manager *m, bool foreign, const L - continue; - } - -+ if (!foreign) { -+ _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *tmp = NULL; -+ -+ /* The rule may be configured without priority. Try to find without priority. */ -+ -+ k = routing_policy_rule_dup(rule, &tmp); -+ if (k < 0) { -+ if (r >= 0) -+ r = k; -+ continue; -+ } -+ -+ tmp->priority_set = false; -+ -+ k = links_have_routing_policy_rule(m, tmp, except); -+ if (k != 0) { -+ if (k < 0 && r >= 0) -+ r = k; -+ continue; -+ } -+ } -+ - k = routing_policy_rule_remove(rule, m); - if (k < 0 && r >= 0) - r = k; -@@ -821,11 +897,11 @@ int request_process_routing_policy_rule(Request *req) { - } - - static const RoutingPolicyRule kernel_rules[] = { -- { .family = AF_INET, .priority = 0, .table = RT_TABLE_LOCAL, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -- { .family = AF_INET, .priority = 32766, .table = RT_TABLE_MAIN, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -- { .family = AF_INET, .priority = 32767, .table = RT_TABLE_DEFAULT, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -- { .family = AF_INET6, .priority = 0, .table = RT_TABLE_LOCAL, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -- { .family = AF_INET6, .priority = 32766, .table = RT_TABLE_MAIN, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -+ { .family = AF_INET, .priority_set = true, .priority = 0, .table = RT_TABLE_LOCAL, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -+ { .family = AF_INET, .priority_set = true, .priority = 32766, .table = RT_TABLE_MAIN, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -+ { .family = AF_INET, .priority_set = true, .priority = 32767, .table = RT_TABLE_DEFAULT, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -+ { .family = AF_INET6, .priority_set = true, .priority = 0, .table = RT_TABLE_LOCAL, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, -+ { .family = AF_INET6, .priority_set = true, .priority = 32766, .table = RT_TABLE_MAIN, .type = FR_ACT_TO_TBL, .uid_range.start = UID_INVALID, .uid_range.end = UID_INVALID, .suppress_prefixlen = -1, }, - }; - - static bool routing_policy_rule_is_created_by_kernel(const RoutingPolicyRule *rule) { -@@ -936,6 +1012,9 @@ int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Man - log_warning_errno(r, "rtnl: could not get FRA_PRIORITY attribute, ignoring: %m"); - return 0; - } -+ /* The kernel does not send priority if priority is zero. So, the flag below must be always set -+ * even if the message does not contain FRA_PRIORITY. */ -+ tmp->priority_set = true; - - r = sd_netlink_message_read_u32(message, FRA_TABLE, &tmp->table); - if (r < 0 && r != -ENODATA) { -@@ -1027,13 +1106,16 @@ int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Man - * protocol of the received rule is RTPROT_KERNEL or RTPROT_STATIC. */ - tmp->protocol = routing_policy_rule_is_created_by_kernel(tmp) ? RTPROT_KERNEL : RTPROT_STATIC; - -- (void) routing_policy_rule_get(m, tmp, &rule); -+ (void) routing_policy_rule_get(m, tmp, false, &rule); - - switch (type) { - case RTM_NEWRULE: -- if (rule) -+ if (rule) { - log_routing_policy_rule_debug(tmp, "Received remembered", NULL, m); -- else if (!m->manage_foreign_routes) -+ r = routing_policy_rule_update_priority(rule, tmp->priority); -+ if (r < 0) -+ log_warning_errno(r, "Failed to update priority of remembered routing policy rule, ignoring: %m"); -+ } else if (!m->manage_foreign_routes) - log_routing_policy_rule_debug(tmp, "Ignoring received foreign", NULL, m); - else { - log_routing_policy_rule_debug(tmp, "Remembering foreign", NULL, m); -@@ -1155,11 +1237,19 @@ int config_parse_routing_policy_rule_priority( - if (r < 0) - return log_oom(); - -+ if (isempty(rvalue)) { -+ n->priority = 0; -+ n->priority_set = false; -+ TAKE_PTR(n); -+ return 0; -+ } -+ - r = safe_atou32(rvalue, &n->priority); - if (r < 0) { - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse RPDB rule priority, ignoring: %s", rvalue); - return 0; - } -+ n->priority_set = true; - - TAKE_PTR(n); - return 0; -diff --git a/src/network/networkd-routing-policy-rule.h b/src/network/networkd-routing-policy-rule.h -index aed37b00d2..557048c3f4 100644 ---- a/src/network/networkd-routing-policy-rule.h -+++ b/src/network/networkd-routing-policy-rule.h -@@ -20,6 +20,7 @@ typedef struct RoutingPolicyRule { - NetworkConfigSection *section; - - bool invert_rule; -+ bool priority_set; - - uint8_t tos; - uint8_t type; -diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py -index 0eb2fdf87e..4a2af0c500 100755 ---- a/test/test-network/systemd-networkd-tests.py -+++ b/test/test-network/systemd-networkd-tests.py -@@ -3644,7 +3644,7 @@ class NetworkdBridgeTests(unittest.TestCase, Utilities): - - output = check_output('ip rule list table 100') - print(output) -- self.assertIn('0: from all to 8.8.8.8 lookup 100', output) -+ self.assertIn('from all to 8.8.8.8 lookup 100', output) - - class NetworkdLLDPTests(unittest.TestCase, Utilities): - links = ['veth99'] --- -2.33.0 - diff --git a/backport-network-fix-configuring-of-CAN-devices.patch b/backport-network-fix-configuring-of-CAN-devices.patch deleted file mode 100644 index 0558913..0000000 --- a/backport-network-fix-configuring-of-CAN-devices.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 9bf50758426a3d8dd4b40e28c960e920d41444ba Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 12 Aug 2021 13:39:53 +0900 -Subject: [PATCH] network: fix configuring of CAN devices - -Fix a bug introduced by 7558f9e717381eef0ddc8ddfb5a754ea4b0f3e6c. - -Fixes #20428. - -(cherry picked from commit 1e8cce8f1e61e01db844d518b7051b6ce69867fd) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9bf50758426a3d8dd4b40e28c960e920d41444ba ---- - src/network/networkd-setlink.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c -index 10c312c480..13c4cedd10 100644 ---- a/src/network/networkd-setlink.c -+++ b/src/network/networkd-setlink.c -@@ -229,10 +229,14 @@ static int link_configure( - - log_link_debug(link, "Setting %s", set_link_operation_to_string(op)); - -- if (IN_SET(op, SET_LINK_BOND, SET_LINK_CAN)) { -+ if (op == SET_LINK_BOND) { - r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_NEWLINK, link->master_ifindex); - if (r < 0) - return log_link_debug_errno(link, r, "Could not allocate RTM_NEWLINK message: %m"); -+ } else if (op == SET_LINK_CAN) { -+ r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_NEWLINK, link->ifindex); -+ if (r < 0) -+ return log_link_debug_errno(link, r, "Could not allocate RTM_NEWLINK message: %m"); - } else { - r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_SETLINK, link->ifindex); - if (r < 0) --- -2.33.0 - diff --git a/backport-network-fix-handling-of-network-interface-renaming.patch b/backport-network-fix-handling-of-network-interface-renaming.patch deleted file mode 100644 index f7eddd0..0000000 --- a/backport-network-fix-handling-of-network-interface-renaming.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 6ee3390c978dca7a590a4c16d4d620984e60fa96 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 10 Sep 2021 08:09:56 +0900 -Subject: [PATCH] network: fix handling of network interface renaming - -Fixes #20657. - -(cherry picked from commit 160203e974945ce520fe8f569458634ef898c61c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6ee3390c978dca7a590a4c16d4d620984e60fa96 ---- - src/network/networkd-link.c | 14 +++++++++----- - 1 file changed, 9 insertions(+), 5 deletions(-) - -diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c -index d58b700050..20675f2306 100644 ---- a/src/network/networkd-link.c -+++ b/src/network/networkd-link.c -@@ -1404,17 +1404,21 @@ static int link_initialized(Link *link, sd_device *device) { - assert(link); - assert(device); - -- if (link->state != LINK_STATE_PENDING) -- return 0; -+ /* Always replace with the new sd_device object. As the sysname (and possibly other properties -+ * or sysattrs) may be outdated. */ -+ sd_device_ref(device); -+ sd_device_unref(link->sd_device); -+ link->sd_device = device; - -- if (link->sd_device) -+ /* Do not ignore unamanaged state case here. If an interface is renamed after being once -+ * configured, and the corresponding .network file has Name= in [Match] section, then the -+ * interface may be already in unmanaged state. See #20657. */ -+ if (!IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_UNMANAGED)) - return 0; - - log_link_debug(link, "udev initialized link"); - link_set_state(link, LINK_STATE_INITIALIZED); - -- link->sd_device = sd_device_ref(device); -- - /* udev has initialized the link, but we don't know if we have yet - * processed the NEWLINK messages with the latest state. Do a GETLINK, - * when it returns we know that the pending NEWLINKs have already been --- -2.33.0 - diff --git a/backport-network-fix-logic-for-checking-gateway-address-is-re.patch b/backport-network-fix-logic-for-checking-gateway-address-is-re.patch deleted file mode 100644 index 3c5a1f6..0000000 --- a/backport-network-fix-logic-for-checking-gateway-address-is-re.patch +++ /dev/null @@ -1,182 +0,0 @@ -From 2bd5bbbd39d5c825ed520e8282840b76b8f7fc79 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 21 Aug 2021 03:51:39 +0900 -Subject: [PATCH] network: fix logic for checking gateway address is ready - -This fixes the followings: -- The corresponding route or address to the gateway address must be in - the same link. -- IPv6 link local address is not necessary to be reachable. - -Fixes an issue reported in https://github.com/systemd/systemd/issues/8686#issuecomment-902562324. - -(cherry picked from commit 3333350a0e1917395d3654731ca985ea668bca9b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2bd5bbbd39d5c825ed520e8282840b76b8f7fc79 ---- - src/network/networkd-nexthop.c | 7 +--- - src/network/networkd-route.c | 72 ++++++++++++++++++++-------------- - src/network/networkd-route.h | 2 +- - 3 files changed, 44 insertions(+), 37 deletions(-) - -diff --git a/src/network/networkd-nexthop.c b/src/network/networkd-nexthop.c -index a52e5dcb16..c5cba88f46 100644 ---- a/src/network/networkd-nexthop.c -+++ b/src/network/networkd-nexthop.c -@@ -791,12 +791,7 @@ static bool nexthop_is_ready_to_configure(Link *link, const NextHop *nexthop) { - } - } - -- if (nexthop->onlink <= 0 && -- in_addr_is_set(nexthop->family, &nexthop->gw) && -- !manager_address_is_reachable(link->manager, nexthop->family, &nexthop->gw)) -- return false; -- -- return true; -+ return gateway_is_ready(link, nexthop->onlink, nexthop->family, &nexthop->gw); - } - - int request_process_nexthop(Request *req) { -diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c -index 068915616e..b7852f6eec 100644 ---- a/src/network/networkd-route.c -+++ b/src/network/networkd-route.c -@@ -753,6 +753,8 @@ static bool prefix_route_address_is_reachable(const Address *a, int family, cons - - if (a->family != family) - return false; -+ if (!address_is_ready(a)) -+ return false; - if (FLAGS_SET(a->flags, IFA_F_NOPREFIXROUTE)) - return false; - if (in_addr_is_set(a->family, &a->in_addr_peer)) -@@ -766,37 +768,34 @@ static bool prefix_route_address_is_reachable(const Address *a, int family, cons - FAMILY_ADDRESS_SIZE(family) * 8) > 0; - } - --bool manager_address_is_reachable(Manager *manager, int family, const union in_addr_union *address) { -- Link *link; -+static bool link_address_is_reachable(Link *link, int family, const union in_addr_union *address) { -+ Route *route; - -- assert(manager); -+ assert(link); -+ assert(link->manager); - assert(IN_SET(family, AF_INET, AF_INET6)); - assert(address); - -- HASHMAP_FOREACH(link, manager->links_by_index) { -- Route *route; - -- SET_FOREACH(route, link->routes) -- if (route_address_is_reachable(route, family, address)) -- return true; -- SET_FOREACH(route, link->routes_foreign) -- if (route_address_is_reachable(route, family, address)) -- return true; -- } -+ SET_FOREACH(route, link->routes) -+ if (route_address_is_reachable(route, family, address)) -+ return true; -+ SET_FOREACH(route, link->routes_foreign) -+ if (route_address_is_reachable(route, family, address)) -+ return true; - - /* If we do not manage foreign routes, then there may exist a prefix route we do not know, - * which was created on configuring an address. Hence, also check the addresses. */ -- if (!manager->manage_foreign_routes) -- HASHMAP_FOREACH(link, manager->links_by_index) { -- Address *a; -- -- SET_FOREACH(a, link->addresses) -- if (prefix_route_address_is_reachable(a, family, address)) -- return true; -- SET_FOREACH(a, link->addresses_foreign) -- if (prefix_route_address_is_reachable(a, family, address)) -- return true; -- } -+ if (!link->manager->manage_foreign_routes) { -+ Address *a; -+ -+ SET_FOREACH(a, link->addresses) -+ if (prefix_route_address_is_reachable(a, family, address)) -+ return true; -+ SET_FOREACH(a, link->addresses_foreign) -+ if (prefix_route_address_is_reachable(a, family, address)) -+ return true; -+ } - - return false; - } -@@ -1692,6 +1691,22 @@ int link_request_static_routes(Link *link, bool only_ipv4) { - return 0; - } - -+bool gateway_is_ready(Link *link, int onlink, int family, const union in_addr_union *gw) { -+ assert(link); -+ assert(gw); -+ -+ if (onlink > 0) -+ return true; -+ -+ if (!in_addr_is_set(family, gw)) -+ return true; -+ -+ if (family == AF_INET6 && in6_addr_is_link_local(&gw->in6)) -+ return true; -+ -+ return link_address_is_reachable(link, family, gw); -+} -+ - static int route_is_ready_to_configure(const Route *route, Link *link) { - MultipathRoute *m; - NextHop *nh = NULL; -@@ -1735,19 +1750,13 @@ static int route_is_ready_to_configure(const Route *route, Link *link) { - return r; - } - -- if (route->gateway_onlink <= 0 && -- in_addr_is_set(route->gw_family, &route->gw) > 0 && -- !manager_address_is_reachable(link->manager, route->gw_family, &route->gw)) -+ if (!gateway_is_ready(link, route->gateway_onlink, route->gw_family, &route->gw)) - return false; - - ORDERED_SET_FOREACH(m, route->multipath_routes) { - union in_addr_union a = m->gateway.address; - Link *l = NULL; - -- if (route->gateway_onlink <= 0 && -- !manager_address_is_reachable(link->manager, m->gateway.family, &a)) -- return false; -- - if (m->ifname) { - if (link_get_by_name(link->manager, m->ifname, &l) < 0) - return false; -@@ -1759,6 +1768,9 @@ static int route_is_ready_to_configure(const Route *route, Link *link) { - } - if (l && !link_is_ready_to_configure(l, true)) - return false; -+ -+ if (!gateway_is_ready(l ?: link, route->gateway_onlink, m->gateway.family, &a)) -+ return false; - } - - return true; -diff --git a/src/network/networkd-route.h b/src/network/networkd-route.h -index 2d262819ad..235a91f08d 100644 ---- a/src/network/networkd-route.h -+++ b/src/network/networkd-route.h -@@ -78,8 +78,8 @@ int route_configure_handler_internal(sd_netlink *rtnl, sd_netlink_message *m, Li - int route_remove(const Route *route, Manager *manager, Link *link); - - int link_has_route(Link *link, const Route *route); --bool manager_address_is_reachable(Manager *manager, int family, const union in_addr_union *address); - int manager_find_uplink(Manager *m, int family, Link *exclude, Link **ret); -+bool gateway_is_ready(Link *link, int onlink, int family, const union in_addr_union *gw); - - int link_drop_routes(Link *link); - int link_drop_foreign_routes(Link *link); --- -2.33.0 - diff --git a/backport-network-fix-wrong-flag-manage_foreign_routes-manage_.patch b/backport-network-fix-wrong-flag-manage_foreign_routes-manage_.patch deleted file mode 100644 index d40fbba..0000000 --- a/backport-network-fix-wrong-flag-manage_foreign_routes-manage_.patch +++ /dev/null @@ -1,32 +0,0 @@ -From fc88dc07544978b1bda9c192481a07d43d384f81 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 7 Sep 2021 21:46:50 +0900 -Subject: [PATCH] network: fix wrong flag: manage_foreign_routes -> - manage_foreign_rules - -Fixes a bug in d94dfe7053d49fa62c4bfc07b7f3fc2227c10aff. - -(cherry picked from commit 771a36439e955906290afc16a6fb3b10401892cf) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/fc88dc07544978b1bda9c192481a07d43d384f81 ---- - src/network/networkd-routing-policy-rule.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c -index 03ccbd8e85..b7e0fd779d 100644 ---- a/src/network/networkd-routing-policy-rule.c -+++ b/src/network/networkd-routing-policy-rule.c -@@ -1115,7 +1115,7 @@ int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Man - r = routing_policy_rule_update_priority(rule, tmp->priority); - if (r < 0) - log_warning_errno(r, "Failed to update priority of remembered routing policy rule, ignoring: %m"); -- } else if (!m->manage_foreign_routes) -+ } else if (!m->manage_foreign_rules) - log_routing_policy_rule_debug(tmp, "Ignoring received foreign", NULL, m); - else { - log_routing_policy_rule_debug(tmp, "Remembering foreign", NULL, m); --- -2.33.0 - diff --git a/backport-network-ignore-errors-on-setting-bridge-config.patch b/backport-network-ignore-errors-on-setting-bridge-config.patch deleted file mode 100644 index 33d26bd..0000000 --- a/backport-network-ignore-errors-on-setting-bridge-config.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 0c136b86d6c32445c6b503c87ba5fa348f34e22b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 4 Aug 2021 13:53:21 +0900 -Subject: [PATCH] network: ignore errors on setting bridge config - -For some setups, kernel refuses to set bridge configs with -EOPNOTSUPP. -See kernel's rtnl_bridge_setlink() in net/core/rtnetlink.c. - -Fixes #20373. - -(cherry picked from commit 1171f3f030319155914c2bb90655f46653f88cbf) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0c136b86d6c32445c6b503c87ba5fa348f34e22b ---- - src/network/networkd-setlink.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c -index fa1dd9b3ba..8130bb6bcc 100644 ---- a/src/network/networkd-setlink.c -+++ b/src/network/networkd-setlink.c -@@ -124,7 +124,7 @@ static int link_set_bond_handler(sd_netlink *rtnl, sd_netlink_message *m, Link * - } - - static int link_set_bridge_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -- return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE, /* ignore = */ false, NULL); -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE, /* ignore = */ true, NULL); - } - - static int link_set_bridge_vlan_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { --- -2.33.0 - diff --git a/backport-network-ignore-errors-on-unsetting-master-ifindex.patch b/backport-network-ignore-errors-on-unsetting-master-ifindex.patch deleted file mode 100644 index 1090eca..0000000 --- a/backport-network-ignore-errors-on-unsetting-master-ifindex.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 090378dcb1de5ca66900503210e85d63075fa70a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 5 Aug 2021 00:10:52 +0900 -Subject: [PATCH] network: ignore errors on unsetting master ifindex - -Fixes #20241. - -(cherry picked from commit c347a98272bd1b81682c266b9720fad107b96ab0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/090378dcb1de5ca66900503210e85d63075fa70a ---- - src/network/networkd-setlink.c | 20 ++++++++++++++++++-- - 1 file changed, 18 insertions(+), 2 deletions(-) - -diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c -index 8130bb6bcc..10c312c480 100644 ---- a/src/network/networkd-setlink.c -+++ b/src/network/networkd-setlink.c -@@ -95,9 +95,16 @@ static int set_link_handler_internal( - return 1; - - on_error: -- if (op == SET_LINK_FLAGS) { -+ switch (op) { -+ case SET_LINK_FLAGS: - assert(link->set_flags_messages > 0); - link->set_flags_messages--; -+ break; -+ case SET_LINK_MASTER: -+ link->master_set = true; -+ break; -+ default: -+ break; - } - - return 0; -@@ -183,6 +190,11 @@ static int link_set_master_handler(sd_netlink *rtnl, sd_netlink_message *m, Link - return set_link_handler_internal(rtnl, m, link, SET_LINK_MASTER, /* ignore = */ false, get_link_master_handler); - } - -+static int link_unset_master_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { -+ /* Some devices do not support setting master ifindex. Let's ignore error on unsetting master ifindex. */ -+ return set_link_handler_internal(rtnl, m, link, SET_LINK_MASTER, /* ignore = */ true, get_link_master_handler); -+} -+ - static int link_set_mtu_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { - int r; - -@@ -745,10 +757,14 @@ int link_request_to_set_mac(Link *link, bool allow_retry) { - - int link_request_to_set_master(Link *link) { - assert(link); -+ assert(link->network); - - link->master_set = false; - -- return link_request_set_link(link, SET_LINK_MASTER, link_set_master_handler, NULL); -+ if (link->network->batadv || link->network->bond || link->network->bridge || link->network->vrf) -+ return link_request_set_link(link, SET_LINK_MASTER, link_set_master_handler, NULL); -+ else -+ return link_request_set_link(link, SET_LINK_MASTER, link_unset_master_handler, NULL); - } - - int link_request_to_set_mtu(Link *link, uint32_t mtu) { --- -2.33.0 - diff --git a/backport-network-print-Ethernet-Link-Layer-DHCP-client-ID-wit.patch b/backport-network-print-Ethernet-Link-Layer-DHCP-client-ID-wit.patch deleted file mode 100644 index 7dd72a9..0000000 --- a/backport-network-print-Ethernet-Link-Layer-DHCP-client-ID-wit.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 133354a3b9fc7b88fb143f241cfc4565b943ae87 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Alvin=20=C5=A0ipraga?= -Date: Tue, 31 Aug 2021 14:17:33 +0200 -Subject: [PATCH] network: print Ethernet Link-Layer DHCP client ID with - leading 0's - -This is a small cosmetic change. - -Before: - - Offered DHCP leases: 192.168.0.183 (to 0:9:a7:36:bc:89) - -After: - - Offered DHCP leases: 192.168.0.183 (to 00:09:a7:36:bc:89) - -(cherry picked from commit 8e664ab6ecc9c420d2151f14b36824aecc76d8ac) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/133354a3b9fc7b88fb143f241cfc4565b943ae87 ---- - src/libsystemd-network/sd-dhcp-client.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c -index dc8ff19d1a..030b50cf2a 100644 ---- a/src/libsystemd-network/sd-dhcp-client.c -+++ b/src/libsystemd-network/sd-dhcp-client.c -@@ -192,7 +192,7 @@ int sd_dhcp_client_id_to_string(const void *data, size_t len, char **ret) { - if (len != sizeof_field(sd_dhcp_client_id, eth)) - return -EINVAL; - -- r = asprintf(&t, "%x:%x:%x:%x:%x:%x", -+ r = asprintf(&t, "%02x:%02x:%02x:%02x:%02x:%02x", - client_id->eth.haddr[0], - client_id->eth.haddr[1], - client_id->eth.haddr[2], --- -2.33.0 - diff --git a/backport-network-route-fix-possible-overflow-in-conversion-us.patch b/backport-network-route-fix-possible-overflow-in-conversion-us.patch deleted file mode 100644 index ea7bb01..0000000 --- a/backport-network-route-fix-possible-overflow-in-conversion-us.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 7a9b38919302e98cebc2c6233fd09d0c07ae41dc Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 15 Oct 2021 10:06:25 +0900 -Subject: [PATCH] network: route: fix possible overflow in conversion usec_t -> - uint32_t - -(cherry picked from commit ff43dddab7260c9220eaea2a545514772c0e581f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7a9b38919302e98cebc2c6233fd09d0c07ae41dc ---- - src/network/networkd-route.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c -index 791fd64c39..eeba31c45d 100644 ---- a/src/network/networkd-route.c -+++ b/src/network/networkd-route.c -@@ -1537,7 +1537,7 @@ static int route_configure( - - if (route->lifetime != USEC_INFINITY && kernel_route_expiration_supported()) { - r = sd_netlink_message_append_u32(req, RTA_EXPIRES, -- DIV_ROUND_UP(usec_sub_unsigned(route->lifetime, now(clock_boottime_or_monotonic())), USEC_PER_SEC)); -+ MIN(DIV_ROUND_UP(usec_sub_unsigned(route->lifetime, now(clock_boottime_or_monotonic())), USEC_PER_SEC), UINT32_MAX)); - if (r < 0) - return log_link_error_errno(link, r, "Could not append RTA_EXPIRES attribute: %m"); - } --- -2.33.0 - diff --git a/backport-network-use-address_equal-route_equal-to-compare-add.patch b/backport-network-use-address_equal-route_equal-to-compare-add.patch deleted file mode 100644 index 4232212..0000000 --- a/backport-network-use-address_equal-route_equal-to-compare-add.patch +++ /dev/null @@ -1,68 +0,0 @@ -From ea4d7828fe525201ffb98ff2a31fde8a12e0a4c4 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 4 Aug 2021 13:14:03 +0900 -Subject: [PATCH] network: use address_equal()/route_equal() to compare - addresses or routes configured by NDisc - -Fixes #20244. - -(cherry picked from commit 10e417b3eac03c1bcd0b5f3d5c24291ac644e164) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ea4d7828fe525201ffb98ff2a31fde8a12e0a4c4 ---- - src/network/networkd-address.c | 2 +- - src/network/networkd-route.c | 4 ++-- - src/network/networkd-route.h | 1 + - 3 files changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c -index 35305aff99..6b2230b725 100644 ---- a/src/network/networkd-address.c -+++ b/src/network/networkd-address.c -@@ -165,7 +165,7 @@ Address *address_free(Address *address) { - set_remove(address->link->dhcp6_pd_addresses, address); - set_remove(address->link->dhcp6_pd_addresses_old, address); - SET_FOREACH(n, address->link->ndisc_addresses) -- if (n->address == address) -+ if (address_equal(n->address, address)) - free(set_remove(address->link->ndisc_addresses, n)); - - if (address->family == AF_INET6 && -diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c -index 7b36b48141..77a93beca9 100644 ---- a/src/network/networkd-route.c -+++ b/src/network/networkd-route.c -@@ -279,7 +279,7 @@ Route *route_free(Route *route) { - set_remove(route->link->dhcp6_pd_routes, route); - set_remove(route->link->dhcp6_pd_routes_old, route); - SET_FOREACH(n, route->link->ndisc_routes) -- if (n->route == route) -+ if (route_equal(n->route, route)) - free(set_remove(route->link->ndisc_routes, n)); - } - -@@ -435,7 +435,7 @@ DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR( - route_compare_func, - route_free); - --static bool route_equal(const Route *r1, const Route *r2) { -+bool route_equal(const Route *r1, const Route *r2) { - if (r1 == r2) - return true; - -diff --git a/src/network/networkd-route.h b/src/network/networkd-route.h -index fa0b3ba0fc..2d262819ad 100644 ---- a/src/network/networkd-route.h -+++ b/src/network/networkd-route.h -@@ -66,6 +66,7 @@ typedef struct Route { - - void route_hash_func(const Route *route, struct siphash *state); - int route_compare_func(const Route *a, const Route *b); -+bool route_equal(const Route *r1, const Route *r2); - extern const struct hash_ops route_hash_ops; - - int route_new(Route **ret); --- -2.33.0 - diff --git a/backport-network-use-monotonic-instead-of-boot-time-to-handle.patch b/backport-network-use-monotonic-instead-of-boot-time-to-handle.patch deleted file mode 100644 index 8c8e824..0000000 --- a/backport-network-use-monotonic-instead-of-boot-time-to-handle.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 171daf2dc084fab16c0696b139b1af3f0ab9d9f0 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 6 Aug 2021 19:37:16 +0900 -Subject: [PATCH] network: use monotonic instead of boot time to handle address - creation/update timestamp - -Follow-up for 25db3aeaf32ba95bad5e765720ebc23c8ef77a99 and 899034ba8167bd16e802cfbea29a9ee85dee5be5. - -Fixes another issue in #20244. - -(cherry picked from commit 5865dc1493e5519549d24fef23a2ce5c812eca32) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/171daf2dc084fab16c0696b139b1af3f0ab9d9f0 ---- - src/network/networkd-ndisc.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c -index efc4707855..e3705bfed5 100644 ---- a/src/network/networkd-ndisc.c -+++ b/src/network/networkd-ndisc.c -@@ -765,7 +765,9 @@ static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *r - assert(link); - assert(rt); - -- r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); -+ /* Do not use clock_boottime_or_monotonic() here, as the kernel internally manages cstamp and -+ * tstamp with jiffies, and it is not increased while the system is suspended. */ -+ r = sd_ndisc_router_get_timestamp(rt, CLOCK_MONOTONIC, &time_now); - if (r < 0) - return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); - --- -2.33.0 - diff --git a/backport-networkd-Include-linux-netdevice.h-header.patch b/backport-networkd-Include-linux-netdevice.h-header.patch deleted file mode 100644 index 4be2aed..0000000 --- a/backport-networkd-Include-linux-netdevice.h-header.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 898949f71513da918c4aa94a0681fbc6b868e00f Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Mon, 26 Jul 2021 10:58:46 -0700 -Subject: [PATCH] networkd: Include linux/netdevice.h header -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This header provides definitions for NET_NAME_UNKNOWN ånd NET_NAME_ENUM -Fixes build issue found with non-glibc systems - -../git/src/network/networkd-link.c:1203:52: error: 'NET_NAME_UNKNOWN' undeclared (first use in this function) - -Signed-off-by: Khem Raj -(cherry picked from commit 2a0d07d6a0d5be63c6c10cb0789412f584858ec1) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/898949f71513da918c4aa94a0681fbc6b868e00f ---- - src/network/networkd-link.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c -index c1ab14ebec..9421ce1aa6 100644 ---- a/src/network/networkd-link.c -+++ b/src/network/networkd-link.c -@@ -4,6 +4,7 @@ - #include - #include - #include -+#include - #include - #include - --- -2.33.0 - diff --git a/backport-nspawn-fix-type-to-pass-to-connect.patch b/backport-nspawn-fix-type-to-pass-to-connect.patch deleted file mode 100644 index a9f689e..0000000 --- a/backport-nspawn-fix-type-to-pass-to-connect.patch +++ /dev/null @@ -1,34 +0,0 @@ -From caa0827ca920617dc54e62be1ff8422ad9ce2d3a Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 1 Sep 2021 14:41:37 +0200 -Subject: [PATCH] nspawn: fix type to pass to connect() - -It expects a generic "struct sockaddr", not a "struct sockaddr_un". -Pass the right member of the union. - -Not sure why gcc/llvm never complained about this... - -(cherry picked from commit 32b9736a230d47b73babcc5cfa27d672bb721bd0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/caa0827ca920617dc54e62be1ff8422ad9ce2d3a ---- - src/nspawn/nspawn.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 04685fecba..575b9da447 100644 ---- a/src/nspawn/nspawn.c -+++ b/src/nspawn/nspawn.c -@@ -5354,7 +5354,7 @@ static int cant_be_in_netns(void) { - if (fd < 0) - return log_error_errno(errno, "Failed to allocate udev control socket: %m"); - -- if (connect(fd, &sa.un, SOCKADDR_UN_LEN(sa.un)) < 0) { -+ if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) { - - if (errno == ENOENT || ERRNO_IS_DISCONNECT(errno)) - return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), --- -2.33.0 - diff --git a/backport-nss-drop-dummy-setup_logging-helpers.patch b/backport-nss-drop-dummy-setup_logging-helpers.patch deleted file mode 100644 index f2e296d..0000000 --- a/backport-nss-drop-dummy-setup_logging-helpers.patch +++ /dev/null @@ -1,61 +0,0 @@ -From da98ffd65aa29ee968a4f4379f5c8e06bf2d58f4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 11 Jan 2022 13:23:27 +0100 -Subject: [PATCH] nss: drop dummy setup_logging() helpers - -log_parse_environment() stopped being a macro in 9fdee66f2d9. -As reported by @bauen1 in https://github.com/systemd/systemd/issues/22020, -the comment was out of date. - -(cherry picked from commit 56a5f4969b96529c82ec8cc08db4fa8e9c61e7b9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/da98ffd65aa29ee968a4f4379f5c8e06bf2d58f4 ---- - src/nss-mymachines/nss-mymachines.c | 7 +------ - src/nss-systemd/nss-systemd.c | 7 +------ - 2 files changed, 2 insertions(+), 12 deletions(-) - -diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c -index 44715bb3e5..781fd48d72 100644 ---- a/src/nss-mymachines/nss-mymachines.c -+++ b/src/nss-mymachines/nss-mymachines.c -@@ -22,14 +22,9 @@ - #include "signal-util.h" - #include "string-util.h" - --static void setup_logging(void) { -- /* We need a dummy function because log_parse_environment is a macro. */ -- log_parse_environment(); --} -- - static void setup_logging_once(void) { - static pthread_once_t once = PTHREAD_ONCE_INIT; -- assert_se(pthread_once(&once, setup_logging) == 0); -+ assert_se(pthread_once(&once, log_parse_environment) == 0); - } - - #define NSS_ENTRYPOINT_BEGIN \ -diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c -index 36486b96e3..c6c00c40e6 100644 ---- a/src/nss-systemd/nss-systemd.c -+++ b/src/nss-systemd/nss-systemd.c -@@ -116,14 +116,9 @@ static GetentData getsgent_data = { - .mutex = PTHREAD_MUTEX_INITIALIZER, - }; - --static void setup_logging(void) { -- /* We need a dummy function because log_parse_environment is a macro. */ -- log_parse_environment(); --} -- - static void setup_logging_once(void) { - static pthread_once_t once = PTHREAD_ONCE_INIT; -- assert_se(pthread_once(&once, setup_logging) == 0); -+ assert_se(pthread_once(&once, log_parse_environment) == 0); - } - - #define NSS_ENTRYPOINT_BEGIN \ --- -2.33.0 - diff --git a/backport-nss-myhostname-do-not-apply-non-zero-offset-to-null-.patch b/backport-nss-myhostname-do-not-apply-non-zero-offset-to-null-.patch deleted file mode 100644 index a7007ab..0000000 --- a/backport-nss-myhostname-do-not-apply-non-zero-offset-to-null-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 05189e8c961c6b4ac8ef79c8911cb56965a5034f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 31 Dec 2021 09:13:00 +0900 -Subject: [PATCH] nss-myhostname: do not apply non-zero offset to null pointer - -Fixes https://github.com/systemd/systemd/issues/21935#issuecomment-1003216503. - -(cherry picked from commit 92e9df9ca031b9b04487a46afd986ab3122183fd) -(cherry picked from commit a473bfb4332ad6b0a0894135c4de0f8cc324d378) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/05189e8c961c6b4ac8ef79c8911cb56965a5034f ---- - src/nss-myhostname/nss-myhostname.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/nss-myhostname/nss-myhostname.c b/src/nss-myhostname/nss-myhostname.c -index 3536c5fc83..67b1554d27 100644 ---- a/src/nss-myhostname/nss-myhostname.c -+++ b/src/nss-myhostname/nss-myhostname.c -@@ -39,10 +39,8 @@ enum nss_status _nss_myhostname_gethostbyname4_r( - const char *canonical = NULL; - int n_addresses = 0; - uint32_t local_address_ipv4; -- struct local_address *a; - size_t l, idx, ms; - char *r_name; -- unsigned n; - - PROTECT_ERRNO; - BLOCK_SIGNALS(NSS_SIGNALS_BLOCK); -@@ -136,7 +134,9 @@ enum nss_status _nss_myhostname_gethostbyname4_r( - } - - /* Fourth, fill actual addresses in, but in backwards order */ -- for (a = addresses + n_addresses - 1, n = 0; (int) n < n_addresses; n++, a--) { -+ for (int i = n_addresses; i > 0; i--) { -+ struct local_address *a = addresses + i - 1; -+ - r_tuple = (struct gaih_addrtuple*) (buffer + idx); - r_tuple->next = r_tuple_prev; - r_tuple->name = r_name; --- -2.33.0 - diff --git a/backport-nss-only-read-logging-config-from-environment-variab.patch b/backport-nss-only-read-logging-config-from-environment-variab.patch deleted file mode 100644 index 45ed5e5..0000000 --- a/backport-nss-only-read-logging-config-from-environment-variab.patch +++ /dev/null @@ -1,118 +0,0 @@ -From 9e29d13926b62c10d931d287b30b7874872bfe39 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Tue, 11 Jan 2022 13:36:39 +0100 -Subject: [PATCH] nss: only read logging config from environment variables - -log_parse_environment() uses should_parse_proc_cmdline() to determine whether -it should parse settings from the kernel command line. But the checks that -should_parse_proc_cmdline() apply to the whole process, and we could get a positive -answer also when log_parse_environment() was called from one of the nss modules. -In case of nss-modules, we don't want to look at the kernel command line. - -log_parse_environment_variables() that only looks at the environment variables -is split out and used in the nss modules. - -Fixes #22020. - -(cherry picked from commit a7d15a24659770b0fa9f4cd26fc7bbb17765cbb7) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9e29d13926b62c10d931d287b30b7874872bfe39 ---- - src/basic/log.c | 16 ++++++++++------ - src/basic/log.h | 1 + - src/nss-mymachines/nss-mymachines.c | 2 +- - src/nss-resolve/nss-resolve.c | 2 +- - src/nss-systemd/nss-systemd.c | 2 +- - 5 files changed, 14 insertions(+), 9 deletions(-) - -diff --git a/src/basic/log.c b/src/basic/log.c -index fb183ea9e7..1d68b49963 100644 ---- a/src/basic/log.c -+++ b/src/basic/log.c -@@ -1189,14 +1189,9 @@ static bool should_parse_proc_cmdline(void) { - return getpid_cached() == p; - } - --void log_parse_environment(void) { -+void log_parse_environment_variables(void) { - const char *e; - -- /* Do not call from library code. */ -- -- if (should_parse_proc_cmdline()) -- (void) proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_STRIP_RD_PREFIX); -- - e = getenv("SYSTEMD_LOG_TARGET"); - if (e && log_set_target_from_string(e) < 0) - log_warning("Failed to parse log target '%s'. Ignoring.", e); -@@ -1222,6 +1217,15 @@ void log_parse_environment(void) { - log_warning("Failed to parse log tid '%s'. Ignoring.", e); - } - -+void log_parse_environment(void) { -+ /* Do not call from library code. */ -+ -+ if (should_parse_proc_cmdline()) -+ (void) proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_STRIP_RD_PREFIX); -+ -+ log_parse_environment_variables(); -+} -+ - LogTarget log_get_target(void) { - return log_target; - } -diff --git a/src/basic/log.h b/src/basic/log.h -index 8bfae8e0e5..3dbd01a75d 100644 ---- a/src/basic/log.h -+++ b/src/basic/log.h -@@ -69,6 +69,7 @@ int log_open(void); - void log_close(void); - void log_forget_fds(void); - -+void log_parse_environment_variables(void); - void log_parse_environment(void); - - int log_dispatch_internal( -diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c -index 781fd48d72..c64e79bdff 100644 ---- a/src/nss-mymachines/nss-mymachines.c -+++ b/src/nss-mymachines/nss-mymachines.c -@@ -24,7 +24,7 @@ - - static void setup_logging_once(void) { - static pthread_once_t once = PTHREAD_ONCE_INIT; -- assert_se(pthread_once(&once, log_parse_environment) == 0); -+ assert_se(pthread_once(&once, log_parse_environment_variables) == 0); - } - - #define NSS_ENTRYPOINT_BEGIN \ -diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c -index 4f54973202..dd2e5206e2 100644 ---- a/src/nss-resolve/nss-resolve.c -+++ b/src/nss-resolve/nss-resolve.c -@@ -22,7 +22,7 @@ - static JsonDispatchFlags json_dispatch_flags = 0; - - static void setup_logging(void) { -- log_parse_environment(); -+ log_parse_environment_variables(); - - if (DEBUG_LOGGING) - json_dispatch_flags = JSON_LOG; -diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c -index c6c00c40e6..e87f1d31b3 100644 ---- a/src/nss-systemd/nss-systemd.c -+++ b/src/nss-systemd/nss-systemd.c -@@ -118,7 +118,7 @@ static GetentData getsgent_data = { - - static void setup_logging_once(void) { - static pthread_once_t once = PTHREAD_ONCE_INIT; -- assert_se(pthread_once(&once, log_parse_environment) == 0); -+ assert_se(pthread_once(&once, log_parse_environment_variables) == 0); - } - - #define NSS_ENTRYPOINT_BEGIN \ --- -2.33.0 - diff --git a/backport-nss-systemd-ensure-returned-strings-point-into-provi.patch b/backport-nss-systemd-ensure-returned-strings-point-into-provi.patch deleted file mode 100644 index 4165a9c..0000000 --- a/backport-nss-systemd-ensure-returned-strings-point-into-provi.patch +++ /dev/null @@ -1,350 +0,0 @@ -From 055ba736e12255cf79acc81aac382344129d03c5 Mon Sep 17 00:00:00 2001 -From: Michael Catanzaro -Date: Wed, 8 Sep 2021 16:51:16 -0500 -Subject: [PATCH] nss-systemd: ensure returned strings point into provided - buffer - -Jamie Bainbridge found an issue where glib's g_get_user_database_entry() -may crash after doing: - -``` -error = getpwnam_r (logname, &pwd, buffer, bufsize, &pw); -// ... -pw->pw_name[0] = g_ascii_toupper (pw->pw_name[0]); -``` - -in order to uppercase the first letter of the user's real name. This is -a glib bug, because there is a different codepath that gets the pwd from -vanilla getpwnam instead of getpwnam_r as shown here. When the pwd -struct is returned by getpwnam, its fields point to static data owned by -glibc/NSS, and so it must not be modified by the caller. After much -debugging, Jamie Bainbridge has fixed this in https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2244 -by making a copy of the data before modifying it, and that resolves all -problems for glib. Yay! - -However, glib is crashing even when getpwnam_r is used instead of -getpwnam! According to getpwnam_r(3), the strings in the pwd struct are -supposed to be pointers into the buffer passed by the caller, so glib -should be able to safely edit it directly in this case, so long as it -doesn't try to increase the size of any of the strings. - -Problem is various functions throughout nss-systemd.c return synthesized -records declared at the top of the file. These records are returned -directly and so contain pointers to static strings owned by -libsystemd-nss. systemd must instead copy all the strings into the -provided buffer. - -This crash is reproducible if nss-systemd is listed first on the passwd -line in /etc/nsswitch.conf, and the application looks up one of the -synthesized user accounts "root" or "nobody", and finally the -application attempts to edit one of the strings in the returned struct. -All our synthesized records for the other struct types have the same -problem, so this commit fixes them all at once. - -Fixes #20679 - -(cherry picked from commit 47fd7fa6c650d7a0ac41bc89747e3b866ffb9534) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/055ba736e12255cf79acc81aac382344129d03c5 ---- - src/nss-systemd/nss-systemd.c | 204 ++++++++++++++++++++++++++++------ - 1 file changed, 168 insertions(+), 36 deletions(-) - -diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c -index 1b0866109a..1840a0d508 100644 ---- a/src/nss-systemd/nss-systemd.c -+++ b/src/nss-systemd/nss-systemd.c -@@ -2,6 +2,7 @@ - - #include - #include -+#include - - #include "env-util.h" - #include "errno-util.h" -@@ -139,6 +140,155 @@ NSS_GRENT_PROTOTYPES(systemd); - NSS_SGENT_PROTOTYPES(systemd); - NSS_INITGROUPS_PROTOTYPE(systemd); - -+/* Since our NSS functions implement reentrant glibc APIs, we have to guarantee -+ * all the string pointers we return point into the buffer provided by the -+ * caller, not into our own static memory. */ -+ -+static enum nss_status copy_synthesized_passwd( -+ struct passwd *dest, -+ const struct passwd *src, -+ char *buffer, size_t buflen, -+ int *errnop) { -+ -+ size_t required; -+ -+ assert(dest); -+ assert(src); -+ assert(src->pw_name); -+ assert(src->pw_passwd); -+ assert(src->pw_gecos); -+ assert(src->pw_dir); -+ assert(src->pw_shell); -+ -+ required = strlen(src->pw_name) + 1; -+ required += strlen(src->pw_passwd) + 1; -+ required += strlen(src->pw_gecos) + 1; -+ required += strlen(src->pw_dir) + 1; -+ required += strlen(src->pw_shell) + 1; -+ -+ if (buflen < required) { -+ *errnop = ERANGE; -+ return NSS_STATUS_TRYAGAIN; -+ } -+ -+ assert(buffer); -+ -+ *dest = *src; -+ -+ /* String fields point into the user-provided buffer */ -+ dest->pw_name = buffer; -+ dest->pw_passwd = stpcpy(dest->pw_name, src->pw_name) + 1; -+ dest->pw_gecos = stpcpy(dest->pw_passwd, src->pw_passwd) + 1; -+ dest->pw_dir = stpcpy(dest->pw_gecos, src->pw_gecos) + 1; -+ dest->pw_shell = stpcpy(dest->pw_dir, src->pw_dir) + 1; -+ strcpy(dest->pw_shell, src->pw_shell); -+ -+ return NSS_STATUS_SUCCESS; -+} -+ -+static enum nss_status copy_synthesized_spwd( -+ struct spwd *dest, -+ const struct spwd *src, -+ char *buffer, size_t buflen, -+ int *errnop) { -+ -+ size_t required; -+ -+ assert(dest); -+ assert(src); -+ assert(src->sp_namp); -+ assert(src->sp_pwdp); -+ -+ required = strlen(src->sp_namp) + 1; -+ required += strlen(src->sp_pwdp) + 1; -+ -+ if (buflen < required) { -+ *errnop = ERANGE; -+ return NSS_STATUS_TRYAGAIN; -+ } -+ -+ assert(buffer); -+ -+ *dest = *src; -+ -+ /* String fields point into the user-provided buffer */ -+ dest->sp_namp = buffer; -+ dest->sp_pwdp = stpcpy(dest->sp_namp, src->sp_namp) + 1; -+ strcpy(dest->sp_pwdp, src->sp_pwdp); -+ -+ return NSS_STATUS_SUCCESS; -+} -+ -+static enum nss_status copy_synthesized_group( -+ struct group *dest, -+ const struct group *src, -+ char *buffer, size_t buflen, -+ int *errnop) { -+ -+ size_t required; -+ -+ assert(dest); -+ assert(src); -+ assert(src->gr_name); -+ assert(src->gr_passwd); -+ assert(src->gr_mem); -+ assert(!*src->gr_mem); /* Our synthesized records' gr_mem is always just NULL... */ -+ -+ required = strlen(src->gr_name) + 1; -+ required += strlen(src->gr_passwd) + 1; -+ required += 1; /* ...but that NULL still needs to be stored into the buffer! */ -+ -+ if (buflen < required) { -+ *errnop = ERANGE; -+ return NSS_STATUS_TRYAGAIN; -+ } -+ -+ assert(buffer); -+ -+ *dest = *src; -+ -+ /* String fields point into the user-provided buffer */ -+ dest->gr_name = buffer; -+ dest->gr_passwd = stpcpy(dest->gr_name, src->gr_name) + 1; -+ dest->gr_mem = (char **) strcpy(dest->gr_passwd, src->gr_passwd) + 1; -+ *dest->gr_mem = NULL; -+ -+ return NSS_STATUS_SUCCESS; -+} -+ -+static enum nss_status copy_synthesized_sgrp( -+ struct sgrp *dest, -+ const struct sgrp *src, -+ char *buffer, size_t buflen, -+ int *errnop) { -+ -+ size_t required; -+ -+ assert(dest); -+ assert(src); -+ assert(src->sg_namp); -+ assert(src->sg_passwd); -+ -+ required = strlen(src->sg_namp) + 1; -+ required += strlen(src->sg_passwd) + 1; -+ -+ if (buflen < required) { -+ *errnop = ERANGE; -+ return NSS_STATUS_TRYAGAIN; -+ } -+ -+ assert(buffer); -+ -+ *dest = *src; -+ -+ /* String fields point into the user-provided buffer */ -+ dest->sg_namp = buffer; -+ dest->sg_passwd = stpcpy(dest->sg_namp, src->sg_namp) + 1; -+ strcpy(dest->sg_passwd, src->sg_passwd); -+ -+ return NSS_STATUS_SUCCESS; -+} -+ - enum nss_status _nss_systemd_getpwnam_r( - const char *name, - struct passwd *pwd, -@@ -164,17 +314,14 @@ enum nss_status _nss_systemd_getpwnam_r( - /* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { - -- if (streq(name, root_passwd.pw_name)) { -- *pwd = root_passwd; -- return NSS_STATUS_SUCCESS; -- } -+ if (streq(name, root_passwd.pw_name)) -+ return copy_synthesized_passwd(pwd, &root_passwd, buffer, buflen, errnop); - - if (streq(name, nobody_passwd.pw_name)) { - if (!synthesize_nobody()) - return NSS_STATUS_NOTFOUND; - -- *pwd = nobody_passwd; -- return NSS_STATUS_SUCCESS; -+ return copy_synthesized_passwd(pwd, &nobody_passwd, buffer, buflen, errnop); - } - - } else if (STR_IN_SET(name, root_passwd.pw_name, nobody_passwd.pw_name)) -@@ -211,17 +358,14 @@ enum nss_status _nss_systemd_getpwuid_r( - /* Synthesize data for the root user and for nobody in case they are missing from /etc/passwd */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { - -- if (uid == root_passwd.pw_uid) { -- *pwd = root_passwd; -- return NSS_STATUS_SUCCESS; -- } -+ if (uid == root_passwd.pw_uid) -+ return copy_synthesized_passwd(pwd, &root_passwd, buffer, buflen, errnop); - - if (uid == nobody_passwd.pw_uid) { - if (!synthesize_nobody()) - return NSS_STATUS_NOTFOUND; - -- *pwd = nobody_passwd; -- return NSS_STATUS_SUCCESS; -+ return copy_synthesized_passwd(pwd, &nobody_passwd, buffer, buflen, errnop); - } - - } else if (uid == root_passwd.pw_uid || uid == nobody_passwd.pw_uid) -@@ -259,17 +403,14 @@ enum nss_status _nss_systemd_getspnam_r( - /* Synthesize entries for the root and nobody users, in case they are missing in /etc/passwd */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { - -- if (streq(name, root_spwd.sp_namp)) { -- *spwd = root_spwd; -- return NSS_STATUS_SUCCESS; -- } -+ if (streq(name, root_spwd.sp_namp)) -+ return copy_synthesized_spwd(spwd, &root_spwd, buffer, buflen, errnop); - - if (streq(name, nobody_spwd.sp_namp)) { - if (!synthesize_nobody()) - return NSS_STATUS_NOTFOUND; - -- *spwd = nobody_spwd; -- return NSS_STATUS_SUCCESS; -+ return copy_synthesized_spwd(spwd, &nobody_spwd, buffer, buflen, errnop); - } - - } else if (STR_IN_SET(name, root_spwd.sp_namp, nobody_spwd.sp_namp)) -@@ -309,17 +450,14 @@ enum nss_status _nss_systemd_getgrnam_r( - /* Synthesize records for root and nobody, in case they are missing from /etc/group */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { - -- if (streq(name, root_group.gr_name)) { -- *gr = root_group; -- return NSS_STATUS_SUCCESS; -- } -+ if (streq(name, root_group.gr_name)) -+ return copy_synthesized_group(gr, &root_group, buffer, buflen, errnop); - - if (streq(name, nobody_group.gr_name)) { - if (!synthesize_nobody()) - return NSS_STATUS_NOTFOUND; - -- *gr = nobody_group; -- return NSS_STATUS_SUCCESS; -+ return copy_synthesized_group(gr, &nobody_group, buffer, buflen, errnop); - } - - } else if (STR_IN_SET(name, root_group.gr_name, nobody_group.gr_name)) -@@ -356,17 +494,14 @@ enum nss_status _nss_systemd_getgrgid_r( - /* Synthesize records for root and nobody, in case they are missing from /etc/group */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { - -- if (gid == root_group.gr_gid) { -- *gr = root_group; -- return NSS_STATUS_SUCCESS; -- } -+ if (gid == root_group.gr_gid) -+ return copy_synthesized_group(gr, &root_group, buffer, buflen, errnop); - - if (gid == nobody_group.gr_gid) { - if (!synthesize_nobody()) - return NSS_STATUS_NOTFOUND; - -- *gr = nobody_group; -- return NSS_STATUS_SUCCESS; -+ return copy_synthesized_group(gr, &nobody_group, buffer, buflen, errnop); - } - - } else if (gid == root_group.gr_gid || gid == nobody_group.gr_gid) -@@ -404,17 +539,14 @@ enum nss_status _nss_systemd_getsgnam_r( - /* Synthesize records for root and nobody, in case they are missing from /etc/group */ - if (getenv_bool_secure("SYSTEMD_NSS_BYPASS_SYNTHETIC") <= 0) { - -- if (streq(name, root_sgrp.sg_namp)) { -- *sgrp = root_sgrp; -- return NSS_STATUS_SUCCESS; -- } -+ if (streq(name, root_sgrp.sg_namp)) -+ return copy_synthesized_sgrp(sgrp, &root_sgrp, buffer, buflen, errnop); - - if (streq(name, nobody_sgrp.sg_namp)) { - if (!synthesize_nobody()) - return NSS_STATUS_NOTFOUND; - -- *sgrp = nobody_sgrp; -- return NSS_STATUS_SUCCESS; -+ return copy_synthesized_sgrp(sgrp, &nobody_sgrp, buffer, buflen, errnop); - } - - } else if (STR_IN_SET(name, root_sgrp.sg_namp, nobody_sgrp.sg_namp)) --- -2.33.0 - diff --git a/backport-nss-systemd-fix-alignment-of-gr_mem.patch b/backport-nss-systemd-fix-alignment-of-gr_mem.patch deleted file mode 100644 index fca306b..0000000 --- a/backport-nss-systemd-fix-alignment-of-gr_mem.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 649e83bb995eb067cce3e70f50e5d3ab54c9d47d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 31 Dec 2021 06:59:42 +0900 -Subject: [PATCH] nss-systemd: fix alignment of gr_mem - -Follow-up for 1e65eb8f9b7d567462030b2e625998d77677e636. - -Fixes #21935. - -(cherry picked from commit 420a35c1fadfb4d67be6316436233d98b5688de5) -(cherry picked from commit 9c8bc0451ab2393f3b9b689e46e1b05e9f6dad35) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/649e83bb995eb067cce3e70f50e5d3ab54c9d47d ---- - src/nss-systemd/nss-systemd.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c -index 7aea3652c4..36486b96e3 100644 ---- a/src/nss-systemd/nss-systemd.c -+++ b/src/nss-systemd/nss-systemd.c -@@ -238,7 +238,7 @@ static enum nss_status copy_synthesized_group( - required += strlen(src->gr_passwd) + 1; - required += sizeof(char*); /* ...but that NULL still needs to be stored into the buffer! */ - -- if (buflen < required) { -+ if (buflen < ALIGN(required)) { - *errnop = ERANGE; - return NSS_STATUS_TRYAGAIN; - } -@@ -250,7 +250,7 @@ static enum nss_status copy_synthesized_group( - /* String fields point into the user-provided buffer */ - dest->gr_name = buffer; - dest->gr_passwd = stpcpy(dest->gr_name, src->gr_name) + 1; -- dest->gr_mem = (char **) stpcpy(dest->gr_passwd, src->gr_passwd) + 1; -+ dest->gr_mem = ALIGN_PTR(stpcpy(dest->gr_passwd, src->gr_passwd) + 1); - *dest->gr_mem = NULL; - - return NSS_STATUS_SUCCESS; --- -2.33.0 - diff --git a/backport-nss-systemd-fix-required-buffer-size-calculation.patch b/backport-nss-systemd-fix-required-buffer-size-calculation.patch deleted file mode 100644 index fa0220f..0000000 --- a/backport-nss-systemd-fix-required-buffer-size-calculation.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 5f78618a44a21197e727cd1c62da5aa8bf7e0610 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 31 Dec 2021 00:31:51 +0900 -Subject: [PATCH] nss-systemd: fix required buffer size calculation - -This also fixes the pointer assigned to the gr_mem element of struct group. - -Fixes a bug introduced by 47fd7fa6c650d7a0ac41bc89747e3b866ffb9534. - -Fixes #21935. - -(cherry picked from commit 1e65eb8f9b7d567462030b2e625998d77677e636) -(cherry picked from commit 17227e81ab8a9bdfac679d450ed35434435a6ff8) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5f78618a44a21197e727cd1c62da5aa8bf7e0610 ---- - src/nss-systemd/nss-systemd.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c -index 1840a0d508..7aea3652c4 100644 ---- a/src/nss-systemd/nss-systemd.c -+++ b/src/nss-systemd/nss-systemd.c -@@ -236,7 +236,7 @@ static enum nss_status copy_synthesized_group( - - required = strlen(src->gr_name) + 1; - required += strlen(src->gr_passwd) + 1; -- required += 1; /* ...but that NULL still needs to be stored into the buffer! */ -+ required += sizeof(char*); /* ...but that NULL still needs to be stored into the buffer! */ - - if (buflen < required) { - *errnop = ERANGE; -@@ -250,7 +250,7 @@ static enum nss_status copy_synthesized_group( - /* String fields point into the user-provided buffer */ - dest->gr_name = buffer; - dest->gr_passwd = stpcpy(dest->gr_name, src->gr_name) + 1; -- dest->gr_mem = (char **) strcpy(dest->gr_passwd, src->gr_passwd) + 1; -+ dest->gr_mem = (char **) stpcpy(dest->gr_passwd, src->gr_passwd) + 1; - *dest->gr_mem = NULL; - - return NSS_STATUS_SUCCESS; --- -2.33.0 - diff --git a/backport-nss-systemd-pack-pw_passwd-result-into-supplied-buff.patch b/backport-nss-systemd-pack-pw_passwd-result-into-supplied-buff.patch deleted file mode 100644 index ebee877..0000000 --- a/backport-nss-systemd-pack-pw_passwd-result-into-supplied-buff.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 84313bc5a262e87f49d176db169e1562d7060b33 Mon Sep 17 00:00:00 2001 -From: Michael Catanzaro -Date: Wed, 8 Sep 2021 13:42:16 -0500 -Subject: [PATCH] nss-systemd: pack pw_passwd result into supplied buffer - -getpwnam_r() guarantees that the strings in the struct passwd that it -returns are pointers into the buffer allocated by the application and -passed to getpwnam_r(). This means applications may choose to modify the -strings in place, as long as the length of the strings is not increased. -So it's wrong for us to return a static string here, we really do have -to copy it into the application-provided buffer like we do for all the -other strings. - -This is only a theoretical problem since it would be very weird for an -application to modify the pw_passwd field, but I spotted this when -investigating a similar crash caused by glib editing a different field. -See also: - -https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2244 -(cherry picked from commit 92b264676ccd79c89da270aabc1ec466fa18cd0d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/84313bc5a262e87f49d176db169e1562d7060b33 ---- - src/nss-systemd/userdb-glue.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c -index a55790f641..c865ff0d82 100644 ---- a/src/nss-systemd/userdb-glue.c -+++ b/src/nss-systemd/userdb-glue.c -@@ -35,6 +35,8 @@ int nss_pack_user_record( - assert(hr->user_name); - required = strlen(hr->user_name) + 1; - -+ required += 2; /* strlen(PASSWORD_SEE_SHADOW) + 1 */ -+ - assert_se(rn = user_record_real_name(hr)); - required += strlen(rn) + 1; - -@@ -51,12 +53,12 @@ int nss_pack_user_record( - .pw_name = buffer, - .pw_uid = hr->uid, - .pw_gid = user_record_gid(hr), -- .pw_passwd = (char*) PASSWORD_SEE_SHADOW, - }; - - assert(buffer); - -- pwd->pw_gecos = stpcpy(pwd->pw_name, hr->user_name) + 1; -+ pwd->pw_passwd = stpcpy(pwd->pw_name, hr->user_name) + 1; -+ pwd->pw_gecos = stpcpy(pwd->pw_passwd, PASSWORD_SEE_SHADOW) + 1; - pwd->pw_dir = stpcpy(pwd->pw_gecos, rn) + 1; - pwd->pw_shell = stpcpy(pwd->pw_dir, hd) + 1; - strcpy(pwd->pw_shell, shell); --- -2.33.0 - diff --git a/backport-oomd-fix-race-with-path-unavailability-when-killing-.patch b/backport-oomd-fix-race-with-path-unavailability-when-killing-.patch deleted file mode 100644 index 095f7e7..0000000 --- a/backport-oomd-fix-race-with-path-unavailability-when-killing-.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 1656ad6fd17e5be6504785bf94495437bcf453cb Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Wed, 19 Jan 2022 10:40:46 -0800 -Subject: [PATCH] oomd: fix race with path unavailability when killing cgroups - -There can be a situation where systemd-oomd would kill all of the processes -in a cgroup, pid1 would clean up that cgroup, and systemd-oomd would get -ENODEV trying to iterate the cgroup a final time to ensure it was empty. -systemd-oomd sees this as an error and immediately picks a new candidate even -though pressure may have recovered. To counter this, check and handle -path unavailability errnos specially. - -Fixes: #22030 -(cherry picked from commit 2ee209466bb51f39ae9df7fec4d5594ce8cfa3f0) -(cherry picked from commit 0456e3aaaae7c21a037f4d3c758463c3ba4d167c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1656ad6fd17e5be6504785bf94495437bcf453cb ---- - src/oom/oomd-util.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/oom/oomd-util.c b/src/oom/oomd-util.c -index b2a48acb1f..503ede9a9f 100644 ---- a/src/oom/oomd-util.c -+++ b/src/oom/oomd-util.c -@@ -196,7 +196,14 @@ int oomd_cgroup_kill(const char *path, bool recurse, bool dry_run) { - r = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, path, SIGKILL, CGROUP_IGNORE_SELF, pids_killed, log_kill, NULL); - else - r = cg_kill(SYSTEMD_CGROUP_CONTROLLER, path, SIGKILL, CGROUP_IGNORE_SELF, pids_killed, log_kill, NULL); -- if (r < 0) -+ -+ /* The cgroup could have been cleaned up after we have sent SIGKILL to all of the processes, but before -+ * we could do one last iteration of cgroup.procs to check. Or the service unit could have exited and -+ * was removed between picking candidates and coming into this function. In either case, let's log -+ * about it let the caller decide what to do once they know how many PIDs were killed. */ -+ if (IN_SET(r, -ENOENT, -ENODEV)) -+ log_debug_errno(r, "Error when sending SIGKILL to processes in cgroup path %s, ignoring: %m", path); -+ else if (r < 0) - return r; - - r = increment_oomd_xattr(path, "user.oomd_kill", set_size(pids_killed)); --- -2.33.0 - diff --git a/backport-oomd-handle-situations-when-no-cgroups-are-killed.patch b/backport-oomd-handle-situations-when-no-cgroups-are-killed.patch deleted file mode 100644 index e806412..0000000 --- a/backport-oomd-handle-situations-when-no-cgroups-are-killed.patch +++ /dev/null @@ -1,104 +0,0 @@ -From 07b5c382361a310b3ec1fa6ccfcfc99fb4fc1ee0 Mon Sep 17 00:00:00 2001 -From: Anita Zhang -Date: Wed, 19 Jan 2022 13:26:01 -0800 -Subject: [PATCH] oomd: handle situations when no cgroups are killed - -Currently if systemd-oomd doesn't kill anything in a selected cgroup, it -selects a new candidate immediately. But if a selected cgroup wasn't killed, -it is likely due to it disappearing or getting cleaned up between the time -it was selected as a candidate and getting sent SIGKILL(s). We should handle -it as though systemd-oomd did perform a kill so that it will check -swap/pressure again before it tries to select a new candidate. - -(cherry picked from commit 914d4e99f43761f1ce77b520850cf096aa5196cd) -(cherry picked from commit c4d89cd602b94ab3baac746395c797ec4da43679) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/07b5c382361a310b3ec1fa6ccfcfc99fb4fc1ee0 ---- - src/oom/oomd-manager.c | 10 +++++++--- - src/oom/oomd-util.c | 11 +++++------ - 2 files changed, 12 insertions(+), 9 deletions(-) - -diff --git a/src/oom/oomd-manager.c b/src/oom/oomd-manager.c -index 9cae0c9c8a..727206d0b3 100644 ---- a/src/oom/oomd-manager.c -+++ b/src/oom/oomd-manager.c -@@ -364,7 +364,7 @@ static int monitor_swap_contexts_handler(sd_event_source *s, uint64_t usec, void - if (r < 0) - log_notice_errno(r, "Failed to kill any cgroup(s) based on swap: %m"); - else { -- if (selected) -+ if (selected && r > 0) - log_notice("Killed %s due to memory used (%"PRIu64") / total (%"PRIu64") and " - "swap used (%"PRIu64") / total (%"PRIu64") being more than " - PERMYRIAD_AS_PERCENT_FORMAT_STR, -@@ -475,9 +475,13 @@ static int monitor_memory_pressure_contexts_handler(sd_event_source *s, uint64_t - if (r < 0) - log_notice_errno(r, "Failed to kill any cgroup(s) under %s based on pressure: %m", t->path); - else { -- /* Don't act on all the high pressure cgroups at once; return as soon as we kill one */ -+ /* Don't act on all the high pressure cgroups at once; return as soon as we kill one. -+ * If r == 0 then it means there were not eligible candidates, the candidate cgroup -+ * disappeared, or the candidate cgroup has no processes by the time we tried to kill -+ * it. In either case, go through the event loop again and select a new candidate if -+ * pressure is still high. */ - m->mem_pressure_post_action_delay_start = usec_now; -- if (selected) -+ if (selected && r > 0) - log_notice("Killed %s due to memory pressure for %s being %lu.%02lu%% > %lu.%02lu%%" - " for > %s with reclaim activity", - selected, t->path, -diff --git a/src/oom/oomd-util.c b/src/oom/oomd-util.c -index 503ede9a9f..5867d2946c 100644 ---- a/src/oom/oomd-util.c -+++ b/src/oom/oomd-util.c -@@ -206,6 +206,9 @@ int oomd_cgroup_kill(const char *path, bool recurse, bool dry_run) { - else if (r < 0) - return r; - -+ if (set_isempty(pids_killed)) -+ log_debug("Nothing killed when attempting to kill %s", path); -+ - r = increment_oomd_xattr(path, "user.oomd_kill", set_size(pids_killed)); - if (r < 0) - log_debug_errno(r, "Failed to set user.oomd_kill on kill: %m"); -@@ -231,8 +234,6 @@ int oomd_kill_by_pgscan_rate(Hashmap *h, const char *prefix, bool dry_run, char - continue; - - r = oomd_cgroup_kill(sorted[i]->path, true, dry_run); -- if (r == 0) -- continue; /* We didn't find anything to kill */ - if (r == -ENOMEM) - return r; /* Treat oom as a hard error */ - if (r < 0) { -@@ -245,7 +246,7 @@ int oomd_kill_by_pgscan_rate(Hashmap *h, const char *prefix, bool dry_run, char - if (!selected) - return -ENOMEM; - *ret_selected = selected; -- return 1; -+ return r; - } - - return ret; -@@ -271,8 +272,6 @@ int oomd_kill_by_swap_usage(Hashmap *h, uint64_t threshold_usage, bool dry_run, - continue; - - r = oomd_cgroup_kill(sorted[i]->path, true, dry_run); -- if (r == 0) -- continue; /* We didn't find anything to kill */ - if (r == -ENOMEM) - return r; /* Treat oom as a hard error */ - if (r < 0) { -@@ -285,7 +284,7 @@ int oomd_kill_by_swap_usage(Hashmap *h, uint64_t threshold_usage, bool dry_run, - if (!selected) - return -ENOMEM; - *ret_selected = selected; -- return 1; -+ return r; - } - - return ret; --- -2.33.0 - diff --git a/backport-openssl-util-use-EVP-API-to-get-RSA-bits.patch b/backport-openssl-util-use-EVP-API-to-get-RSA-bits.patch deleted file mode 100644 index 33be9f8..0000000 --- a/backport-openssl-util-use-EVP-API-to-get-RSA-bits.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 0b982442694ff69e873349459b83b421abc60d52 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 Sep 2021 15:03:44 +0200 -Subject: [PATCH] openssl-util: use EVP API to get RSA bits - -(cherry picked from commit 7f12adc3000c08a370f74bd16c654506c8a99e92) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0b982442694ff69e873349459b83b421abc60d52 ---- - src/shared/openssl-util.c | 7 +------ - 1 file changed, 1 insertion(+), 6 deletions(-) - -diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c -index bb47ae5e87..bd728e6c7c 100644 ---- a/src/shared/openssl-util.c -+++ b/src/shared/openssl-util.c -@@ -46,7 +46,6 @@ int rsa_pkey_to_suitable_key_size( - size_t *ret_suitable_key_size) { - - size_t suitable_key_size; -- const RSA *rsa; - int bits; - - assert_se(pkey); -@@ -58,11 +57,7 @@ int rsa_pkey_to_suitable_key_size( - if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) - return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "X.509 certificate does not refer to RSA key."); - -- rsa = EVP_PKEY_get0_RSA(pkey); -- if (!rsa) -- return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to acquire RSA public key from X.509 certificate."); -- -- bits = RSA_bits(rsa); -+ bits = EVP_PKEY_bits(pkey); - log_debug("Bits in RSA key: %i", bits); - - /* We use PKCS#1 padding for the RSA cleartext, hence let's leave some extra space for it, hence only --- -2.33.0 - diff --git a/backport-packit-build-on-and-use-Fedora-35-spec-file.patch b/backport-packit-build-on-and-use-Fedora-35-spec-file.patch deleted file mode 100644 index 2ecdaab..0000000 --- a/backport-packit-build-on-and-use-Fedora-35-spec-file.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 4d2e39342352fce3969064e58e366753e7002f46 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Tue, 15 Feb 2022 01:21:01 +0000 -Subject: [PATCH] packit: build on and use Fedora 35 spec file - -It's targeted to the v249 branch, while the rawhide one follows -the newest upstream release, and the command line options are not -compatible - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4d2e39342352fce3969064e58e366753e7002f46 ---- - .packit.yml | 12 +++++------- - 1 file changed, 5 insertions(+), 7 deletions(-) - -diff --git a/.packit.yml b/.packit.yml -index ee47f8954e..fb2cb5a7c3 100644 ---- a/.packit.yml -+++ b/.packit.yml -@@ -16,8 +16,8 @@ upstream_tag_template: "v{version}" - - actions: - post-upstream-clone: -- # Use the Fedora Rawhide specfile -- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1" -+ # Use the Fedora 35 specfile -+ - "git clone --branch f35 https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1" - # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - - "rm -fv .packit_rpm/sources" - # Drop backported patches from the specfile, but keep the downstream-only ones -@@ -31,14 +31,12 @@ actions: - # [0] https://github.com/mesonbuild/meson/issues/7360 - # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110 - - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec' -- # cryptolib is supported from v250 and newer, remove it -- - 'sed -i "/-Dcryptolib=openssl/d" .packit_rpm/systemd.spec' - - jobs: - - job: copr_build - trigger: pull_request - metadata: - targets: -- - fedora-rawhide-aarch64 -- - fedora-rawhide-i386 -- - fedora-rawhide-x86_64 -+ - fedora-35-aarch64 -+ - fedora-35-i386 -+ - fedora-35-x86_64 --- -2.33.0 - diff --git a/backport-packit-drop-unnumbered-patches-as-well.patch b/backport-packit-drop-unnumbered-patches-as-well.patch deleted file mode 100644 index e353d65..0000000 --- a/backport-packit-drop-unnumbered-patches-as-well.patch +++ /dev/null @@ -1,33 +0,0 @@ -From d566e288f2fb1935261d36c0c35effc4489da5e6 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Thu, 17 Feb 2022 14:02:04 +0100 -Subject: [PATCH] packit: drop unnumbered patches as well - -(cherry picked from commit 729c6b6af8e3cef259b80746f7f7f10cc63d309f) -(cherry picked from commit 477b85f43871c78fce053ebbd9592bf71d49dd30) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d566e288f2fb1935261d36c0c35effc4489da5e6 ---- - .packit.yml | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/.packit.yml b/.packit.yml -index fb2cb5a7c3..3a47c6a6a1 100644 ---- a/.packit.yml -+++ b/.packit.yml -@@ -21,9 +21,9 @@ actions: - # Drop the "sources" file so rebase-helper doesn't think we're a dist-git - - "rm -fv .packit_rpm/sources" - # Drop backported patches from the specfile, but keep the downstream-only ones -- # - Patch0000-0499: backported patches from upstream -+ # - Patch(0000-0499): backported patches from upstream - # - Patch0500-9999: downstream-only patches -- - "sed -ri '/^Patch0[0-4]?[0-9]{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec" -+ - "sed -ri '/^Patch(0[0-4]?[0-9]{0,2})?\\:.+\\.patch/d' .packit_rpm/systemd.spec" - # Build the RPM with --werror. Even though --werror doesn't work in all - # cases (see [0]), we can't use -Dc_args=/-Dcpp_args= here because of the - # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see [1]). --- -2.33.0 - diff --git a/backport-packit-remove-unsupported-Dcryptolib-openssl-option.patch b/backport-packit-remove-unsupported-Dcryptolib-openssl-option.patch deleted file mode 100644 index 3d0099a..0000000 --- a/backport-packit-remove-unsupported-Dcryptolib-openssl-option.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 8815d340e508f0456bb56e9858c6cea3390a6143 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Tue, 15 Feb 2022 01:21:01 +0000 -Subject: [PATCH] packit: remove unsupported -Dcryptolib=openssl option - -Introduced later, so it breaks the build on v249-stable - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8815d340e508f0456bb56e9858c6cea3390a6143 ---- - .packit.yml | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/.packit.yml b/.packit.yml -index 4545e30e08..ee47f8954e 100644 ---- a/.packit.yml -+++ b/.packit.yml -@@ -31,6 +31,8 @@ actions: - # [0] https://github.com/mesonbuild/meson/issues/7360 - # [1] https://github.com/systemd/systemd/pull/18908#issuecomment-792250110 - - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec' -+ # cryptolib is supported from v250 and newer, remove it -+ - 'sed -i "/-Dcryptolib=openssl/d" .packit_rpm/systemd.spec' - - jobs: - - job: copr_build --- -2.33.0 - diff --git a/backport-path-util-make-find_executable-work-without-proc-mou.patch b/backport-path-util-make-find_executable-work-without-proc-mou.patch deleted file mode 100644 index 94a4d0a..0000000 --- a/backport-path-util-make-find_executable-work-without-proc-mou.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 727d0b55f46468d6171f4a326bd3139bab3c93ab Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 23 Aug 2021 06:16:48 +0900 -Subject: [PATCH] path-util: make find_executable() work without /proc mounted - -Follow-up for 888f65ace6296ed61285d31db846babf1c11885e. - -Hopefully fixes #20514. - -(cherry picked from commit 93413acd3ef3a637a0f31a1d133b103e1dc81fd6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/727d0b55f46468d6171f4a326bd3139bab3c93ab ---- - src/basic/path-util.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/basic/path-util.c b/src/basic/path-util.c -index e5afb5f5f5..13d71ed1b6 100644 ---- a/src/basic/path-util.c -+++ b/src/basic/path-util.c -@@ -628,7 +628,11 @@ static int check_x_access(const char *path, int *ret_fd) { - return r; - - r = access_fd(fd, X_OK); -- if (r < 0) -+ if (r == -ENOSYS) { -+ /* /proc is not mounted. Fallback to access(). */ -+ if (access(path, X_OK) < 0) -+ return -errno; -+ } else if (r < 0) - return r; - - if (ret_fd) --- -2.33.0 - diff --git a/backport-pid1-fix-segv-triggered-by-status-query.patch b/backport-pid1-fix-segv-triggered-by-status-query.patch deleted file mode 100644 index 72431a4..0000000 --- a/backport-pid1-fix-segv-triggered-by-status-query.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 0aadfe4937045efd5a7a53a176d05db7dc937435 Mon Sep 17 00:00:00 2001 -From: Robin Humble -Date: Wed, 1 Feb 2023 23:36:48 +1100 -Subject: [PATCH] pid1: fix segv triggered by status query (#26279) - -If any query makes it to the end of install_info_follow() then I think symlink_target is set to NULL. -If that is followed by -EXDEV from unit_file_load_or_readlink(), then that causes basename(NULL) -which segfaults pid 1. - -This is triggered by eg. "systemctl status crond" in RHEL9 if - -/etc/systemd/system/crond.service - -> /ram/etc/systemd/system/crond.service - -> /usr/lib/systemd/system/.crond.service.blah.blah - -> /usr/lib/systemd/system/crond.service - -(cherry picked from commit 19cfda9fc3c60de21a362ebb56bcb9f4a9855e85) -(cherry picked from commit 015b0ca9286471c05fe88cfa277dd82e20537ba8) -(cherry picked from commit 9a906fae890904284fe91e29b6bdcb64429fecba) -(cherry picked from commit a2dc9e3be9a8895edcba10f4c0d8d703b435c18b) ---- - src/shared/install.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/install.c b/src/shared/install.c -index 4bf868f8e9..f038665dea 100644 ---- a/src/shared/install.c -+++ b/src/shared/install.c -@@ -1609,7 +1609,7 @@ static int install_info_traverse( - } - - r = install_info_follow(c, i, paths->root_dir, flags, false); -- if (r == -EXDEV) { -+ if (r == -EXDEV && i->symlink_target) { - _cleanup_free_ char *buffer = NULL; - const char *bn; - --- -2.27.0 - diff --git a/backport-pid1-lookup-owning-PID-of-BusName-name-of-services-a.patch b/backport-pid1-lookup-owning-PID-of-BusName-name-of-services-a.patch deleted file mode 100644 index e8ecbb5..0000000 --- a/backport-pid1-lookup-owning-PID-of-BusName-name-of-services-a.patch +++ /dev/null @@ -1,160 +0,0 @@ -From 1daa382a7f9e55d11f7b59b144a9963688169843 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 17 Feb 2022 14:40:25 +0100 -Subject: [PATCH] pid1: lookup owning PID of BusName= name of services - asynchronously - -A first step of removing blocking calls to the D-Bus broker from PID 1. -There's a lot more to got (i.e. grep src/core/ for sd_bus_creds -basically), but it's a start. - -Removing blocking calls to D-Bus broker deals systematicallly with -deadlocks caused by dbus-daemon blocking on synchronous IPC calls back -to PID1 (e.g. Varlink calls through nss-systemd). Bugs such as #15316. - -Also-see: https://github.com/systemd/systemd/pull/22038#issuecomment-1042958390 -(cherry picked from commit e39eb045a502d599e6cd3fda7a46020dd438d018) -(cherry picked from commit cf390149cb25248169c482e315a1a7ff02eaf956) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1daa382a7f9e55d11f7b59b144a9963688169843 ---- - src/core/service.c | 91 ++++++++++++++++++++++++++++++++++++---------- - src/core/service.h | 2 + - 2 files changed, 74 insertions(+), 19 deletions(-) - -diff --git a/src/core/service.c b/src/core/service.c -index 5f56217904..f6eb46cb54 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -398,6 +398,8 @@ static void service_done(Unit *u) { - s->timer_event_source = sd_event_source_disable_unref(s->timer_event_source); - s->exec_fd_event_source = sd_event_source_disable_unref(s->exec_fd_event_source); - -+ s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot); -+ - service_release_resources(u); - } - -@@ -4216,6 +4218,60 @@ static int service_get_timeout(Unit *u, usec_t *timeout) { - return 1; - } - -+static bool pick_up_pid_from_bus_name(Service *s) { -+ assert(s); -+ -+ /* If the service is running but we have no main PID yet, get it from the owner of the D-Bus name */ -+ -+ return !pid_is_valid(s->main_pid) && -+ IN_SET(s->state, -+ SERVICE_START, -+ SERVICE_START_POST, -+ SERVICE_RUNNING, -+ SERVICE_RELOAD); -+} -+ -+static int bus_name_pid_lookup_callback(sd_bus_message *reply, void *userdata, sd_bus_error *ret_error) { -+ const sd_bus_error *e; -+ Unit *u = userdata; -+ uint32_t pid; -+ Service *s; -+ int r; -+ -+ assert(reply); -+ assert(u); -+ -+ s = SERVICE(u); -+ s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot); -+ -+ if (!s->bus_name || !pick_up_pid_from_bus_name(s)) -+ return 1; -+ -+ e = sd_bus_message_get_error(reply); -+ if (e) { -+ r = sd_bus_error_get_errno(e); -+ log_warning_errno(r, "GetConnectionUnixProcessID() failed: %s", bus_error_message(e, r)); -+ return 1; -+ } -+ -+ r = sd_bus_message_read(reply, "u", &pid); -+ if (r < 0) { -+ bus_log_parse_error(r); -+ return 1; -+ } -+ -+ if (!pid_is_valid(pid)) { -+ log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "GetConnectionUnixProcessID() returned invalid PID"); -+ return 1; -+ } -+ -+ log_unit_debug(u, "D-Bus name %s is now owned by process " PID_FMT, s->bus_name, (pid_t) pid); -+ -+ service_set_main_pid(s, pid); -+ unit_watch_pid(UNIT(s), pid, false); -+ return 1; -+} -+ - static void service_bus_name_owner_change(Unit *u, const char *new_owner) { - - Service *s = SERVICE(u); -@@ -4246,28 +4302,25 @@ static void service_bus_name_owner_change(Unit *u, const char *new_owner) { - else if (s->state == SERVICE_START && new_owner) - service_enter_start_post(s); - -- } else if (new_owner && -- s->main_pid <= 0 && -- IN_SET(s->state, -- SERVICE_START, -- SERVICE_START_POST, -- SERVICE_RUNNING, -- SERVICE_RELOAD)) { -- -- _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL; -- pid_t pid; -+ } else if (new_owner && pick_up_pid_from_bus_name(s)) { - - /* Try to acquire PID from bus service */ - -- r = sd_bus_get_name_creds(u->manager->api_bus, s->bus_name, SD_BUS_CREDS_PID, &creds); -- if (r >= 0) -- r = sd_bus_creds_get_pid(creds, &pid); -- if (r >= 0) { -- log_unit_debug(u, "D-Bus name %s is now owned by process " PID_FMT, s->bus_name, pid); -- -- service_set_main_pid(s, pid); -- unit_watch_pid(UNIT(s), pid, false); -- } -+ s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot); -+ -+ r = sd_bus_call_method_async( -+ u->manager->api_bus, -+ &s->bus_name_pid_lookup_slot, -+ "org.freedesktop.DBus", -+ "/org/freedesktop/DBus", -+ "org.freedesktop.DBus", -+ "GetConnectionUnixProcessID", -+ bus_name_pid_lookup_callback, -+ s, -+ "s", -+ s->bus_name); -+ if (r < 0) -+ log_debug_errno(r, "Failed to request owner PID of service name, ignoring: %m"); - } - } - -diff --git a/src/core/service.h b/src/core/service.h -index 6d931c3d5e..6c47c91f85 100644 ---- a/src/core/service.h -+++ b/src/core/service.h -@@ -185,6 +185,8 @@ struct Service { - NotifyAccess notify_access; - NotifyState notify_state; - -+ sd_bus_slot *bus_name_pid_lookup_slot; -+ - sd_event_source *exec_fd_event_source; - - ServiceFDStore *fd_store; --- -2.33.0 - diff --git a/backport-pid1-pass-PAM_DATA_SILENT-to-pam_end-in-child.patch b/backport-pid1-pass-PAM_DATA_SILENT-to-pam_end-in-child.patch deleted file mode 100644 index f1da3dd..0000000 --- a/backport-pid1-pass-PAM_DATA_SILENT-to-pam_end-in-child.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 9ac4b463b6d8da420c2b12af4408d0d583280a6d Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 1 Feb 2022 12:37:51 +0100 -Subject: [PATCH] pid1: pass PAM_DATA_SILENT to pam_end() in child - -Fixes: #22318 -(cherry picked from commit 7feb2b5737ad110eb3985e8e9d8189f18d1c5147) -(cherry picked from commit 9c560d201527ee064ae11784d6538ae544926181) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9ac4b463b6d8da420c2b12af4408d0d583280a6d ---- - src/core/execute.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 2f2de4d9cf..04c0513453 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -1323,7 +1323,9 @@ static int setup_pam( - ret = 0; - - child_finish: -- pam_end(handle, pam_code | flags); -+ /* NB: pam_end() when called in child processes should set PAM_DATA_SILENT to let the module -+ * know about this. See pam_end(3) */ -+ (void) pam_end(handle, pam_code | flags | PAM_DATA_SILENT); - _exit(ret); - } - -@@ -1358,7 +1360,7 @@ fail: - if (close_session) - pam_code = pam_close_session(handle, flags); - -- pam_end(handle, pam_code | flags); -+ (void) pam_end(handle, pam_code | flags); - } - - strv_free(e); --- -2.33.0 - diff --git a/backport-pid1-propagate-the-original-command-line-when-reexec.patch b/backport-pid1-propagate-the-original-command-line-when-reexec.patch deleted file mode 100644 index e995700..0000000 --- a/backport-pid1-propagate-the-original-command-line-when-reexec.patch +++ /dev/null @@ -1,156 +0,0 @@ -From f3af6ba86c1128ccf6d6f896f70c22f9645a51c5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 22 Jul 2021 08:21:46 +0200 -Subject: [PATCH] pid1: propagate the original command line when reexecuting - -When we reexec the manager in a container, we lose configuration settings on -the kernel command line: - - $ systemd-nspawn -M rawhide -b systemd.status-unit-format=name systemd.show-status=yes - ... - # tr '\0' ' ' -Date: Thu, 17 Feb 2022 14:49:54 +0100 -Subject: [PATCH] pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for - dbus-daemon -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There's currently a deadlock between PID 1 and dbus-daemon: in some -cases dbus-daemon will do NSS lookups (which are blocking) at the same -time PID 1 synchronously blocks on some call to dbus-daemon. Let's break -that by setting SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon, -which will disable synchronously blocking varlink calls from nss-systemd -to PID 1. - -In the long run we should fix this differently: remove all synchronous -calls to dbus-daemon from PID 1. This is not trivial however: so far we -had the rule that synchronous calls from PID 1 to the dbus broker are OK -as long as they only go to interfaces implemented by the broke itself -rather than services reachable through it. Given that the relationship -between PID 1 and dbus is kinda special anyway, this was considered -acceptable for the sake of simplicity, since we quite often need -metadata about bus peers from the broker, and the asynchronous logic -would substantially complicate even the simplest method handlers. - -This mostly reworks the existing code that sets SYSTEMD_NSS_BYPASS_BUS= -(which is a similar hack to deal with deadlocks between nss-systemd and -dbus-daemon itself) to set SYSTEMD_NSS_DYNAMIC_BYPASS=1 instead. No code -was checking SYSTEMD_NSS_BYPASS_BUS= anymore anyway, and it used to -solve a similar problem, hence it's an obvious piece of code to rework -like this. - -Issue originally tracked down by Lukas Märdian. This patch is inspired -and closely based on his patch: - - https://github.com/systemd/systemd/pull/22038 - -Fixes: #15316 -Co-authored-by: Lukas Märdian -(cherry picked from commit de90700f36f2126528f7ce92df0b5b5d5e277558) -(cherry picked from commit 367041af816d48d4852140f98fd0ba78ed83f9e4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0863a55ae95fe6bf7312b7a864d07a9e3fbee563 ---- - src/core/execute.c | 10 +++++----- - src/core/execute.h | 26 +++++++++++++------------- - src/core/service.c | 2 +- - 3 files changed, 19 insertions(+), 19 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 28efe5c36f..37f63a9378 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -1828,11 +1828,11 @@ static int build_environment( - our_env[n_env++] = x; - } - -- /* If this is D-Bus, tell the nss-systemd module, since it relies on being able to use D-Bus look up dynamic -- * users via PID 1, possibly dead-locking the dbus daemon. This way it will not use D-Bus to resolve names, but -- * check the database directly. */ -- if (p->flags & EXEC_NSS_BYPASS_BUS) { -- x = strdup("SYSTEMD_NSS_BYPASS_BUS=1"); -+ /* If this is D-Bus, tell the nss-systemd module, since it relies on being able to use blocking -+ * Varlink calls back to us for look up dynamic users in PID 1. Break the deadlock between D-Bus and -+ * PID 1 by disabling use of PID1' NSS interface for looking up dynamic users. */ -+ if (p->flags & EXEC_NSS_DYNAMIC_BYPASS) { -+ x = strdup("SYSTEMD_NSS_DYNAMIC_BYPASS=1"); - if (!x) - return -ENOMEM; - our_env[n_env++] = x; -diff --git a/src/core/execute.h b/src/core/execute.h -index 4c7a5b874f..47349a69a2 100644 ---- a/src/core/execute.h -+++ b/src/core/execute.h -@@ -343,21 +343,21 @@ static inline bool exec_context_with_rootfs(const ExecContext *c) { - } - - typedef enum ExecFlags { -- EXEC_APPLY_SANDBOXING = 1 << 0, -- EXEC_APPLY_CHROOT = 1 << 1, -- EXEC_APPLY_TTY_STDIN = 1 << 2, -- EXEC_PASS_LOG_UNIT = 1 << 3, /* Whether to pass the unit name to the service's journal stream connection */ -- EXEC_CHOWN_DIRECTORIES = 1 << 4, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */ -- EXEC_NSS_BYPASS_BUS = 1 << 5, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */ -- EXEC_CGROUP_DELEGATE = 1 << 6, -- EXEC_IS_CONTROL = 1 << 7, -- EXEC_CONTROL_CGROUP = 1 << 8, /* Place the process not in the indicated cgroup but in a subcgroup '/.control', but only EXEC_CGROUP_DELEGATE and EXEC_IS_CONTROL is set, too */ -- EXEC_WRITE_CREDENTIALS = 1 << 9, /* Set up the credential store logic */ -+ EXEC_APPLY_SANDBOXING = 1 << 0, -+ EXEC_APPLY_CHROOT = 1 << 1, -+ EXEC_APPLY_TTY_STDIN = 1 << 2, -+ EXEC_PASS_LOG_UNIT = 1 << 3, /* Whether to pass the unit name to the service's journal stream connection */ -+ EXEC_CHOWN_DIRECTORIES = 1 << 4, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */ -+ EXEC_NSS_DYNAMIC_BYPASS = 1 << 5, /* Set the SYSTEMD_NSS_DYNAMIC_BYPASS environment variable, to disable nss-systemd blocking on PID 1, for use by dbus-daemon */ -+ EXEC_CGROUP_DELEGATE = 1 << 6, -+ EXEC_IS_CONTROL = 1 << 7, -+ EXEC_CONTROL_CGROUP = 1 << 8, /* Place the process not in the indicated cgroup but in a subcgroup '/.control', but only EXEC_CGROUP_DELEGATE and EXEC_IS_CONTROL is set, too */ -+ EXEC_WRITE_CREDENTIALS = 1 << 9, /* Set up the credential store logic */ - - /* The following are not used by execute.c, but by consumers internally */ -- EXEC_PASS_FDS = 1 << 10, -- EXEC_SETENV_RESULT = 1 << 11, -- EXEC_SET_WATCHDOG = 1 << 12, -+ EXEC_PASS_FDS = 1 << 10, -+ EXEC_SETENV_RESULT = 1 << 11, -+ EXEC_SET_WATCHDOG = 1 << 12, - } ExecFlags; - - /* Parameters for a specific invocation of a command. This structure is put together right before a command is -diff --git a/src/core/service.c b/src/core/service.c -index f6eb46cb54..a480edc439 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -1573,7 +1573,7 @@ static int service_spawn( - return -ENOMEM; - - /* System D-Bus needs nss-systemd disabled, so that we don't deadlock */ -- SET_FLAG(exec_params.flags, EXEC_NSS_BYPASS_BUS, -+ SET_FLAG(exec_params.flags, EXEC_NSS_DYNAMIC_BYPASS, - MANAGER_IS_SYSTEM(UNIT(s)->manager) && unit_has_name(UNIT(s), SPECIAL_DBUS_SERVICE)); - - strv_free_and_replace(exec_params.environment, final_env); --- -2.33.0 - diff --git a/backport-pid1-watch-bus-name-always-when-we-have-it.patch b/backport-pid1-watch-bus-name-always-when-we-have-it.patch deleted file mode 100644 index f9b816d..0000000 --- a/backport-pid1-watch-bus-name-always-when-we-have-it.patch +++ /dev/null @@ -1,57 +0,0 @@ -From b301230a6ce52989053b12324fcaef0d45610ee6 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 17 Feb 2022 17:23:48 +0100 -Subject: [PATCH] pid1: watch bus name always when we have it - -Previously we'd only watch configured service bus names if Type=dbus was -set. Let's also watch it for other types. This is useful to pick up the -main PID of such a service. In fact the code to pick it up was already -in place, alas it didn't do anything given the signal was never received -for it. Fix that. - -(It's also useful for debugging) - -(cherry picked from commit 1e8b312e5a22538f91defb89cf2997e09e106297) -(cherry picked from commit a51e540b278827c0fc59760b9c77cd42cbddc0d2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b301230a6ce52989053b12324fcaef0d45610ee6 ---- - src/core/service.c | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/src/core/service.c b/src/core/service.c -index 7b90822f68..5f56217904 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -685,17 +685,19 @@ static int service_setup_bus_name(Service *s) { - assert(s); - - /* If s->bus_name is not set, then the unit will be refused by service_verify() later. */ -- if (s->type != SERVICE_DBUS || !s->bus_name) -+ if (!s->bus_name) - return 0; - -- r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); -- if (r < 0) -- return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); -+ if (s->type == SERVICE_DBUS) { -+ r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); -+ if (r < 0) -+ return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); - -- /* We always want to be ordered against dbus.socket if both are in the transaction. */ -- r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); -- if (r < 0) -- return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); -+ /* We always want to be ordered against dbus.socket if both are in the transaction. */ -+ r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); -+ if (r < 0) -+ return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); -+ } - - r = unit_watch_bus_name(UNIT(s), s->bus_name); - if (r == -EEXIST) --- -2.33.0 - diff --git a/backport-policy-files-adjust-landing-page-link.patch b/backport-policy-files-adjust-landing-page-link.patch deleted file mode 100644 index 40cdc7f..0000000 --- a/backport-policy-files-adjust-landing-page-link.patch +++ /dev/null @@ -1,170 +0,0 @@ -From de0d375e38df25b9fe333d64f9880751aea46e6b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 12 Jan 2022 10:42:22 +0100 -Subject: [PATCH] policy files: adjust landing page link - -(cherry picked from commit d6e2c1ab7158d52425d3cb72459c5624db12368c) -(cherry picked from commit 944d8d9050b96e690054224e796254dfc18e6681) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/de0d375e38df25b9fe333d64f9880751aea46e6b ---- - src/core/org.freedesktop.systemd1.policy.in | 2 +- - src/home/org.freedesktop.home1.policy | 2 +- - src/hostname/org.freedesktop.hostname1.policy | 2 +- - src/import/org.freedesktop.import1.policy | 2 +- - src/locale/org.freedesktop.locale1.policy | 2 +- - src/login/org.freedesktop.login1.policy | 2 +- - src/machine/org.freedesktop.machine1.policy | 2 +- - src/network/org.freedesktop.network1.policy | 2 +- - src/portable/org.freedesktop.portable1.policy | 2 +- - src/resolve/org.freedesktop.resolve1.policy | 2 +- - src/timedate/org.freedesktop.timedate1.policy | 2 +- - 11 files changed, 11 insertions(+), 11 deletions(-) - -diff --git a/src/core/org.freedesktop.systemd1.policy.in b/src/core/org.freedesktop.systemd1.policy.in -index 74721c516f..f34b2d5bf0 100644 ---- a/src/core/org.freedesktop.systemd1.policy.in -+++ b/src/core/org.freedesktop.systemd1.policy.in -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Send passphrase back to system -diff --git a/src/home/org.freedesktop.home1.policy b/src/home/org.freedesktop.home1.policy -index 10ad7c283a..71253e04e9 100644 ---- a/src/home/org.freedesktop.home1.policy -+++ b/src/home/org.freedesktop.home1.policy -@@ -7,7 +7,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Create a home area -diff --git a/src/hostname/org.freedesktop.hostname1.policy b/src/hostname/org.freedesktop.hostname1.policy -index 7d28c395cf..dacea0ff0a 100644 ---- a/src/hostname/org.freedesktop.hostname1.policy -+++ b/src/hostname/org.freedesktop.hostname1.policy -@@ -14,7 +14,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Set hostname -diff --git a/src/import/org.freedesktop.import1.policy b/src/import/org.freedesktop.import1.policy -index 9736816e33..e88a6e8ae6 100644 ---- a/src/import/org.freedesktop.import1.policy -+++ b/src/import/org.freedesktop.import1.policy -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Import a VM or container image -diff --git a/src/locale/org.freedesktop.locale1.policy b/src/locale/org.freedesktop.locale1.policy -index f12ca0970a..ed98c4aa09 100644 ---- a/src/locale/org.freedesktop.locale1.policy -+++ b/src/locale/org.freedesktop.locale1.policy -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Set system locale -diff --git a/src/login/org.freedesktop.login1.policy b/src/login/org.freedesktop.login1.policy -index 80ebb39f30..df906b0e73 100644 ---- a/src/login/org.freedesktop.login1.policy -+++ b/src/login/org.freedesktop.login1.policy -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Allow applications to inhibit system shutdown -diff --git a/src/machine/org.freedesktop.machine1.policy b/src/machine/org.freedesktop.machine1.policy -index ddf5ec05c6..5e43cb6e24 100644 ---- a/src/machine/org.freedesktop.machine1.policy -+++ b/src/machine/org.freedesktop.machine1.policy -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Log into a local container -diff --git a/src/network/org.freedesktop.network1.policy b/src/network/org.freedesktop.network1.policy -index 9e27f728bc..c39f20655d 100644 ---- a/src/network/org.freedesktop.network1.policy -+++ b/src/network/org.freedesktop.network1.policy -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Set NTP servers -diff --git a/src/portable/org.freedesktop.portable1.policy b/src/portable/org.freedesktop.portable1.policy -index 17e22b0155..09f9028dc5 100644 ---- a/src/portable/org.freedesktop.portable1.policy -+++ b/src/portable/org.freedesktop.portable1.policy -@@ -7,7 +7,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Inspect a portable service image -diff --git a/src/resolve/org.freedesktop.resolve1.policy b/src/resolve/org.freedesktop.resolve1.policy -index 08615ec6a4..2408bb9e38 100644 ---- a/src/resolve/org.freedesktop.resolve1.policy -+++ b/src/resolve/org.freedesktop.resolve1.policy -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Register a DNS-SD service -diff --git a/src/timedate/org.freedesktop.timedate1.policy b/src/timedate/org.freedesktop.timedate1.policy -index c4e71b0753..4a770c08e6 100644 ---- a/src/timedate/org.freedesktop.timedate1.policy -+++ b/src/timedate/org.freedesktop.timedate1.policy -@@ -16,7 +16,7 @@ - - - The systemd Project -- http://www.freedesktop.org/wiki/Software/systemd -+ https://systemd.io - - - Set system time --- -2.33.0 - diff --git a/backport-portable-add-flag-to-return-extension-releases-in-Ge.patch b/backport-portable-add-flag-to-return-extension-releases-in-Ge.patch deleted file mode 100644 index 7cc7fd5..0000000 --- a/backport-portable-add-flag-to-return-extension-releases-in-Ge.patch +++ /dev/null @@ -1,493 +0,0 @@ -From e31e2b84cf5afff73b793dd335600265dca1ca7e Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Tue, 25 Jan 2022 15:49:22 +0000 -Subject: [PATCH] portable: add flag to return extension-releases in - GetImageMetadataWithExtensions - -Return the name of each extension and the associated extension-release -file, and pretty-print them in 'portablectl inspect', if a new flag -is passed. - -$ portablectl inspect --extension app2 --extension app0 minimal app0 app1 -(Matching unit files with prefixes 'app0', 'app1'.) -Image: - /run/portables/minimal.raw -Portable Service: - n/a -Operating System: - Debian GNU/Linux 10 (buster) -Extension: - /run/portables/app2.raw - Extension Scope: - n/a - Extension Compatibility Level: - n/a - Portable Service: - n/a - Portable Prefixes: - n/a - Operating System: - n/a (debian 10) -Extension: - /run/portables/app0.raw - Extension Scope: - n/a - Extension Compatibility Level: - n/a - Portable Service: - n/a - Portable Prefixes: - n/a - Operating System: - n/a (debian 10) -Unit files: - app0.service - -(cherry picked from commit e3f7ed944ae750a40685c52349f3cc850db0876e) -(cherry picked from commit a87fdd2af22128bce621508315ed5126a8d11f45) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e31e2b84cf5afff73b793dd335600265dca1ca7e ---- - man/org.freedesktop.portable1.xml | 10 ++- - src/portable/portable.c | 99 ++++++++++++++++++++---------- - src/portable/portable.h | 15 ++--- - src/portable/portablectl.c | 78 ++++++++++++++++++++++- - src/portable/portabled-image-bus.c | 38 ++++++++++-- - test/units/testsuite-29.sh | 3 + - 6 files changed, 199 insertions(+), 44 deletions(-) - -diff --git a/man/org.freedesktop.portable1.xml b/man/org.freedesktop.portable1.xml -index 53c960206e..053f2a5434 100644 ---- a/man/org.freedesktop.portable1.xml -+++ b/man/org.freedesktop.portable1.xml -@@ -187,7 +187,15 @@ node /org/freedesktop/portable1 { - This method is a superset of GetImageMetadata() with the addition of - a list of extensions as input parameter, which were overlaid on top of the main - image via AttachImageWithExtensions(). -- The flag parameter is currently unused and reserved for future purposes. -+ The flag parameter can be used to request that, before the units, the path of -+ each extension and an array of bytes with the content of the respective extension-release file -+ are sent. One such structure will be sent for each extension named in the input arguments. The -+ flag value to enable this functionality is defined as follows: -+ -+ -+#define PORTABLE_INSPECT_EXTENSION_RELEASES (UINT64_C(1) << 1) -+ -+ - - GetImageState() retrieves the image state as one of the following - strings: -diff --git a/src/portable/portable.c b/src/portable/portable.c -index 8c5e5b6821..23fe6bf926 100644 ---- a/src/portable/portable.c -+++ b/src/portable/portable.c -@@ -533,13 +533,14 @@ static int extract_image_and_extensions( - bool validate_sysext, - Image **ret_image, - OrderedHashmap **ret_extension_images, -+ OrderedHashmap **ret_extension_releases, - PortableMetadata **ret_os_release, - Hashmap **ret_unit_files, - sd_bus_error *error) { - - _cleanup_free_ char *id = NULL, *version_id = NULL, *sysext_level = NULL; - _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; -- _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; -+ _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL, *extension_releases = NULL; - _cleanup_hashmap_free_ Hashmap *unit_files = NULL; - _cleanup_(image_unrefp) Image *image = NULL; - Image *ext; -@@ -561,6 +562,12 @@ static int extract_image_and_extensions( - if (!extension_images) - return -ENOMEM; - -+ if (ret_extension_releases) { -+ extension_releases = ordered_hashmap_new(&portable_metadata_hash_ops); -+ if (!extension_releases) -+ return -ENOMEM; -+ } -+ - STRV_FOREACH(p, extension_image_paths) { - _cleanup_(image_unrefp) Image *new = NULL; - -@@ -600,6 +607,7 @@ static int extract_image_and_extensions( - _cleanup_(portable_metadata_unrefp) PortableMetadata *extension_release_meta = NULL; - _cleanup_hashmap_free_ Hashmap *extra_unit_files = NULL; - _cleanup_strv_free_ char **extension_release = NULL; -+ _cleanup_close_ int extension_release_fd = -1; - _cleanup_fclose_ FILE *f = NULL; - - r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, &extension_release_meta, &extra_unit_files, error); -@@ -610,10 +618,15 @@ static int extract_image_and_extensions( - if (r < 0) - return r; - -- if (!validate_sysext) -+ if (!validate_sysext && !ret_extension_releases) - continue; - -- r = take_fdopen_unlocked(&extension_release_meta->fd, "r", &f); -+ /* We need to keep the fd valid, to return the PortableMetadata to the caller. */ -+ extension_release_fd = fd_reopen(extension_release_meta->fd, O_CLOEXEC); -+ if (extension_release_fd < 0) -+ return extension_release_fd; -+ -+ r = take_fdopen_unlocked(&extension_release_fd, "r", &f); - if (r < 0) - return r; - -@@ -621,15 +634,28 @@ static int extract_image_and_extensions( - if (r < 0) - return r; - -- r = extension_release_validate(ext->path, id, version_id, sysext_level, extension_release); -- if (r == 0) -- return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s extension-release metadata does not match the root's", ext->path); -- if (r < 0) -- return sd_bus_error_set_errnof(error, r, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext->path); -+ if (validate_sysext) { -+ r = extension_release_validate(ext->path, id, version_id, sysext_level, extension_release); -+ if (r == 0) -+ return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s extension-release metadata does not match the root's", ext->path); -+ if (r < 0) -+ return sd_bus_error_set_errnof(error, r, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext->path); -+ } -+ -+ if (ret_extension_releases) { -+ r = ordered_hashmap_put(extension_releases, ext->name, extension_release_meta); -+ if (r < 0) -+ return r; -+ TAKE_PTR(extension_release_meta); -+ } - } - -- *ret_image = TAKE_PTR(image); -- *ret_extension_images = TAKE_PTR(extension_images); -+ if (ret_image) -+ *ret_image = TAKE_PTR(image); -+ if (ret_extension_images) -+ *ret_extension_images = TAKE_PTR(extension_images); -+ if (ret_extension_releases) -+ *ret_extension_releases = TAKE_PTR(extension_releases); - if (ret_os_release) - *ret_os_release = TAKE_PTR(os_release); - if (ret_unit_files) -@@ -643,24 +669,29 @@ int portable_extract( - char **matches, - char **extension_image_paths, - PortableMetadata **ret_os_release, -+ OrderedHashmap **ret_extension_releases, - Hashmap **ret_unit_files, - sd_bus_error *error) { - - _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; -- _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; -+ _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL, *extension_releases = NULL; - _cleanup_hashmap_free_ Hashmap *unit_files = NULL; - _cleanup_(image_unrefp) Image *image = NULL; - int r; - -- r = extract_image_and_extensions(name_or_path, -- matches, -- extension_image_paths, -- /* validate_sysext= */ false, -- &image, -- &extension_images, -- &os_release, -- &unit_files, -- error); -+ assert(name_or_path); -+ -+ r = extract_image_and_extensions( -+ name_or_path, -+ matches, -+ extension_image_paths, -+ /* validate_sysext= */ false, -+ &image, -+ &extension_images, -+ &extension_releases, -+ &os_release, -+ &unit_files, -+ error); - if (r < 0) - return r; - -@@ -677,8 +708,12 @@ int portable_extract( - isempty(extensions) ? "" : extensions); - } - -- *ret_os_release = TAKE_PTR(os_release); -- *ret_unit_files = TAKE_PTR(unit_files); -+ if (ret_os_release) -+ *ret_os_release = TAKE_PTR(os_release); -+ if (ret_extension_releases) -+ *ret_extension_releases = TAKE_PTR(extension_releases); -+ if (ret_unit_files) -+ *ret_unit_files = TAKE_PTR(unit_files); - - return 0; - } -@@ -1225,15 +1260,17 @@ int portable_attach( - PortableMetadata *item; - int r; - -- r = extract_image_and_extensions(name_or_path, -- matches, -- extension_image_paths, -- /* validate_sysext= */ true, -- &image, -- &extension_images, -- /* os_release= */ NULL, -- &unit_files, -- error); -+ r = extract_image_and_extensions( -+ name_or_path, -+ matches, -+ extension_image_paths, -+ /* validate_sysext= */ true, -+ &image, -+ &extension_images, -+ /* extension_releases= */ NULL, -+ /* os_release= */ NULL, -+ &unit_files, -+ error); - if (r < 0) - return r; - -diff --git a/src/portable/portable.h b/src/portable/portable.h -index 94144287ae..ce55f050a2 100644 ---- a/src/portable/portable.h -+++ b/src/portable/portable.h -@@ -20,13 +20,14 @@ typedef struct PortableMetadata { - #define PORTABLE_METADATA_IS_UNIT(m) (!IN_SET((m)->name[0], 0, '/')) - - typedef enum PortableFlags { -- PORTABLE_RUNTIME = 1 << 0, /* Public API via DBUS, do not change */ -- PORTABLE_PREFER_COPY = 1 << 1, -- PORTABLE_PREFER_SYMLINK = 1 << 2, -- PORTABLE_REATTACH = 1 << 3, -- _PORTABLE_MASK_PUBLIC = PORTABLE_RUNTIME, -+ PORTABLE_RUNTIME = 1 << 0, -+ PORTABLE_INSPECT_EXTENSION_RELEASES = 1 << 1, /* Public API via DBUS, do not change */ -+ PORTABLE_PREFER_COPY = 1 << 2, -+ PORTABLE_PREFER_SYMLINK = 1 << 3, -+ PORTABLE_REATTACH = 1 << 4, -+ _PORTABLE_MASK_PUBLIC = PORTABLE_RUNTIME | PORTABLE_INSPECT_EXTENSION_RELEASES, - _PORTABLE_TYPE_MAX, -- _PORTABLE_TYPE_INVALID = -EINVAL, -+ _PORTABLE_TYPE_INVALID = -EINVAL, - } PortableFlags; - - /* This enum is anonymous, since we usually store it in an 'int', as we overload it with negative errno -@@ -64,7 +65,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(PortableMetadata*, portable_metadata_unref); - - int portable_metadata_hashmap_to_sorted_array(Hashmap *unit_files, PortableMetadata ***ret); - --int portable_extract(const char *image, char **matches, char **extension_image_paths, PortableMetadata **ret_os_release, Hashmap **ret_unit_files, sd_bus_error *error); -+int portable_extract(const char *image, char **matches, char **extension_image_paths, PortableMetadata **ret_os_release, OrderedHashmap **ret_extension_releases, Hashmap **ret_unit_files, sd_bus_error *error); - - int portable_attach(sd_bus *bus, const char *name_or_path, char **matches, const char *profile, char **extension_images, PortableFlags flags, PortableChange **changes, size_t *n_changes, sd_bus_error *error); - int portable_detach(sd_bus *bus, const char *name_or_path, char **extension_image_paths, PortableFlags flags, PortableChange **changes, size_t *n_changes, sd_bus_error *error); -diff --git a/src/portable/portablectl.c b/src/portable/portablectl.c -index 2d8079ad97..af5e78c998 100644 ---- a/src/portable/portablectl.c -+++ b/src/portable/portablectl.c -@@ -259,8 +259,8 @@ static int maybe_reload(sd_bus **bus) { - static int get_image_metadata(sd_bus *bus, const char *image, char **matches, sd_bus_message **reply) { - _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; - _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; -+ PortableFlags flags = PORTABLE_INSPECT_EXTENSION_RELEASES; - const char *method; -- uint64_t flags = 0; - int r; - - assert(bus); -@@ -365,6 +365,74 @@ static int inspect_image(int argc, char *argv[], void *userdata) { - if (r < 0) - return bus_log_parse_error(r); - -+ /* If we specified any extensions, we'll first get back exactly the -+ * paths (and extension-release content) for each one of the arguments. */ -+ for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { -+ const char *name; -+ -+ r = sd_bus_message_enter_container(reply, 'e', "say"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ if (r == 0) -+ break; -+ -+ r = sd_bus_message_read(reply, "s", &name); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ r = sd_bus_message_read_array(reply, 'y', &data, &sz); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ if (arg_cat) { -+ if (nl) -+ fputc('\n', stdout); -+ -+ printf("%s-- Extension Release: %s --%s\n", ansi_highlight(), name, ansi_normal()); -+ fwrite(data, sz, 1, stdout); -+ fflush(stdout); -+ nl = true; -+ } else { -+ _cleanup_free_ char *pretty_portable = NULL, *pretty_os = NULL, *sysext_level = NULL, -+ *id = NULL, *version_id = NULL, *sysext_scope = NULL, *portable_prefixes = NULL; -+ _cleanup_fclose_ FILE *f = NULL; -+ -+ f = fmemopen_unlocked((void*) data, sz, "re"); -+ if (!f) -+ return log_error_errno(errno, "Failed to open extension-release buffer: %m"); -+ -+ r = parse_env_file(f, name, -+ "ID", &id, -+ "VERSION_ID", &version_id, -+ "SYSEXT_SCOPE", &sysext_scope, -+ "SYSEXT_LEVEL", &sysext_level, -+ "PORTABLE_PRETTY_NAME", &pretty_portable, -+ "PORTABLE_PREFIXES", &portable_prefixes, -+ "PRETTY_NAME", &pretty_os); -+ if (r < 0) -+ return log_error_errno(r, "Failed to parse extension release from '%s': %m", name); -+ -+ printf("Extension:\n\t%s\n" -+ "\tExtension Scope:\n\t\t%s\n" -+ "\tExtension Compatibility Level:\n\t\t%s\n" -+ "\tPortable Service:\n\t\t%s\n" -+ "\tPortable Prefixes:\n\t\t%s\n" -+ "\tOperating System:\n\t\t%s (%s %s)\n", -+ name, -+ strna(sysext_scope), -+ strna(sysext_level), -+ strna(pretty_portable), -+ strna(portable_prefixes), -+ strna(pretty_os), -+ strna(id), -+ strna(version_id)); -+ } -+ -+ r = sd_bus_message_exit_container(reply); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ } -+ - for (;;) { - const char *name; - -@@ -699,6 +767,14 @@ static int maybe_stop_disable(sd_bus *bus, char *image, char *argv[]) { - if (r < 0) - return bus_log_parse_error(r); - -+ /* If we specified any extensions, we'll first get back exactly the -+ * paths (and extension-release content) for each one of the arguments. */ -+ for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { -+ r = sd_bus_message_skip(reply, "{say}"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ } -+ - for (;;) { - const char *name; - -diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c -index 23c6e2633a..3e6310f23e 100644 ---- a/src/portable/portabled-image-bus.c -+++ b/src/portable/portabled-image-bus.c -@@ -102,13 +102,13 @@ int bus_image_common_get_metadata( - Image *image, - sd_bus_error *error) { - -+ _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_releases = NULL; - _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; - _cleanup_strv_free_ char **matches = NULL, **extension_images = NULL; - _cleanup_hashmap_free_ Hashmap *unit_files = NULL; - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; - _cleanup_free_ PortableMetadata **sorted = NULL; -- /* Unused for now, but added to the DBUS methods for future-proofing */ -- uint64_t input_flags = 0; -+ PortableFlags flags = 0; - size_t i; - int r; - -@@ -133,14 +133,17 @@ int bus_image_common_get_metadata( - - if (sd_bus_message_is_method_call(message, NULL, "GetImageMetadataWithExtensions") || - sd_bus_message_is_method_call(message, NULL, "GetMetadataWithExtensions")) { -+ uint64_t input_flags = 0; -+ - r = sd_bus_message_read(message, "t", &input_flags); - if (r < 0) - return r; -- /* Let clients know that this version doesn't support any flags */ -- if (input_flags != 0) -+ -+ if ((input_flags & ~_PORTABLE_MASK_PUBLIC) != 0) - return sd_bus_reply_method_errorf(message, SD_BUS_ERROR_INVALID_ARGS, - "Invalid 'flags' parameter '%" PRIu64 "'", - input_flags); -+ flags |= input_flags; - } - - r = bus_image_acquire(m, -@@ -161,6 +164,7 @@ int bus_image_common_get_metadata( - matches, - extension_images, - &os_release, -+ &extension_releases, - &unit_files, - error); - if (r < 0) -@@ -186,6 +190,32 @@ int bus_image_common_get_metadata( - if (r < 0) - return r; - -+ /* If it was requested, also send back the extension path and the content -+ * of each extension-release file. Behind a flag, as it's an incompatible -+ * change. */ -+ if (FLAGS_SET(flags, PORTABLE_INSPECT_EXTENSION_RELEASES)) { -+ PortableMetadata *extension_release; -+ -+ ORDERED_HASHMAP_FOREACH(extension_release, extension_releases) { -+ -+ r = sd_bus_message_open_container(reply, 'e', "say"); -+ if (r < 0) -+ return r; -+ -+ r = sd_bus_message_append(reply, "s", extension_release->image_path); -+ if (r < 0) -+ return r; -+ -+ r = append_fd(reply, extension_release); -+ if (r < 0) -+ return r; -+ -+ r = sd_bus_message_close_container(reply); -+ if (r < 0) -+ return r; -+ } -+ } -+ - for (i = 0; i < hashmap_size(unit_files); i++) { - - r = sd_bus_message_open_container(reply, 'e', "say"); -diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh -index 34fa730514..ca09f321b7 100755 ---- a/test/units/testsuite-29.sh -+++ b/test/units/testsuite-29.sh -@@ -80,6 +80,9 @@ systemctl is-active app1.service - portablectl "${ARGS[@]}" reattach --now --runtime --extension ${app1} ${root} app1 - - systemctl is-active app1.service -+portablectl inspect --cat --extension ${app1} ${root} app1 | grep -F "MARKER=1" -+portablectl inspect --cat --extension ${app1} ${root} app1 | grep -F "Extension Release: /usr/share/app1.raw" -+portablectl inspect --cat --extension ${app1} ${root} app1 | grep -F "ExecStart=/opt/script1.sh" - - portablectl detach --now --runtime --extension ${app1} ${root} app1 - --- -2.33.0 - diff --git a/backport-portable-add-return-parameter-to-GetImageMetadataWit.patch b/backport-portable-add-return-parameter-to-GetImageMetadataWit.patch deleted file mode 100644 index 224ccf4..0000000 --- a/backport-portable-add-return-parameter-to-GetImageMetadataWit.patch +++ /dev/null @@ -1,393 +0,0 @@ -From 594b9adc847c4b759d1e51559fceb617015f8575 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 3 Mar 2022 16:26:36 +0100 -Subject: [PATCH] portable: add return parameter to - GetImageMetadataWithExtensions - -The complaint was that the output array was used for two kinds of data, and the -input flag decided whether this extra data should be included. The flag is -removed, and instead the old method is changed to include the data always as -a separate parameter. - -This breaks backward compatibility, but the old method is effectively broken -and does not appear to be used yet, at least in open source code, by -searching on codesearch.debian.net and github.com. - -Fixes #22404. - -Co-authored-by: Luca Boccassi -(cherry picked from commit 087a799f64560bb0379b8a99ebbd9ca84804e4c3) -(cherry picked from commit 00b5aa8d741ad17f6b8f5f03d901b038e3a27d04) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/594b9adc847c4b759d1e51559fceb617015f8575 ---- - man/org.freedesktop.portable1.xml | 21 ++--- - src/portable/portable.h | 13 ++- - src/portable/portablectl.c | 142 +++++++++++++++-------------- - src/portable/portabled-bus.c | 1 + - src/portable/portabled-image-bus.c | 30 +++--- - 5 files changed, 110 insertions(+), 97 deletions(-) - -diff --git a/man/org.freedesktop.portable1.xml b/man/org.freedesktop.portable1.xml -index 053f2a5434..8f960cc28d 100644 ---- a/man/org.freedesktop.portable1.xml -+++ b/man/org.freedesktop.portable1.xml -@@ -54,6 +54,7 @@ node /org/freedesktop/portable1 { - in t flags, - out s image, - out ay os_release, -+ out a{say} extensions, - out a{say} units); - GetImageState(in s image, - out s state); -@@ -183,19 +184,12 @@ node /org/freedesktop/portable1 { - and a list of portable units contained in the image, in the form of a string (unit name) and - an array of bytes with the content. - -- GetImageMetadataWithExtensions() retrieves metadata associated with an image. -- This method is a superset of GetImageMetadata() with the addition of -- a list of extensions as input parameter, which were overlaid on top of the main -- image via AttachImageWithExtensions(). -- The flag parameter can be used to request that, before the units, the path of -- each extension and an array of bytes with the content of the respective extension-release file -- are sent. One such structure will be sent for each extension named in the input arguments. The -- flag value to enable this functionality is defined as follows: -- -- --#define PORTABLE_INSPECT_EXTENSION_RELEASES (UINT64_C(1) << 1) -- -- -+ GetImageMetadataWithExtensions() retrieves metadata associated with an -+ image. This method is a superset of GetImageMetadata() with the addition of a list -+ of extensions as input parameter, which were overlaid on top of the main image via -+ AttachImageWithExtensions(). The path of each extension and an array of bytes with -+ the content of the respective extension-release file are returned, one such structure for each -+ extension named in the input arguments. - - GetImageState() retrieves the image state as one of the following - strings: -@@ -340,6 +334,7 @@ node /org/freedesktop/portable1 { - in t flags, - out s image, - out ay os_release, -+ out a{say} extensions, - out a{say} units); - GetState(out s state); - Attach(in as matches, -diff --git a/src/portable/portable.h b/src/portable/portable.h -index ce55f050a2..a1abf60dc7 100644 ---- a/src/portable/portable.h -+++ b/src/portable/portable.h -@@ -20,14 +20,13 @@ typedef struct PortableMetadata { - #define PORTABLE_METADATA_IS_UNIT(m) (!IN_SET((m)->name[0], 0, '/')) - - typedef enum PortableFlags { -- PORTABLE_RUNTIME = 1 << 0, -- PORTABLE_INSPECT_EXTENSION_RELEASES = 1 << 1, /* Public API via DBUS, do not change */ -- PORTABLE_PREFER_COPY = 1 << 2, -- PORTABLE_PREFER_SYMLINK = 1 << 3, -- PORTABLE_REATTACH = 1 << 4, -- _PORTABLE_MASK_PUBLIC = PORTABLE_RUNTIME | PORTABLE_INSPECT_EXTENSION_RELEASES, -+ PORTABLE_RUNTIME = 1 << 0, /* Public API via DBUS, do not change */ -+ PORTABLE_PREFER_COPY = 1 << 1, -+ PORTABLE_PREFER_SYMLINK = 1 << 2, -+ PORTABLE_REATTACH = 1 << 3, -+ _PORTABLE_MASK_PUBLIC = PORTABLE_RUNTIME, - _PORTABLE_TYPE_MAX, -- _PORTABLE_TYPE_INVALID = -EINVAL, -+ _PORTABLE_TYPE_INVALID = -EINVAL, - } PortableFlags; - - /* This enum is anonymous, since we usually store it in an 'int', as we overload it with negative errno -diff --git a/src/portable/portablectl.c b/src/portable/portablectl.c -index 827d7a7b4a..21048baeb5 100644 ---- a/src/portable/portablectl.c -+++ b/src/portable/portablectl.c -@@ -259,7 +259,7 @@ static int maybe_reload(sd_bus **bus) { - static int get_image_metadata(sd_bus *bus, const char *image, char **matches, sd_bus_message **reply) { - _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; - _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; -- PortableFlags flags = PORTABLE_INSPECT_EXTENSION_RELEASES; -+ uint64_t flags = 0; - const char *method; - int r; - -@@ -361,71 +361,78 @@ static int inspect_image(int argc, char *argv[], void *userdata) { - strna(pretty_os)); - } - -- r = sd_bus_message_enter_container(reply, 'a', "{say}"); -- if (r < 0) -- return bus_log_parse_error(r); -- -- /* If we specified any extensions, we'll first get back exactly the -- * paths (and extension-release content) for each one of the arguments. */ -- for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { -- const char *name; -+ if (!strv_isempty(arg_extension_images)) { -+ /* If we specified any extensions, we'll first get back exactly the paths (and -+ * extension-release content) for each one of the arguments. */ - -- r = sd_bus_message_enter_container(reply, 'e', "say"); -+ r = sd_bus_message_enter_container(reply, 'a', "{say}"); - if (r < 0) - return bus_log_parse_error(r); -- if (r == 0) -- break; - -- r = sd_bus_message_read(reply, "s", &name); -- if (r < 0) -- return bus_log_parse_error(r); -+ for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { -+ const char *name; - -- r = sd_bus_message_read_array(reply, 'y', &data, &sz); -- if (r < 0) -- return bus_log_parse_error(r); -+ r = sd_bus_message_enter_container(reply, 'e', "say"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ if (r == 0) -+ break; - -- if (arg_cat) { -- if (nl) -- fputc('\n', stdout); -+ r = sd_bus_message_read(reply, "s", &name); -+ if (r < 0) -+ return bus_log_parse_error(r); - -- printf("%s-- Extension Release: %s --%s\n", ansi_highlight(), name, ansi_normal()); -- fwrite(data, sz, 1, stdout); -- fflush(stdout); -- nl = true; -- } else { -- _cleanup_free_ char *pretty_portable = NULL, *pretty_os = NULL, *sysext_level = NULL, -- *id = NULL, *version_id = NULL, *sysext_scope = NULL, *portable_prefixes = NULL; -- _cleanup_fclose_ FILE *f = NULL; -- -- f = fmemopen_unlocked((void*) data, sz, "re"); -- if (!f) -- return log_error_errno(errno, "Failed to open extension-release buffer: %m"); -- -- r = parse_env_file(f, name, -- "ID", &id, -- "VERSION_ID", &version_id, -- "SYSEXT_SCOPE", &sysext_scope, -- "SYSEXT_LEVEL", &sysext_level, -- "PORTABLE_PRETTY_NAME", &pretty_portable, -- "PORTABLE_PREFIXES", &portable_prefixes, -- "PRETTY_NAME", &pretty_os); -+ r = sd_bus_message_read_array(reply, 'y', &data, &sz); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ if (arg_cat) { -+ if (nl) -+ fputc('\n', stdout); -+ -+ printf("%s-- Extension Release: %s --%s\n", ansi_highlight(), name, ansi_normal()); -+ fwrite(data, sz, 1, stdout); -+ fflush(stdout); -+ nl = true; -+ } else { -+ _cleanup_free_ char *pretty_portable = NULL, *pretty_os = NULL, *sysext_level = NULL, -+ *id = NULL, *version_id = NULL, *sysext_scope = NULL, *portable_prefixes = NULL; -+ _cleanup_fclose_ FILE *f = NULL; -+ -+ f = fmemopen_unlocked((void*) data, sz, "re"); -+ if (!f) -+ return log_error_errno(errno, "Failed to open extension-release buffer: %m"); -+ -+ r = parse_env_file(f, name, -+ "ID", &id, -+ "VERSION_ID", &version_id, -+ "SYSEXT_SCOPE", &sysext_scope, -+ "SYSEXT_LEVEL", &sysext_level, -+ "PORTABLE_PRETTY_NAME", &pretty_portable, -+ "PORTABLE_PREFIXES", &portable_prefixes, -+ "PRETTY_NAME", &pretty_os); -+ if (r < 0) -+ return log_error_errno(r, "Failed to parse extension release from '%s': %m", name); -+ -+ printf("Extension:\n\t%s\n" -+ "\tExtension Scope:\n\t\t%s\n" -+ "\tExtension Compatibility Level:\n\t\t%s\n" -+ "\tPortable Service:\n\t\t%s\n" -+ "\tPortable Prefixes:\n\t\t%s\n" -+ "\tOperating System:\n\t\t%s (%s %s)\n", -+ name, -+ strna(sysext_scope), -+ strna(sysext_level), -+ strna(pretty_portable), -+ strna(portable_prefixes), -+ strna(pretty_os), -+ strna(id), -+ strna(version_id)); -+ } -+ -+ r = sd_bus_message_exit_container(reply); - if (r < 0) -- return log_error_errno(r, "Failed to parse extension release from '%s': %m", name); -- -- printf("Extension:\n\t%s\n" -- "\tExtension Scope:\n\t\t%s\n" -- "\tExtension Compatibility Level:\n\t\t%s\n" -- "\tPortable Service:\n\t\t%s\n" -- "\tPortable Prefixes:\n\t\t%s\n" -- "\tOperating System:\n\t\t%s (%s %s)\n", -- name, -- strna(sysext_scope), -- strna(sysext_level), -- strna(pretty_portable), -- strna(portable_prefixes), -- strna(pretty_os), -- strna(id), -- strna(version_id)); -+ return bus_log_parse_error(r); - } - - r = sd_bus_message_exit_container(reply); -@@ -433,6 +440,10 @@ static int inspect_image(int argc, char *argv[], void *userdata) { - return bus_log_parse_error(r); - } - -+ r = sd_bus_message_enter_container(reply, 'a', "{say}"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ - for (;;) { - const char *name; - -@@ -763,18 +774,17 @@ static int maybe_stop_disable(sd_bus *bus, char *image, char *argv[]) { - if (r < 0) - return bus_log_parse_error(r); - -- r = sd_bus_message_enter_container(reply, 'a', "{say}"); -- if (r < 0) -- return bus_log_parse_error(r); -- -- /* If we specified any extensions, we'll first get back exactly the -- * paths (and extension-release content) for each one of the arguments. */ -- for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { -- r = sd_bus_message_skip(reply, "{say}"); -+ /* If we specified any extensions, we'll first an array of extension-release metadata. */ -+ if (!strv_isempty(arg_extension_images)) { -+ r = sd_bus_message_skip(reply, "a{say}"); - if (r < 0) - return bus_log_parse_error(r); - } - -+ r = sd_bus_message_enter_container(reply, 'a', "{say}"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ - for (;;) { - const char *name; - -diff --git a/src/portable/portabled-bus.c b/src/portable/portabled-bus.c -index 5b992d9df8..db71057bb3 100644 ---- a/src/portable/portabled-bus.c -+++ b/src/portable/portabled-bus.c -@@ -420,6 +420,7 @@ const sd_bus_vtable manager_vtable[] = { - "t", flags), - SD_BUS_RESULT("s", image, - "ay", os_release, -+ "a{say}", extensions, - "a{say}", units), - method_get_image_metadata, - SD_BUS_VTABLE_UNPRIVILEGED), -diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c -index 964035ec15..d538a4786f 100644 ---- a/src/portable/portabled-image-bus.c -+++ b/src/portable/portabled-image-bus.c -@@ -108,7 +108,6 @@ int bus_image_common_get_metadata( - _cleanup_hashmap_free_ Hashmap *unit_files = NULL; - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; - _cleanup_free_ PortableMetadata **sorted = NULL; -- PortableFlags flags = 0; - int r; - - assert(name_or_path || image); -@@ -119,8 +118,10 @@ int bus_image_common_get_metadata( - m = image->userdata; - } - -- if (sd_bus_message_is_method_call(message, NULL, "GetImageMetadataWithExtensions") || -- sd_bus_message_is_method_call(message, NULL, "GetMetadataWithExtensions")) { -+ bool have_exti = sd_bus_message_is_method_call(message, NULL, "GetImageMetadataWithExtensions") || -+ sd_bus_message_is_method_call(message, NULL, "GetMetadataWithExtensions"); -+ -+ if (have_exti) { - r = sd_bus_message_read_strv(message, &extension_images); - if (r < 0) - return r; -@@ -130,8 +131,7 @@ int bus_image_common_get_metadata( - if (r < 0) - return r; - -- if (sd_bus_message_is_method_call(message, NULL, "GetImageMetadataWithExtensions") || -- sd_bus_message_is_method_call(message, NULL, "GetMetadataWithExtensions")) { -+ if (have_exti) { - uint64_t input_flags = 0; - - r = sd_bus_message_read(message, "t", &input_flags); -@@ -142,7 +142,6 @@ int bus_image_common_get_metadata( - return sd_bus_reply_method_errorf(message, SD_BUS_ERROR_INVALID_ARGS, - "Invalid 'flags' parameter '%" PRIu64 "'", - input_flags); -- flags |= input_flags; - } - - r = bus_image_acquire(m, -@@ -185,16 +184,16 @@ int bus_image_common_get_metadata( - if (r < 0) - return r; - -- r = sd_bus_message_open_container(reply, 'a', "{say}"); -- if (r < 0) -- return r; -- - /* If it was requested, also send back the extension path and the content - * of each extension-release file. Behind a flag, as it's an incompatible - * change. */ -- if (FLAGS_SET(flags, PORTABLE_INSPECT_EXTENSION_RELEASES)) { -+ if (have_exti) { - PortableMetadata *extension_release; - -+ r = sd_bus_message_open_container(reply, 'a', "{say}"); -+ if (r < 0) -+ return r; -+ - ORDERED_HASHMAP_FOREACH(extension_release, extension_releases) { - - r = sd_bus_message_open_container(reply, 'e', "say"); -@@ -213,8 +212,16 @@ int bus_image_common_get_metadata( - if (r < 0) - return r; - } -+ -+ r = sd_bus_message_close_container(reply); -+ if (r < 0) -+ return r; - } - -+ r = sd_bus_message_open_container(reply, 'a', "{say}"); -+ if (r < 0) -+ return r; -+ - for (size_t i = 0; i < hashmap_size(unit_files); i++) { - - r = sd_bus_message_open_container(reply, 'e', "say"); -@@ -866,6 +873,7 @@ const sd_bus_vtable image_vtable[] = { - "t", flags), - SD_BUS_RESULT("s", image, - "ay", os_release, -+ "a{say}", extensions, - "a{say}", units), - bus_image_method_get_metadata, - SD_BUS_VTABLE_UNPRIVILEGED), --- -2.33.0 - diff --git a/backport-portable-inline-one-variable-declaration.patch b/backport-portable-inline-one-variable-declaration.patch deleted file mode 100644 index 5b6ffda..0000000 --- a/backport-portable-inline-one-variable-declaration.patch +++ /dev/null @@ -1,38 +0,0 @@ -From f1f790658be65ba281d101d651f853701a829250 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 3 Mar 2022 19:13:20 +0100 -Subject: [PATCH] portable: inline one variable declaration - -(cherry picked from commit 90e3f3581dd578a23aec9f63ca846babfe4fcaa0) -(cherry picked from commit 06d466a05c69e39058f109700c8a6c10bd4c2c89) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f1f790658be65ba281d101d651f853701a829250 ---- - src/portable/portabled-image-bus.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c -index 3e6310f23e..964035ec15 100644 ---- a/src/portable/portabled-image-bus.c -+++ b/src/portable/portabled-image-bus.c -@@ -109,7 +109,6 @@ int bus_image_common_get_metadata( - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; - _cleanup_free_ PortableMetadata **sorted = NULL; - PortableFlags flags = 0; -- size_t i; - int r; - - assert(name_or_path || image); -@@ -216,7 +215,7 @@ int bus_image_common_get_metadata( - } - } - -- for (i = 0; i < hashmap_size(unit_files); i++) { -+ for (size_t i = 0; i < hashmap_size(unit_files); i++) { - - r = sd_bus_message_open_container(reply, 'e', "say"); - if (r < 0) --- -2.33.0 - diff --git a/backport-portable-move-profile-search-helper-to-path-lookup.patch b/backport-portable-move-profile-search-helper-to-path-lookup.patch deleted file mode 100644 index 5b90cbd..0000000 --- a/backport-portable-move-profile-search-helper-to-path-lookup.patch +++ /dev/null @@ -1,139 +0,0 @@ -From 494652d95c620f0191f5c7c8f30956e9e98dd62b Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Fri, 26 Nov 2021 17:50:34 +0000 -Subject: [PATCH] portable: move profile search helper to path-lookup - -Will be used in systemd-analyze later - -(cherry picked from commit 13c02e7bd54e4420c392bd76c0fcf1846c10f99c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/494652d95c620f0191f5c7c8f30956e9e98dd62b ---- - src/basic/path-lookup.c | 28 ++++++++++++++++++++++++++++ - src/basic/path-lookup.h | 3 +++ - src/portable/portable.c | 33 ++------------------------------- - 3 files changed, 33 insertions(+), 31 deletions(-) - -diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c -index 05eb17d66c..83adf4767e 100644 ---- a/src/basic/path-lookup.c -+++ b/src/basic/path-lookup.c -@@ -8,6 +8,7 @@ - #include "fs-util.h" - #include "log.h" - #include "macro.h" -+#include "nulstr-util.h" - #include "path-lookup.h" - #include "path-util.h" - #include "stat-util.h" -@@ -864,3 +865,30 @@ char **env_generator_binary_paths(bool is_system) { - - return TAKE_PTR(paths); - } -+ -+int find_portable_profile(const char *name, const char *unit, char **ret_path) { -+ const char *p, *dot; -+ -+ assert(name); -+ assert(ret_path); -+ -+ assert_se(dot = strrchr(unit, '.')); -+ -+ NULSTR_FOREACH(p, PORTABLE_PROFILE_DIRS) { -+ _cleanup_free_ char *joined = NULL; -+ -+ joined = strjoin(p, "/", name, "/", dot + 1, ".conf"); -+ if (!joined) -+ return -ENOMEM; -+ -+ if (laccess(joined, F_OK) >= 0) { -+ *ret_path = TAKE_PTR(joined); -+ return 0; -+ } -+ -+ if (errno != ENOENT) -+ return -errno; -+ } -+ -+ return -ENOENT; -+} -diff --git a/src/basic/path-lookup.h b/src/basic/path-lookup.h -index 088bb9b57c..af85dc7b4f 100644 ---- a/src/basic/path-lookup.h -+++ b/src/basic/path-lookup.h -@@ -72,3 +72,6 @@ char **env_generator_binary_paths(bool is_system); - - #define NETWORK_DIRS ((const char* const*) CONF_PATHS_STRV("systemd/network")) - #define NETWORK_DIRS_NULSTR CONF_PATHS_NULSTR("systemd/network") -+ -+#define PORTABLE_PROFILE_DIRS CONF_PATHS_NULSTR("systemd/portable/profile") -+int find_portable_profile(const char *name, const char *unit, char **ret_path); -diff --git a/src/portable/portable.c b/src/portable/portable.c -index 02f4a692b0..8c5e5b6821 100644 ---- a/src/portable/portable.c -+++ b/src/portable/portable.c -@@ -37,8 +37,6 @@ - #include "tmpfile-util.h" - #include "user-util.h" - --static const char profile_dirs[] = CONF_PATHS_NULSTR("systemd/portable/profile"); -- - /* Markers used in the first line of our 20-portable.conf unit file drop-in to determine, that a) the unit file was - * dropped there by the portable service logic and b) for which image it was dropped there. */ - #define PORTABLE_DROPIN_MARKER_BEGIN "# Drop-in created for image '" -@@ -967,33 +965,6 @@ static int install_chroot_dropin( - return 0; - } - --static int find_profile(const char *name, const char *unit, char **ret) { -- const char *p, *dot; -- -- assert(name); -- assert(ret); -- -- assert_se(dot = strrchr(unit, '.')); -- -- NULSTR_FOREACH(p, profile_dirs) { -- _cleanup_free_ char *joined = NULL; -- -- joined = strjoin(p, "/", name, "/", dot + 1, ".conf"); -- if (!joined) -- return -ENOMEM; -- -- if (laccess(joined, F_OK) >= 0) { -- *ret = TAKE_PTR(joined); -- return 0; -- } -- -- if (errno != ENOENT) -- return -errno; -- } -- -- return -ENOENT; --} -- - static int install_profile_dropin( - const char *image_path, - const PortableMetadata *m, -@@ -1014,7 +985,7 @@ static int install_profile_dropin( - if (!profile) - return 0; - -- r = find_profile(profile, m->name, &from); -+ r = find_portable_profile(profile, m->name, &from); - if (r < 0) { - if (r != -ENOENT) - return log_debug_errno(errno, "Profile '%s' is not accessible: %m", profile); -@@ -1731,7 +1702,7 @@ int portable_get_state( - int portable_get_profiles(char ***ret) { - assert(ret); - -- return conf_files_list_nulstr(ret, NULL, NULL, CONF_FILES_DIRECTORY|CONF_FILES_BASENAME|CONF_FILES_FILTER_MASKED, profile_dirs); -+ return conf_files_list_nulstr(ret, NULL, NULL, CONF_FILES_DIRECTORY|CONF_FILES_BASENAME|CONF_FILES_FILTER_MASKED, PORTABLE_PROFILE_DIRS); - } - - static const char* const portable_change_type_table[_PORTABLE_CHANGE_TYPE_MAX] = { --- -2.33.0 - diff --git a/backport-portablectl-reorder-if-branches-to-match-previous-co.patch b/backport-portablectl-reorder-if-branches-to-match-previous-co.patch deleted file mode 100644 index 3298903..0000000 --- a/backport-portablectl-reorder-if-branches-to-match-previous-co.patch +++ /dev/null @@ -1,42 +0,0 @@ -From b57a0605dd294c00ed34d7bad08a9c33f9810a2d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Thu, 3 Mar 2022 18:56:06 +0100 -Subject: [PATCH] portablectl: reorder if branches to match previous - conditional in the same function - -One is a ternary op, the other an normal conditional, but they should still use -the same order of branches. - -(cherry picked from commit 573e33de078956ded078653ef3f90f93469b4dbf) -(cherry picked from commit 7856dc310906cb8b09d27b7175b322129bd619b6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b57a0605dd294c00ed34d7bad08a9c33f9810a2d ---- - src/portable/portablectl.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/portable/portablectl.c b/src/portable/portablectl.c -index af5e78c998..827d7a7b4a 100644 ---- a/src/portable/portablectl.c -+++ b/src/portable/portablectl.c -@@ -927,12 +927,13 @@ static int detach_image(int argc, char *argv[], void *userdata) { - if (r < 0) - return r; - -- if (!strv_isempty(arg_extension_images)) { -+ if (strv_isempty(arg_extension_images)) -+ r = sd_bus_message_append(m, "b", arg_runtime); -+ else { - uint64_t flags = arg_runtime ? PORTABLE_RUNTIME : 0; - - r = sd_bus_message_append(m, "t", flags); -- } else -- r = sd_bus_message_append(m, "b", arg_runtime); -+ } - if (r < 0) - return bus_log_create_error(r); - --- -2.33.0 - diff --git a/backport-portabled-error-out-if-there-are-no-units-only-after.patch b/backport-portabled-error-out-if-there-are-no-units-only-after.patch deleted file mode 100644 index fc8fe1c..0000000 --- a/backport-portabled-error-out-if-there-are-no-units-only-after.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 6ea63e538eaa13e1efacd33e4ade2cd096b818e0 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Wed, 18 Aug 2021 16:37:13 +0100 -Subject: [PATCH] portabled: error out if there are no units only after parsing - all images - -It's ok if the OS image doesn't have matching units, if we find them -in the extensions. Tidies up the parsing logic a bit. - -(cherry picked from commit 7bf5ec4538cd4c77979dd9d09d9e9429a0a3535c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/6ea63e538eaa13e1efacd33e4ade2cd096b818e0 ---- - src/portable/portable.c | 29 ++++++++++++++++++++++++++--- - 1 file changed, 26 insertions(+), 3 deletions(-) - -diff --git a/src/portable/portable.c b/src/portable/portable.c -index 5ecbeec2de..8550becded 100644 ---- a/src/portable/portable.c -+++ b/src/portable/portable.c -@@ -504,9 +504,6 @@ static int portable_extract_by_path( - if (extract_os_release && !os_release) - return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image '%s' lacks os-release data, refusing.", path); - -- if (!extract_os_release && hashmap_isempty(unit_files)) -- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Couldn't find any matching unit files in image '%s', refusing.", path); -- - if (ret_unit_files) - *ret_unit_files = TAKE_PTR(unit_files); - -@@ -573,6 +570,19 @@ int portable_extract( - return r; - } - -+ if (hashmap_isempty(unit_files)) { -+ _cleanup_free_ char *extensions = strv_join(extension_image_paths, ", "); -+ if (!extensions) -+ return -ENOMEM; -+ -+ return sd_bus_error_setf(error, -+ SD_BUS_ERROR_INVALID_ARGS, -+ "Couldn't find any matching unit files in image '%s%s%s', refusing.", -+ image->path, -+ isempty(extensions) ? "" : "' or any of its extensions '", -+ isempty(extensions) ? "" : extensions); -+ } -+ - *ret_os_release = TAKE_PTR(os_release); - *ret_unit_files = TAKE_PTR(unit_files); - -@@ -1189,6 +1199,19 @@ int portable_attach( - return r; - } - -+ if (hashmap_isempty(unit_files)) { -+ _cleanup_free_ char *extensions = strv_join(extension_image_paths, ", "); -+ if (!extensions) -+ return -ENOMEM; -+ -+ return sd_bus_error_setf(error, -+ SD_BUS_ERROR_INVALID_ARGS, -+ "Couldn't find any matching unit files in image '%s%s%s', refusing.", -+ image->path, -+ isempty(extensions) ? "" : "' or any of its extensions '", -+ isempty(extensions) ? "" : extensions); -+ } -+ - r = lookup_paths_init(&paths, UNIT_FILE_SYSTEM, LOOKUP_PATHS_SPLIT_USR, NULL); - if (r < 0) - return r; --- -2.33.0 - diff --git a/backport-portabled-refactor-extraction-validation-into-a-comm.patch b/backport-portabled-refactor-extraction-validation-into-a-comm.patch deleted file mode 100644 index 9534602..0000000 --- a/backport-portabled-refactor-extraction-validation-into-a-comm.patch +++ /dev/null @@ -1,245 +0,0 @@ -From 04934ab329767b4a1fde60438f769f9eb055fd9d Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Mon, 6 Sep 2021 13:19:47 +0100 -Subject: [PATCH] portabled: refactor extraction/validation into a common - helper - -(cherry picked from commit 9ff61565be1efe5cc962964cde1af2278e554e9e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/04934ab329767b4a1fde60438f769f9eb055fd9d ---- - src/portable/portable.c | 169 ++++++++++++++++++++++------------------ - 1 file changed, 92 insertions(+), 77 deletions(-) - -diff --git a/src/portable/portable.c b/src/portable/portable.c -index 765aedf852..02f4a692b0 100644 ---- a/src/portable/portable.c -+++ b/src/portable/portable.c -@@ -528,14 +528,18 @@ static int portable_extract_by_path( - return 0; - } - --int portable_extract( -+static int extract_image_and_extensions( - const char *name_or_path, - char **matches, - char **extension_image_paths, -+ bool validate_sysext, -+ Image **ret_image, -+ OrderedHashmap **ret_extension_images, - PortableMetadata **ret_os_release, - Hashmap **ret_unit_files, - sd_bus_error *error) { - -+ _cleanup_free_ char *id = NULL, *version_id = NULL, *sysext_level = NULL; - _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; - _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; - _cleanup_hashmap_free_ Hashmap *unit_files = NULL; -@@ -544,6 +548,9 @@ int portable_extract( - int r; - - assert(name_or_path); -+ assert(matches); -+ assert(ret_image); -+ assert(ret_extension_images); - - r = image_find_harder(IMAGE_PORTABLE, name_or_path, NULL, &image); - if (r < 0) -@@ -574,17 +581,91 @@ int portable_extract( - if (r < 0) - return r; - -+ /* If we are layering extension images on top of a runtime image, check that the os-release and extension-release metadata -+ * match, otherwise reject it immediately as invalid, or it will fail when the units are started. */ -+ if (validate_sysext) { -+ _cleanup_fclose_ FILE *f = NULL; -+ -+ r = take_fdopen_unlocked(&os_release->fd, "r", &f); -+ if (r < 0) -+ return r; -+ -+ r = parse_env_file(f, os_release->name, -+ "ID", &id, -+ "VERSION_ID", &version_id, -+ "SYSEXT_LEVEL", &sysext_level); -+ if (r < 0) -+ return r; -+ } -+ - ORDERED_HASHMAP_FOREACH(ext, extension_images) { -+ _cleanup_(portable_metadata_unrefp) PortableMetadata *extension_release_meta = NULL; - _cleanup_hashmap_free_ Hashmap *extra_unit_files = NULL; -+ _cleanup_strv_free_ char **extension_release = NULL; -+ _cleanup_fclose_ FILE *f = NULL; - -- r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, NULL, &extra_unit_files, error); -+ r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, &extension_release_meta, &extra_unit_files, error); - if (r < 0) - return r; -+ - r = hashmap_move(unit_files, extra_unit_files); - if (r < 0) - return r; -+ -+ if (!validate_sysext) -+ continue; -+ -+ r = take_fdopen_unlocked(&extension_release_meta->fd, "r", &f); -+ if (r < 0) -+ return r; -+ -+ r = load_env_file_pairs(f, extension_release_meta->name, &extension_release); -+ if (r < 0) -+ return r; -+ -+ r = extension_release_validate(ext->path, id, version_id, sysext_level, extension_release); -+ if (r == 0) -+ return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s extension-release metadata does not match the root's", ext->path); -+ if (r < 0) -+ return sd_bus_error_set_errnof(error, r, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext->path); - } - -+ *ret_image = TAKE_PTR(image); -+ *ret_extension_images = TAKE_PTR(extension_images); -+ if (ret_os_release) -+ *ret_os_release = TAKE_PTR(os_release); -+ if (ret_unit_files) -+ *ret_unit_files = TAKE_PTR(unit_files); -+ -+ return 0; -+} -+ -+int portable_extract( -+ const char *name_or_path, -+ char **matches, -+ char **extension_image_paths, -+ PortableMetadata **ret_os_release, -+ Hashmap **ret_unit_files, -+ sd_bus_error *error) { -+ -+ _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; -+ _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; -+ _cleanup_hashmap_free_ Hashmap *unit_files = NULL; -+ _cleanup_(image_unrefp) Image *image = NULL; -+ int r; -+ -+ r = extract_image_and_extensions(name_or_path, -+ matches, -+ extension_image_paths, -+ /* validate_sysext= */ false, -+ &image, -+ &extension_images, -+ &os_release, -+ &unit_files, -+ error); -+ if (r < 0) -+ return r; -+ - if (hashmap_isempty(unit_files)) { - _cleanup_free_ char *extensions = strv_join(extension_image_paths, ", "); - if (!extensions) -@@ -1166,91 +1247,25 @@ int portable_attach( - size_t *n_changes, - sd_bus_error *error) { - -- _cleanup_free_ char *id = NULL, *version_id = NULL, *sysext_level = NULL; -- _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; - _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; - _cleanup_hashmap_free_ Hashmap *unit_files = NULL; - _cleanup_(lookup_paths_free) LookupPaths paths = {}; - _cleanup_(image_unrefp) Image *image = NULL; - PortableMetadata *item; -- Image *ext; -- char **p; - int r; - -- assert(name_or_path); -- -- r = image_find_harder(IMAGE_PORTABLE, name_or_path, NULL, &image); -- if (r < 0) -- return r; -- if (!strv_isempty(extension_image_paths)) { -- extension_images = ordered_hashmap_new(&image_hash_ops); -- if (!extension_images) -- return -ENOMEM; -- -- STRV_FOREACH(p, extension_image_paths) { -- _cleanup_(image_unrefp) Image *new = NULL; -- -- r = image_find_harder(IMAGE_PORTABLE, *p, NULL, &new); -- if (r < 0) -- return r; -- -- r = ordered_hashmap_put(extension_images, new->name, new); -- if (r < 0) -- return r; -- TAKE_PTR(new); -- } -- } -- -- r = portable_extract_by_path(image->path, /* path_is_extension= */ false, matches, &os_release, &unit_files, error); -+ r = extract_image_and_extensions(name_or_path, -+ matches, -+ extension_image_paths, -+ /* validate_sysext= */ true, -+ &image, -+ &extension_images, -+ /* os_release= */ NULL, -+ &unit_files, -+ error); - if (r < 0) - return r; - -- /* If we are layering extension images on top of a runtime image, check that the os-release and extension-release metadata -- * match, otherwise reject it immediately as invalid, or it will fail when the units are started. */ -- if (os_release) { -- _cleanup_fclose_ FILE *f = NULL; -- -- r = take_fdopen_unlocked(&os_release->fd, "r", &f); -- if (r < 0) -- return r; -- -- r = parse_env_file(f, os_release->name, -- "ID", &id, -- "VERSION_ID", &version_id, -- "SYSEXT_LEVEL", &sysext_level); -- if (r < 0) -- return r; -- } -- -- ORDERED_HASHMAP_FOREACH(ext, extension_images) { -- _cleanup_(portable_metadata_unrefp) PortableMetadata *extension_release_meta = NULL; -- _cleanup_hashmap_free_ Hashmap *extra_unit_files = NULL; -- _cleanup_strv_free_ char **extension_release = NULL; -- _cleanup_fclose_ FILE *f = NULL; -- -- r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, &extension_release_meta, &extra_unit_files, error); -- if (r < 0) -- return r; -- -- r = take_fdopen_unlocked(&extension_release_meta->fd, "r", &f); -- if (r < 0) -- return r; -- -- r = load_env_file_pairs(f, extension_release_meta->name, &extension_release); -- if (r < 0) -- return r; -- -- r = extension_release_validate(ext->path, id, version_id, sysext_level, extension_release); -- if (r == 0) -- return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s extension-release metadata does not match the root's", ext->path); -- if (r < 0) -- return sd_bus_error_set_errnof(error, r, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext->path); -- -- r = hashmap_move(unit_files, extra_unit_files); -- if (r < 0) -- return r; -- } -- - if (hashmap_isempty(unit_files)) { - _cleanup_free_ char *extensions = strv_join(extension_image_paths, ", "); - if (!extensions) --- -2.33.0 - diff --git a/backport-portabled-validate-SYSEXT_LEVEL-when-attaching.patch b/backport-portabled-validate-SYSEXT_LEVEL-when-attaching.patch deleted file mode 100644 index e3787da..0000000 --- a/backport-portabled-validate-SYSEXT_LEVEL-when-attaching.patch +++ /dev/null @@ -1,240 +0,0 @@ -From 5453257f8caebbcfe880601de27853f2d51acbb7 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Wed, 4 Aug 2021 15:00:06 +0100 -Subject: [PATCH] portabled: validate SYSEXT_LEVEL when attaching - -When attaching a portable service with extensions, immediately validate -that the os-release and extension-release metadata values match, rather -than letting it fail when the units are started - -(cherry picked from commit 239ac0c7f72c30cab2e84d395d064c3b7384ff84) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5453257f8caebbcfe880601de27853f2d51acbb7 ---- - src/portable/portable.c | 88 ++++++++++++++++++++++++++++++++--------- - src/portable/portable.h | 1 + - 2 files changed, 71 insertions(+), 18 deletions(-) - -diff --git a/src/portable/portable.c b/src/portable/portable.c -index 8550becded..765aedf852 100644 ---- a/src/portable/portable.c -+++ b/src/portable/portable.c -@@ -11,8 +11,10 @@ - #include "dirent-util.h" - #include "discover-image.h" - #include "dissect-image.h" -+#include "env-file.h" - #include "errno-list.h" - #include "escape.h" -+#include "extension-release.h" - #include "fd-util.h" - #include "fileio.h" - #include "fs-util.h" -@@ -232,6 +234,8 @@ DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(portable_metadata_hash_ops, char, - static int extract_now( - const char *where, - char **matches, -+ const char *image_name, -+ bool path_is_extension, - int socket_fd, - PortableMetadata **ret_os_release, - Hashmap **ret_unit_files) { -@@ -241,6 +245,7 @@ static int extract_now( - _cleanup_(lookup_paths_free) LookupPaths paths = {}; - _cleanup_close_ int os_release_fd = -1; - _cleanup_free_ char *os_release_path = NULL; -+ const char *os_release_id; - char **i; - int r; - -@@ -255,19 +260,27 @@ static int extract_now( - - assert(where); - -- /* First, find /etc/os-release and send it upstream (or just save it). */ -- r = open_os_release(where, &os_release_path, &os_release_fd); -+ /* First, find os-release/extension-release and send it upstream (or just save it). */ -+ if (path_is_extension) { -+ os_release_id = strjoina("/usr/lib/extension-release.d/extension-release.", image_name); -+ r = open_extension_release(where, image_name, &os_release_path, &os_release_fd); -+ } else { -+ os_release_id = "/etc/os-release"; -+ r = open_os_release(where, &os_release_path, &os_release_fd); -+ } - if (r < 0) -- log_debug_errno(r, "Couldn't acquire os-release file, ignoring: %m"); -+ log_debug_errno(r, -+ "Couldn't acquire %s file, ignoring: %m", -+ path_is_extension ? "extension-release " : "os-release"); - else { - if (socket_fd >= 0) { -- r = send_item(socket_fd, "/etc/os-release", os_release_fd); -+ r = send_item(socket_fd, os_release_id, os_release_fd); - if (r < 0) - return log_debug_errno(r, "Failed to send os-release file: %m"); - } - - if (ret_os_release) { -- os_release = portable_metadata_new("/etc/os-release", NULL, os_release_fd); -+ os_release = portable_metadata_new(os_release_id, NULL, os_release_fd); - if (!os_release) - return -ENOMEM; - -@@ -353,7 +366,7 @@ static int extract_now( - - static int portable_extract_by_path( - const char *path, -- bool extract_os_release, -+ bool path_is_extension, - char **matches, - PortableMetadata **ret_os_release, - Hashmap **ret_unit_files, -@@ -371,7 +384,7 @@ static int portable_extract_by_path( - /* We can't turn this into a loop-back block device, and this returns EISDIR? Then this is a directory - * tree and not a raw device. It's easy then. */ - -- r = extract_now(path, matches, -1, &os_release, &unit_files); -+ r = extract_now(path, matches, NULL, path_is_extension, -1, &os_release, &unit_files); - if (r < 0) - return r; - -@@ -428,7 +441,7 @@ static int portable_extract_by_path( - - seq[0] = safe_close(seq[0]); - -- if (!extract_os_release) -+ if (path_is_extension) - flags |= DISSECT_IMAGE_VALIDATE_OS_EXT; - else - flags |= DISSECT_IMAGE_VALIDATE_OS; -@@ -439,7 +452,7 @@ static int portable_extract_by_path( - goto child_finish; - } - -- r = extract_now(tmpdir, matches, seq[1], NULL, NULL); -+ r = extract_now(tmpdir, matches, m->image_name, path_is_extension, seq[1], NULL, NULL); - - child_finish: - _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS); -@@ -485,7 +498,7 @@ static int portable_extract_by_path( - - add = NULL; - -- } else if (PORTABLE_METADATA_IS_OS_RELEASE(add)) { -+ } else if (PORTABLE_METADATA_IS_OS_RELEASE(add) || PORTABLE_METADATA_IS_EXTENSION_RELEASE(add)) { - - assert(!os_release); - os_release = TAKE_PTR(add); -@@ -499,10 +512,12 @@ static int portable_extract_by_path( - child = 0; - } - -- /* When the portable image is layered, the image with units will not -- * have a full filesystem, so no os-release - it will be in the root layer */ -- if (extract_os_release && !os_release) -- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image '%s' lacks os-release data, refusing.", path); -+ if (!os_release) -+ return sd_bus_error_setf(error, -+ SD_BUS_ERROR_INVALID_ARGS, -+ "Image '%s' lacks %s data, refusing.", -+ path, -+ path_is_extension ? "extension-release" : "os-release"); - - if (ret_unit_files) - *ret_unit_files = TAKE_PTR(unit_files); -@@ -555,14 +570,14 @@ int portable_extract( - } - } - -- r = portable_extract_by_path(image->path, true, matches, &os_release, &unit_files, error); -+ r = portable_extract_by_path(image->path, /* path_is_extension= */ false, matches, &os_release, &unit_files, error); - if (r < 0) - return r; - - ORDERED_HASHMAP_FOREACH(ext, extension_images) { - _cleanup_hashmap_free_ Hashmap *extra_unit_files = NULL; - -- r = portable_extract_by_path(ext->path, false, matches, NULL, &extra_unit_files, error); -+ r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, NULL, &extra_unit_files, error); - if (r < 0) - return r; - r = hashmap_move(unit_files, extra_unit_files); -@@ -1151,6 +1166,8 @@ int portable_attach( - size_t *n_changes, - sd_bus_error *error) { - -+ _cleanup_free_ char *id = NULL, *version_id = NULL, *sysext_level = NULL; -+ _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; - _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; - _cleanup_hashmap_free_ Hashmap *unit_files = NULL; - _cleanup_(lookup_paths_free) LookupPaths paths = {}; -@@ -1184,16 +1201,51 @@ int portable_attach( - } - } - -- r = portable_extract_by_path(image->path, true, matches, NULL, &unit_files, error); -+ r = portable_extract_by_path(image->path, /* path_is_extension= */ false, matches, &os_release, &unit_files, error); - if (r < 0) - return r; - -+ /* If we are layering extension images on top of a runtime image, check that the os-release and extension-release metadata -+ * match, otherwise reject it immediately as invalid, or it will fail when the units are started. */ -+ if (os_release) { -+ _cleanup_fclose_ FILE *f = NULL; -+ -+ r = take_fdopen_unlocked(&os_release->fd, "r", &f); -+ if (r < 0) -+ return r; -+ -+ r = parse_env_file(f, os_release->name, -+ "ID", &id, -+ "VERSION_ID", &version_id, -+ "SYSEXT_LEVEL", &sysext_level); -+ if (r < 0) -+ return r; -+ } -+ - ORDERED_HASHMAP_FOREACH(ext, extension_images) { -+ _cleanup_(portable_metadata_unrefp) PortableMetadata *extension_release_meta = NULL; - _cleanup_hashmap_free_ Hashmap *extra_unit_files = NULL; -+ _cleanup_strv_free_ char **extension_release = NULL; -+ _cleanup_fclose_ FILE *f = NULL; -+ -+ r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, &extension_release_meta, &extra_unit_files, error); -+ if (r < 0) -+ return r; - -- r = portable_extract_by_path(ext->path, false, matches, NULL, &extra_unit_files, error); -+ r = take_fdopen_unlocked(&extension_release_meta->fd, "r", &f); - if (r < 0) - return r; -+ -+ r = load_env_file_pairs(f, extension_release_meta->name, &extension_release); -+ if (r < 0) -+ return r; -+ -+ r = extension_release_validate(ext->path, id, version_id, sysext_level, extension_release); -+ if (r == 0) -+ return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s extension-release metadata does not match the root's", ext->path); -+ if (r < 0) -+ return sd_bus_error_set_errnof(error, r, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext->path); -+ - r = hashmap_move(unit_files, extra_unit_files); - if (r < 0) - return r; -diff --git a/src/portable/portable.h b/src/portable/portable.h -index dd080edf4e..94144287ae 100644 ---- a/src/portable/portable.h -+++ b/src/portable/portable.h -@@ -16,6 +16,7 @@ typedef struct PortableMetadata { - } PortableMetadata; - - #define PORTABLE_METADATA_IS_OS_RELEASE(m) (streq((m)->name, "/etc/os-release")) -+#define PORTABLE_METADATA_IS_EXTENSION_RELEASE(m) (startswith((m)->name, "/usr/lib/extension-release.d/extension-release.")) - #define PORTABLE_METADATA_IS_UNIT(m) (!IN_SET((m)->name[0], 0, '/')) - - typedef enum PortableFlags { --- -2.33.0 - diff --git a/backport-process-util-wait-for-processes-we-killed-even-if-ki.patch b/backport-process-util-wait-for-processes-we-killed-even-if-ki.patch deleted file mode 100644 index 4250b70..0000000 --- a/backport-process-util-wait-for-processes-we-killed-even-if-ki.patch +++ /dev/null @@ -1,46 +0,0 @@ -From deda69dad784f9c4367533555ff4d7bf6308c0ff Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 3 Nov 2021 15:54:28 +0100 -Subject: [PATCH] process-util: wait for processes we killed even if killing - failed - -The processes might be zombies in which case killing will fail, but -reaping them still matters. - -(cherry picked from commit 2c1612100daae9cef1b71c06ae4c4ec5f9378f09) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/deda69dad784f9c4367533555ff4d7bf6308c0ff ---- - src/basic/process-util.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/basic/process-util.c b/src/basic/process-util.c -index 14259ea8df..461bbfe9a5 100644 ---- a/src/basic/process-util.c -+++ b/src/basic/process-util.c -@@ -858,8 +858,8 @@ int wait_for_terminate_with_timeout(pid_t pid, usec_t timeout) { - void sigkill_wait(pid_t pid) { - assert(pid > 1); - -- if (kill(pid, SIGKILL) >= 0) -- (void) wait_for_terminate(pid, NULL); -+ (void) kill(pid, SIGKILL); -+ (void) wait_for_terminate(pid, NULL); - } - - void sigkill_waitp(pid_t *pid) { -@@ -876,8 +876,8 @@ void sigkill_waitp(pid_t *pid) { - void sigterm_wait(pid_t pid) { - assert(pid > 1); - -- if (kill_and_sigcont(pid, SIGTERM) >= 0) -- (void) wait_for_terminate(pid, NULL); -+ (void) kill_and_sigcont(pid, SIGTERM); -+ (void) wait_for_terminate(pid, NULL); - } - - int kill_and_sigcont(pid_t pid, int sig) { --- -2.33.0 - diff --git a/backport-random-util-use-ssize_t-for-getrandom-return-value.patch b/backport-random-util-use-ssize_t-for-getrandom-return-value.patch deleted file mode 100644 index df57885..0000000 --- a/backport-random-util-use-ssize_t-for-getrandom-return-value.patch +++ /dev/null @@ -1,81 +0,0 @@ -From a7ba75de06efb5a1d962c4b250f66e49e1d3ac6a Mon Sep 17 00:00:00 2001 -From: Mike Gilbert -Date: Fri, 24 Dec 2021 19:20:36 -0500 -Subject: [PATCH] random-util: use ssize_t for getrandom return value - -This matches the prototype provided by glibc. - -(cherry picked from commit 289b41aae7356b7a6c72ff4a3476193a084ff33f) -(cherry picked from commit 4d889024ef5ba1edc5d967a010a2551e0826e5d7) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a7ba75de06efb5a1d962c4b250f66e49e1d3ac6a ---- - src/basic/missing_syscall.h | 3 ++- - src/basic/random-util.c | 16 ++++++++-------- - 2 files changed, 10 insertions(+), 9 deletions(-) - -diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h -index 9e3a165857..279c5911bd 100644 ---- a/src/basic/missing_syscall.h -+++ b/src/basic/missing_syscall.h -@@ -57,7 +57,8 @@ static inline int missing_memfd_create(const char *name, unsigned int flags) { - /* ======================================================================= */ - - #if !HAVE_GETRANDOM --static inline int missing_getrandom(void *buffer, size_t count, unsigned flags) { -+/* glibc says getrandom() returns ssize_t */ -+static inline ssize_t missing_getrandom(void *buffer, size_t count, unsigned flags) { - # ifdef __NR_getrandom - return syscall(__NR_getrandom, buffer, count, flags); - # else -diff --git a/src/basic/random-util.c b/src/basic/random-util.c -index c2be962355..e117330857 100644 ---- a/src/basic/random-util.c -+++ b/src/basic/random-util.c -@@ -161,7 +161,6 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { - static int have_syscall = -1; - _cleanup_close_ int fd = -1; - bool got_some = false; -- int r; - - /* Gathers some high-quality randomness from the kernel (or potentially mid-quality randomness from - * the CPU if the RANDOM_ALLOW_RDRAND flag is set). This call won't block, unless the RANDOM_BLOCK -@@ -220,18 +219,19 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { - if (have_syscall != 0 && !HAS_FEATURE_MEMORY_SANITIZER) { - - for (;;) { -- r = getrandom(p, n, -+ ssize_t l; -+ l = getrandom(p, n, - (FLAGS_SET(flags, RANDOM_BLOCK) ? 0 : GRND_NONBLOCK) | - (FLAGS_SET(flags, RANDOM_ALLOW_INSECURE) ? GRND_INSECURE : 0)); -- if (r > 0) { -+ if (l > 0) { - have_syscall = true; - -- if ((size_t) r == n) -+ if ((size_t) l == n) - return 0; /* Yay, success! */ - -- assert((size_t) r < n); -- p = (uint8_t*) p + r; -- n -= r; -+ assert((size_t) l < n); -+ p = (uint8_t*) p + l; -+ n -= l; - - if (FLAGS_SET(flags, RANDOM_EXTEND_WITH_PSEUDO)) { - /* Fill in the remaining bytes using pseudo-random values */ -@@ -248,7 +248,7 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { - /* Fill in the rest with /dev/urandom */ - break; - -- } else if (r == 0) { -+ } else if (l == 0) { - have_syscall = true; - return -EIO; - --- -2.33.0 - diff --git a/backport-repart-use-real-disk-start-end-for-bar-production.patch b/backport-repart-use-real-disk-start-end-for-bar-production.patch deleted file mode 100644 index 5c32308..0000000 --- a/backport-repart-use-real-disk-start-end-for-bar-production.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 0c3c3db042a24d11da7accf777029fbaf8db5a29 Mon Sep 17 00:00:00 2001 -From: Tom Yan -Date: Mon, 20 Dec 2021 01:30:38 +0800 -Subject: [PATCH] repart: use real disk start/end for bar production - -Partitions are not always within our aligned scope. Bar printing -involves foreign partitions as well. - -Fixes #21817. - -(cherry picked from commit d8daed09f37bc9f8ecb9268a4e371f65aec8b24a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0c3c3db042a24d11da7accf777029fbaf8db5a29 ---- - src/partition/repart.c | 14 ++++++-------- - 1 file changed, 6 insertions(+), 8 deletions(-) - -diff --git a/src/partition/repart.c b/src/partition/repart.c -index 7602ac6aa8..9f0fe9e10d 100644 ---- a/src/partition/repart.c -+++ b/src/partition/repart.c -@@ -2103,16 +2103,14 @@ static void context_bar_char_process_partition( - from = p->offset; - to = from + p->new_size; - -- assert(context->end >= context->start); -- total = context->end - context->start; -+ assert(context->total > 0); -+ total = context->total; - -- assert(from >= context->start); -- assert(from <= context->end); -- x = (from - context->start) * n / total; -+ assert(from <= total); -+ x = from * n / total; - -- assert(to >= context->start); -- assert(to <= context->end); -- y = (to - context->start) * n / total; -+ assert(to <= total); -+ y = to * n / total; - - assert(x <= y); - assert(y <= n); --- -2.33.0 - diff --git a/backport-repart-use-right-error-variable.patch b/backport-repart-use-right-error-variable.patch deleted file mode 100644 index 620cde1..0000000 --- a/backport-repart-use-right-error-variable.patch +++ /dev/null @@ -1,38 +0,0 @@ -From b57f76bff912de738a8da8feceb298160bebab26 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 5 Oct 2021 14:10:27 +0200 -Subject: [PATCH] repart: use right error variable - -(cherry picked from commit 8ac04a65477b59c9143b635c0c0daa5152d9b466) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b57f76bff912de738a8da8feceb298160bebab26 ---- - src/partition/repart.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/partition/repart.c b/src/partition/repart.c -index 851c68cc4b..3c80d1380a 100644 ---- a/src/partition/repart.c -+++ b/src/partition/repart.c -@@ -2784,7 +2784,7 @@ static int context_copy_blocks(Context *context) { - return log_error_errno(r, "Failed to copy in data from '%s': %m", p->copy_blocks_path); - - if (fsync(target_fd) < 0) -- return log_error_errno(r, "Failed to synchronize copied data blocks: %m"); -+ return log_error_errno(errno, "Failed to synchronize copied data blocks: %m"); - - if (p->encrypt != ENCRYPT_OFF) { - encrypted_dev_fd = safe_close(encrypted_dev_fd); -@@ -3060,7 +3060,7 @@ static int context_mkfs(Context *context) { - - if (p->encrypt != ENCRYPT_OFF) { - if (fsync(encrypted_dev_fd) < 0) -- return log_error_errno(r, "Failed to synchronize LUKS volume: %m"); -+ return log_error_errno(errno, "Failed to synchronize LUKS volume: %m"); - encrypted_dev_fd = safe_close(encrypted_dev_fd); - - r = deactivate_luks(cd, encrypted); --- -2.33.0 - diff --git a/backport-resolvconf-compat-make-u-operation-a-NOP.patch b/backport-resolvconf-compat-make-u-operation-a-NOP.patch deleted file mode 100644 index 2b371f2..0000000 --- a/backport-resolvconf-compat-make-u-operation-a-NOP.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 4fe53426991e829c0add9378d91f3677a23076fd Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 29 Sep 2021 10:48:24 +0200 -Subject: [PATCH] resolvconf-compat: make "-u" operation a NOP - -According to the various man pages of "resolvconf" the -u switch is for: - -"-u Just run the update scripts (if updating is enabled)." - -"-u Force resolvconf to update all its subscribers. resolvconf does not - update the subscribers when adding a resolv.conf that matches what - it already has for that interface." - -We have no "subscribers", we ourselves are the only "subscriber" we -support. Hence it's probably better to ignore such a request and make it -a NOP, then to fail. - -Fixes: #20748 -(cherry picked from commit bee07a399572e0d60600c040a84099ecb418ed33) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4fe53426991e829c0add9378d91f3677a23076fd ---- - src/resolve/resolvconf-compat.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - -diff --git a/src/resolve/resolvconf-compat.c b/src/resolve/resolvconf-compat.c -index 93ded6d564..991c62e21d 100644 ---- a/src/resolve/resolvconf-compat.c -+++ b/src/resolve/resolvconf-compat.c -@@ -39,8 +39,8 @@ static int resolvconf_help(void) { - "This is a compatibility alias for the resolvectl(1) tool, providing native\n" - "command line compatibility with the resolvconf(8) tool of various Linux\n" - "distributions and BSD systems. Some options supported by other implementations\n" -- "are not supported and are ignored: -m, -p. Various options supported by other\n" -- "implementations are not supported and will cause the invocation to fail: -u,\n" -+ "are not supported and are ignored: -m, -p, -u. Various options supported by other\n" -+ "implementations are not supported and will cause the invocation to fail:\n" - "-I, -i, -l, -R, -r, -v, -V, --enable-updates, --disable-updates,\n" - "--updates-are-enabled.\n" - "\nSee the %2$s for details.\n", -@@ -171,8 +171,11 @@ int resolvconf_parse_argv(int argc, char *argv[]) { - log_debug("Switch -%c ignored.", c); - break; - -- /* Everybody else can agree on the existence of -u but we don't support it. */ -+ /* -u supposedly should "update all subscribers". We have no subscribers, hence let's make -+ this a NOP, and exit immediately, cleanly. */ - case 'u': -+ log_info("Switch -%c ignored.", c); -+ return 0; - - /* The following options are openresolv inventions we don't support. */ - case 'I': --- -2.33.0 - diff --git a/backport-resolve-add-reference-of-the-original-bus-message-to.patch b/backport-resolve-add-reference-of-the-original-bus-message-to.patch deleted file mode 100644 index 578c244..0000000 --- a/backport-resolve-add-reference-of-the-original-bus-message-to.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 965e8b5a691d05b32ecadbe1d4d00de2200492c2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 11 Feb 2022 09:43:16 +0900 -Subject: [PATCH] resolve: add reference of the original bus message to the aux - queries - -Otherwise, the error in aux queries cannot be replied. - -Fixes #22477. - -(cherry picked from commit 08275791d85a1852e79951212f6cbbc727db789a) -(cherry picked from commit 919d398668d2baa1873e61f7f502fac910a9d606) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/965e8b5a691d05b32ecadbe1d4d00de2200492c2 ---- - src/resolve/resolved-bus.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c -index ed06895ed9..61d4b50c5b 100644 ---- a/src/resolve/resolved-bus.c -+++ b/src/resolve/resolved-bus.c -@@ -1137,6 +1137,7 @@ static int resolve_service_hostname(DnsQuery *q, DnsResourceRecord *rr, int ifin - if (r < 0) - return r; - -+ aux->bus_request = sd_bus_message_ref(q->bus_request); - aux->request_family = q->request_family; - aux->complete = resolve_service_hostname_complete; - --- -2.33.0 - diff --git a/backport-resolve-drop-never-matched-condition.patch b/backport-resolve-drop-never-matched-condition.patch deleted file mode 100644 index 2144bf3..0000000 --- a/backport-resolve-drop-never-matched-condition.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 7b99795c46d4cd61501a31364894f13ac3a9e60d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 23 Feb 2022 07:49:40 +0900 -Subject: [PATCH] resolve: drop never matched condition - -As dns_scope_good_domain() does not return negative errno. - -(cherry picked from commit 830f50ab1e03fa7ee262876ed42023d10e89688d) -(cherry picked from commit 499115dbc3408f9a85160099e114bbaf0bacfe84) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7b99795c46d4cd61501a31364894f13ac3a9e60d ---- - src/resolve/resolved-dns-query.c | 12 ++---------- - 1 file changed, 2 insertions(+), 10 deletions(-) - -diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c -index 192bfd3bf5..4d15240e25 100644 ---- a/src/resolve/resolved-dns-query.c -+++ b/src/resolve/resolved-dns-query.c -@@ -743,11 +743,7 @@ int dns_query_go(DnsQuery *q) { - continue; - - match = dns_scope_good_domain(s, q->ifindex, q->flags, name); -- if (match < 0) { -- log_debug("Couldn't check if '%s' matches against scope, ignoring.", name); -- continue; -- } -- -+ assert(match >= 0); - if (match > found) { /* Does this match better? If so, remember how well it matched, and the first one - * that matches this well */ - found = match; -@@ -779,11 +775,7 @@ int dns_query_go(DnsQuery *q) { - continue; - - match = dns_scope_good_domain(s, q->ifindex, q->flags, name); -- if (match < 0) { -- log_debug("Couldn't check if '%s' matches against scope, ignoring.", name); -- continue; -- } -- -+ assert(match >= 0); - if (match < found) - continue; - --- -2.33.0 - diff --git a/backport-resolve-fix-assertion-triggered-when-r-0.patch b/backport-resolve-fix-assertion-triggered-when-r-0.patch deleted file mode 100644 index 61fabd1..0000000 --- a/backport-resolve-fix-assertion-triggered-when-r-0.patch +++ /dev/null @@ -1,35 +0,0 @@ -From bfa7063dac7173858ddddda7c49eda95a9dd89bf Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 20 Jan 2022 05:24:31 +0900 -Subject: [PATCH] resolve: fix assertion triggered when r == 0 - -Fixes #22178. - -(cherry picked from commit 98b1eb711cfc70776fefd3d4ec437a6a4f9aeff2) -(cherry picked from commit 740dd39e070b3b827cbac37df2a40d61bd9cdb89) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bfa7063dac7173858ddddda7c49eda95a9dd89bf ---- - src/resolve/resolved-etc-hosts.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-etc-hosts.c b/src/resolve/resolved-etc-hosts.c -index 9af3a27bb1..a8da6c3d88 100644 ---- a/src/resolve/resolved-etc-hosts.c -+++ b/src/resolve/resolved-etc-hosts.c -@@ -109,7 +109,10 @@ static int parse_line(EtcHosts *hosts, unsigned nr, const char *line) { - - r = dns_name_is_valid_ldh(name); - if (r <= 0) { -- log_warning_errno(r, "/etc/hosts:%u: hostname \"%s\" is not valid, ignoring.", nr, name); -+ if (r < 0) -+ log_warning_errno(r, "/etc/hosts:%u: Failed to check the validity of hostname \"%s\", ignoring: %m", nr, name); -+ else -+ log_warning("/etc/hosts:%u: hostname \"%s\" is not valid, ignoring.", nr, name); - continue; - } - --- -2.33.0 - diff --git a/backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch b/backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch deleted file mode 100644 index eef6c0e..0000000 --- a/backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch +++ /dev/null @@ -1,34 +0,0 @@ -From c285d500d0fe356f74f34846bc2ac0e25fe6ae42 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 8 Jul 2022 22:00:58 +0900 -Subject: [PATCH] resolve: fix heap-buffer-overflow reported by ASAN with - strict_string_checks=1 - -Fixes #23942. - -(cherry picked from commit beeab352de413e1c04de0a67ee36525fcf6e99dd) -(cherry picked from commit feb244676baa246e660b713544c2cb8766c25b34) -(cherry picked from commit 63c0ce2346cb70a2959bd539541119866223a619) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c285d500d0fe356f74f34846bc2ac0e25fe6ae42 ---- - src/resolve/resolved-dns-packet.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c -index b37f57fe67..c4cfbf7820 100644 ---- a/src/resolve/resolved-dns-packet.c -+++ b/src/resolve/resolved-dns-packet.c -@@ -1393,7 +1393,7 @@ int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) { - if (memchr(d, 0, c)) - return -EBADMSG; - -- t = strndup(d, c); -+ t = memdup_suffix0(d, c); - if (!t) - return -ENOMEM; - --- -2.27.0 - diff --git a/backport-resolve-fix-possible-memleak.patch b/backport-resolve-fix-possible-memleak.patch deleted file mode 100644 index cc0955b..0000000 --- a/backport-resolve-fix-possible-memleak.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 11f8123bbf36801ec436dc77d42a8e253eed1fb7 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 5 Feb 2022 22:03:19 +0900 -Subject: [PATCH] resolve: fix possible memleak - -Fortunately, unlike the issue fixed in the previous commit, the memleak -should be superficial and not become apparent, as the queries handled -here are managed by the stub stream, and will be freed when the stream -is closed. - -Just for safety, and slightly reducing the runtime memory usage by the -stub stream. - -(cherry picked from commit fe8c5ce615ee2123f17b1f0b3728c439e19e4b5b) -(cherry picked from commit 4dbc210124b4303ecadb6cdb28a4a4c821e1150b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/11f8123bbf36801ec436dc77d42a8e253eed1fb7 ---- - src/resolve/resolved-dns-stub.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c -index 49da916576..8040db70f9 100644 ---- a/src/resolve/resolved-dns-stub.c -+++ b/src/resolve/resolved-dns-stub.c -@@ -755,8 +755,10 @@ static void dns_stub_query_complete(DnsQuery *q) { - * packet doesn't answer our question. In that case let's restart the query, - * now with the redirected question. We'll */ - r = dns_query_go(q); -- if (r < 0) -+ if (r < 0) { - log_debug_errno(r, "Failed to restart query: %m"); -+ dns_query_free(q); -+ } - - return; - } --- -2.33.0 - diff --git a/backport-resolve-fix-potential-memleak-and-use-after-free.patch b/backport-resolve-fix-potential-memleak-and-use-after-free.patch deleted file mode 100644 index 1cc6f9b..0000000 --- a/backport-resolve-fix-potential-memleak-and-use-after-free.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 8baf04a6588bd392f606a3d55b0711cdd00b4b80 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 5 Feb 2022 21:37:01 +0900 -Subject: [PATCH] resolve: fix potential memleak and use-after-free - -When stub stream is closed early, then queries associated to the stream -are freed. Previously, the timer event source for queries may not be -disabled, hence may be triggered with already freed query. -See also dns_stub_stream_complete(). - -Note that we usually not set NULL or zero when freeing simple objects. -But, here DnsQuery is large and complicated object, and the element may -be referenced in subsequent freeing process in the future. Hence, for -safety, let's set NULL to the pointer. - -(cherry picked from commit 73bfd7be042cc63e7649242b377ad494bf74ea4b) -(cherry picked from commit d82bd80cf4e7659906a502735b20a45964b55a88) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8baf04a6588bd392f606a3d55b0711cdd00b4b80 ---- - src/resolve/resolved-dns-query.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c -index 7f341986d9..6d372395fe 100644 ---- a/src/resolve/resolved-dns-query.c -+++ b/src/resolve/resolved-dns-query.c -@@ -381,6 +381,8 @@ DnsQuery *dns_query_free(DnsQuery *q) { - if (!q) - return NULL; - -+ q->timeout_event_source = sd_event_source_disable_unref(q->timeout_event_source); -+ - while (q->auxiliary_queries) - dns_query_free(q->auxiliary_queries); - --- -2.33.0 - diff --git a/backport-resolve-make-dns_scope_good_domain-take-DnsQuery.patch b/backport-resolve-make-dns_scope_good_domain-take-DnsQuery.patch deleted file mode 100644 index dc34ed5..0000000 --- a/backport-resolve-make-dns_scope_good_domain-take-DnsQuery.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 8cc818cdc726c8185387b413e8a2f31e00d7c185 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 23 Feb 2022 07:50:30 +0900 -Subject: [PATCH] resolve: make dns_scope_good_domain() take DnsQuery* - -(cherry picked from commit 176a9a2cca47f7c1553d96f7dd51c2193a269dbc) -(cherry picked from commit 54ab65f5f3da22985126dc3ae846a777d6b555a9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8cc818cdc726c8185387b413e8a2f31e00d7c185 ---- - src/resolve/resolved-dns-query.c | 14 ++------------ - src/resolve/resolved-dns-scope.c | 21 +++++++++++++++++---- - src/resolve/resolved-dns-scope.h | 4 ++-- - 3 files changed, 21 insertions(+), 18 deletions(-) - -diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c -index 4d15240e25..24cd7cddf5 100644 ---- a/src/resolve/resolved-dns-query.c -+++ b/src/resolve/resolved-dns-query.c -@@ -736,13 +736,8 @@ int dns_query_go(DnsQuery *q) { - - LIST_FOREACH(scopes, s, q->manager->dns_scopes) { - DnsScopeMatch match; -- const char *name; - -- name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol)); -- if (!name) -- continue; -- -- match = dns_scope_good_domain(s, q->ifindex, q->flags, name); -+ match = dns_scope_good_domain(s, q); - assert(match >= 0); - if (match > found) { /* Does this match better? If so, remember how well it matched, and the first one - * that matches this well */ -@@ -768,13 +763,8 @@ int dns_query_go(DnsQuery *q) { - - LIST_FOREACH(scopes, s, first->scopes_next) { - DnsScopeMatch match; -- const char *name; -- -- name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol)); -- if (!name) -- continue; - -- match = dns_scope_good_domain(s, q->ifindex, q->flags, name); -+ match = dns_scope_good_domain(s, q); - assert(match >= 0); - if (match < found) - continue; -diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c -index 2546d0d4da..47edba6bc3 100644 ---- a/src/resolve/resolved-dns-scope.c -+++ b/src/resolve/resolved-dns-scope.c -@@ -584,11 +584,13 @@ static DnsScopeMatch match_subnet_reverse_lookups( - - DnsScopeMatch dns_scope_good_domain( - DnsScope *s, -- int ifindex, -- uint64_t flags, -- const char *domain) { -+ DnsQuery *q) { - -+ DnsQuestion *question; - DnsSearchDomain *d; -+ const char *domain; -+ uint64_t flags; -+ int ifindex; - - /* This returns the following return values: - * -@@ -602,7 +604,18 @@ DnsScopeMatch dns_scope_good_domain( - */ - - assert(s); -- assert(domain); -+ assert(q); -+ -+ question = dns_query_question_for_protocol(q, s->protocol); -+ if (!question) -+ return DNS_SCOPE_NO; -+ -+ domain = dns_question_first_name(question); -+ if (!domain) -+ return DNS_SCOPE_NO; -+ -+ ifindex = q->ifindex; -+ flags = q->flags; - - /* Checks if the specified domain is something to look up on this scope. Note that this accepts - * non-qualified hostnames, i.e. those without any search path suffixed. */ -diff --git a/src/resolve/resolved-dns-scope.h b/src/resolve/resolved-dns-scope.h -index a2b9546b38..1f9d22b7d1 100644 ---- a/src/resolve/resolved-dns-scope.h -+++ b/src/resolve/resolved-dns-scope.h -@@ -10,7 +10,7 @@ typedef struct DnsScope DnsScope; - #include "resolved-dns-cache.h" - #include "resolved-dns-dnssec.h" - #include "resolved-dns-packet.h" -- -+#include "resolved-dns-query.h" - #include "resolved-dns-search-domain.h" - #include "resolved-dns-server.h" - #include "resolved-dns-stream.h" -@@ -76,7 +76,7 @@ int dns_scope_emit_udp(DnsScope *s, int fd, int af, DnsPacket *p); - int dns_scope_socket_tcp(DnsScope *s, int family, const union in_addr_union *address, DnsServer *server, uint16_t port, union sockaddr_union *ret_socket_address); - int dns_scope_socket_udp(DnsScope *s, DnsServer *server); - --DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, const char *domain); -+DnsScopeMatch dns_scope_good_domain(DnsScope *s, DnsQuery *q); - bool dns_scope_good_key(DnsScope *s, const DnsResourceKey *key); - - DnsServer *dns_scope_get_dns_server(DnsScope *s); --- -2.33.0 - diff --git a/backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch b/backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch deleted file mode 100644 index 1a9209c..0000000 --- a/backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 9b1f4d855aa7b16b425545fdd888dbef918d1daa Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 4 Jul 2022 11:23:33 +0900 -Subject: [PATCH] resolve: mdns_packet_extract_matching_rrs() may return 0 - -Fixes the following assertion: - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa ---- -Assertion 'r > 0' failed at src/resolve/resolved-mdns.c:180, function mdns_do_tiebreak(). Aborting. - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa ---- - -(cherry picked from commit f2605af1f2e770818bbc6bad2561acdbd25a38ad) -(cherry picked from commit 0070302b3cdc1350bf7bfd5d032dbea420f4ed40) -(cherry picked from commit 30d24c8df600545d1878a868bcd409e65479af77) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa ---- - src/resolve/resolved-mdns.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/resolve/resolved-mdns.c b/src/resolve/resolved-mdns.c -index 24241249b1..8c8ee81da1 100644 ---- a/src/resolve/resolved-mdns.c -+++ b/src/resolve/resolved-mdns.c -@@ -165,8 +165,6 @@ static int mdns_do_tiebreak(DnsResourceKey *key, DnsAnswer *answer, DnsPacket *p - if (r < 0) - return r; - -- assert(r > 0); -- - if (proposed_rrs_cmp(remote, r, our, size) > 0) - return 1; - --- -2.27.0 - diff --git a/backport-resolve-refuse-AF_UNSPEC-when-resolving-address.patch b/backport-resolve-refuse-AF_UNSPEC-when-resolving-address.patch deleted file mode 100644 index 033898a..0000000 --- a/backport-resolve-refuse-AF_UNSPEC-when-resolving-address.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 63590abb5dd48fbcc8c0dfc5dfc1ee088382d5f7 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 11 Feb 2022 09:49:13 +0900 -Subject: [PATCH] resolve: refuse AF_UNSPEC when resolving address - -Fixes #22480. - -(cherry picked from commit 0234f0c0531682e7f28a4ef51852c102c6e97267) -(cherry picked from commit 084c88983eaecbf23e113db5a7ee11f94b60472b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/63590abb5dd48fbcc8c0dfc5dfc1ee088382d5f7 ---- - src/resolve/resolved-varlink.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c -index 6f4ab425ef..9a61b19e61 100644 ---- a/src/resolve/resolved-varlink.c -+++ b/src/resolve/resolved-varlink.c -@@ -484,7 +484,7 @@ static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, Var - if (p.ifindex < 0) - return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("ifindex")); - -- if (!IN_SET(p.family, AF_UNSPEC, AF_INET, AF_INET6)) -+ if (!IN_SET(p.family, AF_INET, AF_INET6)) - return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("family")); - - if (FAMILY_ADDRESS_SIZE(p.family) != p.address_size) --- -2.33.0 - diff --git a/backport-resolve-remove-server-large-level.patch b/backport-resolve-remove-server-large-level.patch deleted file mode 100644 index d51cfd9..0000000 --- a/backport-resolve-remove-server-large-level.patch +++ /dev/null @@ -1,152 +0,0 @@ -From 0bc9811acfd2535bf8a7a16a3903a2c22df206c9 Mon Sep 17 00:00:00 2001 -From: Dan Streetman -Date: Fri, 20 Aug 2021 14:44:35 -0400 -Subject: [PATCH] resolve: remove server 'large' level - -This removes the DNS_SERVER_FEATURE_LEVEL_LARGE, and sets the EDNS0 -advertised max packet size as if always in 'large' mode. - -Without this, we always send out EDNS0 opts that limit response sizes -to 512 bytes, thus the remote server will never send anything larger -and will always truncate responses larger than 512 bytes, forcing us -to drop from EDNS0 down to TCP, even though one of the primary benefits -of EDNS0 is larger packet sizes. - -Fixes: #20993 -(cherry picked from commit 526fce97afe130f71dba3bd4646196bbb1188b82) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0bc9811acfd2535bf8a7a16a3903a2c22df206c9 ---- - src/resolve/resolved-dns-server.c | 63 +++++++++++-------------------- - src/resolve/resolved-dns-server.h | 3 +- - 2 files changed, 24 insertions(+), 42 deletions(-) - -diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c -index 58a1376708..a21148d288 100644 ---- a/src/resolve/resolved-dns-server.c -+++ b/src/resolve/resolved-dns-server.c -@@ -282,11 +282,6 @@ void dns_server_packet_received(DnsServer *s, int protocol, DnsServerFeatureLeve - if (s->packet_bad_opt && level >= DNS_SERVER_FEATURE_LEVEL_EDNS0) - level = DNS_SERVER_FEATURE_LEVEL_EDNS0 - 1; - -- /* Even if we successfully receive a reply to a request announcing support for large packets, that -- * does not mean we can necessarily receive large packets. */ -- if (level == DNS_SERVER_FEATURE_LEVEL_LARGE) -- level = DNS_SERVER_FEATURE_LEVEL_LARGE - 1; -- - dns_server_verified(s, level); - - /* Remember the size of the largest UDP packet fragment we received from a server, we know that we -@@ -429,7 +424,7 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) { - * better than EDNS0, hence don't even try. */ - if (dns_server_get_dnssec_mode(s) != DNSSEC_NO) - best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ? -- DNS_SERVER_FEATURE_LEVEL_LARGE : -+ DNS_SERVER_FEATURE_LEVEL_DO : - DNS_SERVER_FEATURE_LEVEL_TLS_DO; - else - best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ? -@@ -597,7 +592,7 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) { - } - - int dns_server_adjust_opt(DnsServer *server, DnsPacket *packet, DnsServerFeatureLevel level) { -- size_t packet_size; -+ size_t packet_size, udp_size; - bool edns_do; - int r; - -@@ -616,40 +611,29 @@ int dns_server_adjust_opt(DnsServer *server, DnsPacket *packet, DnsServerFeature - - edns_do = level >= DNS_SERVER_FEATURE_LEVEL_DO; - -- if (level == DNS_SERVER_FEATURE_LEVEL_LARGE) { -- size_t udp_size; -- -- /* In large mode, advertise the local MTU, in order to avoid fragmentation (for security -- * reasons) – except if we are talking to localhost (where the security considerations don't -- * matter). If we see fragmentation, lower the reported size to the largest fragment, to -- * avoid it. */ -- -- udp_size = udp_header_size(server->family); -- -- if (in_addr_is_localhost(server->family, &server->address) > 0) -- packet_size = 65536 - udp_size; /* force linux loopback MTU if localhost address */ -- else { -- /* Use the MTU pointing to the server, subtract the IP/UDP header size */ -- packet_size = LESS_BY(dns_server_get_mtu(server), udp_size); -+ udp_size = udp_header_size(server->family); - -- /* On the Internet we want to avoid fragmentation for security reasons. If we saw -- * fragmented packets, the above was too large, let's clamp it to the largest -- * fragment we saw */ -- if (server->packet_fragmented) -- packet_size = MIN(server->received_udp_fragment_max, packet_size); -- -- /* Let's not pick ridiculously large sizes, i.e. not more than 4K. No one appears -- * to ever use such large sized on the Internet IRL, hence let's not either. */ -- packet_size = MIN(packet_size, 4096U); -- } -+ if (in_addr_is_localhost(server->family, &server->address) > 0) -+ packet_size = 65536 - udp_size; /* force linux loopback MTU if localhost address */ -+ else { -+ /* Use the MTU pointing to the server, subtract the IP/UDP header size */ -+ packet_size = LESS_BY(dns_server_get_mtu(server), udp_size); -+ -+ /* On the Internet we want to avoid fragmentation for security reasons. If we saw -+ * fragmented packets, the above was too large, let's clamp it to the largest -+ * fragment we saw */ -+ if (server->packet_fragmented) -+ packet_size = MIN(server->received_udp_fragment_max, packet_size); -+ -+ /* Let's not pick ridiculously large sizes, i.e. not more than 4K. No one appears -+ * to ever use such large sized on the Internet IRL, hence let's not either. */ -+ packet_size = MIN(packet_size, 4096U); -+ } - -- /* Strictly speaking we quite possibly can receive larger datagrams than the MTU (since the -- * MTU is for egress, not for ingress), but more often than not the value is symmetric, and -- * we want something that does the right thing in the majority of cases, and not just in the -- * theoretical edge case. */ -- } else -- /* In non-large mode, let's advertise the size of the largest fragment we ever managed to accept. */ -- packet_size = server->received_udp_fragment_max; -+ /* Strictly speaking we quite possibly can receive larger datagrams than the MTU (since the -+ * MTU is for egress, not for ingress), but more often than not the value is symmetric, and -+ * we want something that does the right thing in the majority of cases, and not just in the -+ * theoretical edge case. */ - - /* Safety clamp, never advertise less than 512 or more than 65535 */ - packet_size = CLAMP(packet_size, -@@ -1097,7 +1081,6 @@ static const char* const dns_server_feature_level_table[_DNS_SERVER_FEATURE_LEVE - [DNS_SERVER_FEATURE_LEVEL_EDNS0] = "UDP+EDNS0", - [DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN] = "TLS+EDNS0", - [DNS_SERVER_FEATURE_LEVEL_DO] = "UDP+EDNS0+DO", -- [DNS_SERVER_FEATURE_LEVEL_LARGE] = "UDP+EDNS0+DO+LARGE", - [DNS_SERVER_FEATURE_LEVEL_TLS_DO] = "TLS+EDNS0+D0", - }; - DEFINE_STRING_TABLE_LOOKUP(dns_server_feature_level, DnsServerFeatureLevel); -diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h -index fe0eaee49c..be9efb0a79 100644 ---- a/src/resolve/resolved-dns-server.h -+++ b/src/resolve/resolved-dns-server.h -@@ -32,7 +32,6 @@ typedef enum DnsServerFeatureLevel { - DNS_SERVER_FEATURE_LEVEL_EDNS0, - DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN, - DNS_SERVER_FEATURE_LEVEL_DO, -- DNS_SERVER_FEATURE_LEVEL_LARGE, - DNS_SERVER_FEATURE_LEVEL_TLS_DO, - _DNS_SERVER_FEATURE_LEVEL_MAX, - _DNS_SERVER_FEATURE_LEVEL_INVALID = -EINVAL, -@@ -43,7 +42,7 @@ typedef enum DnsServerFeatureLevel { - #define DNS_SERVER_FEATURE_LEVEL_IS_EDNS0(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_EDNS0) - #define DNS_SERVER_FEATURE_LEVEL_IS_TLS(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN, DNS_SERVER_FEATURE_LEVEL_TLS_DO) - #define DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_DO) --#define DNS_SERVER_FEATURE_LEVEL_IS_UDP(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO, DNS_SERVER_FEATURE_LEVEL_LARGE) -+#define DNS_SERVER_FEATURE_LEVEL_IS_UDP(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO) - - const char* dns_server_feature_level_to_string(int i) _const_; - int dns_server_feature_level_from_string(const char *s) _pure_; --- -2.33.0 - diff --git a/backport-resolve-synthesize-empty-domain-only-when-A-and-or-A.patch b/backport-resolve-synthesize-empty-domain-only-when-A-and-or-A.patch deleted file mode 100644 index 69ebd75..0000000 --- a/backport-resolve-synthesize-empty-domain-only-when-A-and-or-A.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 76016b82c683bcb15c155a8ab7ca45004894c134 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 4 Feb 2022 12:05:33 +0900 -Subject: [PATCH] resolve: synthesize empty domain only when A and/or AAAA key - is requested - -Follow-up for 3b2ac14ac45bef01cf489c3231b868936866444b (#22231). - -Before this commit. ---- -$ dig -t SRV '.' - -; <<>> DiG 9.16.24-RH <<>> -t SRV . -;; global options: +cmd -;; Got answer: -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16836 -;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 - -;; OPT PSEUDOSECTION: -; EDNS: version: 0, flags:; udp: 65494 -;; QUESTION SECTION: -;. IN SRV - -;; Query time: 1 msec -;; SERVER: 127.0.0.53#53(127.0.0.53) -;; WHEN: Fri Feb 04 12:01:09 JST 2022 -;; MSG SIZE rcvd: 28 ---- - -After this commit. ---- -$ dig -t SRV '.' - -; <<>> DiG 9.16.24-RH <<>> -t SRV . -;; global options: +cmd -;; Got answer: -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19861 -;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 - -;; OPT PSEUDOSECTION: -; EDNS: version: 0, flags:; udp: 65494 -;; QUESTION SECTION: -;. IN SRV - -;; AUTHORITY SECTION: -. 86394 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022020302 1800 900 604800 86400 - -;; Query time: 20 msec -;; SERVER: 127.0.0.53#53(127.0.0.53) -;; WHEN: Fri Feb 04 12:00:12 JST 2022 -;; MSG SIZE rcvd: 103 ---- - -Fixes #22401. - -(cherry picked from commit 30fa3aa1fa56d9a1a4f3a26c0bc02253d44dfa0f) -(cherry picked from commit d57147ef5698c50e02e5e74df8d0936230032cfe) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/76016b82c683bcb15c155a8ab7ca45004894c134 ---- - src/resolve/resolved-dns-scope.c | 20 ++++++++++++++++---- - 1 file changed, 16 insertions(+), 4 deletions(-) - -diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c -index 47edba6bc3..360ceecdb7 100644 ---- a/src/resolve/resolved-dns-scope.c -+++ b/src/resolve/resolved-dns-scope.c -@@ -626,10 +626,6 @@ DnsScopeMatch dns_scope_good_domain( - if ((SD_RESOLVED_FLAGS_MAKE(s->protocol, s->family, false, false) & flags) == 0) - return DNS_SCOPE_NO; - -- /* Never resolve empty name. */ -- if (dns_name_is_empty(domain)) -- return DNS_SCOPE_NO; -- - /* Never resolve any loopback hostname or IP address via DNS, LLMNR or mDNS. Instead, always rely on - * synthesized RRs for these. */ - if (is_localhost(domain) || -@@ -658,6 +654,22 @@ DnsScopeMatch dns_scope_good_domain( - DnsScopeMatch m; - int n_best = -1; - -+ if (dns_name_is_empty(domain)) { -+ DnsResourceKey *t; -+ bool found = false; -+ -+ /* Refuse empty name if only A and/or AAAA records are requested. */ -+ -+ DNS_QUESTION_FOREACH(t, question) -+ if (!IN_SET(t->type, DNS_TYPE_A, DNS_TYPE_AAAA)) { -+ found = true; -+ break; -+ } -+ -+ if (!found) -+ return DNS_SCOPE_NO; -+ } -+ - /* Never route things to scopes that lack DNS servers */ - if (!dns_scope_get_dns_server(s)) - return DNS_SCOPE_NO; --- -2.33.0 - diff --git a/backport-resolve-synthesize-empty-name.patch b/backport-resolve-synthesize-empty-name.patch deleted file mode 100644 index 165d411..0000000 --- a/backport-resolve-synthesize-empty-name.patch +++ /dev/null @@ -1,97 +0,0 @@ -From d3331adc66af4e69f7bdc378c1c591dd27703bf2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 24 Jan 2022 06:07:33 +0900 -Subject: [PATCH] resolve: synthesize empty name - -Do not return any error for empty name. Just returns empty answer. - -Before: ---- -$ dig . - -; <<>> DiG 9.16.24-RH <<>> . -;; global options: +cmd -;; Got answer: -;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13617 -;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 - -;; OPT PSEUDOSECTION: -; EDNS: version: 0, flags:; udp: 65494 -;; QUESTION SECTION: -;. IN A - -;; Query time: 0 msec -;; SERVER: 127.0.0.53#53(127.0.0.53) -;; WHEN: Mon Jan 24 05:49:30 JST 2022 -;; MSG SIZE rcvd: 28 ---- - -After: ---- -$ dig . - -; <<>> DiG 9.16.24-RH <<>> . -;; global options: +cmd -;; Got answer: -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7957 -;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 - -;; OPT PSEUDOSECTION: -; EDNS: version: 0, flags:; udp: 65494 -;; QUESTION SECTION: -;. IN A - -;; Query time: 1 msec -;; SERVER: 127.0.0.53#53(127.0.0.53) -;; WHEN: Mon Jan 24 06:05:02 JST 2022 -;; MSG SIZE rcvd: 28 ---- - -Replaces #22197. - -Fixes RHBZ#2039854 (https://bugzilla.redhat.com/show_bug.cgi?id=2039854). - -(cherry picked from commit 3b2ac14ac45bef01cf489c3231b868936866444b) -(cherry picked from commit 0fd3ccca64402eaec9535d0288d888f7fcacb9b8) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d3331adc66af4e69f7bdc378c1c591dd27703bf2 ---- - src/resolve/resolved-dns-scope.c | 4 ++++ - src/resolve/resolved-dns-synthesize.c | 5 ++++- - 2 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c -index 178482727c..2546d0d4da 100644 ---- a/src/resolve/resolved-dns-scope.c -+++ b/src/resolve/resolved-dns-scope.c -@@ -613,6 +613,10 @@ DnsScopeMatch dns_scope_good_domain( - if ((SD_RESOLVED_FLAGS_MAKE(s->protocol, s->family, false, false) & flags) == 0) - return DNS_SCOPE_NO; - -+ /* Never resolve empty name. */ -+ if (dns_name_is_empty(domain)) -+ return DNS_SCOPE_NO; -+ - /* Never resolve any loopback hostname or IP address via DNS, LLMNR or mDNS. Instead, always rely on - * synthesized RRs for these. */ - if (is_localhost(domain) || -diff --git a/src/resolve/resolved-dns-synthesize.c b/src/resolve/resolved-dns-synthesize.c -index ef1423f441..ea239e686d 100644 ---- a/src/resolve/resolved-dns-synthesize.c -+++ b/src/resolve/resolved-dns-synthesize.c -@@ -394,7 +394,10 @@ int dns_synthesize_answer( - - name = dns_resource_key_name(key); - -- if (is_localhost(name)) { -+ if (dns_name_is_empty(name)) { -+ /* Do nothing. */ -+ -+ } else if (is_localhost(name)) { - - r = synthesize_localhost_rr(m, key, ifindex, &answer); - if (r < 0) --- -2.33.0 - diff --git a/backport-resolve-synthesize-null-address-IPv4-broadcast-addre.patch b/backport-resolve-synthesize-null-address-IPv4-broadcast-addre.patch deleted file mode 100644 index 8478b27..0000000 --- a/backport-resolve-synthesize-null-address-IPv4-broadcast-addre.patch +++ /dev/null @@ -1,41 +0,0 @@ -From a3d2c2b669149fe7e1bfdfa0c72c39653bef2e4c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 24 Jan 2022 06:36:53 +0900 -Subject: [PATCH] resolve: synthesize null address, IPv4 broadcast address, or - invalid domain - -These are filtered in `dns_scope_good_domain()`, but not synthesized. - -Fixes #22229. - -(cherry picked from commit 46b53e8035fb60c9a7f26dd32d6689ab3b7da97c) -(cherry picked from commit 89b439ee00e3fbee47cda3f790cbf320538cae7f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a3d2c2b669149fe7e1bfdfa0c72c39653bef2e4c ---- - src/resolve/resolved-dns-synthesize.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/src/resolve/resolved-dns-synthesize.c b/src/resolve/resolved-dns-synthesize.c -index ea239e686d..0914515fdf 100644 ---- a/src/resolve/resolved-dns-synthesize.c -+++ b/src/resolve/resolved-dns-synthesize.c -@@ -397,6 +397,14 @@ int dns_synthesize_answer( - if (dns_name_is_empty(name)) { - /* Do nothing. */ - -+ } else if (dns_name_endswith(name, "0.in-addr.arpa") > 0 || -+ dns_name_equal(name, "255.255.255.255.in-addr.arpa") > 0 || -+ dns_name_equal(name, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0 || -+ dns_name_endswith(name, "invalid") > 0) { -+ -+ nxdomain = true; -+ continue; -+ - } else if (is_localhost(name)) { - - r = synthesize_localhost_rr(m, key, ifindex, &answer); --- -2.33.0 - diff --git a/backport-resolve-use-_cleanup_-attribute-for-freeing-DnsQuery.patch b/backport-resolve-use-_cleanup_-attribute-for-freeing-DnsQuery.patch deleted file mode 100644 index e56b352..0000000 --- a/backport-resolve-use-_cleanup_-attribute-for-freeing-DnsQuery.patch +++ /dev/null @@ -1,563 +0,0 @@ -From 87f33d6a03d8c25393ad6472fcad5b69bb60aa6b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 5 Feb 2022 22:04:42 +0900 -Subject: [PATCH] resolve: use _cleanup_ attribute for freeing DnsQuery - -(cherry picked from commit c704288c473fa08820566fdb16c38726d24db026) -(cherry picked from commit 0533d1aab61b6a797d07c4c861acf5e87f8191e8) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/87f33d6a03d8c25393ad6472fcad5b69bb60aa6b ---- - src/resolve/resolved-bus.c | 112 +++++++++++++++----------------- - src/resolve/resolved-dns-stub.c | 27 +++----- - src/resolve/resolved-varlink.c | 38 +++++------ - 3 files changed, 79 insertions(+), 98 deletions(-) - -diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c -index 78d1acf5e0..ed06895ed9 100644 ---- a/src/resolve/resolved-bus.c -+++ b/src/resolve/resolved-bus.c -@@ -179,9 +179,10 @@ static int append_address(sd_bus_message *reply, DnsResourceRecord *rr, int ifin - return 0; - } - --static void bus_method_resolve_hostname_complete(DnsQuery *q) { -+static void bus_method_resolve_hostname_complete(DnsQuery *query) { - _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *canonical = NULL; - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - _cleanup_free_ char *normalized = NULL; - DnsQuestion *question; - DnsResourceRecord *rr; -@@ -202,8 +203,11 @@ static void bus_method_resolve_hostname_complete(DnsQuery *q) { - } - if (r < 0) - goto finish; -- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ -+ if (r == DNS_QUERY_CNAME) { -+ /* This was a cname, and the query was restarted. */ -+ TAKE_PTR(q); - return; -+ } - - r = sd_bus_message_new_method_return(q->bus_request, &reply); - if (r < 0) -@@ -264,8 +268,6 @@ finish: - log_error_errno(r, "Failed to send hostname reply: %m"); - sd_bus_reply_method_errno(q->bus_request, r, NULL); - } -- -- dns_query_free(q); - } - - static int validate_and_mangle_flags( -@@ -403,11 +405,11 @@ void bus_client_log(sd_bus_message *m, const char *what) { - - static int bus_method_resolve_hostname(sd_bus_message *message, void *userdata, sd_bus_error *error) { - _cleanup_(dns_question_unrefp) DnsQuestion *question_idna = NULL, *question_utf8 = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = NULL; - Manager *m = userdata; - const char *hostname; - int family, ifindex; - uint64_t flags; -- DnsQuery *q; - int r; - - assert(message); -@@ -459,21 +461,19 @@ static int bus_method_resolve_hostname(sd_bus_message *message, void *userdata, - - r = dns_query_bus_track(q, message); - if (r < 0) -- goto fail; -+ return r; - - r = dns_query_go(q); - if (r < 0) -- goto fail; -+ return r; - -+ TAKE_PTR(q); - return 1; -- --fail: -- dns_query_free(q); -- return r; - } - --static void bus_method_resolve_address_complete(DnsQuery *q) { -+static void bus_method_resolve_address_complete(DnsQuery *query) { - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - DnsQuestion *question; - DnsResourceRecord *rr; - unsigned added = 0; -@@ -493,8 +493,11 @@ static void bus_method_resolve_address_complete(DnsQuery *q) { - } - if (r < 0) - goto finish; -- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ -+ if (r == DNS_QUERY_CNAME) { -+ /* This was a cname, and the query was restarted. */ -+ TAKE_PTR(q); - return; -+ } - - r = sd_bus_message_new_method_return(q->bus_request, &reply); - if (r < 0) -@@ -550,17 +553,15 @@ finish: - log_error_errno(r, "Failed to send address reply: %m"); - sd_bus_reply_method_errno(q->bus_request, r, NULL); - } -- -- dns_query_free(q); - } - - static int bus_method_resolve_address(sd_bus_message *message, void *userdata, sd_bus_error *error) { - _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = NULL; - Manager *m = userdata; - union in_addr_union a; - int family, ifindex; - uint64_t flags; -- DnsQuery *q; - int r; - - assert(message); -@@ -604,17 +605,14 @@ static int bus_method_resolve_address(sd_bus_message *message, void *userdata, s - - r = dns_query_bus_track(q, message); - if (r < 0) -- goto fail; -+ return r; - - r = dns_query_go(q); - if (r < 0) -- goto fail; -+ return r; - -+ TAKE_PTR(q); - return 1; -- --fail: -- dns_query_free(q); -- return r; - } - - static int bus_message_append_rr(sd_bus_message *m, DnsResourceRecord *rr, int ifindex) { -@@ -645,8 +643,9 @@ static int bus_message_append_rr(sd_bus_message *m, DnsResourceRecord *rr, int i - return sd_bus_message_close_container(m); - } - --static void bus_method_resolve_record_complete(DnsQuery *q) { -+static void bus_method_resolve_record_complete(DnsQuery *query) { - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - DnsResourceRecord *rr; - DnsQuestion *question; - unsigned added = 0; -@@ -667,8 +666,11 @@ static void bus_method_resolve_record_complete(DnsQuery *q) { - } - if (r < 0) - goto finish; -- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ -+ if (r == DNS_QUERY_CNAME) { -+ /* This was a cname, and the query was restarted. */ -+ TAKE_PTR(q); - return; -+ } - - r = sd_bus_message_new_method_return(q->bus_request, &reply); - if (r < 0) -@@ -714,19 +716,17 @@ finish: - log_error_errno(r, "Failed to send record reply: %m"); - sd_bus_reply_method_errno(q->bus_request, r, NULL); - } -- -- dns_query_free(q); - } - - static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd_bus_error *error) { - _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL; - _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = NULL; - Manager *m = userdata; - uint16_t class, type; - const char *name; - int r, ifindex; - uint64_t flags; -- DnsQuery *q; - - assert(message); - assert(m); -@@ -782,17 +782,14 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd - - r = dns_query_bus_track(q, message); - if (r < 0) -- goto fail; -+ return r; - - r = dns_query_go(q); - if (r < 0) -- goto fail; -+ return r; - -+ TAKE_PTR(q); - return 1; -- --fail: -- dns_query_free(q); -- return r; - } - - static int append_srv(DnsQuery *q, sd_bus_message *reply, DnsResourceRecord *rr) { -@@ -952,10 +949,11 @@ static int append_txt(sd_bus_message *reply, DnsResourceRecord *rr) { - return 1; - } - --static void resolve_service_all_complete(DnsQuery *q) { -+static void resolve_service_all_complete(DnsQuery *query) { - _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *canonical = NULL; - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; - _cleanup_free_ char *name = NULL, *type = NULL, *domain = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - DnsQuestion *question; - DnsResourceRecord *rr; - unsigned added = 0; -@@ -964,8 +962,10 @@ static void resolve_service_all_complete(DnsQuery *q) { - - assert(q); - -- if (q->block_all_complete > 0) -+ if (q->block_all_complete > 0) { -+ TAKE_PTR(q); - return; -+ } - - if ((q->flags & SD_RESOLVED_NO_ADDRESS) == 0) { - DnsQuery *bad = NULL; -@@ -977,6 +977,7 @@ static void resolve_service_all_complete(DnsQuery *q) { - - case DNS_TRANSACTION_PENDING: - /* If an auxiliary query is still pending, let's wait */ -+ TAKE_PTR(q); - return; - - case DNS_TRANSACTION_SUCCESS: -@@ -1093,8 +1094,6 @@ finish: - log_error_errno(r, "Failed to send service reply: %m"); - sd_bus_reply_method_errno(q->bus_request, r, NULL); - } -- -- dns_query_free(q); - } - - static void resolve_service_hostname_complete(DnsQuery *q) { -@@ -1119,7 +1118,7 @@ static void resolve_service_hostname_complete(DnsQuery *q) { - - static int resolve_service_hostname(DnsQuery *q, DnsResourceRecord *rr, int ifindex) { - _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL; -- DnsQuery *aux; -+ _cleanup_(dns_query_freep) DnsQuery *aux = NULL; - int r; - - assert(q); -@@ -1142,32 +1141,27 @@ static int resolve_service_hostname(DnsQuery *q, DnsResourceRecord *rr, int ifin - aux->complete = resolve_service_hostname_complete; - - r = dns_query_make_auxiliary(aux, q); -- if (r == -EAGAIN) { -+ if (r == -EAGAIN) - /* Too many auxiliary lookups? If so, don't complain, - * let's just not add this one, we already have more - * than enough */ -- -- dns_query_free(aux); - return 0; -- } - if (r < 0) -- goto fail; -+ return r; - - /* Note that auxiliary queries do not track the original bus - * client, only the primary request does that. */ - - r = dns_query_go(aux); - if (r < 0) -- goto fail; -+ return r; - -+ TAKE_PTR(aux); - return 1; -- --fail: -- dns_query_free(aux); -- return r; - } - --static void bus_method_resolve_service_complete(DnsQuery *q) { -+static void bus_method_resolve_service_complete(DnsQuery *query) { -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - bool has_root_domain = false; - DnsResourceRecord *rr; - DnsQuestion *question; -@@ -1188,8 +1182,11 @@ static void bus_method_resolve_service_complete(DnsQuery *q) { - } - if (r < 0) - goto finish; -- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ -+ if (r == DNS_QUERY_CNAME) { -+ /* This was a cname, and the query was restarted. */ -+ TAKE_PTR(q); - return; -+ } - - question = dns_query_question_for_protocol(q, q->answer_protocol); - -@@ -1237,7 +1234,7 @@ static void bus_method_resolve_service_complete(DnsQuery *q) { - } - - /* Maybe we are already finished? check now... */ -- resolve_service_all_complete(q); -+ resolve_service_all_complete(TAKE_PTR(q)); - return; - - finish: -@@ -1245,17 +1242,15 @@ finish: - log_error_errno(r, "Failed to send service reply: %m"); - sd_bus_reply_method_errno(q->bus_request, r, NULL); - } -- -- dns_query_free(q); - } - - static int bus_method_resolve_service(sd_bus_message *message, void *userdata, sd_bus_error *error) { - _cleanup_(dns_question_unrefp) DnsQuestion *question_idna = NULL, *question_utf8 = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = NULL; - const char *name, *type, *domain; - Manager *m = userdata; - int family, ifindex; - uint64_t flags; -- DnsQuery *q; - int r; - - assert(message); -@@ -1316,17 +1311,14 @@ static int bus_method_resolve_service(sd_bus_message *message, void *userdata, s - - r = dns_query_bus_track(q, message); - if (r < 0) -- goto fail; -+ return r; - - r = dns_query_go(q); - if (r < 0) -- goto fail; -+ return r; - -+ TAKE_PTR(q); - return 1; -- --fail: -- dns_query_free(q); -- return r; - } - - int bus_dns_server_append(sd_bus_message *reply, DnsServer *s, bool with_ifindex, bool extended) { -diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c -index 8040db70f9..400e741031 100644 ---- a/src/resolve/resolved-dns-stub.c -+++ b/src/resolve/resolved-dns-stub.c -@@ -684,7 +684,8 @@ static int dns_stub_patch_bypass_reply_packet( - return 0; - } - --static void dns_stub_query_complete(DnsQuery *q) { -+static void dns_stub_query_complete(DnsQuery *query) { -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - int r; - - assert(q); -@@ -705,7 +706,6 @@ static void dns_stub_query_complete(DnsQuery *q) { - else - (void) dns_stub_send(q->manager, q->stub_listener_extra, q->request_stream, q->request_packet, reply); - -- dns_query_free(q); - return; - } - } -@@ -717,11 +717,8 @@ static void dns_stub_query_complete(DnsQuery *q) { - q, - dns_query_question_for_protocol(q, DNS_PROTOCOL_DNS), - dns_stub_reply_with_edns0_do(q)); -- if (r < 0) { -- log_debug_errno(r, "Failed to assign sections: %m"); -- dns_query_free(q); -- return; -- } -+ if (r < 0) -+ return (void) log_debug_errno(r, "Failed to assign sections: %m"); - - switch (q->state) { - -@@ -755,11 +752,10 @@ static void dns_stub_query_complete(DnsQuery *q) { - * packet doesn't answer our question. In that case let's restart the query, - * now with the redirected question. We'll */ - r = dns_query_go(q); -- if (r < 0) { -- log_debug_errno(r, "Failed to restart query: %m"); -- dns_query_free(q); -- } -+ if (r < 0) -+ return (void) log_debug_errno(r, "Failed to restart query: %m"); - -+ TAKE_PTR(q); - return; - } - -@@ -767,11 +763,8 @@ static void dns_stub_query_complete(DnsQuery *q) { - q, - dns_query_question_for_protocol(q, DNS_PROTOCOL_DNS), - dns_stub_reply_with_edns0_do(q)); -- if (r < 0) { -- log_debug_errno(r, "Failed to assign sections: %m"); -- dns_query_free(q); -- return; -- } -+ if (r < 0) -+ return (void) log_debug_errno(r, "Failed to assign sections: %m"); - - if (cname_result == DNS_QUERY_MATCH) /* A match? Then we are done, let's return what we got */ - break; -@@ -817,8 +810,6 @@ static void dns_stub_query_complete(DnsQuery *q) { - default: - assert_not_reached("Impossible state"); - } -- -- dns_query_free(q); - } - - static int dns_stub_stream_complete(DnsStream *s, int error) { -diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c -index 27d8c8967e..6f4ab425ef 100644 ---- a/src/resolve/resolved-varlink.c -+++ b/src/resolve/resolved-varlink.c -@@ -143,9 +143,10 @@ static bool validate_and_mangle_flags( - return true; - } - --static void vl_method_resolve_hostname_complete(DnsQuery *q) { -+static void vl_method_resolve_hostname_complete(DnsQuery *query) { - _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *canonical = NULL; - _cleanup_(json_variant_unrefp) JsonVariant *array = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - _cleanup_free_ char *normalized = NULL; - DnsResourceRecord *rr; - DnsQuestion *question; -@@ -165,8 +166,11 @@ static void vl_method_resolve_hostname_complete(DnsQuery *q) { - } - if (r < 0) - goto finish; -- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ -+ if (r == DNS_QUERY_CNAME) { -+ /* This was a cname, and the query was restarted. */ -+ TAKE_PTR(q); - return; -+ } - - question = dns_query_question_for_protocol(q, q->answer_protocol); - -@@ -228,8 +232,6 @@ finish: - log_error_errno(r, "Failed to send hostname reply: %m"); - r = varlink_error_errno(q->varlink_request, r); - } -- -- dns_query_free(q); - } - - static int parse_as_address(Varlink *link, LookupParameters *p) { -@@ -284,7 +286,7 @@ static int vl_method_resolve_hostname(Varlink *link, JsonVariant *parameters, Va - _cleanup_(lookup_parameters_destroy) LookupParameters p = { - .family = AF_UNSPEC, - }; -- DnsQuery *q; -+ _cleanup_(dns_query_freep) DnsQuery *q = NULL; - Manager *m; - int r; - -@@ -338,13 +340,10 @@ static int vl_method_resolve_hostname(Varlink *link, JsonVariant *parameters, Va - - r = dns_query_go(q); - if (r < 0) -- goto fail; -+ return r; - -+ TAKE_PTR(q); - return 1; -- --fail: -- dns_query_free(q); -- return r; - } - - static int json_dispatch_address(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) { -@@ -382,8 +381,9 @@ static int json_dispatch_address(const char *name, JsonVariant *variant, JsonDis - return 0; - } - --static void vl_method_resolve_address_complete(DnsQuery *q) { -+static void vl_method_resolve_address_complete(DnsQuery *query) { - _cleanup_(json_variant_unrefp) JsonVariant *array = NULL; -+ _cleanup_(dns_query_freep) DnsQuery *q = query; - DnsQuestion *question; - DnsResourceRecord *rr; - int ifindex, r; -@@ -402,8 +402,11 @@ static void vl_method_resolve_address_complete(DnsQuery *q) { - } - if (r < 0) - goto finish; -- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ -+ if (r == DNS_QUERY_CNAME) { -+ /* This was a cname, and the query was restarted. */ -+ TAKE_PTR(q); - return; -+ } - - question = dns_query_question_for_protocol(q, q->answer_protocol); - -@@ -447,8 +450,6 @@ finish: - log_error_errno(r, "Failed to send address reply: %m"); - r = varlink_error_errno(q->varlink_request, r); - } -- -- dns_query_free(q); - } - - static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) { -@@ -464,7 +465,7 @@ static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, Var - _cleanup_(lookup_parameters_destroy) LookupParameters p = { - .family = AF_UNSPEC, - }; -- DnsQuery *q; -+ _cleanup_(dns_query_freep) DnsQuery *q = NULL; - Manager *m; - int r; - -@@ -509,13 +510,10 @@ static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, Var - - r = dns_query_go(q); - if (r < 0) -- goto fail; -+ return r; - -+ TAKE_PTR(q); - return 1; -- --fail: -- dns_query_free(q); -- return r; - } - - int manager_varlink_init(Manager *m) { --- -2.33.0 - diff --git a/backport-resolved-Don-t-omit-AD-bit-in-reply-if-DO-is-set-in-.patch b/backport-resolved-Don-t-omit-AD-bit-in-reply-if-DO-is-set-in-.patch deleted file mode 100644 index 9a7efbc..0000000 --- a/backport-resolved-Don-t-omit-AD-bit-in-reply-if-DO-is-set-in-.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 5421863a16f19ba6a85214bb17986d6015b298b3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jack=20D=C3=A4hn?= -Date: Tue, 3 Aug 2021 08:07:05 +0200 -Subject: [PATCH] resolved: Don't omit AD bit in reply if DO is set in the - query - -Set the AD bit in the response if the data is authenticated and AD or DO is set in the query, as suggested by section 5.8 of RFC6840. - -Fixes #20332 - -(cherry picked from commit b553abd8aed0f6fbff9973882fb08c3aec1d9400) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5421863a16f19ba6a85214bb17986d6015b298b3 ---- - src/resolve/resolved-dns-stub.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c -index 5b9d32f001..49da916576 100644 ---- a/src/resolve/resolved-dns-stub.c -+++ b/src/resolve/resolved-dns-stub.c -@@ -585,7 +585,7 @@ static int dns_stub_send_reply( - DNS_PACKET_RD(q->request_packet), - !!q->request_packet->opt, - edns0_do, -- DNS_PACKET_AD(q->request_packet) && dns_query_fully_authenticated(q), -+ (DNS_PACKET_AD(q->request_packet) || DNS_PACKET_DO(q->request_packet)) && dns_query_fully_authenticated(q), - DNS_PACKET_CD(q->request_packet), - q->stub_listener_extra ? ADVERTISE_EXTRA_DATAGRAM_SIZE_MAX : ADVERTISE_DATAGRAM_SIZE_MAX, - dns_packet_has_nsid_request(q->request_packet) > 0 && !q->stub_listener_extra); -@@ -627,7 +627,7 @@ static int dns_stub_send_failure( - DNS_PACKET_RD(p), - !!p->opt, - DNS_PACKET_DO(p), -- DNS_PACKET_AD(p) && authenticated, -+ (DNS_PACKET_AD(p) || DNS_PACKET_DO(p)) && authenticated, - DNS_PACKET_CD(p), - l ? ADVERTISE_EXTRA_DATAGRAM_SIZE_MAX : ADVERTISE_DATAGRAM_SIZE_MAX, - dns_packet_has_nsid_request(p) > 0 && !l); --- -2.33.0 - diff --git a/backport-resolved-clean-up-manager_write_resolv_conf-a-bit.patch b/backport-resolved-clean-up-manager_write_resolv_conf-a-bit.patch deleted file mode 100644 index f80a934..0000000 --- a/backport-resolved-clean-up-manager_write_resolv_conf-a-bit.patch +++ /dev/null @@ -1,109 +0,0 @@ -From e4f6e956abdca1b7f538845dae79e5afb708e2df Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 22 Nov 2021 18:29:17 +0100 -Subject: [PATCH] resolved: clean up manager_write_resolv_conf() a bit - -Let's downgrade log messages which are not fatal for the service to -LOG_WARNING. - -And let's simplify clean-up by using _cleanup_(unlink_and_freep). - -(cherry picked from commit e2ef1e9aea24d89d1e92fa4675ddc330029b48bf) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e4f6e956abdca1b7f538845dae79e5afb708e2df ---- - src/resolve/resolved-resolv-conf.c | 41 +++++++++++------------------- - 1 file changed, 15 insertions(+), 26 deletions(-) - -diff --git a/src/resolve/resolved-resolv-conf.c b/src/resolve/resolved-resolv-conf.c -index d5a77605a8..100894d6b2 100644 ---- a/src/resolve/resolved-resolv-conf.c -+++ b/src/resolve/resolved-resolv-conf.c -@@ -330,7 +330,7 @@ static int write_stub_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSet - - int manager_write_resolv_conf(Manager *m) { - _cleanup_ordered_set_free_ OrderedSet *dns = NULL, *domains = NULL; -- _cleanup_free_ char *temp_path_uplink = NULL, *temp_path_stub = NULL; -+ _cleanup_(unlink_and_freep) char *temp_path_uplink = NULL, *temp_path_stub = NULL; - _cleanup_fclose_ FILE *f_uplink = NULL, *f_stub = NULL; - int r; - -@@ -342,60 +342,49 @@ int manager_write_resolv_conf(Manager *m) { - /* Add the full list to a set, to filter out duplicates */ - r = manager_compile_dns_servers(m, &dns); - if (r < 0) -- return log_warning_errno(r, "Failed to compile list of DNS servers: %m"); -+ return log_warning_errno(r, "Failed to compile list of DNS servers, ignoring: %m"); - - r = manager_compile_search_domains(m, &domains, false); - if (r < 0) -- return log_warning_errno(r, "Failed to compile list of search domains: %m"); -+ return log_warning_errno(r, "Failed to compile list of search domains, ignoring: %m"); - - r = fopen_temporary_label(PRIVATE_UPLINK_RESOLV_CONF, PRIVATE_UPLINK_RESOLV_CONF, &f_uplink, &temp_path_uplink); - if (r < 0) -- return log_warning_errno(r, "Failed to open new %s for writing: %m", PRIVATE_UPLINK_RESOLV_CONF); -+ return log_warning_errno(r, "Failed to open new %s for writing, ignoring: %m", PRIVATE_UPLINK_RESOLV_CONF); - - (void) fchmod(fileno(f_uplink), 0644); - - r = write_uplink_resolv_conf_contents(f_uplink, dns, domains); -- if (r < 0) { -- log_error_errno(r, "Failed to write new %s: %m", PRIVATE_UPLINK_RESOLV_CONF); -- goto fail; -- } -+ if (r < 0) -+ return log_warning_errno(r, "Failed to write new %s, ignoring: %m", PRIVATE_UPLINK_RESOLV_CONF); - - if (m->dns_stub_listener_mode != DNS_STUB_LISTENER_NO) { - r = fopen_temporary_label(PRIVATE_STUB_RESOLV_CONF, PRIVATE_STUB_RESOLV_CONF, &f_stub, &temp_path_stub); -- if (r < 0) { -- log_warning_errno(r, "Failed to open new %s for writing: %m", PRIVATE_STUB_RESOLV_CONF); -- goto fail; -- } -+ if (r < 0) -+ return log_warning_errno(r, "Failed to open new %s for writing, ignoring: %m", PRIVATE_STUB_RESOLV_CONF); - - (void) fchmod(fileno(f_stub), 0644); - - r = write_stub_resolv_conf_contents(f_stub, dns, domains); -- if (r < 0) { -- log_error_errno(r, "Failed to write new %s: %m", PRIVATE_STUB_RESOLV_CONF); -- goto fail; -- } -+ if (r < 0) -+ return log_warning_errno(r, "Failed to write new %s, ignoring: %m", PRIVATE_STUB_RESOLV_CONF); - - r = conservative_rename(temp_path_stub, PRIVATE_STUB_RESOLV_CONF); - if (r < 0) -- log_error_errno(r, "Failed to move new %s into place: %m", PRIVATE_STUB_RESOLV_CONF); -+ log_warning_errno(r, "Failed to move new %s into place, ignoring: %m", PRIVATE_STUB_RESOLV_CONF); - -+ temp_path_stub = mfree(temp_path_stub); /* free the string explicitly, so that we don't unlink anymore */ - } else { - r = symlink_atomic_label(basename(PRIVATE_UPLINK_RESOLV_CONF), PRIVATE_STUB_RESOLV_CONF); - if (r < 0) -- log_error_errno(r, "Failed to symlink %s: %m", PRIVATE_STUB_RESOLV_CONF); -+ log_warning_errno(r, "Failed to symlink %s, ignoring: %m", PRIVATE_STUB_RESOLV_CONF); - } - - r = conservative_rename(temp_path_uplink, PRIVATE_UPLINK_RESOLV_CONF); - if (r < 0) -- log_error_errno(r, "Failed to move new %s into place: %m", PRIVATE_UPLINK_RESOLV_CONF); -- -- fail: -- if (r < 0) { -- /* Something went wrong, perform cleanup... */ -- (void) unlink(temp_path_uplink); -- (void) unlink(temp_path_stub); -- } -+ log_warning_errno(r, "Failed to move new %s into place: %m", PRIVATE_UPLINK_RESOLV_CONF); - -+ temp_path_uplink = mfree(temp_path_uplink); /* free the string explicitly, so that we don't unlink anymore */ - return r; - } - --- -2.33.0 - diff --git a/backport-resolved-fix-ResolveService-hostname-handling.patch b/backport-resolved-fix-ResolveService-hostname-handling.patch deleted file mode 100644 index f7c33d4..0000000 --- a/backport-resolved-fix-ResolveService-hostname-handling.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 70f465cb5d10b7bcd7bd7c326756d542e59c0e0b Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 22 Nov 2021 14:37:54 +0100 -Subject: [PATCH] resolved: fix ResolveService() hostname handling - -Let's eat up special returns of dns_query_process_cname_many() when -storing hostname resolution results. - -The rest of the code assumes only == 0 means success and != 0 means -error, but so far > 0 also could mean success, let's fix that. - -Fixes: #21365 #21140 - -(This was originally broken in 1db8e6d1db0880de240e5598e28d24d708479434) - -(cherry picked from commit 5a78106ad92d3f122f7ac653eecf767f0a8948cf) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/70f465cb5d10b7bcd7bd7c326756d542e59c0e0b ---- - src/resolve/resolved-bus.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c -index 7226200f00..78d1acf5e0 100644 ---- a/src/resolve/resolved-bus.c -+++ b/src/resolve/resolved-bus.c -@@ -1005,6 +1005,7 @@ static void resolve_service_all_complete(DnsQuery *q) { - goto finish; - } - -+ assert(bad->auxiliary_result < 0); - r = bad->auxiliary_result; - goto finish; - } -@@ -1112,7 +1113,7 @@ static void resolve_service_hostname_complete(DnsQuery *q) { - return; - - /* This auxiliary lookup is finished or failed, let's see if all are finished now. */ -- q->auxiliary_result = r; -+ q->auxiliary_result = r < 0 ? r : 0; - resolve_service_all_complete(q->auxiliary_for); - } - --- -2.33.0 - diff --git a/backport-resolved-make-sure-we-don-t-hit-an-assert-when-deali.patch b/backport-resolved-make-sure-we-don-t-hit-an-assert-when-deali.patch deleted file mode 100644 index ff70e3f..0000000 --- a/backport-resolved-make-sure-we-don-t-hit-an-assert-when-deali.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 018c8e8f67b699c5e5aadb73a3ddf3b8009a741a Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 22 Nov 2021 16:14:07 +0100 -Subject: [PATCH] resolved: make sure we don't hit an assert when dealing with - incomplete DNSSD service definitions - -Fixes: #21142 -(cherry picked from commit 8cf9898a964693b8a3c40b502af0377ede746f4d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/018c8e8f67b699c5e5aadb73a3ddf3b8009a741a ---- - src/resolve/resolved-dns-zone.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/resolve/resolved-dns-zone.c b/src/resolve/resolved-dns-zone.c -index b86b325144..6b3f5f707d 100644 ---- a/src/resolve/resolved-dns-zone.c -+++ b/src/resolve/resolved-dns-zone.c -@@ -94,7 +94,9 @@ void dns_zone_remove_rr(DnsZone *z, DnsResourceRecord *rr) { - DnsZoneItem *i; - - assert(z); -- assert(rr); -+ -+ if (!rr) -+ return; - - i = dns_zone_get(z, rr); - if (i) --- -2.33.0 - diff --git a/backport-resolved-properly-signal-transient-errors-back-to-NS.patch b/backport-resolved-properly-signal-transient-errors-back-to-NS.patch deleted file mode 100644 index 700839c..0000000 --- a/backport-resolved-properly-signal-transient-errors-back-to-NS.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 7ab91cb307eb0a518f4a956674a108221538fc88 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 22 Nov 2021 15:17:34 +0100 -Subject: [PATCH] resolved: properly signal transient errors back to NSS stack - -NSS mostly knows four error cases: SUCCESS, NOTFOUND, UNAVAIL, TRYAGAIN, -and they can all be used in nsswitch.conf to route requests. - -So far nss-resolve would return SUCCESS + NOTFOUND + UNAVAIL. Let's also -return TRYAGAIN in some cases, specifically the ones where we are -currntly unable to resolve a request but likely could later. i.e. -errors caused by networking issues or such. - -Fixes: #20786 -(cherry picked from commit ae78529fc75027b3487b64e0d22a572fd9c8ffeb) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7ab91cb307eb0a518f4a956674a108221538fc88 ---- - src/nss-resolve/nss-resolve.c | 55 +++++++++++++++++++++++++++++------ - 1 file changed, 46 insertions(+), 9 deletions(-) - -diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c -index e2a29475a2..4f54973202 100644 ---- a/src/nss-resolve/nss-resolve.c -+++ b/src/nss-resolve/nss-resolve.c -@@ -41,6 +41,9 @@ NSS_GETHOSTBYNAME_PROTOTYPES(resolve); - NSS_GETHOSTBYADDR_PROTOTYPES(resolve); - - static bool error_shall_fallback(const char *error_id) { -+ /* The Varlink errors where we shall signal "please fallback" back to the NSS stack, so that some -+ * fallback module can be loaded. (These are mostly all Varlink-internal errors, as apparently we -+ * then were unable to even do IPC with systemd-resolved.) */ - return STR_IN_SET(error_id, - VARLINK_ERROR_DISCONNECTED, - VARLINK_ERROR_TIMEOUT, -@@ -50,6 +53,16 @@ static bool error_shall_fallback(const char *error_id) { - VARLINK_ERROR_METHOD_NOT_IMPLEMENTED); - } - -+static bool error_shall_try_again(const char *error_id) { -+ /* The Varlink errors where we shall signal "can't answer now but might be able to later" back to the -+ * NSS stack. These are all errors that indicate lack of configuration or network problems. */ -+ return STR_IN_SET(error_id, -+ "io.systemd.Resolve.NoNameServers", -+ "io.systemd.Resolve.QueryTimedOut", -+ "io.systemd.Resolve.MaxAttemptsReached", -+ "io.systemd.Resolve.NetworkDown"); -+} -+ - static int connect_to_resolved(Varlink **ret) { - _cleanup_(varlink_unrefp) Varlink *link = NULL; - int r; -@@ -242,9 +255,11 @@ enum nss_status _nss_resolve_gethostbyname4_r( - if (r < 0) - goto fail; - if (!isempty(error_id)) { -- if (!error_shall_fallback(error_id)) -- goto not_found; -- goto fail; -+ if (error_shall_try_again(error_id)) -+ goto try_again; -+ if (error_shall_fallback(error_id)) -+ goto fail; -+ goto not_found; - } - - r = json_dispatch(rparams, resolve_hostname_reply_dispatch_table, NULL, json_dispatch_flags, &p); -@@ -341,6 +356,12 @@ fail: - not_found: - *h_errnop = HOST_NOT_FOUND; - return NSS_STATUS_NOTFOUND; -+ -+try_again: -+ UNPROTECT_ERRNO; -+ *errnop = -r; -+ *h_errnop = TRY_AGAIN; -+ return NSS_STATUS_TRYAGAIN; - } - - enum nss_status _nss_resolve_gethostbyname3_r( -@@ -390,9 +411,11 @@ enum nss_status _nss_resolve_gethostbyname3_r( - if (r < 0) - goto fail; - if (!isempty(error_id)) { -- if (!error_shall_fallback(error_id)) -- goto not_found; -- goto fail; -+ if (error_shall_try_again(error_id)) -+ goto try_again; -+ if (error_shall_fallback(error_id)) -+ goto fail; -+ goto not_found; - } - - r = json_dispatch(rparams, resolve_hostname_reply_dispatch_table, NULL, json_dispatch_flags, &p); -@@ -508,6 +531,12 @@ fail: - not_found: - *h_errnop = HOST_NOT_FOUND; - return NSS_STATUS_NOTFOUND; -+ -+try_again: -+ UNPROTECT_ERRNO; -+ *errnop = -r; -+ *h_errnop = TRY_AGAIN; -+ return NSS_STATUS_TRYAGAIN; - } - - typedef struct ResolveAddressReply { -@@ -594,9 +623,11 @@ enum nss_status _nss_resolve_gethostbyaddr2_r( - if (r < 0) - goto fail; - if (!isempty(error_id)) { -- if (!error_shall_fallback(error_id)) -- goto not_found; -- goto fail; -+ if (error_shall_try_again(error_id)) -+ goto try_again; -+ if (error_shall_fallback(error_id)) -+ goto fail; -+ goto not_found; - } - - r = json_dispatch(rparams, resolve_address_reply_dispatch_table, NULL, json_dispatch_flags, &p); -@@ -694,6 +725,12 @@ fail: - not_found: - *h_errnop = HOST_NOT_FOUND; - return NSS_STATUS_NOTFOUND; -+ -+try_again: -+ UNPROTECT_ERRNO; -+ *errnop = -r; -+ *h_errnop = TRY_AGAIN; -+ return NSS_STATUS_TRYAGAIN; - } - - NSS_GETHOSTBYNAME_FALLBACKS(resolve); --- -2.33.0 - diff --git a/backport-resolved-retry-on-SERVFAIL-before-downgrading-featur.patch b/backport-resolved-retry-on-SERVFAIL-before-downgrading-featur.patch deleted file mode 100644 index ff081de..0000000 --- a/backport-resolved-retry-on-SERVFAIL-before-downgrading-featur.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 8280bec34df8e35592f4a4a549127471a9199231 Mon Sep 17 00:00:00 2001 -From: Steven Siloti -Date: Sun, 11 Jul 2021 11:05:26 -0700 -Subject: [PATCH] resolved: retry on SERVFAIL before downgrading feature level - -The SERVFAIL RCODE can be generated for many reasons which may not be related -to lack of feature support. For example, the Stubby resolver generates -SERVFAIL when a request times out. Such transient failures can cause -unnecessary downgrades to both the transaction and the server's feature level. -The consequences of this are especially severe if the server is in DNSSEC -strict mode. In this case repeated downgrades eventually cause the server to -stop resolving entirely with the error "incompatible-server". - -To avoid unnecessary downgrades the request should be retried once with the -current level before the transaction's feature level is downgraded. - -(cherry picked from commit 8a33aa199dc1cea14494469ac9d7d08dc6721df1) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8280bec34df8e35592f4a4a549127471a9199231 ---- - src/resolve/resolved-dns-server.c | 3 +- - src/resolve/resolved-dns-transaction.c | 43 +++++++++++++++++--------- - 2 files changed, 29 insertions(+), 17 deletions(-) - -diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c -index e7a4bce71a..58a1376708 100644 ---- a/src/resolve/resolved-dns-server.c -+++ b/src/resolve/resolved-dns-server.c -@@ -362,9 +362,8 @@ void dns_server_packet_rcode_downgrade(DnsServer *s, DnsServerFeatureLevel level - if (s->possible_feature_level > level) { - s->possible_feature_level = level; - dns_server_reset_counters(s); -+ log_debug("Downgrading transaction feature level fixed an RCODE error, downgrading server %s too.", strna(dns_server_string_full(s))); - } -- -- log_debug("Downgrading transaction feature level fixed an RCODE error, downgrading server %s too.", strna(dns_server_string_full(s))); - } - - void dns_server_packet_invalid(DnsServer *s, DnsServerFeatureLevel level) { -diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c -index 9535a7ba4c..cf10c5c359 100644 ---- a/src/resolve/resolved-dns-transaction.c -+++ b/src/resolve/resolved-dns-transaction.c -@@ -1142,22 +1142,35 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p, bool encrypt - break; - } - -- /* Reduce this feature level by one and try again. */ -- switch (t->current_feature_level) { -- case DNS_SERVER_FEATURE_LEVEL_TLS_DO: -- t->clamp_feature_level_servfail = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN; -- break; -- case DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN + 1: -- /* Skip plain TLS when TLS is not supported */ -- t->clamp_feature_level_servfail = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN - 1; -- break; -- default: -- t->clamp_feature_level_servfail = t->current_feature_level - 1; -- } -+ /* SERVFAIL can happen for many reasons and may be transient. -+ * To avoid unnecessary downgrades retry once with the initial level. -+ * Check for clamp_feature_level_servfail having an invalid value as a sign that this is the -+ * first attempt to downgrade. If so, clamp to the current value so that the transaction -+ * is retried without actually downgrading. If the next try also fails we will downgrade by -+ * hitting the else branch below. */ -+ if (DNS_PACKET_RCODE(p) == DNS_RCODE_SERVFAIL && -+ t->clamp_feature_level_servfail < 0) { -+ t->clamp_feature_level_servfail = t->current_feature_level; -+ log_debug("Server returned error %s, retrying transaction.", -+ dns_rcode_to_string(DNS_PACKET_RCODE(p))); -+ } else { -+ /* Reduce this feature level by one and try again. */ -+ switch (t->current_feature_level) { -+ case DNS_SERVER_FEATURE_LEVEL_TLS_DO: -+ t->clamp_feature_level_servfail = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN; -+ break; -+ case DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN + 1: -+ /* Skip plain TLS when TLS is not supported */ -+ t->clamp_feature_level_servfail = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN - 1; -+ break; -+ default: -+ t->clamp_feature_level_servfail = t->current_feature_level - 1; -+ } - -- log_debug("Server returned error %s, retrying transaction with reduced feature level %s.", -- dns_rcode_to_string(DNS_PACKET_RCODE(p)), -- dns_server_feature_level_to_string(t->clamp_feature_level_servfail)); -+ log_debug("Server returned error %s, retrying transaction with reduced feature level %s.", -+ dns_rcode_to_string(DNS_PACKET_RCODE(p)), -+ dns_server_feature_level_to_string(t->clamp_feature_level_servfail)); -+ } - - dns_transaction_retry(t, false /* use the same server */); - return; --- -2.33.0 - diff --git a/backport-resolved-suppress-writing-DNS-server-info-into-etc-r.patch b/backport-resolved-suppress-writing-DNS-server-info-into-etc-r.patch deleted file mode 100644 index 6c2d00f..0000000 --- a/backport-resolved-suppress-writing-DNS-server-info-into-etc-r.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 2b2804757c8520b5cc133d9a3078f6fbec4a69cb Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 27 Sep 2021 14:28:16 +0200 -Subject: [PATCH] resolved: suppress writing DNS server info into - /etc/resolv.conf for non-standard UDP ports - -glibc doesn't support this, hence don#t generate it. - -Fixes: #20836 -(cherry picked from commit a50dadf2fd7413bbfc26af7e2ad2900b3e06af82) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2b2804757c8520b5cc133d9a3078f6fbec4a69cb ---- - src/resolve/resolved-resolv-conf.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/resolve/resolved-resolv-conf.c b/src/resolve/resolved-resolv-conf.c -index dd02d368e9..d5a77605a8 100644 ---- a/src/resolve/resolved-resolv-conf.c -+++ b/src/resolve/resolved-resolv-conf.c -@@ -216,6 +216,13 @@ static void write_resolv_conf_server(DnsServer *s, FILE *f, unsigned *count) { - return; - } - -+ /* resolv.conf simply doesn't support any other ports than 53, hence there's nothing much we can -+ * do — we have to suppress these entries */ -+ if (dns_server_port(s) != 53) { -+ log_debug("DNS server %s with non-standard UDP port number, suppressing from generated resolv.conf.", dns_server_string(s)); -+ return; -+ } -+ - /* Check if the scope this DNS server belongs to is suitable as 'default' route for lookups; resolv.conf does - * not have a syntax to express that, so it must not appear as a global name server to avoid routing unrelated - * domains to it (which is a privacy violation, will most probably fail anyway, and adds unnecessary load) */ --- -2.33.0 - diff --git a/backport-revert-delete-initrd-usr-fs-target.patch b/backport-revert-delete-initrd-usr-fs-target.patch deleted file mode 100644 index 15deec1..0000000 --- a/backport-revert-delete-initrd-usr-fs-target.patch +++ /dev/null @@ -1,237 +0,0 @@ -From 29a24ab28e9790680348b1ffab653a321fa49a67 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 26 Mar 2021 22:40:40 +0100 -Subject: [PATCH] fstab-generator: if usr= is specified, mount it to - /sysusr/usr/ first. - - This reverts 29a24ab28e9790680348b1ffab653a321fa49a67 - -Reason: In systemd 249, at initrd stage, /usr fs will be mounted on /sysroot, or on /sysusr. -This will cause sysroot.mount to be run ahead of time. But at this time, the lvm of extra file directory is inactive, -This will make the crashed system have to wait 5 minutes. So we revert the commit, and don't mount sysroot in advance. - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/29a24ab28e9790680348b1ffab653a321fa49a67 ---- - src/basic/special.h | 1 - - src/fstab-generator/fstab-generator.c | 90 ++++---------------------- - units/initrd-usr-fs.target | 17 ----- - units/initrd.target | 4 +- - units/meson.build | 1 - - units/systemd-repart.service.in | 2 +- - units/systemd-volatile-root.service.in | 2 +- - 7 files changed, 17 insertions(+), 100 deletions(-) - delete mode 100644 units/initrd-usr-fs.target - -diff --git a/src/basic/special.h b/src/basic/special.h -index 78f22f1..8b01df8 100644 ---- a/src/basic/special.h -+++ b/src/basic/special.h -@@ -37,7 +37,6 @@ - #define SPECIAL_INITRD_FS_TARGET "initrd-fs.target" - #define SPECIAL_INITRD_ROOT_DEVICE_TARGET "initrd-root-device.target" - #define SPECIAL_INITRD_ROOT_FS_TARGET "initrd-root-fs.target" --#define SPECIAL_INITRD_USR_FS_TARGET "initrd-usr-fs.target" - #define SPECIAL_REMOTE_FS_TARGET "remote-fs.target" /* LSB's $remote_fs */ - #define SPECIAL_REMOTE_FS_PRE_TARGET "remote-fs-pre.target" - #define SPECIAL_SWAP_TARGET "swap.target" -diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c -index a4e3ea5..54bfbc2 100644 ---- a/src/fstab-generator/fstab-generator.c -+++ b/src/fstab-generator/fstab-generator.c -@@ -758,10 +758,6 @@ static int add_sysroot_mount(void) { - static int add_sysroot_usr_mount(void) { - _cleanup_free_ char *what = NULL; - const char *opts; -- int r; -- -- /* Returns 0 if we didn't do anything, > 0 if we either generated a unit for the /usr/ mount, or we -- * know for sure something else did */ - - if (!arg_usr_what && !arg_usr_fstype && !arg_usr_options) - return 0; -@@ -785,23 +781,8 @@ static int add_sysroot_usr_mount(void) { - return log_oom(); - } - -- if (isempty(arg_usr_what)) { -- log_debug("Could not find a usr= entry on the kernel command line."); -+ if (!arg_usr_what) - return 0; -- } -- -- if (streq(arg_usr_what, "gpt-auto")) { -- /* This is handled by the gpt-auto generator */ -- log_debug("Skipping /usr/ directory handling, as gpt-auto was requested."); -- return 1; /* systemd-gpt-auto-generator will generate a unit for this, hence report that a -- * unit file is being created for the host /usr/ mount. */ -- } -- -- if (path_equal(arg_usr_what, "/dev/nfs")) { -- /* This is handled by the initrd (if at all supported, that is) */ -- log_debug("Skipping /usr/ directory handling, as /dev/nfs was requested."); -- return 1; /* As above, report that NFS code will create the unit */ -- } - - what = fstab_node_to_udev_node(arg_usr_what); - if (!what) -@@ -814,62 +795,17 @@ static int add_sysroot_usr_mount(void) { - else - opts = arg_usr_options; - -- /* When mounting /usr from the initrd, we add an extra level of indirection: we first mount the /usr/ -- * partition to /sysusr/usr/, and then afterwards bind mount that to /sysroot/usr/. We do this so -- * that we can cover for systems that initially only have a /usr/ around and where the root fs needs -- * to be synthesized, based on configuration included in /usr/, e.g. systemd-repart. Software like -- * this should order itself after initrd-usr-fs.target and before initrd-fs.target; and it should -- * look into both /sysusr/ and /sysroot/ for the configuration data to apply. */ -- -- log_debug("Found entry what=%s where=/sysusr/usr type=%s opts=%s", what, strna(arg_usr_fstype), strempty(opts)); -- -- r = add_mount(arg_dest, -- what, -- "/sysusr/usr", -- NULL, -- arg_usr_fstype, -- opts, -- is_device_path(what) ? 1 : 0, /* passno */ -- 0, -- SPECIAL_INITRD_USR_FS_TARGET, -- "/proc/cmdline"); -- if (r < 0) -- return r; -- -- log_debug("Synthesizing entry what=/sysusr/usr where=/sysrootr/usr opts=bind"); -- -- r = add_mount(arg_dest, -- "/sysusr/usr", -- "/sysroot/usr", -- NULL, -- NULL, -- "bind", -- 0, -- 0, -- SPECIAL_INITRD_FS_TARGET, -- "/proc/cmdline"); -- if (r < 0) -- return r; -- -- return 1; --} -- --static int add_sysroot_usr_mount_or_fallback(void) { -- int r; -- -- r = add_sysroot_usr_mount(); -- if (r != 0) -- return r; -- -- /* OK, so we didn't write anything out for /sysusr/usr/ nor /sysroot/usr/. In this case, let's make -- * sure that initrd-usr-fs.target is at least ordered after sysroot.mount so that services that order -- * themselves get the guarantee that /usr/ is definitely mounted somewhere. */ -- -- return generator_add_symlink( -- arg_dest, -- SPECIAL_INITRD_USR_FS_TARGET, -- "requires", -- "sysroot.mount"); -+ log_debug("Found entry what=%s where=/sysroot/usr type=%s", what, strna(arg_usr_fstype)); -+ return add_mount(arg_dest, -+ what, -+ "/sysroot/usr", -+ NULL, -+ arg_usr_fstype, -+ opts, -+ is_device_path(what) ? 1 : 0, /* passno */ -+ 0, -+ SPECIAL_INITRD_FS_TARGET, -+ "/proc/cmdline"); - } - - static int add_volatile_root(void) { -@@ -1031,7 +967,7 @@ static int run(const char *dest, const char *dest_early, const char *dest_late) - if (in_initrd()) { - r = add_sysroot_mount(); - -- r2 = add_sysroot_usr_mount_or_fallback(); -+ r2 = add_sysroot_usr_mount(); - - r3 = add_volatile_root(); - } else -diff --git a/units/initrd-usr-fs.target b/units/initrd-usr-fs.target -deleted file mode 100644 -index 7219655..0000000 ---- a/units/initrd-usr-fs.target -+++ /dev/null -@@ -1,17 +0,0 @@ --# SPDX-License-Identifier: LGPL-2.1-or-later --# --# This file is part of systemd. --# --# systemd is free software; you can redistribute it and/or modify it --# under the terms of the GNU Lesser General Public License as published by --# the Free Software Foundation; either version 2.1 of the License, or --# (at your option) any later version. -- --[Unit] --Description=Initrd /usr File System --Documentation=man:systemd.special(7) --AssertPathExists=/etc/initrd-release --OnFailure=emergency.target --OnFailureJobMode=replace-irreversibly --DefaultDependencies=no --Conflicts=shutdown.target -diff --git a/units/initrd.target b/units/initrd.target -index fc8fbff..655158a 100644 ---- a/units/initrd.target -+++ b/units/initrd.target -@@ -14,6 +14,6 @@ OnFailure=emergency.target - OnFailureJobMode=replace-irreversibly - AssertPathExists=/etc/initrd-release - Requires=basic.target --Wants=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-usr-fs.target initrd-parse-etc.service --After=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-usr-fs.target basic.target rescue.service rescue.target -+Wants=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-parse-etc.service -+After=initrd-root-fs.target initrd-root-device.target initrd-fs.target basic.target rescue.service rescue.target - AllowIsolate=yes -diff --git a/units/meson.build b/units/meson.build -index df6741b..31fedf5 100644 ---- a/units/meson.build -+++ b/units/meson.build -@@ -38,7 +38,6 @@ units = [ - ['initrd-switch-root.service', 'ENABLE_INITRD'], - ['initrd-switch-root.target', 'ENABLE_INITRD'], - ['initrd-udevadm-cleanup-db.service', 'ENABLE_INITRD'], -- ['initrd-usr-fs.target', 'ENABLE_INITRD'], - ['initrd.target', 'ENABLE_INITRD'], - ['kexec.target', ''], - ['ldconfig.service', 'ENABLE_LDCONFIG', -diff --git a/units/systemd-repart.service.in b/units/systemd-repart.service.in -index 92e0a9b..f39a990 100644 ---- a/units/systemd-repart.service.in -+++ b/units/systemd-repart.service.in -@@ -12,7 +12,7 @@ Description=Repartition Root Disk - Documentation=man:systemd-repart.service(8) - DefaultDependencies=no - Conflicts=shutdown.target --After=initrd-usr-fs.target -+After=sysroot.mount - Before=initrd-root-fs.target shutdown.target - ConditionVirtualization=!container - ConditionDirectoryNotEmpty=|/usr/lib/repart.d -diff --git a/units/systemd-volatile-root.service.in b/units/systemd-volatile-root.service.in -index 5a0ec89..37eb23c 100644 ---- a/units/systemd-volatile-root.service.in -+++ b/units/systemd-volatile-root.service.in -@@ -12,7 +12,7 @@ Description=Enforce Volatile Root File Systems - Documentation=man:systemd-volatile-root.service(8) - DefaultDependencies=no - Conflicts=shutdown.target --After=sysroot.mount sysroot-usr.mount systemd-repart.service -+After=sysroot.mount systemd-repart.service - Before=initrd-root-fs.target shutdown.target - AssertPathExists=/etc/initrd-release - --- -2.33.0 - diff --git a/backport-revert-units-add-ProtectClock-yes.patch b/backport-revert-units-add-ProtectClock-yes.patch deleted file mode 100644 index 2612b28..0000000 --- a/backport-revert-units-add-ProtectClock-yes.patch +++ /dev/null @@ -1,46 +0,0 @@ -From cabc1c6d7adae658a2966a4b02a6faabb803e92b Mon Sep 17 00:00:00 2001 -From: Topi Miettinen -Date: Thu, 2 Apr 2020 21:18:11 +0300 -Subject: [PATCH] units: add ProtectClock=yes - -Add `ProtectClock=yes` to systemd units. Since it implies certain -`DeviceAllow=` rules, make sure that the units have `DeviceAllow=` rules so -they are still able to access other devices. Exclude timesyncd and timedated. - -=== -Conflict:this only revert systemd-udevd.service.in -Reference:https://github.com/systemd/systemd/commit/cabc1c6d7adae658a2966a4b02a6faabb803e92b - -When DeviceAllow is configured, devices.deny will first be set to "a", and -then devices.allow be set based on DeviceAllow, which makes devices.list -between these two steps is not reliable. Only revert systemd-udevd.service.in -because udevd can fork subprocess to execute udev rules, which may affect user -process. ---- - units/systemd-udevd.service.in | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in -index 7b6354a..30746c1 100644 ---- a/units/systemd-udevd.service.in -+++ b/units/systemd-udevd.service.in -@@ -17,8 +17,6 @@ ConditionPathIsReadWrite=/sys - - [Service] - Delegate=pids --DeviceAllow=block-* rwm --DeviceAllow=char-* rwm - Type=notify - # Note that udev will reset the value internally for its workers - OOMScoreAdjust=-1000 -@@ -30,7 +28,6 @@ ExecReload=udevadm control --reload --timeout 0 - KillMode=mixed - TasksMax=infinity - PrivateMounts=yes --ProtectClock=yes - ProtectHostname=yes - MemoryDenyWriteExecute=yes - RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 --- -2.23.0 - diff --git a/backport-run-mount-systemctl-don-t-fork-off-PolicyKit-ask-pw-.patch b/backport-run-mount-systemctl-don-t-fork-off-PolicyKit-ask-pw-.patch deleted file mode 100644 index f1318d9..0000000 --- a/backport-run-mount-systemctl-don-t-fork-off-PolicyKit-ask-pw-.patch +++ /dev/null @@ -1,70 +0,0 @@ -From fb999b918462361fefa435f86884f81edff503c5 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 30 Aug 2021 13:21:55 +0200 -Subject: [PATCH] run/mount/systemctl: don't fork off PolicyKit/ask-pw agent - when in --user mode - -When we are in --user mode there's no point in doing PolicyKit/ask-pw -because both of these systems are only used by system-level services. -Let's disable the two agents for that automaticlly hence. - -Prompted by: #20576 - -(cherry picked from commit 966f3a246c8c804d8a9c9d393f03c5c3fe0dd393) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/fb999b918462361fefa435f86884f81edff503c5 ---- - src/mount/mount-tool.c | 3 +++ - src/run/run.c | 4 ++++ - src/systemctl/systemctl.c | 5 +++++ - 3 files changed, 12 insertions(+) - -diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c -index c213c905a1..70b4c5a765 100644 ---- a/src/mount/mount-tool.c -+++ b/src/mount/mount-tool.c -@@ -332,6 +332,9 @@ static int parse_argv(int argc, char *argv[]) { - assert_not_reached("Unhandled option"); - } - -+ if (arg_user) -+ arg_ask_password = false; -+ - if (arg_user && arg_transport != BUS_TRANSPORT_LOCAL) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Execution in user context is not supported on non-local systems."); -diff --git a/src/run/run.c b/src/run/run.c -index 38de0322e0..1c83e36e4e 100644 ---- a/src/run/run.c -+++ b/src/run/run.c -@@ -506,6 +506,10 @@ static int parse_argv(int argc, char *argv[]) { - assert_not_reached("Unhandled option"); - } - -+ /* If we are talking to the per-user instance PolicyKit isn't going to help */ -+ if (arg_user) -+ arg_ask_password = false; -+ - with_trigger = !!arg_path_property || !!arg_socket_property || arg_with_timer; - - /* currently, only single trigger (path, socket, timer) unit can be created simultaneously */ -diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c -index 4cc723aab5..2f6f58127c 100644 ---- a/src/systemctl/systemctl.c -+++ b/src/systemctl/systemctl.c -@@ -925,6 +925,11 @@ static int systemctl_parse_argv(int argc, char *argv[]) { - assert_not_reached("Unhandled option"); - } - -+ /* If we are in --user mode, there's no point in talking to PolicyKit or the infra to query system -+ * passwords */ -+ if (arg_scope != UNIT_FILE_SYSTEM) -+ arg_ask_password = false; -+ - if (arg_transport == BUS_TRANSPORT_REMOTE && arg_scope != UNIT_FILE_SYSTEM) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Cannot access user instance remotely."); --- -2.33.0 - diff --git a/backport-scope-count-successful-cgroup-additions-when-delegat.patch b/backport-scope-count-successful-cgroup-additions-when-delegat.patch deleted file mode 100644 index 6393e0f..0000000 --- a/backport-scope-count-successful-cgroup-additions-when-delegat.patch +++ /dev/null @@ -1,51 +0,0 @@ -From be509064edba9863521a77a4a20a6e1a0971693e Mon Sep 17 00:00:00 2001 -From: Jonas Witschel -Date: Wed, 10 Nov 2021 22:46:35 +0100 -Subject: [PATCH] scope: count successful cgroup additions when delegating via - D-Bus - -Since commit 8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 ("scope: refuse -activation of scopes if no PIDs to add are left") all "systemd-run --scope ---user" calls fail because cgroup attachments delegated to the system instance -are not counted towards successful additions. Fix this by incrementing the -return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to -what happens when cg_attach() succeeds directly. - -Note that this can *not* distinguish the case when -unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all -processes to attach are gone in the meantime, unlike the checks that commit -8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 adds for the system instance. This is -because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal -unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include -the number of successfully attached processes and is always NULL on success. - -Fixes: #21297 - -(cherry picked from commit c65417a01121301fdf7f8514ee7663d287af3a72) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/be509064edba9863521a77a4a20a6e1a0971693e ---- - src/core/cgroup.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 51936b7d1d..79e10ca3c0 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -2188,8 +2188,11 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path); - if (z < 0) - log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, empty_to_root(p)); -- else -+ else { -+ if (ret >= 0) -+ ret++; /* Count successful additions */ - continue; /* When the bus thing worked via the bus we are fully done for this PID. */ -+ } - } - - if (ret >= 0) --- -2.33.0 - diff --git a/backport-scope-refuse-activation-of-scopes-if-no-PIDs-to-add-.patch b/backport-scope-refuse-activation-of-scopes-if-no-PIDs-to-add-.patch deleted file mode 100644 index 54b2814..0000000 --- a/backport-scope-refuse-activation-of-scopes-if-no-PIDs-to-add-.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 7ecb1b82d9b55a081d81b2802695fd21293ce029 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 27 Oct 2021 23:17:50 +0200 -Subject: [PATCH] scope: refuse activation of scopes if no PIDs to add are left - -If all processes we are supposed to add are gone by the time we are -ready to do so, let's fail. - -THis is heavily based on Cunlong Li's work, who thankfully tracked this -down. - -Replaces: #20577 -(cherry picked from commit 8d3e4ac7cd37200d1431411a4b98925a24b7d9b3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7ecb1b82d9b55a081d81b2802695fd21293ce029 ---- - src/core/cgroup.c | 3 ++- - src/core/scope.c | 6 ++++++ - 2 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 1551d57e90..51936b7d1d 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -2196,7 +2196,8 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { - ret = r; /* Remember first error */ - - continue; -- } -+ } else if (ret >= 0) -+ ret++; /* Count successful additions */ - - r = cg_all_unified(); - if (r < 0) -diff --git a/src/core/scope.c b/src/core/scope.c -index af6311bb5f..fd4367dbed 100644 ---- a/src/core/scope.c -+++ b/src/core/scope.c -@@ -374,6 +374,12 @@ static int scope_start(Unit *u) { - scope_enter_dead(s, SCOPE_FAILURE_RESOURCES); - return r; - } -+ if (r == 0) { -+ log_unit_warning(u, "No PIDs left to attach to the scope's control group, refusing: %m"); -+ scope_enter_dead(s, SCOPE_FAILURE_RESOURCES); -+ return -ECHILD; -+ } -+ log_unit_debug(u, "%i %s added to scope's control group.", r, r == 1 ? "process" : "processes"); - - s->result = SCOPE_SUCCESS; - --- -2.33.0 - diff --git a/backport-scsi_id-retry-inquiry-ioctl-if-host_byte-is-DID_TRAN.patch b/backport-scsi_id-retry-inquiry-ioctl-if-host_byte-is-DID_TRAN.patch deleted file mode 100644 index 7d2d34f..0000000 --- a/backport-scsi_id-retry-inquiry-ioctl-if-host_byte-is-DID_TRAN.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 9442b2f78f17309bb1c2bca0df735728b03ee732 Mon Sep 17 00:00:00 2001 -From: Wenchao Hao -Date: Sun, 28 Aug 2022 16:44:56 +0800 -Subject: [PATCH] scsi_id: retry inquiry ioctl if host_byte is - DID_TRANSPORT_DISRUPTED - -The inquiry is issued to kernel via ioctl, kernelspace would set -this inquiry command's retry count to 0 which means the command -would not be retried in kernel space even if the LLDs returned -a status which need to be retried. So we should take the retry -in user space. ---- - src/udev/scsi_id/scsi_serial.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/udev/scsi_id/scsi_serial.c b/src/udev/scsi_id/scsi_serial.c -index cfc13feced..992d1cf25b 100644 ---- a/src/udev/scsi_id/scsi_serial.c -+++ b/src/udev/scsi_id/scsi_serial.c -@@ -69,6 +69,7 @@ static const char hex_str[]="0123456789abcdef"; - #define DID_NO_CONNECT 0x01 /* Unable to connect before timeout */ - #define DID_BUS_BUSY 0x02 /* Bus remain busy until timeout */ - #define DID_TIME_OUT 0x03 /* Timed out for some other reason */ -+#define DID_TRANSPORT_DISRUPTED 0x0e /* Transport disrupted and should retry */ - #define DRIVER_TIMEOUT 0x06 - #define DRIVER_SENSE 0x08 /* Sense_buffer has been set */ - -@@ -79,6 +80,7 @@ static const char hex_str[]="0123456789abcdef"; - #define SG_ERR_CAT_TIMEOUT 3 - #define SG_ERR_CAT_RECOVERED 4 /* Successful command after recovered err */ - #define SG_ERR_CAT_NOTSUPPORTED 5 /* Illegal / unsupported command */ -+#define SG_ERR_CAT_RETRY 6 /* Command should be retried */ - #define SG_ERR_CAT_SENSE 98 /* Something else in the sense buffer */ - #define SG_ERR_CAT_OTHER 99 /* Some other error/warning */ - -@@ -126,6 +128,8 @@ static int sg_err_category_new(int scsi_status, int msg_status, int - if (host_status) { - if (IN_SET(host_status, DID_NO_CONNECT, DID_BUS_BUSY, DID_TIME_OUT)) - return SG_ERR_CAT_TIMEOUT; -+ if (host_status == DID_TRANSPORT_DISRUPTED) -+ return SG_ERR_CAT_RETRY; - } - if (driver_status) { - if (driver_status == DRIVER_TIMEOUT) -@@ -332,6 +336,8 @@ resend: - case SG_ERR_CAT_RECOVERED: - retval = 0; - break; -+ case SG_ERR_CAT_RETRY: -+ break; - - default: - if (dev_scsi->use_sg == 4) --- -2.27.0 - diff --git a/backport-sd-boot-Fix-possible-null-pointer-dereference.patch b/backport-sd-boot-Fix-possible-null-pointer-dereference.patch deleted file mode 100644 index 4e9aec9..0000000 --- a/backport-sd-boot-Fix-possible-null-pointer-dereference.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 872d101c2308e07c523fd6ca84bd774447f05b7e Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Wed, 11 Aug 2021 14:59:46 +0200 -Subject: [PATCH] sd-boot: Fix possible null pointer dereference - -Auto entries are showing garbage for the version in print_status() -because StrDuplicate does not expect null pointers. - -(cherry picked from commit b52fafb26d90b77cfc259fcbdab3c95a571bacb1) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/872d101c2308e07c523fd6ca84bd774447f05b7e ---- - src/boot/efi/boot.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c -index 3249171ec1..13940a6df7 100644 ---- a/src/boot/efi/boot.c -+++ b/src/boot/efi/boot.c -@@ -1724,7 +1724,7 @@ static ConfigEntry *config_entry_add_loader( - *entry = (ConfigEntry) { - .type = type, - .title = StrDuplicate(title), -- .version = StrDuplicate(version), -+ .version = version ? StrDuplicate(version) : NULL, - .device = device, - .loader = StrDuplicate(loader), - .id = StrDuplicate(id), --- -2.33.0 - diff --git a/backport-sd-boot-Rework-console-input-handling.patch b/backport-sd-boot-Rework-console-input-handling.patch deleted file mode 100644 index 263eb2a..0000000 --- a/backport-sd-boot-Rework-console-input-handling.patch +++ /dev/null @@ -1,323 +0,0 @@ -From 9e47ea7c98d1f4e0a75edb5d1590e5742f253317 Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Wed, 11 Aug 2021 14:59:46 +0200 -Subject: [PATCH] sd-boot: Rework console input handling - -Fixes: #15847 -Probably fixes: #19191 - -(cherry picked from commit e98d271e57f3d0356e444b6ea2d48836ee2769b0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9e47ea7c98d1f4e0a75edb5d1590e5742f253317 ---- - src/boot/efi/boot.c | 55 +++++++--------------- - src/boot/efi/console.c | 102 +++++++++++++++++++++++++++++------------ - src/boot/efi/console.h | 2 +- - 3 files changed, 91 insertions(+), 68 deletions(-) - -diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c -index 54d704f0d1..b4f3b9605a 100644 ---- a/src/boot/efi/boot.c -+++ b/src/boot/efi/boot.c -@@ -134,7 +134,7 @@ static BOOLEAN line_edit( - uefi_call_wrapper(ST->ConOut->OutputString, 2, ST->ConOut, print); - uefi_call_wrapper(ST->ConOut->SetCursorPosition, 3, ST->ConOut, cursor, y_pos); - -- err = console_key_read(&key, TRUE); -+ err = console_key_read(&key, 0); - if (EFI_ERROR(err)) - continue; - -@@ -387,7 +387,7 @@ static VOID print_status(Config *config, CHAR16 *loaded_image_path) { - Print(L"OsIndicationsSupported: %d\n", indvar); - - Print(L"\n--- press key ---\n\n"); -- console_key_read(&key, TRUE); -+ console_key_read(&key, 0); - - Print(L"timeout: %u\n", config->timeout_sec); - if (config->timeout_sec_efivar >= 0) -@@ -432,7 +432,7 @@ static VOID print_status(Config *config, CHAR16 *loaded_image_path) { - Print(L"LoaderEntryDefault: %s\n", defaultstr); - - Print(L"\n--- press key ---\n\n"); -- console_key_read(&key, TRUE); -+ console_key_read(&key, 0); - - for (UINTN i = 0; i < config->entry_count; i++) { - ConfigEntry *entry; -@@ -482,7 +482,7 @@ static VOID print_status(Config *config, CHAR16 *loaded_image_path) { - entry->path, entry->next_name); - - Print(L"\n--- press key ---\n\n"); -- console_key_read(&key, TRUE); -+ console_key_read(&key, 0); - } - - uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut); -@@ -509,11 +509,10 @@ static BOOLEAN menu_run( - UINTN y_max; - CHAR16 *status; - CHAR16 *clearline; -- INTN timeout_remain; -+ UINTN timeout_remain = config->timeout_sec; - INT16 idx; - BOOLEAN exit = FALSE; - BOOLEAN run = TRUE; -- BOOLEAN wait = FALSE; - - graphics_mode(FALSE); - uefi_call_wrapper(ST->ConIn->Reset, 2, ST->ConIn, FALSE); -@@ -538,12 +537,6 @@ static BOOLEAN menu_run( - y_max = 25; - } - -- /* we check 10 times per second for a keystroke */ -- if (config->timeout_sec > 0) -- timeout_remain = config->timeout_sec * 10; -- else -- timeout_remain = -1; -- - idx_highlight = config->idx_default; - idx_highlight_prev = 0; - -@@ -643,7 +636,7 @@ static BOOLEAN menu_run( - - if (timeout_remain > 0) { - FreePool(status); -- status = PoolPrint(L"Boot in %d sec.", (timeout_remain + 5) / 10); -+ status = PoolPrint(L"Boot in %d s.", timeout_remain); - } - - /* print status at last line of screen */ -@@ -664,27 +657,18 @@ static BOOLEAN menu_run( - uefi_call_wrapper(ST->ConOut->OutputString, 2, ST->ConOut, clearline+1 + x + len); - } - -- err = console_key_read(&key, wait); -- if (EFI_ERROR(err)) { -- /* timeout reached */ -+ err = console_key_read(&key, timeout_remain > 0 ? 1000 * 1000 : 0); -+ if (err == EFI_TIMEOUT) { -+ timeout_remain--; - if (timeout_remain == 0) { - exit = TRUE; - break; - } - -- /* sleep and update status */ -- if (timeout_remain > 0) { -- uefi_call_wrapper(BS->Stall, 1, 100 * 1000); -- timeout_remain--; -- continue; -- } -- -- /* timeout disabled, wait for next key */ -- wait = TRUE; -+ /* update status */ - continue; -- } -- -- timeout_remain = -1; -+ } else -+ timeout_remain = 0; - - /* clear status after keystroke */ - if (status) { -@@ -787,7 +771,7 @@ static BOOLEAN menu_run( - config->timeout_sec_efivar, - EFI_VARIABLE_NON_VOLATILE); - if (config->timeout_sec_efivar > 0) -- status = PoolPrint(L"Menu timeout set to %d sec.", config->timeout_sec_efivar); -+ status = PoolPrint(L"Menu timeout set to %d s.", config->timeout_sec_efivar); - else - status = StrDuplicate(L"Menu disabled. Hold down key at bootup to show menu."); - } else if (config->timeout_sec_efivar <= 0){ -@@ -795,7 +779,7 @@ static BOOLEAN menu_run( - efivar_set( - LOADER_GUID, L"LoaderConfigTimeout", NULL, EFI_VARIABLE_NON_VOLATILE); - if (config->timeout_sec_config > 0) -- status = PoolPrint(L"Menu timeout of %d sec is defined by configuration file.", -+ status = PoolPrint(L"Menu timeout of %d s is defined by configuration file.", - config->timeout_sec_config); - else - status = StrDuplicate(L"Menu disabled. Hold down key at bootup to show menu."); -@@ -813,7 +797,7 @@ static BOOLEAN menu_run( - config->timeout_sec_efivar, - EFI_VARIABLE_NON_VOLATILE); - if (config->timeout_sec_efivar > 0) -- status = PoolPrint(L"Menu timeout set to %d sec.", -+ status = PoolPrint(L"Menu timeout set to %d s.", - config->timeout_sec_efivar); - else - status = StrDuplicate(L"Menu disabled. Hold down key at bootup to show menu."); -@@ -2369,13 +2353,8 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - else { - UINT64 key; - -- err = console_key_read(&key, FALSE); -- -- if (err == EFI_NOT_READY) { -- uefi_call_wrapper(BS->Stall, 1, 100 * 1000); -- err = console_key_read(&key, FALSE); -- } -- -+ /* Block up to 100ms to give firmware time to get input working. */ -+ err = console_key_read(&key, 100 * 1000); - if (!EFI_ERROR(err)) { - INT16 idx; - -diff --git a/src/boot/efi/console.c b/src/boot/efi/console.c -index 83619d2147..369c549daf 100644 ---- a/src/boot/efi/console.c -+++ b/src/boot/efi/console.c -@@ -11,61 +11,105 @@ - - #define EFI_SIMPLE_TEXT_INPUT_EX_GUID &(EFI_GUID) EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL_GUID - --EFI_STATUS console_key_read(UINT64 *key, BOOLEAN wait) { -+static inline void EventClosep(EFI_EVENT *event) { -+ if (!*event) -+ return; -+ -+ uefi_call_wrapper(BS->CloseEvent, 1, *event); -+} -+ -+/* -+ * Reading input from the console sounds like an easy task to do, but thanks to broken -+ * firmware it is actually a nightmare. -+ * -+ * There is a ConIn and TextInputEx API for this. Ideally we want to use TextInputEx, -+ * because that gives us Ctrl/Alt/Shift key state information. Unfortunately, it is not -+ * always available and sometimes just non-functional. -+ * -+ * On the other hand we have ConIn, where some firmware likes to just freeze on us -+ * if we call ReadKeyStroke on it. -+ * -+ * Therefore, we use WaitForEvent on both ConIn and TextInputEx (if available) along -+ * with a timer event. The timer ensures there is no need to call into functions -+ * that might freeze on us, while still allowing us to show a timeout counter. -+ */ -+EFI_STATUS console_key_read(UINT64 *key, UINT64 timeout_usec) { - static EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL *TextInputEx; - static BOOLEAN checked; - UINTN index; - EFI_INPUT_KEY k; - EFI_STATUS err; -+ _cleanup_(EventClosep) EFI_EVENT timer = NULL; -+ EFI_EVENT events[3] = { ST->ConIn->WaitForKey }; -+ UINTN n_events = 1; - - if (!checked) { - err = LibLocateProtocol(EFI_SIMPLE_TEXT_INPUT_EX_GUID, (VOID **)&TextInputEx); -- if (EFI_ERROR(err)) -+ if (EFI_ERROR(err) || -+ uefi_call_wrapper(BS->CheckEvent, 1, TextInputEx->WaitForKeyEx) == EFI_INVALID_PARAMETER) -+ /* If WaitForKeyEx fails here, the firmware pretends it talks this -+ * protocol, but it really doesn't. */ - TextInputEx = NULL; -+ else -+ events[n_events++] = TextInputEx->WaitForKeyEx; - - checked = TRUE; - } - -- /* wait until key is pressed */ -- if (wait) -- uefi_call_wrapper(BS->WaitForEvent, 3, 1, &ST->ConIn->WaitForKey, &index); -+ if (timeout_usec > 0) { -+ err = uefi_call_wrapper(BS->CreateEvent, 5, EVT_TIMER, 0, NULL, NULL, &timer); -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Error creating timer event: %r", err); -+ -+ /* SetTimer expects 100ns units for some reason. */ -+ err = uefi_call_wrapper(BS->SetTimer, 3, timer, TimerRelative, timeout_usec * 10); -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Error arming timer event: %r", err); - -- if (TextInputEx) { -+ events[n_events++] = timer; -+ } -+ -+ err = uefi_call_wrapper(BS->WaitForEvent, 3, n_events, events, &index); -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Error waiting for events: %r", err); -+ -+ if (timeout_usec > 0 && timer == events[index]) -+ return EFI_TIMEOUT; -+ -+ /* TextInputEx might be ready too even if ConIn got to signal first. */ -+ if (TextInputEx && !EFI_ERROR(uefi_call_wrapper(BS->CheckEvent, 1, TextInputEx->WaitForKeyEx))) { - EFI_KEY_DATA keydata; - UINT64 keypress; -+ UINT32 shift = 0; - - err = uefi_call_wrapper(TextInputEx->ReadKeyStrokeEx, 2, TextInputEx, &keydata); -- if (!EFI_ERROR(err)) { -- UINT32 shift = 0; -- -- /* do not distinguish between left and right keys */ -- if (keydata.KeyState.KeyShiftState & EFI_SHIFT_STATE_VALID) { -- if (keydata.KeyState.KeyShiftState & (EFI_RIGHT_CONTROL_PRESSED|EFI_LEFT_CONTROL_PRESSED)) -- shift |= EFI_CONTROL_PRESSED; -- if (keydata.KeyState.KeyShiftState & (EFI_RIGHT_ALT_PRESSED|EFI_LEFT_ALT_PRESSED)) -- shift |= EFI_ALT_PRESSED; -- }; -- -- /* 32 bit modifier keys + 16 bit scan code + 16 bit unicode */ -- keypress = KEYPRESS(shift, keydata.Key.ScanCode, keydata.Key.UnicodeChar); -- if (keypress > 0) { -- *key = keypress; -- return 0; -- } -+ if (EFI_ERROR(err)) -+ return err; -+ -+ /* do not distinguish between left and right keys */ -+ if (keydata.KeyState.KeyShiftState & EFI_SHIFT_STATE_VALID) { -+ if (keydata.KeyState.KeyShiftState & (EFI_RIGHT_CONTROL_PRESSED|EFI_LEFT_CONTROL_PRESSED)) -+ shift |= EFI_CONTROL_PRESSED; -+ if (keydata.KeyState.KeyShiftState & (EFI_RIGHT_ALT_PRESSED|EFI_LEFT_ALT_PRESSED)) -+ shift |= EFI_ALT_PRESSED; -+ }; -+ -+ /* 32 bit modifier keys + 16 bit scan code + 16 bit unicode */ -+ keypress = KEYPRESS(shift, keydata.Key.ScanCode, keydata.Key.UnicodeChar); -+ if (keypress > 0) { -+ *key = keypress; -+ return EFI_SUCCESS; - } -+ -+ return EFI_NOT_READY; - } - -- /* fallback for firmware which does not support SimpleTextInputExProtocol -- * -- * This is also called in case ReadKeyStrokeEx did not return a key, because -- * some broken firmwares offer SimpleTextInputExProtocol, but never actually -- * handle any key. */ - err = uefi_call_wrapper(ST->ConIn->ReadKeyStroke, 2, ST->ConIn, &k); - if (EFI_ERROR(err)) - return err; - - *key = KEYPRESS(0, k.ScanCode, k.UnicodeChar); -- return 0; -+ return EFI_SUCCESS; - } - - static EFI_STATUS change_mode(UINTN mode) { -diff --git a/src/boot/efi/console.h b/src/boot/efi/console.h -index 2c69af552a..23848a9c58 100644 ---- a/src/boot/efi/console.h -+++ b/src/boot/efi/console.h -@@ -16,5 +16,5 @@ enum console_mode_change_type { - CONSOLE_MODE_MAX, - }; - --EFI_STATUS console_key_read(UINT64 *key, BOOLEAN wait); -+EFI_STATUS console_key_read(UINT64 *key, UINT64 timeout_usec); - EFI_STATUS console_set_mode(UINTN *mode, enum console_mode_change_type how); --- -2.33.0 - diff --git a/backport-sd-boot-Unify-error-handling.patch b/backport-sd-boot-Unify-error-handling.patch deleted file mode 100644 index d6147b6..0000000 --- a/backport-sd-boot-Unify-error-handling.patch +++ /dev/null @@ -1,404 +0,0 @@ -From 218c0839b24853899d2ea15cb2973ab0d56a7f31 Mon Sep 17 00:00:00 2001 -From: Jan Janssen -Date: Wed, 11 Aug 2021 14:59:46 +0200 -Subject: [PATCH] sd-boot: Unify error handling - -log_error_stall() and log_error_status_stall() will ensure the user has -a chance to catch an error message by stalling and also forcing a -lightred/black color on it. Also, convert several Print() calls to it -since they are actually error messages. - -(cherry picked from commit 8aba0eec499b762657f528988c2f093ac490620d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/218c0839b24853899d2ea15cb2973ab0d56a7f31 ---- - src/boot/efi/boot.c | 62 ++++++++++---------------------- - src/boot/efi/random-seed.c | 73 +++++++++++++------------------------- - src/boot/efi/stub.c | 24 ++++--------- - src/boot/efi/util.c | 17 +++++++-- - src/boot/efi/util.h | 9 +++++ - 5 files changed, 75 insertions(+), 110 deletions(-) - -diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c -index 13940a6df7..54d704f0d1 100644 ---- a/src/boot/efi/boot.c -+++ b/src/boot/efi/boot.c -@@ -527,7 +527,7 @@ static BOOLEAN menu_run( - err = console_set_mode(&config->console_mode, config->console_mode_change); - if (EFI_ERROR(err)) { - uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut); -- Print(L"Error switching console mode to %ld: %r.\r", (UINT64)config->console_mode, err); -+ log_error_stall(L"Error switching console mode to %lu: %r", (UINT64)config->console_mode, err); - } - } else - uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut); -@@ -1221,8 +1221,7 @@ static VOID config_entry_bump_counters( - break; - - if (r != EFI_BUFFER_TOO_SMALL || file_info_size * 2 < file_info_size) { -- Print(L"\nFailed to get file info for '%s': %r\n", old_path, r); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -+ log_error_stall(L"Failed to get file info for '%s': %r", old_path, r); - return; - } - -@@ -1234,8 +1233,7 @@ static VOID config_entry_bump_counters( - StrCpy(file_info->FileName, entry->next_name); - r = uefi_call_wrapper(handle->SetInfo, 4, handle, &EfiFileInfoGuid, file_info_size, file_info); - if (EFI_ERROR(r)) { -- Print(L"\nFailed to rename '%s' to '%s', ignoring: %r\n", old_path, entry->next_name, r); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -+ log_error_stall(L"Failed to rename '%s' to '%s', ignoring: %r", old_path, entry->next_name, r); - return; - } - -@@ -2165,18 +2163,12 @@ static EFI_STATUS image_start( - EFI_STATUS err; - - path = FileDevicePath(entry->device, entry->loader); -- if (!path) { -- Print(L"Error getting device path."); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return EFI_INVALID_PARAMETER; -- } -+ if (!path) -+ return log_error_status_stall(EFI_INVALID_PARAMETER, L"Error getting device path."); - - err = uefi_call_wrapper(BS->LoadImage, 6, FALSE, parent_image, path, NULL, 0, &image); -- if (EFI_ERROR(err)) { -- Print(L"Error loading %s: %r", entry->loader, err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Error loading %s: %r", entry->loader, err); - - if (config->options_edit) - options = config->options_edit; -@@ -2190,8 +2182,7 @@ static EFI_STATUS image_start( - err = uefi_call_wrapper(BS->OpenProtocol, 6, image, &LoadedImageProtocol, (VOID **)&loaded_image, - parent_image, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL); - if (EFI_ERROR(err)) { -- Print(L"Error getting LoadedImageProtocol handle: %r", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -+ log_error_stall(L"Error getting LoadedImageProtocol handle: %r", err); - goto out_unload; - } - loaded_image->LoadOptions = options; -@@ -2202,10 +2193,8 @@ static EFI_STATUS image_start( - err = tpm_log_event(SD_TPM_PCR, - (EFI_PHYSICAL_ADDRESS) (UINTN) loaded_image->LoadOptions, - loaded_image->LoadOptionsSize, loaded_image->LoadOptions); -- if (EFI_ERROR(err)) { -- Print(L"Unable to add image options measurement: %r", err); -- uefi_call_wrapper(BS->Stall, 1, 200 * 1000); -- } -+ if (EFI_ERROR(err)) -+ log_error_stall(L"Unable to add image options measurement: %r", err); - #endif - } - -@@ -2231,9 +2220,7 @@ static EFI_STATUS reboot_into_firmware(VOID) { - return err; - - err = uefi_call_wrapper(RT->ResetSystem, 4, EfiResetCold, EFI_SUCCESS, 0, NULL); -- Print(L"Error calling ResetSystem: %r", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -+ return log_error_status_stall(err, L"Error calling ResetSystem: %r", err); - } - - static VOID config_free(Config *config) { -@@ -2305,30 +2292,21 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - - err = uefi_call_wrapper(BS->OpenProtocol, 6, image, &LoadedImageProtocol, (VOID **)&loaded_image, - image, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL); -- if (EFI_ERROR(err)) { -- Print(L"Error getting a LoadedImageProtocol handle: %r", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Error getting a LoadedImageProtocol handle: %r", err); - - /* export the device path this image is started from */ - if (disk_get_part_uuid(loaded_image->DeviceHandle, uuid) == EFI_SUCCESS) - efivar_set(LOADER_GUID, L"LoaderDevicePartUUID", uuid, 0); - - root_dir = LibOpenRoot(loaded_image->DeviceHandle); -- if (!root_dir) { -- Print(L"Unable to open root directory."); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return EFI_LOAD_ERROR; -- } -+ if (!root_dir) -+ return log_error_status_stall(EFI_LOAD_ERROR, L"Unable to open root directory.", EFI_LOAD_ERROR); - - if (secure_boot_enabled() && shim_loaded()) { - err = security_policy_install(); -- if (EFI_ERROR(err)) { -- Print(L"Error installing security policy: %r ", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Error installing security policy: %r", err); - } - - /* the filesystem path to this image, to prevent adding ourselves to the menu */ -@@ -2367,8 +2345,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - } - - if (config.entry_count == 0) { -- Print(L"No loader found. Configuration files in \\loader\\entries\\*.conf are needed."); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -+ log_error_stall(L"No loader found. Configuration files in \\loader\\entries\\*.conf are needed."); - goto out; - } - -@@ -2440,8 +2417,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - err = image_start(image, &config, entry); - if (EFI_ERROR(err)) { - graphics_mode(FALSE); -- Print(L"\nFailed to execute %s (%s): %r\n", entry->title, entry->loader, err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -+ log_error_stall(L"Failed to execute %s (%s): %r", entry->title, entry->loader, err); - goto out; - } - -diff --git a/src/boot/efi/random-seed.c b/src/boot/efi/random-seed.c -index 3e179851b0..939daf3e41 100644 ---- a/src/boot/efi/random-seed.c -+++ b/src/boot/efi/random-seed.c -@@ -35,10 +35,8 @@ static EFI_STATUS acquire_rng(UINTN size, VOID **ret) { - return log_oom(); - - err = uefi_call_wrapper(rng->GetRNG, 3, rng, NULL, size, data); -- if (EFI_ERROR(err)) { -- Print(L"Failed to acquire RNG data: %r\n", err); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Failed to acquire RNG data: %r", err); - - *ret = TAKE_PTR(data); - return EFI_SUCCESS; -@@ -149,14 +147,12 @@ static EFI_STATUS acquire_system_token(VOID **ret, UINTN *ret_size) { - err = efivar_get_raw(LOADER_GUID, L"LoaderSystemToken", &data, &size); - if (EFI_ERROR(err)) { - if (err != EFI_NOT_FOUND) -- Print(L"Failed to read LoaderSystemToken EFI variable: %r", err); -+ log_error_stall(L"Failed to read LoaderSystemToken EFI variable: %r", err); - return err; - } - -- if (size <= 0) { -- Print(L"System token too short, ignoring."); -- return EFI_NOT_FOUND; -- } -+ if (size <= 0) -+ return log_error_status_stall(EFI_NOT_FOUND, L"System token too short, ignoring."); - - *ret = TAKE_PTR(data); - *ret_size = size; -@@ -209,8 +205,7 @@ static VOID validate_sha256(void) { - sha256_finish_ctx(&hash, result); - - if (CompareMem(result, array[i].hash, HASH_VALUE_SIZE) != 0) { -- Print(L"SHA256 failed validation.\n"); -- uefi_call_wrapper(BS->Stall, 1, 120 * 1000 * 1000); -+ log_error_stall(L"SHA256 failed validation."); - return; - } - } -@@ -246,7 +241,7 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { - err = uefi_call_wrapper(root_dir->Open, 5, root_dir, &handle, (CHAR16*) L"\\loader\\random-seed", EFI_FILE_MODE_READ|EFI_FILE_MODE_WRITE, 0ULL); - if (EFI_ERROR(err)) { - if (err != EFI_NOT_FOUND && err != EFI_WRITE_PROTECTED) -- Print(L"Failed to open random seed file: %r\n", err); -+ log_error_stall(L"Failed to open random seed file: %r", err); - return err; - } - -@@ -255,15 +250,11 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { - return log_oom(); - - size = info->FileSize; -- if (size < RANDOM_MAX_SIZE_MIN) { -- Print(L"Random seed file is too short?\n"); -- return EFI_INVALID_PARAMETER; -- } -+ if (size < RANDOM_MAX_SIZE_MIN) -+ return log_error_status_stall(EFI_INVALID_PARAMETER, L"Random seed file is too short."); - -- if (size > RANDOM_MAX_SIZE_MAX) { -- Print(L"Random seed file is too large?\n"); -- return EFI_INVALID_PARAMETER; -- } -+ if (size > RANDOM_MAX_SIZE_MAX) -+ return log_error_status_stall(EFI_INVALID_PARAMETER, L"Random seed file is too large."); - - seed = AllocatePool(size); - if (!seed) -@@ -271,20 +262,14 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { - - rsize = size; - err = uefi_call_wrapper(handle->Read, 3, handle, &rsize, seed); -- if (EFI_ERROR(err)) { -- Print(L"Failed to read random seed file: %r\n", err); -- return err; -- } -- if (rsize != size) { -- Print(L"Short read on random seed file\n"); -- return EFI_PROTOCOL_ERROR; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Failed to read random seed file: %r", err); -+ if (rsize != size) -+ return log_error_status_stall(EFI_PROTOCOL_ERROR, L"Short read on random seed file."); - - err = uefi_call_wrapper(handle->SetPosition, 2, handle, 0); -- if (EFI_ERROR(err)) { -- Print(L"Failed to seek to beginning of random seed file: %r\n", err); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Failed to seek to beginning of random seed file: %r", err); - - /* Request some random data from the UEFI RNG. We don't need this to work safely, but it's a good - * idea to use it because it helps us for cases where users mistakenly include a random seed in -@@ -299,27 +284,19 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { - /* Update the random seed on disk before we use it */ - wsize = size; - err = uefi_call_wrapper(handle->Write, 3, handle, &wsize, new_seed); -- if (EFI_ERROR(err)) { -- Print(L"Failed to write random seed file: %r\n", err); -- return err; -- } -- if (wsize != size) { -- Print(L"Short write on random seed file\n"); -- return EFI_PROTOCOL_ERROR; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Failed to write random seed file: %r", err); -+ if (wsize != size) -+ return log_error_status_stall(EFI_PROTOCOL_ERROR, L"Short write on random seed file."); - - err = uefi_call_wrapper(handle->Flush, 1, handle); -- if (EFI_ERROR(err)) { -- Print(L"Failed to flush random seed file: %r\n"); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Failed to flush random seed file: %r", err); - - /* We are good to go */ - err = efivar_set_raw(LOADER_GUID, L"LoaderRandomSeed", for_kernel, size, 0); -- if (EFI_ERROR(err)) { -- Print(L"Failed to write random seed to EFI variable: %r\n", err); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Failed to write random seed to EFI variable: %r", err); - - return EFI_SUCCESS; - } -diff --git a/src/boot/efi/stub.c b/src/boot/efi/stub.c -index 082fe91c9e..82da1d3ec4 100644 ---- a/src/boot/efi/stub.c -+++ b/src/boot/efi/stub.c -@@ -36,18 +36,12 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - - err = uefi_call_wrapper(BS->OpenProtocol, 6, image, &LoadedImageProtocol, (VOID **)&loaded_image, - image, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL); -- if (EFI_ERROR(err)) { -- Print(L"Error getting a LoadedImageProtocol handle: %r ", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Error getting a LoadedImageProtocol handle: %r", err); - - err = pe_memory_locate_sections(loaded_image->ImageBase, sections, addrs, offs, szs); -- if (EFI_ERROR(err)) { -- Print(L"Unable to locate embedded .linux section: %r ", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -- } -+ if (EFI_ERROR(err)) -+ return log_error_status_stall(err, L"Unable to locate embedded .linux section: %r", err); - - if (szs[0] > 0) - cmdline = (CHAR8 *)(loaded_image->ImageBase) + addrs[0]; -@@ -72,10 +66,8 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - err = tpm_log_event(SD_TPM_PCR, - (EFI_PHYSICAL_ADDRESS) (UINTN) loaded_image->LoadOptions, - loaded_image->LoadOptionsSize, loaded_image->LoadOptions); -- if (EFI_ERROR(err)) { -- Print(L"Unable to add image options measurement: %r", err); -- uefi_call_wrapper(BS->Stall, 1, 200 * 1000); -- } -+ if (EFI_ERROR(err)) -+ log_error_stall(L"Unable to add image options measurement: %r", err); - #endif - } - -@@ -126,7 +118,5 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { - (UINTN)loaded_image->ImageBase + addrs[2], szs[2]); - - graphics_mode(FALSE); -- Print(L"Execution of embedded linux image failed: %r\n", err); -- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -- return err; -+ return log_error_status_stall(err, L"Execution of embedded linux image failed: %r", err); - } -diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c -index 6f4e5933d3..aee076060b 100644 ---- a/src/boot/efi/util.c -+++ b/src/boot/efi/util.c -@@ -411,8 +411,21 @@ EFI_STATUS file_read(EFI_FILE_HANDLE dir, const CHAR16 *name, UINTN off, UINTN s - return err; - } - -+VOID log_error_stall(const CHAR16 *fmt, ...) { -+ va_list args; -+ -+ uefi_call_wrapper(ST->ConOut->SetAttribute, 2, ST->ConOut, EFI_LIGHTRED|EFI_BACKGROUND_BLACK); -+ -+ Print(L"\n"); -+ va_start(args, fmt); -+ VPrint(fmt, args); -+ va_end(args); -+ Print(L"\n"); -+ -+ uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -+} -+ - EFI_STATUS log_oom(void) { -- Print(L"Out of memory."); -- (void) uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); -+ log_error_stall(L"Out of memory."); - return EFI_OUT_OF_RESOURCES; - } -diff --git a/src/boot/efi/util.h b/src/boot/efi/util.h -index 1a42b01033..d3bf848a95 100644 ---- a/src/boot/efi/util.h -+++ b/src/boot/efi/util.h -@@ -74,4 +74,13 @@ static inline void FileHandleClosep(EFI_FILE_HANDLE *handle) { - #define UINT64_MAX ((UINT64) -1) - #endif - -+VOID log_error_stall(const CHAR16 *fmt, ...); - EFI_STATUS log_oom(void); -+ -+/* This works just like log_error_errno() from userspace, but requires you -+ * to provide err a second time if you want to use %r in the message! */ -+#define log_error_status_stall(err, fmt, ...) \ -+ ({ \ -+ log_error_stall(fmt, ##__VA_ARGS__); \ -+ err; \ -+ }) --- -2.33.0 - diff --git a/backport-sd-bus-allow-numerical-uids-in-M-user-.host.patch b/backport-sd-bus-allow-numerical-uids-in-M-user-.host.patch deleted file mode 100644 index 526768d..0000000 --- a/backport-sd-bus-allow-numerical-uids-in-M-user-.host.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 93597655ac3b1ecc8411e6b1249ab6ce631e87e2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 18:02:50 +0200 -Subject: [PATCH] sd-bus: allow numerical uids in -M user@.host - -UIDs don't work well over ssh, but locally or with containers they are OK. -In particular, user@.service uses UIDs as identifiers, and it's nice to be -able to copy&paste that UID for interaction with the user's managers. - -(cherry picked from commit 2da7d0bc92e2423a5c7225c5d24b99d5d52a0bc6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/93597655ac3b1ecc8411e6b1249ab6ce631e87e2 ---- - src/libsystemd/sd-bus/sd-bus.c | 27 ++++++++++++++++++--------- - 1 file changed, 18 insertions(+), 9 deletions(-) - -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index ab8d4e4a60..e85a409871 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -39,6 +39,7 @@ - #include "parse-util.h" - #include "path-util.h" - #include "process-util.h" -+#include "stdio-util.h" - #include "string-util.h" - #include "strv.h" - #include "user-util.h" -@@ -1616,7 +1617,7 @@ static int user_and_machine_valid(const char *user_and_machine) { - if (!user) - return -ENOMEM; - -- if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX)) -+ if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX | VALID_USER_ALLOW_NUMERIC)) - return false; - - h++; -@@ -1647,17 +1648,25 @@ static int user_and_machine_equivalent(const char *user_and_machine) { - - /* Otherwise, if we are root, then we can also allow the ".host" syntax, as that's the user this - * would connect to. */ -- if (geteuid() == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host")) -+ uid_t uid = geteuid(); -+ -+ if (uid == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host", "0@.host")) - return true; - -- /* Otherwise, we have to figure our user name, and compare things with that. */ -- un = getusername_malloc(); -- if (!un) -- return -ENOMEM; -+ /* Otherwise, we have to figure out our user id and name, and compare things with that. */ -+ char buf[DECIMAL_STR_MAX(uid_t)]; -+ xsprintf(buf, UID_FMT, uid); -+ -+ f = startswith(user_and_machine, buf); -+ if (!f) { -+ un = getusername_malloc(); -+ if (!un) -+ return -ENOMEM; - -- f = startswith(user_and_machine, un); -- if (!f) -- return false; -+ f = startswith(user_and_machine, un); -+ if (!f) -+ return false; -+ } - - return STR_IN_SET(f, "@", "@.host"); - } --- -2.33.0 - diff --git a/backport-sd-bus-do-not-pass-NULL-when-received-message-with-i.patch b/backport-sd-bus-do-not-pass-NULL-when-received-message-with-i.patch deleted file mode 100644 index a7d756b..0000000 --- a/backport-sd-bus-do-not-pass-NULL-when-received-message-with-i.patch +++ /dev/null @@ -1,34 +0,0 @@ -From bc3d5f31bf8af840d3f4c1f66ea5d7ec6dcfcb1b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 14 Jul 2022 10:53:54 +0900 -Subject: [PATCH] sd-bus: do not pass NULL when received message with invalid - type - -Fixes #24003. - -(cherry picked from commit 3f0dbb0f0c4e3c0013fa5fe54441ca7f969555a7) -(cherry picked from commit e56bfc8a417d1877c25b943b75cd73163246fbf2) -(cherry picked from commit a6aa5b2f7262ba67acfddd6dfa304144639a9ca4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bc3d5f31bf8af840d3f4c1f66ea5d7ec6dcfcb1b ---- - src/libsystemd/sd-bus/sd-bus.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index e85a409871..7a58c560d5 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -48,7 +48,7 @@ - do { \ - sd_bus_message *_mm = (m); \ - log_debug("Got message type=%s sender=%s destination=%s path=%s interface=%s member=%s cookie=%" PRIu64 " reply_cookie=%" PRIu64 " signature=%s error-name=%s error-message=%s", \ -- bus_message_type_to_string(_mm->header->type), \ -+ strna(bus_message_type_to_string(_mm->header->type)), \ - strna(sd_bus_message_get_sender(_mm)), \ - strna(sd_bus_message_get_destination(_mm)), \ - strna(sd_bus_message_get_path(_mm)), \ --- -2.27.0 - diff --git a/backport-sd-bus-fix-buffer-overflow.patch b/backport-sd-bus-fix-buffer-overflow.patch deleted file mode 100644 index d08ebc2..0000000 --- a/backport-sd-bus-fix-buffer-overflow.patch +++ /dev/null @@ -1,126 +0,0 @@ -From 1a4f4051c3f41b7750dbc904bb4768413bc8bd58 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 27 May 2022 04:23:10 +0900 -Subject: [PATCH] sd-bus: fix buffer overflow - -Fixes #23486. - -(cherry picked from commit 89b6a3f13e5f3b8a375dc82cb2a1c2c204a5067e) -(cherry picked from commit a5c4e29b2ca83b0956ea4635e1db7b02ae007d55) -(cherry picked from commit a5b0338e896338774226a3bd8a56f63555c7b9ce) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/1a4f4051c3f41b7750dbc904bb4768413bc8bd58 ---- - src/libsystemd/sd-bus/bus-message.c | 30 ++++++++++++++---- - test/fuzz/fuzz-bus-message/issue-23486-case-1 | Bin 0 -> 32 bytes - test/fuzz/fuzz-bus-message/issue-23486-case-2 | Bin 0 -> 16 bytes - test/fuzz/fuzz-bus-message/issue-23486-case-3 | Bin 0 -> 16 bytes - 4 files changed, 23 insertions(+), 7 deletions(-) - create mode 100644 test/fuzz/fuzz-bus-message/issue-23486-case-1 - create mode 100644 test/fuzz/fuzz-bus-message/issue-23486-case-2 - create mode 100644 test/fuzz/fuzz-bus-message/issue-23486-case-3 - -diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c -index 20f7396c74..d74a351e29 100644 ---- a/src/libsystemd/sd-bus/bus-message.c -+++ b/src/libsystemd/sd-bus/bus-message.c -@@ -428,7 +428,7 @@ int bus_message_from_header( - - _cleanup_free_ sd_bus_message *m = NULL; - struct bus_header *h; -- size_t a, label_sz; -+ size_t a, label_sz = 0; /* avoid false maybe-uninitialized warning */ - - assert(bus); - assert(header || header_accessible <= 0); -@@ -506,7 +506,10 @@ int bus_message_from_header( - m->fields_size = BUS_MESSAGE_BSWAP32(m, h->dbus1.fields_size); - m->body_size = BUS_MESSAGE_BSWAP32(m, h->dbus1.body_size); - -- if (sizeof(struct bus_header) + ALIGN8(m->fields_size) + m->body_size != message_size) -+ assert(message_size >= sizeof(struct bus_header)); -+ if (m->fields_size > message_size - sizeof(struct bus_header) || -+ ALIGN8(m->fields_size) > message_size - sizeof(struct bus_header) || -+ m->body_size != message_size - sizeof(struct bus_header) - ALIGN8(m->fields_size)) - return -EBADMSG; - } - -@@ -3062,15 +3065,21 @@ void bus_body_part_unmap(struct bus_body_part *part) { - return; - } - --static int buffer_peek(const void *p, uint32_t sz, size_t *rindex, size_t align, size_t nbytes, void **r) { -+static int buffer_peek(const void *p, size_t sz, size_t *rindex, size_t align, size_t nbytes, void **r) { - size_t k, start, end; - - assert(rindex); - assert(align > 0); - -- start = ALIGN_TO((size_t) *rindex, align); -- end = start + nbytes; -+ start = ALIGN_TO(*rindex, align); -+ if (start > sz) -+ return -EBADMSG; -+ -+ /* Avoid overflow below */ -+ if (nbytes > SIZE_MAX - start) -+ return -EBADMSG; - -+ end = start + nbytes; - if (end > sz) - return -EBADMSG; - -@@ -3273,10 +3282,17 @@ static int message_peek_body( - assert(rindex); - assert(align > 0); - -- start = ALIGN_TO((size_t) *rindex, align); -+ start = ALIGN_TO(*rindex, align); -+ if (start > m->user_body_size) -+ return -EBADMSG; -+ - padding = start - *rindex; -- end = start + nbytes; - -+ /* Avoid overflow below */ -+ if (nbytes > SIZE_MAX - start) -+ return -EBADMSG; -+ -+ end = start + nbytes; - if (end > m->user_body_size) - return -EBADMSG; - -diff --git a/test/fuzz/fuzz-bus-message/issue-23486-case-1 b/test/fuzz/fuzz-bus-message/issue-23486-case-1 -new file mode 100644 -index 0000000000000000000000000000000000000000..fe8338b42ba6af6c080aa92aa619e05a6e6e1cc8 -GIT binary patch -literal 32 -gcmd1dVrFCj0xbpQd;uUW! -Date: Wed, 21 Jul 2021 11:10:36 +0200 -Subject: [PATCH] sd-bus: fix missing initializer in SD_BUS_VTABLE_END (#20253) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When two fields were added to the vtable.x.start struct, no initializers -for these were added to SD_BUS_VTABLE_END which also (ab)used that -struct (albeit sneakily by using non-designated initialization). - -While C tolerates this, C++ prohibits these missing initializers, and -both g++ and clang++ will complain when using -Wextra. - -This patch gives SD_BUS_VTABLE_END its own case in the union and -clarifies its initialization. - -I tested the behaviour of g++ 10.2 and clang 11 in various cases. Both will warn -(-Wmissing-field-initializers, implied by -Wextra) if you provide initializers for some -but not all fields of a struct. Declaring x.end as empty struct or using an empty initializer -{} to initialize the union or one of its members is valid C++ but not C, although both gcc -and clang accept it without warning (even at -Wall -Wextra -std=c90/c++11) unless you -use -pedantic (which requires -std=c99/c++2a to support designated initializers). - -Interestingly, .x = { .start = { 0, 0, NULL } } is the only initializer I found for the union -(among candidates for SD_BUS_VTABLE_END) where gcc doesn't zero-fill it entirely -when allocated on stack, it looked like it did in all other cases (I only examined this on -32-bit arm). clang always seems to initialize all bytes of the union. - -[zjs: test case: -$ cat vtable-test.cc -#include "sd-bus.h" - -const sd_bus_vtable vtable[] = { - SD_BUS_VTABLE_END -}; - -$ g++ -I src/systemd/ -Wall -Wmissing-field-initializers -c vtable-test.cc -vtable-test.cc:5:1: warning: missing initializer for member ‘sd_bus_vtable::::::features’ [-Wmissing-field-initializers] - 5 | }; - | ^ -vtable-test.cc:5:1: warning: missing initializer for member ‘sd_bus_vtable::::::vtable_format_reference’ [-Wmissing-field-initializers] - -$ clang++ -I src/systemd/ -Wmissing-field-initializers -c vtable-test.cc -vtable-test.cc:4:4: warning: missing field 'features' initializer [-Wmissing-field-initializers] - SD_BUS_VTABLE_END - ^ -src/systemd/sd-bus-vtable.h:188:28: note: expanded from macro 'SD_BUS_VTABLE_END' - .x = { { 0 } }, \ - ^ -1 warning generated. - -Both warnings are gone with the patch.] - -(cherry picked from commit 654eaa403070d3c897454a5190603fda4071c3ff) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/cdaf655f73bb3be10d47ab6f00d71a8d0b1a81e3 ---- - src/systemd/sd-bus-vtable.h | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/systemd/sd-bus-vtable.h b/src/systemd/sd-bus-vtable.h -index 75f8848360..35c942b16c 100644 ---- a/src/systemd/sd-bus-vtable.h -+++ b/src/systemd/sd-bus-vtable.h -@@ -75,6 +75,9 @@ struct sd_bus_vtable { - uint64_t features; - const unsigned *vtable_format_reference; - } start; -+ struct { -+ size_t reserved; -+ } end; - struct { - const char *member; - const char *signature; -@@ -185,7 +188,11 @@ struct sd_bus_vtable { - { \ - .type = _SD_BUS_VTABLE_END, \ - .flags = 0, \ -- .x = { { 0 } }, \ -+ .x = { \ -+ .end = { \ -+ .reserved = 0, \ -+ }, \ -+ }, \ - } - - #define _SD_ECHO(X) X --- -2.33.0 - diff --git a/backport-sd-bus-print-debugging-information-if-bus_container_.patch b/backport-sd-bus-print-debugging-information-if-bus_container_.patch deleted file mode 100644 index 2c046d9..0000000 --- a/backport-sd-bus-print-debugging-information-if-bus_container_.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 4358cbc8076352e7946956f5d71bf7c80d7f2e43 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 18:01:03 +0200 -Subject: [PATCH] sd-bus: print debugging information if - bus_container_connect_socket() fails - -We would return the errno, but there are many steps, and without some -debugging info it's hard to figure out what exactly failed. - -(cherry picked from commit 0c201ca945c64e97ba4961ded13ce38a63200468) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4358cbc8076352e7946956f5d71bf7c80d7f2e43 ---- - src/libsystemd/sd-bus/bus-container.c | 18 ++++++++++-------- - 1 file changed, 10 insertions(+), 8 deletions(-) - -diff --git a/src/libsystemd/sd-bus/bus-container.c b/src/libsystemd/sd-bus/bus-container.c -index b11ebb3f65..1159af46cd 100644 ---- a/src/libsystemd/sd-bus/bus-container.c -+++ b/src/libsystemd/sd-bus/bus-container.c -@@ -37,11 +37,11 @@ int bus_container_connect_socket(sd_bus *b) { - - r = namespace_open(b->nspid, &pidnsfd, &mntnsfd, NULL, &usernsfd, &rootfd); - if (r < 0) -- return r; -+ return log_debug_errno(r, "Failed to open namespace of PID "PID_FMT": %m", b->nspid); - - b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0); - if (b->input_fd < 0) -- return -errno; -+ return log_debug_errno(errno, "Failed to create a socket: %m"); - - b->input_fd = fd_move_above_stdio(b->input_fd); - -@@ -50,12 +50,12 @@ int bus_container_connect_socket(sd_bus *b) { - bus_socket_setup(b); - - if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, pair) < 0) -- return -errno; -+ return log_debug_errno(errno, "Failed to create a socket pair: %m"); - - r = namespace_fork("(sd-buscntrns)", "(sd-buscntr)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG, - pidnsfd, mntnsfd, -1, usernsfd, rootfd, &child); - if (r < 0) -- return r; -+ return log_debug_errno(r, "Failed to create namespace for (sd-buscntr): %m"); - if (r == 0) { - pair[0] = safe_close(pair[0]); - -@@ -80,20 +80,22 @@ int bus_container_connect_socket(sd_bus *b) { - - n = read(pair[0], &error_buf, sizeof(error_buf)); - if (n < 0) -- return -errno; -+ return log_debug_errno(errno, "Failed to read error status from (sd-buscntr): %m"); - - if (n > 0) { - if (n != sizeof(error_buf)) -- return -EIO; -+ return log_debug_errno(SYNTHETIC_ERRNO(EIO), -+ "Read error status of unexpected length %zd from (sd-buscntr): %m", n); - - if (error_buf < 0) -- return -EIO; -+ return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), -+ "Got unexpected error status from (sd-buscntr): %m"); - - if (error_buf == EINPROGRESS) - return 1; - - if (error_buf > 0) -- return -error_buf; -+ return log_debug_errno(error_buf, "Got error from (sd-buscntr): %m"); - } - - return bus_socket_start_auth(b); --- -2.33.0 - diff --git a/backport-sd-bus-print-quoted-commandline-when-in-bus_socket_e.patch b/backport-sd-bus-print-quoted-commandline-when-in-bus_socket_e.patch deleted file mode 100644 index 333e9e3..0000000 --- a/backport-sd-bus-print-quoted-commandline-when-in-bus_socket_e.patch +++ /dev/null @@ -1,69 +0,0 @@ -From a221143c6de4917bb6653f5aa134ce8be3c90f6c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 7 Jul 2021 16:36:49 +0200 -Subject: [PATCH] sd-bus: print quoted commandline when in bus_socket_exec() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The arguments are where the interesting part is: -src/libsystemd/sd-bus/bus-socket.c:965: sd-bus: starting bus with systemd-run... -↓ -src/libsystemd/sd-bus/bus-socket.c:972: sd-bus: starting bus with systemd-run -M.host -PGq --wait -pUser=1000 -pPAMName=login systemd-stdio-bridge "-punix:path=\${XDG_RUNTIME_DIR}/bus" - -(cherry picked from commit 87fa2e21dd7a30d25ccda2df6b8446a82637b059) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a221143c6de4917bb6653f5aa134ce8be3c90f6c ---- - src/libsystemd/sd-bus/bus-socket.c | 20 ++++++++++++++------ - 1 file changed, 14 insertions(+), 6 deletions(-) - -diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c -index 09eb49c37f..42c5f175d3 100644 ---- a/src/libsystemd/sd-bus/bus-socket.c -+++ b/src/libsystemd/sd-bus/bus-socket.c -@@ -12,6 +12,7 @@ - #include "bus-internal.h" - #include "bus-message.h" - #include "bus-socket.h" -+#include "escape.h" - #include "fd-util.h" - #include "format-util.h" - #include "fs-util.h" -@@ -962,8 +963,17 @@ int bus_socket_exec(sd_bus *b) { - assert(b->exec_path); - assert(b->busexec_pid == 0); - -- log_debug("sd-bus: starting bus%s%s with %s...", -- b->description ? " " : "", strempty(b->description), b->exec_path); -+ if (DEBUG_LOGGING) { -+ _cleanup_free_ char *line = NULL; -+ -+ if (b->exec_argv) -+ line = quote_command_line(b->exec_argv); -+ -+ log_debug("sd-bus: starting bus%s%s with %s%s", -+ b->description ? " " : "", strempty(b->description), -+ line ?: b->exec_path, -+ b->exec_argv && !line ? "…" : ""); -+ } - - r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s); - if (r < 0) -@@ -984,10 +994,8 @@ int bus_socket_exec(sd_bus *b) { - - if (b->exec_argv) - execvp(b->exec_path, b->exec_argv); -- else { -- const char *argv[] = { b->exec_path, NULL }; -- execvp(b->exec_path, (char**) argv); -- } -+ else -+ execvp(b->exec_path, STRV_MAKE(b->exec_path)); - - _exit(EXIT_FAILURE); - } --- -2.33.0 - diff --git a/backport-sd-device-introduce-device_has_devlink.patch b/backport-sd-device-introduce-device_has_devlink.patch deleted file mode 100644 index 147314c..0000000 --- a/backport-sd-device-introduce-device_has_devlink.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 8ada2c1b5922110d961aa82e6d712f6eed696afe Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 09:22:15 +0900 -Subject: [PATCH] sd-device: introduce device_has_devlink() - -(cherry picked from commit b881ce16b9ccae4c3089c82e2ea1781cd9773a4f) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/8ada2c1b5922110d961aa82e6d712f6eed696afe ---- - src/libsystemd/sd-device/device-private.h | 1 + - src/libsystemd/sd-device/sd-device.c | 7 +++++++ - 2 files changed, 8 insertions(+) - -diff --git a/src/libsystemd/sd-device/device-private.h b/src/libsystemd/sd-device/device-private.h -index fe268d7f2f..9bb5eff208 100644 ---- a/src/libsystemd/sd-device/device-private.h -+++ b/src/libsystemd/sd-device/device-private.h -@@ -32,6 +32,7 @@ void device_set_db_persist(sd_device *device); - void device_set_devlink_priority(sd_device *device, int priority); - int device_ensure_usec_initialized(sd_device *device, sd_device *device_old); - int device_add_devlink(sd_device *device, const char *devlink); -+bool device_has_devlink(sd_device *device, const char *devlink); - int device_add_property(sd_device *device, const char *property, const char *value); - int device_add_tag(sd_device *device, const char *tag, bool both); - void device_remove_tag(sd_device *device, const char *tag); -diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c -index 3f2cce5bba..418a5b10bd 100644 ---- a/src/libsystemd/sd-device/sd-device.c -+++ b/src/libsystemd/sd-device/sd-device.c -@@ -1195,6 +1195,13 @@ int device_add_devlink(sd_device *device, const char *devlink) { - return 0; - } - -+bool device_has_devlink(sd_device *device, const char *devlink) { -+ assert(device); -+ assert(devlink); -+ -+ return set_contains(device->devlinks, devlink); -+} -+ - static int device_add_property_internal_from_string(sd_device *device, const char *str) { - _cleanup_free_ char *key = NULL; - char *value; --- -2.33.0 - diff --git a/backport-sd-device-monitor-actually-refuse-to-send-invalid-de.patch b/backport-sd-device-monitor-actually-refuse-to-send-invalid-de.patch deleted file mode 100644 index 78173f3..0000000 --- a/backport-sd-device-monitor-actually-refuse-to-send-invalid-de.patch +++ /dev/null @@ -1,35 +0,0 @@ -From b1b19cfdd22892ecc11e27206c3eab138c719e13 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 12 Aug 2022 04:19:27 +0900 -Subject: [PATCH] sd-device-monitor: actually refuse to send invalid devices - -Fixes an issue introduced by 9e79123884a36ce095b98d1c0fe247dddf02dbec. - -(cherry picked from commit 8bb4989906a1659b0f6adfa03dc7585e294a392b) -(cherry picked from commit 6e1acfe81823b67b6b830d3ae8d0f0184eab8b2f) -(cherry picked from commit b48a17f13fb85145c17ee1dd3beb450d1dcc4b08) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b1b19cfdd22892ecc11e27206c3eab138c719e13 ---- - src/libsystemd/sd-device/device-monitor.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd/sd-device/device-monitor.c b/src/libsystemd/sd-device/device-monitor.c -index 2cb35951de..d7c6c69640 100644 ---- a/src/libsystemd/sd-device/device-monitor.c -+++ b/src/libsystemd/sd-device/device-monitor.c -@@ -577,8 +577,8 @@ int device_monitor_send_device( - if (r < 0) - return log_device_debug_errno(device, r, "sd-device-monitor: Failed to get device properties: %m"); - if (blen < 32) -- log_device_debug_errno(device, SYNTHETIC_ERRNO(EINVAL), -- "sd-device-monitor: Length of device property nulstr is too small to contain valid device information"); -+ return log_device_debug_errno(device, SYNTHETIC_ERRNO(EINVAL), -+ "sd-device-monitor: Length of device property nulstr is too small to contain valid device information"); - - /* fill in versioned header */ - r = sd_device_get_subsystem(device, &val); --- -2.27.0 - diff --git a/backport-sd-device-monitor-update-log-message-to-clarify-the-.patch b/backport-sd-device-monitor-update-log-message-to-clarify-the-.patch deleted file mode 100644 index c07f738..0000000 --- a/backport-sd-device-monitor-update-log-message-to-clarify-the-.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 82b2135bf0512c11f7f21f9d0689e8ea5b4a2529 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 13 Oct 2021 12:57:40 +0900 -Subject: [PATCH] sd-device-monitor: update log message to clarify the error - will be ignored - -(cherry picked from commit 6b652c03a47aa28898dffd408543c06670e3450d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/82b2135bf0512c11f7f21f9d0689e8ea5b4a2529 ---- - src/libsystemd/sd-device/device-monitor.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/libsystemd/sd-device/device-monitor.c b/src/libsystemd/sd-device/device-monitor.c -index b485e3e2b6..2cb35951de 100644 ---- a/src/libsystemd/sd-device/device-monitor.c -+++ b/src/libsystemd/sd-device/device-monitor.c -@@ -178,7 +178,7 @@ int device_monitor_new_full(sd_device_monitor **ret, MonitorNetlinkGroup group, - - netns = ioctl(m->sock, SIOCGSKNS); - if (netns < 0) -- log_debug_errno(errno, "sd-device-monitor: Unable to get network namespace of udev netlink socket, unable to determine if we are in host netns: %m"); -+ log_debug_errno(errno, "sd-device-monitor: Unable to get network namespace of udev netlink socket, unable to determine if we are in host netns, ignoring: %m"); - else { - struct stat a, b; - -@@ -191,9 +191,9 @@ int device_monitor_new_full(sd_device_monitor **ret, MonitorNetlinkGroup group, - if (ERRNO_IS_PRIVILEGE(errno)) - /* If we can't access PID1's netns info due to permissions, it's fine, this is a - * safety check only after all. */ -- log_debug_errno(errno, "sd-device-monitor: No permission to stat PID1's netns, unable to determine if we are in host netns: %m"); -+ log_debug_errno(errno, "sd-device-monitor: No permission to stat PID1's netns, unable to determine if we are in host netns, ignoring: %m"); - else -- log_debug_errno(errno, "sd-device-monitor: Failed to stat PID1's netns: %m"); -+ log_debug_errno(errno, "sd-device-monitor: Failed to stat PID1's netns, ignoring: %m"); - - } else if (a.st_dev != b.st_dev || a.st_ino != b.st_ino) - log_debug("sd-device-monitor: Netlink socket we listen on is not from host netns, we won't see device events."); --- -2.33.0 - diff --git a/backport-sd-device-silence-gcc-warning-with-newest-gcc.patch b/backport-sd-device-silence-gcc-warning-with-newest-gcc.patch deleted file mode 100644 index 6aef517..0000000 --- a/backport-sd-device-silence-gcc-warning-with-newest-gcc.patch +++ /dev/null @@ -1,30 +0,0 @@ -From e05023045edd4a0e20b60e81f9fa54f08636d660 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 15 Jan 2022 13:38:30 +0100 -Subject: [PATCH] sd-device: silence gcc warning with newest gcc - -(cherry picked from commit 376ee2c312b87951028a0adff96b1052f32475fa) -(cherry picked from commit 18aff8c85720606e05826045b6799d19a7dcf08a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e05023045edd4a0e20b60e81f9fa54f08636d660 ---- - src/libsystemd/sd-device/sd-device.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c -index 388128bf33..45261588a8 100644 ---- a/src/libsystemd/sd-device/sd-device.c -+++ b/src/libsystemd/sd-device/sd-device.c -@@ -1370,7 +1370,7 @@ int device_read_db_internal_filename(sd_device *device, const char *filename) { - _cleanup_free_ char *db = NULL; - const char *value; - size_t db_len; -- char key; -+ char key = '\0'; /* Unnecessary initialization to appease gcc-12.0.0-0.4.fc36 */ - int r; - - enum { --- -2.33.0 - diff --git a/backport-sd-dhcp-lease-fix-a-memory-leak-in-dhcp_lease_parse_.patch b/backport-sd-dhcp-lease-fix-a-memory-leak-in-dhcp_lease_parse_.patch deleted file mode 100644 index 7c37251..0000000 --- a/backport-sd-dhcp-lease-fix-a-memory-leak-in-dhcp_lease_parse_.patch +++ /dev/null @@ -1,51 +0,0 @@ -From aaf7afb05cdbfbec6d06798b698689bdfe1a50ac Mon Sep 17 00:00:00 2001 -From: Evgeny Vereshchagin -Date: Sat, 29 Jan 2022 03:16:40 +0000 -Subject: [PATCH] sd-dhcp-lease: fix a memory leak in - dhcp_lease_parse_search_domains - -================================================================= -==81071==ERROR: LeakSanitizer: detected memory leaks - -Direct leak of 16 byte(s) in 1 object(s) allocated from: - #0 0x51245c in __interceptor_reallocarray (/home/vagrant/systemd/build/fuzz-dhcp-client+0x51245c) - #1 0x7f01440c67e6 in strv_push /home/vagrant/systemd/build/../src/basic/strv.c:435:13 - #2 0x7f01440ca9e1 in strv_consume /home/vagrant/systemd/build/../src/basic/strv.c:506:13 - #3 0x7f01440ca9e1 in strv_extend /home/vagrant/systemd/build/../src/basic/strv.c:558:16 - #4 0x5806e3 in dhcp_lease_parse_search_domains /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:900:21 - #5 0x57c1be in dhcp_lease_parse_options /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:727:21 - #6 0x572450 in parse_options /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:348:33 - #7 0x571c6a in dhcp_option_parse /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:376:13 - #8 0x559a01 in client_handle_offer /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-client.c:1543:13 - #9 0x5592bd in LLVMFuzzerTestOneInput /home/vagrant/systemd/build/../src/libsystemd-network/fuzz-dhcp-client.c:74:16 - #10 0x44a379 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a379) - #11 0x42ae1f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x42ae1f) - #12 0x432ade in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x432ade) - #13 0x421f86 in main (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421f86) - #14 0x7f0142fff55f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f) - -(cherry picked from commit 9591c0a8b3496d0e5cbbfe7c75161ba80089c143) -(cherry picked from commit 7dc0f80588f371a62a56a75bf27eab2c515becf3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/aaf7afb05cdbfbec6d06798b698689bdfe1a50ac ---- - src/libsystemd-network/sd-dhcp-lease.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c -index 75aa0c3d2c..ccfd66caa3 100644 ---- a/src/libsystemd-network/sd-dhcp-lease.c -+++ b/src/libsystemd-network/sd-dhcp-lease.c -@@ -815,7 +815,7 @@ int dhcp_lease_parse_search_domains(const uint8_t *option, size_t len, char ***d - pos = next_chunk; - } - -- *domains = TAKE_PTR(names); -+ strv_free_and_replace(*domains, names); - - return cnt; - } --- -2.33.0 - diff --git a/backport-sd-dhcp-lease-fix-an-infinite-loop-found-by-the-fuzz.patch b/backport-sd-dhcp-lease-fix-an-infinite-loop-found-by-the-fuzz.patch deleted file mode 100644 index 8b270d4..0000000 --- a/backport-sd-dhcp-lease-fix-an-infinite-loop-found-by-the-fuzz.patch +++ /dev/null @@ -1,34 +0,0 @@ -From c95ae2ba0093742292671fd30a63af15f1b63bc6 Mon Sep 17 00:00:00 2001 -From: Evgeny Vereshchagin -Date: Sat, 29 Jan 2022 02:08:39 +0000 -Subject: [PATCH] sd-dhcp-lease: fix an infinite loop found by the fuzzer - -(cherry picked from commit 86b06c666be8b7afb45541d35aa4d0ecb38056d1) -(cherry picked from commit 426807c54b9500b806eaaf50d32c7c936510706c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c95ae2ba0093742292671fd30a63af15f1b63bc6 ---- - src/libsystemd-network/sd-dhcp-lease.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c -index 9a0d7f6fea..75aa0c3d2c 100644 ---- a/src/libsystemd-network/sd-dhcp-lease.c -+++ b/src/libsystemd-network/sd-dhcp-lease.c -@@ -463,10 +463,8 @@ static int lease_parse_routes( - - route->option = SD_DHCP_OPTION_STATIC_ROUTE; - r = in4_addr_default_prefixlen((struct in_addr*) option, &route->dst_prefixlen); -- if (r < 0) { -- log_debug("Failed to determine destination prefix length from class based IP, ignoring"); -- continue; -- } -+ if (r < 0) -+ return -EINVAL; - - assert_se(lease_parse_be32(option, 4, &addr.s_addr) >= 0); - route->dst_addr = inet_makeaddr(inet_netof(addr), 0); --- -2.33.0 - diff --git a/backport-sd-dhcp-lease-fix-memleak.patch b/backport-sd-dhcp-lease-fix-memleak.patch deleted file mode 100644 index 9408663..0000000 --- a/backport-sd-dhcp-lease-fix-memleak.patch +++ /dev/null @@ -1,64 +0,0 @@ -From e2b7a7e3d285180ef04087cd5f821b42cb128c31 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 31 Jan 2022 05:19:09 +0900 -Subject: [PATCH] sd-dhcp-lease: fix memleak - -Fixes https://github.com/systemd/systemd/pull/22294#issuecomment-1024840811. - -(cherry picked from commit 06cf04dff4dd6c69e527913ad137616c23861270) -(cherry picked from commit ae95ca27bee2bef5bf53002873a254f1a0fe8b81) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e2b7a7e3d285180ef04087cd5f821b42cb128c31 ---- - src/libsystemd-network/sd-dhcp-lease.c | 20 ++++++++++++++++++-- - 1 file changed, 18 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c -index ccfd66caa3..421ca6f306 100644 ---- a/src/libsystemd-network/sd-dhcp-lease.c -+++ b/src/libsystemd-network/sd-dhcp-lease.c -@@ -1024,6 +1024,18 @@ int dhcp_lease_save(sd_dhcp_lease *lease, const char *lease_file) { - return 0; - } - -+static char **private_options_free(char **options) { -+ if (!options) -+ return NULL; -+ -+ for (unsigned i = 0; i < SD_DHCP_OPTION_PRIVATE_LAST - SD_DHCP_OPTION_PRIVATE_BASE + 1; i++) -+ free(options[i]); -+ -+ return mfree(options); -+} -+ -+DEFINE_TRIVIAL_CLEANUP_FUNC(char**, private_options_free); -+ - int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { - _cleanup_(sd_dhcp_lease_unrefp) sd_dhcp_lease *lease = NULL; - _cleanup_free_ char -@@ -1046,8 +1058,8 @@ int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { - *vendor_specific_hex = NULL, - *lifetime = NULL, - *t1 = NULL, -- *t2 = NULL, -- *options[SD_DHCP_OPTION_PRIVATE_LAST - SD_DHCP_OPTION_PRIVATE_BASE + 1] = {}; -+ *t2 = NULL; -+ _cleanup_(private_options_freep) char **options = NULL; - - int r, i; - -@@ -1058,6 +1070,10 @@ int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { - if (r < 0) - return r; - -+ options = new0(char*, SD_DHCP_OPTION_PRIVATE_LAST - SD_DHCP_OPTION_PRIVATE_BASE + 1); -+ if (!options) -+ return -ENOMEM; -+ - r = parse_env_file(NULL, lease_file, - "ADDRESS", &address, - "ROUTER", &router, --- -2.33.0 - diff --git a/backport-sd-dhcp-server-fix-possible-double-free-or-use-after.patch b/backport-sd-dhcp-server-fix-possible-double-free-or-use-after.patch deleted file mode 100644 index 37921e0..0000000 --- a/backport-sd-dhcp-server-fix-possible-double-free-or-use-after.patch +++ /dev/null @@ -1,29 +0,0 @@ -From bb320989bf7580f46a4867c361be1ee02eccc678 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 11 Aug 2021 16:20:35 +0900 -Subject: [PATCH] sd-dhcp-server: fix possible double-free or use-after-free - -(cherry picked from commit 3dc8fb0eb8dd4b7dd802aa69cfe5b2c8f760f561) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bb320989bf7580f46a4867c361be1ee02eccc678 ---- - src/libsystemd-network/sd-dhcp-server.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c -index e2ea79f584..9ae884b0fc 100644 ---- a/src/libsystemd-network/sd-dhcp-server.c -+++ b/src/libsystemd-network/sd-dhcp-server.c -@@ -1107,7 +1107,7 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz - - if (server->bound_leases[pool_offset] == existing_lease) { - server->bound_leases[pool_offset] = NULL; -- hashmap_remove(server->leases_by_client_id, existing_lease); -+ hashmap_remove(server->leases_by_client_id, &existing_lease->client_id); - dhcp_lease_free(existing_lease); - - if (server->callback) --- -2.33.0 - diff --git a/backport-sd-dhcp-server-refuse-too-large-packet-to-send.patch b/backport-sd-dhcp-server-refuse-too-large-packet-to-send.patch deleted file mode 100644 index a11eccd..0000000 --- a/backport-sd-dhcp-server-refuse-too-large-packet-to-send.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 76bcd1d6d26ebe0424e2c5edc7f5a31a82ae3a7c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 28 Jan 2022 11:53:49 +0900 -Subject: [PATCH] sd-dhcp-server: refuse too large packet to send - -Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44134. - -(cherry picked from commit 71df50a9734f7006bc1ac8be59ca81c797b39c35) -(cherry picked from commit 530a18d49361ade6d3f09abb78f8f901753a4cda) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/76bcd1d6d26ebe0424e2c5edc7f5a31a82ae3a7c ---- - src/libsystemd-network/sd-dhcp-server.c | 3 +++ - ...z-dhcp-server-relay-message-4972399731277824 | Bin 0 -> 65508 bytes - 2 files changed, 3 insertions(+) - create mode 100644 test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 - -diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c -index 3f4af8440e..0b3904c02a 100644 ---- a/src/libsystemd-network/sd-dhcp-server.c -+++ b/src/libsystemd-network/sd-dhcp-server.c -@@ -296,6 +296,9 @@ static int dhcp_server_send_unicast_raw(sd_dhcp_server *server, - - memcpy(&link.ll.sll_addr, &packet->dhcp.chaddr, ETH_ALEN); - -+ if (len > UINT16_MAX) -+ return -EOVERFLOW; -+ - dhcp_packet_append_ip_headers(packet, server->address, DHCP_PORT_SERVER, - packet->dhcp.yiaddr, - DHCP_PORT_CLIENT, len, -1); -diff --git a/test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 b/test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 -new file mode 100644 -index 0000000000000000000000000000000000000000..e902b6989b419428fa0114c973b148fbe583c871 -GIT binary patch -literal 65508 -zcmeHQO^Xyq7_QnGHe|g?!~_DVcn}G3nRRFO0}pY$Wa3jnmhk?a_5|05v50Z;< -z1A(xFv7AqGrXhzLPhg%F5=s4Qd=bvy4)*Yw9z -zZ$0%^b-mR?(XdwPvQk6J$<0WqDAFTJX*r;pPQLo0xf(^0?8x@Xn?A1uE5-~N`~Nl~ -zhtGuH?fz))UzyNS`-2uF0t}NYi=vLRRHC7)k&K;Yz -z5Ai&kd6AE?nV$zJxnc|PGo`*nj-Oq&D@#{5M^dG4&m4&|K2!Qgx7vgvHRjv;6O>OP -zUKu6u`sm=g5t$Yx617$MQ9b$PF0TP{AgERfP$atKe_n^KxF=V`K1)576{ilF@5puC -zUqzev0zUJ7f5_^t62;#O#n6SqfJ487Kt2DI6?y7t&sLu%Kf`1BR?lRv#!%W7m|djw+iBtgIV@ -zAghzr$?9bFfkJ?+PFC-L09l=^K2V%STb-=lfzxQKlhw)U-Lm@RWM#ZMFDmP5j=b>cA*6fKJ?Xv!0;GG=eYbQk6IRLUFCGE1dIwJH&WJxyn-G1L -zQ`uROo&^dv!<8lsm3>o`eSdXoY`ivhU}}1@HZ@V1tWH(NsQraUfZD$)+TV*SgLmmz -zPWczf+ui-vuVF>X!?_nVTm6fgdlI({>;CfAWAD!q9ezz*As)zMDD~dRD=Ly*^>?%R -z{-LHl$HCyE^mLtD$gQU-pOE_Ku0NfF(ti!yTI^EtuK0vtKEIs*mb7GdmX&!Gll-qb -z=a1hlH4zJZ0mhD*s=k45zdAa)pU+=wyrx=I2(?RT2P0ya5}$cf2HUM -zIQk;1iv>bf&qe^8MxVsM>|}Madf^cutE0Mt)5+>N2mm0mI#7U+)eFyQ9DyOL+p0=d -z&qn|N^@r6*v=;r74VTLC^{}^qOXXzZMOOE)a9o|XdL9D(V|5{PxAGrZJ(Hd~C6d)M -z5hAOT)oH7DK!B_c1cGn`Mi>2EAz3}e>Vvc%Y3jC@_2+c}2afE^5MKv-4>)j?i5a^XWOcH72L#CKKp+Thbb{A0EgKv1qzUU8ZcwNHg+4ZTbhZ~w(6F?bSnnn -zv!2P~1iwm^Ge(Np&Z3pAEEAQ;hQIGb0|s11RtE}@ezJNdN3}^Lt7n3akK#)jbr+{1?PH2gbp|IWU|9sOPFA;l4cnFFqGXu}03dct -z1Fw_S$?AnifUHhd?|=XflhuI&gsfh8PNS_(R<~7^wt7AS0Eny(6d+`EvU=eWAgkM| -zn$KyR7yy9C>OcWPRxdoK^<=AGR`1{&YgUG3x~)-IQpta&OG|QdxBC!Eqk%m3LnvC? -zU(6ywWX1*fxYzBYC#EmnJ$3qc$xqW#^7Rxsi@ejfQ+e&lwLPuO>bP|N_wpOR``O= -zqMO=~2sB@?6&(RzdpT`FI5hM163shM8qK>v>|}Madf^cutE0M#ZM>~ny%#$@FRwAu -zk8l%d#fw5bDWdCer#O6O$y`~w=Xy5PwQG&lhl_K^W&;VX4@Kj8>Q%AdupUF7!WO3R -z{JOcS4!g6@%MIo#TkCDp9e8L`-YMu$3$_ -zaOZxQvn`eOK-`d<+VS|`eLFJbpiRT4lOy?4>V_X!)LM2vw5OIxEY^)t?!n%Hcv>f`=W!aRkE7ml1O_NT$m&Aef`c80 -zvxtz@3x@z%-B#6jpg2srvbbRK7g-$uk=20$gse_hFFXQdbz4=*>iGx&AhJ48fRNP- -z&uJWiA*SXo8BS2QSRh6vXf&iBy%Ui|(>7aHi!9A00o^9~h -z<{8Bgix(dOws~yxIv{|T1^a9R8WiUMptohP;6HhCB$y_Nj3%X4rt414eRIEidqLx#7$K}Yv%4A%QOlz5w -ms+1UNDFta4jrEG`)UNv3W$G~9mo9->FvVI#b}H<0Wd8%4hT`V{ - -literal 0 -HcmV?d00001 - --- -2.33.0 - diff --git a/backport-sd-dhcp-server-rename-server_send_nak-server_send_na.patch b/backport-sd-dhcp-server-rename-server_send_nak-server_send_na.patch deleted file mode 100644 index ac227f2..0000000 --- a/backport-sd-dhcp-server-rename-server_send_nak-server_send_na.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 96acfde5aae2017e1cad042b51f179ad20aba38d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 28 Jan 2022 02:14:47 +0900 -Subject: [PATCH] sd-dhcp-server: rename server_send_nak() -> - server_send_nak_or_ignore() - -And logs error in the function. - -(cherry picked from commit eb5bff9c9de2bd218f5ac431e3aead4b5747ecd9) -(cherry picked from commit 7f36fb25d5c6681dbabb067a9fb083bfad37a804) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/96acfde5aae2017e1cad042b51f179ad20aba38d ---- - src/libsystemd-network/sd-dhcp-server.c | 29 ++++++++++++++----------- - 1 file changed, 16 insertions(+), 13 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c -index 070f4ec1c2..d594aeb7cd 100644 ---- a/src/libsystemd-network/sd-dhcp-server.c -+++ b/src/libsystemd-network/sd-dhcp-server.c -@@ -583,16 +583,28 @@ static int server_send_offer_or_ack( - return 0; - } - --static int server_send_nak(sd_dhcp_server *server, DHCPRequest *req) { -+static int server_send_nak_or_ignore(sd_dhcp_server *server, bool init_reboot, DHCPRequest *req) { - _cleanup_free_ DHCPPacket *packet = NULL; - size_t offset; - int r; - -+ /* When a request is refused, RFC 2131, section 4.3.2 mentioned we should send NAK when the -+ * client is in INITREBOOT. If the client is in other state, there is nothing mentioned in the -+ * RFC whether we should send NAK or not. Hence, let's silently ignore the request. */ -+ -+ if (!init_reboot) -+ return 0; -+ - r = server_message_init(server, &packet, DHCP_NAK, &offset, req); - if (r < 0) -- return r; -+ return log_dhcp_server_errno(server, r, "Failed to create NAK message: %m"); -+ -+ r = dhcp_server_send_packet(server, req, packet, DHCP_NAK, offset); -+ if (r < 0) -+ return log_dhcp_server_errno(server, r, "Could not send NAK message: %m"); - -- return dhcp_server_send_packet(server, req, packet, DHCP_NAK, offset); -+ log_dhcp_server(server, "NAK (0x%x)", be32toh(req->message->xid)); -+ return DHCP_NAK; - } - - static int server_send_forcerenew(sd_dhcp_server *server, be32_t address, -@@ -1079,18 +1091,9 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz - server->callback(server, SD_DHCP_SERVER_EVENT_LEASE_CHANGED, server->callback_userdata); - - return DHCP_ACK; -- -- } else if (init_reboot) { -- r = server_send_nak(server, req); -- if (r < 0) -- /* this only fails on critical errors */ -- return log_dhcp_server_errno(server, r, "Could not send nak: %m"); -- -- log_dhcp_server(server, "NAK (0x%x)", be32toh(req->message->xid)); -- return DHCP_NAK; - } - -- break; -+ return server_send_nak_or_ignore(server, init_reboot, req); - } - - case DHCP_RELEASE: { --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-cirtainly-adjust-T1-and-T2.patch b/backport-sd-dhcp6-client-cirtainly-adjust-T1-and-T2.patch deleted file mode 100644 index 496d3ee..0000000 --- a/backport-sd-dhcp6-client-cirtainly-adjust-T1-and-T2.patch +++ /dev/null @@ -1,50 +0,0 @@ -From e444192a850854e5bc45673b29ba03e5a87a2297 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 10 Aug 2021 21:39:27 +0900 -Subject: [PATCH] sd-dhcp6-client: cirtainly adjust T1 and T2 - -This fixes a bug introduced by 99f1d3fc5043b33dea5faa88f7015a487965333f. -Note that in the information requesting mode, the lease has neither -addresses nor PD prefixes. - -(cherry picked from commit de949e911ee15d1c9daaf5ba5a3cff806fb2b514) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e444192a850854e5bc45673b29ba03e5a87a2297 ---- - src/libsystemd-network/sd-dhcp6-client.c | 17 ++++++++--------- - 1 file changed, 8 insertions(+), 9 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c -index afeb346944..f99c12620b 100644 ---- a/src/libsystemd-network/sd-dhcp6-client.c -+++ b/src/libsystemd-network/sd-dhcp6-client.c -@@ -1328,17 +1328,16 @@ static int client_parse_message( - dhcp6_message_type_to_string(message->type)); - return -EINVAL; - } -+ } - -- } else { -- if (lease->ia.addresses) { -- lease->ia.ia_na.lifetime_t1 = htobe32(lt_t1); -- lease->ia.ia_na.lifetime_t2 = htobe32(lt_t2); -- } -+ if (lease->ia.addresses) { -+ lease->ia.ia_na.lifetime_t1 = htobe32(lt_t1); -+ lease->ia.ia_na.lifetime_t2 = htobe32(lt_t2); -+ } - -- if (lease->pd.addresses) { -- lease->pd.ia_pd.lifetime_t1 = htobe32(lt_t1); -- lease->pd.ia_pd.lifetime_t2 = htobe32(lt_t2); -- } -+ if (lease->pd.addresses) { -+ lease->pd.ia_pd.lifetime_t1 = htobe32(lt_t1); -+ lease->pd.ia_pd.lifetime_t2 = htobe32(lt_t2); - } - - client->information_refresh_time_usec = MAX(irt, IRT_MINIMUM); --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-constify-one-argument.patch b/backport-sd-dhcp6-client-constify-one-argument.patch deleted file mode 100644 index 3bd2d14..0000000 --- a/backport-sd-dhcp6-client-constify-one-argument.patch +++ /dev/null @@ -1,43 +0,0 @@ -From d3f99205f84172f6f9e41061a5aa9414eccf3571 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 23 Sep 2021 14:57:29 +0900 -Subject: [PATCH] sd-dhcp6-client: constify one argument - -(cherry picked from commit dc95e21d33708e807d3e5872af428383aac3f9b7) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d3f99205f84172f6f9e41061a5aa9414eccf3571 ---- - src/libsystemd-network/dhcp6-internal.h | 2 +- - src/libsystemd-network/dhcp6-option.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h -index 35cafc96ec..96d7de8cae 100644 ---- a/src/libsystemd-network/dhcp6-internal.h -+++ b/src/libsystemd-network/dhcp6-internal.h -@@ -105,7 +105,7 @@ int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, - size_t *optlen, uint8_t **optvalue); - int dhcp6_option_parse_status(DHCP6Option *option, size_t len); - int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, be32_t iaid, DHCP6IA *ia, uint16_t *ret_status_code); --int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen, -+int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, - struct in6_addr **addrs, size_t count); - int dhcp6_option_parse_domainname_list(const uint8_t *optval, uint16_t optlen, - char ***str_arr); -diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c -index 34d7e997dd..0709cfd4fd 100644 ---- a/src/libsystemd-network/dhcp6-option.c -+++ b/src/libsystemd-network/dhcp6-option.c -@@ -707,7 +707,7 @@ int dhcp6_option_parse_ia( - return 1; - } - --int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen, -+int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, - struct in6_addr **addrs, size_t count) { - - if (optlen == 0 || optlen % sizeof(struct in6_addr) != 0) --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-constify-several-arguments.patch b/backport-sd-dhcp6-client-constify-several-arguments.patch deleted file mode 100644 index e799b0b..0000000 --- a/backport-sd-dhcp6-client-constify-several-arguments.patch +++ /dev/null @@ -1,89 +0,0 @@ -From 9dcf9e12a68640f413d52f48d1d9786c4c71e073 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 24 Sep 2021 13:34:14 +0900 -Subject: [PATCH] sd-dhcp6-client: constify several arguments - -(cherry picked from commit 3f8227bf830cc2b87ea9bce5394a71c186d12956) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9dcf9e12a68640f413d52f48d1d9786c4c71e073 ---- - src/libsystemd-network/dhcp6-lease-internal.h | 10 ++++------ - src/libsystemd-network/sd-dhcp6-lease.c | 12 +++++------- - 2 files changed, 9 insertions(+), 13 deletions(-) - -diff --git a/src/libsystemd-network/dhcp6-lease-internal.h b/src/libsystemd-network/dhcp6-lease-internal.h -index 391b4f1fa9..41b43ba7a4 100644 ---- a/src/libsystemd-network/dhcp6-lease-internal.h -+++ b/src/libsystemd-network/dhcp6-lease-internal.h -@@ -50,12 +50,10 @@ int dhcp6_lease_get_rapid_commit(sd_dhcp6_lease *lease, bool *rapid_commit); - int dhcp6_lease_get_iaid(sd_dhcp6_lease *lease, be32_t *iaid); - int dhcp6_lease_get_pd_iaid(sd_dhcp6_lease *lease, be32_t *iaid); - --int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen); --int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, uint8_t *optval, -- size_t optlen); --int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen); --int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, uint8_t *optval, -- size_t optlen) ; -+int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); -+int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); -+int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); -+int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) ; - int dhcp6_lease_set_fqdn(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); - - int dhcp6_lease_new(sd_dhcp6_lease **ret); -diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c -index 9c77b146c7..8378971422 100644 ---- a/src/libsystemd-network/sd-dhcp6-lease.c -+++ b/src/libsystemd-network/sd-dhcp6-lease.c -@@ -193,7 +193,7 @@ void sd_dhcp6_lease_reset_pd_prefix_iter(sd_dhcp6_lease *lease) { - lease->prefix_iter = lease->pd.addresses; - } - --int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { -+int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { - assert_return(lease, -EINVAL); - assert_return(optval, -EINVAL); - -@@ -215,8 +215,7 @@ int sd_dhcp6_lease_get_dns(sd_dhcp6_lease *lease, const struct in6_addr **addrs) - return -ENOENT; - } - --int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, uint8_t *optval, -- size_t optlen) { -+int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { - int r; - char **domains; - -@@ -248,7 +247,7 @@ int sd_dhcp6_lease_get_domains(sd_dhcp6_lease *lease, char ***domains) { - return -ENOENT; - } - --int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { -+int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { - int r; - - assert_return(lease, -EINVAL); -@@ -295,7 +294,7 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { - return 0; - } - --int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { -+int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { - assert_return(lease, -EINVAL); - assert_return(optval, -EINVAL); - -@@ -335,8 +334,7 @@ int sd_dhcp6_lease_get_ntp_fqdn(sd_dhcp6_lease *lease, char ***ntp_fqdn) { - return -ENOENT; - } - --int dhcp6_lease_set_fqdn(sd_dhcp6_lease *lease, const uint8_t *optval, -- size_t optlen) { -+int dhcp6_lease_set_fqdn(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { - int r; - char *fqdn; - --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-do-not-merge-NTP-and-SNTP-options.patch b/backport-sd-dhcp6-client-do-not-merge-NTP-and-SNTP-options.patch deleted file mode 100644 index a544e4d..0000000 --- a/backport-sd-dhcp6-client-do-not-merge-NTP-and-SNTP-options.patch +++ /dev/null @@ -1,130 +0,0 @@ -From 4b05527fe35de9602cdcd68a9812d67cd0892e00 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 24 Sep 2021 15:00:43 +0900 -Subject: [PATCH] sd-dhcp6-client: do not merge NTP and SNTP options - -Previously, SNTP option is ignored when it appears after NTP option(s), -but merged later NTP options when it appears first. -This makes split the NTP and SNTP addresses, and use SNTP addresses only -when no NTP option is provided. - -(cherry picked from commit e693e969614062fea1746399cf5cff4c09526c6a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4b05527fe35de9602cdcd68a9812d67cd0892e00 ---- - src/libsystemd-network/dhcp6-lease-internal.h | 4 ++- - src/libsystemd-network/sd-dhcp6-client.c | 2 +- - src/libsystemd-network/sd-dhcp6-lease.c | 26 ++++++++++--------- - src/libsystemd-network/test-dhcp6-client.c | 3 +-- - 4 files changed, 19 insertions(+), 16 deletions(-) - -diff --git a/src/libsystemd-network/dhcp6-lease-internal.h b/src/libsystemd-network/dhcp6-lease-internal.h -index 41b43ba7a4..dbcb6d040f 100644 ---- a/src/libsystemd-network/dhcp6-lease-internal.h -+++ b/src/libsystemd-network/dhcp6-lease-internal.h -@@ -33,6 +33,8 @@ struct sd_dhcp6_lease { - size_t ntp_count; - char **ntp_fqdn; - size_t ntp_fqdn_count; -+ struct in6_addr *sntp; -+ size_t sntp_count; - char *fqdn; - }; - -@@ -53,7 +55,7 @@ int dhcp6_lease_get_pd_iaid(sd_dhcp6_lease *lease, be32_t *iaid); - int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); - int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); - int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); --int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) ; -+int dhcp6_lease_add_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) ; - int dhcp6_lease_set_fqdn(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); - - int dhcp6_lease_new(sd_dhcp6_lease **ret); -diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c -index efbf7d7df3..a31dd16c01 100644 ---- a/src/libsystemd-network/sd-dhcp6-client.c -+++ b/src/libsystemd-network/sd-dhcp6-client.c -@@ -1265,7 +1265,7 @@ static int client_parse_message( - break; - - case SD_DHCP6_OPTION_SNTP_SERVERS: -- r = dhcp6_lease_set_sntp(lease, optval, optlen); -+ r = dhcp6_lease_add_sntp(lease, optval, optlen); - if (r < 0) - return r; - -diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c -index 4804f0941a..e424aa15b6 100644 ---- a/src/libsystemd-network/sd-dhcp6-lease.c -+++ b/src/libsystemd-network/sd-dhcp6-lease.c -@@ -294,31 +294,32 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t opt - return 0; - } - --int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { -+int dhcp6_lease_add_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { - assert_return(lease, -EINVAL); - assert_return(optval, -EINVAL); - - if (optlen == 0) - return 0; - -- if (lease->ntp || lease->ntp_fqdn) -- return -EEXIST; -- -- /* Using deprecated SNTP information */ -- -- return dhcp6_option_parse_addresses(optval, optlen, &lease->ntp, &lease->ntp_count); -+ /* SNTP option is defined in RFC4075, and deprecated by RFC5908. */ -+ return dhcp6_option_parse_addresses(optval, optlen, &lease->sntp, &lease->sntp_count); - } - --int sd_dhcp6_lease_get_ntp_addrs(sd_dhcp6_lease *lease, -- const struct in6_addr **addrs) { -+int sd_dhcp6_lease_get_ntp_addrs(sd_dhcp6_lease *lease, const struct in6_addr **ret) { - assert_return(lease, -EINVAL); -- assert_return(addrs, -EINVAL); -+ assert_return(ret, -EINVAL); - -- if (lease->ntp_count) { -- *addrs = lease->ntp; -+ if (lease->ntp) { -+ *ret = lease->ntp; - return lease->ntp_count; - } - -+ if (lease->sntp && !lease->ntp_fqdn) { -+ /* Fallback to the deprecated SNTP option. */ -+ *ret = lease->sntp; -+ return lease->sntp_count; -+ } -+ - return -ENOENT; - } - -@@ -377,6 +378,7 @@ static sd_dhcp6_lease *dhcp6_lease_free(sd_dhcp6_lease *lease) { - strv_free(lease->domains); - free(lease->ntp); - strv_free(lease->ntp_fqdn); -+ free(lease->sntp); - - return mfree(lease); - } -diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c -index b22297dcd5..429687562c 100644 ---- a/src/libsystemd-network/test-dhcp6-client.c -+++ b/src/libsystemd-network/test-dhcp6-client.c -@@ -521,8 +521,7 @@ static int test_advertise_option(sd_event *e) { - - case SD_DHCP6_OPTION_SNTP_SERVERS: - assert_se(optlen == 16); -- assert_se(dhcp6_lease_set_sntp(lease, optval, -- optlen) >= 0); -+ assert_se(dhcp6_lease_add_sntp(lease, optval, optlen) >= 0); - break; - - default: --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-fix-buffer-size-calculation-in-dhcp6.patch b/backport-sd-dhcp6-client-fix-buffer-size-calculation-in-dhcp6.patch deleted file mode 100644 index d49a7b6..0000000 --- a/backport-sd-dhcp6-client-fix-buffer-size-calculation-in-dhcp6.patch +++ /dev/null @@ -1,154 +0,0 @@ -From b8a852e515002e5e312dd99b964bb17b9ca8fc1d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 24 Sep 2021 01:24:52 +0900 -Subject: [PATCH] sd-dhcp6-client: fix buffer size calculation in - dhcp6_option_parse_ip6addrs() - -GREEDY_REALLOC() takes number of elements, not buffer size. - -This also rename dhcp6_option_parse_ip6addrs() to -dhcp6_option_parse_addresses(). - -(cherry picked from commit ad3c84204c76e03a0b9b761563f6cd8907515014) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/b8a852e515002e5e312dd99b964bb17b9ca8fc1d ---- - src/libsystemd-network/dhcp6-internal.h | 7 ++++-- - src/libsystemd-network/dhcp6-option.c | 22 +++++++++++------- - src/libsystemd-network/sd-dhcp6-lease.c | 30 +++++-------------------- - 3 files changed, 24 insertions(+), 35 deletions(-) - -diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h -index 8d083d3858..e555557914 100644 ---- a/src/libsystemd-network/dhcp6-internal.h -+++ b/src/libsystemd-network/dhcp6-internal.h -@@ -111,8 +111,11 @@ int dhcp6_option_parse( - const uint8_t **ret_option_data); - int dhcp6_option_parse_status(DHCP6Option *option, size_t len); - int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, be32_t iaid, DHCP6IA *ia, uint16_t *ret_status_code); --int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, -- struct in6_addr **addrs, size_t count); -+int dhcp6_option_parse_addresses( -+ const uint8_t *optval, -+ size_t optlen, -+ struct in6_addr **addrs, -+ size_t *count); - int dhcp6_option_parse_domainname_list(const uint8_t *optval, uint16_t optlen, - char ***str_arr); - int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char **str); -diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c -index 781d391c0c..8f763de133 100644 ---- a/src/libsystemd-network/dhcp6-option.c -+++ b/src/libsystemd-network/dhcp6-option.c -@@ -699,20 +699,26 @@ int dhcp6_option_parse_ia( - return 1; - } - --int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, -- struct in6_addr **addrs, size_t count) { -+int dhcp6_option_parse_addresses( -+ const uint8_t *optval, -+ size_t optlen, -+ struct in6_addr **addrs, -+ size_t *count) { -+ -+ assert(optval); -+ assert(addrs); -+ assert(count); - - if (optlen == 0 || optlen % sizeof(struct in6_addr) != 0) -- return -EINVAL; -+ return -EBADMSG; - -- if (!GREEDY_REALLOC(*addrs, count * sizeof(struct in6_addr) + optlen)) -+ if (!GREEDY_REALLOC(*addrs, *count + optlen / sizeof(struct in6_addr))) - return -ENOMEM; - -- memcpy(*addrs + count, optval, optlen); -+ memcpy(*addrs + *count, optval, optlen); -+ *count += optlen / sizeof(struct in6_addr); - -- count += optlen / sizeof(struct in6_addr); -- -- return count; -+ return 0; - } - - static int parse_domain(const uint8_t **data, uint16_t *len, char **out_domain) { -diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c -index 6375a22537..9c77b146c7 100644 ---- a/src/libsystemd-network/sd-dhcp6-lease.c -+++ b/src/libsystemd-network/sd-dhcp6-lease.c -@@ -194,22 +194,13 @@ void sd_dhcp6_lease_reset_pd_prefix_iter(sd_dhcp6_lease *lease) { - } - - int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { -- int r; -- - assert_return(lease, -EINVAL); - assert_return(optval, -EINVAL); - -- if (!optlen) -+ if (optlen == 0) - return 0; - -- r = dhcp6_option_parse_ip6addrs(optval, optlen, &lease->dns, -- lease->dns_count); -- if (r < 0) -- return r; -- -- lease->dns_count = r; -- -- return 0; -+ return dhcp6_option_parse_addresses(optval, optlen, &lease->dns, &lease->dns_count); - } - - int sd_dhcp6_lease_get_dns(sd_dhcp6_lease *lease, const struct in6_addr **addrs) { -@@ -281,12 +272,10 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { - if (sublen != 16) - return 0; - -- r = dhcp6_option_parse_ip6addrs(subval, sublen, &lease->ntp, lease->ntp_count); -+ r = dhcp6_option_parse_addresses(subval, sublen, &lease->ntp, &lease->ntp_count); - if (r < 0) - return r; - -- lease->ntp_count = r; -- - break; - - case DHCP6_NTP_SUBOPTION_SRV_FQDN: { -@@ -307,12 +296,10 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { - } - - int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { -- int r; -- - assert_return(lease, -EINVAL); - assert_return(optval, -EINVAL); - -- if (!optlen) -+ if (optlen == 0) - return 0; - - if (lease->ntp || lease->ntp_fqdn) -@@ -320,14 +307,7 @@ int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) - - /* Using deprecated SNTP information */ - -- r = dhcp6_option_parse_ip6addrs(optval, optlen, &lease->ntp, -- lease->ntp_count); -- if (r < 0) -- return r; -- -- lease->ntp_count = r; -- -- return 0; -+ return dhcp6_option_parse_addresses(optval, optlen, &lease->ntp, &lease->ntp_count); - } - - int sd_dhcp6_lease_get_ntp_addrs(sd_dhcp6_lease *lease, --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-fix-copy-and-paste-mistake.patch b/backport-sd-dhcp6-client-fix-copy-and-paste-mistake.patch deleted file mode 100644 index 5b175e4..0000000 --- a/backport-sd-dhcp6-client-fix-copy-and-paste-mistake.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 1c71cba86be4818c1546d5f84fde5138f737e180 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 10 Aug 2021 21:36:04 +0900 -Subject: [PATCH] sd-dhcp6-client: fix copy-and-paste mistake - -Fix bug introduced by b47fb949b338a8e77be789542fffb8c86da79284. - -(cherry picked from commit 0c42b613485978eb82d7aff7ed426b8a8bb327af) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1c71cba86be4818c1546d5f84fde5138f737e180 ---- - src/libsystemd-network/sd-dhcp6-client.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c -index e8c47f429a..afeb346944 100644 ---- a/src/libsystemd-network/sd-dhcp6-client.c -+++ b/src/libsystemd-network/sd-dhcp6-client.c -@@ -1219,7 +1219,7 @@ static int client_parse_message( - - if (lease->ia.addresses) { - lt_t1 = MIN(lt_t1, be32toh(lease->ia.ia_na.lifetime_t1)); -- lt_t2 = MIN(lt_t2, be32toh(lease->ia.ia_na.lifetime_t1)); -+ lt_t2 = MIN(lt_t2, be32toh(lease->ia.ia_na.lifetime_t2)); - } - - break; --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-fix-error-handling.patch b/backport-sd-dhcp6-client-fix-error-handling.patch deleted file mode 100644 index 437f576..0000000 --- a/backport-sd-dhcp6-client-fix-error-handling.patch +++ /dev/null @@ -1,33 +0,0 @@ -From c766dc2f77ed15e41de70e5e5f03dc4650fa55de Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 30 Nov 2021 17:58:40 +0900 -Subject: [PATCH] sd-dhcp6-client: fix error handling - -(cherry picked from commit 97e80ee4a86d4097fda78a01d8b64ad2085008f3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c766dc2f77ed15e41de70e5e5f03dc4650fa55de ---- - src/libsystemd-network/sd-dhcp6-client.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c -index a31dd16c01..1acca301b4 100644 ---- a/src/libsystemd-network/sd-dhcp6-client.c -+++ b/src/libsystemd-network/sd-dhcp6-client.c -@@ -1424,10 +1424,10 @@ static int client_receive_message( - len = recv(fd, message, buflen, 0); - if (len < 0) { - /* see comment above for why we shouldn't error out on ENETDOWN. */ -- if (IN_SET(errno, EAGAIN, EINTR, ENETDOWN)) -+ if (IN_SET(len, -EAGAIN, -EINTR, -ENETDOWN)) - return 0; - -- return log_dhcp6_client_errno(client, errno, "Could not receive message from UDP socket: %m"); -+ return log_dhcp6_client_errno(client, len, "Could not receive message from UDP socket: %m"); - - } - if ((size_t) len < sizeof(DHCP6Message)) { --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-ignore-IAs-whose-IAID-do-not-match-c.patch b/backport-sd-dhcp6-client-ignore-IAs-whose-IAID-do-not-match-c.patch deleted file mode 100644 index ca540be..0000000 --- a/backport-sd-dhcp6-client-ignore-IAs-whose-IAID-do-not-match-c.patch +++ /dev/null @@ -1,318 +0,0 @@ -From 5193b40cebe30e6297ba8d1e8cf888ab25cea2ae Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 22 Sep 2021 10:35:56 +0300 -Subject: [PATCH] sd-dhcp6-client: ignore IAs whose IAID do not match client's - IAID - -But do not refuse whole message. - -(cherry picked from commit 469fd57f181e2a8d93f01662418ca998e1239ea5) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5193b40cebe30e6297ba8d1e8cf888ab25cea2ae ---- - src/libsystemd-network/dhcp6-internal.h | 2 +- - src/libsystemd-network/dhcp6-option.c | 36 ++++++++++++++++++-- - src/libsystemd-network/sd-dhcp6-client.c | 29 +++------------- - src/libsystemd-network/test-dhcp6-client.c | 39 ++++++++++++++-------- - 4 files changed, 64 insertions(+), 42 deletions(-) - -diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h -index f0f814957f..35cafc96ec 100644 ---- a/src/libsystemd-network/dhcp6-internal.h -+++ b/src/libsystemd-network/dhcp6-internal.h -@@ -104,7 +104,7 @@ int dhcp6_option_append_vendor_option(uint8_t **buf, size_t *buflen, OrderedHash - int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, - size_t *optlen, uint8_t **optvalue); - int dhcp6_option_parse_status(DHCP6Option *option, size_t len); --int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6IA *ia, uint16_t *ret_status_code); -+int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, be32_t iaid, DHCP6IA *ia, uint16_t *ret_status_code); - int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen, - struct in6_addr **addrs, size_t count); - int dhcp6_option_parse_domainname_list(const uint8_t *optval, uint16_t optlen, -diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c -index 97ef03a2d2..34d7e997dd 100644 ---- a/src/libsystemd-network/dhcp6-option.c -+++ b/src/libsystemd-network/dhcp6-option.c -@@ -509,7 +509,13 @@ static int dhcp6_option_parse_pdprefix(sd_dhcp6_client *client, DHCP6Option *opt - return 0; - } - --int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6IA *ia, uint16_t *ret_status_code) { -+int dhcp6_option_parse_ia( -+ sd_dhcp6_client *client, -+ DHCP6Option *iaoption, -+ be32_t iaid, -+ DHCP6IA *ia, -+ uint16_t *ret_status_code) { -+ - uint32_t lt_t1, lt_t2, lt_valid = 0, lt_min = UINT32_MAX; - uint16_t iatype, optlen; - size_t iaaddr_offset; -@@ -529,6 +535,14 @@ int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6I - if (len < DHCP6_OPTION_IA_NA_LEN) - return -ENOBUFS; - -+ /* According to RFC8415, IAs which do not match the client's IAID should be ignored, -+ * but not necessary to ignore or refuse the whole message. */ -+ if (((const struct ia_na*) iaoption->data)->id != iaid) -+ /* ENOANO indicates the option should be ignored. */ -+ return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(ENOANO), -+ "Received an IA_NA option with a different IAID " -+ "from the one chosen by the client, ignoring."); -+ - iaaddr_offset = DHCP6_OPTION_IA_NA_LEN; - memcpy(&ia->ia_na, iaoption->data, sizeof(ia->ia_na)); - -@@ -547,6 +561,14 @@ int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6I - if (len < sizeof(ia->ia_pd)) - return -ENOBUFS; - -+ /* According to RFC8415, IAs which do not match the client's IAID should be ignored, -+ * but not necessary to ignore or refuse the whole message. */ -+ if (((const struct ia_pd*) iaoption->data)->id != iaid) -+ /* ENOANO indicates the option should be ignored. */ -+ return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(ENOANO), -+ "Received an IA_PD option with a different IAID " -+ "from the one chosen by the client, ignoring."); -+ - iaaddr_offset = sizeof(ia->ia_pd); - memcpy(&ia->ia_pd, iaoption->data, sizeof(ia->ia_pd)); - -@@ -564,13 +586,21 @@ int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6I - if (len < DHCP6_OPTION_IA_TA_LEN) - return -ENOBUFS; - -+ /* According to RFC8415, IAs which do not match the client's IAID should be ignored, -+ * but not necessary to ignore or refuse the whole message. */ -+ if (((const struct ia_ta*) iaoption->data)->id != iaid) -+ /* ENOANO indicates the option should be ignored. */ -+ return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(ENOANO), -+ "Received an IA_TA option with a different IAID " -+ "from the one chosen by the client, ignoring."); -+ - iaaddr_offset = DHCP6_OPTION_IA_TA_LEN; -- memcpy(&ia->ia_ta.id, iaoption->data, sizeof(ia->ia_ta)); -+ memcpy(&ia->ia_ta, iaoption->data, sizeof(ia->ia_ta)); - - break; - - default: -- return -ENOMSG; -+ return -EINVAL; - } - - ia->type = iatype; -diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c -index f99c12620b..efbf7d7df3 100644 ---- a/src/libsystemd-network/sd-dhcp6-client.c -+++ b/src/libsystemd-network/sd-dhcp6-client.c -@@ -1119,7 +1119,6 @@ static int client_parse_message( - while (pos < len) { - DHCP6Option *option = (DHCP6Option *) &message->options[pos]; - uint16_t optcode, optlen; -- be32_t iaid_lease; - int status; - uint8_t *optval; - -@@ -1198,8 +1197,8 @@ static int client_parse_message( - break; - } - -- r = dhcp6_option_parse_ia(client, option, &lease->ia, &ia_na_status); -- if (r < 0 && r != -ENOMSG) -+ r = dhcp6_option_parse_ia(client, option, client->ia_pd.ia_na.id, &lease->ia, &ia_na_status); -+ if (r < 0 && r != -ENOANO) - return r; - - if (ia_na_status == DHCP6_STATUS_NO_ADDRS_AVAIL) { -@@ -1207,16 +1206,6 @@ static int client_parse_message( - continue; - } - -- r = dhcp6_lease_get_iaid(lease, &iaid_lease); -- if (r < 0) -- return r; -- -- if (client->ia_na.ia_na.id != iaid_lease) { -- log_dhcp6_client(client, "%s has wrong IAID for IA NA", -- dhcp6_message_type_to_string(message->type)); -- return -EINVAL; -- } -- - if (lease->ia.addresses) { - lt_t1 = MIN(lt_t1, be32toh(lease->ia.ia_na.lifetime_t1)); - lt_t2 = MIN(lt_t2, be32toh(lease->ia.ia_na.lifetime_t2)); -@@ -1231,8 +1220,8 @@ static int client_parse_message( - break; - } - -- r = dhcp6_option_parse_ia(client, option, &lease->pd, &ia_pd_status); -- if (r < 0 && r != -ENOMSG) -+ r = dhcp6_option_parse_ia(client, option, client->ia_pd.ia_pd.id, &lease->pd, &ia_pd_status); -+ if (r < 0 && r != -ENOANO) - return r; - - if (ia_pd_status == DHCP6_STATUS_NO_PREFIX_AVAIL) { -@@ -1240,16 +1229,6 @@ static int client_parse_message( - continue; - } - -- r = dhcp6_lease_get_pd_iaid(lease, &iaid_lease); -- if (r < 0) -- return r; -- -- if (client->ia_pd.ia_pd.id != iaid_lease) { -- log_dhcp6_client(client, "%s has wrong IAID for IA PD", -- dhcp6_message_type_to_string(message->type)); -- return -EINVAL; -- } -- - if (lease->pd.addresses) { - lt_t1 = MIN(lt_t1, be32toh(lease->pd.ia_pd.lifetime_t1)); - lt_t2 = MIN(lt_t2, be32toh(lease->pd.ia_pd.lifetime_t2)); -diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c -index a72c13684d..5e3b191595 100644 ---- a/src/libsystemd-network/test-dhcp6-client.c -+++ b/src/libsystemd-network/test-dhcp6-client.c -@@ -287,25 +287,31 @@ static int test_option_status(sd_event *e) { - }; - DHCP6Option *option; - DHCP6IA ia, pd; -+ be32_t iaid; - int r = 0; - - log_debug("/* %s */", __func__); - -+ memcpy(&iaid, option1 + 4, sizeof(iaid)); -+ - zero(ia); - option = (DHCP6Option *)option1; - assert_se(sizeof(option1) == sizeof(DHCP6Option) + be16toh(option->len)); - -- r = dhcp6_option_parse_ia(NULL, option, &ia, NULL); -+ r = dhcp6_option_parse_ia(NULL, option, 0, &ia, NULL); -+ assert_se(r == -ENOANO); -+ -+ r = dhcp6_option_parse_ia(NULL, option, iaid, &ia, NULL); - assert_se(r == 0); - assert_se(ia.addresses == NULL); - - option->len = htobe16(17); -- r = dhcp6_option_parse_ia(NULL, option, &ia, NULL); -+ r = dhcp6_option_parse_ia(NULL, option, iaid, &ia, NULL); - assert_se(r == -ENOBUFS); - assert_se(ia.addresses == NULL); - - option->len = htobe16(sizeof(DHCP6Option)); -- r = dhcp6_option_parse_ia(NULL, option, &ia, NULL); -+ r = dhcp6_option_parse_ia(NULL, option, iaid, &ia, NULL); - assert_se(r == -ENOBUFS); - assert_se(ia.addresses == NULL); - -@@ -313,7 +319,7 @@ static int test_option_status(sd_event *e) { - option = (DHCP6Option *)option2; - assert_se(sizeof(option2) == sizeof(DHCP6Option) + be16toh(option->len)); - -- r = dhcp6_option_parse_ia(NULL, option, &ia, NULL); -+ r = dhcp6_option_parse_ia(NULL, option, iaid, &ia, NULL); - assert_se(r >= 0); - assert_se(ia.addresses == NULL); - -@@ -321,7 +327,7 @@ static int test_option_status(sd_event *e) { - option = (DHCP6Option *)option3; - assert_se(sizeof(option3) == sizeof(DHCP6Option) + be16toh(option->len)); - -- r = dhcp6_option_parse_ia(NULL, option, &ia, NULL); -+ r = dhcp6_option_parse_ia(NULL, option, iaid, &ia, NULL); - assert_se(r >= 0); - assert_se(ia.addresses != NULL); - dhcp6_lease_free_ia(&ia); -@@ -330,7 +336,7 @@ static int test_option_status(sd_event *e) { - option = (DHCP6Option *)option4; - assert_se(sizeof(option4) == sizeof(DHCP6Option) + be16toh(option->len)); - -- r = dhcp6_option_parse_ia(NULL, option, &pd, NULL); -+ r = dhcp6_option_parse_ia(NULL, option, iaid, &pd, NULL); - assert_se(r >= 0); - assert_se(pd.addresses != NULL); - assert_se(memcmp(&pd.ia_pd.id, &option4[4], 4) == 0); -@@ -342,7 +348,7 @@ static int test_option_status(sd_event *e) { - option = (DHCP6Option *)option5; - assert_se(sizeof(option5) == sizeof(DHCP6Option) + be16toh(option->len)); - -- r = dhcp6_option_parse_ia(NULL, option, &pd, NULL); -+ r = dhcp6_option_parse_ia(NULL, option, iaid, &pd, NULL); - assert_se(r >= 0); - assert_se(pd.addresses != NULL); - dhcp6_lease_free_ia(&pd); -@@ -447,13 +453,14 @@ static int test_advertise_option(sd_event *e) { - opt_clientid = true; - break; - -- case SD_DHCP6_OPTION_IA_NA: -+ case SD_DHCP6_OPTION_IA_NA: { -+ be32_t iaid = htobe32(0x0ecfa37d); -+ - assert_se(optlen == 94); - assert_se(optval == &msg_advertise[26]); - assert_se(!memcmp(optval, &msg_advertise[26], optlen)); - -- val = htobe32(0x0ecfa37d); -- assert_se(!memcmp(optval, &val, sizeof(val))); -+ assert_se(!memcmp(optval, &iaid, sizeof(val))); - - val = htobe32(80); - assert_se(!memcmp(optval + 4, &val, sizeof(val))); -@@ -461,10 +468,10 @@ static int test_advertise_option(sd_event *e) { - val = htobe32(120); - assert_se(!memcmp(optval + 8, &val, sizeof(val))); - -- assert_se(dhcp6_option_parse_ia(NULL, option, &lease->ia, NULL) >= 0); -+ assert_se(dhcp6_option_parse_ia(NULL, option, iaid, &lease->ia, NULL) >= 0); - - break; -- -+ } - case SD_DHCP6_OPTION_SERVERID: - assert_se(optlen == 14); - assert_se(optval == &msg_advertise[179]); -@@ -598,6 +605,8 @@ static void test_client_solicit_cb(sd_dhcp6_client *client, int event, - static int test_client_send_reply(DHCP6Message *request) { - DHCP6Message reply; - -+ log_debug("/* %s */", __func__); -+ - reply.transaction_id = request->transaction_id; - reply.type = DHCP6_REPLY; - -@@ -658,7 +667,7 @@ static int test_client_verify_request(DHCP6Message *request, size_t len) { - assert_se(!memcmp(optval + 8, &val, sizeof(val))); - - /* Then, this should refuse all addresses. */ -- assert_se(dhcp6_option_parse_ia(NULL, option, &lease->ia, NULL) >= 0); -+ assert_se(dhcp6_option_parse_ia(NULL, option, test_iaid, &lease->ia, NULL) >= 0); - - break; - -@@ -704,6 +713,8 @@ static int test_client_verify_request(DHCP6Message *request, size_t len) { - static int test_client_send_advertise(DHCP6Message *solicit) { - DHCP6Message advertise; - -+ log_debug("/* %s */", __func__); -+ - advertise.transaction_id = solicit->transaction_id; - advertise.type = DHCP6_ADVERTISE; - -@@ -899,6 +910,8 @@ int dhcp6_network_send_udp_socket(int s, struct in6_addr *server_address, - IN6ADDR_ALL_DHCP6_RELAY_AGENTS_AND_SERVERS_INIT; - DHCP6Message *message; - -+ log_debug("/* %s */", __func__); -+ - assert_se(s == test_dhcp_fd[0]); - assert_se(server_address); - assert_se(packet); --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-make-dhcp6_lease_free-accepts-NULL.patch b/backport-sd-dhcp6-client-make-dhcp6_lease_free-accepts-NULL.patch deleted file mode 100644 index 6ef4219..0000000 --- a/backport-sd-dhcp6-client-make-dhcp6_lease_free-accepts-NULL.patch +++ /dev/null @@ -1,45 +0,0 @@ -From f160a20a6bf995617cf8a22466638755f9a07813 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 24 Sep 2021 23:45:13 +0900 -Subject: [PATCH] sd-dhcp6-client: make dhcp6_lease_free() accepts NULL - -(cherry picked from commit 5cf67bb4072f149d0404398bfc359b068312ba28) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f160a20a6bf995617cf8a22466638755f9a07813 ---- - src/libsystemd-network/sd-dhcp6-lease.c | 10 ++++------ - 1 file changed, 4 insertions(+), 6 deletions(-) - -diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c -index 8378971422..4804f0941a 100644 ---- a/src/libsystemd-network/sd-dhcp6-lease.c -+++ b/src/libsystemd-network/sd-dhcp6-lease.c -@@ -366,20 +366,18 @@ int sd_dhcp6_lease_get_fqdn(sd_dhcp6_lease *lease, const char **fqdn) { - } - - static sd_dhcp6_lease *dhcp6_lease_free(sd_dhcp6_lease *lease) { -- assert(lease); -+ if (!lease) -+ return NULL; - - free(lease->serverid); - dhcp6_lease_free_ia(&lease->ia); - dhcp6_lease_free_ia(&lease->pd); -- - free(lease->dns); - free(lease->fqdn); -- -- lease->domains = strv_free(lease->domains); -- -+ strv_free(lease->domains); - free(lease->ntp); -+ strv_free(lease->ntp_fqdn); - -- lease->ntp_fqdn = strv_free(lease->ntp_fqdn); - return mfree(lease); - } - --- -2.33.0 - diff --git a/backport-sd-dhcp6-client-modernize-dhcp6_option_parse.patch b/backport-sd-dhcp6-client-modernize-dhcp6_option_parse.patch deleted file mode 100644 index e9b9c03..0000000 --- a/backport-sd-dhcp6-client-modernize-dhcp6_option_parse.patch +++ /dev/null @@ -1,275 +0,0 @@ -From 1cc074167fd29c6c8c9dc5d7fd6c38e4dd91ca71 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 23 Sep 2021 14:58:28 +0900 -Subject: [PATCH] sd-dhcp6-client: modernize dhcp6_option_parse() - -- merge dhcp6_option_parse() with option_parse_hdr(). -- do not assign/update any values on error. -- use assert() instead of assert_return(), as the assertions cannot - be triggered by a library user. - -(cherry picked from commit b89a3758e92894162e3c2dcb594a55acff3274d5) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1cc074167fd29c6c8c9dc5d7fd6c38e4dd91ca71 ---- - src/libsystemd-network/dhcp6-internal.h | 10 +++- - src/libsystemd-network/dhcp6-option.c | 60 ++++++++++------------ - src/libsystemd-network/sd-dhcp6-lease.c | 37 ++++++------- - src/libsystemd-network/test-dhcp6-client.c | 50 +++++++++--------- - 4 files changed, 76 insertions(+), 81 deletions(-) - -diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h -index 96d7de8cae..8d083d3858 100644 ---- a/src/libsystemd-network/dhcp6-internal.h -+++ b/src/libsystemd-network/dhcp6-internal.h -@@ -101,8 +101,14 @@ int dhcp6_option_append_fqdn(uint8_t **buf, size_t *buflen, const char *fqdn); - int dhcp6_option_append_user_class(uint8_t **buf, size_t *buflen, char * const *user_class); - int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char * const *user_class); - int dhcp6_option_append_vendor_option(uint8_t **buf, size_t *buflen, OrderedHashmap *vendor_options); --int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, -- size_t *optlen, uint8_t **optvalue); -+ -+int dhcp6_option_parse( -+ const uint8_t *buf, -+ size_t buflen, -+ size_t *offset, -+ uint16_t *ret_option_code, -+ size_t *ret_option_data_len, -+ const uint8_t **ret_option_data); - int dhcp6_option_parse_status(DHCP6Option *option, size_t len); - int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, be32_t iaid, DHCP6IA *ia, uint16_t *ret_status_code); - int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, -diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c -index 0709cfd4fd..781d391c0c 100644 ---- a/src/libsystemd-network/dhcp6-option.c -+++ b/src/libsystemd-network/dhcp6-option.c -@@ -370,47 +370,39 @@ int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char * const - return dhcp6_option_append(buf, buflen, SD_DHCP6_OPTION_VENDOR_CLASS, total, p); - } - --static int option_parse_hdr(uint8_t **buf, size_t *buflen, uint16_t *optcode, size_t *optlen) { -- DHCP6Option *option = (DHCP6Option*) *buf; -- uint16_t len; -- -- assert_return(buf, -EINVAL); -- assert_return(optcode, -EINVAL); -- assert_return(optlen, -EINVAL); -- -- if (*buflen < offsetof(DHCP6Option, data)) -- return -ENOMSG; -- -- len = be16toh(option->len); -- -- if (len > *buflen) -- return -ENOMSG; -- -- *optcode = be16toh(option->code); -- *optlen = len; -+int dhcp6_option_parse( -+ const uint8_t *buf, -+ size_t buflen, -+ size_t *offset, -+ uint16_t *ret_option_code, -+ size_t *ret_option_data_len, -+ const uint8_t **ret_option_data) { - -- *buf += 4; -- *buflen -= 4; -+ const DHCP6Option *option; -+ size_t len; - -- return 0; --} -+ assert(buf); -+ assert(offset); -+ assert(ret_option_code); -+ assert(ret_option_data_len); -+ assert(ret_option_data); - --int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, -- size_t *optlen, uint8_t **optvalue) { -- int r; -+ if (buflen < offsetof(DHCP6Option, data)) -+ return -EBADMSG; - -- assert_return(buf && buflen && optcode && optlen && optvalue, -EINVAL); -+ if (*offset >= buflen - offsetof(DHCP6Option, data)) -+ return -EBADMSG; - -- r = option_parse_hdr(buf, buflen, optcode, optlen); -- if (r < 0) -- return r; -+ option = (const DHCP6Option*) (buf + *offset); -+ len = be16toh(option->len); - -- if (*optlen > *buflen) -- return -ENOBUFS; -+ if (len > buflen - offsetof(DHCP6Option, data) - *offset) -+ return -EBADMSG; - -- *optvalue = *buf; -- *buflen -= *optlen; -- *buf += *optlen; -+ *offset += offsetof(DHCP6Option, data) + len; -+ *ret_option_code = be16toh(option->code); -+ *ret_option_data_len = len; -+ *ret_option_data = option->data; - - return 0; - } -diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c -index 9082185bca..6375a22537 100644 ---- a/src/libsystemd-network/sd-dhcp6-lease.c -+++ b/src/libsystemd-network/sd-dhcp6-lease.c -@@ -259,9 +259,6 @@ int sd_dhcp6_lease_get_domains(sd_dhcp6_lease *lease, char ***domains) { - - int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { - int r; -- uint16_t subopt; -- size_t sublen; -- uint8_t *subval; - - assert_return(lease, -EINVAL); - assert_return(optval, -EINVAL); -@@ -269,10 +266,14 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { - lease->ntp = mfree(lease->ntp); - lease->ntp_count = 0; - -- while ((r = dhcp6_option_parse(&optval, &optlen, &subopt, &sublen, -- &subval)) >= 0) { -- int s; -- char **servers; -+ for (size_t offset = 0; offset < optlen;) { -+ const uint8_t *subval; -+ size_t sublen; -+ uint16_t subopt; -+ -+ r = dhcp6_option_parse(optval, optlen, &offset, &subopt, &sublen, &subval); -+ if (r < 0) -+ return r; - - switch(subopt) { - case DHCP6_NTP_SUBOPTION_SRV_ADDR: -@@ -280,19 +281,18 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { - if (sublen != 16) - return 0; - -- s = dhcp6_option_parse_ip6addrs(subval, sublen, -- &lease->ntp, -- lease->ntp_count); -- if (s < 0) -- return s; -+ r = dhcp6_option_parse_ip6addrs(subval, sublen, &lease->ntp, lease->ntp_count); -+ if (r < 0) -+ return r; - -- lease->ntp_count = s; -+ lease->ntp_count = r; - - break; - -- case DHCP6_NTP_SUBOPTION_SRV_FQDN: -- r = dhcp6_option_parse_domainname_list(subval, sublen, -- &servers); -+ case DHCP6_NTP_SUBOPTION_SRV_FQDN: { -+ char **servers; -+ -+ r = dhcp6_option_parse_domainname_list(subval, sublen, &servers); - if (r < 0) - return 0; - -@@ -300,12 +300,9 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { - lease->ntp_fqdn_count = r; - - break; -- } -+ }} - } - -- if (r != -ENOMSG) -- return r; -- - return 0; - } - -diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c -index 5e3b191595..5d1f709f11 100644 ---- a/src/libsystemd-network/test-dhcp6-client.c -+++ b/src/libsystemd-network/test-dhcp6-client.c -@@ -170,47 +170,47 @@ static int test_option(sd_event *e) { - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 'B', 'A', 'R', - }; -+ size_t offset, pos, optlen, outlen = sizeof(result); -+ const uint8_t *optval; - uint16_t optcode; -- size_t optlen; -- uint8_t *optval, *buf, *out; -- size_t zero = 0, pos = 3; -- size_t buflen = sizeof(packet), outlen = sizeof(result); -+ uint8_t *out; - - log_debug("/* %s */", __func__); - -- assert_se(buflen == outlen); -+ assert_se(sizeof(packet) == sizeof(result)); - -- assert_se(dhcp6_option_parse(&buf, &zero, &optcode, &optlen, -- &optval) == -ENOMSG); -+ offset = 0; -+ assert_se(dhcp6_option_parse(packet, 0, &offset, &optcode, &optlen, &optval) == -EBADMSG); - -- buflen -= 3; -- buf = &packet[3]; -- outlen -= 3; -- out = &result[3]; -+ offset = 3; -+ assert_se(dhcp6_option_parse(packet, 0, &offset, &optcode, &optlen, &optval) == -EBADMSG); -+ -+ offset = 3; -+ assert_se(dhcp6_option_parse(packet, sizeof(packet), &offset, &optcode, &optlen, &optval) >= 0); - -- assert_se(dhcp6_option_parse(&buf, &buflen, &optcode, &optlen, -- &optval) >= 0); -- pos += 4 + optlen; -- assert_se(buf == &packet[pos]); - assert_se(optcode == SD_DHCP6_OPTION_ORO); - assert_se(optlen == 7); -- assert_se(buflen + pos == sizeof(packet)); -+ assert_se(optval == packet + 7); -+ -+ pos = 3; -+ outlen -= 3; -+ out = &result[3]; - -- assert_se(dhcp6_option_append(&out, &outlen, optcode, optlen, -- optval) >= 0); -+ assert_se(dhcp6_option_append(&out, &outlen, optcode, optlen, optval) >= 0); -+ -+ pos += 4 + optlen; - assert_se(out == &result[pos]); - assert_se(*out == 0x00); - -- assert_se(dhcp6_option_parse(&buf, &buflen, &optcode, &optlen, -- &optval) >= 0); -- pos += 4 + optlen; -- assert_se(buf == &packet[pos]); -+ assert_se(dhcp6_option_parse(packet, sizeof(packet), &offset, &optcode, &optlen, &optval) >= 0); -+ - assert_se(optcode == SD_DHCP6_OPTION_VENDOR_CLASS); - assert_se(optlen == 9); -- assert_se(buflen + pos == sizeof(packet)); -+ assert_se(optval == packet + 18); -+ -+ assert_se(dhcp6_option_append(&out, &outlen, optcode, optlen, optval) >= 0); - -- assert_se(dhcp6_option_append(&out, &outlen, optcode, optlen, -- optval) >= 0); -+ pos += 4 + optlen; - assert_se(out == &result[pos]); - assert_se(*out == 'B'); - --- -2.33.0 - diff --git a/backport-sd-event-always-initialize-sd_event.perturb.patch b/backport-sd-event-always-initialize-sd_event.perturb.patch deleted file mode 100644 index 8b28361..0000000 --- a/backport-sd-event-always-initialize-sd_event.perturb.patch +++ /dev/null @@ -1,59 +0,0 @@ -From f1a8b69808777aff37c036fd94a0275873d12407 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 23 Feb 2023 07:31:01 +0900 -Subject: [PATCH] sd-event: always initialize sd_event.perturb - -If the boot ID cannot be obtained, let's first fallback to the machine -ID, and if still cannot, then let's use 0. -Otherwise, no timer event source cannot be triggered. - -Fixes #26549. - -(cherry picked from commit 6d2326e036ceed30f9ccdb0266713c10a44dcf6c) -(cherry picked from commit 58c821af607b61738b7b72ad1452e70f648689a6) -(cherry picked from commit 78976199b2e016600c3f7cf8f39747c9ef6c853b) -(cherry picked from commit ac04d804c30f519918866fb4eeb3bc4a9cbadd43) ---- - src/libsystemd/sd-event/sd-event.c | 21 ++++++++++----------- - 1 file changed, 10 insertions(+), 11 deletions(-) - -diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index 89accdce00..37565b17be 100644 ---- a/src/libsystemd/sd-event/sd-event.c -+++ b/src/libsystemd/sd-event/sd-event.c -@@ -1126,22 +1126,21 @@ _public_ int sd_event_add_io( - } - - static void initialize_perturb(sd_event *e) { -- sd_id128_t bootid = {}; -+ sd_id128_t id = {}; - -- /* When we sleep for longer, we try to realign the wakeup to -- the same time within each minute/second/250ms, so that -- events all across the system can be coalesced into a single -- CPU wakeup. However, let's take some system-specific -- randomness for this value, so that in a network of systems -- with synced clocks timer events are distributed a -- bit. Here, we calculate a perturbation usec offset from the -- boot ID. */ -+ /* When we sleep for longer, we try to realign the wakeup to the same time within each -+ * minute/second/250ms, so that events all across the system can be coalesced into a single CPU -+ * wakeup. However, let's take some system-specific randomness for this value, so that in a network -+ * of systems with synced clocks timer events are distributed a bit. Here, we calculate a -+ * perturbation usec offset from the boot ID (or machine ID if failed, e.g. /proc is not mounted). */ - - if (_likely_(e->perturb != USEC_INFINITY)) - return; - -- if (sd_id128_get_boot(&bootid) >= 0) -- e->perturb = (bootid.qwords[0] ^ bootid.qwords[1]) % USEC_PER_MINUTE; -+ if (sd_id128_get_boot(&id) >= 0 || sd_id128_get_machine(&id) > 0) -+ e->perturb = (id.qwords[0] ^ id.qwords[1]) % USEC_PER_MINUTE; -+ else -+ e->perturb = 0; /* This is a super early process without /proc and /etc ?? */ - } - - static int event_setup_timer_fd( --- -2.33.0 - diff --git a/backport-sd-event-don-t-destroy-inotify-data-structures-from-.patch b/backport-sd-event-don-t-destroy-inotify-data-structures-from-.patch deleted file mode 100644 index caec0ef..0000000 --- a/backport-sd-event-don-t-destroy-inotify-data-structures-from-.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 439a271943aa182002e5fb64f1a216415e556472 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 9 Nov 2021 00:11:38 +0100 -Subject: [PATCH] sd-event: don't destroy inotify data structures from inotify - event handler - -This fixes a bad memory access when we destroy an inotify source handler -from the handler itself, and thus destroy the associated inotify_data -structures. - -Fixes: #20177 -(cherry picked from commit 53baf2efa420cab6c4b1904c9a0c46a0c4ec80a1) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/439a271943aa182002e5fb64f1a216415e556472 ---- - src/libsystemd/sd-event/event-source.h | 5 ++++ - src/libsystemd/sd-event/sd-event.c | 40 +++++++++++++++++++++++--- - 2 files changed, 41 insertions(+), 4 deletions(-) - -diff --git a/src/libsystemd/sd-event/event-source.h b/src/libsystemd/sd-event/event-source.h -index d2dc21470e..7a0f14ecce 100644 ---- a/src/libsystemd/sd-event/event-source.h -+++ b/src/libsystemd/sd-event/event-source.h -@@ -214,6 +214,11 @@ struct inotify_data { - * the events locally if they can't be coalesced). */ - unsigned n_pending; - -+ /* If this counter is non-zero, don't GC the inotify data object even if not used to watch any inode -+ * anymore. This is useful to pin the object for a bit longer, after the last event source needing it -+ * is gone. */ -+ unsigned n_busy; -+ - /* A linked list of all inotify objects with data already read, that still need processing. We keep this list - * to make it efficient to figure out what inotify objects to process data on next. */ - LIST_FIELDS(struct inotify_data, buffered); -diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index 99c0acfa54..3b4d938546 100644 ---- a/src/libsystemd/sd-event/sd-event.c -+++ b/src/libsystemd/sd-event/sd-event.c -@@ -1820,6 +1820,29 @@ static void event_free_inode_data( - free(d); - } - -+static void event_gc_inotify_data( -+ sd_event *e, -+ struct inotify_data *d) { -+ -+ assert(e); -+ -+ /* GCs the inotify data object if we don't need it anymore. That's the case if we don't want to watch -+ * any inode with it anymore, which in turn happens if no event source of this priority is interested -+ * in any inode any longer. That said, we maintain an extra busy counter: if non-zero we'll delay GC -+ * (under the expectation that the GC is called again once the counter is decremented). */ -+ -+ if (!d) -+ return; -+ -+ if (!hashmap_isempty(d->inodes)) -+ return; -+ -+ if (d->n_busy > 0) -+ return; -+ -+ event_free_inotify_data(e, d); -+} -+ - static void event_gc_inode_data( - sd_event *e, - struct inode_data *d) { -@@ -1837,8 +1860,7 @@ static void event_gc_inode_data( - inotify_data = d->inotify_data; - event_free_inode_data(e, d); - -- if (inotify_data && hashmap_isempty(inotify_data->inodes)) -- event_free_inotify_data(e, inotify_data); -+ event_gc_inotify_data(e, inotify_data); - } - - static int event_make_inode_data( -@@ -3556,13 +3578,23 @@ static int source_dispatch(sd_event_source *s) { - sz = offsetof(struct inotify_event, name) + d->buffer.ev.len; - assert(d->buffer_filled >= sz); - -+ /* If the inotify callback destroys the event source then this likely means we don't need to -+ * watch the inode anymore, and thus also won't need the inotify object anymore. But if we'd -+ * free it immediately, then we couldn't drop the event from the inotify event queue without -+ * memory corruption anymore, as below. Hence, let's not free it immediately, but mark it -+ * "busy" with a counter (which will ensure it's not GC'ed away prematurely). Let's then -+ * explicitly GC it after we are done dropping the inotify event from the buffer. */ -+ d->n_busy++; - r = s->inotify.callback(s, &d->buffer.ev, s->userdata); -+ d->n_busy--; - -- /* When no event is pending anymore on this inotify object, then let's drop the event from the -- * buffer. */ -+ /* When no event is pending anymore on this inotify object, then let's drop the event from -+ * the inotify event queue buffer. */ - if (d->n_pending == 0) - event_inotify_data_drop(e, d, sz); - -+ /* Now we don't want to access 'd' anymore, it's OK to GC now. */ -+ event_gc_inotify_data(e, d); - break; - } - --- -2.33.0 - diff --git a/backport-sd-event-fix-error-handling.patch b/backport-sd-event-fix-error-handling.patch deleted file mode 100644 index a0b07c4..0000000 --- a/backport-sd-event-fix-error-handling.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 056fbe84ef67168adcaf41baa37de1b712f6fb74 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 23 Feb 2023 07:31:01 +0900 -Subject: [PATCH] sd-event: fix error handling - -Follow-up for 6d2326e036ceed30f9ccdb0266713c10a44dcf6c. - -(cherry picked from commit 1912f790fee9e0182acd77b77496f500094a140d) -(cherry picked from commit a719c2ec2f410f8b979cec04dcdac9af470ee52b) -(cherry picked from commit dd6561ff3e12314d41954b7ea8e3627101931a18) -(cherry picked from commit 8be4af42044969bc268b32ffe9570cee733fecf6) ---- - src/libsystemd/sd-event/sd-event.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index 37565b17be..df4d9037ac 100644 ---- a/src/libsystemd/sd-event/sd-event.c -+++ b/src/libsystemd/sd-event/sd-event.c -@@ -1137,7 +1137,7 @@ static void initialize_perturb(sd_event *e) { - if (_likely_(e->perturb != USEC_INFINITY)) - return; - -- if (sd_id128_get_boot(&id) >= 0 || sd_id128_get_machine(&id) > 0) -+ if (sd_id128_get_boot(&id) >= 0 || sd_id128_get_machine(&id) >= 0) - e->perturb = (id.qwords[0] ^ id.qwords[1]) % USEC_PER_MINUTE; - else - e->perturb = 0; /* This is a super early process without /proc and /etc ?? */ --- -2.33.0 - diff --git a/backport-sd-event-take-ref-on-event-loop-object-before-dispat.patch b/backport-sd-event-take-ref-on-event-loop-object-before-dispat.patch deleted file mode 100644 index 8f600cc..0000000 --- a/backport-sd-event-take-ref-on-event-loop-object-before-dispat.patch +++ /dev/null @@ -1,36 +0,0 @@ -From a93ddddd00860bda05df72cfd5b80be9b3a93023 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Wed, 8 Sep 2021 15:42:11 +0200 -Subject: [PATCH] sd-event: take ref on event loop object before dispatching - event sources - -Idea is that all public APIs should take reference on objects that get -exposed to user-provided callbacks. We take the reference as a -protection from callbacks dropping it. We used to do this also here in -sd_event_loop(). However, in cleanup portion of f814c871e6 this was -accidentally dropped. - -(cherry picked from commit 9f6ef467818f902fe5369c8e37a39a3901bdcf4f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a93ddddd00860bda05df72cfd5b80be9b3a93023 ---- - src/libsystemd/sd-event/sd-event.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index e9199deb41..99c0acfa54 100644 ---- a/src/libsystemd/sd-event/sd-event.c -+++ b/src/libsystemd/sd-event/sd-event.c -@@ -4154,7 +4154,7 @@ _public_ int sd_event_loop(sd_event *e) { - assert_return(!event_pid_changed(e), -ECHILD); - assert_return(e->state == SD_EVENT_INITIAL, -EBUSY); - -- _unused_ _cleanup_(sd_event_unrefp) sd_event *ref = NULL; -+ _unused_ _cleanup_(sd_event_unrefp) sd_event *ref = sd_event_ref(e); - - while (e->state != SD_EVENT_FINISHED) { - r = sd_event_run(e, UINT64_MAX); --- -2.33.0 - diff --git a/backport-sd-journal-Don-t-compare-hashes-from-different-journ.patch b/backport-sd-journal-Don-t-compare-hashes-from-different-journ.patch deleted file mode 100644 index fc300e1..0000000 --- a/backport-sd-journal-Don-t-compare-hashes-from-different-journ.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 2f5b486edfdb6dc3d5465fe7569c19560208813c Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Tue, 14 Sep 2021 15:08:46 +0100 -Subject: [PATCH] sd-journal: Don't compare hashes from different journal files - -In sd_journal_enumerate_fields(), we check if we've already handled -a field by checking if we can find it in any of the already processed -journal files. We do this by calling -journal_file_find_field_object_with_hash(), which compares the size, -payload and hash of the given field against all fields in a journal file, -trying to find a match. However, since we now use per file hash functions, -hashes for the same fields will differ between different journal files, -meaning we'll never find an actual match. - -To fix the issue(), let's use journal_file_find_field_object() when one -or more of the files we're comparing is using per file keyed hashes. -journal_file_find_field_object() only takes the field payload and size -as arguments and calculates the hash itself using the hash function from -the journal file we're searching in. - -(cherry picked from commit 27bf0ab76e13611dce10210f2a22fb5fba05adbb) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2f5b486edfdb6dc3d5465fe7569c19560208813c ---- - src/libsystemd/sd-journal/sd-journal.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index 5728c537bc..a2fbc1b037 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -3158,7 +3158,11 @@ _public_ int sd_journal_enumerate_fields(sd_journal *j, const char **field) { - if (JOURNAL_HEADER_CONTAINS(of->header, n_fields) && le64toh(of->header->n_fields) <= 0) - continue; - -- r = journal_file_find_field_object_with_hash(of, o->field.payload, sz, le64toh(o->field.hash), NULL, NULL); -+ if (!JOURNAL_HEADER_KEYED_HASH(f->header) && !JOURNAL_HEADER_KEYED_HASH(of->header)) -+ r = journal_file_find_field_object_with_hash(of, o->field.payload, sz, -+ le64toh(o->field.hash), NULL, NULL); -+ else -+ r = journal_file_find_field_object(of, o->field.payload, sz, NULL, NULL); - if (r < 0) - return r; - if (r > 0) { --- -2.33.0 - diff --git a/backport-sd-journal-Ignore-data-threshold-if-set-to-zero-in-s.patch b/backport-sd-journal-Ignore-data-threshold-if-set-to-zero-in-s.patch deleted file mode 100644 index cccaf5d..0000000 --- a/backport-sd-journal-Ignore-data-threshold-if-set-to-zero-in-s.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 99ae9b83b42abbe54c059ae964b737b64ae17df9 Mon Sep 17 00:00:00 2001 -From: Daan De Meyer -Date: Wed, 15 Sep 2021 13:05:46 +0100 -Subject: [PATCH] sd-journal: Ignore data threshold if set to zero in - sd_journal_enumerate_fields() - -According to the documentation, Setting the data threshold to zero disables the -data threshold alltogether. Let's make sure we actually implement this behaviour -in sd_journal_enumerate_fields() by only applying the data threshold if it exceeds -zero. - -(cherry picked from commit adbd80f51088058d55e703abe0ac11476cfe0ba4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/99ae9b83b42abbe54c059ae964b737b64ae17df9 ---- - src/libsystemd/sd-journal/sd-journal.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index a2fbc1b037..b3240177cb 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -3178,7 +3178,7 @@ _public_ int sd_journal_enumerate_fields(sd_journal *j, const char **field) { - if (memchr(o->field.payload, 0, sz)) - return -EBADMSG; - -- if (sz > j->data_threshold) -+ if (j->data_threshold > 0 && sz > j->data_threshold) - sz = j->data_threshold; - - if (!GREEDY_REALLOC(j->fields_buffer, sz + 1)) --- -2.33.0 - diff --git a/backport-sd-journal-fix-segfault-when-match_new-fails.patch b/backport-sd-journal-fix-segfault-when-match_new-fails.patch deleted file mode 100644 index 27bf8c1..0000000 --- a/backport-sd-journal-fix-segfault-when-match_new-fails.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 4bf497c3814e2f612cb055b838a656e6e14c0ed0 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 23 Dec 2021 21:45:29 +0900 -Subject: [PATCH] sd-journal: fix segfault when match_new() fails - -Fixes #21867. - -(cherry picked from commit 39dfc0de05238410e2cd4d7c0176a3f3994cc563) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4bf497c3814e2f612cb055b838a656e6e14c0ed0 ---- - src/libsystemd/sd-journal/sd-journal.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index 63b8f0dc7b..dd28b8008f 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -211,7 +211,7 @@ static Match *match_new(Match *p, MatchType t) { - return m; - } - --static void match_free(Match *m) { -+static Match *match_free(Match *m) { - assert(m); - - while (m->matches) -@@ -221,14 +221,14 @@ static void match_free(Match *m) { - LIST_REMOVE(matches, m->parent->matches, m); - - free(m->data); -- free(m); -+ return mfree(m); - } - --static void match_free_if_empty(Match *m) { -+static Match *match_free_if_empty(Match *m) { - if (!m || m->matches) -- return; -+ return m; - -- match_free(m); -+ return match_free(m); - } - - _public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) { -@@ -323,9 +323,9 @@ _public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) - fail: - match_free(m); - match_free_if_empty(add_here); -- match_free_if_empty(j->level2); -- match_free_if_empty(j->level1); -- match_free_if_empty(j->level0); -+ j->level2 = match_free_if_empty(j->level2); -+ j->level1 = match_free_if_empty(j->level1); -+ j->level0 = match_free_if_empty(j->level0); - - return -ENOMEM; - } --- -2.33.0 - diff --git a/backport-sd-journal-free-incomplete-match-on-failure.patch b/backport-sd-journal-free-incomplete-match-on-failure.patch deleted file mode 100644 index 9b083e6..0000000 --- a/backport-sd-journal-free-incomplete-match-on-failure.patch +++ /dev/null @@ -1,37 +0,0 @@ -From cd9b726453398bef20c66f30a454eb503f7bcb72 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 23 Dec 2021 21:35:29 +0900 -Subject: [PATCH] sd-journal: free incomplete match on failure - -(cherry picked from commit 418cce628cf28d4feaeda60241cf9781f8afbf1c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/cd9b726453398bef20c66f30a454eb503f7bcb72 ---- - src/libsystemd/sd-journal/sd-journal.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index 71875a4dc8..63b8f0dc7b 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -232,7 +232,7 @@ static void match_free_if_empty(Match *m) { - } - - _public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) { -- Match *l3, *l4, *add_here = NULL, *m; -+ Match *l3, *l4, *add_here = NULL, *m = NULL; - uint64_t hash; - - assert_return(j, -EINVAL); -@@ -321,6 +321,7 @@ _public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) - return 0; - - fail: -+ match_free(m); - match_free_if_empty(add_here); - match_free_if_empty(j->level2); - match_free_if_empty(j->level1); --- -2.33.0 - diff --git a/backport-sd-lldp-use-memcpy_safe-as-the-buffer-size-may-be-ze.patch b/backport-sd-lldp-use-memcpy_safe-as-the-buffer-size-may-be-ze.patch deleted file mode 100644 index fbc2b69..0000000 --- a/backport-sd-lldp-use-memcpy_safe-as-the-buffer-size-may-be-ze.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 5e069e405a73ff5a406598436fe21d6dabbb281c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 4 May 2022 16:05:04 +0900 -Subject: [PATCH] sd-lldp: use memcpy_safe() as the buffer size may be zero - -(cherry picked from commit 87bd4b79e692f384c2190c9b3824df4853333018) ---- - src/libsystemd-network/lldp-neighbor.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/libsystemd-network/lldp-neighbor.c b/src/libsystemd-network/lldp-neighbor.c -index 372bc2ef93..bc98235ce1 100644 ---- a/src/libsystemd-network/lldp-neighbor.c -+++ b/src/libsystemd-network/lldp-neighbor.c -@@ -652,7 +652,8 @@ int sd_lldp_neighbor_from_raw(sd_lldp_neighbor **ret, const void *raw, size_t ra - if (!n) - return -ENOMEM; - -- memcpy(LLDP_NEIGHBOR_RAW(n), raw, raw_size); -+ memcpy_safe(LLDP_NEIGHBOR_RAW(n), raw, raw_size); -+ - r = lldp_neighbor_parse(n); - if (r < 0) - return r; --- -2.33.0 - diff --git a/backport-sd-netlink-always-append-new-bridge-FDB-entries.patch b/backport-sd-netlink-always-append-new-bridge-FDB-entries.patch deleted file mode 100644 index 28959a9..0000000 --- a/backport-sd-netlink-always-append-new-bridge-FDB-entries.patch +++ /dev/null @@ -1,39 +0,0 @@ -From f65dedbb8f3bd8a0ec69a02f63f62f339a791423 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 4 Aug 2021 18:16:44 +0900 -Subject: [PATCH] sd-netlink: always append new bridge FDB entries - -This partially reverts 192a9d95ea3e058afd824d38a9cea16ad0a84a57 (#19432). - -Fixes #20305. - -(cherry picked from commit 74c1ab841fbad9d4f237c819577fcd1d46a072b6) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f65dedbb8f3bd8a0ec69a02f63f62f339a791423 ---- - src/libsystemd/sd-netlink/rtnl-message.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd/sd-netlink/rtnl-message.c b/src/libsystemd/sd-netlink/rtnl-message.c -index e771b95e08..7f83bf58b3 100644 ---- a/src/libsystemd/sd-netlink/rtnl-message.c -+++ b/src/libsystemd/sd-netlink/rtnl-message.c -@@ -443,8 +443,12 @@ int sd_rtnl_message_new_neigh(sd_netlink *rtnl, sd_netlink_message **ret, uint16 - if (r < 0) - return r; - -- if (nlmsg_type == RTM_NEWNEIGH) -- (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_REPLACE; -+ if (nlmsg_type == RTM_NEWNEIGH) { -+ if (ndm_family == AF_BRIDGE) -+ (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_APPEND; -+ else -+ (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_REPLACE; -+ } - - ndm = NLMSG_DATA((*ret)->hdr); - --- -2.33.0 - diff --git a/backport-seccomp-Always-install-filters-for-native-architectu.patch b/backport-seccomp-Always-install-filters-for-native-architectu.patch deleted file mode 100644 index 91671e6..0000000 --- a/backport-seccomp-Always-install-filters-for-native-architectu.patch +++ /dev/null @@ -1,64 +0,0 @@ -From ba8bce7b562f9ef83a4de697eae2f97cf1806e3d Mon Sep 17 00:00:00 2001 -From: Benjamin Berg -Date: Fri, 17 Sep 2021 13:05:32 +0200 -Subject: [PATCH] seccomp: Always install filters for native architecture - -The commit 6597686865ff ("seccomp: don't install filters for archs that -can't use syscalls") introduced a regression where filters may not be -installed for the "native" architecture. This means that setting -SystemCallArchitectures=native for a unit effectively disables the -SystemCallFilter= and SystemCallLog= options. - -Conceptually, we have two filter stages: - 1. architecture used for syscall (SystemCallArchitectures=) - 2. syscall + architecture combination (SystemCallFilter=) - -The above commit tried to optimize the filter generation by skipping the -second level filtering when it is not required. - -However, systemd will never fully block the "native" architecture using -the first level filter. This makes the code a lot simpler, as systemd -can execve() the target binary using its own architecture. And, it -should be perfectly fine as the "native" architecture will always be the -one with the most restrictive seccomp filtering. - -Said differently, the bug arises because (on x86_64): - 1. x86_64 is permitted by libseccomp already - 2. native != x86_64 - 3. the loop wants to block x86_64 because the permitted set only - contains "native" (i.e. "native" != "x86_64") - 4. x86_64 is marked as blocked in seccomp_local_archs - -Thereby we have an inconsistency, where it is marked as blocked in the -seccomp_local_archs array but it is allowed by libseccomp. i.e. we will -skip generating filter stage 2 without having stage 1 in place. - -The fix is simple, we just skip the native architecture when looping -seccomp_local_archs. This way the inconsistency cannot happen. - -(cherry picked from commit f833df38488ea40fc3d601ccefd64cfa3fce8bb4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ba8bce7b562f9ef83a4de697eae2f97cf1806e3d ---- - src/shared/seccomp-util.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index 631ca5dd34..31d6b542c0 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -1789,6 +1789,10 @@ int seccomp_restrict_archs(Set *archs) { - for (unsigned i = 0; seccomp_local_archs[i] != SECCOMP_LOCAL_ARCH_END; ++i) { - uint32_t arch = seccomp_local_archs[i]; - -+ /* See above comment, our "native" architecture is never blocked. */ -+ if (arch == seccomp_arch_native()) -+ continue; -+ - /* That architecture might have already been blocked by a previous call to seccomp_restrict_archs. */ - if (arch == SECCOMP_LOCAL_ARCH_BLOCKED) - continue; --- -2.33.0 - diff --git a/backport-seccomp-drop-getrandom-from-system-service.patch b/backport-seccomp-drop-getrandom-from-system-service.patch deleted file mode 100644 index ae771d0..0000000 --- a/backport-seccomp-drop-getrandom-from-system-service.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 9eb9b07c404be8d59a800c70593809a69f0d0e55 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 27 Jul 2021 17:10:21 +0200 -Subject: [PATCH] seccomp: drop getrandom() from @system-service - -It's included in @default now, since -14f4b1b568907350d023d1429c1aa4aaa8925f22, and since @system-service -pulls that in we can drop it from @system-service. - -Follow-up for #20191 - -(cherry picked from commit 67347f37407489a68e12da8f75b78ae1d1168de9) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9eb9b07c404be8d59a800c70593809a69f0d0e55 ---- - src/shared/seccomp-util.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index cad0af89f2..703d5a939c 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -859,7 +859,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - "get_mempolicy\0" - "getcpu\0" - "getpriority\0" -- "getrandom\0" - "ioctl\0" - "ioprio_get\0" - "kcmp\0" --- -2.33.0 - diff --git a/backport-seccomp-move-arch_prctl-to-default.patch b/backport-seccomp-move-arch_prctl-to-default.patch deleted file mode 100644 index 4a305c4..0000000 --- a/backport-seccomp-move-arch_prctl-to-default.patch +++ /dev/null @@ -1,54 +0,0 @@ -From cf6d1dcc93ad7caedaa139d3c0377f7524fe1013 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 7 Jan 2022 15:23:55 +0100 -Subject: [PATCH] seccomp: move arch_prctl to @default - -It was reported as used by the linker: - -> [It is] called in the setup of ld-linux-x86-64.so.2 from _dl_sysdep_start. -> My local call stack (with LTO): -> -> #0 init_cpu_features.constprop.0 (/usr/lib64/ld-linux-x86-64.so.2) -> #1 _dl_sysdep_start (/usr/lib64/ld-linux-x86-64.so.2) -> #2 _dl_start (/usr/lib64/ld-linux-x86-64.so.2) -> #3 _start (/usr/lib64/ld-linux-x86-64.so.2) -> -> Looking through the source, I think it's this (links for glibc 2.34): -> - First dl_platform_init calls _dl_x86_init_cpu_features, a wrapper for init_cpu_features. -> - Then init_cpu_features calls get_cet_status. -> - At last, get_cet_status invokes arch_prctl. - -Fixes #22033. - -(cherry picked from commit 5f02870a74aa3a758115cc9bd6d68f239caf8453) -(cherry picked from commit d08f6ff204c8525f7533875128468afb8be60ae0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/cf6d1dcc93ad7caedaa139d3c0377f7524fe1013 ---- - src/shared/seccomp-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index 2d73354e1a..ccfa4cc56a 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -283,6 +283,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - .name = "@default", - .help = "System calls that are always permitted", - .value = -+ "arch_prctl\0" /* Used during platform-specific initialization by ld-linux.so. */ - "brk\0" - "cacheflush\0" - "clock_getres\0" -@@ -712,7 +713,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - .name = "@process", - .help = "Process control, execution, namespacing operations", - .value = -- "arch_prctl\0" - "capget\0" /* Able to query arbitrary processes */ - "clone\0" - "clone3\0" --- -2.33.0 - diff --git a/backport-seccomp-move-mprotect-to-default.patch b/backport-seccomp-move-mprotect-to-default.patch deleted file mode 100644 index 05be12f..0000000 --- a/backport-seccomp-move-mprotect-to-default.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 0c8195d673f46ab41ffbf7bb0eb54b53f202bb3f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 13 Nov 2021 16:08:25 +0100 -Subject: [PATCH] seccomp: move mprotect to @default - -With glibc-2.34.9000-17.fc36.x86_64, dynamically programs newly fail in early -init with a restrictive syscall filter that does not include @system-service. -I think this is caused by 2dd87703d4386f2776c5b5f375a494c91d7f9fe4: - -Author: Florian Weimer -Date: Mon May 10 10:31:41 2021 +0200 - - nptl: Move changing of stack permissions into ld.so - - All the stack lists are now in _rtld_global, so it is possible - to change stack permissions directly from there, instead of - calling into libpthread to do the change. - -It seems that this call will now be very widely used, so let's just move it to -default to avoid too many failures. - -(cherry picked from commit 4728625490b70ac4a686b1655c08ad3fe7b97359) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0c8195d673f46ab41ffbf7bb0eb54b53f202bb3f ---- - src/shared/seccomp-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index 31d6b542c0..2d73354e1a 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -324,6 +324,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - "membarrier\0" - "mmap\0" - "mmap2\0" -+ "mprotect\0" - "munmap\0" - "nanosleep\0" - "pause\0" -@@ -864,7 +865,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - "ioprio_get\0" - "kcmp\0" - "madvise\0" -- "mprotect\0" - "mremap\0" - "name_to_handle_at\0" - "oldolduname\0" --- -2.33.0 - diff --git a/backport-seccomp-move-sched_getaffinity-from-system-service-t.patch b/backport-seccomp-move-sched_getaffinity-from-system-service-t.patch deleted file mode 100644 index 32e96e9..0000000 --- a/backport-seccomp-move-sched_getaffinity-from-system-service-t.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 77681242c8c6d7693814b8245e9096e43faa21be Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 27 Jul 2021 17:11:09 +0200 -Subject: [PATCH] seccomp: move sched_getaffinity() from @system-service to - @default - -See: https://github.com/systemd/systemd/pull/20191#issuecomment-881982739 - -In general, we shouldn't blanket move syscalls like this into @default, -given that glibc actually does have fallbacks, afaics. However, as -long as the syscalls are "read-only" and thus benign, I figure it's a -safe thing to do. But we should probably stick to a "if in doubt, don't" -rule, and put these syscalls in @system-service as default, but not into -@default. - -I think in the real world @system-service is the sensible group people -should use, and not @default actually. - -(cherry picked from commit 7df660e45682af5c40a236abe1bdc5ddcf3b3533) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/77681242c8c6d7693814b8245e9096e43faa21be ---- - src/shared/seccomp-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index 703d5a939c..631ca5dd34 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -331,6 +331,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - "restart_syscall\0" - "rseq\0" - "rt_sigreturn\0" -+ "sched_getaffinity\0" - "sched_yield\0" - "set_robust_list\0" - "set_thread_area\0" -@@ -874,7 +875,6 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = { - "remap_file_pages\0" - "sched_get_priority_max\0" - "sched_get_priority_min\0" -- "sched_getaffinity\0" - "sched_getattr\0" - "sched_getparam\0" - "sched_getscheduler\0" --- -2.33.0 - diff --git a/backport-shared-bootspec-avoid-crashing-on-config-without-a-v.patch b/backport-shared-bootspec-avoid-crashing-on-config-without-a-v.patch deleted file mode 100644 index bd18b74..0000000 --- a/backport-shared-bootspec-avoid-crashing-on-config-without-a-v.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 412b89a6e8055f2c8c9db4b6b847f081e00461ff Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 6 May 2022 17:36:47 +0200 -Subject: [PATCH] shared/bootspec: avoid crashing on config without a value - -(cherry picked from commit b6bd2562ebb01b48cdb55a970d9daa1799b59876) ---- - src/shared/bootspec.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/src/shared/bootspec.c b/src/shared/bootspec.c -index 0076092c2a..9e2b2899bd 100644 ---- a/src/shared/bootspec.c -+++ b/src/shared/bootspec.c -@@ -124,6 +124,13 @@ static int boot_entry_load( - continue; - } - -+ if (isempty(p)) { -+ /* Some fields can reasonably have an empty value. In other cases warn. */ -+ if (!STR_IN_SET(field, "options", "devicetree-overlay")) -+ log_warning("%s:%u: Field %s without value", tmp.path, line, field); -+ continue; -+ } -+ - if (streq(field, "title")) - r = free_and_strdup(&tmp.title, p); - else if (streq(field, "version")) --- -2.33.0 - diff --git a/backport-shared-condition-avoid-nss-lookup-in-PID1.patch b/backport-shared-condition-avoid-nss-lookup-in-PID1.patch deleted file mode 100644 index 273f8b8..0000000 --- a/backport-shared-condition-avoid-nss-lookup-in-PID1.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 03101b5186a43b893165f44726f4865702005d8e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 7 Oct 2022 17:34:53 +0200 -Subject: [PATCH] shared/condition: avoid nss lookup in PID1 - -PID 1 is not allowed to do nss lookups because this may take a long time or -even deadlock. - -While at it, the comparisons are reordered to do the "easy" comparisons which -only require a string comparison first. Delay parsing of the UID until it is -really necessary. The result is the same, because we know that "root" and -"nobody" parse as valid. - -(cherry picked from commit 734f96b8490a2c48712ff6754a84fcaeac3d53c1) -(cherry picked from commit 5da595db39e8c6b229dfe388130683ff9a32eda5) -(cherry picked from commit 4ddeea92faf69291449af95dc9ba6440ad06ec1b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/03101b5186a43b893165f44726f4865702005d8e ---- - src/shared/condition.c | 23 ++++++++++++++--------- - 1 file changed, 14 insertions(+), 9 deletions(-) - -diff --git a/src/shared/condition.c b/src/shared/condition.c -index b0520566ed..ed7de273bf 100644 ---- a/src/shared/condition.c -+++ b/src/shared/condition.c -@@ -373,31 +373,36 @@ static int condition_test_cpus(Condition *c, char **env) { - static int condition_test_user(Condition *c, char **env) { - uid_t id; - int r; -- _cleanup_free_ char *username = NULL; -- const char *u; - - assert(c); - assert(c->parameter); - assert(c->type == CONDITION_USER); - -+ /* Do the quick&easy comparisons first, and only parse the UID later. */ -+ if (streq(c->parameter, "root")) -+ return getuid() == 0 || geteuid() == 0; -+ if (streq(c->parameter, NOBODY_USER_NAME)) -+ return getuid() == UID_NOBODY || geteuid() == UID_NOBODY; -+ if (streq(c->parameter, "@system")) -+ return uid_is_system(getuid()) || uid_is_system(geteuid()); -+ - r = parse_uid(c->parameter, &id); - if (r >= 0) - return id == getuid() || id == geteuid(); - -- if (streq("@system", c->parameter)) -- return uid_is_system(getuid()) || uid_is_system(geteuid()); -+ if (getpid_cached() == 1) /* We already checked for "root" above, and we know that -+ * PID 1 is running as root, hence we know it cannot match. */ -+ return false; - -- username = getusername_malloc(); -+ /* getusername_malloc() may do an nss lookup, which is not allowed in PID 1. */ -+ _cleanup_free_ char *username = getusername_malloc(); - if (!username) - return -ENOMEM; - - if (streq(username, c->parameter)) - return 1; - -- if (getpid_cached() == 1) -- return streq(c->parameter, "root"); -- -- u = c->parameter; -+ const char *u = c->parameter; - r = get_user_creds(&u, &id, NULL, NULL, NULL, USER_CREDS_ALLOW_MISSING); - if (r < 0) - return 0; --- -2.27.0 - diff --git a/backport-shared-format-table-allocate-buffer-of-sufficient-si.patch b/backport-shared-format-table-allocate-buffer-of-sufficient-si.patch deleted file mode 100644 index ebe05af..0000000 --- a/backport-shared-format-table-allocate-buffer-of-sufficient-si.patch +++ /dev/null @@ -1,38 +0,0 @@ -From e6407ca25852dadec355df2e6fdc92d1f189bceb Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 5 Jul 2021 21:29:11 +0200 -Subject: [PATCH] shared/format-table: allocate buffer of sufficient size - -(cherry picked from commit 6dc57047ff0f1f9e98938ffb172dae06e6868b94) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e6407ca25852dadec355df2e6fdc92d1f189bceb ---- - src/shared/format-table.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/format-table.c b/src/shared/format-table.c -index c4c3439541..4c4e4593d8 100644 ---- a/src/shared/format-table.c -+++ b/src/shared/format-table.c -@@ -1409,7 +1409,7 @@ static const char *table_data_format(Table *t, TableData *d, bool avoid_uppercas - _cleanup_free_ char *p = NULL; - char *ret; - -- p = new(char, FORMAT_TIMESTAMP_MAX); -+ p = new(char, d->type == TABLE_TIMESTAMP_RELATIVE ? FORMAT_TIMESTAMP_RELATIVE_MAX : FORMAT_TIMESTAMP_MAX); - if (!p) - return NULL; - -@@ -1418,7 +1418,7 @@ static const char *table_data_format(Table *t, TableData *d, bool avoid_uppercas - else if (d->type == TABLE_TIMESTAMP_UTC) - ret = format_timestamp_style(p, FORMAT_TIMESTAMP_MAX, d->timestamp, TIMESTAMP_UTC); - else -- ret = format_timestamp_relative(p, FORMAT_TIMESTAMP_MAX, d->timestamp); -+ ret = format_timestamp_relative(p, FORMAT_TIMESTAMP_RELATIVE_MAX, d->timestamp); - if (!ret) - return "n/a"; - --- -2.33.0 - diff --git a/backport-shared-json-fix-memory-leak-on-failed-normalization.patch b/backport-shared-json-fix-memory-leak-on-failed-normalization.patch deleted file mode 100644 index f7fd5ef..0000000 --- a/backport-shared-json-fix-memory-leak-on-failed-normalization.patch +++ /dev/null @@ -1,34 +0,0 @@ -From c1dbf637d7f5588a19b5d9ea812fee2e68a6dcfa Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 9 May 2022 14:28:36 +0200 -Subject: [PATCH] shared/json: fix memory leak on failed normalization - -We need to increase the counter immediately after taking the ref, -otherwise we may not unref it properly if we fail before incrementing. - -(cherry picked from commit 7e4be6a5845f983a299932d4ccb2c4349cf8dd52) ---- - src/shared/json.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/shared/json.c b/src/shared/json.c -index dff95eda26..711aa36c87 100644 ---- a/src/shared/json.c -+++ b/src/shared/json.c -@@ -4680,10 +4680,11 @@ int json_variant_normalize(JsonVariant **v) { - if (!a) - return -ENOMEM; - -- for (i = 0; i < m; i++) { -+ for (i = 0; i < m; ) { - a[i] = json_variant_ref(json_variant_by_index(*v, i)); -+ i++; - -- r = json_variant_normalize(a + i); -+ r = json_variant_normalize(&a[i-1]); - if (r < 0) - goto finish; - } --- -2.33.0 - diff --git a/backport-sleep-don-t-skip-resume-device-with-low-priority-ava.patch b/backport-sleep-don-t-skip-resume-device-with-low-priority-ava.patch deleted file mode 100644 index b9e39ca..0000000 --- a/backport-sleep-don-t-skip-resume-device-with-low-priority-ava.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 20c776c5e92201e01d4bfbea4ecbc4df758bcf09 Mon Sep 17 00:00:00 2001 -From: Egor -Date: Sun, 3 Oct 2021 03:42:50 +0300 -Subject: [PATCH] sleep: don't skip resume device with low priority/available - space - -this fixes hibernation when there's a higher priority swap preceding -the resume swap in /proc/swaps. - -fixes #19486 - -(cherry picked from commit 936a7cb66a0b423e75ceef87f02537067ad17002) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/20c776c5e92201e01d4bfbea4ecbc4df758bcf09 ---- - src/shared/sleep-config.c | 20 +++++++++++--------- - 1 file changed, 11 insertions(+), 9 deletions(-) - -diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c -index dbaecb3a0f..8ec3d09a58 100644 ---- a/src/shared/sleep-config.c -+++ b/src/shared/sleep-config.c -@@ -392,15 +392,17 @@ int find_hibernate_location(HibernateLocation **ret_hibernate_location) { - } - - /* prefer resume device or highest priority swap with most remaining space */ -- if (hibernate_location && swap->priority < hibernate_location->swap->priority) { -- log_debug("%s: ignoring device with lower priority", swap->device); -- continue; -- } -- if (hibernate_location && -- (swap->priority == hibernate_location->swap->priority -- && swap->size - swap->used < hibernate_location->swap->size - hibernate_location->swap->used)) { -- log_debug("%s: ignoring device with lower usable space", swap->device); -- continue; -+ if (sys_resume == 0) { -+ if (hibernate_location && swap->priority < hibernate_location->swap->priority) { -+ log_debug("%s: ignoring device with lower priority", swap->device); -+ continue; -+ } -+ if (hibernate_location && -+ (swap->priority == hibernate_location->swap->priority -+ && swap->size - swap->used < hibernate_location->swap->size - hibernate_location->swap->used)) { -+ log_debug("%s: ignoring device with lower usable space", swap->device); -+ continue; -+ } - } - - dev_t swap_device; --- -2.33.0 - diff --git a/backport-socket-util-introduce-CMSG_SPACE_TIMEVAL-TIMESPEC-ma.patch b/backport-socket-util-introduce-CMSG_SPACE_TIMEVAL-TIMESPEC-ma.patch deleted file mode 100644 index 30628d7..0000000 --- a/backport-socket-util-introduce-CMSG_SPACE_TIMEVAL-TIMESPEC-ma.patch +++ /dev/null @@ -1,94 +0,0 @@ -From d36785cdd845710028ab033f85493572f15cab23 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 29 Aug 2021 20:50:49 +0900 -Subject: [PATCH] socket-util: introduce CMSG_SPACE_TIMEVAL/TIMESPEC macro to - support additional 64bit timeval or timespec - -Fixes #20482 and #20564. - -(cherry picked from commit 9365e296fe281da45797af89a97627e872fc019d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/d36785cdd845710028ab033f85493572f15cab23 ---- - src/basic/socket-util.h | 22 ++++++++++++++++++++++ - src/journal/journald-server.c | 2 +- - src/libsystemd-network/icmp6-util.c | 2 +- - src/timesync/timesyncd-manager.c | 2 +- - 4 files changed, 25 insertions(+), 3 deletions(-) - -diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h -index f92e425fd6..09e606614c 100644 ---- a/src/basic/socket-util.h -+++ b/src/basic/socket-util.h -@@ -277,6 +277,28 @@ static inline int getsockopt_int(int fd, int level, int optname, int *ret) { - int socket_bind_to_ifname(int fd, const char *ifname); - int socket_bind_to_ifindex(int fd, int ifindex); - -+/* Define a 64bit version of timeval/timespec in any case, even on 32bit userspace. */ -+struct timeval_large { -+ uint64_t tvl_sec, tvl_usec; -+}; -+struct timespec_large { -+ uint64_t tvl_sec, tvl_nsec; -+}; -+ -+/* glibc duplicates timespec/timeval on certain 32bit archs, once in 32bit and once in 64bit. -+ * See __convert_scm_timestamps() in glibc source code. Hence, we need additional buffer space for them -+ * to prevent from recvmsg_safe() returning -EXFULL. */ -+#define CMSG_SPACE_TIMEVAL \ -+ ((sizeof(struct timeval) == sizeof(struct timeval_large)) ? \ -+ CMSG_SPACE(sizeof(struct timeval)) : \ -+ CMSG_SPACE(sizeof(struct timeval)) + \ -+ CMSG_SPACE(sizeof(struct timeval_large))) -+#define CMSG_SPACE_TIMESPEC \ -+ ((sizeof(struct timespec) == sizeof(struct timespec_large)) ? \ -+ CMSG_SPACE(sizeof(struct timespec)) : \ -+ CMSG_SPACE(sizeof(struct timespec)) + \ -+ CMSG_SPACE(sizeof(struct timespec_large))) -+ - ssize_t recvmsg_safe(int sockfd, struct msghdr *msg, int flags); - - int socket_get_family(int fd, int *ret); -diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c -index a0695ec519..abd52f7c14 100644 ---- a/src/journal/journald-server.c -+++ b/src/journal/journald-server.c -@@ -1277,7 +1277,7 @@ int server_process_datagram( - * identical to NAME_MAX. For now we use that, but this should be updated one day when the final - * limit is known. */ - CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred)) + -- CMSG_SPACE(sizeof(struct timeval)) + -+ CMSG_SPACE_TIMEVAL + - CMSG_SPACE(sizeof(int)) + /* fd */ - CMSG_SPACE(NAME_MAX) /* selinux label */) control; - -diff --git a/src/libsystemd-network/icmp6-util.c b/src/libsystemd-network/icmp6-util.c -index 0b8c3e4cc3..823be0f275 100644 ---- a/src/libsystemd-network/icmp6-util.c -+++ b/src/libsystemd-network/icmp6-util.c -@@ -149,7 +149,7 @@ int icmp6_receive(int fd, void *buffer, size_t size, struct in6_addr *ret_dst, - triple_timestamp *ret_timestamp) { - - CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int)) + /* ttl */ -- CMSG_SPACE(sizeof(struct timeval))) control; -+ CMSG_SPACE_TIMEVAL) control; - struct iovec iov = {}; - union sockaddr_union sa = {}; - struct msghdr msg = { -diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c -index 9d874cfc8a..eae14e8fb2 100644 ---- a/src/timesync/timesyncd-manager.c -+++ b/src/timesync/timesyncd-manager.c -@@ -412,7 +412,7 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re - .iov_base = &ntpmsg, - .iov_len = sizeof(ntpmsg), - }; -- CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct timespec))) control; -+ CMSG_BUFFER_TYPE(CMSG_SPACE_TIMESPEC) control; - union sockaddr_union server_addr; - struct msghdr msghdr = { - .msg_iov = &iov, --- -2.33.0 - diff --git a/backport-src-boot-efi-linux-fix-linux_exec-prototype.patch b/backport-src-boot-efi-linux-fix-linux_exec-prototype.patch deleted file mode 100644 index be17432..0000000 --- a/backport-src-boot-efi-linux-fix-linux_exec-prototype.patch +++ /dev/null @@ -1,48 +0,0 @@ -From a825ced57fa8533ba54fec4c4476400e122ddbc3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= - -Date: Thu, 19 Aug 2021 12:21:12 +0200 -Subject: [PATCH] src/boot/efi/linux: fix linux_exec prototype - -Callers to linux_exec() are actually passing an EFI_HANDLE, not a pointer to -it. linux_efi_handover(), which is called by linux_exec(), also expects an -EFI_HANDLE. - -(cherry picked from commit d48f9174cf211a235193963a06b3d28537fc6529) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/a825ced57fa8533ba54fec4c4476400e122ddbc3 ---- - src/boot/efi/linux.c | 2 +- - src/boot/efi/linux.h | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/boot/efi/linux.c b/src/boot/efi/linux.c -index 4d44671315..b5d6120493 100644 ---- a/src/boot/efi/linux.c -+++ b/src/boot/efi/linux.c -@@ -25,7 +25,7 @@ static VOID linux_efi_handover(EFI_HANDLE image, struct boot_params *params) { - handover(image, ST, params); - } - --EFI_STATUS linux_exec(EFI_HANDLE *image, -+EFI_STATUS linux_exec(EFI_HANDLE image, - CHAR8 *cmdline, UINTN cmdline_len, - UINTN linux_addr, - UINTN initrd_addr, UINTN initrd_size) { -diff --git a/src/boot/efi/linux.h b/src/boot/efi/linux.h -index 09be2de27b..53270e16b3 100644 ---- a/src/boot/efi/linux.h -+++ b/src/boot/efi/linux.h -@@ -83,7 +83,7 @@ struct boot_params { - UINT8 _pad9[276]; - } __attribute__((packed)); - --EFI_STATUS linux_exec(EFI_HANDLE *image, -+EFI_STATUS linux_exec(EFI_HANDLE image, - CHAR8 *cmdline, UINTN cmdline_size, - UINTN linux_addr, - UINTN initrd_addr, UINTN initrd_size); --- -2.33.0 - diff --git a/backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch b/backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch deleted file mode 100644 index 489088f..0000000 --- a/backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch +++ /dev/null @@ -1,85 +0,0 @@ -From ab77d5f0c18783c273d1b3b0e8126c7019ddb1f8 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 13 Jul 2022 23:43:36 +0200 -Subject: [PATCH] stat-util: replace is_dir() + is_dir_fd() by single - is_dir_full() call - -This new call can execute both of the old operations, but also do -generic fstatat() like behaviour. - -(cherry picked from commit a586dc791ca465f4087473d2ad6794b7776aee2d) -(cherry picked from commit 9255fa3a15c5c7dea9ddb2ce5399d3b675f8368b) -(cherry picked from commit a77b81f1240ff7e0ea5d084d61875e1bdefc075d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ab77d5f0c18783c273d1b3b0e8126c7019ddb1f8 ---- - src/basic/stat-util.c | 20 ++++++-------------- - src/basic/stat-util.h | 9 +++++++-- - 2 files changed, 13 insertions(+), 16 deletions(-) - -diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c -index 56f7652cec..652cfd1485 100644 ---- a/src/basic/stat-util.c -+++ b/src/basic/stat-util.c -@@ -31,31 +31,23 @@ int is_symlink(const char *path) { - return !!S_ISLNK(info.st_mode); - } - --int is_dir(const char* path, bool follow) { -+int is_dir_full(int atfd, const char* path, bool follow) { - struct stat st; - int r; - -- assert(path); -+ assert(atfd >= 0 || atfd == AT_FDCWD); -+ assert(atfd >= 0 || path); - -- if (follow) -- r = stat(path, &st); -+ if (path) -+ r = fstatat(atfd, path, &st, follow ? 0 : AT_SYMLINK_NOFOLLOW); - else -- r = lstat(path, &st); -+ r = fstat(atfd, &st); - if (r < 0) - return -errno; - - return !!S_ISDIR(st.st_mode); - } - --int is_dir_fd(int fd) { -- struct stat st; -- -- if (fstat(fd, &st) < 0) -- return -errno; -- -- return !!S_ISDIR(st.st_mode); --} -- - int is_device_node(const char *path) { - struct stat info; - -diff --git a/src/basic/stat-util.h b/src/basic/stat-util.h -index a566114f7c..f9a24c8775 100644 ---- a/src/basic/stat-util.h -+++ b/src/basic/stat-util.h -@@ -13,8 +13,13 @@ - #include "missing_stat.h" - - int is_symlink(const char *path); --int is_dir(const char *path, bool follow); --int is_dir_fd(int fd); -+int is_dir_full(int atfd, const char *fname, bool follow); -+static inline int is_dir(const char *path, bool follow) { -+ return is_dir_full(AT_FDCWD, path, follow); -+} -+static inline int is_dir_fd(int fd) { -+ return is_dir_full(fd, NULL, false); -+} - int is_device_node(const char *path); - - int dir_is_empty_at(int dir_fd, const char *path); --- -2.27.0 - diff --git a/backport-stat-util-specify-O_DIRECTORY-when-reopening-dir-in-.patch b/backport-stat-util-specify-O_DIRECTORY-when-reopening-dir-in-.patch deleted file mode 100644 index 687df80..0000000 --- a/backport-stat-util-specify-O_DIRECTORY-when-reopening-dir-in-.patch +++ /dev/null @@ -1,36 +0,0 @@ -From e1e32516f98a1f39ce763545de9a8664526d0b8a Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 21 Oct 2021 18:07:06 +0200 -Subject: [PATCH] stat-util: specify O_DIRECTORY when reopening dir in - dir_is_empty_at() - -That way we can fail earlier if the specified fd is not actually a -directory. - -(Also, it's not exactly according to standards to open things without -either O_RDONLY/O_RDWR...) - -(cherry picked from commit b9d06522631a22d242374dc44a74c3b6459e3cb3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e1e32516f98a1f39ce763545de9a8664526d0b8a ---- - src/basic/stat-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c -index 72a7e4a48b..56f7652cec 100644 ---- a/src/basic/stat-util.c -+++ b/src/basic/stat-util.c -@@ -79,7 +79,7 @@ int dir_is_empty_at(int dir_fd, const char *path) { - } else { - /* Note that DUPing is not enough, as the internal pointer - * would still be shared and moved by FOREACH_DIRENT. */ -- fd = fd_reopen(dir_fd, O_CLOEXEC); -+ fd = fd_reopen(dir_fd, O_RDONLY|O_DIRECTORY|O_CLOEXEC); - if (fd < 0) - return fd; - } --- -2.33.0 - diff --git a/backport-syscalls-update-syscall-definitions.patch b/backport-syscalls-update-syscall-definitions.patch deleted file mode 100644 index 78f80cf..0000000 --- a/backport-syscalls-update-syscall-definitions.patch +++ /dev/null @@ -1,853 +0,0 @@ -From f551941e5d7a39312903625d473e1d527358f0e1 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 3 Jan 2022 03:48:10 +0900 -Subject: [PATCH] syscalls: update syscall definitions - -(cherry picked from commit 0c718b1a67cd0d3512eafeb4659458694bf3865b) -(cherry picked from commit 7e338876577cb328632ce3e7753c0130b54dd7a2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f551941e5d7a39312903625d473e1d527358f0e1 ---- - src/basic/syscalls-alpha.txt | 6 ++++-- - src/basic/syscalls-arc.txt | 6 ++++-- - src/basic/syscalls-arm.txt | 6 ++++-- - src/basic/syscalls-arm64.txt | 6 ++++-- - src/basic/syscalls-i386.txt | 6 ++++-- - src/basic/syscalls-ia64.txt | 6 ++++-- - src/basic/syscalls-m68k.txt | 6 ++++-- - src/basic/syscalls-mips64.txt | 6 ++++-- - src/basic/syscalls-mips64n32.txt | 6 ++++-- - src/basic/syscalls-mipso32.txt | 6 ++++-- - src/basic/syscalls-powerpc.txt | 6 ++++-- - src/basic/syscalls-powerpc64.txt | 6 ++++-- - src/basic/syscalls-riscv32.txt | 8 +++++--- - src/basic/syscalls-riscv64.txt | 6 ++++-- - src/basic/syscalls-s390.txt | 6 ++++-- - src/basic/syscalls-s390x.txt | 6 ++++-- - src/basic/syscalls-sparc.txt | 6 ++++-- - src/basic/syscalls-x86_64.txt | 6 ++++-- - 18 files changed, 73 insertions(+), 37 deletions(-) - -diff --git a/src/basic/syscalls-alpha.txt b/src/basic/syscalls-alpha.txt -index 3bcc357075..5aef86b09e 100644 ---- a/src/basic/syscalls-alpha.txt -+++ b/src/basic/syscalls-alpha.txt -@@ -106,6 +106,7 @@ ftruncate 130 - ftruncate64 - futex 394 - futex_time64 -+futex_waitv 559 - futimesat 454 - get_kernel_syms 309 - get_mempolicy 430 -@@ -203,6 +204,7 @@ madvise 75 - mbind 429 - membarrier 517 - memfd_create 512 -+memfd_secret - memory_ordering - migrate_pages 449 - mincore 375 -@@ -374,7 +376,6 @@ pciconfig_read 345 - pciconfig_write 346 - perf_event_open 493 - perfctr --perfmonctl - personality 324 - pidfd_getfd 548 - pidfd_open 544 -@@ -394,6 +395,7 @@ preadv 490 - preadv2 520 - prlimit64 496 - process_madvise 550 -+process_mrelease 558 - process_vm_readv 504 - process_vm_writev 505 - pselect6 463 -@@ -404,7 +406,7 @@ pwritev 491 - pwritev2 521 - query_module 347 - quotactl 148 --quotactl_path -+quotactl_fd 553 - read 3 - readahead 379 - readdir -diff --git a/src/basic/syscalls-arc.txt b/src/basic/syscalls-arc.txt -index e4204fa0f2..f275f104bf 100644 ---- a/src/basic/syscalls-arc.txt -+++ b/src/basic/syscalls-arc.txt -@@ -106,6 +106,7 @@ ftruncate - ftruncate64 46 - futex 98 - futex_time64 422 -+futex_waitv 449 - futimesat - get_kernel_syms - get_mempolicy 236 -@@ -203,6 +204,7 @@ madvise 233 - mbind 235 - membarrier 283 - memfd_create 279 -+memfd_secret - memory_ordering - migrate_pages 238 - mincore 232 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 241 - perfctr --perfmonctl - personality 92 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 69 - preadv2 286 - prlimit64 261 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 270 - process_vm_writev 271 - pselect6 72 -@@ -404,7 +406,7 @@ pwritev 70 - pwritev2 287 - query_module - quotactl 60 --quotactl_path -+quotactl_fd 443 - read 63 - readahead 213 - readdir -diff --git a/src/basic/syscalls-arm.txt b/src/basic/syscalls-arm.txt -index a4847a18b3..9037b28384 100644 ---- a/src/basic/syscalls-arm.txt -+++ b/src/basic/syscalls-arm.txt -@@ -106,6 +106,7 @@ ftruncate 93 - ftruncate64 194 - futex 240 - futex_time64 422 -+futex_waitv 449 - futimesat 326 - get_kernel_syms - get_mempolicy 320 -@@ -203,6 +204,7 @@ madvise 220 - mbind 319 - membarrier 389 - memfd_create 385 -+memfd_secret - memory_ordering - migrate_pages 400 - mincore 219 -@@ -374,7 +376,6 @@ pciconfig_read 272 - pciconfig_write 273 - perf_event_open 364 - perfctr --perfmonctl - personality 136 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 361 - preadv2 392 - prlimit64 369 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 376 - process_vm_writev 377 - pselect6 335 -@@ -404,7 +406,7 @@ pwritev 362 - pwritev2 393 - query_module - quotactl 131 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 225 - readdir -diff --git a/src/basic/syscalls-arm64.txt b/src/basic/syscalls-arm64.txt -index ef76ffa96f..e91d7cfca4 100644 ---- a/src/basic/syscalls-arm64.txt -+++ b/src/basic/syscalls-arm64.txt -@@ -106,6 +106,7 @@ ftruncate 46 - ftruncate64 - futex 98 - futex_time64 -+futex_waitv 449 - futimesat - get_kernel_syms - get_mempolicy 236 -@@ -203,6 +204,7 @@ madvise 233 - mbind 235 - membarrier 283 - memfd_create 279 -+memfd_secret 447 - memory_ordering - migrate_pages 238 - mincore 232 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 241 - perfctr --perfmonctl - personality 92 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 69 - preadv2 286 - prlimit64 261 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 270 - process_vm_writev 271 - pselect6 72 -@@ -404,7 +406,7 @@ pwritev 70 - pwritev2 287 - query_module - quotactl 60 --quotactl_path -+quotactl_fd 443 - read 63 - readahead 213 - readdir -diff --git a/src/basic/syscalls-i386.txt b/src/basic/syscalls-i386.txt -index baacb9b7a3..6b57d6f05d 100644 ---- a/src/basic/syscalls-i386.txt -+++ b/src/basic/syscalls-i386.txt -@@ -106,6 +106,7 @@ ftruncate 93 - ftruncate64 194 - futex 240 - futex_time64 422 -+futex_waitv 449 - futimesat 299 - get_kernel_syms 130 - get_mempolicy 275 -@@ -203,6 +204,7 @@ madvise 219 - mbind 274 - membarrier 375 - memfd_create 356 -+memfd_secret 447 - memory_ordering - migrate_pages 294 - mincore 218 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 336 - perfctr --perfmonctl - personality 136 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 333 - preadv2 378 - prlimit64 340 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 347 - process_vm_writev 348 - pselect6 308 -@@ -404,7 +406,7 @@ pwritev 334 - pwritev2 379 - query_module 167 - quotactl 131 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 225 - readdir 89 -diff --git a/src/basic/syscalls-ia64.txt b/src/basic/syscalls-ia64.txt -index c37ea6f88f..3d646f6d17 100644 ---- a/src/basic/syscalls-ia64.txt -+++ b/src/basic/syscalls-ia64.txt -@@ -106,6 +106,7 @@ ftruncate 1098 - ftruncate64 - futex 1230 - futex_time64 -+futex_waitv 1473 - futimesat 1285 - get_kernel_syms - get_mempolicy 1260 -@@ -203,6 +204,7 @@ madvise 1209 - mbind 1259 - membarrier 1344 - memfd_create 1340 -+memfd_secret - memory_ordering - migrate_pages 1280 - mincore 1208 -@@ -374,7 +376,6 @@ pciconfig_read 1173 - pciconfig_write 1174 - perf_event_open 1352 - perfctr --perfmonctl 1175 - personality 1140 - pidfd_getfd 1462 - pidfd_open 1458 -@@ -394,6 +395,7 @@ preadv 1319 - preadv2 1348 - prlimit64 1325 - process_madvise 1464 -+process_mrelease 1472 - process_vm_readv 1332 - process_vm_writev 1333 - pselect6 1294 -@@ -404,7 +406,7 @@ pwritev 1320 - pwritev2 1349 - query_module - quotactl 1137 --quotactl_path -+quotactl_fd 1467 - read 1026 - readahead 1216 - readdir -diff --git a/src/basic/syscalls-m68k.txt b/src/basic/syscalls-m68k.txt -index 7522b82e1f..ef7295db2f 100644 ---- a/src/basic/syscalls-m68k.txt -+++ b/src/basic/syscalls-m68k.txt -@@ -106,6 +106,7 @@ ftruncate 93 - ftruncate64 194 - futex 235 - futex_time64 422 -+futex_waitv 449 - futimesat 292 - get_kernel_syms 130 - get_mempolicy 269 -@@ -203,6 +204,7 @@ madvise 238 - mbind 268 - membarrier 374 - memfd_create 353 -+memfd_secret - memory_ordering - migrate_pages 287 - mincore 237 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 332 - perfctr --perfmonctl - personality 136 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 329 - preadv2 377 - prlimit64 339 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 345 - process_vm_writev 346 - pselect6 301 -@@ -404,7 +406,7 @@ pwritev 330 - pwritev2 378 - query_module 167 - quotactl 131 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 240 - readdir 89 -diff --git a/src/basic/syscalls-mips64.txt b/src/basic/syscalls-mips64.txt -index 6b85975eea..1f7ff567be 100644 ---- a/src/basic/syscalls-mips64.txt -+++ b/src/basic/syscalls-mips64.txt -@@ -106,6 +106,7 @@ ftruncate 5075 - ftruncate64 - futex 5194 - futex_time64 -+futex_waitv 5449 - futimesat 5251 - get_kernel_syms 5170 - get_mempolicy 5228 -@@ -203,6 +204,7 @@ madvise 5027 - mbind 5227 - membarrier 5318 - memfd_create 5314 -+memfd_secret - memory_ordering - migrate_pages 5246 - mincore 5026 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 5292 - perfctr --perfmonctl - personality 5132 - pidfd_getfd 5438 - pidfd_open 5434 -@@ -394,6 +395,7 @@ preadv 5289 - preadv2 5321 - prlimit64 5297 - process_madvise 5440 -+process_mrelease 5448 - process_vm_readv 5304 - process_vm_writev 5305 - pselect6 5260 -@@ -404,7 +406,7 @@ pwritev 5290 - pwritev2 5322 - query_module 5171 - quotactl 5172 --quotactl_path -+quotactl_fd 5443 - read 5000 - readahead 5179 - readdir -diff --git a/src/basic/syscalls-mips64n32.txt b/src/basic/syscalls-mips64n32.txt -index a4c12cc442..7e1ad9637d 100644 ---- a/src/basic/syscalls-mips64n32.txt -+++ b/src/basic/syscalls-mips64n32.txt -@@ -106,6 +106,7 @@ ftruncate 6075 - ftruncate64 - futex 6194 - futex_time64 6422 -+futex_waitv 6449 - futimesat 6255 - get_kernel_syms 6170 - get_mempolicy 6232 -@@ -203,6 +204,7 @@ madvise 6027 - mbind 6231 - membarrier 6322 - memfd_create 6318 -+memfd_secret - memory_ordering - migrate_pages 6250 - mincore 6026 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 6296 - perfctr --perfmonctl - personality 6132 - pidfd_getfd 6438 - pidfd_open 6434 -@@ -394,6 +395,7 @@ preadv 6293 - preadv2 6325 - prlimit64 6302 - process_madvise 6440 -+process_mrelease 6448 - process_vm_readv 6309 - process_vm_writev 6310 - pselect6 6264 -@@ -404,7 +406,7 @@ pwritev 6294 - pwritev2 6326 - query_module 6171 - quotactl 6172 --quotactl_path -+quotactl_fd 6443 - read 6000 - readahead 6179 - readdir -diff --git a/src/basic/syscalls-mipso32.txt b/src/basic/syscalls-mipso32.txt -index fcebabab11..c0c262fd1a 100644 ---- a/src/basic/syscalls-mipso32.txt -+++ b/src/basic/syscalls-mipso32.txt -@@ -106,6 +106,7 @@ ftruncate 4093 - ftruncate64 4212 - futex 4238 - futex_time64 4422 -+futex_waitv 4449 - futimesat 4292 - get_kernel_syms 4130 - get_mempolicy 4269 -@@ -203,6 +204,7 @@ madvise 4218 - mbind 4268 - membarrier 4358 - memfd_create 4354 -+memfd_secret - memory_ordering - migrate_pages 4287 - mincore 4217 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 4333 - perfctr --perfmonctl - personality 4136 - pidfd_getfd 4438 - pidfd_open 4434 -@@ -394,6 +395,7 @@ preadv 4330 - preadv2 4361 - prlimit64 4338 - process_madvise 4440 -+process_mrelease 4448 - process_vm_readv 4345 - process_vm_writev 4346 - pselect6 4301 -@@ -404,7 +406,7 @@ pwritev 4331 - pwritev2 4362 - query_module 4187 - quotactl 4131 --quotactl_path -+quotactl_fd 4443 - read 4003 - readahead 4223 - readdir 4089 -diff --git a/src/basic/syscalls-powerpc.txt b/src/basic/syscalls-powerpc.txt -index 3185562726..2f085161e1 100644 ---- a/src/basic/syscalls-powerpc.txt -+++ b/src/basic/syscalls-powerpc.txt -@@ -106,6 +106,7 @@ ftruncate 93 - ftruncate64 194 - futex 221 - futex_time64 422 -+futex_waitv 449 - futimesat 290 - get_kernel_syms 130 - get_mempolicy 260 -@@ -203,6 +204,7 @@ madvise 205 - mbind 259 - membarrier 365 - memfd_create 360 -+memfd_secret - memory_ordering - migrate_pages 258 - mincore 206 -@@ -374,7 +376,6 @@ pciconfig_read 198 - pciconfig_write 199 - perf_event_open 319 - perfctr --perfmonctl - personality 136 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 320 - preadv2 380 - prlimit64 325 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 351 - process_vm_writev 352 - pselect6 280 -@@ -404,7 +406,7 @@ pwritev 321 - pwritev2 381 - query_module 166 - quotactl 131 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 191 - readdir 89 -diff --git a/src/basic/syscalls-powerpc64.txt b/src/basic/syscalls-powerpc64.txt -index e940737781..85e53422ee 100644 ---- a/src/basic/syscalls-powerpc64.txt -+++ b/src/basic/syscalls-powerpc64.txt -@@ -106,6 +106,7 @@ ftruncate 93 - ftruncate64 - futex 221 - futex_time64 -+futex_waitv 449 - futimesat 290 - get_kernel_syms 130 - get_mempolicy 260 -@@ -203,6 +204,7 @@ madvise 205 - mbind 259 - membarrier 365 - memfd_create 360 -+memfd_secret - memory_ordering - migrate_pages 258 - mincore 206 -@@ -374,7 +376,6 @@ pciconfig_read 198 - pciconfig_write 199 - perf_event_open 319 - perfctr --perfmonctl - personality 136 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 320 - preadv2 380 - prlimit64 325 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 351 - process_vm_writev 352 - pselect6 280 -@@ -404,7 +406,7 @@ pwritev 321 - pwritev2 381 - query_module 166 - quotactl 131 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 191 - readdir 89 -diff --git a/src/basic/syscalls-riscv32.txt b/src/basic/syscalls-riscv32.txt -index 8fe0d5ea88..013e38189b 100644 ---- a/src/basic/syscalls-riscv32.txt -+++ b/src/basic/syscalls-riscv32.txt -@@ -40,7 +40,7 @@ clock_settime - clock_settime64 404 - clone 220 - clone2 --clone3 -+clone3 435 - close 57 - close_range 436 - connect 203 -@@ -106,6 +106,7 @@ ftruncate - ftruncate64 46 - futex - futex_time64 422 -+futex_waitv 449 - futimesat - get_kernel_syms - get_mempolicy 236 -@@ -203,6 +204,7 @@ madvise 233 - mbind 235 - membarrier 283 - memfd_create 279 -+memfd_secret - memory_ordering - migrate_pages 238 - mincore 232 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 241 - perfctr --perfmonctl - personality 92 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 69 - preadv2 286 - prlimit64 261 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 270 - process_vm_writev 271 - pselect6 -@@ -404,7 +406,7 @@ pwritev 70 - pwritev2 287 - query_module - quotactl 60 --quotactl_path -+quotactl_fd 443 - read 63 - readahead 213 - readdir -diff --git a/src/basic/syscalls-riscv64.txt b/src/basic/syscalls-riscv64.txt -index e021ea79b4..104a2d9dfa 100644 ---- a/src/basic/syscalls-riscv64.txt -+++ b/src/basic/syscalls-riscv64.txt -@@ -106,6 +106,7 @@ ftruncate 46 - ftruncate64 - futex 98 - futex_time64 -+futex_waitv 449 - futimesat - get_kernel_syms - get_mempolicy 236 -@@ -203,6 +204,7 @@ madvise 233 - mbind 235 - membarrier 283 - memfd_create 279 -+memfd_secret - memory_ordering - migrate_pages 238 - mincore 232 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 241 - perfctr --perfmonctl - personality 92 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 69 - preadv2 286 - prlimit64 261 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 270 - process_vm_writev 271 - pselect6 72 -@@ -404,7 +406,7 @@ pwritev 70 - pwritev2 287 - query_module - quotactl 60 --quotactl_path -+quotactl_fd 443 - read 63 - readahead 213 - readdir -diff --git a/src/basic/syscalls-s390.txt b/src/basic/syscalls-s390.txt -index 5d3b73e6c0..a25093c7be 100644 ---- a/src/basic/syscalls-s390.txt -+++ b/src/basic/syscalls-s390.txt -@@ -106,6 +106,7 @@ ftruncate 93 - ftruncate64 194 - futex 238 - futex_time64 422 -+futex_waitv 449 - futimesat 292 - get_kernel_syms 130 - get_mempolicy 269 -@@ -203,6 +204,7 @@ madvise 219 - mbind 268 - membarrier 356 - memfd_create 350 -+memfd_secret - memory_ordering - migrate_pages 287 - mincore 218 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 331 - perfctr --perfmonctl - personality 136 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 328 - preadv2 376 - prlimit64 334 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 340 - process_vm_writev 341 - pselect6 301 -@@ -404,7 +406,7 @@ pwritev 329 - pwritev2 377 - query_module 167 - quotactl 131 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 222 - readdir 89 -diff --git a/src/basic/syscalls-s390x.txt b/src/basic/syscalls-s390x.txt -index 62a2ea4fae..b4b798f9df 100644 ---- a/src/basic/syscalls-s390x.txt -+++ b/src/basic/syscalls-s390x.txt -@@ -106,6 +106,7 @@ ftruncate 93 - ftruncate64 - futex 238 - futex_time64 -+futex_waitv 449 - futimesat 292 - get_kernel_syms 130 - get_mempolicy 269 -@@ -203,6 +204,7 @@ madvise 219 - mbind 268 - membarrier 356 - memfd_create 350 -+memfd_secret - memory_ordering - migrate_pages 287 - mincore 218 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 331 - perfctr --perfmonctl - personality 136 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 328 - preadv2 376 - prlimit64 334 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 340 - process_vm_writev 341 - pselect6 301 -@@ -404,7 +406,7 @@ pwritev 329 - pwritev2 377 - query_module 167 - quotactl 131 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 222 - readdir 89 -diff --git a/src/basic/syscalls-sparc.txt b/src/basic/syscalls-sparc.txt -index fe41bf97e8..a382e75c24 100644 ---- a/src/basic/syscalls-sparc.txt -+++ b/src/basic/syscalls-sparc.txt -@@ -106,6 +106,7 @@ ftruncate 130 - ftruncate64 84 - futex 142 - futex_time64 422 -+futex_waitv 449 - futimesat 288 - get_kernel_syms 223 - get_mempolicy 304 -@@ -203,6 +204,7 @@ madvise 75 - mbind 303 - membarrier 351 - memfd_create 348 -+memfd_secret - memory_ordering - migrate_pages 302 - mincore 78 -@@ -374,7 +376,6 @@ pciconfig_read 148 - pciconfig_write 149 - perf_event_open 327 - perfctr 18 --perfmonctl - personality 191 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 324 - preadv2 358 - prlimit64 331 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 338 - process_vm_writev 339 - pselect6 297 -@@ -404,7 +406,7 @@ pwritev 325 - pwritev2 359 - query_module 184 - quotactl 165 --quotactl_path -+quotactl_fd 443 - read 3 - readahead 205 - readdir 204 -diff --git a/src/basic/syscalls-x86_64.txt b/src/basic/syscalls-x86_64.txt -index d2ac17ab46..5bc9c58a2a 100644 ---- a/src/basic/syscalls-x86_64.txt -+++ b/src/basic/syscalls-x86_64.txt -@@ -106,6 +106,7 @@ ftruncate 77 - ftruncate64 - futex 202 - futex_time64 -+futex_waitv 449 - futimesat 261 - get_kernel_syms 177 - get_mempolicy 239 -@@ -203,6 +204,7 @@ madvise 28 - mbind 237 - membarrier 324 - memfd_create 319 -+memfd_secret 447 - memory_ordering - migrate_pages 256 - mincore 27 -@@ -374,7 +376,6 @@ pciconfig_read - pciconfig_write - perf_event_open 298 - perfctr --perfmonctl - personality 135 - pidfd_getfd 438 - pidfd_open 434 -@@ -394,6 +395,7 @@ preadv 295 - preadv2 327 - prlimit64 302 - process_madvise 440 -+process_mrelease 448 - process_vm_readv 310 - process_vm_writev 311 - pselect6 270 -@@ -404,7 +406,7 @@ pwritev 296 - pwritev2 328 - query_module 178 - quotactl 179 --quotactl_path -+quotactl_fd 443 - read 0 - readahead 187 - readdir --- -2.33.0 - diff --git a/backport-sysext-refuse-empty-release-ID-to-avoid-triggering-a.patch b/backport-sysext-refuse-empty-release-ID-to-avoid-triggering-a.patch deleted file mode 100644 index fa24a29..0000000 --- a/backport-sysext-refuse-empty-release-ID-to-avoid-triggering-a.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 6100e1dded709f681aca0cf913095e2591a54e33 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 21 May 2022 03:03:21 +0900 -Subject: [PATCH] sysext: refuse empty release ID to avoid triggering assertion - -Otherwise, the assertion in extension_release_validate() will be -triggered. - -(cherry picked from commit 30e29edf4c0bb025aa7dc03c415b727fddf996ac) ---- - src/sysext/sysext.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c -index 60789e0f2c..4245bf1760 100644 ---- a/src/sysext/sysext.c -+++ b/src/sysext/sysext.c -@@ -483,6 +483,10 @@ static int merge_subprocess(Hashmap *images, const char *workspace) { - "SYSEXT_LEVEL", &host_os_release_sysext_level); - if (r < 0) - return log_error_errno(r, "Failed to acquire 'os-release' data of OS tree '%s': %m", empty_to_root(arg_root)); -+ if (isempty(host_os_release_id)) -+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), -+ "'ID' field not found or empty in 'os-release' data of OS tree '%s': %m", -+ empty_to_root(arg_root)); - - /* Let's now mount all images */ - HASHMAP_FOREACH(img, images) { --- -2.33.0 - diff --git a/backport-sysext-use-LO_FLAGS_PARTSCAN-when-opening-image.patch b/backport-sysext-use-LO_FLAGS_PARTSCAN-when-opening-image.patch deleted file mode 100644 index f5ca58d..0000000 --- a/backport-sysext-use-LO_FLAGS_PARTSCAN-when-opening-image.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 9370cf015e54e2201227c27271506e63ad8c3e1d Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Wed, 19 Jan 2022 00:27:45 +0000 -Subject: [PATCH] sysext: use LO_FLAGS_PARTSCAN when opening image - -Jan 17 12:34:59 myguest1 (sd-sysext)[486]: Device '/var/lib/extensions/myext.raw' is loopback block device with partition scanning turned off, please turn it on. - -Fixes https://github.com/systemd/systemd/issues/22146 - -(cherry picked from commit 70a5c6dce0872b3bb0a39be250adde86a0c8f35c) -(cherry picked from commit 4ef7122f3c3328aa01e1ed187a793e7b1595ee87) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9370cf015e54e2201227c27271506e63ad8c3e1d ---- - src/sysext/sysext.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c -index 572e4007fe..bcd87ab152 100644 ---- a/src/sysext/sysext.c -+++ b/src/sysext/sysext.c -@@ -2,6 +2,7 @@ - - #include - #include -+#include - #include - #include - -@@ -523,7 +524,11 @@ static int merge_subprocess(Hashmap *images, const char *workspace) { - if (verity_settings.data_path) - flags |= DISSECT_IMAGE_NO_PARTITION_TABLE; - -- r = loop_device_make_by_path(img->path, O_RDONLY, 0, &d); -+ r = loop_device_make_by_path( -+ img->path, -+ O_RDONLY, -+ FLAGS_SET(flags, DISSECT_IMAGE_NO_PARTITION_TABLE) ? 0 : LO_FLAGS_PARTSCAN, -+ &d); - if (r < 0) - return log_error_errno(r, "Failed to set up loopback device for %s: %m", img->path); - --- -2.33.0 - diff --git a/backport-systemctl-allow-set-property-to-be-called-with-a-glo.patch b/backport-systemctl-allow-set-property-to-be-called-with-a-glo.patch deleted file mode 100644 index 16b6a65..0000000 --- a/backport-systemctl-allow-set-property-to-be-called-with-a-glo.patch +++ /dev/null @@ -1,111 +0,0 @@ -From f8e994d928fc1636f7aefc6dd9ee8374c7cc63f3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Wed, 28 Jul 2021 12:57:10 +0200 -Subject: [PATCH] systemctl: allow set-property to be called with a glob - pattern -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -We call "systemctl set-property … Markers=+needs-restart" and this should -also work for globs, e.g. "user@*.service" or "syncthing@*.service". - -https://bugzilla.redhat.com/show_bug.cgi?id=1986258 -(cherry picked from commit 23a0ffa59f9cb26c4b016c9fd1a3a70da2607f61) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f8e994d928fc1636f7aefc6dd9ee8374c7cc63f3 ---- - src/systemctl/systemctl-set-property.c | 53 ++++++++++++++++---------- - 1 file changed, 33 insertions(+), 20 deletions(-) - -diff --git a/src/systemctl/systemctl-set-property.c b/src/systemctl/systemctl-set-property.c -index 183a7b6a8a..5739bac070 100644 ---- a/src/systemctl/systemctl-set-property.c -+++ b/src/systemctl/systemctl-set-property.c -@@ -6,33 +6,20 @@ - #include "systemctl-util.h" - #include "systemctl.h" - --int set_property(int argc, char *argv[], void *userdata) { -- _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; -+static int set_property_one(sd_bus *bus, const char *name, char **properties) { - _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; -- _cleanup_free_ char *n = NULL; -- UnitType t; -- sd_bus *bus; -+ _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; - int r; - -- r = acquire_bus(BUS_MANAGER, &bus); -- if (r < 0) -- return r; -- -- polkit_agent_open_maybe(); -- - r = bus_message_new_method_call(bus, &m, bus_systemd_mgr, "SetUnitProperties"); - if (r < 0) - return bus_log_create_error(r); - -- r = unit_name_mangle(argv[1], arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN, &n); -- if (r < 0) -- return log_error_errno(r, "Failed to mangle unit name: %m"); -- -- t = unit_name_to_type(n); -+ UnitType t = unit_name_to_type(name); - if (t < 0) -- return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid unit type: %s", n); -+ return log_error_errno(t, "Invalid unit type: %s", name); - -- r = sd_bus_message_append(m, "sb", n, arg_runtime); -+ r = sd_bus_message_append(m, "sb", name, arg_runtime); - if (r < 0) - return bus_log_create_error(r); - -@@ -40,7 +27,7 @@ int set_property(int argc, char *argv[], void *userdata) { - if (r < 0) - return bus_log_create_error(r); - -- r = bus_append_unit_property_assignment_many(m, t, strv_skip(argv, 2)); -+ r = bus_append_unit_property_assignment_many(m, t, properties); - if (r < 0) - return r; - -@@ -50,7 +37,33 @@ int set_property(int argc, char *argv[], void *userdata) { - - r = sd_bus_call(bus, m, 0, &error, NULL); - if (r < 0) -- return log_error_errno(r, "Failed to set unit properties on %s: %s", n, bus_error_message(&error, r)); -+ return log_error_errno(r, "Failed to set unit properties on %s: %s", -+ name, bus_error_message(&error, r)); - - return 0; - } -+ -+int set_property(int argc, char *argv[], void *userdata) { -+ sd_bus *bus; -+ _cleanup_strv_free_ char **names = NULL; -+ char **name; -+ int r, k; -+ -+ r = acquire_bus(BUS_MANAGER, &bus); -+ if (r < 0) -+ return r; -+ -+ polkit_agent_open_maybe(); -+ -+ r = expand_unit_names(bus, STRV_MAKE(argv[1]), NULL, &names, NULL); -+ if (r < 0) -+ return log_error_errno(r, "Failed to expand '%s' into names: %m", argv[1]); -+ -+ r = 0; -+ STRV_FOREACH(name, names) { -+ k = set_property_one(bus, *name, strv_skip(argv, 2)); -+ if (k < 0 && r >= 0) -+ r = k; -+ } -+ return r; -+} --- -2.33.0 - diff --git a/backport-systemctl-make-timestamp-affect-the-show-verb-as-wel.patch b/backport-systemctl-make-timestamp-affect-the-show-verb-as-wel.patch deleted file mode 100644 index f88beaa..0000000 --- a/backport-systemctl-make-timestamp-affect-the-show-verb-as-wel.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 99a6dc51727e6c26cf43566de481272773cb1a91 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Fri, 18 Feb 2022 23:09:18 +0100 -Subject: [PATCH] systemctl: make `--timestamp=` affect the `show` verb as well - -Currently the `--timestamp=` option has no effect on timestamps shown by -`systemctl show`, let's fix that. - -Spotted in #22567. - -Before: -``` -$ systemctl show --timestamp=us+utc systemd-journald | grep Timestamp= -ExecMainStartTimestamp=Sat 2021-12-11 15:25:57 CET -StateChangeTimestamp=Sat 2021-12-11 15:25:57 CET -InactiveExitTimestamp=Sat 2021-12-11 15:25:57 CET -ActiveEnterTimestamp=Sat 2021-12-11 15:25:57 CET -ActiveExitTimestamp=Sat 2021-12-11 15:25:57 CET -InactiveEnterTimestamp=Sat 2021-12-11 15:25:57 CET -ConditionTimestamp=Sat 2021-12-11 15:25:57 CET -AssertTimestamp=Sat 2021-12-11 15:25:57 CET -``` - -After: -``` -$ systemctl show --timestamp=us+utc systemd-journald | grep Timestamp= -ExecMainStartTimestamp=Sat 2021-12-11 14:25:57.177848 UTC -StateChangeTimestamp=Sat 2021-12-11 14:25:57.196714 UTC -InactiveExitTimestamp=Sat 2021-12-11 14:25:57.177871 UTC -ActiveEnterTimestamp=Sat 2021-12-11 14:25:57.196714 UTC -ActiveExitTimestamp=Sat 2021-12-11 14:25:57.144677 UTC -InactiveEnterTimestamp=Sat 2021-12-11 14:25:57.176331 UTC -ConditionTimestamp=Sat 2021-12-11 14:25:57.176980 UTC -AssertTimestamp=Sat 2021-12-11 14:25:57.176980 UTC - -``` - -(cherry picked from commit a59e5c625da5a6e0c46e493d55f2f4212e9457ca) -(cherry picked from commit e59c381e2321ae9e476c550d5a3d43a1fd0493ac) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/99a6dc51727e6c26cf43566de481272773cb1a91 ---- - src/systemctl/systemctl-show.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - -diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c -index dd99bc5323..5b6ee3c518 100644 ---- a/src/systemctl/systemctl-show.c -+++ b/src/systemctl/systemctl-show.c -@@ -1006,6 +1006,22 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m - } - break; - -+ case SD_BUS_TYPE_UINT64: -+ if (endswith(name, "Timestamp")) { -+ char timestamp_str[FORMAT_TIMESTAMP_MAX] = "n/a"; -+ uint64_t timestamp; -+ -+ r = sd_bus_message_read_basic(m, bus_type, ×tamp); -+ if (r < 0) -+ return r; -+ -+ (void) format_timestamp_style(timestamp_str, sizeof(timestamp_str), timestamp, arg_timestamp_style); -+ bus_print_property_value(name, expected_value, flags, timestamp_str); -+ -+ return 1; -+ } -+ break; -+ - case SD_BUS_TYPE_STRUCT: - - if (contents[0] == SD_BUS_TYPE_UINT32 && streq(name, "Job")) { --- -2.33.0 - diff --git a/backport-systemctl-only-fall-back-to-local-cgroup-display-if-.patch b/backport-systemctl-only-fall-back-to-local-cgroup-display-if-.patch deleted file mode 100644 index 49abf23..0000000 --- a/backport-systemctl-only-fall-back-to-local-cgroup-display-if-.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 08693ce568f0967046b669fcd99ba0939a1df86d Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 28 Oct 2021 16:47:40 +0200 -Subject: [PATCH] systemctl: only fall back to local cgroup display if we talk - to local systemd - -Otherwise we likely show rubbish because even in local containers we -nowadays have cgroup namespacing, hence we likely can't access the -cgroup tree from the host at the same place as inside the container. - -(cherry picked from commit 35ac0260db7b896604d156e9638ad15700083508) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/08693ce568f0967046b669fcd99ba0939a1df86d ---- - src/systemctl/systemctl-show.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c -index 290a501c52..dd99bc5323 100644 ---- a/src/systemctl/systemctl-show.c -+++ b/src/systemctl/systemctl-show.c -@@ -741,7 +741,7 @@ static void print_status_info( - c = 0; - - r = unit_show_processes(bus, i->id, i->control_group, prefix, c, get_output_flags(), &error); -- if (r == -EBADR) { -+ if (r == -EBADR && arg_transport == BUS_TRANSPORT_LOCAL) { - unsigned k = 0; - pid_t extra[2]; - --- -2.33.0 - diff --git a/backport-systemctl-pretty-print-ExtensionImages-property.patch b/backport-systemctl-pretty-print-ExtensionImages-property.patch deleted file mode 100644 index 9d51284..0000000 --- a/backport-systemctl-pretty-print-ExtensionImages-property.patch +++ /dev/null @@ -1,85 +0,0 @@ -From c4967b69610a75375cdcaafc9a9816ffddaeec38 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Tue, 26 Oct 2021 22:55:30 +0100 -Subject: [PATCH] systemctl: pretty-print ExtensionImages property - -Complex type, so without explicit support 'systemctl show' just prints [unprintable] - -(cherry picked from commit 60c16c5cf3458199646cbda9dfe7763b6ba8b62f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c4967b69610a75375cdcaafc9a9816ffddaeec38 ---- - src/systemctl/systemctl-show.c | 56 ++++++++++++++++++++++++++++++++++ - 1 file changed, 56 insertions(+) - -diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c -index 1f524626bf..3bc9fd4920 100644 ---- a/src/systemctl/systemctl-show.c -+++ b/src/systemctl/systemctl-show.c -@@ -1694,6 +1694,62 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m - - return 1; - -+ } else if (streq(name, "ExtensionImages")) { -+ _cleanup_free_ char *paths = NULL; -+ -+ r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(sba(ss))"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ for (;;) { -+ _cleanup_free_ char *str = NULL; -+ const char *source, *partition, *mount_options; -+ int ignore_enoent; -+ -+ r = sd_bus_message_enter_container(m, 'r', "sba(ss)"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ if (r == 0) -+ break; -+ -+ r = sd_bus_message_read(m, "sb", &source, &ignore_enoent); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ str = strjoin(ignore_enoent ? "-" : "", source); -+ if (!str) -+ return log_oom(); -+ -+ r = sd_bus_message_enter_container(m, 'a', "(ss)"); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ while ((r = sd_bus_message_read(m, "(ss)", &partition, &mount_options)) > 0) -+ if (!strextend_with_separator(&str, ":", partition, mount_options)) -+ return log_oom(); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ if (!strextend_with_separator(&paths, " ", str)) -+ return log_oom(); -+ -+ r = sd_bus_message_exit_container(m); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ r = sd_bus_message_exit_container(m); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ } -+ -+ r = sd_bus_message_exit_container(m); -+ if (r < 0) -+ return bus_log_parse_error(r); -+ -+ bus_print_property_value(name, expected_value, flags, paths); -+ -+ return 1; -+ - } else if (streq(name, "BPFProgram")) { - const char *a, *p; - --- -2.33.0 - diff --git a/backport-systemctl-show-error-when-help-for-unknown-unit-is-r.patch b/backport-systemctl-show-error-when-help-for-unknown-unit-is-r.patch deleted file mode 100644 index be21368..0000000 --- a/backport-systemctl-show-error-when-help-for-unknown-unit-is-r.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 486412ad3bba4f1306597302cf66cc4858126243 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 12 Jul 2021 12:32:39 +0200 -Subject: [PATCH] systemctl: show error when help for unknown unit is requested - -Fixes #20189. We would only log at debug level and return failure, which looks -like a noop for the user. - -('help' accepts multiple arguments and will show multiple concatenated man -pages in that case. Actually, it will also show multiple concatenated man pages -if the Documentation= setting lists multiple pages. I don't think it's very -terribly useful, but, meh, I don't think we can do much better. If a user -requests a help for a two services, one known and one unknown, there'll now be -a line in the output. It's not very user friendly, but not exactly wrong too.) - -(cherry picked from commit 75312ada5324d8adae3f3a0ed97f0acfc8b8bde5) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/486412ad3bba4f1306597302cf66cc4858126243 ---- - src/systemctl/systemctl-show.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c -index 470ff617d6..1f524626bf 100644 ---- a/src/systemctl/systemctl-show.c -+++ b/src/systemctl/systemctl-show.c -@@ -1915,7 +1915,7 @@ static int show_one( - return log_error_errno(r, "Failed to get properties: %s", bus_error_message(&error, r)); - - if (unit && streq_ptr(info.load_state, "not-found") && streq_ptr(info.active_state, "inactive")) { -- log_full(show_mode == SYSTEMCTL_SHOW_STATUS ? LOG_ERR : LOG_DEBUG, -+ log_full(show_mode == SYSTEMCTL_SHOW_PROPERTIES ? LOG_DEBUG : LOG_ERR, - "Unit %s could not be found.", unit); - - if (show_mode == SYSTEMCTL_SHOW_STATUS) --- -2.33.0 - diff --git a/backport-systemctl-small-fixes-for-MountImages-pretty-printin.patch b/backport-systemctl-small-fixes-for-MountImages-pretty-printin.patch deleted file mode 100644 index e6ca843..0000000 --- a/backport-systemctl-small-fixes-for-MountImages-pretty-printin.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 1f332abc9f82c653d40e5f3e42b761dca88d31ed Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Wed, 27 Oct 2021 11:17:02 +0100 -Subject: [PATCH] systemctl: small fixes for MountImages pretty printing - -(cherry picked from commit 8ec6108c0bdb5ab2e05bc20ab41ad6653805fd00) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/1f332abc9f82c653d40e5f3e42b761dca88d31ed ---- - src/systemctl/systemctl-show.c | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) - -diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c -index 3bc9fd4920..290a501c52 100644 ---- a/src/systemctl/systemctl-show.c -+++ b/src/systemctl/systemctl-show.c -@@ -1649,11 +1649,13 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m - - r = sd_bus_message_enter_container(m, 'r', "ssba(ss)"); - if (r < 0) -- return r; -+ return bus_log_parse_error(r); -+ if (r == 0) -+ break; - - r = sd_bus_message_read(m, "ssb", &source, &destination, &ignore_enoent); -- if (r <= 0) -- break; -+ if (r < 0) -+ return bus_log_parse_error(r); - - str = strjoin(ignore_enoent ? "-" : "", - source, -@@ -1664,27 +1666,25 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m - - r = sd_bus_message_enter_container(m, 'a', "(ss)"); - if (r < 0) -- return r; -+ return bus_log_parse_error(r); - - while ((r = sd_bus_message_read(m, "(ss)", &partition, &mount_options)) > 0) -- if (!strextend_with_separator(&str, ":", partition, ":", mount_options)) -+ if (!strextend_with_separator(&str, ":", partition, mount_options)) - return log_oom(); - if (r < 0) -- return r; -+ return bus_log_parse_error(r); - - if (!strextend_with_separator(&paths, " ", str)) - return log_oom(); - - r = sd_bus_message_exit_container(m); - if (r < 0) -- return r; -+ return bus_log_parse_error(r); - - r = sd_bus_message_exit_container(m); - if (r < 0) -- return r; -+ return bus_log_parse_error(r); - } -- if (r < 0) -- return bus_log_parse_error(r); - - r = sd_bus_message_exit_container(m); - if (r < 0) --- -2.33.0 - diff --git a/backport-systemd-analyze-parse-ip_filters_custom_egress-corre.patch b/backport-systemd-analyze-parse-ip_filters_custom_egress-corre.patch deleted file mode 100644 index 77dcb73..0000000 --- a/backport-systemd-analyze-parse-ip_filters_custom_egress-corre.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 2d8f28adf58c58d99c19da9d53c6c66a9b952ce4 Mon Sep 17 00:00:00 2001 -From: Maanya Goenka -Date: Tue, 10 Aug 2021 14:30:46 -0700 -Subject: [PATCH] systemd-analyze: parse ip_filters_custom_egress correctly - -Fixed bug in original assignment of security_info variable: ip_filters_custom_egress. - -(cherry picked from commit 3da57008e743643d45d3dc05eacac1a4623539a4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/2d8f28adf58c58d99c19da9d53c6c66a9b952ce4 ---- - src/analyze/analyze-security.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c -index f20606c17c..309e9a81b5 100644 ---- a/src/analyze/analyze-security.c -+++ b/src/analyze/analyze-security.c -@@ -1910,7 +1910,7 @@ static int property_read_ip_filters( - if (streq(member, "IPIngressFilterPath")) - info->ip_filters_custom_ingress = !strv_isempty(l); - else if (streq(member, "IPEgressFilterPath")) -- info->ip_filters_custom_ingress = !strv_isempty(l); -+ info->ip_filters_custom_egress = !strv_isempty(l); - - return 0; - } --- -2.33.0 - diff --git a/backport-systemd-run-ensure-error-logs-suggest-to-use-user-wh.patch b/backport-systemd-run-ensure-error-logs-suggest-to-use-user-wh.patch deleted file mode 100644 index 7f7b236..0000000 --- a/backport-systemd-run-ensure-error-logs-suggest-to-use-user-wh.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 8ece102d314cfe92aaa7a7afc853b6921da941c4 Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Thu, 30 Dec 2021 00:54:32 +0000 -Subject: [PATCH] systemd-run: ensure error logs suggest to use '--user' when - appropriate - -Before: - -$ systemd-run --service-type=notify --user false -Job for run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service failed because the control process exited with error code. -See "systemctl status run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" and "journalctl -xeu run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" for details. - -After: - -$ systemd-run --service-type=notify --user false -Job for run-r7791e380a7b6400ea01d6a0e5a458b23.service failed because the control process exited with error code. -See "systemctl --user status run-r7791e380a7b6400ea01d6a0e5a458b23.service" and "journalctl --user -xeu run-r7791e380a7b6400ea01d6a0e5a458b23.service" for details. - -Fixes https://github.com/systemd/systemd/issues/21933 - -(cherry picked from commit 466f2351bbb5c0fdc9f153e35506570e59b14c5f) -(cherry picked from commit b59615dc76cf82bd1fca301220ee0b7961cbcacd) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/8ece102d314cfe92aaa7a7afc853b6921da941c4 ---- - src/run/run.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/run/run.c b/src/run/run.c -index 9a7e1efaca..c858bf793d 100644 ---- a/src/run/run.c -+++ b/src/run/run.c -@@ -1228,7 +1228,7 @@ static int start_transient_service( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, arg_user ? STRV_MAKE_CONST("--user") : NULL); - if (r < 0) - return r; - } -@@ -1473,7 +1473,7 @@ static int start_transient_scope(sd_bus *bus) { - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, arg_user ? STRV_MAKE_CONST("--user") : NULL); - if (r < 0) - return r; - -@@ -1693,7 +1693,7 @@ static int start_transient_trigger( - if (r < 0) - return bus_log_parse_error(r); - -- r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); -+ r = bus_wait_for_jobs_one(w, object, arg_quiet, arg_user ? STRV_MAKE_CONST("--user") : NULL); - if (r < 0) - return r; - --- -2.33.0 - diff --git a/backport-sysusers-add-fsync-for-passwd-24324.patch b/backport-sysusers-add-fsync-for-passwd-24324.patch deleted file mode 100644 index be5bec5..0000000 --- a/backport-sysusers-add-fsync-for-passwd-24324.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 3982142116871b3eead4d5833d898f077e7942d4 Mon Sep 17 00:00:00 2001 -From: Avram Lubkin -Date: Tue, 16 Aug 2022 08:51:21 -0400 -Subject: [PATCH] sysusers: add fsync for passwd (#24324) - -https://github.com/systemd/systemd/pull/6636 added `fsync()` when -temporary shadow, group, and gshadow files are created, but it was -not added for passwd. As far as I can tell, this seems to have been -an oversight. I'm seeing real world issues where a blank /etc/passwd -file is being created if a machine loses power early in the boot process. - -(cherry picked from commit 19193b489841a7bcccda7122ac0849cf6efe59fd) -(cherry picked from commit 9f2f3911539c453037aecd51f875dfd75ed04113) -(cherry picked from commit 7ca021b87e92a4e775af22c04a2ab2bf404ae313) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/3982142116871b3eead4d5833d898f077e7942d4 ---- - src/sysusers/sysusers.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c -index 669efe4a1d..055eb6775e 100644 ---- a/src/sysusers/sysusers.c -+++ b/src/sysusers/sysusers.c -@@ -487,7 +487,7 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char - break; - } - -- r = fflush_and_check(passwd); -+ r = fflush_sync_and_check(passwd); - if (r < 0) - return log_debug_errno(r, "Failed to flush %s: %m", passwd_tmp); - --- -2.27.0 - diff --git a/backport-sysusers-use-filename-if-proc-is-not-mounted.patch b/backport-sysusers-use-filename-if-proc-is-not-mounted.patch deleted file mode 100644 index 8b5196f..0000000 --- a/backport-sysusers-use-filename-if-proc-is-not-mounted.patch +++ /dev/null @@ -1,34 +0,0 @@ -From f78a48840205339157b186b7c8e576a3c690f6d9 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 31 Dec 2021 00:11:01 +0900 -Subject: [PATCH] sysusers: use filename if /proc is not mounted - -During system install, /proc may not be mounted yet. - -Fixes RHBZ#2036217 (https://bugzilla.redhat.com/show_bug.cgi?id=2036217). - -(cherry picked from commit b78d7f246899687a1697cdcebe93d8512c5e7c4b) -(cherry picked from commit 747b4f1ff8aac3a1b800b0a7ac0edef4af34da70) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f78a48840205339157b186b7c8e576a3c690f6d9 ---- - src/sysusers/sysusers.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c -index a18634d254..669efe4a1d 100644 ---- a/src/sysusers/sysusers.c -+++ b/src/sysusers/sysusers.c -@@ -267,7 +267,7 @@ static int make_backup(const char *target, const char *x) { - - /* Copy over the access mask. Don't fail on chmod() or chown(). If it stays owned by us and/or - * unreadable by others, then it isn't too bad... */ -- r = fchmod_and_chown(fileno(dst), st.st_mode & 07777, st.st_uid, st.st_gid); -+ r = fchmod_and_chown_with_fallback(fileno(dst), dst_tmp, st.st_mode & 07777, st.st_uid, st.st_gid); - if (r < 0) - log_warning_errno(r, "Failed to change access mode or ownership of %s: %m", backup); - --- -2.33.0 - diff --git a/backport-temporarily-disable-test-seccomp.patch b/backport-temporarily-disable-test-seccomp.patch deleted file mode 100644 index 2aca221..0000000 --- a/backport-temporarily-disable-test-seccomp.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 03a991c00674787d649240adda11f2506f2fcedc Mon Sep 17 00:00:00 2001 -From: xujing -Date: Tue, 22 Feb 2022 20:33:40 +0800 -Subject: [PATCH] temporarily disable test-seccomp - ---- - src/test/test-seccomp.c | 23 +--------------------- - 1 file changed, 1 insertion(+), 22 deletions(-) - -diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c -index 023c4b6..8d23ab5 100644 ---- a/src/test/test-seccomp.c -+++ b/src/test/test-seccomp.c -@@ -1154,26 +1154,5 @@ static void test_restrict_suid_sgid(void) { - } - - int main(int argc, char *argv[]) { -- test_setup_logging(LOG_DEBUG); -- -- test_parse_syscall_and_errno(); -- test_seccomp_arch_to_string(); -- test_architecture_table(); -- test_syscall_filter_set_find(); -- test_filter_sets(); -- test_filter_sets_ordered(); -- test_restrict_namespace(); -- test_protect_sysctl(); -- test_protect_syslog(); -- test_restrict_address_families(); -- test_restrict_realtime(); -- test_memory_deny_write_execute_mmap(); -- test_memory_deny_write_execute_shmat(); -- test_restrict_archs(); -- test_load_syscall_filter_set_raw(); -- test_native_syscalls_filtered(); -- test_lock_personality(); -- test_restrict_suid_sgid(); -- -- return 0; -+ return 77; - } --- -2.30.0 diff --git a/backport-test-Check-that-native-architecture-is-always-filter.patch b/backport-test-Check-that-native-architecture-is-always-filter.patch deleted file mode 100644 index e031198..0000000 --- a/backport-test-Check-that-native-architecture-is-always-filter.patch +++ /dev/null @@ -1,95 +0,0 @@ -From ef92d7fc97a543d2b7e0730f2b78d8ef2a91959c Mon Sep 17 00:00:00 2001 -From: Benjamin Berg -Date: Fri, 17 Sep 2021 14:00:39 +0200 -Subject: [PATCH] test: Check that "native" architecture is always filtered - -(cherry picked from commit 08bf703cc1511817cdf67543c3b166dc8831ba8c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ef92d7fc97a543d2b7e0730f2b78d8ef2a91959c ---- - src/test/test-seccomp.c | 61 +++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 61 insertions(+) - -diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c -index 023c4b6e0e..dc3088d4b0 100644 ---- a/src/test/test-seccomp.c -+++ b/src/test/test-seccomp.c -@@ -890,6 +890,66 @@ static void test_load_syscall_filter_set_raw(void) { - assert_se(wait_for_terminate_and_check("syscallrawseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); - } - -+static void test_native_syscalls_filtered(void) { -+ pid_t pid; -+ -+ log_info("/* %s */", __func__); -+ -+ if (!is_seccomp_available()) { -+ log_notice("Seccomp not available, skipping %s", __func__); -+ return; -+ } -+ if (!have_seccomp_privs()) { -+ log_notice("Not privileged, skipping %s", __func__); -+ return; -+ } -+ -+ pid = fork(); -+ assert_se(pid >= 0); -+ -+ if (pid == 0) { -+ _cleanup_set_free_ Set *arch_s = NULL; -+ _cleanup_hashmap_free_ Hashmap *s = NULL; -+ -+ /* Passing "native" or an empty set is equivalent, just do both here. */ -+ assert_se(arch_s = set_new(NULL)); -+ assert_se(seccomp_restrict_archs(arch_s) >= 0); -+ assert_se(set_put(arch_s, SCMP_ARCH_NATIVE) >= 0); -+ assert_se(seccomp_restrict_archs(arch_s) >= 0); -+ -+ assert_se(access("/", F_OK) >= 0); -+ assert_se(poll(NULL, 0, 0) == 0); -+ -+ assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, NULL, scmp_act_kill_process(), true) >= 0); -+ assert_se(access("/", F_OK) >= 0); -+ assert_se(poll(NULL, 0, 0) == 0); -+ -+ assert_se(s = hashmap_new(NULL)); -+#if defined __NR_access && __NR_access >= 0 -+ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0); -+ log_debug("has access()"); -+#endif -+#if defined __NR_faccessat && __NR_faccessat >= 0 -+ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0); -+ log_debug("has faccessat()"); -+#endif -+#if defined __NR_faccessat2 && __NR_faccessat2 >= 0 -+ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat2 + 1), INT_TO_PTR(-1)) >= 0); -+ log_debug("has faccessat2()"); -+#endif -+ -+ assert_se(!hashmap_isempty(s)); -+ assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUCLEAN), true) >= 0); -+ -+ assert_se(access("/", F_OK) < 0); -+ assert_se(errno == EUCLEAN); -+ -+ _exit(EXIT_SUCCESS); -+ } -+ -+ assert_se(wait_for_terminate_and_check("nativeseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); -+} -+ - static void test_lock_personality(void) { - unsigned long current; - pid_t pid; -@@ -1171,6 +1231,7 @@ int main(int argc, char *argv[]) { - test_memory_deny_write_execute_shmat(); - test_restrict_archs(); - test_load_syscall_filter_set_raw(); -+ test_native_syscalls_filtered(); - test_lock_personality(); - test_restrict_suid_sgid(); - --- -2.33.0 - diff --git a/backport-test-add-test-case-for-sysv-generator-and-invalid-de.patch b/backport-test-add-test-case-for-sysv-generator-and-invalid-de.patch deleted file mode 100644 index c6dbd62..0000000 --- a/backport-test-add-test-case-for-sysv-generator-and-invalid-de.patch +++ /dev/null @@ -1,210 +0,0 @@ -From 5f882cc3ab32636d9242effb2cefad20d92d2ec2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 15 Nov 2022 21:52:19 +0900 -Subject: [PATCH] test: add test case for sysv-generator and invalid dependency - ---- - test/units/assert.sh | 58 +++++++++++++++++++ - test/units/testsuite-26.sh | 116 ++++++++++++++++++++++++++++++++++++- - 2 files changed, 172 insertions(+), 2 deletions(-) - create mode 100755 test/units/assert.sh - -diff --git a/test/units/assert.sh b/test/units/assert.sh -new file mode 100755 -index 0000000..2f4d93a ---- /dev/null -+++ b/test/units/assert.sh -@@ -0,0 +1,58 @@ -+#!/usr/bin/env bash -+# SPDX-License-Identifier: LGPL-2.1-or-later -+ -+# utility functions for shell tests -+ -+assert_true() {( -+ set +ex -+ -+ local rc -+ -+ "$@" -+ rc=$? -+ if [[ $rc -ne 0 ]]; then -+ echo "FAIL: command '$*' failed with exit code $rc" >&2 -+ exit 1 -+ fi -+)} -+ -+ -+assert_eq() {( -+ set +ex -+ -+ if [[ "${1?}" != "${2?}" ]]; then -+ echo "FAIL: expected: '$2' actual: '$1'" >&2 -+ exit 1 -+ fi -+)} -+ -+assert_in() {( -+ set +ex -+ -+ if ! [[ "${2?}" =~ ${1?} ]]; then -+ echo "FAIL: '$1' not found in:" >&2 -+ echo "$2" >&2 -+ exit 1 -+ fi -+)} -+ -+assert_not_in() {( -+ set +ex -+ -+ if [[ "${2?}" =~ ${1?} ]]; then -+ echo "FAIL: '$1' found in:" >&2 -+ echo "$2" >&2 -+ exit 1 -+ fi -+)} -+ -+assert_rc() {( -+ set +ex -+ -+ local rc exp="${1?}" -+ -+ shift -+ "$@" -+ rc=$? -+ assert_eq "$rc" "$exp" -+)} -diff --git a/test/units/testsuite-26.sh b/test/units/testsuite-26.sh -index 7982099..fe6b63b 100755 ---- a/test/units/testsuite-26.sh -+++ b/test/units/testsuite-26.sh -@@ -2,6 +2,11 @@ - set -eux - set -o pipefail - -+# shellcheck source=test/units/assert.sh -+. "$(dirname "$0")"/assert.sh -+ -+: >/failed -+ - # Make sure PATH is set - systemctl show-environment | grep -q '^PATH=' - -@@ -26,6 +31,113 @@ systemctl show-environment | grep '^FOO=$' && exit 1 - systemctl show-environment | grep '^PATH=.*testaddition$' && exit 1 - systemctl show-environment | grep -q '^PATH=' - --echo OK >/testok -+# test for sysv-generator (issue #24990) -+if [[ -x /usr/lib/systemd/system-generators/systemd-sysv-generator ]]; then -+ # This is configurable via -Dsysvinit-path=, but we can't get the value -+ # at runtime, so let's just support the two most common paths for now. -+ [[ -d /etc/rc.d/init.d ]] && SYSVINIT_PATH="/etc/rc.d/init.d" || SYSVINIT_PATH="/etc/init.d" -+ -+ # invalid dependency -+ cat >"${SYSVINIT_PATH:?}/issue-24990" <<\EOF -+#!/bin/bash -+ -+### BEGIN INIT INFO -+# Provides:test1 test2 -+# Required-Start:test1 $remote_fs $network -+# Required-Stop:test1 $remote_fs $network -+# Description:Test -+# Short-Description: Test -+### END INIT INFO -+ -+case "$1" in -+ start) -+ echo "Starting issue-24990.service" -+ sleep 1000 & -+ ;; -+ stop) -+ echo "Stopping issue-24990.service" -+ sleep 10 & -+ ;; -+ *) -+ echo "Usage: service test {start|stop|restart|status}" -+ ;; -+esac -+EOF -+ -+ chmod +x "$SYSVINIT_PATH/issue-24990" -+ systemctl daemon-reload -+ [[ -L /run/systemd/generator.late/test1.service ]] -+ [[ -L /run/systemd/generator.late/test2.service ]] -+ assert_eq "$(readlink -f /run/systemd/generator.late/test1.service)" "/run/systemd/generator.late/issue-24990.service" -+ assert_eq "$(readlink -f /run/systemd/generator.late/test2.service)" "/run/systemd/generator.late/issue-24990.service" -+ output=$(systemctl cat issue-24990) -+ assert_in "SourcePath=$SYSVINIT_PATH/issue-24990" "$output" -+ assert_in "Description=LSB: Test" "$output" -+ assert_in "After=test1.service" "$output" -+ assert_in "After=remote-fs.target" "$output" -+ assert_in "After=network-online.target" "$output" -+ assert_in "Wants=network-online.target" "$output" -+ assert_in "ExecStart=$SYSVINIT_PATH/issue-24990 start" "$output" -+ assert_in "ExecStop=$SYSVINIT_PATH/issue-24990 stop" "$output" -+ systemctl status issue-24990 || : -+ systemctl show issue-24990 -+ assert_not_in "issue-24990.service" "$(systemctl show --property=After --value)" -+ assert_not_in "issue-24990.service" "$(systemctl show --property=Before --value)" -+ -+ if ! systemctl is-active network-online.target; then -+ systemctl start network-online.target -+ fi -+ -+ systemctl restart issue-24990 -+ systemctl stop issue-24990 -+ -+ # valid dependency -+ cat >"$SYSVINIT_PATH/issue-24990" <<\EOF -+#!/bin/bash -+ -+### BEGIN INIT INFO -+# Provides:test1 test2 -+# Required-Start:$remote_fs -+# Required-Stop:$remote_fs -+# Description:Test -+# Short-Description: Test -+### END INIT INFO -+ -+case "$1" in -+ start) -+ echo "Starting issue-24990.service" -+ sleep 1000 & -+ ;; -+ stop) -+ echo "Stopping issue-24990.service" -+ sleep 10 & -+ ;; -+ *) -+ echo "Usage: service test {start|stop|restart|status}" -+ ;; -+esac -+EOF -+ -+ chmod +x "$SYSVINIT_PATH/issue-24990" -+ systemctl daemon-reload -+ [[ -L /run/systemd/generator.late/test1.service ]] -+ [[ -L /run/systemd/generator.late/test2.service ]] -+ assert_eq "$(readlink -f /run/systemd/generator.late/test1.service)" "/run/systemd/generator.late/issue-24990.service" -+ assert_eq "$(readlink -f /run/systemd/generator.late/test2.service)" "/run/systemd/generator.late/issue-24990.service" -+ output=$(systemctl cat issue-24990) -+ assert_in "SourcePath=$SYSVINIT_PATH/issue-24990" "$output" -+ assert_in "Description=LSB: Test" "$output" -+ assert_in "After=remote-fs.target" "$output" -+ assert_in "ExecStart=$SYSVINIT_PATH/issue-24990 start" "$output" -+ assert_in "ExecStop=$SYSVINIT_PATH/issue-24990 stop" "$output" -+ systemctl status issue-24990 || : -+ systemctl show issue-24990 -+ assert_not_in "issue-24990.service" "$(systemctl show --property=After --value)" -+ assert_not_in "issue-24990.service" "$(systemctl show --property=Before --value)" -+ -+ systemctl restart issue-24990 -+ systemctl stop issue-24990 -+fi - --exit 0 -+touch /testok -+rm /failed --- -2.27.0 - diff --git a/backport-test-add-tests-for-reading-unaligned-data.patch b/backport-test-add-tests-for-reading-unaligned-data.patch deleted file mode 100644 index ed29eb8..0000000 --- a/backport-test-add-tests-for-reading-unaligned-data.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 61ca9b34258e4786d9a8e68b9b28c4e794a65d1f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 28 Sep 2021 00:48:59 +0900 -Subject: [PATCH] test: add tests for reading unaligned data - -(cherry picked from commit e620104956dff64244c0e73e86c3138c0b13b875) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/61ca9b34258e4786d9a8e68b9b28c4e794a65d1f ---- - src/libsystemd-network/test-dhcp6-client.c | 29 ++++++++++++++++------ - 1 file changed, 21 insertions(+), 8 deletions(-) - -diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c -index 5d1f709f11..b22297dcd5 100644 ---- a/src/libsystemd-network/test-dhcp6-client.c -+++ b/src/libsystemd-network/test-dhcp6-client.c -@@ -156,7 +156,7 @@ static int test_parse_domain(sd_event *e) { - - static int test_option(sd_event *e) { - uint8_t packet[] = { -- 'F', 'O', 'O', -+ 'F', 'O', 'O', 'H', 'O', 'G', 'E', - 0x00, SD_DHCP6_OPTION_ORO, 0x00, 0x07, - 'A', 'B', 'C', 'D', 'E', 'F', 'G', - 0x00, SD_DHCP6_OPTION_VENDOR_CLASS, 0x00, 0x09, -@@ -164,12 +164,13 @@ static int test_option(sd_event *e) { - 'B', 'A', 'R', - }; - uint8_t result[] = { -- 'F', 'O', 'O', -+ 'F', 'O', 'O', 'H', 'O', 'G', 'E', - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 'B', 'A', 'R', - }; -+ _cleanup_free_ uint8_t *buf = NULL; - size_t offset, pos, optlen, outlen = sizeof(result); - const uint8_t *optval; - uint16_t optcode; -@@ -185,16 +186,28 @@ static int test_option(sd_event *e) { - offset = 3; - assert_se(dhcp6_option_parse(packet, 0, &offset, &optcode, &optlen, &optval) == -EBADMSG); - -- offset = 3; -+ /* Tests for reading unaligned data. */ -+ assert_se(buf = new(uint8_t, sizeof(packet))); -+ for (size_t i = 0; i <= 7; i++) { -+ memcpy(buf, packet + i, sizeof(packet) - i); -+ offset = 7 - i; -+ assert_se(dhcp6_option_parse(buf, sizeof(packet), &offset, &optcode, &optlen, &optval) >= 0); -+ -+ assert_se(optcode == SD_DHCP6_OPTION_ORO); -+ assert_se(optlen == 7); -+ assert_se(optval == buf + 11 - i); -+ } -+ -+ offset = 7; - assert_se(dhcp6_option_parse(packet, sizeof(packet), &offset, &optcode, &optlen, &optval) >= 0); - - assert_se(optcode == SD_DHCP6_OPTION_ORO); - assert_se(optlen == 7); -- assert_se(optval == packet + 7); -+ assert_se(optval == packet + 11); - -- pos = 3; -- outlen -= 3; -- out = &result[3]; -+ pos = 7; -+ outlen -= 7; -+ out = &result[pos]; - - assert_se(dhcp6_option_append(&out, &outlen, optcode, optlen, optval) >= 0); - -@@ -206,7 +219,7 @@ static int test_option(sd_event *e) { - - assert_se(optcode == SD_DHCP6_OPTION_VENDOR_CLASS); - assert_se(optlen == 9); -- assert_se(optval == packet + 18); -+ assert_se(optval == packet + 22); - - assert_se(dhcp6_option_append(&out, &outlen, optcode, optlen, optval) >= 0); - --- -2.33.0 - diff --git a/backport-test-cover-initrd-sysroot-transition-in-TEST-24.patch b/backport-test-cover-initrd-sysroot-transition-in-TEST-24.patch deleted file mode 100644 index 36080c7..0000000 --- a/backport-test-cover-initrd-sysroot-transition-in-TEST-24.patch +++ /dev/null @@ -1,113 +0,0 @@ -From 1fb7f8e15e19fbe61230b70203b0c35fca54f0a0 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 25 May 2022 17:39:14 +0200 -Subject: [PATCH] test: cover initrd->sysroot transition in TEST-24 - -This should cover cases regarding devices with `OPTIONS+="db_persist"` -during initrd->sysroot transition. - -See: - * https://github.com/systemd/systemd/issues/23429 - * https://github.com/systemd/systemd/pull/23218 - * https://github.com/systemd/systemd/pull/23489 - * https://bugzilla.redhat.com/show_bug.cgi?id=2087225 ---- - test/TEST-24-CRYPTSETUP/test.sh | 61 ++++++++++++++++----------------- - 1 file changed, 29 insertions(+), 32 deletions(-) - -diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh -index 2c13126..a52848b 100755 ---- a/test/TEST-24-CRYPTSETUP/test.sh -+++ b/test/TEST-24-CRYPTSETUP/test.sh -@@ -9,6 +9,13 @@ TEST_FORCE_NEWIMAGE=1 - # shellcheck source=test/test-functions - . "${TEST_BASE_DIR:?}/test-functions" - -+PART_UUID="deadbeef-dead-dead-beef-000000000000" -+DM_NAME="test24_varcrypt" -+# Mount the keyfile only in initrd (hence rd.luks.key), since it resides on -+# the rootfs and we would get a (harmless) error when trying to mount it after -+# switching root (since rootfs is already mounted) -+KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME rd.luks.key=$PART_UUID=/etc/varkey:LABEL=systemd_boot" -+ - check_result_qemu() { - local ret=1 - -@@ -16,12 +23,12 @@ check_result_qemu() { - [[ -e "${initdir:?}/testok" ]] && ret=0 - [[ -f "$initdir/failed" ]] && cp -a "$initdir/failed" "${TESTDIR:?}" - -- cryptsetup luksOpen "${LOOPDEV:?}p2" varcrypt <"$TESTDIR/keyfile" -- mount /dev/mapper/varcrypt "$initdir/var" -+ cryptsetup luksOpen "${LOOPDEV:?}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile" -+ mount "/dev/mapper/$DM_NAME" "$initdir/var" - save_journal "$initdir/var/log/journal" - _umount_dir "$initdir/var" - _umount_dir "$initdir" -- cryptsetup luksClose /dev/mapper/varcrypt -+ cryptsetup luksClose "/dev/mapper/$DM_NAME" - - [[ -f "$TESTDIR/failed" ]] && cat "$TESTDIR/failed" - echo "${JOURNAL_LIST:-No journals were saved}" -@@ -34,39 +41,29 @@ test_create_image() { - create_empty_image_rootdir - - echo -n test >"${TESTDIR:?}/keyfile" -- cryptsetup -q luksFormat --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile" -- cryptsetup luksOpen "${LOOPDEV}p2" varcrypt <"$TESTDIR/keyfile" -- mkfs.ext4 -L var /dev/mapper/varcrypt -+ cryptsetup -q luksFormat --uuid="$PART_UUID" --pbkdf pbkdf2 --pbkdf-force-iterations 1000 "${LOOPDEV:?}p2" "$TESTDIR/keyfile" -+ cryptsetup luksOpen "${LOOPDEV}p2" "${DM_NAME:?}" <"$TESTDIR/keyfile" -+ mkfs.ext4 -L var "/dev/mapper/$DM_NAME" - mkdir -p "${initdir:?}/var" -- mount /dev/mapper/varcrypt "$initdir/var" -- -- # Create what will eventually be our root filesystem onto an overlay -- ( -- LOG_LEVEL=5 -- # shellcheck source=/dev/null -- source <(udevadm info --export --query=env --name=/dev/mapper/varcrypt) -- # shellcheck source=/dev/null -- source <(udevadm info --export --query=env --name="${LOOPDEV}p2") -- -- setup_basic_environment -- mask_supporting_services -- -- install_dmevent -- generate_module_dependencies -- cat >"$initdir/etc/crypttab" <"$initdir/etc/varkey" -- ddebug <"$initdir/etc/crypttab" -+ mount "/dev/mapper/$DM_NAME" "$initdir/var" -+ -+ LOG_LEVEL=5 -+ -+ setup_basic_environment -+ mask_supporting_services -+ -+ install_dmevent -+ generate_module_dependencies -+ -+ echo -n test >"$initdir/etc/varkey" - -- cat >>"$initdir/etc/fstab" <>"$initdir/etc/fstab" <> "$initdir/etc/systemd/journald.conf" -- ) -+ # Forward journal messages to the console, so we have something -+ # to investigate even if we fail to mount the encrypted /var -+ echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf" - } - - cleanup_root_var() { --- -2.33.0 - diff --git a/backport-test-do-not-use-alloca-in-function-call.patch b/backport-test-do-not-use-alloca-in-function-call.patch deleted file mode 100644 index 3cf5457..0000000 --- a/backport-test-do-not-use-alloca-in-function-call.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 5f326b0388d4b0a7fcab8cedca255e93a6e311f4 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 24 Oct 2021 00:16:57 +0900 -Subject: [PATCH] test: do not use alloca() in function call - -(cherry picked from commit 4150584e63562616e16242f7b1016c0e642fb59e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5f326b0388d4b0a7fcab8cedca255e93a6e311f4 ---- - src/test/test-path.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/test/test-path.c b/src/test/test-path.c -index 490fb136a7..88457d177f 100644 ---- a/src/test/test-path.c -+++ b/src/test/test-path.c -@@ -306,7 +306,7 @@ static void test_path_unit(Manager *m) { - } - - static void test_path_directorynotempty(Manager *m) { -- const char *test_path = "/tmp/test-path_directorynotempty/"; -+ const char *test_file, *test_path = "/tmp/test-path_directorynotempty/"; - Unit *unit = NULL; - Path *path = NULL; - Service *service = NULL; -@@ -328,7 +328,8 @@ static void test_path_directorynotempty(Manager *m) { - assert_se(access(test_path, F_OK) < 0); - - assert_se(mkdir_p(test_path, 0755) >= 0); -- assert_se(touch(strjoina(test_path, "test_file")) >= 0); -+ test_file = strjoina(test_path, "test_file"); -+ assert_se(touch(test_file) >= 0); - if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0) - return; - --- -2.33.0 - diff --git a/backport-test-fileio-test-read_virtual_file-with-more-files-f.patch b/backport-test-fileio-test-read_virtual_file-with-more-files-f.patch deleted file mode 100644 index c1b9121..0000000 --- a/backport-test-fileio-test-read_virtual_file-with-more-files-f.patch +++ /dev/null @@ -1,53 +0,0 @@ -From dd6cb364bcc58b390671d4ee2ed7b30f4a5dced8 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 16 Sep 2021 11:31:52 +0200 -Subject: [PATCH] test-fileio: test read_virtual_file() with more files from - /proc - -i.e. let's pick some files we know are too large, or where struct stat's -.st_size is zero even though non-empty, and test read_virtual_file() -with that, to ensure things are handled sensibly. Goal is to ensure all -three major codepaths in read_virtual_file() are tested. - -Prompted-by: #20743 -(cherry picked from commit f3b751220bb842ce22a4f607d817f481f0961d40) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/dd6cb364bcc58b390671d4ee2ed7b30f4a5dced8 ---- - src/test/test-fileio.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c -index 321b544448..c8d5bf6914 100644 ---- a/src/test/test-fileio.c -+++ b/src/test/test-fileio.c -@@ -1028,7 +1028,11 @@ static void test_read_virtual_file(size_t max_size) { - FOREACH_STRING(filename, - "/proc/1/cmdline", - "/etc/nsswitch.conf", -- "/sys/kernel/uevent_seqnum") { -+ "/sys/kernel/uevent_seqnum", -+ "/proc/kcore", -+ "/proc/kallsyms", -+ "/proc/self/exe", -+ "/proc/self/pagemap") { - - _cleanup_free_ char *buf = NULL; - size_t size = 0; -@@ -1036,7 +1040,11 @@ static void test_read_virtual_file(size_t max_size) { - r = read_virtual_file(filename, max_size, &buf, &size); - if (r < 0) { - log_info_errno(r, "read_virtual_file(\"%s\", %zu): %m", filename, max_size); -- assert_se(ERRNO_IS_PRIVILEGE(r) || r == -ENOENT); -+ assert_se(ERRNO_IS_PRIVILEGE(r) || /* /proc/kcore is not accessible to unpriv */ -+ IN_SET(r, -+ -ENOENT, /* Some of the files might be absent */ -+ -EINVAL, /* too small reads from /proc/self/pagemap trigger EINVAL */ -+ -EFBIG)); /* /proc/kcore and /proc/self/pagemap should be too large */ - } else - log_info("read_virtual_file(\"%s\", %zu): %s (%zu bytes)", filename, max_size, r ? "non-truncated" : "truncated", size); - } --- -2.33.0 - diff --git a/backport-test-fix-file-descriptor-leak-in-test-catalog.patch b/backport-test-fix-file-descriptor-leak-in-test-catalog.patch deleted file mode 100644 index cb8f7b0..0000000 --- a/backport-test-fix-file-descriptor-leak-in-test-catalog.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 4ad43ef47147039b63a1a86c08087c7ced97d10c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 22 Feb 2022 21:11:51 +0900 -Subject: [PATCH] test: fix file descriptor leak in test-catalog - -Fixes an issue reported in #22576. - -(cherry picked from commit 62d4b3b36e9aba9e605ba042a75c374155b6e18b) -(cherry picked from commit 92b86911c0c877e6b61d06dfe3ad20046e10d8e8) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4ad43ef47147039b63a1a86c08087c7ced97d10c ---- - src/libsystemd/sd-journal/test-catalog.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-journal/test-catalog.c b/src/libsystemd/sd-journal/test-catalog.c -index 316c3b1634..ad06221175 100644 ---- a/src/libsystemd/sd-journal/test-catalog.c -+++ b/src/libsystemd/sd-journal/test-catalog.c -@@ -196,6 +196,7 @@ static void test_catalog_file_lang(void) { - - int main(int argc, char *argv[]) { - _cleanup_(unlink_tempfilep) char database[] = "/tmp/test-catalog.XXXXXX"; -+ _cleanup_close_ int fd = -1; - _cleanup_free_ char *text = NULL; - int r; - -@@ -218,7 +219,7 @@ int main(int argc, char *argv[]) { - test_catalog_import_merge(); - test_catalog_import_merge_no_body(); - -- assert_se(mkostemp_safe(database) >= 0); -+ assert_se((fd = mkostemp_safe(database)) >= 0); - - test_catalog_update(database); - --- -2.33.0 - diff --git a/backport-test-fix-file-descriptor-leak-in-test-fs-util.patch b/backport-test-fix-file-descriptor-leak-in-test-fs-util.patch deleted file mode 100644 index f9e1cd1..0000000 --- a/backport-test-fix-file-descriptor-leak-in-test-fs-util.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 4a247759a008f0a80f03a80c78efcde2e23e5ae5 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 22 Feb 2022 21:42:22 +0900 -Subject: [PATCH] test: fix file descriptor leak in test-fs-util - -Fixes an issue reported in #22576. - -(cherry picked from commit 19962747ca86a25e7102c536380bb2e9d7cfee9a) -(cherry picked from commit cfe1cd0a066b29e5508b4a2c388fd919fd5e0c9f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4a247759a008f0a80f03a80c78efcde2e23e5ae5 ---- - src/test/test-fs-util.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c -index a24558f25b..98ce3d96ef 100644 ---- a/src/test/test-fs-util.c -+++ b/src/test/test-fs-util.c -@@ -27,10 +27,11 @@ static const char *arg_test_dir = NULL; - - static void test_chase_symlinks(void) { - _cleanup_free_ char *result = NULL; -+ _cleanup_close_ int pfd = -1; - char *temp; - const char *top, *p, *pslash, *q, *qslash; - struct stat st; -- int r, pfd; -+ int r; - - log_info("/* %s */", __func__); - -@@ -318,6 +319,7 @@ static void test_chase_symlinks(void) { - assert_se(fstat(pfd, &st) >= 0); - assert_se(S_ISLNK(st.st_mode)); - result = mfree(result); -+ pfd = safe_close(pfd); - - /* s1 -> s2 -> nonexistent */ - q = strjoina(temp, "/s1"); -@@ -331,6 +333,7 @@ static void test_chase_symlinks(void) { - assert_se(fstat(pfd, &st) >= 0); - assert_se(S_ISLNK(st.st_mode)); - result = mfree(result); -+ pfd = safe_close(pfd); - - /* Test CHASE_STEP */ - --- -2.33.0 - diff --git a/backport-test-fix-file-descriptor-leak-in-test-oomd-util.patch b/backport-test-fix-file-descriptor-leak-in-test-oomd-util.patch deleted file mode 100644 index 7cb7219..0000000 --- a/backport-test-fix-file-descriptor-leak-in-test-oomd-util.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 95def20d81c030e36046770f55840191ff98c91a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 22 Feb 2022 21:38:15 +0900 -Subject: [PATCH] test: fix file descriptor leak in test-oomd-util - -Fixes an issue reported in #22576. - -(cherry picked from commit 282696ce52471f5e3c963b9d98dbc89fba3a1fba) -(cherry picked from commit 55ec995341e6a2d554bc69a1eddb097d21d8084f) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/95def20d81c030e36046770f55840191ff98c91a ---- - src/oom/test-oomd-util.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c -index a152387a26..2c2ee114b1 100644 ---- a/src/oom/test-oomd-util.c -+++ b/src/oom/test-oomd-util.c -@@ -5,6 +5,7 @@ - #include "alloc-util.h" - #include "cgroup-setup.h" - #include "cgroup-util.h" -+#include "fd-util.h" - #include "fileio.h" - #include "fs-util.h" - #include "oomd-util.h" -@@ -13,6 +14,7 @@ - #include "string-util.h" - #include "strv.h" - #include "tests.h" -+#include "tmpfile-util.h" - - static int fork_and_sleep(unsigned sleep_min) { - usec_t n, timeout, ts; -@@ -244,12 +246,13 @@ static void test_oomd_update_cgroup_contexts_between_hashmaps(void) { - - static void test_oomd_system_context_acquire(void) { - _cleanup_(unlink_tempfilep) char path[] = "/oomdgetsysctxtestXXXXXX"; -+ _cleanup_close_ int fd = -1; - OomdSystemContext ctx; - - if (geteuid() != 0) - return (void) log_tests_skipped("not root"); - -- assert_se(mkstemp(path)); -+ assert_se((fd = mkostemp_safe(path)) >= 0); - - assert_se(oomd_system_context_acquire("/verylikelynonexistentpath", &ctx) == -ENOENT); - --- -2.33.0 - diff --git a/backport-test-fix-file-descriptor-leak-in-test-psi-util.patch b/backport-test-fix-file-descriptor-leak-in-test-psi-util.patch deleted file mode 100644 index 5d6bcb9..0000000 --- a/backport-test-fix-file-descriptor-leak-in-test-psi-util.patch +++ /dev/null @@ -1,47 +0,0 @@ -From eb760f4875afd75c433961c0a9bf00b1883e5d35 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 22 Feb 2022 21:46:41 +0900 -Subject: [PATCH] test: fix file descriptor leak in test-psi-util - -Fixes an issue reported in #22576. - -(cherry picked from commit be99883e131ef422f8278ec1d099520996a78bb0) -(cherry picked from commit 81d3e2abff5f4234e06ceb6590d0c9939d8d97b4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/eb760f4875afd75c433961c0a9bf00b1883e5d35 ---- - src/test/test-psi-util.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/test/test-psi-util.c b/src/test/test-psi-util.c -index c636cf255b..026f6aa1ab 100644 ---- a/src/test/test-psi-util.c -+++ b/src/test/test-psi-util.c -@@ -3,19 +3,22 @@ - #include - - #include "alloc-util.h" -+#include "fd-util.h" - #include "fileio.h" - #include "fs-util.h" - #include "psi-util.h" - #include "tests.h" -+#include "tmpfile-util.h" - - static void test_read_mem_pressure(void) { - _cleanup_(unlink_tempfilep) char path[] = "/tmp/pressurereadtestXXXXXX"; -+ _cleanup_close_ int fd = -1; - ResourcePressure rp; - - if (geteuid() != 0) - return (void) log_tests_skipped("not root"); - -- assert_se(mkstemp(path)); -+ assert_se((fd = mkostemp_safe(path)) >= 0); - - assert_se(read_resource_pressure("/verylikelynonexistentpath", PRESSURE_TYPE_SOME, &rp) < 0); - assert_se(read_resource_pressure(path, PRESSURE_TYPE_SOME, &rp) < 0); --- -2.33.0 - diff --git a/backport-test-fix-file-descriptor-leak-in-test-tmpfiles.c.patch b/backport-test-fix-file-descriptor-leak-in-test-tmpfiles.c.patch deleted file mode 100644 index cdcf73b..0000000 --- a/backport-test-fix-file-descriptor-leak-in-test-tmpfiles.c.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 40e43b290473aac1737f64b84194c5fc6b8210cf Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 22 Feb 2022 21:44:58 +0900 -Subject: [PATCH] test: fix file descriptor leak in test-tmpfiles.c - -Also fixes a typo in assertion. - -Fixes an issure reported in #22576. - -(cherry picked from commit 1da5325d19dee654326e5fa2f61262e5e0a40fff) -(cherry picked from commit d9189c31117e159f7bae9233863aa88a02159e14) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/40e43b290473aac1737f64b84194c5fc6b8210cf ---- - src/test/test-tmpfiles.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/test/test-tmpfiles.c b/src/test/test-tmpfiles.c -index 4c3389af8c..0ac2b7f599 100644 ---- a/src/test/test-tmpfiles.c -+++ b/src/test/test-tmpfiles.c -@@ -37,7 +37,7 @@ int main(int argc, char** argv) { - assert_se(endswith(ans, " (deleted)")); - - fd2 = mkostemp_safe(pattern); -- assert_se(fd >= 0); -+ assert_se(fd2 >= 0); - assert_se(unlink(pattern) == 0); - - assert_se(asprintf(&cmd2, "ls -l /proc/"PID_FMT"/fd/%d", getpid_cached(), fd2) > 0); -@@ -49,6 +49,7 @@ int main(int argc, char** argv) { - pattern = strjoina(p, "/tmpfiles-test"); - assert_se(tempfn_random(pattern, NULL, &d) >= 0); - -+ fd = safe_close(fd); - fd = open_tmpfile_linkable(d, O_RDWR|O_CLOEXEC, &tmp); - assert_se(fd >= 0); - assert_se(write(fd, "foobar\n", 7) == 7); --- -2.33.0 - diff --git a/backport-test-generate-a-custom-initrd-for-TEST-24-if-INITRD-.patch b/backport-test-generate-a-custom-initrd-for-TEST-24-if-INITRD-.patch deleted file mode 100644 index 82412cc..0000000 --- a/backport-test-generate-a-custom-initrd-for-TEST-24-if-INITRD-.patch +++ /dev/null @@ -1,66 +0,0 @@ -From b22d90e59438481b421b1eb2449e6efdfb7f2118 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Thu, 26 May 2022 13:19:11 +0200 -Subject: [PATCH] test: generate a custom initrd for TEST-24 if $INITRD is - unset - -Co-Authored-By: Yu Watanabe ---- - test/TEST-24-CRYPTSETUP/test.sh | 24 ++++++++++++++++++++++++ - test/test-functions | 5 +++++ - 2 files changed, 29 insertions(+) - -diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh -index a52848b..c18f4aa 100755 ---- a/test/TEST-24-CRYPTSETUP/test.sh -+++ b/test/TEST-24-CRYPTSETUP/test.sh -@@ -64,6 +64,30 @@ EOF - # Forward journal messages to the console, so we have something - # to investigate even if we fail to mount the encrypted /var - echo ForwardToConsole=yes >> "$initdir/etc/systemd/journald.conf" -+ -+ # If $INITRD wasn't provided explicitly, generate a custom one with dm-crypt -+ # support -+ if [[ -z "$INITRD" ]]; then -+ INITRD="${TESTDIR:?}/initrd.img" -+ dinfo "Generating a custom initrd with dm-crypt support in '${INITRD:?}'" -+ -+ if command -v dracut >/dev/null; then -+ dracut --force --verbose --add crypt "$INITRD" -+ elif command -v mkinitcpio >/dev/null; then -+ mkinitcpio --addhooks sd-encrypt --generate "$INITRD" -+ elif command -v mkinitramfs >/dev/null; then -+ # The cryptroot hook is provided by the cryptsetup-initramfs package -+ if ! dpkg-query -s cryptsetup-initramfs; then -+ derror "Missing 'cryptsetup-initramfs' package for dm-crypt support in initrd" -+ return 1 -+ fi -+ -+ mkinitramfs -o "$INITRD" -+ else -+ dfatal "Unrecognized initrd generator, can't continue" -+ return 1 -+ fi -+ fi - } - - cleanup_root_var() { -diff --git a/test/test-functions b/test/test-functions -index bef87ca..0239bbc 100644 ---- a/test/test-functions -+++ b/test/test-functions -@@ -325,6 +325,11 @@ qemu_min_version() { - # Return 0 if QEMU did run (then you must check the result state/logs for actual - # success), or 1 if QEMU is not available. - run_qemu() { -+ # If the test provided its own initrd, use it (e.g. TEST-24) -+ if [[ -z "$INITRD" && -f "${TESTDIR:?}/initrd.img" ]]; then -+ INITRD="$TESTDIR/initrd.img" -+ fi -+ - if [ -f /etc/machine-id ]; then - read -r MACHINE_ID -Date: Fri, 26 Nov 2021 09:40:51 +0100 -Subject: [PATCH] test-journal-flush: allow testing against specific files -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - ->=0 → ==0 because sd_journal_open* are documented to return 0. - -(cherry picked from commit 0fa167cd58b5a4ffe16a332131df70bf77edddbe) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bb29932a4172810357597175a62cb4c8cbd1087c ---- - src/libsystemd/sd-journal/test-journal-flush.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd/sd-journal/test-journal-flush.c b/src/libsystemd/sd-journal/test-journal-flush.c -index dad277dd66..aa814225dd 100644 ---- a/src/libsystemd/sd-journal/test-journal-flush.c -+++ b/src/libsystemd/sd-journal/test-journal-flush.c -@@ -29,8 +29,11 @@ int main(int argc, char *argv[]) { - r = journal_file_open(-1, fn, O_CREAT|O_RDWR, 0644, false, 0, false, NULL, NULL, NULL, NULL, &new_journal); - assert_se(r >= 0); - -- r = sd_journal_open(&j, 0); -- assert_se(r >= 0); -+ if (argc > 1) -+ r = sd_journal_open_files(&j, (const char **) strv_skip(argv, 1), 0); -+ else -+ r = sd_journal_open(&j, 0); -+ assert_se(r == 0); - - sd_journal_set_data_threshold(j, 0); - --- -2.33.0 - diff --git a/backport-test-journal-flush-do-not-croak-on-corrupted-input-f.patch b/backport-test-journal-flush-do-not-croak-on-corrupted-input-f.patch deleted file mode 100644 index 4e3edc6..0000000 --- a/backport-test-journal-flush-do-not-croak-on-corrupted-input-f.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 0d98afa9548873669531fb3f8aa0f1ab56455411 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 26 Nov 2021 09:46:02 +0100 -Subject: [PATCH] test-journal-flush: do not croak on corrupted input files - -We would fail if the input file was corrupted: -build/test-journal-flush ./system@0005b7dac334f805-0021aca076ae5c5e.journal\~ -journal_file_copy_entry failed: Bad message -Assertion 'r >= 0' failed at src/libsystemd/sd-journal/test-journal-flush.c:55, function main(). Aborting. -[1] 619472 IOT instruction (core dumped) build/test-journal-flush ./system@0005b7dac334f805-0021aca076ae5c5e.journal\~ - -Let's skip some "reasonable" errors. - -Fixes #17963. - -(cherry picked from commit b4046d55570ff0e23d16f7e2912e7ef0a55b25d8) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/0d98afa9548873669531fb3f8aa0f1ab56455411 ---- - src/libsystemd/sd-journal/test-journal-flush.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/libsystemd/sd-journal/test-journal-flush.c b/src/libsystemd/sd-journal/test-journal-flush.c -index aa814225dd..c6fb65791e 100644 ---- a/src/libsystemd/sd-journal/test-journal-flush.c -+++ b/src/libsystemd/sd-journal/test-journal-flush.c -@@ -51,8 +51,11 @@ int main(int argc, char *argv[]) { - - r = journal_file_copy_entry(f, new_journal, o, f->current_offset); - if (r < 0) -- log_error_errno(r, "journal_file_copy_entry failed: %m"); -- assert_se(r >= 0); -+ log_warning_errno(r, "journal_file_copy_entry failed: %m"); -+ assert_se(r >= 0 || -+ IN_SET(r, -EBADMSG, /* corrupted file */ -+ -EPROTONOSUPPORT, /* unsupported compression */ -+ -EIO)); /* file rotated */ - - if (++n >= 10000) - break; --- -2.33.0 - diff --git a/backport-test-journal-send-close-fd-opend-by-syslog.patch b/backport-test-journal-send-close-fd-opend-by-syslog.patch deleted file mode 100644 index 9ca6330..0000000 --- a/backport-test-journal-send-close-fd-opend-by-syslog.patch +++ /dev/null @@ -1,34 +0,0 @@ -From e1cc12ee2ba089bc126764be509b6b0ed8e8a68b Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 23 Feb 2022 01:52:29 +0900 -Subject: [PATCH] test-journal-send: close fd opend by syslog() - -Fixes an issue reported in #22576. - -(cherry picked from commit 9048a6ccf3bd4f6794fc1ac9a838e1a0bfbcabf1) -(cherry picked from commit 4d24a369908f9915757632fa196deda14c172f9e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e1cc12ee2ba089bc126764be509b6b0ed8e8a68b ---- - src/libsystemd/sd-journal/test-journal-send.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/libsystemd/sd-journal/test-journal-send.c b/src/libsystemd/sd-journal/test-journal-send.c -index 75bd8e7b85..b6644e65c1 100644 ---- a/src/libsystemd/sd-journal/test-journal-send.c -+++ b/src/libsystemd/sd-journal/test-journal-send.c -@@ -90,6 +90,10 @@ static void test_journal_send(void) { - assert_se(sd_journal_sendv(graph2, 1) == 0); - assert_se(sd_journal_sendv(message1, 1) == 0); - assert_se(sd_journal_sendv(message2, 1) == 0); -+ -+ /* The above syslog() opens a fd which is stored in libc, and the valgrind reports the fd is -+ * leaked when we do not call closelog(). */ -+ closelog(); - } - - int main(int argc, char *argv[]) { --- -2.33.0 - diff --git a/backport-test-oomd-util-fix-conditional-jump-on-uninitialised.patch b/backport-test-oomd-util-fix-conditional-jump-on-uninitialised.patch deleted file mode 100644 index 544a1f6..0000000 --- a/backport-test-oomd-util-fix-conditional-jump-on-uninitialised.patch +++ /dev/null @@ -1,32 +0,0 @@ -From bb0bb8afe78c699a1334fdd7df78d71427596d2e Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 22 Feb 2022 20:23:58 +0900 -Subject: [PATCH] test-oomd-util: fix conditional jump on uninitialised value - -Fixes #22577. - -(cherry picked from commit a6d6a51d83fae32212e1780e71b16517a4df9a57) -(cherry picked from commit b10cc2de7dc6ac8d7d72d576100dd3a37ddb588a) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/bb0bb8afe78c699a1334fdd7df78d71427596d2e ---- - src/oom/test-oomd-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c -index 02034c1293..a152387a26 100644 ---- a/src/oom/test-oomd-util.c -+++ b/src/oom/test-oomd-util.c -@@ -283,7 +283,7 @@ static void test_oomd_system_context_acquire(void) { - static void test_oomd_pressure_above(void) { - _cleanup_hashmap_free_ Hashmap *h1 = NULL, *h2 = NULL; - _cleanup_set_free_ Set *t1 = NULL, *t2 = NULL, *t3 = NULL; -- OomdCGroupContext ctx[2], *c; -+ OomdCGroupContext ctx[2] = {}, *c; - loadavg_t threshold; - - assert_se(store_loadavg_fixed_point(80, 0, &threshold) == 0); --- -2.33.0 - diff --git a/backport-test-oomd-util-skip-tests-if-cgroup-memory-controlle.patch b/backport-test-oomd-util-skip-tests-if-cgroup-memory-controlle.patch deleted file mode 100644 index 51ab682..0000000 --- a/backport-test-oomd-util-skip-tests-if-cgroup-memory-controlle.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 38787a985396277058a20ac0c6f66fd1377d0737 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 11 Sep 2021 20:37:50 +0900 -Subject: [PATCH] test-oomd-util: skip tests if cgroup memory controller is not - available - -Fixes #20593 and #20655. - -(cherry picked from commit 8b2e22579a6549ab8423858819703fc142862bcb) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/38787a985396277058a20ac0c6f66fd1377d0737 ---- - src/oom/test-oomd-util.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c -index 776c65820e..29f2c54ab1 100644 ---- a/src/oom/test-oomd-util.c -+++ b/src/oom/test-oomd-util.c -@@ -90,6 +90,7 @@ static void test_oomd_cgroup_context_acquire_and_insert(void) { - _cleanup_free_ char *cgroup = NULL; - ManagedOOMPreference root_pref; - OomdCGroupContext *c1, *c2; -+ CGroupMask mask; - bool test_xattrs; - int root_xattrs, r; - -@@ -102,6 +103,11 @@ static void test_oomd_cgroup_context_acquire_and_insert(void) { - if (cg_all_unified() <= 0) - return (void) log_tests_skipped("cgroups are not running in unified mode"); - -+ assert_se(cg_mask_supported(&mask) >= 0); -+ -+ if (!FLAGS_SET(mask, CGROUP_MASK_MEMORY)) -+ return (void) log_tests_skipped("cgroup memory controller is not available"); -+ - assert_se(cg_pid_get_path(NULL, 0, &cgroup) >= 0); - - /* If we don't have permissions to set xattrs we're likely in a userns or missing capabilities --- -2.33.0 - diff --git a/backport-test-oomd-util-style-fixlets.patch b/backport-test-oomd-util-style-fixlets.patch deleted file mode 100644 index 55f80c2..0000000 --- a/backport-test-oomd-util-style-fixlets.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 76b5fae410a2434e8fadab07700d1480566e8ddd Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 22 Feb 2022 20:21:45 +0900 -Subject: [PATCH] test-oomd-util: style fixlets - -(cherry picked from commit d9fe39b24a0a5464c83c7a754752ca21dbd2578f) -(cherry picked from commit 1343c2efd5401aa52f7790fff4ad7e2d70173f01) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/76b5fae410a2434e8fadab07700d1480566e8ddd ---- - src/oom/test-oomd-util.c | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c -index 29f2c54ab1..02034c1293 100644 ---- a/src/oom/test-oomd-util.c -+++ b/src/oom/test-oomd-util.c -@@ -300,12 +300,11 @@ static void test_oomd_pressure_above(void) { - assert_se(store_loadavg_fixed_point(1, 11, &(ctx[1].memory_pressure.avg300)) == 0); - ctx[1].mem_pressure_limit = threshold; - -- - /* High memory pressure */ - assert_se(h1 = hashmap_new(&string_hash_ops)); - assert_se(hashmap_put(h1, "/herp.slice", &ctx[0]) >= 0); - assert_se(oomd_pressure_above(h1, 0 /* duration */, &t1) == 1); -- assert_se(set_contains(t1, &ctx[0]) == true); -+ assert_se(set_contains(t1, &ctx[0])); - assert_se(c = hashmap_get(h1, "/herp.slice")); - assert_se(c->mem_pressure_limit_hit_start > 0); - -@@ -313,14 +312,14 @@ static void test_oomd_pressure_above(void) { - assert_se(h2 = hashmap_new(&string_hash_ops)); - assert_se(hashmap_put(h2, "/derp.slice", &ctx[1]) >= 0); - assert_se(oomd_pressure_above(h2, 0 /* duration */, &t2) == 0); -- assert_se(t2 == NULL); -+ assert_se(!t2); - assert_se(c = hashmap_get(h2, "/derp.slice")); - assert_se(c->mem_pressure_limit_hit_start == 0); - - /* High memory pressure w/ multiple cgroups */ - assert_se(hashmap_put(h1, "/derp.slice", &ctx[1]) >= 0); - assert_se(oomd_pressure_above(h1, 0 /* duration */, &t3) == 1); -- assert_se(set_contains(t3, &ctx[0]) == true); -+ assert_se(set_contains(t3, &ctx[0])); - assert_se(set_size(t3) == 1); - assert_se(c = hashmap_get(h1, "/herp.slice")); - assert_se(c->mem_pressure_limit_hit_start > 0); --- -2.33.0 - diff --git a/backport-test-store-the-key-on-a-separate-device.patch b/backport-test-store-the-key-on-a-separate-device.patch deleted file mode 100644 index 8272b45..0000000 --- a/backport-test-store-the-key-on-a-separate-device.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 6b70d3cf81088ee9226cd691bbccc4ebf4764065 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Thu, 26 May 2022 14:52:52 +0200 -Subject: [PATCH] test: store the key on a separate device - ---- - test/TEST-24-CRYPTSETUP/test.sh | 14 +++++++++----- - 1 file changed, 9 insertions(+), 5 deletions(-) - -diff --git a/test/TEST-24-CRYPTSETUP/test.sh b/test/TEST-24-CRYPTSETUP/test.sh -index bdf630d912..b81b811654 100755 ---- a/test/TEST-24-CRYPTSETUP/test.sh -+++ b/test/TEST-24-CRYPTSETUP/test.sh -@@ -12,10 +12,8 @@ TEST_FORCE_NEWIMAGE=1 - - PART_UUID="deadbeef-dead-dead-beef-000000000000" - DM_NAME="test24_varcrypt" --# Mount the keyfile only in initrd (hence rd.luks.key), since it resides on --# the rootfs and we would get a (harmless) error when trying to mount it after --# switching root (since rootfs is already mounted) --KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME rd.luks.key=$PART_UUID=/etc/varkey:LABEL=systemd_boot" -+KERNEL_APPEND+=" rd.luks=1 luks.name=$PART_UUID=$DM_NAME luks.key=$PART_UUID=/keyfile:LABEL=varcrypt_keydev" -+QEMU_OPTIONS+=" -drive format=raw,cache=unsafe,file=${STATEDIR:?}/keydev.img" - - check_result_qemu() { - local ret=1 -@@ -57,7 +55,13 @@ test_create_image() { - install_dmevent - generate_module_dependencies - -- echo -n test >"$initdir/etc/varkey" -+ # Create a keydev -+ dd if=/dev/zero of="${STATEDIR:?}/keydev.img" bs=1M count=16 -+ mkfs.ext4 -L varcrypt_keydev "$STATEDIR/keydev.img" -+ mkdir -p "$STATEDIR/keydev" -+ mount "$STATEDIR/keydev.img" "$STATEDIR/keydev" -+ echo -n test >"$STATEDIR/keydev/keyfile" -+ umount "$STATEDIR/keydev" - - cat >>"$initdir/etc/fstab" < -Date: Thu, 30 Sep 2021 14:14:19 +0200 -Subject: [PATCH] test: use a less restrictive portable profile when running w/ - sanitizers - -Since f833df3 we now actually use the seccomp rules defined in portable -profiles. However, the default one is too restrictive for sanitizers, as -it blocks certain syscall required by LSan. Mitigate this by using the -'trusted' profile when running TEST-29-PORTABLE under sanitizers. - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9dbdd33ffa824934962ebe61d03a9f727a1c416c ---- - test/units/testsuite-29.sh | 21 ++++++++++++++------- - 1 file changed, 14 insertions(+), 7 deletions(-) - -diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh -index 3408e6d71a..549fc2663c 100755 ---- a/test/units/testsuite-29.sh -+++ b/test/units/testsuite-29.sh -@@ -4,9 +4,16 @@ - set -eux - set -o pipefail - -+ARGS=() -+if [[ -v ASAN_OPTIONS || -v UBSAN_OPTIONS ]]; then -+ # If we're running under sanitizers, we need to use a less restrictive -+ # profile, otherwise LSan syscall would get blocked by seccomp -+ ARGS+=(--profile=trusted) -+fi -+ - export SYSTEMD_LOG_LEVEL=debug - --portablectl attach --now --runtime /usr/share/minimal_0.raw app0 -+portablectl "${ARGS[@]}" attach --now --runtime /usr/share/minimal_0.raw app0 - - systemctl is-active app0.service - systemctl is-active app0-foo.service -@@ -16,7 +23,7 @@ systemctl is-active app0-bar.service && exit 1 - set -e - set -o pipefail - --portablectl reattach --now --runtime /usr/share/minimal_1.raw app0 -+portablectl "${ARGS[@]}" reattach --now --runtime /usr/share/minimal_1.raw app0 - - systemctl is-active app0.service - systemctl is-active app0-bar.service -@@ -37,7 +44,7 @@ portablectl list | grep -q -F "No images." - unsquashfs -dest /tmp/minimal_0 /usr/share/minimal_0.raw - unsquashfs -dest /tmp/minimal_1 /usr/share/minimal_1.raw - --portablectl attach --copy=symlink --now --runtime /tmp/minimal_0 app0 -+portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/minimal_0 app0 - - systemctl is-active app0.service - systemctl is-active app0-foo.service -@@ -47,7 +54,7 @@ systemctl is-active app0-bar.service && exit 1 - set -e - set -o pipefail - --portablectl reattach --now --enable --runtime /tmp/minimal_1 app0 -+portablectl "${ARGS[@]}" reattach --now --enable --runtime /tmp/minimal_1 app0 - - systemctl is-active app0.service - systemctl is-active app0-bar.service -@@ -66,11 +73,11 @@ portablectl list | grep -q -F "No images." - root="/usr/share/minimal_0.raw" - app1="/usr/share/app1.raw" - --portablectl attach --now --runtime --extension ${app1} ${root} app1 -+portablectl "${ARGS[@]}" attach --now --runtime --extension ${app1} ${root} app1 - - systemctl is-active app1.service - --portablectl reattach --now --runtime --extension ${app1} ${root} app1 -+portablectl "${ARGS[@]}" reattach --now --runtime --extension ${app1} ${root} app1 - - systemctl is-active app1.service - -@@ -83,7 +90,7 @@ mount ${app1} /tmp/app1 - mount ${root} /tmp/rootdir - mount -t overlay overlay -o lowerdir=/tmp/app1:/tmp/rootdir /tmp/overlay - --portablectl attach --copy=symlink --now --runtime /tmp/overlay app1 -+portablectl "${ARGS[@]}" attach --copy=symlink --now --runtime /tmp/overlay app1 - - systemctl is-active app1.service - --- -2.33.0 - diff --git a/backport-test-watchdog-mark-as-unsafe.patch b/backport-test-watchdog-mark-as-unsafe.patch deleted file mode 100644 index 7012938..0000000 --- a/backport-test-watchdog-mark-as-unsafe.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 7f7ad0e691eb2a05e7f319be8d098af760258dcd Mon Sep 17 00:00:00 2001 -From: Mike Gilbert -Date: Tue, 4 Jan 2022 23:43:10 -0500 -Subject: [PATCH] test-watchdog: mark as unsafe - -If something goes wrong with this test it may result in an unsafe -system restart. Let's avoid running it automatically. - -See https://github.com/systemd/systemd/issues/22001. - -(cherry picked from commit 70652c2a6fa9c06c7faac62f41c72e2e4eaa9340) -(cherry picked from commit 4c0ed19c520a8944f68f613edc3acbd0471dcc81) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7f7ad0e691eb2a05e7f319be8d098af760258dcd ---- - src/test/meson.build | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/test/meson.build b/src/test/meson.build -index 64dbb82002..a327a1f8f9 100644 ---- a/src/test/meson.build -+++ b/src/test/meson.build -@@ -521,7 +521,8 @@ tests += [ - [], - core_includes, '', 'manual'], - -- [['src/test/test-watchdog.c']], -+ [['src/test/test-watchdog.c'], -+ [], [], [], '', 'unsafe'], - - [['src/test/test-sched-prio.c'], - [libcore, --- -2.33.0 - diff --git a/backport-tests-add-test-case-for-UMask-BindPaths-combination.patch b/backport-tests-add-test-case-for-UMask-BindPaths-combination.patch deleted file mode 100644 index 463c48d..0000000 --- a/backport-tests-add-test-case-for-UMask-BindPaths-combination.patch +++ /dev/null @@ -1,61 +0,0 @@ -From ae53f4b5e48860b473c4d05958486a77f84ecc6d Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 12 Nov 2021 13:41:59 +0100 -Subject: [PATCH] tests: add test case for UMask=+BindPaths= combination - -Inspired by the test case described in #19899 - -(cherry picked from commit 875afa02fabe1dad5aa3d1e9bff89d493a369fd0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ae53f4b5e48860b473c4d05958486a77f84ecc6d ---- - src/test/test-execute.c | 5 +++++ - test/test-execute/exec-umask-namespace.service | 12 ++++++++++++ - 2 files changed, 17 insertions(+) - create mode 100644 test/test-execute/exec-umask-namespace.service - -diff --git a/src/test/test-execute.c b/src/test/test-execute.c -index 1119ad4acf..88e1b30095 100644 ---- a/src/test/test-execute.c -+++ b/src/test/test-execute.c -@@ -828,6 +828,10 @@ static void test_exec_condition(Manager *m) { - test_service(m, "exec-condition-skip.service", SERVICE_SKIP_CONDITION); - } - -+static void test_exec_umask_namespace(Manager *m) { -+ test(m, "exec-umask-namespace.service", can_unshare ? 0 : EXIT_NAMESPACE, CLD_EXITED); -+} -+ - typedef struct test_entry { - test_function_t f; - const char *name; -@@ -904,6 +908,7 @@ int main(int argc, char *argv[]) { - entry(test_exec_dynamicuser), - entry(test_exec_specifier), - entry(test_exec_systemcallfilter_system), -+ entry(test_exec_umask_namespace), - {}, - }; - int r; -diff --git a/test/test-execute/exec-umask-namespace.service b/test/test-execute/exec-umask-namespace.service -new file mode 100644 -index 0000000000..8419c86c9a ---- /dev/null -+++ b/test/test-execute/exec-umask-namespace.service -@@ -0,0 +1,12 @@ -+# SPDX-License-Identifier: LGPL-2.1-or-later -+[Unit] -+Description=Test for UMask= + namespacing -+ -+[Service] -+ExecStart=/bin/ls -lahd /tmp/subdir -+Type=oneshot -+User=65534 -+Group=65534 -+TemporaryFileSystem=/tmp:ro -+BindPaths=/etc:/tmp/subdir/subsub -+UMask=0007 --- -2.33.0 - diff --git a/backport-timedatectl-fix-a-memory-leak.patch b/backport-timedatectl-fix-a-memory-leak.patch deleted file mode 100644 index ec1ad78..0000000 --- a/backport-timedatectl-fix-a-memory-leak.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 71d2356edffafe8c40797c64f6fb82a8885d1da9 Mon Sep 17 00:00:00 2001 -From: Evgeny Vereshchagin -Date: Wed, 4 May 2022 11:35:19 +0000 -Subject: [PATCH] timedatectl: fix a memory leak - -``` -timedatectl list-timezones --no-pager -... -==164329==ERROR: LeakSanitizer: detected memory leaks - -Direct leak of 8192 byte(s) in 1 object(s) allocated from: - #0 0x7fe8a74b6f8c in reallocarray (/lib64/libasan.so.6+0xaef8c) - #1 0x7fe8a63485dc in strv_push ../src/basic/strv.c:419 - #2 0x7fe8a6349419 in strv_consume ../src/basic/strv.c:490 - #3 0x7fe8a634958d in strv_extend ../src/basic/strv.c:542 - #4 0x7fe8a643d787 in bus_message_read_strv_extend ../src/libsystemd/sd-bus/bus-message.c:5606 - #5 0x7fe8a643db9d in sd_bus_message_read_strv ../src/libsystemd/sd-bus/bus-message.c:5628 - #6 0x4085fb in list_timezones ../src/timedate/timedatectl.c:314 - #7 0x7fe8a61ef3e1 in dispatch_verb ../src/shared/verbs.c:103 - #8 0x410f91 in timedatectl_main ../src/timedate/timedatectl.c:1025 - #9 0x41111c in run ../src/timedate/timedatectl.c:1043 - #10 0x411242 in main ../src/timedate/timedatectl.c:1046 - #11 0x7fe8a489df1f in __libc_start_call_main (/lib64/libc.so.6+0x40f1f) -``` - -(cherry picked from commit a2e37d52312806b1847800df2358e61276cda052) ---- - src/timedate/timedatectl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/timedate/timedatectl.c b/src/timedate/timedatectl.c -index 75ca6195da..31909064cf 100644 ---- a/src/timedate/timedatectl.c -+++ b/src/timedate/timedatectl.c -@@ -304,7 +304,7 @@ static int list_timezones(int argc, char **argv, void *userdata) { - sd_bus *bus = userdata; - _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; - int r; -- char** zones; -+ _cleanup_strv_free_ char **zones = NULL; - - r = bus_call_method(bus, bus_timedate, "ListTimezones", &error, &reply, NULL); - if (r < 0) --- -2.33.0 - diff --git a/backport-timesync-check-cmsg-length.patch b/backport-timesync-check-cmsg-length.patch deleted file mode 100644 index 90a3260..0000000 --- a/backport-timesync-check-cmsg-length.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 4e9f1d0a28cc29d1f010b05d74898f222d757cc8 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 29 Aug 2021 20:55:44 +0900 -Subject: [PATCH] timesync: check cmsg length - -(cherry picked from commit 37df6d9b8d3a8b34bec5346766ab8093c0f0fc26) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/4e9f1d0a28cc29d1f010b05d74898f222d757cc8 ---- - src/timesync/timesyncd-manager.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c -index eae14e8fb2..648e804105 100644 ---- a/src/timesync/timesyncd-manager.c -+++ b/src/timesync/timesyncd-manager.c -@@ -467,6 +467,8 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re - - switch (cmsg->cmsg_type) { - case SCM_TIMESTAMPNS: -+ assert(cmsg->cmsg_len == CMSG_LEN(sizeof(struct timespec))); -+ - recv_time = (struct timespec *) CMSG_DATA(cmsg); - break; - } --- -2.33.0 - diff --git a/backport-timesync-fix-wrong-type-for-receiving-timestamp-in-n.patch b/backport-timesync-fix-wrong-type-for-receiving-timestamp-in-n.patch deleted file mode 100644 index aef7fe9..0000000 --- a/backport-timesync-fix-wrong-type-for-receiving-timestamp-in-n.patch +++ /dev/null @@ -1,45 +0,0 @@ -From dac54d1aa759255144d9937361289bde57d64118 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 20 Aug 2021 08:40:11 +0900 -Subject: [PATCH] timesync: fix wrong type for receiving timestamp in - nanoseconds - -Fixes #20482. - -(cherry picked from commit 6f96bdc58746b1698bf8b3430a6c638f8949daec) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/dac54d1aa759255144d9937361289bde57d64118 ---- - src/test/test-sizeof.c | 2 ++ - src/timesync/timesyncd-manager.c | 2 +- - 2 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/test/test-sizeof.c b/src/test/test-sizeof.c -index 3c9dc180fa..e36bee4e8f 100644 ---- a/src/test/test-sizeof.c -+++ b/src/test/test-sizeof.c -@@ -89,5 +89,7 @@ int main(void) { - printf("big_enum2_pos → %zu\n", sizeof(big_enum2_pos)); - printf("big_enum2_neg → %zu\n", sizeof(big_enum2_neg)); - -+ printf("timeval: %zu\n", sizeof(struct timeval)); -+ printf("timespec: %zu\n", sizeof(struct timespec)); - return 0; - } -diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c -index cb5d42b1d3..9d874cfc8a 100644 ---- a/src/timesync/timesyncd-manager.c -+++ b/src/timesync/timesyncd-manager.c -@@ -412,7 +412,7 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re - .iov_base = &ntpmsg, - .iov_len = sizeof(ntpmsg), - }; -- CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct timeval))) control; -+ CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct timespec))) control; - union sockaddr_union server_addr; - struct msghdr msghdr = { - .msg_iov = &iov, --- -2.33.0 - diff --git a/backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch b/backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch deleted file mode 100644 index d7b6537..0000000 --- a/backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 675dd1039c69ff28ce9c7e617fcede80e998b3e9 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 13 Jul 2022 23:44:45 +0200 -Subject: [PATCH] tmpfiles: check the directory we were supposed to create, not - its parent - -This current code checks the wrong directory. This was broken in -4c39d899ff00e90b7290e4985696f321d7f2726f which converted the previous -code incorrectly. - -(cherry picked from commit 92631578fff1568fa8e99f96de05baae5b258ffe) -(cherry picked from commit 625472b219a4b1ac64534d38cf6e64b51ab22bbb) -(cherry picked from commit 8b674cf43f1ba8137da3a90c67826f13c865838c) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/675dd1039c69ff28ce9c7e617fcede80e998b3e9 ---- - src/tmpfiles/tmpfiles.c | 17 +++++++---------- - 1 file changed, 7 insertions(+), 10 deletions(-) - -diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c -index 7e85c50634..1bfb1cbe16 100644 ---- a/src/tmpfiles/tmpfiles.c -+++ b/src/tmpfiles/tmpfiles.c -@@ -1666,15 +1666,12 @@ static int create_directory_or_subvolume(const char *path, mode_t mode, bool sub - r = btrfs_is_subvol(empty_to_root(arg_root)) > 0; - } - if (!r) -- /* Don't create a subvolume unless the root directory is -- * one, too. We do this under the assumption that if the -- * root directory is just a plain directory (i.e. very -- * light-weight), we shouldn't try to split it up into -- * subvolumes (i.e. more heavy-weight). Thus, chroot() -- * environments and suchlike will get a full brtfs -- * subvolume set up below their tree only if they -- * specifically set up a btrfs subvolume for the root -- * dir too. */ -+ /* Don't create a subvolume unless the root directory is one, too. We do this under -+ * the assumption that if the root directory is just a plain directory (i.e. very -+ * light-weight), we shouldn't try to split it up into subvolumes (i.e. more -+ * heavy-weight). Thus, chroot() environments and suchlike will get a full brtfs -+ * subvolume set up below their tree only if they specifically set up a btrfs -+ * subvolume for the root dir too. */ - - subvol = false; - else { -@@ -1694,7 +1691,7 @@ static int create_directory_or_subvolume(const char *path, mode_t mode, bool sub - if (!IN_SET(r, -EEXIST, -EROFS)) - return log_error_errno(r, "Failed to create directory or subvolume \"%s\": %m", path); - -- k = is_dir_fd(pfd); -+ k = is_dir_full(pfd, basename(path), /* follow= */ false); - if (k == -ENOENT && r == -EROFS) - return log_error_errno(r, "%s does not exist and cannot be created as the file system is read-only.", path); - if (k < 0) --- -2.27.0 - diff --git a/backport-tpm-util-fix-TPM-parameter-handling.patch b/backport-tpm-util-fix-TPM-parameter-handling.patch deleted file mode 100644 index 8ea2e6b..0000000 --- a/backport-tpm-util-fix-TPM-parameter-handling.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 966a8cd270e017928389aa1c3966551b301da5e7 Mon Sep 17 00:00:00 2001 -From: Anatol Pomozov -Date: Fri, 10 Sep 2021 11:52:55 -0700 -Subject: [PATCH] tpm-util: fix TPM parameter handling - -cryptenroll allows to specify a custom TPM driver separated from -parameters with colon e.g. `systemd-cryptenroll --tpm2-device=swtpm:` -tells to load swtpm tss driver and use it as a device. - -Unfortunately it does not work, swtpm driver init() fails with - -``` -debug:tcti:src/tss2-tcti/tcti-swtpm.c:570:Tss2_Tcti_Swtpm_Init() Dup'd conf string to: 0x562f91cbc000 -debug:tcti:src/util/key-value-parse.c:85:parse_key_value_string() parsing key/value: swtpm: -WARNING:tcti:src/util/key-value-parse.c:50:parse_key_value() key / value string is invalid -Failed to initialize TCTI context: tcti:A parameter has a bad value -``` - -It turns out that cryptenroll suppose to use the driver name internally -and strip it before passing the rest of parameters to init() function. -Without doing it swtpm receives incorrect key-value property and gets -confused. - -Fix it by passing the correct parameter (without driver name) to the -init() function. - -Fixes #20708 - -(cherry picked from commit 8889564a8da574e4b956e2b6ced34354dee54cd7) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/966a8cd270e017928389aa1c3966551b301da5e7 ---- - src/shared/tpm2-util.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c -index df6d2eef58..56a7fe622e 100644 ---- a/src/shared/tpm2-util.c -+++ b/src/shared/tpm2-util.c -@@ -182,7 +182,7 @@ static int tpm2_init(const char *device, struct tpm2_context *ret) { - if (!tcti) - return log_oom(); - -- rc = info->init(tcti, &sz, device); -+ rc = info->init(tcti, &sz, param); - if (rc != TPM2_RC_SUCCESS) - return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), - "Failed to initialize TCTI context: %s", sym_Tss2_RC_Decode(rc)); --- -2.33.0 - diff --git a/backport-tree-wide-mark-set-but-not-used-variables-as-unused-.patch b/backport-tree-wide-mark-set-but-not-used-variables-as-unused-.patch deleted file mode 100644 index 800c91a..0000000 --- a/backport-tree-wide-mark-set-but-not-used-variables-as-unused-.patch +++ /dev/null @@ -1,546 +0,0 @@ -From e3516e4fdce54f62819bbb18a9fcdd843544d354 Mon Sep 17 00:00:00 2001 -From: Frantisek Sumsal -Date: Wed, 15 Sep 2021 10:56:21 +0200 -Subject: [PATCH] tree-wide: mark set-but-not-used variables as unused to make - LLVM happy - -LLVM 13 introduced `-Wunused-but-set-variable` diagnostic flag, which -trips over some intentionally set-but-not-used variables or variables -attached to cleanup handlers with side effects (`_cleanup_umask_`, -`_cleanup_(notify_on_cleanup)`, `_cleanup_(restore_sigsetp)`, etc.): - -``` -../src/basic/process-util.c:1257:46: error: variable 'saved_ssp' set but not used [-Werror,-Wunused-but-set-variable] - _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL; - ^ - 1 error generated. -``` - -(cherry picked from commit d7ac09520be8f0d3d94df3dd4fd8a6e7404c0174) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e3516e4fdce54f62819bbb18a9fcdd843544d354 ---- - src/basic/process-util.c | 2 +- - src/basic/unit-file.c | 3 ++- - src/core/manager.c | 4 ++-- - src/cryptsetup/cryptsetup.c | 2 +- - src/home/homed.c | 2 +- - src/initctl/initctl.c | 2 +- - src/journal-remote/journal-remote-main.c | 2 +- - src/journal-remote/journal-remote.c | 2 +- - src/journal-remote/journal-upload.c | 2 +- - src/journal/journald-server.c | 2 +- - src/libsystemd-network/sd-dhcp-server.c | 6 ++++-- - src/libsystemd/sd-device/sd-device.c | 9 ++++++--- - src/libsystemd/sd-journal/test-catalog.c | 2 +- - src/login/logind-core.c | 2 +- - src/login/logind-session.c | 2 +- - src/login/logind.c | 2 +- - src/network/networkd-dhcp-common.c | 6 ++++-- - src/network/networkd.c | 2 +- - src/network/wait-online/wait-online.c | 2 +- - src/nss-systemd/userdb-glue.c | 4 ++-- - src/oom/oomd-manager.c | 2 +- - src/oom/oomd.c | 2 +- - src/resolve/resolved-dns-cache.c | 2 +- - src/resolve/resolved-dns-query.c | 2 +- - src/resolve/resolved.c | 2 +- - src/shared/barrier.c | 2 +- - src/shared/utmp-wtmp.c | 8 ++++---- - src/timesync/timesyncd.c | 2 +- - src/tty-ask-password-agent/tty-ask-password-agent.c | 3 ++- - src/udev/udevd.c | 3 ++- - src/userdb/userdbd.c | 2 +- - 31 files changed, 50 insertions(+), 40 deletions(-) - -diff --git a/src/basic/process-util.c b/src/basic/process-util.c -index 461bbfe9a5..b76ca6f7c5 100644 ---- a/src/basic/process-util.c -+++ b/src/basic/process-util.c -@@ -1278,7 +1278,7 @@ int safe_fork_full( - - pid_t original_pid, pid; - sigset_t saved_ss, ss; -- _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL; -+ _unused_ _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL; - bool block_signals = false, block_all = false; - int prio, r; - -diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c -index 0d58b1c4fe..d1e997ec9f 100644 ---- a/src/basic/unit-file.c -+++ b/src/basic/unit-file.c -@@ -286,7 +286,8 @@ int unit_file_build_name_map( - - FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { - char *filename; -- _cleanup_free_ char *_filename_free = NULL, *simplified = NULL; -+ _unused_ _cleanup_free_ char *_filename_free = NULL; -+ _cleanup_free_ char *simplified = NULL; - const char *suffix, *dst = NULL; - bool valid_unit_name; - -diff --git a/src/core/manager.c b/src/core/manager.c -index 34891a8754..abc63a71af 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -1731,7 +1731,7 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { - - { - /* This block is (optionally) done with the reloading counter bumped */ -- _cleanup_(manager_reloading_stopp) Manager *reloading = NULL; -+ _unused_ _cleanup_(manager_reloading_stopp) Manager *reloading = NULL; - - /* If we will deserialize make sure that during enumeration this is already known, so we increase the - * counter here already */ -@@ -3770,7 +3770,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { - } - - int manager_reload(Manager *m) { -- _cleanup_(manager_reloading_stopp) Manager *reloading = NULL; -+ _unused_ _cleanup_(manager_reloading_stopp) Manager *reloading = NULL; - _cleanup_fdset_free_ FDSet *fds = NULL; - _cleanup_fclose_ FILE *f = NULL; - int r; -diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c -index 0fa41b8360..440f17d017 100644 ---- a/src/cryptsetup/cryptsetup.c -+++ b/src/cryptsetup/cryptsetup.c -@@ -1482,7 +1482,7 @@ static int run(int argc, char *argv[]) { - verb = argv[1]; - - if (streq(verb, "attach")) { -- _cleanup_(remove_and_erasep) const char *destroy_key_file = NULL; -+ _unused_ _cleanup_(remove_and_erasep) const char *destroy_key_file = NULL; - _cleanup_(erase_and_freep) void *key_data = NULL; - const char *volume, *source, *key_file, *options; - crypt_status_info status; -diff --git a/src/home/homed.c b/src/home/homed.c -index 807d25e273..579c289a68 100644 ---- a/src/home/homed.c -+++ b/src/home/homed.c -@@ -14,7 +14,7 @@ - - static int run(int argc, char *argv[]) { - _cleanup_(manager_freep) Manager *m = NULL; -- _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; - int r; - - log_setup(); -diff --git a/src/initctl/initctl.c b/src/initctl/initctl.c -index c48fef16ef..a48a8570c4 100644 ---- a/src/initctl/initctl.c -+++ b/src/initctl/initctl.c -@@ -311,7 +311,7 @@ static int process_event(Server *s, struct epoll_event *ev) { - - static int run(int argc, char *argv[]) { - _cleanup_(server_done) Server server = { .epoll_fd = -1 }; -- _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; - int r, n; - - if (argc > 1) -diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c -index 9ff31763da..b46b4fc08e 100644 ---- a/src/journal-remote/journal-remote-main.c -+++ b/src/journal-remote/journal-remote-main.c -@@ -1099,7 +1099,7 @@ static int load_certificates(char **key, char **cert, char **trust) { - - static int run(int argc, char **argv) { - _cleanup_(journal_remote_server_destroy) RemoteServer s = {}; -- _cleanup_(notify_on_cleanup) const char *notify_message = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_message = NULL; - _cleanup_(erase_and_freep) char *key = NULL; - _cleanup_free_ char *cert = NULL, *trust = NULL; - int r; -diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c -index 6e5aebdc48..f530ba3c7e 100644 ---- a/src/journal-remote/journal-remote.c -+++ b/src/journal-remote/journal-remote.c -@@ -272,7 +272,7 @@ int journal_remote_add_source(RemoteServer *s, int fd, char* name, bool own_name - - int journal_remote_add_raw_socket(RemoteServer *s, int fd) { - int r; -- _cleanup_close_ int fd_ = fd; -+ _unused_ _cleanup_close_ int fd_ = fd; - char name[STRLEN("raw-socket-") + DECIMAL_STR_MAX(int) + 1]; - - assert(fd >= 0); -diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c -index 2a38d206ea..37660b925a 100644 ---- a/src/journal-remote/journal-upload.c -+++ b/src/journal-remote/journal-upload.c -@@ -820,7 +820,7 @@ static int open_journal(sd_journal **j) { - - static int run(int argc, char **argv) { - _cleanup_(destroy_uploader) Uploader u = {}; -- _cleanup_(notify_on_cleanup) const char *notify_message = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_message = NULL; - bool use_journal; - int r; - -diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c -index 2d1d9e66d7..a212079758 100644 ---- a/src/journal/journald-server.c -+++ b/src/journal/journald-server.c -@@ -910,7 +910,7 @@ static void dispatch_message_real( - pid_t object_pid) { - - char source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)]; -- _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL; -+ _unused_ _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL; - uid_t journal_uid; - ClientContext *o; - -diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c -index 0b3904c02a..070f4ec1c2 100644 ---- a/src/libsystemd-network/sd-dhcp-server.c -+++ b/src/libsystemd-network/sd-dhcp-server.c -@@ -1004,7 +1004,8 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz - /* verify that the requested address is from the pool, and either - owned by the current client or free */ - if (pool_offset >= 0 && static_lease) { -- _cleanup_(dhcp_lease_freep) DHCPLease *lease = NULL, *old_lease = NULL; -+ _unused_ _cleanup_(dhcp_lease_freep) DHCPLease *old_lease = NULL; -+ _cleanup_(dhcp_lease_freep) DHCPLease *lease = NULL; - usec_t time_now, expiration; - - r = sd_event_now(server->event, clock_boottime_or_monotonic(), &time_now); -@@ -1482,7 +1483,8 @@ int sd_dhcp_server_set_static_lease( - uint8_t *client_id, - size_t client_id_size) { - -- _cleanup_(dhcp_lease_freep) DHCPLease *lease = NULL, *old = NULL; -+ _unused_ _cleanup_(dhcp_lease_freep) DHCPLease *old = NULL; -+ _cleanup_(dhcp_lease_freep) DHCPLease *lease = NULL; - DHCPClientId c; - int r; - -diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c -index 45261588a8..3f2cce5bba 100644 ---- a/src/libsystemd/sd-device/sd-device.c -+++ b/src/libsystemd/sd-device/sd-device.c -@@ -94,7 +94,8 @@ int device_add_property_aux(sd_device *device, const char *key, const char *valu - properties = &device->properties; - - if (value) { -- _cleanup_free_ char *new_key = NULL, *new_value = NULL, *old_key = NULL, *old_value = NULL; -+ _unused_ _cleanup_free_ char *old_value = NULL; -+ _cleanup_free_ char *new_key = NULL, *new_value = NULL, *old_key = NULL; - int r; - - r = ordered_hashmap_ensure_allocated(properties, &string_hash_ops_free_free); -@@ -119,7 +120,8 @@ int device_add_property_aux(sd_device *device, const char *key, const char *valu - TAKE_PTR(new_key); - TAKE_PTR(new_value); - } else { -- _cleanup_free_ char *old_key = NULL, *old_value = NULL; -+ _unused_ _cleanup_free_ char *old_value = NULL; -+ _cleanup_free_ char *old_key = NULL; - - old_value = ordered_hashmap_remove2(*properties, key, (void**) &old_key); - } -@@ -1920,7 +1922,8 @@ _public_ int sd_device_get_trigger_uuid(sd_device *device, sd_id128_t *ret) { - } - - static int device_cache_sysattr_value(sd_device *device, const char *key, char *value) { -- _cleanup_free_ char *new_key = NULL, *old_value = NULL; -+ _unused_ _cleanup_free_ char *old_value = NULL; -+ _cleanup_free_ char *new_key = NULL; - int r; - - assert(device); -diff --git a/src/libsystemd/sd-journal/test-catalog.c b/src/libsystemd/sd-journal/test-catalog.c -index 982fec0d8d..316c3b1634 100644 ---- a/src/libsystemd/sd-journal/test-catalog.c -+++ b/src/libsystemd/sd-journal/test-catalog.c -@@ -53,7 +53,7 @@ static void test_catalog_import_invalid(void) { - } - - static void test_catalog_import_badid(void) { -- _cleanup_ordered_hashmap_free_free_free_ OrderedHashmap *h = NULL; -+ _unused_ _cleanup_ordered_hashmap_free_free_free_ OrderedHashmap *h = NULL; - const char *input = - "-- 0027229ca0644181a76c4e92458afaff dededededededededededededededede\n" \ - "Subject: message\n" \ -diff --git a/src/login/logind-core.c b/src/login/logind-core.c -index e08929e52a..a9792fd5e4 100644 ---- a/src/login/logind-core.c -+++ b/src/login/logind-core.c -@@ -689,7 +689,7 @@ bool manager_all_buttons_ignored(Manager *m) { - int manager_read_utmp(Manager *m) { - #if ENABLE_UTMP - int r; -- _cleanup_(utxent_cleanup) bool utmpx = false; -+ _unused_ _cleanup_(utxent_cleanup) bool utmpx = false; - - assert(m); - -diff --git a/src/login/logind-session.c b/src/login/logind-session.c -index 3f09750ec9..cde2b5e8bb 100644 ---- a/src/login/logind-session.c -+++ b/src/login/logind-session.c -@@ -1323,7 +1323,7 @@ bool session_is_controller(Session *s, const char *sender) { - } - - static void session_release_controller(Session *s, bool notify) { -- _cleanup_free_ char *name = NULL; -+ _unused_ _cleanup_free_ char *name = NULL; - SessionDevice *sd; - - if (!s->controller) -diff --git a/src/login/logind.c b/src/login/logind.c -index ec52a57acb..b642da6eaa 100644 ---- a/src/login/logind.c -+++ b/src/login/logind.c -@@ -1155,7 +1155,7 @@ static int manager_run(Manager *m) { - - static int run(int argc, char *argv[]) { - _cleanup_(manager_unrefp) Manager *m = NULL; -- _cleanup_(notify_on_cleanup) const char *notify_message = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_message = NULL; - int r; - - log_set_facility(LOG_AUTH); -diff --git a/src/network/networkd-dhcp-common.c b/src/network/networkd-dhcp-common.c -index 249d780887..02cef0fbfc 100644 ---- a/src/network/networkd-dhcp-common.c -+++ b/src/network/networkd-dhcp-common.c -@@ -631,8 +631,10 @@ int config_parse_dhcp_send_option( - void *data, - void *userdata) { - -- _cleanup_(sd_dhcp_option_unrefp) sd_dhcp_option *opt4 = NULL, *old4 = NULL; -- _cleanup_(sd_dhcp6_option_unrefp) sd_dhcp6_option *opt6 = NULL, *old6 = NULL; -+ _cleanup_(sd_dhcp_option_unrefp) sd_dhcp_option *opt4 = NULL; -+ _cleanup_(sd_dhcp6_option_unrefp) sd_dhcp6_option *opt6 = NULL; -+ _unused_ _cleanup_(sd_dhcp_option_unrefp) sd_dhcp_option *old4 = NULL; -+ _unused_ _cleanup_(sd_dhcp6_option_unrefp) sd_dhcp6_option *old6 = NULL; - uint32_t uint32_data, enterprise_identifier = 0; - _cleanup_free_ char *word = NULL, *q = NULL; - OrderedHashmap **options = data; -diff --git a/src/network/networkd.c b/src/network/networkd.c -index 48f6061b1f..ff3380c82c 100644 ---- a/src/network/networkd.c -+++ b/src/network/networkd.c -@@ -19,7 +19,7 @@ - - static int run(int argc, char *argv[]) { - _cleanup_(manager_freep) Manager *m = NULL; -- _cleanup_(notify_on_cleanup) const char *notify_message = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_message = NULL; - int r; - - log_setup(); -diff --git a/src/network/wait-online/wait-online.c b/src/network/wait-online/wait-online.c -index 1b24b6f1a6..3ce29ac679 100644 ---- a/src/network/wait-online/wait-online.c -+++ b/src/network/wait-online/wait-online.c -@@ -195,7 +195,7 @@ static int parse_argv(int argc, char *argv[]) { - - static int run(int argc, char *argv[]) { - _cleanup_(manager_freep) Manager *m = NULL; -- _cleanup_(notify_on_cleanup) const char *notify_message = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_message = NULL; - int r; - - log_setup(); -diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c -index c865ff0d82..002e6925f9 100644 ---- a/src/nss-systemd/userdb-glue.c -+++ b/src/nss-systemd/userdb-glue.c -@@ -303,7 +303,7 @@ enum nss_status userdb_getgrnam( - } - - if (!g) { -- _cleanup_(_nss_systemd_unblockp) bool blocked = false; -+ _unused_ _cleanup_(_nss_systemd_unblockp) bool blocked = false; - - if (strv_isempty(members)) - return NSS_STATUS_NOTFOUND; -@@ -365,7 +365,7 @@ enum nss_status userdb_getgrgid( - } - - if (!g) { -- _cleanup_(_nss_systemd_unblockp) bool blocked = false; -+ _unused_ _cleanup_(_nss_systemd_unblockp) bool blocked = false; - - /* So, quite possibly we have to extend an existing group record with additional members. But - * to do this we need to know the group name first. The group didn't exist via non-NSS -diff --git a/src/oom/oomd-manager.c b/src/oom/oomd-manager.c -index 727206d0b3..891b0acacb 100644 ---- a/src/oom/oomd-manager.c -+++ b/src/oom/oomd-manager.c -@@ -387,7 +387,7 @@ static void clear_candidate_hashmapp(Manager **m) { - static int monitor_memory_pressure_contexts_handler(sd_event_source *s, uint64_t usec, void *userdata) { - /* Don't want to use stale candidate data. Setting this will clear the candidate hashmap on return unless we - * update the candidate data (in which case clear_candidates will be NULL). */ -- _cleanup_(clear_candidate_hashmapp) Manager *clear_candidates = userdata; -+ _unused_ _cleanup_(clear_candidate_hashmapp) Manager *clear_candidates = userdata; - _cleanup_set_free_ Set *targets = NULL; - bool in_post_action_delay = false; - Manager *m = userdata; -diff --git a/src/oom/oomd.c b/src/oom/oomd.c -index deb7b094d5..e13a1b35e5 100644 ---- a/src/oom/oomd.c -+++ b/src/oom/oomd.c -@@ -116,7 +116,7 @@ static int parse_argv(int argc, char *argv[]) { - } - - static int run(int argc, char *argv[]) { -- _cleanup_(notify_on_cleanup) const char *notify_msg = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_msg = NULL; - _cleanup_(manager_freep) Manager *m = NULL; - _cleanup_free_ char *swap = NULL; - unsigned long long s = 0; -diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c -index f73ead872d..c2fca1fabe 100644 ---- a/src/resolve/resolved-dns-cache.c -+++ b/src/resolve/resolved-dns-cache.c -@@ -274,7 +274,7 @@ static int dns_cache_link_item(DnsCache *c, DnsCacheItem *i) { - - first = hashmap_get(c->by_key, i->key); - if (first) { -- _cleanup_(dns_resource_key_unrefp) DnsResourceKey *k = NULL; -+ _unused_ _cleanup_(dns_resource_key_unrefp) DnsResourceKey *k = NULL; - - /* Keep a reference to the original key, while we manipulate the list. */ - k = dns_resource_key_ref(first->key); -diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c -index 6d372395fe..192bfd3bf5 100644 ---- a/src/resolve/resolved-dns-query.c -+++ b/src/resolve/resolved-dns-query.c -@@ -165,7 +165,7 @@ static int dns_query_candidate_add_transaction( - } - - static int dns_query_candidate_go(DnsQueryCandidate *c) { -- _cleanup_(dns_query_candidate_unrefp) DnsQueryCandidate *keep_c = NULL; -+ _unused_ _cleanup_(dns_query_candidate_unrefp) DnsQueryCandidate *keep_c = NULL; - DnsTransaction *t; - int r; - unsigned n = 0; -diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c -index aabaa266e9..85ab917c4f 100644 ---- a/src/resolve/resolved.c -+++ b/src/resolve/resolved.c -@@ -23,7 +23,7 @@ - - static int run(int argc, char *argv[]) { - _cleanup_(manager_freep) Manager *m = NULL; -- _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; - int r; - - log_setup(); -diff --git a/src/shared/barrier.c b/src/shared/barrier.c -index 2864c1b8f9..87061f55d7 100644 ---- a/src/shared/barrier.c -+++ b/src/shared/barrier.c -@@ -90,7 +90,7 @@ - * Returns: 0 on success, negative error code on failure. - */ - int barrier_create(Barrier *b) { -- _cleanup_(barrier_destroyp) Barrier *staging = b; -+ _unused_ _cleanup_(barrier_destroyp) Barrier *staging = b; - int r; - - assert(b); -diff --git a/src/shared/utmp-wtmp.c b/src/shared/utmp-wtmp.c -index 784aad2943..d529498fad 100644 ---- a/src/shared/utmp-wtmp.c -+++ b/src/shared/utmp-wtmp.c -@@ -25,7 +25,7 @@ - #include "utmp-wtmp.h" - - int utmp_get_runlevel(int *runlevel, int *previous) { -- _cleanup_(utxent_cleanup) bool utmpx = false; -+ _unused_ _cleanup_(utxent_cleanup) bool utmpx = false; - struct utmpx *found, lookup = { .ut_type = RUN_LVL }; - const char *e; - -@@ -87,7 +87,7 @@ static void init_entry(struct utmpx *store, usec_t t) { - } - - static int write_entry_utmp(const struct utmpx *store) { -- _cleanup_(utxent_cleanup) bool utmpx = false; -+ _unused_ _cleanup_(utxent_cleanup) bool utmpx = false; - - assert(store); - -@@ -215,7 +215,7 @@ int utmp_put_init_process(const char *id, pid_t pid, pid_t sid, const char *line - } - - int utmp_put_dead_process(const char *id, pid_t pid, int code, int status) { -- _cleanup_(utxent_cleanup) bool utmpx = false; -+ _unused_ _cleanup_(utxent_cleanup) bool utmpx = false; - struct utmpx lookup = { - .ut_type = INIT_PROCESS /* looks for DEAD_PROCESS, LOGIN_PROCESS, USER_PROCESS, too */ - }, store, store_wtmp, *found; -@@ -340,7 +340,7 @@ int utmp_wall( - bool (*match_tty)(const char *tty, void *userdata), - void *userdata) { - -- _cleanup_(utxent_cleanup) bool utmpx = false; -+ _unused_ _cleanup_(utxent_cleanup) bool utmpx = false; - _cleanup_free_ char *text = NULL, *hn = NULL, *un = NULL, *stdin_tty = NULL; - char date[FORMAT_TIMESTAMP_MAX]; - struct utmpx *u; -diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c -index e6a2b06687..8d43e55583 100644 ---- a/src/timesync/timesyncd.c -+++ b/src/timesync/timesyncd.c -@@ -90,7 +90,7 @@ settime: - - static int run(int argc, char *argv[]) { - _cleanup_(manager_freep) Manager *m = NULL; -- _cleanup_(notify_on_cleanup) const char *notify_message = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_message = NULL; - const char *user = "systemd-timesync"; - uid_t uid, uid_current; - gid_t gid; -diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c -index 59b144972b..25d69180c5 100644 ---- a/src/tty-ask-password-agent/tty-ask-password-agent.c -+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c -@@ -338,7 +338,8 @@ static int process_and_watch_password_files(bool watch) { - _FD_MAX - }; - -- _cleanup_close_ int notify = -1, signal_fd = -1, tty_block_fd = -1; -+ _unused_ _cleanup_close_ int tty_block_fd = -1; -+ _cleanup_close_ int notify = -1, signal_fd = -1; - struct pollfd pollfd[_FD_MAX]; - sigset_t mask; - int r; -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 13ac7c83b5..8808c5cf95 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -1092,7 +1092,8 @@ static int on_ctrl_msg(struct udev_ctrl *uctrl, enum udev_ctrl_msg_type type, co - manager_reload(manager); - break; - case UDEV_CTRL_SET_ENV: { -- _cleanup_free_ char *key = NULL, *val = NULL, *old_key = NULL, *old_val = NULL; -+ _unused_ _cleanup_free_ char *old_val = NULL; -+ _cleanup_free_ char *key = NULL, *val = NULL, *old_key = NULL; - const char *eq; - - eq = strchr(value->buf, '='); -diff --git a/src/userdb/userdbd.c b/src/userdb/userdbd.c -index d469411eb8..0c321bf411 100644 ---- a/src/userdb/userdbd.c -+++ b/src/userdb/userdbd.c -@@ -24,7 +24,7 @@ - - static int run(int argc, char *argv[]) { - _cleanup_(manager_freep) Manager *m = NULL; -- _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; -+ _unused_ _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; - int r; - - log_setup(); --- -2.33.0 - diff --git a/backport-tree-wide-use-sd_event_source_disable_unref-where-we.patch b/backport-tree-wide-use-sd_event_source_disable_unref-where-we.patch deleted file mode 100644 index 52a9aad..0000000 --- a/backport-tree-wide-use-sd_event_source_disable_unref-where-we.patch +++ /dev/null @@ -1,158 +0,0 @@ -From e53bfae86dfb909e0a2eb179328b61f4ed723639 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 8 Nov 2021 23:07:51 +0100 -Subject: [PATCH] tree-wide: use sd_event_source_disable_unref() where we can - -(cherry picked from commit 4f538d7b221de5707c1ff422e6e34be795535397) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e53bfae86dfb909e0a2eb179328b61f4ed723639 ---- - src/journal/journald-stream.c | 7 +---- - src/libsystemd/sd-bus/sd-bus.c | 37 +++++--------------------- - src/libsystemd/sd-resolve/sd-resolve.c | 6 +---- - src/shared/varlink.c | 10 ++----- - 4 files changed, 10 insertions(+), 50 deletions(-) - -diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c -index c6720b6b13..ee0fd27f2e 100644 ---- a/src/journal/journald-stream.c -+++ b/src/journal/journald-stream.c -@@ -108,7 +108,6 @@ StdoutStream* stdout_stream_free(StdoutStream *s) { - return NULL; - - if (s->server) { -- - if (s->context) - client_context_release(s->server, s->context); - -@@ -122,11 +121,7 @@ StdoutStream* stdout_stream_free(StdoutStream *s) { - (void) server_start_or_stop_idle_timer(s->server); /* Maybe we are idle now? */ - } - -- if (s->event_source) { -- sd_event_source_set_enabled(s->event_source, SD_EVENT_OFF); -- s->event_source = sd_event_source_unref(s->event_source); -- } -- -+ sd_event_source_disable_unref(s->event_source); - safe_close(s->fd); - free(s->label); - free(s->identifier); -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index a32e2f5e20..79c24fe703 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -62,7 +62,6 @@ - - static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec); - static void bus_detach_io_events(sd_bus *b); --static void bus_detach_inotify_event(sd_bus *b); - - static thread_local sd_bus *default_system_bus = NULL; - static thread_local sd_bus *default_user_bus = NULL; -@@ -139,7 +138,7 @@ void bus_close_io_fds(sd_bus *b) { - void bus_close_inotify_fd(sd_bus *b) { - assert(b); - -- bus_detach_inotify_event(b); -+ b->inotify_event_source = sd_event_source_disable_unref(b->inotify_event_source); - - b->inotify_fd = safe_close(b->inotify_fd); - b->inotify_watches = mfree(b->inotify_watches); -@@ -3738,15 +3737,8 @@ int bus_attach_io_events(sd_bus *bus) { - static void bus_detach_io_events(sd_bus *bus) { - assert(bus); - -- if (bus->input_io_event_source) { -- sd_event_source_set_enabled(bus->input_io_event_source, SD_EVENT_OFF); -- bus->input_io_event_source = sd_event_source_unref(bus->input_io_event_source); -- } -- -- if (bus->output_io_event_source) { -- sd_event_source_set_enabled(bus->output_io_event_source, SD_EVENT_OFF); -- bus->output_io_event_source = sd_event_source_unref(bus->output_io_event_source); -- } -+ bus->input_io_event_source = sd_event_source_disable_unref(bus->input_io_event_source); -+ bus->output_io_event_source = sd_event_source_disable_unref(bus->output_io_event_source); - } - - int bus_attach_inotify_event(sd_bus *bus) { -@@ -3778,15 +3770,6 @@ int bus_attach_inotify_event(sd_bus *bus) { - return 0; - } - --static void bus_detach_inotify_event(sd_bus *bus) { -- assert(bus); -- -- if (bus->inotify_event_source) { -- sd_event_source_set_enabled(bus->inotify_event_source, SD_EVENT_OFF); -- bus->inotify_event_source = sd_event_source_unref(bus->inotify_event_source); -- } --} -- - _public_ int sd_bus_attach_event(sd_bus *bus, sd_event *event, int priority) { - int r; - -@@ -3851,17 +3834,9 @@ _public_ int sd_bus_detach_event(sd_bus *bus) { - return 0; - - bus_detach_io_events(bus); -- bus_detach_inotify_event(bus); -- -- if (bus->time_event_source) { -- sd_event_source_set_enabled(bus->time_event_source, SD_EVENT_OFF); -- bus->time_event_source = sd_event_source_unref(bus->time_event_source); -- } -- -- if (bus->quit_event_source) { -- sd_event_source_set_enabled(bus->quit_event_source, SD_EVENT_OFF); -- bus->quit_event_source = sd_event_source_unref(bus->quit_event_source); -- } -+ bus->inotify_event_source = sd_event_source_disable_unref(bus->inotify_event_source); -+ bus->time_event_source = sd_event_source_disable_unref(bus->time_event_source); -+ bus->quit_event_source = sd_event_source_disable_unref(bus->quit_event_source); - - bus->event = sd_event_unref(bus->event); - return 1; -diff --git a/src/libsystemd/sd-resolve/sd-resolve.c b/src/libsystemd/sd-resolve/sd-resolve.c -index ee973c0692..073b658d3f 100644 ---- a/src/libsystemd/sd-resolve/sd-resolve.c -+++ b/src/libsystemd/sd-resolve/sd-resolve.c -@@ -1285,11 +1285,7 @@ _public_ int sd_resolve_detach_event(sd_resolve *resolve) { - if (!resolve->event) - return 0; - -- if (resolve->event_source) { -- sd_event_source_set_enabled(resolve->event_source, SD_EVENT_OFF); -- resolve->event_source = sd_event_source_unref(resolve->event_source); -- } -- -+ resolve->event_source = sd_event_source_disable_unref(resolve->event_source); - resolve->event = sd_event_unref(resolve->event); - return 1; - } -diff --git a/src/shared/varlink.c b/src/shared/varlink.c -index a57475b5ba..ec062f3da4 100644 ---- a/src/shared/varlink.c -+++ b/src/shared/varlink.c -@@ -2364,14 +2364,8 @@ int varlink_server_detach_event(VarlinkServer *s) { - - assert_return(s, -EINVAL); - -- LIST_FOREACH(sockets, ss, s->sockets) { -- -- if (!ss->event_source) -- continue; -- -- (void) sd_event_source_set_enabled(ss->event_source, SD_EVENT_OFF); -- ss->event_source = sd_event_source_unref(ss->event_source); -- } -+ LIST_FOREACH(sockets, ss, s->sockets) -+ ss->event_source = sd_event_source_disable_unref(ss->event_source); - - sd_event_unref(s->event); - return 0; --- -2.33.0 - diff --git a/backport-udev-add-usec_add-at-one-more-place.patch b/backport-udev-add-usec_add-at-one-more-place.patch deleted file mode 100644 index 7031856..0000000 --- a/backport-udev-add-usec_add-at-one-more-place.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 92fd70addf25d4f301ba43ca3e6ede96d9564295 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 15:41:20 +0900 -Subject: [PATCH] udev: add usec_add() at one more place - -Reference:https://github.com/systemd/systemd/commit/92fd70addf25d4f301ba43ca3e6ede96d9564295 -Conflict:NA - ---- - src/udev/udevd.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 279b409..2179825 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -893,7 +893,7 @@ static int event_queue_start(Manager *manager) { - assert_se(sd_event_now(manager->event, CLOCK_MONOTONIC, &usec) >= 0); - /* check for changed config, every 3 seconds at most */ - if (manager->last_usec == 0 || -- usec - manager->last_usec > 3 * USEC_PER_SEC) { -+ usec > usec_add(manager->last_usec, 3 * USEC_PER_SEC)) { - if (udev_rules_check_timestamp(manager->rules) || - udev_builtin_validate()) - manager_reload(manager); --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-also-rename-struct-udev_ctrl-UdevCtrl.patch b/backport-udev-also-rename-struct-udev_ctrl-UdevCtrl.patch deleted file mode 100644 index 5013b29..0000000 --- a/backport-udev-also-rename-struct-udev_ctrl-UdevCtrl.patch +++ /dev/null @@ -1,350 +0,0 @@ -From e0d61dac3324abc90f61014a98b1bc5a9a1f60ae Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 16 Jun 2021 19:18:56 +0900 -Subject: [PATCH] udev: also rename struct udev_ctrl -> UdevCtrl - -Reference:https://github.com/systemd/systemd/commit/e0d61dac3324abc90f61014a98b1bc5a9a1f60ae -Conflict:NA - ---- - src/udev/udev-ctrl.c | 52 ++++++++++++++++++------------------ - src/udev/udev-ctrl.h | 54 +++++++++++++++++++------------------- - src/udev/udevadm-control.c | 2 +- - src/udev/udevadm-settle.c | 2 +- - src/udev/udevadm-trigger.c | 2 +- - src/udev/udevd.c | 4 +-- - 6 files changed, 58 insertions(+), 58 deletions(-) - -diff --git a/src/udev/udev-ctrl.c b/src/udev/udev-ctrl.c -index 3d563547190c..00279ba3d87d 100644 ---- a/src/udev/udev-ctrl.c -+++ b/src/udev/udev-ctrl.c -@@ -23,14 +23,14 @@ - /* wire protocol magic must match */ - #define UDEV_CTRL_MAGIC 0xdead1dea - --struct udev_ctrl_msg_wire { -+typedef struct UdevCtrlMessageWire { - char version[16]; - unsigned magic; -- enum udev_ctrl_msg_type type; -- union udev_ctrl_msg_value value; --}; -+ UdevCtrlMessageType type; -+ UdevCtrlMessageValue value; -+} UdevCtrlMessageWire; - --struct udev_ctrl { -+struct UdevCtrl { - unsigned n_ref; - int sock; - int sock_connect; -@@ -47,9 +47,9 @@ struct udev_ctrl { - void *userdata; - }; - --int udev_ctrl_new_from_fd(struct udev_ctrl **ret, int fd) { -+int udev_ctrl_new_from_fd(UdevCtrl **ret, int fd) { - _cleanup_close_ int sock = -1; -- struct udev_ctrl *uctrl; -+ UdevCtrl *uctrl; - - assert(ret); - -@@ -59,11 +59,11 @@ int udev_ctrl_new_from_fd(struct udev_ctrl **ret, int fd) { - return log_error_errno(errno, "Failed to create socket: %m"); - } - -- uctrl = new(struct udev_ctrl, 1); -+ uctrl = new(UdevCtrl, 1); - if (!uctrl) - return -ENOMEM; - -- *uctrl = (struct udev_ctrl) { -+ *uctrl = (UdevCtrl) { - .n_ref = 1, - .sock = fd >= 0 ? fd : TAKE_FD(sock), - .sock_connect = -1, -@@ -81,7 +81,7 @@ int udev_ctrl_new_from_fd(struct udev_ctrl **ret, int fd) { - return 0; - } - --int udev_ctrl_enable_receiving(struct udev_ctrl *uctrl) { -+int udev_ctrl_enable_receiving(UdevCtrl *uctrl) { - int r; - - assert(uctrl); -@@ -107,7 +107,7 @@ int udev_ctrl_enable_receiving(struct udev_ctrl *uctrl) { - return 0; - } - --static void udev_ctrl_disconnect(struct udev_ctrl *uctrl) { -+static void udev_ctrl_disconnect(UdevCtrl *uctrl) { - if (!uctrl) - return; - -@@ -115,7 +115,7 @@ static void udev_ctrl_disconnect(struct udev_ctrl *uctrl) { - uctrl->sock_connect = safe_close(uctrl->sock_connect); - } - --static struct udev_ctrl *udev_ctrl_free(struct udev_ctrl *uctrl) { -+static UdevCtrl *udev_ctrl_free(UdevCtrl *uctrl) { - assert(uctrl); - - udev_ctrl_disconnect(uctrl); -@@ -127,9 +127,9 @@ static struct udev_ctrl *udev_ctrl_free(struct udev_ctrl *uctrl) { - return mfree(uctrl); - } - --DEFINE_TRIVIAL_REF_UNREF_FUNC(struct udev_ctrl, udev_ctrl, udev_ctrl_free); -+DEFINE_TRIVIAL_REF_UNREF_FUNC(UdevCtrl, udev_ctrl, udev_ctrl_free); - --int udev_ctrl_cleanup(struct udev_ctrl *uctrl) { -+int udev_ctrl_cleanup(UdevCtrl *uctrl) { - if (!uctrl) - return 0; - if (uctrl->cleanup_socket) -@@ -137,7 +137,7 @@ int udev_ctrl_cleanup(struct udev_ctrl *uctrl) { - return 0; - } - --int udev_ctrl_attach_event(struct udev_ctrl *uctrl, sd_event *event) { -+int udev_ctrl_attach_event(UdevCtrl *uctrl, sd_event *event) { - int r; - - assert_return(uctrl, -EINVAL); -@@ -154,25 +154,25 @@ int udev_ctrl_attach_event(struct udev_ctrl *uctrl, sd_event *event) { - return 0; - } - --sd_event_source *udev_ctrl_get_event_source(struct udev_ctrl *uctrl) { -+sd_event_source *udev_ctrl_get_event_source(UdevCtrl *uctrl) { - assert(uctrl); - - return uctrl->event_source; - } - --static void udev_ctrl_disconnect_and_listen_again(struct udev_ctrl *uctrl) { -+static void udev_ctrl_disconnect_and_listen_again(UdevCtrl *uctrl) { - udev_ctrl_disconnect(uctrl); - udev_ctrl_unref(uctrl); - (void) sd_event_source_set_enabled(uctrl->event_source, SD_EVENT_ON); - /* We don't return NULL here because uctrl is not freed */ - } - --DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct udev_ctrl*, udev_ctrl_disconnect_and_listen_again, NULL); -+DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(UdevCtrl*, udev_ctrl_disconnect_and_listen_again, NULL); - - static int udev_ctrl_connection_event_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) { -- _cleanup_(udev_ctrl_disconnect_and_listen_againp) struct udev_ctrl *uctrl = NULL; -- struct udev_ctrl_msg_wire msg_wire; -- struct iovec iov = IOVEC_MAKE(&msg_wire, sizeof(struct udev_ctrl_msg_wire)); -+ _cleanup_(udev_ctrl_disconnect_and_listen_againp) UdevCtrl *uctrl = NULL; -+ UdevCtrlMessageWire msg_wire; -+ struct iovec iov = IOVEC_MAKE(&msg_wire, sizeof(UdevCtrlMessageWire)); - CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred))) control; - struct msghdr smsg = { - .msg_iov = &iov, -@@ -235,7 +235,7 @@ static int udev_ctrl_connection_event_handler(sd_event_source *s, int fd, uint32 - } - - static int udev_ctrl_event_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) { -- struct udev_ctrl *uctrl = userdata; -+ UdevCtrl *uctrl = userdata; - _cleanup_close_ int sock = -1; - struct ucred ucred; - int r; -@@ -282,7 +282,7 @@ static int udev_ctrl_event_handler(sd_event_source *s, int fd, uint32_t revents, - return 0; - } - --int udev_ctrl_start(struct udev_ctrl *uctrl, udev_ctrl_handler_t callback, void *userdata) { -+int udev_ctrl_start(UdevCtrl *uctrl, udev_ctrl_handler_t callback, void *userdata) { - int r; - - assert(uctrl); -@@ -309,8 +309,8 @@ int udev_ctrl_start(struct udev_ctrl *uctrl, udev_ctrl_handler_t callback, void - return 0; - } - --int udev_ctrl_send(struct udev_ctrl *uctrl, enum udev_ctrl_msg_type type, int intval, const char *buf) { -- struct udev_ctrl_msg_wire ctrl_msg_wire = { -+int udev_ctrl_send(UdevCtrl *uctrl, UdevCtrlMessageType type, int intval, const char *buf) { -+ UdevCtrlMessageWire ctrl_msg_wire = { - .version = "udev-" STRINGIFY(PROJECT_VERSION), - .magic = UDEV_CTRL_MAGIC, - .type = type, -@@ -339,7 +339,7 @@ int udev_ctrl_send(struct udev_ctrl *uctrl, enum udev_ctrl_msg_type type, int in - return 0; - } - --int udev_ctrl_wait(struct udev_ctrl *uctrl, usec_t timeout) { -+int udev_ctrl_wait(UdevCtrl *uctrl, usec_t timeout) { - _cleanup_(sd_event_source_unrefp) sd_event_source *source_io = NULL, *source_timeout = NULL; - int r; - -diff --git a/src/udev/udev-ctrl.h b/src/udev/udev-ctrl.h -index 680fbf7bff1d..ca80c2aa4e0d 100644 ---- a/src/udev/udev-ctrl.h -+++ b/src/udev/udev-ctrl.h -@@ -6,9 +6,9 @@ - #include "macro.h" - #include "time-util.h" - --struct udev_ctrl; -+typedef struct UdevCtrl UdevCtrl; - --enum udev_ctrl_msg_type { -+typedef enum UdevCtrlMessageType { - _UDEV_CTRL_END_MESSAGES, - UDEV_CTRL_SET_LOG_LEVEL, - UDEV_CTRL_STOP_EXEC_QUEUE, -@@ -18,62 +18,62 @@ enum udev_ctrl_msg_type { - UDEV_CTRL_SET_CHILDREN_MAX, - UDEV_CTRL_PING, - UDEV_CTRL_EXIT, --}; -+} UdevCtrlMessageType; - --union udev_ctrl_msg_value { -+typedef union UdevCtrlMessageValue { - int intval; - char buf[256]; --}; -+} UdevCtrlMessageValue; - --typedef int (*udev_ctrl_handler_t)(struct udev_ctrl *udev_ctrl, enum udev_ctrl_msg_type type, -- const union udev_ctrl_msg_value *value, void *userdata); -+typedef int (*udev_ctrl_handler_t)(UdevCtrl *udev_ctrl, UdevCtrlMessageType type, -+ const UdevCtrlMessageValue *value, void *userdata); - --int udev_ctrl_new_from_fd(struct udev_ctrl **ret, int fd); --static inline int udev_ctrl_new(struct udev_ctrl **ret) { -+int udev_ctrl_new_from_fd(UdevCtrl **ret, int fd); -+static inline int udev_ctrl_new(UdevCtrl **ret) { - return udev_ctrl_new_from_fd(ret, -1); - } - --int udev_ctrl_enable_receiving(struct udev_ctrl *uctrl); --struct udev_ctrl *udev_ctrl_ref(struct udev_ctrl *uctrl); --struct udev_ctrl *udev_ctrl_unref(struct udev_ctrl *uctrl); --int udev_ctrl_cleanup(struct udev_ctrl *uctrl); --int udev_ctrl_attach_event(struct udev_ctrl *uctrl, sd_event *event); --int udev_ctrl_start(struct udev_ctrl *uctrl, udev_ctrl_handler_t callback, void *userdata); --sd_event_source *udev_ctrl_get_event_source(struct udev_ctrl *uctrl); -+int udev_ctrl_enable_receiving(UdevCtrl *uctrl); -+UdevCtrl *udev_ctrl_ref(UdevCtrl *uctrl); -+UdevCtrl *udev_ctrl_unref(UdevCtrl *uctrl); -+int udev_ctrl_cleanup(UdevCtrl *uctrl); -+int udev_ctrl_attach_event(UdevCtrl *uctrl, sd_event *event); -+int udev_ctrl_start(UdevCtrl *uctrl, udev_ctrl_handler_t callback, void *userdata); -+sd_event_source *udev_ctrl_get_event_source(UdevCtrl *uctrl); - --int udev_ctrl_wait(struct udev_ctrl *uctrl, usec_t timeout); -+int udev_ctrl_wait(UdevCtrl *uctrl, usec_t timeout); - --int udev_ctrl_send(struct udev_ctrl *uctrl, enum udev_ctrl_msg_type type, int intval, const char *buf); --static inline int udev_ctrl_send_set_log_level(struct udev_ctrl *uctrl, int priority) { -+int udev_ctrl_send(UdevCtrl *uctrl, UdevCtrlMessageType type, int intval, const char *buf); -+static inline int udev_ctrl_send_set_log_level(UdevCtrl *uctrl, int priority) { - return udev_ctrl_send(uctrl, UDEV_CTRL_SET_LOG_LEVEL, priority, NULL); - } - --static inline int udev_ctrl_send_stop_exec_queue(struct udev_ctrl *uctrl) { -+static inline int udev_ctrl_send_stop_exec_queue(UdevCtrl *uctrl) { - return udev_ctrl_send(uctrl, UDEV_CTRL_STOP_EXEC_QUEUE, 0, NULL); - } - --static inline int udev_ctrl_send_start_exec_queue(struct udev_ctrl *uctrl) { -+static inline int udev_ctrl_send_start_exec_queue(UdevCtrl *uctrl) { - return udev_ctrl_send(uctrl, UDEV_CTRL_START_EXEC_QUEUE, 0, NULL); - } - --static inline int udev_ctrl_send_reload(struct udev_ctrl *uctrl) { -+static inline int udev_ctrl_send_reload(UdevCtrl *uctrl) { - return udev_ctrl_send(uctrl, UDEV_CTRL_RELOAD, 0, NULL); - } - --static inline int udev_ctrl_send_set_env(struct udev_ctrl *uctrl, const char *key) { -+static inline int udev_ctrl_send_set_env(UdevCtrl *uctrl, const char *key) { - return udev_ctrl_send(uctrl, UDEV_CTRL_SET_ENV, 0, key); - } - --static inline int udev_ctrl_send_set_children_max(struct udev_ctrl *uctrl, int count) { -+static inline int udev_ctrl_send_set_children_max(UdevCtrl *uctrl, int count) { - return udev_ctrl_send(uctrl, UDEV_CTRL_SET_CHILDREN_MAX, count, NULL); - } - --static inline int udev_ctrl_send_ping(struct udev_ctrl *uctrl) { -+static inline int udev_ctrl_send_ping(UdevCtrl *uctrl) { - return udev_ctrl_send(uctrl, UDEV_CTRL_PING, 0, NULL); - } - --static inline int udev_ctrl_send_exit(struct udev_ctrl *uctrl) { -+static inline int udev_ctrl_send_exit(UdevCtrl *uctrl) { - return udev_ctrl_send(uctrl, UDEV_CTRL_EXIT, 0, NULL); - } - --DEFINE_TRIVIAL_CLEANUP_FUNC(struct udev_ctrl*, udev_ctrl_unref); -+DEFINE_TRIVIAL_CLEANUP_FUNC(UdevCtrl*, udev_ctrl_unref); -diff --git a/src/udev/udevadm-control.c b/src/udev/udevadm-control.c -index 20820dd64723..06c61e5c07c6 100644 ---- a/src/udev/udevadm-control.c -+++ b/src/udev/udevadm-control.c -@@ -48,7 +48,7 @@ static int help(void) { - } - - int control_main(int argc, char *argv[], void *userdata) { -- _cleanup_(udev_ctrl_unrefp) struct udev_ctrl *uctrl = NULL; -+ _cleanup_(udev_ctrl_unrefp) UdevCtrl *uctrl = NULL; - usec_t timeout = 60 * USEC_PER_SEC; - int c, r; - -diff --git a/src/udev/udevadm-settle.c b/src/udev/udevadm-settle.c -index 84b4f9ca4588..6da9439bd28a 100644 ---- a/src/udev/udevadm-settle.c -+++ b/src/udev/udevadm-settle.c -@@ -176,7 +176,7 @@ int settle_main(int argc, char *argv[], void *userdata) { - - /* guarantee that the udev daemon isn't pre-processing */ - if (getuid() == 0) { -- _cleanup_(udev_ctrl_unrefp) struct udev_ctrl *uctrl = NULL; -+ _cleanup_(udev_ctrl_unrefp) UdevCtrl *uctrl = NULL; - - if (udev_ctrl_new(&uctrl) >= 0) { - r = udev_ctrl_send_ping(uctrl); -diff --git a/src/udev/udevadm-trigger.c b/src/udev/udevadm-trigger.c -index 8acf3d9b1189..a24073fb7341 100644 ---- a/src/udev/udevadm-trigger.c -+++ b/src/udev/udevadm-trigger.c -@@ -421,7 +421,7 @@ int trigger_main(int argc, char *argv[], void *userdata) { - } - - if (ping) { -- _cleanup_(udev_ctrl_unrefp) struct udev_ctrl *uctrl = NULL; -+ _cleanup_(udev_ctrl_unrefp) UdevCtrl *uctrl = NULL; - - r = udev_ctrl_new(&uctrl); - if (r < 0) -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 6baedd2f2e69..a35b095dd141 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -94,7 +94,7 @@ typedef struct Manager { - sd_netlink *rtnl; - - sd_device_monitor *monitor; -- struct udev_ctrl *ctrl; -+ UdevCtrl *ctrl; - int worker_watch[2]; - - /* used by udev-watch */ -@@ -1067,7 +1067,7 @@ static int on_uevent(sd_device_monitor *monitor, sd_device *dev, void *userdata) - } - - /* receive the udevd message from userspace */ --static int on_ctrl_msg(struct udev_ctrl *uctrl, enum udev_ctrl_msg_type type, const union udev_ctrl_msg_value *value, void *userdata) { -+static int on_ctrl_msg(UdevCtrl *uctrl, UdevCtrlMessageType type, const UdevCtrlMessageValue *value, void *userdata) { - Manager *manager = userdata; - int r; - diff --git a/backport-udev-assume-block-device-is-not-locked-when-a-new-event-is-queued.patch b/backport-udev-assume-block-device-is-not-locked-when-a-new-event-is-queued.patch deleted file mode 100644 index 9790e2d..0000000 --- a/backport-udev-assume-block-device-is-not-locked-when-a-new-event-is-queued.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 82a5de9fd289e1d9b109528bcdddb74534e1a4bf Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 02:56:58 +0900 -Subject: [PATCH] udev: assume block device is not locked when a new event is - queued - -Then, hopefully, previously requeued events are processed earlier. - -Reference:https://github.com/systemd/systemd/commit/82a5de9fd289e1d9b109528bcdddb74534e1a4bf -Conflict:adaption - ---- - src/udev/udevd.c | 40 +++++++++++++++++++++++++++++++++++++++- - 1 file changed, 39 insertions(+), 1 deletion(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index eebb2f8..e0f70cc 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -1033,6 +1033,40 @@ static int event_requeue(Event *event) { - return 0; - } - -+static int event_queue_assume_block_device_unlocked(Manager *manager, sd_device *dev) { -+ const char *devname; -+ Event * event; -+ int r; -+ -+ /* When a new event for a block device is queued or we get an inotify event, assume that the -+ * device is not locked anymore. The assumption may not be true, but that should not cause any -+ * issues, as in that case events will be requeued soon. */ -+ -+ r = device_get_block_device(dev, &devname); -+ if (r <= 0) -+ return r; -+ -+ LIST_FOREACH(event, event, manager->events) { -+ const char *event_devname; -+ -+ if (event->state != EVENT_QUEUED) -+ continue; -+ -+ if (event->retry_again_next_usec == 0) -+ continue; -+ -+ if (device_get_block_device(event->dev, &event_devname) <= 0) -+ continue; -+ -+ if (!streq(devname, event_devname)) -+ continue; -+ -+ event->retry_again_next_usec = 0; -+ } -+ -+ return 0; -+} -+ - static int event_queue_insert(Manager *manager, sd_device *dev) { - sd_device_action_t action; - uint64_t seqnum; -@@ -1095,6 +1129,8 @@ static int on_uevent(sd_device_monitor *monitor, sd_device *dev, void *userdata) - return 1; - } - -+ (void) event_queue_assume_block_device_unlocked(manager, dev); -+ - /* we have fresh events, try to schedule them */ - event_queue_start(manager); - -@@ -1426,8 +1462,10 @@ static int on_inotify(sd_event_source *s, int fd, uint32_t revents, void *userda - continue; - - log_device_debug(dev, "Inotify event: %x for %s", e->mask, devnode); -- if (e->mask & IN_CLOSE_WRITE) -+ if (e->mask & IN_CLOSE_WRITE) { -+ (void) event_queue_assume_block_device_unlocked(manager, dev); - (void) synthesize_change(dev); -+ } - - /* Do not handle IN_IGNORED here. It should be handled by worker in 'remove' uevent; - * udev_event_execute_rules() -> event_execute_rules_on_remove() -> udev_watch_end(). */ diff --git a/backport-udev-assume-there-is-no-blocker-when-failed-to-check-event.patch b/backport-udev-assume-there-is-no-blocker-when-failed-to-check-event.patch deleted file mode 100644 index ad64bd4..0000000 --- a/backport-udev-assume-there-is-no-blocker-when-failed-to-check-event.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 2d40f02ee4317233365f53c85234be3af6b000a6 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 12 Mar 2022 20:57:15 +0900 -Subject: [PATCH] udev: assume there is no blocker when failed to check event - dependencies - -Previously, if udevd failed to resolve event dependency, the event is -ignored and libudev listeners did not receive the event. This is -inconsistent with the case when a worker failed to process a event, -in that case, the original uevent sent by the kernel is broadcasted to -listeners. - -Reference:https://github.com/systemd/systemd/commit/2d40f02ee4317233365f53c85234be3af6b000a6 -Conflict:NA - ---- - src/udev/udevd.c | 13 +++++-------- - 1 file changed, 5 insertions(+), 8 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index f1f864a4610c..8c690357b8d3 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -951,24 +951,21 @@ static int event_queue_start(Manager *manager) { - - /* do not start event if parent or child event is still running or queued */ - r = event_is_blocked(event); -+ if (r > 0) -+ continue; - if (r < 0) { - sd_device_action_t a = _SD_DEVICE_ACTION_INVALID; - - (void) sd_device_get_action(event->dev, &a); - log_device_warning_errno(event->dev, r, -- "Failed to check event dependency, " -- "skipping event (SEQNUM=%"PRIu64", ACTION=%s)", -+ "Failed to check dependencies for event (SEQNUM=%"PRIu64", ACTION=%s), " -+ "assuming there is no blocking event, ignoring: %m", - event->seqnum, - strna(device_action_to_string(a))); -- -- event_free(event); -- return r; - } -- if (r > 0) -- continue; - - r = event_run(event); -- if (r <= 0) -+ if (r <= 0) /* 0 means there are no idle workers. Let's escape from the loop. */ - return r; - } - - \ No newline at end of file diff --git a/backport-udev-builtin-input_id-don-t-label-absolute-mice-as-p.patch b/backport-udev-builtin-input_id-don-t-label-absolute-mice-as-p.patch deleted file mode 100644 index 387daa8..0000000 --- a/backport-udev-builtin-input_id-don-t-label-absolute-mice-as-p.patch +++ /dev/null @@ -1,69 +0,0 @@ -From c6cdd3489f2abfd0a868ad5d8d42b166d7eec33f Mon Sep 17 00:00:00 2001 -From: Peter Hutterer -Date: Wed, 23 Feb 2022 09:12:43 +1000 -Subject: [PATCH] udev-builtin-input_id: don't label absolute mice as pointing - sticks - -The Getac UX10 tablet exposes a "CUST0000:00 0EEF:C002 Mouse" device -with BTN_LEFT/RIGHT and ABS_X/Y on the i2c bus. This causes the builtin -to incorrectly label it as pointing stick (all i2c mice are -tagged as ID_INPUT_POINTING_STICK, see 3d7ac1c655ec4). - -Fix this by adding a separate variable for absolute pointing -devices like the VMmouse USB mouse or this Getac tablet - this way we -skip the pointing stick check. - -See https://gitlab.freedesktop.org/libinput/libinput/-/issues/743 -for recordings. - -(cherry picked from commit 8ac9ec4d5c210825759d515422d3e66c20615fc1) -(cherry picked from commit ea5701eb64ff40f915567ae4088ffb7efc0f4155) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/c6cdd3489f2abfd0a868ad5d8d42b166d7eec33f ---- - src/udev/udev-builtin-input_id.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/udev/udev-builtin-input_id.c b/src/udev/udev-builtin-input_id.c -index dda53b6da0..f62dffbc58 100644 ---- a/src/udev/udev-builtin-input_id.c -+++ b/src/udev/udev-builtin-input_id.c -@@ -168,6 +168,7 @@ static bool test_pointers(sd_device *dev, - bool finger_but_no_pen = false; - bool has_mouse_button = false; - bool is_mouse = false; -+ bool is_abs_mouse = false; - bool is_touchpad = false; - bool is_touchscreen = false; - bool is_tablet = false; -@@ -232,7 +233,7 @@ static bool test_pointers(sd_device *dev, - else if (has_mouse_button) - /* This path is taken by VMware's USB mouse, which has - * absolute axes, but no touch/pressure button. */ -- is_mouse = true; -+ is_abs_mouse = true; - else if (has_touch || is_direct) - is_touchscreen = true; - else if (has_joystick_axes_or_buttons) -@@ -264,7 +265,7 @@ static bool test_pointers(sd_device *dev, - - if (is_pointing_stick) - udev_builtin_add_property(dev, test, "ID_INPUT_POINTINGSTICK", "1"); -- if (is_mouse) -+ if (is_mouse || is_abs_mouse) - udev_builtin_add_property(dev, test, "ID_INPUT_MOUSE", "1"); - if (is_touchpad) - udev_builtin_add_property(dev, test, "ID_INPUT_TOUCHPAD", "1"); -@@ -277,7 +278,7 @@ static bool test_pointers(sd_device *dev, - if (is_tablet_pad) - udev_builtin_add_property(dev, test, "ID_INPUT_TABLET_PAD", "1"); - -- return is_tablet || is_mouse || is_touchpad || is_touchscreen || is_joystick || is_pointing_stick; -+ return is_tablet || is_mouse || is_abs_mouse || is_touchpad || is_touchscreen || is_joystick || is_pointing_stick; - } - - /* key like devices */ --- -2.33.0 - diff --git a/backport-udev-cdrom_id-check-last-track-info.patch b/backport-udev-cdrom_id-check-last-track-info.patch deleted file mode 100644 index 04ced42..0000000 --- a/backport-udev-cdrom_id-check-last-track-info.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c3fcff52912b0323e11f535fce151dc758f111e6 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 14 Aug 2022 06:00:10 +0900 -Subject: [PATCH] udev/cdrom_id: check last track info - -Fixes off-by-one issue. - -Fixes #24306. - -(cherry picked from commit 628998ecfa0d39b38874e1aecdb28022f80f3269) -(cherry picked from commit c67a388aeffcdc27ff280f01b7939005f7a9c8e9) ---- - src/udev/cdrom_id/cdrom_id.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/udev/cdrom_id/cdrom_id.c b/src/udev/cdrom_id/cdrom_id.c -index cdb66bb3b7..964eb6988e 100644 ---- a/src/udev/cdrom_id/cdrom_id.c -+++ b/src/udev/cdrom_id/cdrom_id.c -@@ -704,7 +704,7 @@ static int cd_media_toc(Context *c) { - /* Take care to not iterate beyond the last valid track as specified in - * the TOC, but also avoid going beyond the TOC length, just in case - * the last track number is invalidly large */ -- for (size_t i = 4; i + 8 < len && num_tracks > 0; i += 8, --num_tracks) { -+ for (size_t i = 4; i + 8 <= len && num_tracks > 0; i += 8, --num_tracks) { - bool is_data_track; - uint32_t block; - --- -2.33.0 - diff --git a/backport-udev-certainly-restart-event-for-previously-locked-device.patch b/backport-udev-certainly-restart-event-for-previously-locked-device.patch deleted file mode 100644 index 83682e4..0000000 --- a/backport-udev-certainly-restart-event-for-previously-locked-device.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 4f294ffdf18ab9f187400dbbab593a980e60be89 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 26 Aug 2022 00:16:17 +0900 -Subject: [PATCH] udev: certainly restart event for previously locked device - -If udevd receives a uevent for a locked block device, then the event -is requeued. However, the queued event will be processed only when at -least one sd_event_source is processed. Hence, if udevd has no event -under processing, or receives no new uevent, etc., then the requeued -event will be never processed. - -Follow-up for 400e3d21f8cae53a8ba9f9567f244fbf6f3e076c. - -Fixes #24439. - -Reference:https://github.com/systemd/systemd/commit/4f294ffdf18ab9f187400dbbab593a980e60be89 -Conflict:adaption because previous commits in https://github.com/systemd/systemd/pull/23088 are not introduced - ---- - src/udev/udevd.c | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index a979d43..b15a9d4 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -129,8 +129,11 @@ typedef struct Event { - sd_device_action_t action; - uint64_t seqnum; - uint64_t blocker_seqnum; -+ -+ /* Used when the device is locked by another program. */ - usec_t retry_again_next_usec; - usec_t retry_again_timeout_usec; -+ sd_event_source *retry_event_source; - - sd_event_source *timeout_warning_event; - sd_event_source *timeout_event; -@@ -172,6 +175,7 @@ static Event *event_free(Event *event) { - LIST_REMOVE(event, event->manager->events, event); - sd_device_unref(event->dev); - -+ sd_event_source_unref(event->retry_event_source); - sd_event_source_unref(event->timeout_warning_event); - sd_event_source_unref(event->timeout_event); - -@@ -749,6 +753,8 @@ static int event_run(Event *event) { - - log_device_uevent(event->dev, "Device ready for processing"); - -+ (void) event_source_disable(event->retry_event_source); -+ - manager = event->manager; - HASHMAP_FOREACH(worker, manager->workers) { - if (worker->state != WORKER_IDLE) -@@ -995,6 +1001,11 @@ static int event_queue_start(Manager *manager) { - return 0; - } - -+static int on_event_retry(sd_event_source *s, uint64_t usec, void *userdata) { -+ /* This does nothing. The on_post() callback will start the event if there exists an idle worker. */ -+ return 1; -+} -+ - static int event_requeue(Event *event) { - usec_t now_usec; - int r; -@@ -1025,6 +1036,15 @@ static int event_requeue(Event *event) { - if (event->retry_again_timeout_usec == 0) - event->retry_again_timeout_usec = usec_add(now_usec, EVENT_RETRY_TIMEOUT_USEC); - -+ r = event_reset_time_relative(event->manager->event, &event->retry_event_source, -+ CLOCK_MONOTONIC, EVENT_RETRY_INTERVAL_USEC, 0, -+ on_event_retry, NULL, -+ 0, "retry-event", true); -+ if (r < 0) -+ return log_device_warning_errno(event->dev, r, "Failed to reset timer event source for retrying event, " -+ "skipping event (SEQNUM=%"PRIu64", ACTION=%s): %m", -+ event->seqnum, strna(device_action_to_string(event->action))); -+ - if (event->worker && event->worker->event == event) - event->worker->event = NULL; - event->worker = NULL; --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-do-not-try-to-find-blocker-again-when-no-blocker-found.patch b/backport-udev-do-not-try-to-find-blocker-again-when-no-blocker-found.patch deleted file mode 100644 index 7a122ff..0000000 --- a/backport-udev-do-not-try-to-find-blocker-again-when-no-blocker-found.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 044ac33c35ab1aeb35fc8b84462a9549cbbac294 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 16:57:32 +0900 -Subject: [PATCH] udev: do not try to find blocker again when no blocker found - previously - -Reference:https://github.com/systemd/systemd/commit/044ac33c35ab1aeb35fc8b84462a9549cbbac294 -Conflict:NA - ---- - src/udev/udevd.c | 45 +++++++++++++++++++++++++++++++++++---------- - 1 file changed, 35 insertions(+), 10 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 20bd556..be2c3ee 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -783,6 +783,35 @@ static int event_is_blocked(Event *event) { - - /* lookup event for identical, parent, child device */ - -+ assert(event); -+ assert(event->manager); -+ assert(event->blocker_seqnum <= event->seqnum); -+ -+ if (event->blocker_seqnum == event->seqnum) -+ /* we have checked previously and no blocker found */ -+ return false; -+ -+ LIST_FOREACH(event, loop_event, event->manager->events) { -+ /* we already found a later event, earlier cannot block us, no need to check again */ -+ if (loop_event->seqnum < event->blocker_seqnum) -+ continue; -+ -+ /* event we checked earlier still exists, no need to check again */ -+ if (loop_event->seqnum == event->blocker_seqnum) -+ return true; -+ -+ /* found ourself, no later event can block us */ -+ if (loop_event->seqnum >= event->seqnum) -+ goto no_blocker; -+ -+ /* found event we have not checked */ -+ break; -+ } -+ -+ assert(loop_event); -+ assert(loop_event->seqnum > event->blocker_seqnum && -+ loop_event->seqnum < event->seqnum); -+ - r = sd_device_get_subsystem(event->dev, &subsystem); - if (r < 0) - return r; -@@ -808,21 +837,13 @@ static int event_is_blocked(Event *event) { - return r; - - /* check if queue contains events we depend on */ -- LIST_FOREACH(event, loop_event, event->manager->events) { -+ LIST_FOREACH(event, loop_event, loop_event) { - size_t loop_devpath_len, common; - const char *loop_devpath; - -- /* we already found a later event, earlier cannot block us, no need to check again */ -- if (loop_event->seqnum < event->blocker_seqnum) -- continue; -- -- /* event we checked earlier still exists, no need to check again */ -- if (loop_event->seqnum == event->blocker_seqnum) -- return true; -- - /* found ourself, no later event can block us */ - if (loop_event->seqnum >= event->seqnum) -- return false; -+ goto no_blocker; - - /* check major/minor */ - if (major(devnum) != 0) { -@@ -882,6 +903,10 @@ static int event_is_blocked(Event *event) { - - event->blocker_seqnum = loop_event->seqnum; - return true; -+ -+no_blocker: -+ event->blocker_seqnum = event->seqnum; -+ return false; - } - - static int event_queue_start(Manager *manager) { --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-do-not-try-to-process-events-if-there-is-no-free-worker.patch b/backport-udev-do-not-try-to-process-events-if-there-is-no-free-worker.patch deleted file mode 100644 index b89df06..0000000 --- a/backport-udev-do-not-try-to-process-events-if-there-is-no-free-worker.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 5f4bca9dccdd9e9a888587c6224b08ae5fbe3bdb Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 15:51:34 +0900 -Subject: [PATCH] udev: do not try to process events if there is no free worker - -Reference:https://github.com/systemd/systemd/commit/5f4bca9dccdd9e9a888587c6224b08ae5fbe3bdb -Conflict:NA - ---- - src/udev/udevd.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 7f41336..e99c2c0 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -927,7 +927,7 @@ static int event_queue_start(Manager *manager) { - continue; - - r = event_run(event); -- if (r < 0) -+ if (r <= 0) - return r; - } - --- -2.33.0 - diff --git a/backport-udev-do-not-try-to-rename-interface-if-it-is-already.patch b/backport-udev-do-not-try-to-rename-interface-if-it-is-already.patch deleted file mode 100644 index 33a4b1b..0000000 --- a/backport-udev-do-not-try-to-rename-interface-if-it-is-already.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 214ea3a26e9cc5dda8530a45a71b052e75a250a4 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 24 Oct 2021 20:43:34 +0900 -Subject: [PATCH] udev: do not try to rename interface if it is already up - -See dev_change_name() in kernel's net/core/dev.c. - -Fixes #21105. - -(cherry picked from commit 6681eb021a0b56ef0dc849e3b358a515ece16482) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/214ea3a26e9cc5dda8530a45a71b052e75a250a4 ---- - src/udev/udev-event.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c -index b28089be71..9854270b27 100644 ---- a/src/udev/udev-event.c -+++ b/src/udev/udev-event.c -@@ -828,6 +828,7 @@ int udev_event_spawn(UdevEvent *event, - static int rename_netif(UdevEvent *event) { - sd_device *dev = event->dev; - const char *oldname; -+ unsigned flags; - int ifindex, r; - - if (!event->name) -@@ -855,6 +856,16 @@ static int rename_netif(UdevEvent *event) { - return 0; - } - -+ r = rtnl_get_link_info(&event->rtnl, ifindex, NULL, &flags); -+ if (r < 0) -+ return log_device_warning_errno(dev, r, "Failed to get link flags: %m"); -+ -+ if (FLAGS_SET(flags, IFF_UP)) { -+ log_device_info(dev, "Network interface '%s' is already up, refusing to rename to '%s'.", -+ oldname, event->name); -+ return 0; -+ } -+ - /* Set ID_RENAMING boolean property here, and drop it in the corresponding move uevent later. */ - r = device_add_property(dev, "ID_RENAMING", "1"); - if (r < 0) --- -2.33.0 - diff --git a/backport-udev-drop-unnecessary-calls-of-event_queue_start.patch b/backport-udev-drop-unnecessary-calls-of-event_queue_start.patch deleted file mode 100644 index d9766db..0000000 --- a/backport-udev-drop-unnecessary-calls-of-event_queue_start.patch +++ /dev/null @@ -1,80 +0,0 @@ -From 5fab6b7b18d0158c005a5bcf096face23377af72 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 26 Aug 2022 00:34:15 +0900 -Subject: [PATCH] udev: drop unnecessary calls of event_queue_start() - -As the subsequent call of on_post() will call it if necessary. - -This also drop unnecessary call of event_source_disable() for killing -idle workers, as the event source is disabled in event_queue_start(). - -Reference:https://github.com/systemd/systemd/commit/5fab6b7b18d0158c005a5bcf096face23377af72 -Conflict:adaption - ---- - src/udev/udevd.c | 21 --------------------- - 1 file changed, 21 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index b15a9d4..75e2086 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -1151,9 +1151,6 @@ static int on_uevent(sd_device_monitor *monitor, sd_device *dev, void *userdata) - - (void) event_queue_assume_block_device_unlocked(manager, dev); - -- /* we have fresh events, try to schedule them */ -- event_queue_start(manager); -- - return 1; - } - -@@ -1220,9 +1217,6 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - event_free(worker->event); - } - -- /* we have free workers, try to schedule events */ -- event_queue_start(manager); -- - return 1; - } - -@@ -1456,10 +1450,6 @@ static int on_inotify(sd_event_source *s, int fd, uint32_t revents, void *userda - - assert(manager); - -- r = event_source_disable(manager->kill_workers_event); -- if (r < 0) -- log_warning_errno(r, "Failed to disable event source for cleaning up idle workers, ignoring: %m"); -- - l = read(fd, &buffer, sizeof(buffer)); - if (l < 0) { - if (IN_SET(errno, EAGAIN, EINTR)) -@@ -1516,7 +1506,6 @@ static int on_sighup(sd_event_source *s, const struct signalfd_siginfo *si, void - - static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, void *userdata) { - Manager *manager = userdata; -- int r; - - assert(manager); - -@@ -1565,16 +1554,6 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi - worker_free(worker); - } - -- /* we can start new workers, try to schedule events */ -- event_queue_start(manager); -- -- /* Disable unnecessary cleanup event */ -- if (hashmap_isempty(manager->workers)) { -- r = event_source_disable(manager->kill_workers_event); -- if (r < 0) -- log_warning_errno(r, "Failed to disable event source for cleaning up idle workers, ignoring: %m"); -- } -- - return 1; - } - --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-drop-unnecessary-clone-of-received-sd-device-object.patch b/backport-udev-drop-unnecessary-clone-of-received-sd-device-object.patch deleted file mode 100644 index 3a33f70..0000000 --- a/backport-udev-drop-unnecessary-clone-of-received-sd-device-object.patch +++ /dev/null @@ -1,85 +0,0 @@ -From c9473aaa5b69c47edab365b46abee6e9ab5b18dc Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 01:13:39 +0900 -Subject: [PATCH] udev: drop unnecessary clone of received sd-device object - -As the sd-device object received through sd-device-monitor is sealed, -so the corresponding udev database or uevent file will not be read. - -Reference:https://github.com/systemd/systemd/commit/c9473aaa5b69c47edab365b46abee6e9ab5b18dc -Conflict:adaption - ---- - src/udev/udevd.c | 21 ++++----------------- - 1 file changed, 4 insertions(+), 17 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 108142e9c619..05397df7a429 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -124,7 +124,6 @@ typedef struct Event { - EventState state; - - sd_device *dev; -- sd_device *dev_kernel; /* clone of originally received device */ - - uint64_t seqnum; - uint64_t blocker_seqnum; -@@ -163,7 +162,6 @@ static Event *event_free(Event *event) { - - LIST_REMOVE(event, event->manager->events, event); - sd_device_unref(event->dev); -- sd_device_unref(event->dev_kernel); - - sd_event_source_unref(event->timeout_warning_event); - sd_event_source_unref(event->timeout_event); -@@ -973,9 +971,8 @@ static int event_queue_start(Manager *manager) { - } - - static int event_queue_insert(Manager *manager, sd_device *dev) { -- _cleanup_(sd_device_unrefp) sd_device *clone = NULL; -- Event *event; - uint64_t seqnum; -+ Event *event; - int r; - - assert(manager); -@@ -989,15 +986,6 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - if (r < 0) - return r; - -- /* Save original device to restore the state on failures. */ -- r = device_shallow_clone(dev, &clone); -- if (r < 0) -- return r; -- -- r = device_copy_properties(clone, dev); -- if (r < 0) -- return r; -- - event = new(Event, 1); - if (!event) - return -ENOMEM; -@@ -1005,7 +993,6 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - *event = (Event) { - .manager = manager, - .dev = sd_device_ref(dev), -- .dev_kernel = TAKE_PTR(clone), - .seqnum = seqnum, - .state = EVENT_QUEUED, - }; -@@ -1440,10 +1427,10 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi - device_tag_index(worker->event->dev, NULL, false); - - if (manager->monitor) { -- /* Forward kernel event unchanged */ -- r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev_kernel); -+ /* Forward kernel event to libudev listeners */ -+ r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev); - if (r < 0) -- log_device_warning_errno(worker->event->dev_kernel, r, -+ log_device_warning_errno(worker->event->dev, r, - "Failed to broadcast failed event to libudev listeners, ignoring: %m"); - } - } - \ No newline at end of file diff --git a/backport-udev-fix-inversed-inequality-for-timeout-of-retrying-event.patch b/backport-udev-fix-inversed-inequality-for-timeout-of-retrying-event.patch deleted file mode 100644 index b8c6fbe..0000000 --- a/backport-udev-fix-inversed-inequality-for-timeout-of-retrying-event.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 400e3d21f8cae53a8ba9f9567f244fbf6f3e076c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 19 Aug 2022 21:25:03 +0900 -Subject: [PATCH] udev: fix inversed inequality for timeout of retrying event - -Follow-up for 5d354e525a56955ae7f68062e283dda85ab07794. - -Reference:https://github.com/systemd/systemd/commit/400e3d21f8cae53a8ba9f9567f244fbf6f3e076c -Conflict:NA - ---- - src/udev/udevd.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index a6926bbfb71d..01162bc7b601 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -898,7 +898,7 @@ static int event_is_blocked(Event *event) { - if (r < 0) - return r; - -- if (event->retry_again_next_usec <= now_usec) -+ if (event->retry_again_next_usec > now_usec) - return true; - } - diff --git a/backport-udev-fix-potential-memleak.patch b/backport-udev-fix-potential-memleak.patch deleted file mode 100644 index 27c77fd..0000000 --- a/backport-udev-fix-potential-memleak.patch +++ /dev/null @@ -1,37 +0,0 @@ -From f4a8e2c2115fc901e588a1672f129e7e3371f5d7 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 27 Aug 2021 17:27:26 +0900 -Subject: [PATCH] udev: fix potential memleak - -(cherry picked from commit 4154524d47d24bcee3ebfed939912a847ebeb1b3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/f4a8e2c2115fc901e588a1672f129e7e3371f5d7 ---- - src/udev/udev-builtin-net_id.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c -index 92917852ba..2699a8929f 100644 ---- a/src/udev/udev-builtin-net_id.c -+++ b/src/udev/udev-builtin-net_id.c -@@ -103,7 +103,6 @@ static int get_virtfn_info(sd_device *dev, struct netnames *names, struct virtfn - _cleanup_(sd_device_unrefp) sd_device *physfn_pcidev = NULL; - const char *physfn_link_file, *syspath; - _cleanup_free_ char *physfn_pci_syspath = NULL; -- _cleanup_free_ char *virtfn_pci_syspath = NULL; - struct dirent *dent; - _cleanup_closedir_ DIR *dir = NULL; - char suffix[ALTIFNAMSIZ]; -@@ -134,7 +133,7 @@ static int get_virtfn_info(sd_device *dev, struct netnames *names, struct virtfn - return -errno; - - FOREACH_DIRENT_ALL(dent, dir, break) { -- _cleanup_free_ char *virtfn_link_file = NULL; -+ _cleanup_free_ char *virtfn_link_file = NULL, *virtfn_pci_syspath = NULL; - - if (!startswith(dent->d_name, "virtfn")) - continue; --- -2.33.0 - diff --git a/backport-udev-introduce-device_broadcast_helper_function.patch b/backport-udev-introduce-device_broadcast_helper_function.patch deleted file mode 100644 index 661dd74..0000000 --- a/backport-udev-introduce-device_broadcast_helper_function.patch +++ /dev/null @@ -1,66 +0,0 @@ -From c17ab900cbb47f0c136b141bb83557f112501707 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 02:33:55 +0900 -Subject: [PATCH] udev: introduce device_broadcast() helper function - -Reference:https://github.com/systemd/systemd/commit/c17ab900cbb47f0c136b141bb83557f112501707 -Conflict:NA - ---- - src/udev/udevd.c | 28 ++++++++++++++++++---------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 05397df7a429..53728c9f7971 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -344,6 +344,21 @@ static int on_kill_workers_event(sd_event_source *s, uint64_t usec, void *userda - return 1; - } - -+static void device_broadcast(sd_device_monitor *monitor, sd_device *dev) { -+ int r; -+ -+ assert(dev); -+ -+ /* On exit, manager->monitor is already NULL. */ -+ if (!monitor) -+ return; -+ -+ r = device_monitor_send_device(monitor, NULL, dev); -+ if (r < 0) -+ log_device_warning_errno(dev, r, -+ "Failed to broadcast event to libudev listeners, ignoring: %m"); -+} -+ - static int worker_send_message(int fd) { - WorkerMessage message = {}; - -@@ -558,9 +573,7 @@ static int worker_device_monitor_handler(sd_device_monitor *monitor, sd_device * - log_device_warning_errno(dev, r, "Failed to process device, ignoring: %m"); - - /* send processed event back to libudev listeners */ -- r = device_monitor_send_device(monitor, NULL, dev); -- if (r < 0) -- log_device_warning_errno(dev, r, "Failed to send device, ignoring: %m"); -+ device_broadcast(monitor, dev); - } - - /* send udevd the result of the event execution */ -@@ -1426,13 +1439,8 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi - device_delete_db(worker->event->dev); - device_tag_index(worker->event->dev, NULL, false); - -- if (manager->monitor) { -- /* Forward kernel event to libudev listeners */ -- r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev); -- if (r < 0) -- log_device_warning_errno(worker->event->dev, r, -- "Failed to broadcast failed event to libudev listeners, ignoring: %m"); -- } -+ /* Forward kernel event to libudev listeners */ -+ device_broadcast(manager->monitor, worker->event->dev); - } - - worker_free(worker); - \ No newline at end of file diff --git a/backport-udev-make-event_free-return-NULL.patch b/backport-udev-make-event_free-return-NULL.patch deleted file mode 100644 index 662e6b7..0000000 --- a/backport-udev-make-event_free-return-NULL.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 5393c52897ff5b57686c867fcab77f9740f4af24 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 15:21:27 +0900 -Subject: [PATCH] udev: make event_free() return NULL - -Reference:https://github.com/systemd/systemd/commit/5393c52897ff5b57686c867fcab77f9740f4af24.patch -Conflict:NA ---- - src/udev/udevd.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 34a5c9d5d8ee..bb7c0eabe420 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -152,9 +152,9 @@ typedef struct Worker { - typedef struct WorkerMessage { - } WorkerMessage; - --static void event_free(Event *event) { -+static Event *event_free(Event *event) { - if (!event) -- return; -+ return NULL; - - assert(event->manager); - -@@ -174,7 +174,7 @@ static void event_free(Event *event) { - if (unlink("/run/udev/queue") < 0 && errno != ENOENT) - log_warning_errno(errno, "Failed to unlink /run/udev/queue, ignoring: %m"); - -- free(event); -+ return mfree(event); - } - - static void event_queue_cleanup(Manager *manager, EventState match_state) { diff --git a/backport-udev-make-event_queue_start-return-negative-errno-on-error.patch b/backport-udev-make-event_queue_start-return-negative-errno-on-error.patch deleted file mode 100644 index 73ee2f7..0000000 --- a/backport-udev-make-event_queue_start-return-negative-errno-on-error.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 0744e74c526814e28f2fbcea128f40ed36341fcd Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 15:29:02 +0900 -Subject: [PATCH] udev: make event_queue_start() return negative errno on error - -Reference:https://github.com/systemd/systemd/commit/0744e74c526814e28f2fbcea128f40ed36341fcd -Conflict:NA - ---- - src/udev/udevd.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 1b1b126..279b409 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -879,7 +879,7 @@ set_delaying_seqnum: - return true; - } - --static void event_queue_start(Manager *manager) { -+static int event_queue_start(Manager *manager) { - Event *event; - usec_t usec; - int r; -@@ -888,7 +888,7 @@ static void event_queue_start(Manager *manager) { - - if (LIST_IS_EMPTY(manager->events) || - manager->exit || manager->stop_exec_queue) -- return; -+ return 0; - - assert_se(sd_event_now(manager->event, CLOCK_MONOTONIC, &usec) >= 0); - /* check for changed config, every 3 seconds at most */ -@@ -909,10 +909,8 @@ static void event_queue_start(Manager *manager) { - - if (!manager->rules) { - r = udev_rules_load(&manager->rules, arg_resolve_name_timing); -- if (r < 0) { -- log_warning_errno(r, "Failed to read udev rules: %m"); -- return; -- } -+ if (r < 0) -+ return log_warning_errno(r, "Failed to read udev rules: %m"); - } - - LIST_FOREACH(event, event, manager->events) { -@@ -925,6 +923,8 @@ static void event_queue_start(Manager *manager) { - - event_run(manager, event); - } -+ -+ return 0; - } - - static int event_queue_insert(Manager *manager, sd_device *dev) { --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-move-several-functions.patch b/backport-udev-move-several-functions.patch deleted file mode 100644 index 7d69b04..0000000 --- a/backport-udev-move-several-functions.patch +++ /dev/null @@ -1,544 +0,0 @@ -From 419ec631358c8bf7013db01ae42763e6971d8765 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 15:14:59 +0900 -Subject: [PATCH] udev: move several functions - -No functional chage. - -Reference:https://github.com/systemd/systemd/commit/419ec631358c8bf7013db01ae42763e6971d8765 -Conflict:adaption - ---- - src/udev/udevd.c | 434 +++++++++++++++++++++++------------------------ - 1 file changed, 216 insertions(+), 218 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 9c9487f..018809e 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -134,8 +134,6 @@ typedef struct Event { - LIST_FIELDS(Event, event); - } Event; - --static void event_queue_cleanup(Manager *manager, EventState match_state); -- - typedef enum WorkerState { - WORKER_UNDEF, - WORKER_RUNNING, -@@ -181,6 +179,17 @@ static void event_free(Event *event) { - free(event); - } - -+static void event_queue_cleanup(Manager *manager, EventState match_state) { -+ Event *event, *tmp; -+ -+ LIST_FOREACH_SAFE(event, event, tmp, manager->events) { -+ if (match_state != EVENT_UNDEF && match_state != event->state) -+ continue; -+ -+ event_free(event); -+ } -+} -+ - static Worker *worker_free(Worker *worker) { - if (!worker) - return NULL; -@@ -197,6 +206,48 @@ static Worker *worker_free(Worker *worker) { - DEFINE_TRIVIAL_CLEANUP_FUNC(Worker*, worker_free); - DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(worker_hash_op, void, trivial_hash_func, trivial_compare_func, Worker, worker_free); - -+static void manager_clear_for_worker(Manager *manager) { -+ assert(manager); -+ -+ manager->inotify_event = sd_event_source_unref(manager->inotify_event); -+ manager->kill_workers_event = sd_event_source_unref(manager->kill_workers_event); -+ -+ manager->event = sd_event_unref(manager->event); -+ -+ manager->workers = hashmap_free(manager->workers); -+ event_queue_cleanup(manager, EVENT_UNDEF); -+ -+ manager->monitor = sd_device_monitor_unref(manager->monitor); -+ manager->ctrl = udev_ctrl_unref(manager->ctrl); -+ -+ manager->worker_watch[READ_END] = safe_close(manager->worker_watch[READ_END]); -+} -+ -+static Manager* manager_free(Manager *manager) { -+ if (!manager) -+ return NULL; -+ -+ udev_builtin_exit(); -+ -+ if (manager->pid == getpid_cached()) -+ udev_ctrl_cleanup(manager->ctrl); -+ -+ manager_clear_for_worker(manager); -+ -+ sd_netlink_unref(manager->rtnl); -+ -+ hashmap_free_free_free(manager->properties); -+ udev_rules_free(manager->rules); -+ -+ safe_close(manager->inotify_fd); -+ safe_close_pair(manager->worker_watch); -+ -+ free(manager->cgroup); -+ return mfree(manager); -+} -+ -+DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); -+ - static int worker_new(Worker **ret, Manager *manager, sd_device_monitor *worker_monitor, pid_t pid) { - _cleanup_(worker_freep) Worker *worker = NULL; - int r; -@@ -228,97 +279,75 @@ static int worker_new(Worker **ret, Manager *manager, sd_device_monitor *worker_ - return 0; - } - --static int on_event_timeout(sd_event_source *s, uint64_t usec, void *userdata) { -- Event *event = userdata; -- -- assert(event); -- assert(event->worker); -- -- kill_and_sigcont(event->worker->pid, arg_timeout_signal); -- event->worker->state = WORKER_KILLED; -- -- log_device_error(event->dev, "Worker ["PID_FMT"] processing SEQNUM=%"PRIu64" killed", event->worker->pid, event->seqnum); -- -- return 1; --} -+static void manager_kill_workers(Manager *manager, bool force) { -+ Worker *worker; - --static int on_event_timeout_warning(sd_event_source *s, uint64_t usec, void *userdata) { -- Event *event = userdata; -+ assert(manager); - -- assert(event); -- assert(event->worker); -+ HASHMAP_FOREACH(worker, manager->workers) { -+ if (worker->state == WORKER_KILLED) -+ continue; - -- log_device_warning(event->dev, "Worker ["PID_FMT"] processing SEQNUM=%"PRIu64" is taking a long time", event->worker->pid, event->seqnum); -+ if (worker->state == WORKER_RUNNING && !force) { -+ worker->state = WORKER_KILLING; -+ continue; -+ } - -- return 1; -+ worker->state = WORKER_KILLED; -+ (void) kill(worker->pid, SIGTERM); -+ } - } - --static void worker_attach_event(Worker *worker, Event *event) { -- sd_event *e; -- -- assert(worker); -- assert(worker->manager); -- assert(event); -- assert(!event->worker); -- assert(!worker->event); -- -- worker->state = WORKER_RUNNING; -- worker->event = event; -- event->state = EVENT_RUNNING; -- event->worker = worker; -- -- e = worker->manager->event; -+static void manager_exit(Manager *manager) { -+ assert(manager); - -- (void) sd_event_add_time_relative(e, &event->timeout_warning_event, CLOCK_MONOTONIC, -- udev_warn_timeout(arg_event_timeout_usec), USEC_PER_SEC, -- on_event_timeout_warning, event); -+ manager->exit = true; - -- (void) sd_event_add_time_relative(e, &event->timeout_event, CLOCK_MONOTONIC, -- arg_event_timeout_usec, USEC_PER_SEC, -- on_event_timeout, event); --} -+ sd_notify(false, -+ "STOPPING=1\n" -+ "STATUS=Starting shutdown..."); - --static void manager_clear_for_worker(Manager *manager) { -- assert(manager); -+ /* close sources of new events and discard buffered events */ -+ manager->ctrl = udev_ctrl_unref(manager->ctrl); - - manager->inotify_event = sd_event_source_unref(manager->inotify_event); -- manager->kill_workers_event = sd_event_source_unref(manager->kill_workers_event); -- -- manager->event = sd_event_unref(manager->event); -- -- manager->workers = hashmap_free(manager->workers); -- event_queue_cleanup(manager, EVENT_UNDEF); -+ manager->inotify_fd = safe_close(manager->inotify_fd); - - manager->monitor = sd_device_monitor_unref(manager->monitor); -- manager->ctrl = udev_ctrl_unref(manager->ctrl); - -- manager->worker_watch[READ_END] = safe_close(manager->worker_watch[READ_END]); -+ /* discard queued events and kill workers */ -+ event_queue_cleanup(manager, EVENT_QUEUED); -+ manager_kill_workers(manager, true); - } - --static Manager* manager_free(Manager *manager) { -- if (!manager) -- return NULL; -+/* reload requested, HUP signal received, rules changed, builtin changed */ -+static void manager_reload(Manager *manager) { - -- udev_builtin_exit(); -+ assert(manager); - -- if (manager->pid == getpid_cached()) -- udev_ctrl_cleanup(manager->ctrl); -+ sd_notify(false, -+ "RELOADING=1\n" -+ "STATUS=Flushing configuration..."); - -- manager_clear_for_worker(manager); -+ manager_kill_workers(manager, false); -+ manager->rules = udev_rules_free(manager->rules); -+ udev_builtin_exit(); - -- sd_netlink_unref(manager->rtnl); -+ sd_notifyf(false, -+ "READY=1\n" -+ "STATUS=Processing with %u children at max", arg_children_max); -+} - -- hashmap_free_free_free(manager->properties); -- udev_rules_free(manager->rules); -+static int on_kill_workers_event(sd_event_source *s, uint64_t usec, void *userdata) { -+ Manager *manager = userdata; - -- safe_close(manager->inotify_fd); -- safe_close_pair(manager->worker_watch); -+ assert(manager); - -- free(manager->cgroup); -- return mfree(manager); --} -+ log_debug("Cleanup idle workers"); -+ manager_kill_workers(manager, false); - --DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); -+ return 1; -+} - - static int worker_send_message(int fd) { - WorkerMessage message = {}; -@@ -597,6 +626,56 @@ static int worker_main(Manager *_manager, sd_device_monitor *monitor, sd_device - return 0; - } - -+static int on_event_timeout(sd_event_source *s, uint64_t usec, void *userdata) { -+ Event *event = userdata; -+ -+ assert(event); -+ assert(event->worker); -+ -+ kill_and_sigcont(event->worker->pid, arg_timeout_signal); -+ event->worker->state = WORKER_KILLED; -+ -+ log_device_error(event->dev, "Worker ["PID_FMT"] processing SEQNUM=%"PRIu64" killed", event->worker->pid, event->seqnum); -+ -+ return 1; -+} -+ -+static int on_event_timeout_warning(sd_event_source *s, uint64_t usec, void *userdata) { -+ Event *event = userdata; -+ -+ assert(event); -+ assert(event->worker); -+ -+ log_device_warning(event->dev, "Worker ["PID_FMT"] processing SEQNUM=%"PRIu64" is taking a long time", event->worker->pid, event->seqnum); -+ -+ return 1; -+} -+ -+static void worker_attach_event(Worker *worker, Event *event) { -+ sd_event *e; -+ -+ assert(worker); -+ assert(worker->manager); -+ assert(event); -+ assert(!event->worker); -+ assert(!worker->event); -+ -+ worker->state = WORKER_RUNNING; -+ worker->event = event; -+ event->state = EVENT_RUNNING; -+ event->worker = worker; -+ -+ e = worker->manager->event; -+ -+ (void) sd_event_add_time_relative(e, &event->timeout_warning_event, CLOCK_MONOTONIC, -+ udev_warn_timeout(arg_event_timeout_usec), USEC_PER_SEC, -+ on_event_timeout_warning, event); -+ -+ (void) sd_event_add_time_relative(e, &event->timeout_event, CLOCK_MONOTONIC, -+ arg_event_timeout_usec, USEC_PER_SEC, -+ on_event_timeout, event); -+} -+ - static int worker_spawn(Manager *manager, Event *event) { - _cleanup_(sd_device_monitor_unrefp) sd_device_monitor *worker_monitor = NULL; - Worker *worker; -@@ -689,76 +768,6 @@ static void event_run(Manager *manager, Event *event) { - worker_spawn(manager, event); - } - --static int event_queue_insert(Manager *manager, sd_device *dev) { -- _cleanup_(sd_device_unrefp) sd_device *clone = NULL; -- Event *event; -- uint64_t seqnum; -- int r; -- -- assert(manager); -- assert(dev); -- -- /* only one process can add events to the queue */ -- assert(manager->pid == getpid_cached()); -- -- /* We only accepts devices received by device monitor. */ -- r = sd_device_get_seqnum(dev, &seqnum); -- if (r < 0) -- return r; -- -- /* Save original device to restore the state on failures. */ -- r = device_shallow_clone(dev, &clone); -- if (r < 0) -- return r; -- -- r = device_copy_properties(clone, dev); -- if (r < 0) -- return r; -- -- event = new(Event, 1); -- if (!event) -- return -ENOMEM; -- -- *event = (Event) { -- .manager = manager, -- .dev = sd_device_ref(dev), -- .dev_kernel = TAKE_PTR(clone), -- .seqnum = seqnum, -- .state = EVENT_QUEUED, -- }; -- -- if (LIST_IS_EMPTY(manager->events)) { -- r = touch("/run/udev/queue"); -- if (r < 0) -- log_warning_errno(r, "Failed to touch /run/udev/queue: %m"); -- } -- -- LIST_APPEND(event, manager->events, event); -- -- log_device_uevent(dev, "Device is queued"); -- -- return 0; --} -- --static void manager_kill_workers(Manager *manager, bool force) { -- Worker *worker; -- -- assert(manager); -- -- HASHMAP_FOREACH(worker, manager->workers) { -- if (worker->state == WORKER_KILLED) -- continue; -- -- if (worker->state == WORKER_RUNNING && !force) { -- worker->state = WORKER_KILLING; -- continue; -- } -- -- worker->state = WORKER_KILLED; -- (void) kill(worker->pid, SIGTERM); -- } --} -- - /* lookup event for identical, parent, child device */ - static int is_device_busy(Manager *manager, Event *event) { - const char *subsystem, *devpath, *devpath_old = NULL; -@@ -870,57 +879,6 @@ set_delaying_seqnum: - return true; - } - --static void manager_exit(Manager *manager) { -- assert(manager); -- -- manager->exit = true; -- -- sd_notify(false, -- "STOPPING=1\n" -- "STATUS=Starting shutdown..."); -- -- /* close sources of new events and discard buffered events */ -- manager->ctrl = udev_ctrl_unref(manager->ctrl); -- -- manager->inotify_event = sd_event_source_unref(manager->inotify_event); -- manager->inotify_fd = safe_close(manager->inotify_fd); -- -- manager->monitor = sd_device_monitor_unref(manager->monitor); -- -- /* discard queued events and kill workers */ -- event_queue_cleanup(manager, EVENT_QUEUED); -- manager_kill_workers(manager, true); --} -- --/* reload requested, HUP signal received, rules changed, builtin changed */ --static void manager_reload(Manager *manager) { -- -- assert(manager); -- -- sd_notify(false, -- "RELOADING=1\n" -- "STATUS=Flushing configuration..."); -- -- manager_kill_workers(manager, false); -- manager->rules = udev_rules_free(manager->rules); -- udev_builtin_exit(); -- -- sd_notifyf(false, -- "READY=1\n" -- "STATUS=Processing with %u children at max", arg_children_max); --} -- --static int on_kill_workers_event(sd_event_source *s, uint64_t usec, void *userdata) { -- Manager *manager = userdata; -- -- assert(manager); -- -- log_debug("Cleanup idle workers"); -- manager_kill_workers(manager, false); -- -- return 1; --} -- - static void event_queue_start(Manager *manager) { - Event *event; - usec_t usec; -@@ -969,15 +927,77 @@ static void event_queue_start(Manager *manager) { - } - } - --static void event_queue_cleanup(Manager *manager, EventState match_state) { -- Event *event, *tmp; -+static int event_queue_insert(Manager *manager, sd_device *dev) { -+ _cleanup_(sd_device_unrefp) sd_device *clone = NULL; -+ Event *event; -+ uint64_t seqnum; -+ int r; - -- LIST_FOREACH_SAFE(event, event, tmp, manager->events) { -- if (match_state != EVENT_UNDEF && match_state != event->state) -- continue; -+ assert(manager); -+ assert(dev); - -- event_free(event); -+ /* only one process can add events to the queue */ -+ assert(manager->pid == getpid_cached()); -+ -+ /* We only accepts devices received by device monitor. */ -+ r = sd_device_get_seqnum(dev, &seqnum); -+ if (r < 0) -+ return r; -+ -+ /* Save original device to restore the state on failures. */ -+ r = device_shallow_clone(dev, &clone); -+ if (r < 0) -+ return r; -+ -+ r = device_copy_properties(clone, dev); -+ if (r < 0) -+ return r; -+ -+ event = new(Event, 1); -+ if (!event) -+ return -ENOMEM; -+ -+ *event = (Event) { -+ .manager = manager, -+ .dev = sd_device_ref(dev), -+ .dev_kernel = TAKE_PTR(clone), -+ .seqnum = seqnum, -+ .state = EVENT_QUEUED, -+ }; -+ -+ if (LIST_IS_EMPTY(manager->events)) { -+ r = touch("/run/udev/queue"); -+ if (r < 0) -+ log_warning_errno(r, "Failed to touch /run/udev/queue: %m"); -+ } -+ -+ LIST_APPEND(event, manager->events, event); -+ -+ log_device_uevent(dev, "Device is queued"); -+ -+ return 0; -+} -+ -+static int on_uevent(sd_device_monitor *monitor, sd_device *dev, void *userdata) { -+ Manager *manager = userdata; -+ int r; -+ -+ assert(manager); -+ -+ DEVICE_TRACE_POINT(kernel_uevent_received, dev); -+ -+ device_ensure_usec_initialized(dev, NULL); -+ -+ r = event_queue_insert(manager, dev); -+ if (r < 0) { -+ log_device_error_errno(dev, r, "Failed to insert device into event queue: %m"); -+ return 1; - } -+ -+ /* we have fresh events, try to schedule them */ -+ event_queue_start(manager); -+ -+ return 1; - } - - static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdata) { -@@ -1047,28 +1067,6 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - return 1; - } - --static int on_uevent(sd_device_monitor *monitor, sd_device *dev, void *userdata) { -- Manager *manager = userdata; -- int r; -- -- assert(manager); -- -- DEVICE_TRACE_POINT(kernel_uevent_received, dev); -- -- device_ensure_usec_initialized(dev, NULL); -- -- r = event_queue_insert(manager, dev); -- if (r < 0) { -- log_device_error_errno(dev, r, "Failed to insert device into event queue: %m"); -- return 1; -- } -- -- /* we have fresh events, try to schedule them */ -- event_queue_start(manager); -- -- return 1; --} -- - /* receive the udevd message from userspace */ - static int on_ctrl_msg(UdevCtrl *uctrl, UdevCtrlMessageType type, const UdevCtrlMessageValue *value, void *userdata) { - Manager *manager = userdata; --- -2.33.0 diff --git a/backport-udev-node-add-random-delay-on-conflict-in-updating-d.patch b/backport-udev-node-add-random-delay-on-conflict-in-updating-d.patch deleted file mode 100644 index e4d4930..0000000 --- a/backport-udev-node-add-random-delay-on-conflict-in-updating-d.patch +++ /dev/null @@ -1,64 +0,0 @@ -From fca1dafcc29f123aadfd8a2bc5ebfc2468284a6a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 04:34:48 +0900 -Subject: [PATCH] udev-node: add random delay on conflict in updating device - node symlink - -To make multiple workers not update the same device node symlink -simultaneously. - -(cherry picked from commit 0063fa23a1384dd4385d03b568dc629916b7e72a) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/fca1dafcc29f123aadfd8a2bc5ebfc2468284a6a ---- - src/udev/udev-node.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 2e7df899e4..d8edf39aec 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -20,12 +20,14 @@ - #include "mkdir.h" - #include "parse-util.h" - #include "path-util.h" -+#include "random-util.h" - #include "selinux-util.h" - #include "smack-util.h" - #include "stat-util.h" - #include "stdio-util.h" - #include "string-util.h" - #include "strxcpyx.h" -+#include "time-util.h" - #include "udev-node.h" - #include "user-util.h" - -@@ -33,6 +35,8 @@ - #define LINK_UPDATE_MAX_RETRIES 128 - #define CREATE_STACK_LINK_MAX_RETRIES 128 - #define UPDATE_TIMESTAMP_MAX_RETRIES 128 -+#define MAX_RANDOM_DELAY (250 * USEC_PER_MSEC) -+#define MIN_RANDOM_DELAY ( 50 * USEC_PER_MSEC) - #define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f) - - static int create_symlink(const char *target, const char *slink) { -@@ -447,6 +451,15 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - _cleanup_free_ char *target = NULL; - struct stat st1 = {}, st2 = {}; - -+ if (i > 0) { -+ char buf[FORMAT_TIMESPAN_MAX]; -+ usec_t delay = MIN_RANDOM_DELAY + random_u64_range(MAX_RANDOM_DELAY - MIN_RANDOM_DELAY); -+ -+ log_device_debug(dev, "Directory %s was updated, retrying to update devlink %s after %s.", -+ dirname, slink, format_timespan(buf, sizeof(buf), delay, USEC_PER_MSEC)); -+ (void) usleep(delay); -+ } -+ - if (stat(dirname, &st1) < 0 && errno != ENOENT) - return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); - --- -2.33.0 - diff --git a/backport-udev-node-always-atomically-create-symlink-to-device.patch b/backport-udev-node-always-atomically-create-symlink-to-device.patch deleted file mode 100644 index 6121dfc..0000000 --- a/backport-udev-node-always-atomically-create-symlink-to-device.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 0116618b67980eeb8d82d09050087ed245630efe Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 02:20:33 +0900 -Subject: [PATCH] udev-node: always atomically create symlink to device node - -By the previous commit, it is not necessary to distinguish if the devlink -already exists. Also, I cannot find any significant advantages of the -previous complecated logic, that is, first try to create directly, and then -fallback to atomically creation. Moreover, such logic increases the chance -of conflicts between multiple udev workers. - -This makes devlinks always created atomically. Hopefully, this reduces the -conflicts between the workers. - -(cherry picked from commit 242d39ebc1391f4734f6e63ff13764de92bc5f70) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/0116618b67980eeb8d82d09050087ed245630efe ---- - src/udev/udev-node.c | 42 +++++++++--------------------------------- - 1 file changed, 9 insertions(+), 33 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 1a34ea8128..46c04fe00b 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -71,6 +71,13 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) { - assert(node); - assert(slink); - -+ if (lstat(slink, &stats) >= 0) { -+ if (!S_ISLNK(stats.st_mode)) -+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST), -+ "Conflicting inode '%s' found, link to '%s' will not be created.", slink, node); -+ } else if (errno != ENOENT) -+ return log_device_debug_errno(dev, errno, "Failed to lstat() '%s': %m", slink); -+ - r = path_extract_directory(slink, &slink_dirname); - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get parent directory of '%s': %m", slink); -@@ -80,41 +87,11 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) { - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get relative path from '%s' to '%s': %m", slink, node); - -- if (lstat(slink, &stats) >= 0) { -- _cleanup_free_ char *buf = NULL; -- -- if (!S_ISLNK(stats.st_mode)) -- return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST), -- "Conflicting inode '%s' found, link to '%s' will not be created.", slink, node); -- -- if (readlink_malloc(slink, &buf) >= 0 && -- path_equal(target, buf)) { -- /* preserve link with correct target, do not replace node of other device */ -- log_device_debug(dev, "Preserve already existing symlink '%s' to '%s'", slink, target); -- -- (void) label_fix(slink, LABEL_IGNORE_ENOENT); -- (void) utimensat(AT_FDCWD, slink, NULL, AT_SYMLINK_NOFOLLOW); -- -- return 0; -- } -- } else if (errno == ENOENT) { -- log_device_debug(dev, "Creating symlink '%s' to '%s'", slink, target); -- -- r = create_symlink(target, slink); -- if (r >= 0) -- return 0; -- -- log_device_debug_errno(dev, r, "Failed to create symlink '%s' to '%s', trying to replace '%s': %m", slink, target, slink); -- } else -- return log_device_debug_errno(dev, errno, "Failed to lstat() '%s': %m", slink); -- -- log_device_debug(dev, "Atomically replace '%s'", slink); -- - r = device_get_device_id(dev, &id); - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get device id: %m"); -- slink_tmp = strjoina(slink, ".tmp-", id); - -+ slink_tmp = strjoina(slink, ".tmp-", id); - (void) unlink(slink_tmp); - - r = create_symlink(target, slink_tmp); -@@ -127,8 +104,7 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) { - return r; - } - -- /* Tell caller that we replaced already existing symlink. */ -- return 1; -+ return 0; - } - - static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, char **ret) { --- -2.33.0 - diff --git a/backport-udev-node-always-update-timestamp-of-stack-directory.patch b/backport-udev-node-always-update-timestamp-of-stack-directory.patch deleted file mode 100644 index 9fc0e72..0000000 --- a/backport-udev-node-always-update-timestamp-of-stack-directory.patch +++ /dev/null @@ -1,150 +0,0 @@ -From bd4714982537b5fc08b82ccd5f20522231dd5bee Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 12:57:40 +0900 -Subject: [PATCH] udev-node: always update timestamp of stack directory - -Please see the comments in the code. - -(cherry picked from commit 6df797f75fa08bb1a9e657001229bd47903e6174) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/bd4714982537b5fc08b82ccd5f20522231dd5bee ---- - src/udev/udev-node.c | 90 ++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 87 insertions(+), 3 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 5d6aae0bd4..0de848da19 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -32,6 +32,7 @@ - #define CREATE_LINK_MAX_RETRIES 128 - #define LINK_UPDATE_MAX_RETRIES 128 - #define CREATE_STACK_LINK_MAX_RETRIES 128 -+#define UPDATE_TIMESTAMP_MAX_RETRIES 128 - #define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f) - - static int create_symlink(const char *target, const char *slink) { -@@ -285,9 +286,60 @@ toolong: - return size - 1; - } - -+static int update_timestamp(sd_device *dev, const char *path, struct stat *prev) { -+ assert(path); -+ assert(prev); -+ -+ /* Even if a symlink in the stack directory is created/removed, the mtime of the directory may -+ * not be changed. Why? Let's consider the following situation. For simplicity, let's assume -+ * there exist three udev workers (A, B, and C) and all of them calls link_update() for the -+ * same devlink simultaneously. -+ * -+ * 1. B creates/removes a symlink in the stack directory. -+ * 2. A calls the first stat() in the loop of link_update(). -+ * 3. A calls link_find_prioritized(). -+ * 4. C creates/removes another symlink in the stack directory, so the result of the step 3 is outdated. -+ * 5. B and C finish link_update(). -+ * 6. A creates/removes devlink according to the outdated result in the step 3. -+ * 7. A calls the second stat() in the loop of link_update(). -+ * -+ * If these 7 steps are processed in this order within a short time period that kernel's timer -+ * does not increase, then even if the contents in the stack directory is changed, the results -+ * of two stat() called by A shows the same timestamp, and A cannot detect the change. -+ * -+ * By calling this function after creating/removing symlinks in the stack directory, the -+ * timestamp of the stack directory is always increased at least in the above step 5, so A can -+ * detect the update. */ -+ -+ if ((prev->st_mode & S_IFMT) == 0) -+ return 0; /* Does not exist, or previous stat() failed. */ -+ -+ for (unsigned i = 0; i < UPDATE_TIMESTAMP_MAX_RETRIES; i++) { -+ struct stat st; -+ -+ if (stat(path, &st) < 0) -+ return -errno; -+ -+ if (!stat_inode_unmodified(prev, &st)) -+ return 0; -+ -+ log_device_debug(dev, -+ "%s is modified, but its timestamp is not changed, " -+ "updating timestamp after 10ms.", -+ path); -+ -+ (void) usleep(10 * USEC_PER_MSEC); -+ if (utimensat(AT_FDCWD, path, NULL, 0) < 0) -+ return -errno; -+ } -+ -+ return -ELOOP; -+} -+ - static int update_stack_directory(sd_device *dev, const char *dirname, bool add) { - _cleanup_free_ char *filename = NULL, *data = NULL, *buf = NULL; - const char *devname, *id; -+ struct stat st = {}; - int priority, r; - - assert(dev); -@@ -302,10 +354,31 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add) - return log_oom_debug(); - - if (!add) { -- if (unlink(filename) < 0 && errno != ENOENT) -- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -+ bool unlink_failed = false; -+ -+ if (stat(dirname, &st) < 0) { -+ if (errno == ENOENT) -+ return 0; /* The stack directory is already removed. That's OK. */ -+ log_device_debug_errno(dev, errno, "Failed to stat %s, ignoring: %m", dirname); -+ } -+ -+ if (unlink(filename) < 0) { -+ unlink_failed = true; -+ if (errno != ENOENT) -+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -+ } -+ -+ if (rmdir(dirname) >= 0 || errno == ENOENT) -+ return 0; -+ -+ if (unlink_failed) -+ return 0; /* If we failed to remove the symlink, there is almost nothing we can do. */ -+ -+ /* The symlink was removed. Check if the timestamp of directory is changed. */ -+ r = update_timestamp(dev, dirname, &st); -+ if (r < 0 && r != -ENOENT) -+ return log_device_debug_errno(dev, r, "Failed to update timestamp of %s: %m", dirname); - -- (void) rmdir(dirname); - return 0; - } - -@@ -335,12 +408,23 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add) - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to create directory %s: %m", dirname); - -+ if (stat(dirname, &st) < 0) { -+ if (errno == ENOENT) -+ continue; -+ return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); -+ } -+ - if (symlink(data, filename) < 0) { - if (errno == ENOENT) - continue; - return log_device_debug_errno(dev, errno, "Failed to create symbolic link %s: %m", filename); - } - -+ /* The symlink was created. Check if the timestamp of directory is changed. */ -+ r = update_timestamp(dev, dirname, &st); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to update timestamp of %s: %m", dirname); -+ - return 0; - } - --- -2.33.0 - diff --git a/backport-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch b/backport-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch deleted file mode 100644 index 26a4cb0..0000000 --- a/backport-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch +++ /dev/null @@ -1,38 +0,0 @@ -From c9fce59c8f0c471a7a474c6a20cdc340fc53a48d Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 2 Sep 2021 06:58:59 +0900 -Subject: [PATCH] udev-node: assume no new claim to a symlink if - /run/udev/links is not updated - -During creating a symlink to a device node, if another device node which -requests the same symlink is added/removed, `stat_inode_unmodified()` -should always detects that. We do not need to continue the loop -unconditionally. - -(cherry picked from commit 8f27311eb2aec2411d1fb7d62e6c9d75d21ae8df) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/c9fce59c8f0c471a7a474c6a20cdc340fc53a48d ---- - src/udev/udev-node.c | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 0de848da19..1a34ea8128 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -491,11 +491,6 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - r = node_symlink(dev, target, slink); - if (r < 0) - return r; -- if (r == 1) -- /* We have replaced already existing symlink, possibly there is some other device trying -- * to claim the same symlink. Let's do one more iteration to give us a chance to fix -- * the error if other device actually claims the symlink with higher priority. */ -- continue; - - /* Skip the second stat() if the first failed, stat_inode_unmodified() would return false regardless. */ - if ((st1.st_mode & S_IFMT) != 0) { --- -2.33.0 - diff --git a/backport-udev-node-check-stack-directory-change-even-if-devli.patch b/backport-udev-node-check-stack-directory-change-even-if-devli.patch deleted file mode 100644 index 270df9a..0000000 --- a/backport-udev-node-check-stack-directory-change-even-if-devli.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 982d13d4cfd1513bdbd74ceb8b256bad5cf679d5 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 09:44:26 +0900 -Subject: [PATCH] udev-node: check stack directory change even if devlink is - removed - -Otherwise, when multiple device additions and removals occur -simultaneously, symlink to unexisting devnode may be created. - -Hopefully fixes #19946. - -(cherry picked from commit 1cd4e325693007b3628f1a27297f0ab7114b24b8) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/982d13d4cfd1513bdbd74ceb8b256bad5cf679d5 ---- - src/udev/udev-node.c | 15 ++++++--------- - 1 file changed, 6 insertions(+), 9 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 46c04fe00b..28e6e8df94 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -468,15 +468,12 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - if (r < 0) - return r; - -- /* Skip the second stat() if the first failed, stat_inode_unmodified() would return false regardless. */ -- if ((st1.st_mode & S_IFMT) != 0) { -- r = stat(dirname, &st2); -- if (r < 0 && errno != ENOENT) -- return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); -- -- if (stat_inode_unmodified(&st1, &st2)) -- break; -- } -+ if (stat(dirname, &st2) < 0 && errno != ENOENT) -+ return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); -+ -+ if (((st1.st_mode & S_IFMT) == 0 && (st2.st_mode & S_IFMT) == 0) || -+ stat_inode_unmodified(&st1, &st2)) -+ return 0; - } - - return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP; --- -2.33.0 - diff --git a/backport-udev-node-do-not-ignore-unexpected-errors-on-removin.patch b/backport-udev-node-do-not-ignore-unexpected-errors-on-removin.patch deleted file mode 100644 index b5a2475..0000000 --- a/backport-udev-node-do-not-ignore-unexpected-errors-on-removin.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 4a0c4d21ca03ffb37da3b5203988156644e13c5e Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 12 Sep 2021 16:14:27 +0900 -Subject: [PATCH] udev-node: do not ignore unexpected errors on removing - symlink in stack directory - -Only acceptable error here is -ENOENT. - -(cherry picked from commit 0706cdf4ec92d6bd40391da0e81a30d9bf851663) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/4a0c4d21ca03ffb37da3b5203988156644e13c5e ---- - src/udev/udev-node.c | 23 ++++++++++++++--------- - 1 file changed, 14 insertions(+), 9 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 4e4a45bbe9..d9309efa25 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -334,25 +334,30 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add) - return log_oom_debug(); - - if (!add) { -- bool unlink_failed = false; -+ int unlink_error = 0, stat_error = 0; - - if (stat(dirname, &st) < 0) { - if (errno == ENOENT) - return 0; /* The stack directory is already removed. That's OK. */ -- log_device_debug_errno(dev, errno, "Failed to stat %s, ignoring: %m", dirname); -+ stat_error = -errno; - } - -- if (unlink(filename) < 0) { -- unlink_failed = true; -- if (errno != ENOENT) -- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -- } -+ if (unlink(filename) < 0) -+ unlink_error = -errno; - - if (rmdir(dirname) >= 0 || errno == ENOENT) - return 0; - -- if (unlink_failed) -- return 0; /* If we failed to remove the symlink, there is almost nothing we can do. */ -+ if (unlink_error < 0) { -+ if (unlink_error == -ENOENT) -+ return 0; -+ -+ /* If we failed to remove the symlink, then there is almost nothing we can do. */ -+ return log_device_debug_errno(dev, unlink_error, "Failed to remove %s: %m", filename); -+ } -+ -+ if (stat_error < 0) -+ return log_device_debug_errno(dev, stat_error, "Failed to stat %s: %m", dirname); - - /* The symlink was removed. Check if the timestamp of directory is changed. */ - r = update_timestamp(dev, dirname, &st); --- -2.33.0 - diff --git a/backport-udev-node-drop-redundant-trial-of-devlink-creation.patch b/backport-udev-node-drop-redundant-trial-of-devlink-creation.patch deleted file mode 100644 index ea31b43..0000000 --- a/backport-udev-node-drop-redundant-trial-of-devlink-creation.patch +++ /dev/null @@ -1,84 +0,0 @@ -From 1df2313e201c39907653a99335b7d21db092fcbc Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 09:29:42 +0900 -Subject: [PATCH] udev-node: drop redundant trial of devlink creation - -Previously, the devlink was created based on the priority saved in udev -database. So, we needed to reevaluate devlinks after database is saved. - -But now the priority is stored in the symlink under /run/udev/links, and -the loop of devlink creation is controlled with the timestamp of the -directory. So, the double evaluation is not necessary anymore. - -(cherry picked from commit 7920d0a135fb6a08aa0bfc31e9d0a3f589fe7a1f) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/1df2313e201c39907653a99335b7d21db092fcbc ---- - src/udev/udev-event.c | 5 +---- - src/udev/udev-node.c | 12 ++++-------- - 2 files changed, 5 insertions(+), 12 deletions(-) - -diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c -index 8320e96fe2..56fe0a43a7 100644 ---- a/src/udev/udev-event.c -+++ b/src/udev/udev-event.c -@@ -1071,10 +1071,7 @@ int udev_event_execute_rules( - - device_set_is_initialized(dev); - -- /* Yes, we run update_devnode() twice, because in the first invocation, that is before update of udev database, -- * it could happen that two contenders are replacing each other's symlink. Hence we run it again to make sure -- * symlinks point to devices that claim them with the highest priority. */ -- return update_devnode(event); -+ return 0; - } - - void udev_event_execute_run(UdevEvent *event, usec_t timeout_usec, int timeout_signal) { -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index d8edf39aec..52816c72fd 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -416,7 +416,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - _cleanup_free_ char *slink = NULL, *dirname = NULL; - const char *slink_name; - char name_enc[NAME_MAX+1]; -- int i, r, retries; -+ int r; - - assert(dev); - assert(slink_in); -@@ -443,11 +443,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - if (r < 0) - return r; - -- /* If the database entry is not written yet we will just do one iteration and possibly wrong symlink -- * will be fixed in the second invocation. */ -- retries = sd_device_get_is_initialized(dev) > 0 ? LINK_UPDATE_MAX_RETRIES : 1; -- -- for (i = 0; i < retries; i++) { -+ for (unsigned i = 0; i < LINK_UPDATE_MAX_RETRIES; i++) { - _cleanup_free_ char *target = NULL; - struct stat st1 = {}, st2 = {}; - -@@ -473,7 +469,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - log_device_debug_errno(dev, errno, "Failed to remove '%s', ignoring: %m", slink); - - (void) rmdir_parents(slink, "/dev"); -- break; -+ return 0; - } - - r = node_symlink(dev, target, slink); -@@ -488,7 +484,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - return 0; - } - -- return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP; -+ return -ELOOP; - } - - static int device_get_devpath_by_devnum(sd_device *dev, char **ret) { --- -2.33.0 - diff --git a/backport-udev-node-save-information-about-device-node-and-pri.patch b/backport-udev-node-save-information-about-device-node-and-pri.patch deleted file mode 100644 index bd74ab8..0000000 --- a/backport-udev-node-save-information-about-device-node-and-pri.patch +++ /dev/null @@ -1,254 +0,0 @@ -From 56c7e4c0873feba9809d4638d64132a61b43f995 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 04:16:21 +0900 -Subject: [PATCH] udev-node: save information about device node and priority in - symlink - -Previously, we only store device IDs in /run/udev/links, and when -creating/removing device node symlink, we create sd_device object -corresponds to the IDs and read device node and priority from the -object. That requires parsing uevent and udev database files. - -This makes link_find_prioritized() get the most prioritzed device node -without parsing the files. - -(cherry picked from commit 377a83f0d80376456d9be203796f66f543a8b943) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/56c7e4c0873feba9809d4638d64132a61b43f995 ---- - src/udev/udev-node.c | 172 ++++++++++++++++++++++++++++++------------- - 1 file changed, 121 insertions(+), 51 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 4496a2bd9b..5d6aae0bd4 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -18,6 +18,7 @@ - #include "fs-util.h" - #include "hexdecoct.h" - #include "mkdir.h" -+#include "parse-util.h" - #include "path-util.h" - #include "selinux-util.h" - #include "smack-util.h" -@@ -28,9 +29,9 @@ - #include "udev-node.h" - #include "user-util.h" - --#define CREATE_LINK_MAX_RETRIES 128 --#define LINK_UPDATE_MAX_RETRIES 128 --#define TOUCH_FILE_MAX_RETRIES 128 -+#define CREATE_LINK_MAX_RETRIES 128 -+#define LINK_UPDATE_MAX_RETRIES 128 -+#define CREATE_STACK_LINK_MAX_RETRIES 128 - #define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f) - - static int create_symlink(const char *target, const char *slink) { -@@ -175,39 +176,67 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, - return r; - - FOREACH_DIRENT_ALL(dent, dir, break) { -- _cleanup_(sd_device_unrefp) sd_device *dev_db = NULL; -- const char *devnode; -- int db_prio = 0; -+ _cleanup_free_ char *path = NULL, *buf = NULL; -+ int tmp_prio; - -- if (dent->d_name[0] == '\0') -- break; - if (dent->d_name[0] == '.') - continue; - -- log_device_debug(dev, "Found '%s' claiming '%s'", dent->d_name, stackdir); -- -- /* did we find ourself? */ -+ /* skip ourself */ - if (streq(dent->d_name, id)) - continue; - -- if (sd_device_new_from_device_id(&dev_db, dent->d_name) < 0) -- continue; -+ path = path_join(stackdir, dent->d_name); -+ if (!path) -+ return -ENOMEM; - -- if (sd_device_get_devname(dev_db, &devnode) < 0) -- continue; -+ if (readlink_malloc(path, &buf) >= 0) { -+ char *devnode; - -- if (device_get_devlink_priority(dev_db, &db_prio) < 0) -- continue; -+ /* New format. The devnode and priority can be obtained from symlink. */ - -- if (target && db_prio <= priority) -- continue; -+ devnode = strchr(buf, ':'); -+ if (!devnode || devnode == buf) -+ continue; - -- log_device_debug(dev_db, "Device claims priority %i for '%s'", db_prio, stackdir); -+ *(devnode++) = '\0'; -+ if (!path_startswith(devnode, "/dev")) -+ continue; - -- r = free_and_strdup(&target, devnode); -- if (r < 0) -- return r; -- priority = db_prio; -+ if (safe_atoi(buf, &tmp_prio) < 0) -+ continue; -+ -+ if (target && tmp_prio <= priority) -+ continue; -+ -+ r = free_and_strdup(&target, devnode); -+ if (r < 0) -+ return r; -+ } else { -+ _cleanup_(sd_device_unrefp) sd_device *tmp_dev = NULL; -+ const char *devnode; -+ -+ /* Old format. The devnode and priority must be obtained from uevent and -+ * udev database files. */ -+ -+ if (sd_device_new_from_device_id(&tmp_dev, dent->d_name) < 0) -+ continue; -+ -+ if (device_get_devlink_priority(tmp_dev, &tmp_prio) < 0) -+ continue; -+ -+ if (target && tmp_prio <= priority) -+ continue; -+ -+ if (sd_device_get_devname(tmp_dev, &devnode) < 0) -+ continue; -+ -+ r = free_and_strdup(&target, devnode); -+ if (r < 0) -+ return r; -+ } -+ -+ priority = tmp_prio; - } - - *ret = TAKE_PTR(target); -@@ -256,10 +285,72 @@ toolong: - return size - 1; - } - -+static int update_stack_directory(sd_device *dev, const char *dirname, bool add) { -+ _cleanup_free_ char *filename = NULL, *data = NULL, *buf = NULL; -+ const char *devname, *id; -+ int priority, r; -+ -+ assert(dev); -+ assert(dirname); -+ -+ r = device_get_device_id(dev, &id); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get device id: %m"); -+ -+ filename = path_join(dirname, id); -+ if (!filename) -+ return log_oom_debug(); -+ -+ if (!add) { -+ if (unlink(filename) < 0 && errno != ENOENT) -+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -+ -+ (void) rmdir(dirname); -+ return 0; -+ } -+ -+ r = sd_device_get_devname(dev, &devname); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get device node: %m"); -+ -+ r = device_get_devlink_priority(dev, &priority); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get priority of device node symlink: %m"); -+ -+ if (asprintf(&data, "%i:%s", priority, devname) < 0) -+ return log_oom_debug(); -+ -+ if (readlink_malloc(filename, &buf) >= 0 && streq(buf, data)) -+ return 0; -+ -+ if (unlink(filename) < 0 && errno != ENOENT) -+ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -+ -+ for (unsigned j = 0; j < CREATE_STACK_LINK_MAX_RETRIES; j++) { -+ /* This may fail with -ENOENT when the parent directory is removed during -+ * creating the file by another udevd worker. */ -+ r = mkdir_p(dirname, 0755); -+ if (r == -ENOENT) -+ continue; -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to create directory %s: %m", dirname); -+ -+ if (symlink(data, filename) < 0) { -+ if (errno == ENOENT) -+ continue; -+ return log_device_debug_errno(dev, errno, "Failed to create symbolic link %s: %m", filename); -+ } -+ -+ return 0; -+ } -+ -+ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(ELOOP), "Failed to create symbolic link %s: %m", filename); -+} -+ - /* manage "stack of names" with possibly specified device priorities */ - static int link_update(sd_device *dev, const char *slink_in, bool add) { -- _cleanup_free_ char *slink = NULL, *filename = NULL, *dirname = NULL; -- const char *slink_name, *id; -+ _cleanup_free_ char *slink = NULL, *dirname = NULL; -+ const char *slink_name; - char name_enc[NAME_MAX+1]; - int i, r, retries; - -@@ -279,35 +370,14 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EINVAL), - "Invalid symbolic link of device node: %s", slink); - -- r = device_get_device_id(dev, &id); -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to get device id: %m"); -- - (void) udev_node_escape_path(slink_name, name_enc, sizeof(name_enc)); -- dirname = path_join("/run/udev/links/", name_enc); -+ dirname = path_join("/run/udev/links", name_enc); - if (!dirname) - return log_oom_debug(); - -- filename = path_join(dirname, id); -- if (!filename) -- return log_oom_debug(); -- -- if (!add) { -- if (unlink(filename) < 0 && errno != ENOENT) -- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); -- -- (void) rmdir(dirname); -- } else { -- for (unsigned j = 0; j < TOUCH_FILE_MAX_RETRIES; j++) { -- /* This may fail with -ENOENT when the parent directory is removed during -- * creating the file by another udevd worker. */ -- r = touch_file(filename, /* parents= */ true, USEC_INFINITY, UID_INVALID, GID_INVALID, 0444); -- if (r != -ENOENT) -- break; -- } -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to create %s: %m", filename); -- } -+ r = update_stack_directory(dev, dirname, add); -+ if (r < 0) -+ return r; - - /* If the database entry is not written yet we will just do one iteration and possibly wrong symlink - * will be fixed in the second invocation. */ --- -2.33.0 - diff --git a/backport-udev-node-shorten-code-a-bit-and-update-log-message.patch b/backport-udev-node-shorten-code-a-bit-and-update-log-message.patch deleted file mode 100644 index 44608ee..0000000 --- a/backport-udev-node-shorten-code-a-bit-and-update-log-message.patch +++ /dev/null @@ -1,36 +0,0 @@ -From f27b7c3d26bf90cad9348e7c31a2db4eb3cac42e Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 2 Sep 2021 08:23:35 +0900 -Subject: [PATCH] udev-node: shorten code a bit and update log message - -(cherry picked from commit 8424da2de88ceeed7be8544fb69221f0b0ea84ea) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/f27b7c3d26bf90cad9348e7c31a2db4eb3cac42e ---- - src/udev/udev-node.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 28e6e8df94..2e7df899e4 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -447,13 +447,12 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - _cleanup_free_ char *target = NULL; - struct stat st1 = {}, st2 = {}; - -- r = stat(dirname, &st1); -- if (r < 0 && errno != ENOENT) -+ if (stat(dirname, &st1) < 0 && errno != ENOENT) - return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); - - r = link_find_prioritized(dev, add, dirname, &target); - if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to determine highest priority for symlink '%s': %m", slink); -+ return log_device_debug_errno(dev, r, "Failed to determine device node with the highest priority for '%s': %m", slink); - if (r == 0) { - log_device_debug(dev, "No reference left for '%s', removing", slink); - --- -2.33.0 - diff --git a/backport-udev-node-simplify-the-example-of-race.patch b/backport-udev-node-simplify-the-example-of-race.patch deleted file mode 100644 index d7736ee..0000000 --- a/backport-udev-node-simplify-the-example-of-race.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 76e4e1df71fc26acd2aa2ef2d599da3cdd95a014 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 12 Sep 2021 16:05:51 +0900 -Subject: [PATCH] udev-node: simplify the example of race - -(cherry picked from commit 3df566a66723490914ef3bae0ca8046044b70dce) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/76e4e1df71fc26acd2aa2ef2d599da3cdd95a014 ---- - src/udev/udev-node.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 52816c72fd..4e4a45bbe9 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -272,14 +272,14 @@ static int update_timestamp(sd_device *dev, const char *path, struct stat *prev) - - /* Even if a symlink in the stack directory is created/removed, the mtime of the directory may - * not be changed. Why? Let's consider the following situation. For simplicity, let's assume -- * there exist three udev workers (A, B, and C) and all of them calls link_update() for the -- * same devlink simultaneously. -+ * there exist two udev workers (A and B) and all of them calls link_update() for the same -+ * devlink simultaneously. - * -- * 1. B creates/removes a symlink in the stack directory. -+ * 1. A creates/removes a symlink in the stack directory. - * 2. A calls the first stat() in the loop of link_update(). - * 3. A calls link_find_prioritized(). -- * 4. C creates/removes another symlink in the stack directory, so the result of the step 3 is outdated. -- * 5. B and C finish link_update(). -+ * 4. B creates/removes another symlink in the stack directory, so the result of the step 3 is outdated. -+ * 5. B finishes link_update(). - * 6. A creates/removes devlink according to the outdated result in the step 3. - * 7. A calls the second stat() in the loop of link_update(). - * --- -2.33.0 - diff --git a/backport-udev-node-split-out-permission-handling-from-udev_no.patch b/backport-udev-node-split-out-permission-handling-from-udev_no.patch deleted file mode 100644 index 7d79c3f..0000000 --- a/backport-udev-node-split-out-permission-handling-from-udev_no.patch +++ /dev/null @@ -1,309 +0,0 @@ -From 7534eb17595810512574e930eb114b49ec1d3675 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 09:24:15 +0900 -Subject: [PATCH] udev-node: split out permission handling from udev_node_add() - -And then merge udev_node_add() and udev_node_update_old_links(). - -(cherry picked from commit 2f48561e0db3cd63f65e9311b4d69282b4ac605d) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/7534eb17595810512574e930eb114b49ec1d3675 ---- - src/udev/udev-event.c | 9 +- - src/udev/udev-node.c | 204 +++++++++++++++++++----------------------- - src/udev/udev-node.h | 12 ++- - 3 files changed, 106 insertions(+), 119 deletions(-) - -diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c -index 9854270b27..8320e96fe2 100644 ---- a/src/udev/udev-event.c -+++ b/src/udev/udev-event.c -@@ -906,9 +906,6 @@ static int update_devnode(UdevEvent *event) { - if (r < 0) - return log_device_error_errno(dev, r, "Failed to get devnum: %m"); - -- /* remove/update possible left-over symlinks from old database entry */ -- (void) udev_node_update_old_links(dev, event->dev_db_clone); -- - if (!uid_is_valid(event->uid)) { - r = device_get_devnode_uid(dev, &event->uid); - if (r < 0 && r != -ENOENT) -@@ -932,7 +929,11 @@ static int update_devnode(UdevEvent *event) { - - bool apply_mac = device_for_action(dev, SD_DEVICE_ADD); - -- return udev_node_add(dev, apply_mac, event->mode, event->uid, event->gid, event->seclabel_list); -+ r = udev_node_apply_permissions(dev, apply_mac, event->mode, event->uid, event->gid, event->seclabel_list); -+ if (r < 0) -+ return log_device_error_errno(dev, r, "Failed to apply devnode permissions: %m"); -+ -+ return udev_node_update(dev, event->dev_db_clone); - } - - static int event_execute_rules_on_remove( -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 9e52906571..7cc9ee3670 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -356,45 +356,117 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP; - } - --int udev_node_update_old_links(sd_device *dev, sd_device *dev_old) { -- const char *name; -+static int device_get_devpath_by_devnum(sd_device *dev, char **ret) { -+ const char *subsystem; -+ dev_t devnum; -+ int r; -+ -+ assert(dev); -+ assert(ret); -+ -+ r = sd_device_get_subsystem(dev, &subsystem); -+ if (r < 0) -+ return r; -+ -+ r = sd_device_get_devnum(dev, &devnum); -+ if (r < 0) -+ return r; -+ -+ return device_path_make_major_minor(streq(subsystem, "block") ? S_IFBLK : S_IFCHR, devnum, ret); -+} -+ -+int udev_node_update(sd_device *dev, sd_device *dev_old) { -+ _cleanup_free_ char *filename = NULL; -+ const char *devnode, *devlink; - int r; - - assert(dev); - assert(dev_old); - -- /* update possible left-over symlinks */ -- FOREACH_DEVICE_DEVLINK(dev_old, name) { -- const char *name_current; -- bool found = false; -+ r = sd_device_get_devname(dev, &devnode); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get devnode: %m"); - -- /* check if old link name still belongs to this device */ -- FOREACH_DEVICE_DEVLINK(dev, name_current) -- if (streq(name, name_current)) { -- found = true; -- break; -- } -+ if (DEBUG_LOGGING) { -+ const char *id = NULL; - -- if (found) -+ (void) device_get_device_id(dev, &id); -+ log_device_debug(dev, "Handling device node '%s', devnum=%s", devnode, strna(id)); -+ } -+ -+ /* update possible left-over symlinks */ -+ FOREACH_DEVICE_DEVLINK(dev_old, devlink) { -+ /* check if old link name still belongs to this device */ -+ if (device_has_devlink(dev, devlink)) - continue; - - log_device_debug(dev, -- "Updating old device symlink '%s', which is no longer belonging to this device.", -- name); -+ "Removing/updating old device symlink '%s', which is no longer belonging to this device.", -+ devlink); - -- r = link_update(dev, name, false); -+ r = link_update(dev, devlink, /* add = */ false); - if (r < 0) - log_device_warning_errno(dev, r, -- "Failed to update device symlink '%s', ignoring: %m", -- name); -+ "Failed to remove/update device symlink '%s', ignoring: %m", -+ devlink); - } - -+ /* create/update symlinks, add symlinks to name index */ -+ FOREACH_DEVICE_DEVLINK(dev, devlink) { -+ r = link_update(dev, devlink, /* add = */ true); -+ if (r < 0) -+ log_device_warning_errno(dev, r, -+ "Failed to create/update device symlink '%s', ignoring: %m", -+ devlink); -+ } -+ -+ r = device_get_devpath_by_devnum(dev, &filename); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get device path: %m"); -+ -+ /* always add /dev/{block,char}/$major:$minor */ -+ r = node_symlink(dev, devnode, filename); -+ if (r < 0) -+ return log_device_warning_errno(dev, r, "Failed to create device symlink '%s': %m", filename); -+ -+ return 0; -+} -+ -+int udev_node_remove(sd_device *dev) { -+ _cleanup_free_ char *filename = NULL; -+ const char *devlink; -+ int r; -+ -+ assert(dev); -+ -+ /* remove/update symlinks, remove symlinks from name index */ -+ FOREACH_DEVICE_DEVLINK(dev, devlink) { -+ r = link_update(dev, devlink, /* add = */ false); -+ if (r < 0) -+ log_device_warning_errno(dev, r, -+ "Failed to remove/update device symlink '%s', ignoring: %m", -+ devlink); -+ } -+ -+ r = device_get_devpath_by_devnum(dev, &filename); -+ if (r < 0) -+ return log_device_debug_errno(dev, r, "Failed to get device path: %m"); -+ -+ /* remove /dev/{block,char}/$major:$minor */ -+ if (unlink(filename) < 0 && errno != ENOENT) -+ return log_device_debug_errno(dev, errno, "Failed to remove '%s': %m", filename); -+ - return 0; - } - --static int node_permissions_apply(sd_device *dev, bool apply_mac, -- mode_t mode, uid_t uid, gid_t gid, -- OrderedHashmap *seclabel_list) { -+int udev_node_apply_permissions( -+ sd_device *dev, -+ bool apply_mac, -+ mode_t mode, -+ uid_t uid, -+ gid_t gid, -+ OrderedHashmap *seclabel_list) { -+ - const char *devnode, *subsystem, *id = NULL; - bool apply_mode, apply_uid, apply_gid; - _cleanup_close_ int node_fd = -1; -@@ -511,95 +583,5 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac, - if (r < 0) - log_device_debug_errno(dev, r, "Failed to adjust timestamp of node %s: %m", devnode); - -- return r; --} -- --static int xsprintf_dev_num_path_from_sd_device(sd_device *dev, char **ret) { -- const char *subsystem; -- dev_t devnum; -- int r; -- -- assert(ret); -- -- r = sd_device_get_subsystem(dev, &subsystem); -- if (r < 0) -- return r; -- -- r = sd_device_get_devnum(dev, &devnum); -- if (r < 0) -- return r; -- -- return device_path_make_major_minor(streq(subsystem, "block") ? S_IFBLK : S_IFCHR, devnum, ret); --} -- --int udev_node_add(sd_device *dev, bool apply, -- mode_t mode, uid_t uid, gid_t gid, -- OrderedHashmap *seclabel_list) { -- const char *devnode, *devlink; -- _cleanup_free_ char *filename = NULL; -- int r; -- -- assert(dev); -- -- r = sd_device_get_devname(dev, &devnode); -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to get devnode: %m"); -- -- if (DEBUG_LOGGING) { -- const char *id = NULL; -- -- (void) device_get_device_id(dev, &id); -- log_device_debug(dev, "Handling device node '%s', devnum=%s", devnode, strna(id)); -- } -- -- r = node_permissions_apply(dev, apply, mode, uid, gid, seclabel_list); -- if (r < 0) -- return r; -- -- /* create/update symlinks, add symlinks to name index */ -- FOREACH_DEVICE_DEVLINK(dev, devlink) { -- r = link_update(dev, devlink, true); -- if (r < 0) -- log_device_warning_errno(dev, r, -- "Failed to update device symlink '%s', ignoring: %m", -- devlink); -- } -- -- r = xsprintf_dev_num_path_from_sd_device(dev, &filename); -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to get device path: %m"); -- -- /* always add /dev/{block,char}/$major:$minor */ -- r = node_symlink(dev, devnode, filename); -- if (r < 0) -- return log_device_warning_errno(dev, r, "Failed to create device symlink '%s': %m", filename); -- -- return 0; --} -- --int udev_node_remove(sd_device *dev) { -- _cleanup_free_ char *filename = NULL; -- const char *devlink; -- int r; -- -- assert(dev); -- -- /* remove/update symlinks, remove symlinks from name index */ -- FOREACH_DEVICE_DEVLINK(dev, devlink) { -- r = link_update(dev, devlink, false); -- if (r < 0) -- log_device_warning_errno(dev, r, -- "Failed to update device symlink '%s', ignoring: %m", -- devlink); -- } -- -- r = xsprintf_dev_num_path_from_sd_device(dev, &filename); -- if (r < 0) -- return log_device_debug_errno(dev, r, "Failed to get device path: %m"); -- -- /* remove /dev/{block,char}/$major:$minor */ -- if (unlink(filename) < 0 && errno != ENOENT) -- return log_device_debug_errno(dev, errno, "Failed to remove '%s': %m", filename); -- - return 0; - } -diff --git a/src/udev/udev-node.h b/src/udev/udev-node.h -index 2349f9c471..a34af77146 100644 ---- a/src/udev/udev-node.h -+++ b/src/udev/udev-node.h -@@ -8,10 +8,14 @@ - - #include "hashmap.h" - --int udev_node_add(sd_device *dev, bool apply, -- mode_t mode, uid_t uid, gid_t gid, -- OrderedHashmap *seclabel_list); -+int udev_node_apply_permissions( -+ sd_device *dev, -+ bool apply_mac, -+ mode_t mode, -+ uid_t uid, -+ gid_t gid, -+ OrderedHashmap *seclabel_list); - int udev_node_remove(sd_device *dev); --int udev_node_update_old_links(sd_device *dev, sd_device *dev_old); -+int udev_node_update(sd_device *dev, sd_device *dev_old); - - size_t udev_node_escape_path(const char *src, char *dest, size_t size); --- -2.33.0 - diff --git a/backport-udev-node-stack-directory-must-exist-when-adding-dev.patch b/backport-udev-node-stack-directory-must-exist-when-adding-dev.patch deleted file mode 100644 index f1c6fe8..0000000 --- a/backport-udev-node-stack-directory-must-exist-when-adding-dev.patch +++ /dev/null @@ -1,40 +0,0 @@ -From f16172aeb2349dab0f73a4651f31cd025faab6b7 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 1 Sep 2021 04:14:42 +0900 -Subject: [PATCH] udev-node: stack directory must exist when adding device node - symlink - -(cherry picked from commit 46070dbf26435ba0def099121f46a6253f3f19b6) - -Conflict:NA -Reference:https://github.com/systemd/systemd-stable/commit/f16172aeb2349dab0f73a4651f31cd025faab6b7 ---- - src/udev/udev-node.c | 11 ++++++----- - 1 file changed, 6 insertions(+), 5 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 7cc9ee3670..4496a2bd9b 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -161,12 +161,13 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, - - dir = opendir(stackdir); - if (!dir) { -- if (errno == ENOENT) { -- *ret = TAKE_PTR(target); -- return !!*ret; -- } -+ if (add) /* The stack directory must exist. */ -+ return -errno; -+ if (errno != ENOENT) -+ return -errno; - -- return -errno; -+ *ret = NULL; -+ return 0; - } - - r = device_get_device_id(dev, &id); --- -2.33.0 - diff --git a/backport-udev-only-ignore-ENOENT-or-friends-which-suggest-the-block.patch b/backport-udev-only-ignore-ENOENT-or-friends-which-suggest-the-block.patch deleted file mode 100644 index 0a465d3..0000000 --- a/backport-udev-only-ignore-ENOENT-or-friends-which-suggest-the-block.patch +++ /dev/null @@ -1,36 +0,0 @@ -From ef400c3878ad23aa02bd5bb47f089bdef49e9d8c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 12 Mar 2022 20:40:58 +0900 -Subject: [PATCH] udev: only ignore ENOENT or friends which suggest the block - device is not exist - -The ENOENT, ENXIO, and ENODEV error can happen easily when a block -device appears and soon removed. So, it is reasonable to ignore the -error. But other errors should not occur here, and hence let's handle -them as critical. - -Reference:https://github.com/systemd/systemd/commit/ef400c3878ad23aa02bd5bb47f089bdef49e9d8c -Conflict:NA - ---- - src/udev/udevd.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 8389c39f652f..f1f864a4610c 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -399,8 +399,10 @@ static int worker_lock_block_device(sd_device *dev, int *ret_fd) { - - fd = open(val, O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK); - if (fd < 0) { -- log_device_debug_errno(dev, errno, "Failed to open '%s', ignoring: %m", val); -- return 0; -+ bool ignore = ERRNO_IS_DEVICE_ABSENT(errno); -+ -+ log_device_debug_errno(dev, errno, "Failed to open '%s'%s: %m", val, ignore ? ", ignoring" : ""); -+ return ignore ? 0 : -errno; - } - - if (flock(fd, LOCK_SH|LOCK_NB) < 0) - \ No newline at end of file diff --git a/backport-udev-propagate-error-on-spawning-a-worker.patch b/backport-udev-propagate-error-on-spawning-a-worker.patch deleted file mode 100644 index 73cddc4..0000000 --- a/backport-udev-propagate-error-on-spawning-a-worker.patch +++ /dev/null @@ -1,89 +0,0 @@ -From f2a5412bf286cabc047dc96395c2dae978e722b4 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 15:47:34 +0900 -Subject: [PATCH] udev: propagate error on spawning a worker - -Reference:https://github.com/systemd/systemd/commit/f2a5412bf286cabc047dc96395c2dae978e722b4 -Conflict:NA - ---- - src/udev/udevd.c | 23 +++++++++++++++-------- - 1 file changed, 15 insertions(+), 8 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 2179825..7f41336 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -720,16 +720,18 @@ static int worker_spawn(Manager *manager, Event *event) { - return 0; - } - --static void event_run(Manager *manager, Event *event) { -+static int event_run(Event *event) { - static bool log_children_max_reached = true; -+ Manager *manager; - Worker *worker; - int r; - -- assert(manager); - assert(event); -+ assert(event->manager); - - log_device_uevent(event->dev, "Device ready for processing"); - -+ manager = event->manager; - HASHMAP_FOREACH(worker, manager->workers) { - if (worker->state != WORKER_IDLE) - continue; -@@ -743,29 +745,32 @@ static void event_run(Manager *manager, Event *event) { - continue; - } - worker_attach_event(worker, event); -- return; -+ return 1; /* event is now processing. */ - } - - if (hashmap_size(manager->workers) >= arg_children_max) { -- - /* Avoid spamming the debug logs if the limit is already reached and - * many events still need to be processed */ - if (log_children_max_reached && arg_children_max > 1) { - log_debug("Maximum number (%u) of children reached.", hashmap_size(manager->workers)); - log_children_max_reached = false; - } -- return; -+ return 0; /* no free worker */ - } - - /* Re-enable the debug message for the next batch of events */ - log_children_max_reached = true; - - /* fork with up-to-date SELinux label database, so the child inherits the up-to-date db -- and, until the next SELinux policy changes, we safe further reloads in future children */ -+ * and, until the next SELinux policy changes, we safe further reloads in future children */ - mac_selinux_maybe_reload(); - - /* start new worker and pass initial device */ -- worker_spawn(manager, event); -+ r = worker_spawn(manager, event); -+ if (r < 0) -+ return r; -+ -+ return 1; /* event is now processing. */ - } - - /* lookup event for identical, parent, child device */ -@@ -921,7 +926,9 @@ static int event_queue_start(Manager *manager) { - if (is_device_busy(manager, event) != 0) - continue; - -- event_run(manager, event); -+ r = event_run(event); -+ if (r < 0) -+ return r; - } - - return 0; --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-remove-run-udev-queue-in-on_post.patch b/backport-udev-remove-run-udev-queue-in-on_post.patch deleted file mode 100644 index fed83ae..0000000 --- a/backport-udev-remove-run-udev-queue-in-on_post.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 4029328014be9350ca9fc0774ad936c8b5e50ff2 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sun, 13 Mar 2022 21:22:57 +0900 -Subject: [PATCH] udev: remove /run/udev/queue in on_post() - -When the last queued event is processed, information about subsequent -events may be already queued in the netlink socket of sd-device-monitor. -In that case, previously we once removed /run/udev/queue and touch the -file soon later, and `udevadm settle` mistakenly considered all events -are processed. - -To mitigate such situation, this makes /run/udev/queue removed in on_post(). - -Reference:https://github.com/systemd/systemd/commit/4029328014be9350ca9fc0774ad936c8b5e50ff2 -Conflict:NA - ---- - src/udev/udevd.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 6bb9eeb4bb37..8389c39f652f 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -171,12 +171,6 @@ static Event *event_free(Event *event) { - if (event->worker) - event->worker->event = NULL; - -- /* only clean up the queue from the process that created it */ -- if (LIST_IS_EMPTY(event->manager->events) && -- event->manager->pid == getpid_cached()) -- if (unlink("/run/udev/queue") < 0 && errno != ENOENT) -- log_warning_errno(errno, "Failed to unlink /run/udev/queue, ignoring: %m"); -- - return mfree(event); - } - -@@ -1480,7 +1474,13 @@ static int on_post(sd_event_source *s, void *userdata) { - if (!LIST_IS_EMPTY(manager->events)) - return 1; - -- /* There are no pending events. Let's cleanup idle process. */ -+ /* There are no queued events. Let's remove /run/udev/queue and clean up the idle processes. */ -+ -+ if (unlink("/run/udev/queue") < 0) { -+ if (errno != ENOENT) -+ log_warning_errno(errno, "Failed to unlink /run/udev/queue, ignoring: %m"); -+ } else -+ log_debug("No events are queued, removing /run/udev/queue."); - - if (!hashmap_isempty(manager->workers)) { - /* There are idle workers */ - \ No newline at end of file diff --git a/backport-udev-rename-is_device_busy-event_is_blocked.patch b/backport-udev-rename-is_device_busy-event_is_blocked.patch deleted file mode 100644 index dde6b33..0000000 --- a/backport-udev-rename-is_device_busy-event_is_blocked.patch +++ /dev/null @@ -1,141 +0,0 @@ -From a1fa99d84124cdcd4a306113ebe4febc1251c41c Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 16:14:01 +0900 -Subject: [PATCH] udev: rename is_device_busy() -> event_is_blocked() - -Also this rename delaying_seqnum -> blocker_seqnum. - -Reference:https://github.com/systemd/systemd/commit/a1fa99d84124cdcd4a306113ebe4febc1251c41c -Conflict:NA - ---- - src/udev/udevd.c | 34 +++++++++++++++++----------------- - 1 file changed, 17 insertions(+), 17 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index e99c2c0..20bd556 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -126,7 +126,7 @@ typedef struct Event { - sd_device *dev_kernel; /* clone of originally received device */ - - uint64_t seqnum; -- uint64_t delaying_seqnum; -+ uint64_t blocker_seqnum; - - sd_event_source *timeout_warning_event; - sd_event_source *timeout_event; -@@ -773,8 +773,7 @@ static int event_run(Event *event) { - return 1; /* event is now processing. */ - } - --/* lookup event for identical, parent, child device */ --static int is_device_busy(Manager *manager, Event *event) { -+static int event_is_blocked(Event *event) { - const char *subsystem, *devpath, *devpath_old = NULL; - dev_t devnum = makedev(0, 0); - Event *loop_event; -@@ -782,6 +781,8 @@ static int is_device_busy(Manager *manager, Event *event) { - int r, ifindex = 0; - bool is_block; - -+ /* lookup event for identical, parent, child device */ -+ - r = sd_device_get_subsystem(event->dev, &subsystem); - if (r < 0) - return r; -@@ -807,21 +808,21 @@ static int is_device_busy(Manager *manager, Event *event) { - return r; - - /* check if queue contains events we depend on */ -- LIST_FOREACH(event, loop_event, manager->events) { -+ LIST_FOREACH(event, loop_event, event->manager->events) { - size_t loop_devpath_len, common; - const char *loop_devpath; - - /* we already found a later event, earlier cannot block us, no need to check again */ -- if (loop_event->seqnum < event->delaying_seqnum) -+ if (loop_event->seqnum < event->blocker_seqnum) - continue; - - /* event we checked earlier still exists, no need to check again */ -- if (loop_event->seqnum == event->delaying_seqnum) -+ if (loop_event->seqnum == event->blocker_seqnum) - return true; - - /* found ourself, no later event can block us */ - if (loop_event->seqnum >= event->seqnum) -- break; -+ return false; - - /* check major/minor */ - if (major(devnum) != 0) { -@@ -833,7 +834,7 @@ static int is_device_busy(Manager *manager, Event *event) { - - if (sd_device_get_devnum(loop_event->dev, &d) >= 0 && - devnum == d && is_block == streq(s, "block")) -- goto set_delaying_seqnum; -+ break; - } - - /* check network device ifindex */ -@@ -842,7 +843,7 @@ static int is_device_busy(Manager *manager, Event *event) { - - if (sd_device_get_ifindex(loop_event->dev, &i) >= 0 && - ifindex == i) -- goto set_delaying_seqnum; -+ break; - } - - if (sd_device_get_devpath(loop_event->dev, &loop_devpath) < 0) -@@ -850,7 +851,7 @@ static int is_device_busy(Manager *manager, Event *event) { - - /* check our old name */ - if (devpath_old && streq(devpath_old, loop_devpath)) -- goto set_delaying_seqnum; -+ break; - - loop_devpath_len = strlen(loop_devpath); - -@@ -863,24 +864,23 @@ static int is_device_busy(Manager *manager, Event *event) { - - /* identical device event found */ - if (devpath_len == loop_devpath_len) -- goto set_delaying_seqnum; -+ break; - - /* parent device event found */ - if (devpath[common] == '/') -- goto set_delaying_seqnum; -+ break; - - /* child device event found */ - if (loop_devpath[common] == '/') -- goto set_delaying_seqnum; -+ break; - } - -- return false; -+ assert(loop_event); - --set_delaying_seqnum: - log_device_debug(event->dev, "SEQNUM=%" PRIu64 " blocked by SEQNUM=%" PRIu64, - event->seqnum, loop_event->seqnum); - -- event->delaying_seqnum = loop_event->seqnum; -+ event->blocker_seqnum = loop_event->seqnum; - return true; - } - -@@ -923,7 +923,7 @@ static int event_queue_start(Manager *manager) { - continue; - - /* do not start event if parent or child event is still running */ -- if (is_device_busy(manager, event) != 0) -+ if (event_is_blocked(event) != 0) - continue; - - r = event_run(event); --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-rename-type-name-e.g.-struct-worker-Worker.patch b/backport-udev-rename-type-name-e.g.-struct-worker-Worker.patch deleted file mode 100644 index eb573d7..0000000 --- a/backport-udev-rename-type-name-e.g.-struct-worker-Worker.patch +++ /dev/null @@ -1,302 +0,0 @@ -From d9239923c1de3f10f1598567e8bebcb798c4bd27 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 16 Jun 2021 19:05:39 +0900 -Subject: [PATCH] udev: rename type name e.g. struct worker -> Worker - ---- - src/udev/udevd.c | 97 +++++++++++++++++++++++++----------------------- - 1 file changed, 50 insertions(+), 47 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 5a4657de14..6baedd2f2e 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -77,10 +77,13 @@ static usec_t arg_event_timeout_usec = 180 * USEC_PER_SEC; - static int arg_timeout_signal = SIGKILL; - static bool arg_blockdev_read_only = false; - -+typedef struct Event Event; -+typedef struct Worker Worker; -+ - typedef struct Manager { - sd_event *event; - Hashmap *workers; -- LIST_HEAD(struct event, events); -+ LIST_HEAD(Event, events); - const char *cgroup; - pid_t pid; /* the process that originally allocated the manager object */ - int log_level; -@@ -106,16 +109,16 @@ typedef struct Manager { - bool exit; - } Manager; - --enum event_state { -+typedef enum EventState { - EVENT_UNDEF, - EVENT_QUEUED, - EVENT_RUNNING, --}; -+} EventState; - --struct event { -+typedef struct Event { - Manager *manager; -- struct worker *worker; -- enum event_state state; -+ Worker *worker; -+ EventState state; - - sd_device *dev; - sd_device *dev_kernel; /* clone of originally received device */ -@@ -126,32 +129,32 @@ struct event { - sd_event_source *timeout_warning_event; - sd_event_source *timeout_event; - -- LIST_FIELDS(struct event, event); --}; -+ LIST_FIELDS(Event, event); -+} Event; - --static void event_queue_cleanup(Manager *manager, enum event_state type); -+static void event_queue_cleanup(Manager *manager, EventState match_state); - --enum worker_state { -+typedef enum WorkerState { - WORKER_UNDEF, - WORKER_RUNNING, - WORKER_IDLE, - WORKER_KILLED, - WORKER_KILLING, --}; -+} WorkerState; - --struct worker { -+typedef struct Worker { - Manager *manager; - pid_t pid; - sd_device_monitor *monitor; -- enum worker_state state; -- struct event *event; --}; -+ WorkerState state; -+ Event *event; -+} Worker; - - /* passed from worker to main process */ --struct worker_message { --}; -+typedef struct WorkerMessage { -+} WorkerMessage; - --static void event_free(struct event *event) { -+static void event_free(Event *event) { - if (!event) - return; - -@@ -176,7 +179,7 @@ static void event_free(struct event *event) { - free(event); - } - --static struct worker* worker_free(struct worker *worker) { -+static Worker *worker_free(Worker *worker) { - if (!worker) - return NULL; - -@@ -189,11 +192,11 @@ static struct worker* worker_free(struct worker *worker) { - return mfree(worker); - } - --DEFINE_TRIVIAL_CLEANUP_FUNC(struct worker *, worker_free); --DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(worker_hash_op, void, trivial_hash_func, trivial_compare_func, struct worker, worker_free); -+DEFINE_TRIVIAL_CLEANUP_FUNC(Worker*, worker_free); -+DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(worker_hash_op, void, trivial_hash_func, trivial_compare_func, Worker, worker_free); - --static int worker_new(struct worker **ret, Manager *manager, sd_device_monitor *worker_monitor, pid_t pid) { -- _cleanup_(worker_freep) struct worker *worker = NULL; -+static int worker_new(Worker **ret, Manager *manager, sd_device_monitor *worker_monitor, pid_t pid) { -+ _cleanup_(worker_freep) Worker *worker = NULL; - int r; - - assert(ret); -@@ -204,11 +207,11 @@ static int worker_new(struct worker **ret, Manager *manager, sd_device_monitor * - /* close monitor, but keep address around */ - device_monitor_disconnect(worker_monitor); - -- worker = new(struct worker, 1); -+ worker = new(Worker, 1); - if (!worker) - return -ENOMEM; - -- *worker = (struct worker) { -+ *worker = (Worker) { - .manager = manager, - .monitor = sd_device_monitor_ref(worker_monitor), - .pid = pid, -@@ -224,7 +227,7 @@ static int worker_new(struct worker **ret, Manager *manager, sd_device_monitor * - } - - static int on_event_timeout(sd_event_source *s, uint64_t usec, void *userdata) { -- struct event *event = userdata; -+ Event *event = userdata; - - assert(event); - assert(event->worker); -@@ -238,7 +241,7 @@ static int on_event_timeout(sd_event_source *s, uint64_t usec, void *userdata) { - } - - static int on_event_timeout_warning(sd_event_source *s, uint64_t usec, void *userdata) { -- struct event *event = userdata; -+ Event *event = userdata; - - assert(event); - assert(event->worker); -@@ -248,7 +251,7 @@ static int on_event_timeout_warning(sd_event_source *s, uint64_t usec, void *use - return 1; - } - --static void worker_attach_event(struct worker *worker, struct event *event) { -+static void worker_attach_event(Worker *worker, Event *event) { - sd_event *e; - - assert(worker); -@@ -315,7 +318,7 @@ static Manager* manager_free(Manager *manager) { - DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free); - - static int worker_send_message(int fd) { -- struct worker_message message = {}; -+ WorkerMessage message = {}; - - return loop_write(fd, &message, sizeof(message), false); - } -@@ -591,9 +594,9 @@ static int worker_main(Manager *_manager, sd_device_monitor *monitor, sd_device - return 0; - } - --static int worker_spawn(Manager *manager, struct event *event) { -+static int worker_spawn(Manager *manager, Event *event) { - _cleanup_(sd_device_monitor_unrefp) sd_device_monitor *worker_monitor = NULL; -- struct worker *worker; -+ Worker *worker; - pid_t pid; - int r; - -@@ -635,9 +638,9 @@ static int worker_spawn(Manager *manager, struct event *event) { - return 0; - } - --static void event_run(Manager *manager, struct event *event) { -+static void event_run(Manager *manager, Event *event) { - static bool log_children_max_reached = true; -- struct worker *worker; -+ Worker *worker; - int r; - - assert(manager); -@@ -685,7 +688,7 @@ static void event_run(Manager *manager, struct event *event) { - - static int event_queue_insert(Manager *manager, sd_device *dev) { - _cleanup_(sd_device_unrefp) sd_device *clone = NULL; -- struct event *event; -+ Event *event; - uint64_t seqnum; - int r; - -@@ -709,11 +712,11 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - if (r < 0) - return r; - -- event = new(struct event, 1); -+ event = new(Event, 1); - if (!event) - return -ENOMEM; - -- *event = (struct event) { -+ *event = (Event) { - .manager = manager, - .dev = sd_device_ref(dev), - .dev_kernel = TAKE_PTR(clone), -@@ -735,7 +738,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - } - - static void manager_kill_workers(Manager *manager, bool force) { -- struct worker *worker; -+ Worker *worker; - - assert(manager); - -@@ -754,10 +757,10 @@ static void manager_kill_workers(Manager *manager, bool force) { - } - - /* lookup event for identical, parent, child device */ --static int is_device_busy(Manager *manager, struct event *event) { -+static int is_device_busy(Manager *manager, Event *event) { - const char *subsystem, *devpath, *devpath_old = NULL; - dev_t devnum = makedev(0, 0); -- struct event *loop_event; -+ Event *loop_event; - size_t devpath_len; - int r, ifindex = 0; - bool is_block; -@@ -916,7 +919,7 @@ static int on_kill_workers_event(sd_event_source *s, uint64_t usec, void *userda - } - - static void event_queue_start(Manager *manager) { -- struct event *event; -+ Event *event; - usec_t usec; - int r; - -@@ -963,11 +966,11 @@ static void event_queue_start(Manager *manager) { - } - } - --static void event_queue_cleanup(Manager *manager, enum event_state match_type) { -- struct event *event, *tmp; -+static void event_queue_cleanup(Manager *manager, EventState match_state) { -+ Event *event, *tmp; - - LIST_FOREACH_SAFE(event, event, tmp, manager->events) { -- if (match_type != EVENT_UNDEF && match_type != event->state) -+ if (match_state != EVENT_UNDEF && match_state != event->state) - continue; - - event_free(event); -@@ -980,7 +983,7 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - assert(manager); - - for (;;) { -- struct worker_message msg; -+ WorkerMessage msg; - struct iovec iovec = { - .iov_base = &msg, - .iov_len = sizeof(msg), -@@ -994,7 +997,7 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - }; - ssize_t size; - struct ucred *ucred; -- struct worker *worker; -+ Worker *worker; - - size = recvmsg_safe(fd, &msghdr, MSG_DONTWAIT); - if (size == -EINTR) -@@ -1007,7 +1010,7 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - - cmsg_close_all(&msghdr); - -- if (size != sizeof(struct worker_message)) { -+ if (size != sizeof(WorkerMessage)) { - log_warning("Ignoring worker message with invalid size %zi bytes", size); - continue; - } -@@ -1357,7 +1360,7 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi - for (;;) { - pid_t pid; - int status; -- struct worker *worker; -+ Worker *worker; - - pid = waitpid(-1, &status, WNOHANG); - if (pid <= 0) --- -2.27.0 - diff --git a/backport-udev-requeue-event-when-the-corresponding-block-device-is.patch b/backport-udev-requeue-event-when-the-corresponding-block-device-is.patch deleted file mode 100644 index b193b03..0000000 --- a/backport-udev-requeue-event-when-the-corresponding-block-device-is.patch +++ /dev/null @@ -1,288 +0,0 @@ -From 5d354e525a56955ae7f68062e283dda85ab07794 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Tue, 15 Mar 2022 13:50:06 +0900 -Subject: [PATCH] udev: requeue event when the corresponding block device is - locked by another process - -Previously, if a block device is locked by another process, then the -corresponding worker skip to process the corresponding event, and does -not broadcast the uevent to libudev listners. This causes several issues: - -- During a period of a device being locked by a process, if a user trigger - an event with `udevadm trigger --settle`, then it never returned. - -- When there is a delay between close and unlock in a process, then the - synthesized events triggered by inotify may not be processed. This can - happens easily by wrapping mkfs with flock. This causes severe issues - e.g. new devlinks are not created, or old devlinks are not removed. - -This commit makes events are requeued with a tiny delay when the corresponding -block devices are locked by other processes. With this way, the triggered -uevent may be delayed but is always processed by udevd. Hence, the above -issues can be solved. Also, it is not necessary to watch a block device -unconditionally when it is already locked. Hence, the logic is dropped. - -Reference:https://github.com/systemd/systemd/commit/5d354e525a56955ae7f68062e283dda85ab07794 -Conflict:adaption - ---- - src/udev/udevd.c | 154 +++++++++++++++++++++++++++++------------------ - 1 file changed, 97 insertions(+), 57 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index d153b03a38e1..973727375b67 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -70,6 +70,8 @@ - #include "version.h" - - #define WORKER_NUM_MAX 2048U -+#define EVENT_RETRY_INTERVAL_USEC (200 * USEC_PER_MSEC) -+#define EVENT_RETRY_TIMEOUT_USEC (3 * USEC_PER_MINUTE) - - static bool arg_debug = false; - static int arg_daemonize = false; -@@ -128,6 +130,8 @@ typedef struct Event { - sd_device_action_t action; - uint64_t seqnum; - uint64_t blocker_seqnum; -+ usec_t retry_again_next_usec; -+ usec_t retry_again_timeout_usec; - - sd_event_source *timeout_warning_event; - sd_event_source *timeout_event; -@@ -152,8 +156,13 @@ typedef struct Worker { - } Worker; - - /* passed from worker to main process */ --typedef struct WorkerMessage { --} WorkerMessage; -+typedef enum EventResult { -+ EVENT_RESULT_SUCCESS, -+ EVENT_RESULT_FAILED, -+ EVENT_RESULT_TRY_AGAIN, /* when the block device is locked by another process. */ -+ _EVENT_RESULT_MAX, -+ _EVENT_RESULT_INVALID = -EINVAL, -+} EventResult; - - static Event *event_free(Event *event) { - if (!event) -@@ -360,10 +369,11 @@ static void device_broadcast(sd_device_monitor *monitor, sd_device *dev) { - "Failed to broadcast event to libudev listeners, ignoring: %m"); - } - --static int worker_send_message(int fd) { -- WorkerMessage message = {}; -+static int worker_send_result(Manager *manager, EventResult result) { -+ assert(manager); -+ assert(manager->worker_watch[WRITE_END] >= 0); - -- return loop_write(fd, &message, sizeof(message), false); -+ return loop_write(manager->worker_watch[WRITE_END], &result, sizeof(result), false); - } - - static int worker_lock_block_device(sd_device *dev, int *ret_fd) { -@@ -490,44 +500,12 @@ static int worker_process_device(Manager *manager, sd_device *dev) { - if (!udev_event) - return -ENOMEM; - -+ /* If this is a block device and the device is locked currently via the BSD advisory locks, -+ * someone else is using it exclusively. We don't run our udev rules now to not interfere. -+ * Instead of processing the event, we requeue the event and will try again after a delay. -+ * -+ * The user-facing side of this: https://systemd.io/BLOCK_DEVICE_LOCKING */ - r = worker_lock_block_device(dev, &fd_lock); -- if (r == -EAGAIN) { -- /* So this is a block device and the device is locked currently via the BSD advisory locks — -- * someone else is exclusively using it. This means we don't run our udev rules now, to not -- * interfere. However we want to know when the device is unlocked again, and retrigger the -- * device again then, so that the rules are run eventually. For that we use IN_CLOSE_WRITE -- * inotify watches (which isn't exactly the same as waiting for the BSD locks to release, but -- * not totally off, as long as unlock+close() is done together, as it usually is). -- * -- * (The user-facing side of this: https://systemd.io/BLOCK_DEVICE_LOCKING) -- * -- * There's a bit of a chicken and egg problem here for this however: inotify watching is -- * supposed to be enabled via an option set via udev rules (OPTIONS+="watch"). If we skip the -- * udev rules here however (as we just said we do), we would thus never see that specific -- * udev rule, and thus never turn on inotify watching. But in order to catch up eventually -- * and run them we we need the inotify watching: hence a classic chicken and egg problem. -- * -- * Our way out here: if we see the block device locked, unconditionally watch the device via -- * inotify, regardless of any explicit request via OPTIONS+="watch". Thus, a device that is -- * currently locked via the BSD file locks will be treated as if we ran a single udev rule -- * only for it: the one that turns on inotify watching for it. If we eventually see the -- * inotify IN_CLOSE_WRITE event, and then run the rules after all and we then realize that -- * this wasn't actually requested (i.e. no OPTIONS+="watch" set) we'll simply turn off the -- * watching again (see below). Effectively this means: inotify watching is now enabled either -- * a) when the udev rules say so, or b) while the device is locked. -- * -- * Worst case scenario hence: in the (unlikely) case someone locked the device and we clash -- * with that we might do inotify watching for a brief moment for a device where we actually -- * weren't supposed to. But that shouldn't be too bad, in particular as BSD locks being taken -- * on a block device is kinda an indication that the inotify logic is desired too, to some -- * degree — they go hand-in-hand after all. */ -- -- log_device_debug(dev, "Block device is currently locked, installing watch to wait until the lock is released."); -- (void) udev_watch_begin(manager->inotify_fd, dev); -- -- /* Now the watch is installed, let's lock the device again, maybe in the meantime things changed */ -- r = worker_lock_block_device(dev, &fd_lock); -- } - if (r < 0) - return r; - -@@ -560,25 +538,29 @@ static int worker_process_device(Manager *manager, sd_device *dev) { - - static int worker_device_monitor_handler(sd_device_monitor *monitor, sd_device *dev, void *userdata) { - Manager *manager = userdata; -+ EventResult result; - int r; - - assert(dev); - assert(manager); - - r = worker_process_device(manager, dev); -- if (r == -EAGAIN) -- /* if we couldn't acquire the flock(), then proceed quietly */ -- log_device_debug_errno(dev, r, "Device currently locked, not processing."); -- else { -- if (r < 0) -- log_device_warning_errno(dev, r, "Failed to process device, ignoring: %m"); -+ if (r == -EAGAIN) { -+ /* if we couldn't acquire the flock(), then requeue the event */ -+ result = EVENT_RESULT_TRY_AGAIN; -+ log_device_debug_errno(dev, r, "Block device is currently locked, requeueing the event."); -+ } else if (r < 0) { -+ result = EVENT_RESULT_FAILED; -+ log_device_warning_errno(dev, r, "Failed to process device, ignoring: %m"); -+ } else -+ result = EVENT_RESULT_SUCCESS; - -+ if (result != EVENT_RESULT_TRY_AGAIN) - /* send processed event back to libudev listeners */ - device_broadcast(monitor, dev); -- } - - /* send udevd the result of the event execution */ -- r = worker_send_message(manager->worker_watch[WRITE_END]); -+ r = worker_send_result(manager, result); - if (r < 0) - log_device_warning_errno(dev, r, "Failed to send signal to main daemon, ignoring: %m"); - -@@ -794,6 +776,17 @@ static int event_is_blocked(Event *event) { - assert(event->manager); - assert(event->blocker_seqnum <= event->seqnum); - -+ if (event->retry_again_next_usec > 0) { -+ usec_t now_usec; -+ -+ r = sd_event_now(event->manager->event, clock_boottime_or_monotonic(), &now_usec); -+ if (r < 0) -+ return r; -+ -+ if (event->retry_again_next_usec <= now_usec) -+ return true; -+ } -+ - if (event->blocker_seqnum == event->seqnum) - /* we have checked previously and no blocker found */ - return false; -@@ -980,6 +973,44 @@ static int event_queue_start(Manager *manager) { - return 0; - } - -+static int event_requeue(Event *event) { -+ usec_t now_usec; -+ int r; -+ -+ assert(event); -+ assert(event->manager); -+ assert(event->manager->event); -+ -+ event->timeout_warning_event = sd_event_source_disable_unref(event->timeout_warning_event); -+ event->timeout_event = sd_event_source_disable_unref(event->timeout_event); -+ -+ /* add a short delay to suppress busy loop */ -+ r = sd_event_now(event->manager->event, clock_boottime_or_monotonic(), &now_usec); -+ if (r < 0) -+ return log_device_warning_errno(event->dev, r, -+ "Failed to get current time, " -+ "skipping event (SEQNUM=%"PRIu64", ACTION=%s): %m", -+ event->seqnum, strna(device_action_to_string(event->action))); -+ -+ if (event->retry_again_timeout_usec > 0 && event->retry_again_timeout_usec <= now_usec) -+ return log_device_warning_errno(event->dev, SYNTHETIC_ERRNO(ETIMEDOUT), -+ "The underlying block device is locked by a process more than %s, " -+ "skipping event (SEQNUM=%"PRIu64", ACTION=%s).", -+ format_timespan((char[FORMAT_TIMESPAN_MAX]){}, FORMAT_TIMESPAN_MAX, EVENT_RETRY_TIMEOUT_USEC, USEC_PER_MINUTE), -+ event->seqnum, strna(device_action_to_string(event->action))); -+ -+ event->retry_again_next_usec = usec_add(now_usec, EVENT_RETRY_INTERVAL_USEC); -+ if (event->retry_again_timeout_usec == 0) -+ event->retry_again_timeout_usec = usec_add(now_usec, EVENT_RETRY_TIMEOUT_USEC); -+ -+ if (event->worker && event->worker->event == event) -+ event->worker->event = NULL; -+ event->worker = NULL; -+ -+ event->state = EVENT_QUEUED; -+ return 0; -+} -+ - static int event_queue_insert(Manager *manager, sd_device *dev) { - sd_device_action_t action; - uint64_t seqnum; -@@ -1054,11 +1085,8 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - assert(manager); - - for (;;) { -- WorkerMessage msg; -- struct iovec iovec = { -- .iov_base = &msg, -- .iov_len = sizeof(msg), -- }; -+ EventResult result; -+ struct iovec iovec = IOVEC_MAKE(&result, sizeof(result)); - CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred))) control; - struct msghdr msghdr = { - .msg_iov = &iovec, -@@ -1081,7 +1109,7 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - - cmsg_close_all(&msghdr); - -- if (size != sizeof(WorkerMessage)) { -+ if (size != sizeof(EventResult)) { - log_warning("Ignoring worker message with invalid size %zi bytes", size); - continue; - } -@@ -1106,6 +1134,11 @@ static int on_worker(sd_event_source *s, int fd, uint32_t revents, void *userdat - worker->state = WORKER_IDLE; - - /* worker returned */ -+ if (result == EVENT_RESULT_TRY_AGAIN && -+ event_requeue(worker->event) < 0) -+ device_broadcast(manager->monitor, worker->event->dev); -+ -+ /* When event_requeue() succeeds, worker->event is NULL, and event_free() handles NULL gracefully. */ - event_free(worker->event); - } - -@@ -1467,8 +1500,15 @@ static int on_post(sd_event_source *s, void *userdata) { - - assert(manager); - -- if (!LIST_IS_EMPTY(manager->events)) -+ if (!LIST_IS_EMPTY(manager->events)) { -+ /* Try to process pending events if idle workers exist. Why is this necessary? -+ * When a worker finished an event and became idle, even if there was a pending event, -+ * the corresponding device might have been locked and the processing of the event -+ * delayed for a while, preventing the worker from processing the event immediately. -+ * Now, the device may be unlocked. Let's try again! */ -+ event_queue_start(manager); - return 1; -+ } - - /* There are no queued events. Let's remove /run/udev/queue and clean up the idle processes. */ - - \ No newline at end of file diff --git a/backport-udev-run-the-main-process-workers-and-spawned-comman.patch b/backport-udev-run-the-main-process-workers-and-spawned-comman.patch deleted file mode 100644 index bc39fd9..0000000 --- a/backport-udev-run-the-main-process-workers-and-spawned-comman.patch +++ /dev/null @@ -1,176 +0,0 @@ -From a1f4fd387603673a79a84ca4e5ce25b439b85fe6 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 16 Mar 2022 20:46:49 +0900 -Subject: [PATCH] udev: run the main process, workers, and spawned commands in - /udev subcgroup - -And enable cgroup delegation for udevd. -Then, processes invoked through ExecReload= are assigned .control -subcgroup, and they are not killed by cg_kill(). - -Fixes #16867 and #22686. ---- - src/udev/udevd.c | 76 ++++++++++++++++++++++++++-------- - units/systemd-udevd.service.in | 1 + - 2 files changed, 59 insertions(+), 18 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 8380d674c5..c6f6d945c8 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -28,6 +28,7 @@ - #include "sd-event.h" - - #include "alloc-util.h" -+#include "cgroup-setup.h" - #include "cgroup-util.h" - #include "cpu-set-util.h" - #include "dev-setup.h" -@@ -48,6 +49,7 @@ - #include "mkdir.h" - #include "netlink-util.h" - #include "parse-util.h" -+#include "path-util.h" - #include "pretty-print.h" - #include "proc-cmdline.h" - #include "process-util.h" -@@ -85,7 +87,7 @@ typedef struct Manager { - sd_event *event; - Hashmap *workers; - LIST_HEAD(Event, events); -- const char *cgroup; -+ char *cgroup; - pid_t pid; /* the process that originally allocated the manager object */ - int log_level; - -@@ -238,6 +240,7 @@ static Manager* manager_free(Manager *manager) { - safe_close(manager->inotify_fd); - safe_close_pair(manager->worker_watch); - -+ free(manager->cgroup); - return mfree(manager); - } - -@@ -1722,12 +1725,63 @@ static int parse_argv(int argc, char *argv[]) { - return 1; - } - --static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cgroup) { -+static int create_subcgroup(char **ret) { -+ _cleanup_free_ char *cgroup = NULL, *subcgroup = NULL; -+ int r; -+ -+ if (getppid() != 1) -+ return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Not invoked by PID1."); -+ -+ r = sd_booted(); -+ if (r < 0) -+ return log_debug_errno(r, "Failed to check if systemd is running: %m"); -+ if (r == 0) -+ return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "systemd is not running."); -+ -+ /* Get our own cgroup, we regularly kill everything udev has left behind. -+ * We only do this on systemd systems, and only if we are directly spawned -+ * by PID1. Otherwise we are not guaranteed to have a dedicated cgroup. */ -+ -+ r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 0, &cgroup); -+ if (r < 0) { -+ if (IN_SET(r, -ENOENT, -ENOMEDIUM)) -+ return log_debug_errno(r, "Dedicated cgroup not found: %m"); -+ return log_debug_errno(r, "Failed to get cgroup: %m"); -+ } -+ -+ r = cg_get_xattr_bool(SYSTEMD_CGROUP_CONTROLLER, cgroup, "trusted.delegate"); -+ if (IN_SET(r, 0, -ENODATA)) -+ return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "The cgroup %s is not delegated to us.", cgroup); -+ if (r < 0) -+ return log_debug_errno(r, "Failed to read trusted.delegate attribute: %m"); -+ -+ /* We are invoked with our own delegated cgroup tree, let's move us one level down, so that we -+ * don't collide with the "no processes in inner nodes" rule of cgroups, when the service -+ * manager invokes the ExecReload= job in the .control/ subcgroup. */ -+ -+ subcgroup = path_join(cgroup, "/udev"); -+ if (!subcgroup) -+ return log_oom_debug(); -+ -+ r = cg_create_and_attach(SYSTEMD_CGROUP_CONTROLLER, subcgroup, 0); -+ if (r < 0) -+ return log_debug_errno(r, "Failed to create %s subcgroup: %m", subcgroup); -+ -+ log_debug("Created %s subcgroup.", subcgroup); -+ if (ret) -+ *ret = TAKE_PTR(subcgroup); -+ return 0; -+} -+ -+static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent) { - _cleanup_(manager_freep) Manager *manager = NULL; -+ _cleanup_free_ char *cgroup = NULL; - int r; - - assert(ret); - -+ (void) create_subcgroup(&cgroup); -+ - manager = new(Manager, 1); - if (!manager) - return log_oom(); -@@ -1735,7 +1789,7 @@ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cg - *manager = (Manager) { - .inotify_fd = -1, - .worker_watch = { -1, -1 }, -- .cgroup = cgroup, -+ .cgroup = TAKE_PTR(cgroup), - }; - - r = udev_ctrl_new_from_fd(&manager->ctrl, fd_ctrl); -@@ -1880,7 +1934,6 @@ static int main_loop(Manager *manager) { - } - - int run_udevd(int argc, char *argv[]) { -- _cleanup_free_ char *cgroup = NULL; - _cleanup_(manager_freep) Manager *manager = NULL; - int fd_ctrl = -1, fd_uevent = -1; - int r; -@@ -1937,24 +1990,11 @@ int run_udevd(int argc, char *argv[]) { - if (r < 0 && r != -EEXIST) - return log_error_errno(r, "Failed to create /run/udev: %m"); - -- if (getppid() == 1 && sd_booted() > 0) { -- /* Get our own cgroup, we regularly kill everything udev has left behind. -- * We only do this on systemd systems, and only if we are directly spawned -- * by PID1. Otherwise we are not guaranteed to have a dedicated cgroup. */ -- r = cg_pid_get_path(SYSTEMD_CGROUP_CONTROLLER, 0, &cgroup); -- if (r < 0) { -- if (IN_SET(r, -ENOENT, -ENOMEDIUM)) -- log_debug_errno(r, "Dedicated cgroup not found: %m"); -- else -- log_warning_errno(r, "Failed to get cgroup: %m"); -- } -- } -- - r = listen_fds(&fd_ctrl, &fd_uevent); - if (r < 0) - return log_error_errno(r, "Failed to listen on fds: %m"); - -- r = manager_new(&manager, fd_ctrl, fd_uevent, cgroup); -+ r = manager_new(&manager, fd_ctrl, fd_uevent); - if (r < 0) - return log_error_errno(r, "Failed to create manager: %m"); - -diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in -index d042bfb0d3..9901198274 100644 ---- a/units/systemd-udevd.service.in -+++ b/units/systemd-udevd.service.in -@@ -16,6 +16,7 @@ Before=sysinit.target - ConditionPathIsReadWrite=/sys - - [Service] -+Delegate=pids - DeviceAllow=block-* rwm - DeviceAllow=char-* rwm - Type=notify --- -2.27.0 - diff --git a/backport-udev-skip-event-when-its-dependency-cannot-be-checked.patch b/backport-udev-skip-event-when-its-dependency-cannot-be-checked.patch deleted file mode 100644 index b28f6b1..0000000 --- a/backport-udev-skip-event-when-its-dependency-cannot-be-checked.patch +++ /dev/null @@ -1,58 +0,0 @@ -From c6f78234d1d1c6065ecc56240f217d1fdbeb1771 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Thu, 17 Jun 2021 17:14:10 +0900 -Subject: [PATCH] udev: skip event when its dependency cannot be checked - -Reference:https://github.com/systemd/systemd/commit/c6f78234d1d1c6065ecc56240f217d1fdbeb1771 -Conflict:NA - ---- - src/udev/udevd.c | 22 ++++++++++++++++++---- - 1 file changed, 18 insertions(+), 4 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index be2c3ee..683938d 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -910,7 +910,7 @@ no_blocker: - } - - static int event_queue_start(Manager *manager) { -- Event *event; -+ Event *event, *event_next; - usec_t usec; - int r; - -@@ -943,12 +943,26 @@ static int event_queue_start(Manager *manager) { - return log_warning_errno(r, "Failed to read udev rules: %m"); - } - -- LIST_FOREACH(event, event, manager->events) { -+ LIST_FOREACH_SAFE(event, event, event_next, manager->events) { - if (event->state != EVENT_QUEUED) - continue; - -- /* do not start event if parent or child event is still running */ -- if (event_is_blocked(event) != 0) -+ /* do not start event if parent or child event is still running or queued */ -+ r = event_is_blocked(event); -+ if (r < 0) { -+ sd_device_action_t a = _SD_DEVICE_ACTION_INVALID; -+ -+ (void) sd_device_get_action(event->dev, &a); -+ log_device_warning_errno(event->dev, r, -+ "Failed to check event dependency, " -+ "skipping event (SEQNUM=%"PRIu64", ACTION=%s)", -+ event->seqnum, -+ strna(device_action_to_string(a))); -+ -+ event_free(event); -+ return r; -+ } -+ if (r > 0) - continue; - - r = event_run(event); --- -2.33.0 - \ No newline at end of file diff --git a/backport-udev-split-worker_lock_block_device-into-two.patch b/backport-udev-split-worker_lock_block_device-into-two.patch deleted file mode 100644 index dc8f58b..0000000 --- a/backport-udev-split-worker_lock_block_device-into-two.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 7b7959fba52ba4bb6b5f7001971917760df40fee Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 02:55:25 +0900 -Subject: [PATCH] udev: split worker_lock_block_device() into two - -This also makes return value initialized when these function return 0 to -follow our coding style. - -Just a preparation for later commits. - -Reference:https://github.com/systemd/systemd/commit/7b7959fba52ba4bb6b5f7001971917760df40fee -Conflict:NA - ---- - src/udev/udevd.c | 54 ++++++++++++++++++++++++++++++++++++------------ - 1 file changed, 41 insertions(+), 13 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 973727375b67..0b620cb7dcac 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -376,35 +376,29 @@ static int worker_send_result(Manager *manager, EventResult result) { - return loop_write(manager->worker_watch[WRITE_END], &result, sizeof(result), false); - } - --static int worker_lock_block_device(sd_device *dev, int *ret_fd) { -- _cleanup_close_ int fd = -1; -+static int device_get_block_device(sd_device *dev, const char **ret) { - const char *val; - int r; - - assert(dev); -- assert(ret_fd); -- -- /* Take a shared lock on the device node; this establishes a concept of device "ownership" to -- * serialize device access. External processes holding an exclusive lock will cause udev to skip the -- * event handling; in the case udev acquired the lock, the external process can block until udev has -- * finished its event handling. */ -+ assert(ret); - - if (device_for_action(dev, SD_DEVICE_REMOVE)) -- return 0; -+ goto irrelevant; - - r = sd_device_get_subsystem(dev, &val); - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get subsystem: %m"); - - if (!streq(val, "block")) -- return 0; -+ goto irrelevant; - - r = sd_device_get_sysname(dev, &val); - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get sysname: %m"); - - if (STARTSWITH_SET(val, "dm-", "md", "drbd")) -- return 0; -+ goto irrelevant; - - r = sd_device_get_devtype(dev, &val); - if (r < 0 && r != -ENOENT) -@@ -417,16 +411,46 @@ static int worker_lock_block_device(sd_device *dev, int *ret_fd) { - - r = sd_device_get_devname(dev, &val); - if (r == -ENOENT) -- return 0; -+ goto irrelevant; - if (r < 0) - return log_device_debug_errno(dev, r, "Failed to get devname: %m"); - -+ *ret = val; -+ return 1; -+ -+irrelevant: -+ *ret = NULL; -+ return 0; -+} -+ -+static int worker_lock_block_device(sd_device *dev, int *ret_fd) { -+ _cleanup_close_ int fd = -1; -+ const char *val; -+ int r; -+ -+ assert(dev); -+ assert(ret_fd); -+ -+ /* Take a shared lock on the device node; this establishes a concept of device "ownership" to -+ * serialize device access. External processes holding an exclusive lock will cause udev to skip the -+ * event handling; in the case udev acquired the lock, the external process can block until udev has -+ * finished its event handling. */ -+ -+ r = device_get_block_device(dev, &val); -+ if (r < 0) -+ return r; -+ if (r == 0) -+ goto nolock; -+ - fd = open(val, O_RDONLY|O_CLOEXEC|O_NOFOLLOW|O_NONBLOCK); - if (fd < 0) { - bool ignore = ERRNO_IS_DEVICE_ABSENT(errno); - - log_device_debug_errno(dev, errno, "Failed to open '%s'%s: %m", val, ignore ? ", ignoring" : ""); -- return ignore ? 0 : -errno; -+ if (!ignore) -+ return -errno; -+ -+ goto nolock; - } - - if (flock(fd, LOCK_SH|LOCK_NB) < 0) -@@ -434,6 +458,10 @@ static int worker_lock_block_device(sd_device *dev, int *ret_fd) { - - *ret_fd = TAKE_FD(fd); - return 1; -+ -+nolock: -+ *ret_fd = -1; -+ return 0; - } - - static int worker_mark_block_device_read_only(sd_device *dev) { - \ No newline at end of file diff --git a/backport-udev-store-action-in-struct-Event.patch b/backport-udev-store-action-in-struct-Event.patch deleted file mode 100644 index b0281bd..0000000 --- a/backport-udev-store-action-in-struct-Event.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 0c3d8182c997c979c7a0ccce88d9fc48638261a5 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Fri, 25 Mar 2022 02:39:55 +0900 -Subject: [PATCH] udev: store action in struct Event - -Reference:https://github.com/systemd/systemd/commit/0c3d8182c997c979c7a0ccce88d9fc48638261a5 -Conflict:NA - ---- - src/udev/udevd.c | 15 +++++++++------ - 1 file changed, 9 insertions(+), 6 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 53728c9f7971..d153b03a38e1 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -125,6 +125,7 @@ typedef struct Event { - - sd_device *dev; - -+ sd_device_action_t action; - uint64_t seqnum; - uint64_t blocker_seqnum; - -@@ -964,16 +965,12 @@ static int event_queue_start(Manager *manager) { - r = event_is_blocked(event); - if (r > 0) - continue; -- if (r < 0) { -- sd_device_action_t a = _SD_DEVICE_ACTION_INVALID; -- -- (void) sd_device_get_action(event->dev, &a); -+ if (r < 0) - log_device_warning_errno(event->dev, r, - "Failed to check dependencies for event (SEQNUM=%"PRIu64", ACTION=%s), " - "assuming there is no blocking event, ignoring: %m", - event->seqnum, -- strna(device_action_to_string(a))); -- } -+ strna(device_action_to_string(event->action))); - - r = event_run(event); - if (r <= 0) /* 0 means there are no idle workers. Let's escape from the loop. */ -@@ -984,6 +981,7 @@ static int event_queue_start(Manager *manager) { - } - - static int event_queue_insert(Manager *manager, sd_device *dev) { -+ sd_device_action_t action; - uint64_t seqnum; - Event *event; - int r; -@@ -999,6 +997,10 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - if (r < 0) - return r; - -+ r = sd_device_get_action(dev, &action); -+ if (r < 0) -+ return r; -+ - event = new(Event, 1); - if (!event) - return -ENOMEM; -@@ -1007,6 +1009,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - .manager = manager, - .dev = sd_device_ref(dev), - .seqnum = seqnum, -+ .action = action, - .state = EVENT_QUEUED, - }; - - diff --git a/backport-udev-support-by-path-devlink-for-multipath-nvme-bloc.patch b/backport-udev-support-by-path-devlink-for-multipath-nvme-bloc.patch deleted file mode 100644 index 92ee8b3..0000000 --- a/backport-udev-support-by-path-devlink-for-multipath-nvme-bloc.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 67c3e1f63a5221b47a8fea85ae421671f29f3b7e Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 21 Sep 2022 02:26:42 +0900 -Subject: [PATCH] udev: support by-path devlink for multipath nvme block - devices - -If multipath feature is enabled, nvme block devices may belong to the -"nvme-subsystem" subsystem, instead of "nvme" subsystem. -(What a confusing name...) - -Then, the syspath is something like the following, - /sys/devices/virtual/nvme-subsystem/nvme-subsys0/nvme0n1 -Hence, we need to find the 'real parent' device, such as - /sys/devices/pci0000:00/0000:00:1c.4/0000:3c:00.0/nvme/nvme0 - -Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2031810. -Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2124964. -Replaces #24748. - -Conflict:different code contexts, manual synchronization path, and include patch 6209bb and f4a449 to fix coredump in 67c3e1f -Reference:https://github.com/systemd/systemd/commit/67c3e1f63a5221b47a8fea85ae421671f29f3b7e ---- - rules.d/60-persistent-storage.rules | 1 + - src/udev/udev-builtin-path_id.c | 61 +++++++++++++++++++++++++---- - 2 files changed, 54 insertions(+), 8 deletions(-) - -diff --git a/rules.d/60-persistent-storage.rules b/rules.d/60-persistent-storage.rules -index 03f0a619dc..64a2409196 100644 ---- a/rules.d/60-persistent-storage.rules -+++ b/rules.d/60-persistent-storage.rules -@@ -88,6 +88,7 @@ KERNEL=="msblk[0-9]p[0-9]|mspblk[0-9]p[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL} - - # by-path - ENV{DEVTYPE}=="disk", DEVPATH!="*/virtual/*", IMPORT{builtin}="path_id" -+ENV{DEVTYPE}=="disk", SUBSYSTEMS=="nvme-subsystem", IMPORT{builtin}="path_id" - KERNEL=="mmcblk[0-9]boot[0-9]", ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-boot%n" - KERNEL!="mmcblk[0-9]boot[0-9]", ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}" - ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n" -diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c -index ce7bc5caf0..7ec2e94583 100644 ---- a/src/udev/udev-builtin-path_id.c -+++ b/src/udev/udev-builtin-path_id.c -@@ -543,19 +543,55 @@ static sd_device *handle_ap(sd_device *parent, char **path) { - return skip_subsystem(parent, "ap"); - } - -+static int find_real_nvme_parent(sd_device *dev, sd_device **ret) { -+ _cleanup_(sd_device_unrefp) sd_device *nvme = NULL; -+ const char *sysname, *end; -+ int r; -+ -+ /* If the device belongs to "nvme-subsystem" (not to be confused with "nvme"), which happens when -+ * NVMe multipathing is enabled in the kernel (/sys/module/nvme_core/parameters/multipath is Y), -+ * then the syspath is something like the following: -+ * /sys/devices/virtual/nvme-subsystem/nvme-subsys0/nvme0n1 -+ * Hence, we need to find the 'real parent' in "nvme" subsystem, e.g, -+ * /sys/devices/pci0000:00/0000:00:1c.4/0000:3c:00.0/nvme/nvme0 */ -+ -+ assert(dev); -+ assert(ret); -+ -+ r = sd_device_get_sysname(dev, &sysname); -+ if (r < 0) -+ return r; -+ -+ /* The sysname format of nvme block device is nvme%d[c%d]n%d[p%d], e.g. nvme0n1p2 or nvme0c1n2. -+ * (Note, nvme device with 'c' can be ignored, as they are hidden. ) -+ * The sysname format of nvme subsystem device is nvme%d. -+ * See nvme_alloc_ns() and nvme_init_ctrl() in drivers/nvme/host/core.c for more details. */ -+ end = startswith(sysname, "nvme"); -+ if (!end) -+ return -ENXIO; -+ -+ end += strspn(end, DIGITS); -+ sysname = strndupa(sysname, end - sysname); -+ -+ r = sd_device_new_from_subsystem_sysname(&nvme, "nvme", sysname); -+ if (r < 0) -+ return r; -+ -+ *ret = TAKE_PTR(nvme); -+ return 0; -+} -+ - static int builtin_path_id(sd_device *dev, int argc, char *argv[], bool test) { -- sd_device *parent; -- _cleanup_free_ char *path = NULL; -- _cleanup_free_ char *compat_path = NULL; -- bool supported_transport = false; -- bool supported_parent = false; -+ _cleanup_(sd_device_unrefp) sd_device *dev_other_branch = NULL; -+ _cleanup_free_ char *path = NULL, *compat_path = NULL; -+ bool supported_transport = false, supported_parent = false; - const char *subsystem; -+ int r; - - assert(dev); - - /* walk up the chain of devices and compose path */ -- parent = dev; -- while (parent) { -+ for (sd_device *parent = dev; parent; ) { - const char *subsys, *sysname; - - if (sd_device_get_subsystem(parent, &subsys) < 0 || -@@ -642,13 +678,22 @@ static int builtin_path_id(sd_device *dev, sd_netlink **rtnl, int argc, char *ar - parent = skip_subsystem(parent, "iucv"); - supported_transport = true; - supported_parent = true; -- } else if (streq(subsys, "nvme")) { -+ } else if (STR_IN_SET(subsys, "nvme", "nvme-subsystem")) { - const char *nsid; - - if (sd_device_get_sysattr_value(dev, "nsid", &nsid) >= 0) { - path_prepend(&path, "nvme-%s", nsid); - if (compat_path) - path_prepend(&compat_path, "nvme-%s", nsid); -+ -+ if (streq(subsys, "nvme-subsystem")) { -+ r = find_real_nvme_parent(dev, &dev_other_branch); -+ if (r < 0) -+ return r; -+ -+ parent = dev_other_branch; -+ } -+ - parent = skip_subsystem(parent, "nvme"); - supported_parent = true; - supported_transport = true; --- -2.33.0 - diff --git a/backport-udev-update-comment-and-log-messages.patch b/backport-udev-update-comment-and-log-messages.patch deleted file mode 100644 index 17dbaf9..0000000 --- a/backport-udev-update-comment-and-log-messages.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 87afc766d199642c6da956657b05690a39542856 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 12 Mar 2022 20:48:36 +0900 -Subject: [PATCH] udev: update comment and log message - -Reference:https://github.com/systemd/systemd/commit/87afc766d199642c6da956657b05690a39542856 -Conflict:NA - ---- - src/udev/udevd.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 41d0ec1e137c..0407068d5112 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -1448,10 +1448,11 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi - device_tag_index(worker->event->dev, NULL, false); - - if (manager->monitor) { -- /* forward kernel event without amending it */ -+ /* Forward kernel event unchanged */ - r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev_kernel); - if (r < 0) -- log_device_error_errno(worker->event->dev_kernel, r, "Failed to send back device to kernel: %m"); -+ log_device_warning_errno(worker->event->dev_kernel, r, -+ "Failed to broadcast failed event to libudev listeners, ignoring: %m"); - } - } - - \ No newline at end of file diff --git a/backport-udev-update-log-message-to-clarify-that-the-error-is-ignored.patch b/backport-udev-update-log-message-to-clarify-that-the-error-is-ignored.patch deleted file mode 100644 index 06065e2..0000000 --- a/backport-udev-update-log-message-to-clarify-that-the-error-is-ignored.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 6be97d67c82ef5f45360c4323616739816b8f833 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 16 Jun 2021 21:02:01 +0900 -Subject: [PATCH] udev: update log message to clarify that the error is ignored - -Reference:https://github.com/systemd/systemd/commit/6be97d67c82ef5f45360c4323616739816b8f833 -Conflict:NA - ---- - src/udev/udevd.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/udev/udevd.c b/src/udev/udevd.c -index 546bfe039e1d..34a5c9d5d8ee 100644 ---- a/src/udev/udevd.c -+++ b/src/udev/udevd.c -@@ -171,8 +171,8 @@ static void event_free(Event *event) { - /* only clean up the queue from the process that created it */ - if (LIST_IS_EMPTY(event->manager->events) && - event->manager->pid == getpid_cached()) -- if (unlink("/run/udev/queue") < 0) -- log_warning_errno(errno, "Failed to unlink /run/udev/queue: %m"); -+ if (unlink("/run/udev/queue") < 0 && errno != ENOENT) -+ log_warning_errno(errno, "Failed to unlink /run/udev/queue, ignoring: %m"); - - free(event); - } -@@ -965,7 +965,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { - if (LIST_IS_EMPTY(manager->events)) { - r = touch("/run/udev/queue"); - if (r < 0) -- log_warning_errno(r, "Failed to touch /run/udev/queue: %m"); -+ log_warning_errno(r, "Failed to touch /run/udev/queue, ignoring: %m"); - } - - LIST_APPEND(event, manager->events, event); diff --git a/backport-udev-when-setting-up-lo-do-not-return-an-error.patch b/backport-udev-when-setting-up-lo-do-not-return-an-error.patch deleted file mode 100644 index 3739d43..0000000 --- a/backport-udev-when-setting-up-lo-do-not-return-an-error.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 5f2582e23f10b46052c7f83b85c1f85184b4cd0f Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Mon, 26 Jul 2021 11:46:12 +0200 -Subject: [PATCH] udev: when setting up lo, do not return an error - -From #20300: -> commit 70f32a260b5ebb68c19ecadf5d69b3844896ba55 -> Author: Yu Watanabe -> Date: Sun May 23 16:59:40 2021 +0900 - -> udev/net: do not manage loopback interfaces - -> There are nothing we can configure in udevd for loopback interfaces; -> no ethertool configs can be applied, MAC address, interface name should - -> introduced a regression for 'udevadm test-builtin net_setup_link /sys/class/net/lo/'. -> Prior to this commit this command would exit with 0 whereas after this commit -> it exists with 1. This causes cloud-init on Archlinux to fail as this command -> is run by it and likely also netplan to have networkd rescan and re-apply a -> bunch of things on NICs. - -I think it's reasonable to keep returning 0 here: we are intentatinally doing -nothing for the device, and that is not an error, but a (noop) success. - -Fixes #20300. - -(cherry picked from commit b4f0261337c91157231452b5a258799391d7ae51) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5f2582e23f10b46052c7f83b85c1f85184b4cd0f ---- - src/udev/udev-builtin-net_setup_link.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/udev/udev-builtin-net_setup_link.c b/src/udev/udev-builtin-net_setup_link.c -index d40251331c..5964e30bf1 100644 ---- a/src/udev/udev-builtin-net_setup_link.c -+++ b/src/udev/udev-builtin-net_setup_link.c -@@ -28,10 +28,12 @@ static int builtin_net_setup_link(sd_device *dev, int argc, char **argv, bool te - - r = link_config_get(ctx, dev, &link); - if (r < 0) { -- if (r == -ENOENT) -- return log_device_debug_errno(dev, r, "No matching link configuration found."); - if (r == -ENODEV) - return log_device_debug_errno(dev, r, "Link vanished while searching for configuration for it."); -+ if (r == -ENOENT) { -+ log_device_debug_errno(dev, r, "No matching link configuration found, ignoring device."); -+ return 0; -+ } - - return log_device_error_errno(dev, r, "Failed to get link config: %m"); - } --- -2.33.0 - diff --git a/backport-udevadm-cleanup-db-don-t-delete-information-for-kept.patch b/backport-udevadm-cleanup-db-don-t-delete-information-for-kept.patch deleted file mode 100644 index 2e2d230..0000000 --- a/backport-udevadm-cleanup-db-don-t-delete-information-for-kept.patch +++ /dev/null @@ -1,123 +0,0 @@ -From 7a23db67795b6583028b7d7c0d5d8ef63c67d8c9 Mon Sep 17 00:00:00 2001 -From: Martin Wilck -Date: Thu, 20 Jan 2022 14:31:45 +0100 -Subject: [PATCH] udevadm: cleanup-db: don't delete information for kept db - entries - -devices with the db_persist property won't be deleted during database -cleanup. This applies to dm and md devices in particular. -For such devices, we should also keep the files under /run/udev/links, -/run/udev/tags, and /run/udev/watch, to make sure that after restart, -udevd has the same information about the devices as it did before -the cleanup. - -If we don't do this, a lower-priority device that is discovered in -the coldplug phase may take over symlinks from a device that persisted. -Not removing the watches also enables udevd to resume watching a device -after restart. - -Signed-off-by: Martin Wilck -(cherry picked from commit 7ec624147a41d80f8e492c9fe19a24e2cda58c25) -(cherry picked from commit ef7ceef26adb714ef44b2fbc07a219c05a012b42) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/7a23db67795b6583028b7d7c0d5d8ef63c67d8c9 ---- - src/udev/udevadm-info.c | 64 +++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 61 insertions(+), 3 deletions(-) - -diff --git a/src/udev/udevadm-info.c b/src/udev/udevadm-info.c -index f05363150e..3314d6335e 100644 ---- a/src/udev/udevadm-info.c -+++ b/src/udev/udevadm-info.c -@@ -248,6 +248,64 @@ static void cleanup_dir(DIR *dir, mode_t mask, int depth) { - } - } - -+/* -+ * Assume that dir is a directory with file names matching udev data base -+ * entries for devices in /run/udev/data (such as "b8:16"), and removes -+ * all files except those that haven't been deleted in /run/udev/data -+ * (i.e. they were skipped during db cleanup because of the db_persist flag). -+ * Returns true if the directory is empty after cleanup. -+ */ -+static bool cleanup_dir_after_db_cleanup(DIR *dir, DIR *datadir) { -+ unsigned int kept = 0; -+ struct dirent *dent; -+ -+ assert(dir && datadir); -+ -+ FOREACH_DIRENT_ALL(dent, dir, break) { -+ struct stat data_stats, link_stats; -+ -+ if (dot_or_dot_dot(dent->d_name)) -+ continue; -+ if (fstatat(dirfd(dir), dent->d_name, &link_stats, AT_SYMLINK_NOFOLLOW) < 0) { -+ if (errno != ENOENT) -+ kept++; -+ continue; -+ } -+ -+ if (fstatat(dirfd(datadir), dent->d_name, &data_stats, 0) < 0) -+ (void) unlinkat(dirfd(dir), dent->d_name, -+ S_ISDIR(link_stats.st_mode) ? AT_REMOVEDIR : 0); -+ else -+ /* The entry still exists under /run/udev/data */ -+ kept++; -+ } -+ -+ return kept == 0; -+} -+ -+static void cleanup_dirs_after_db_cleanup(DIR *dir, DIR *datadir) { -+ struct dirent *dent; -+ -+ assert(dir && datadir); -+ -+ FOREACH_DIRENT_ALL(dent, dir, break) { -+ struct stat stats; -+ -+ if (dot_or_dot_dot(dent->d_name)) -+ continue; -+ if (fstatat(dirfd(dir), dent->d_name, &stats, AT_SYMLINK_NOFOLLOW) < 0) -+ continue; -+ if (S_ISDIR(stats.st_mode)) { -+ _cleanup_closedir_ DIR *dir2 = NULL; -+ -+ dir2 = fdopendir(openat(dirfd(dir), dent->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)); -+ if (dir2 && cleanup_dir_after_db_cleanup(dir2, datadir)) -+ (void) unlinkat(dirfd(dir), dent->d_name, AT_REMOVEDIR); -+ } else -+ (void) unlinkat(dirfd(dir), dent->d_name, 0); -+ } -+} -+ - static void cleanup_db(void) { - _cleanup_closedir_ DIR *dir1 = NULL, *dir2 = NULL, *dir3 = NULL, *dir4 = NULL, *dir5 = NULL; - -@@ -257,11 +315,11 @@ static void cleanup_db(void) { - - dir2 = opendir("/run/udev/links"); - if (dir2) -- cleanup_dir(dir2, 0, 2); -+ cleanup_dirs_after_db_cleanup(dir2, dir1); - - dir3 = opendir("/run/udev/tags"); - if (dir3) -- cleanup_dir(dir3, 0, 2); -+ cleanup_dirs_after_db_cleanup(dir3, dir1); - - dir4 = opendir("/run/udev/static_node-tags"); - if (dir4) -@@ -269,7 +327,7 @@ static void cleanup_db(void) { - - dir5 = opendir("/run/udev/watch"); - if (dir5) -- cleanup_dir(dir5, 0, 1); -+ cleanup_dir_after_db_cleanup(dir5, dir1); - } - - static int query_device(QueryType query, sd_device* device) { --- -2.33.0 - diff --git a/backport-udevadm-cleanup_dir-use-dot_or_dot_dot.patch b/backport-udevadm-cleanup_dir-use-dot_or_dot_dot.patch deleted file mode 100644 index fa22397..0000000 --- a/backport-udevadm-cleanup_dir-use-dot_or_dot_dot.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 75ff2fb73ed545d0427aea251fae6d55124f0e7c Mon Sep 17 00:00:00 2001 -From: Martin Wilck -Date: Fri, 21 Jan 2022 10:44:26 +0100 -Subject: [PATCH] udevadm: cleanup_dir: use dot_or_dot_dot() - -which is safer than just checking dent[0]. -Also, fix two style issues. - -(cherry picked from commit 28d6e8545151d413f8614db9fa790f9f9edbb045) -(cherry picked from commit 494e3c0def197abd4ec88f7b0c3ba331a708d81e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/75ff2fb73ed545d0427aea251fae6d55124f0e7c ---- - src/udev/udevadm-info.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/udev/udevadm-info.c b/src/udev/udevadm-info.c -index fa7f04f14c..f05363150e 100644 ---- a/src/udev/udevadm-info.c -+++ b/src/udev/udevadm-info.c -@@ -224,12 +224,14 @@ static void cleanup_dir(DIR *dir, mode_t mask, int depth) { - if (depth <= 0) - return; - -+ assert(dir); -+ - FOREACH_DIRENT_ALL(dent, dir, break) { - struct stat stats; - -- if (dent->d_name[0] == '.') -+ if (dot_or_dot_dot(dent->d_name)) - continue; -- if (fstatat(dirfd(dir), dent->d_name, &stats, AT_SYMLINK_NOFOLLOW) != 0) -+ if (fstatat(dirfd(dir), dent->d_name, &stats, AT_SYMLINK_NOFOLLOW) < 0) - continue; - if ((stats.st_mode & mask) != 0) - continue; --- -2.33.0 - diff --git a/backport-umask-util-add-helper-that-resets-umask-until-end-of.patch b/backport-umask-util-add-helper-that-resets-umask-until-end-of.patch deleted file mode 100644 index 3316a58..0000000 --- a/backport-umask-util-add-helper-that-resets-umask-until-end-of.patch +++ /dev/null @@ -1,117 +0,0 @@ -From 77cfa37459fbd350c67c08597aaa5cc098fcc1ee Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 12 Nov 2021 11:06:46 +0100 -Subject: [PATCH] umask-util: add helper that resets umask until end of current - code block - -(cherry picked from commit 52f05ef21d7790f37bc3cd6e54fb9a4bcb16efa5) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/77cfa37459fbd350c67c08597aaa5cc098fcc1ee ---- - src/basic/umask-util.h | 3 +++ - src/nspawn/nspawn.c | 9 +++------ - src/shared/dev-setup.c | 3 +-- - src/test/test-fs-util.c | 3 ++- - 4 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/src/basic/umask-util.h b/src/basic/umask-util.h -index bd7c2bdb8c..90d18f70ba 100644 ---- a/src/basic/umask-util.h -+++ b/src/basic/umask-util.h -@@ -24,3 +24,6 @@ assert_cc((S_IFMT & 0777) == 0); - for (_cleanup_umask_ mode_t _saved_umask_ = umask(mask) | S_IFMT; \ - FLAGS_SET(_saved_umask_, S_IFMT); \ - _saved_umask_ &= 0777) -+ -+#define BLOCK_WITH_UMASK(mask) \ -+ _unused_ _cleanup_umask_ mode_t _saved_umask_ = umask(mask); -diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index 575b9da447..1c468b310f 100644 ---- a/src/nspawn/nspawn.c -+++ b/src/nspawn/nspawn.c -@@ -2201,13 +2201,12 @@ static int copy_devnodes(const char *dest) { - "tty\0" - "net/tun\0"; - -- _cleanup_umask_ mode_t u; - const char *d; - int r = 0; - - assert(dest); - -- u = umask(0000); -+ BLOCK_WITH_UMASK(0000); - - /* Create /dev/net, so that we can create /dev/net/tun in it */ - if (userns_mkdir(dest, "/dev/net", 0755, 0, 0) < 0) -@@ -2284,11 +2283,10 @@ static int copy_devnodes(const char *dest) { - } - - static int make_extra_nodes(const char *dest) { -- _cleanup_umask_ mode_t u; - size_t i; - int r; - -- u = umask(0000); -+ BLOCK_WITH_UMASK(0000); - - for (i = 0; i < arg_n_extra_nodes; i++) { - _cleanup_free_ char *path = NULL; -@@ -2485,12 +2483,11 @@ static int setup_kmsg(int kmsg_socket) { - _cleanup_(unlink_and_freep) char *from = NULL; - _cleanup_free_ char *fifo = NULL; - _cleanup_close_ int fd = -1; -- _cleanup_umask_ mode_t u; - int r; - - assert(kmsg_socket >= 0); - -- u = umask(0000); -+ BLOCK_WITH_UMASK(0000); - - /* We create the kmsg FIFO as as temporary file in /run, but immediately delete it after bind mounting it to - * /proc/kmsg. While FIFOs on the reading side behave very similar to /proc/kmsg, their writing side behaves -diff --git a/src/shared/dev-setup.c b/src/shared/dev-setup.c -index b788b06913..0390abbfdc 100644 ---- a/src/shared/dev-setup.c -+++ b/src/shared/dev-setup.c -@@ -81,13 +81,12 @@ int make_inaccessible_nodes( - { "inaccessible/blk", S_IFBLK | 0000 }, - }; - -- _cleanup_umask_ mode_t u; - int r; - - if (!parent_dir) - parent_dir = "/run/systemd"; - -- u = umask(0000); -+ BLOCK_WITH_UMASK(0000); - - /* Set up inaccessible (and empty) file nodes of all types. This are used to as mount sources for over-mounting - * ("masking") file nodes that shall become inaccessible and empty for specific containers or services. We try -diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c -index 08bebcf0e8..a24558f25b 100644 ---- a/src/test/test-fs-util.c -+++ b/src/test/test-fs-util.c -@@ -763,7 +763,6 @@ static void test_rename_noreplace(void) { - - static void test_chmod_and_chown(void) { - _cleanup_(rm_rf_physical_and_freep) char *d = NULL; -- _unused_ _cleanup_umask_ mode_t u = umask(0000); - struct stat st; - const char *p; - -@@ -772,6 +771,8 @@ static void test_chmod_and_chown(void) { - - log_info("/* %s */", __func__); - -+ BLOCK_WITH_UMASK(0000); -+ - assert_se(mkdtemp_malloc(NULL, &d) >= 0); - - p = strjoina(d, "/reg"); --- -2.33.0 - diff --git a/backport-unit-coldplug-both-job-and-nop_job-if-possible.patch b/backport-unit-coldplug-both-job-and-nop_job-if-possible.patch deleted file mode 100644 index 1858050..0000000 --- a/backport-unit-coldplug-both-job-and-nop_job-if-possible.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 213ae9db6274227636fdca6731511499ed933e61 Mon Sep 17 00:00:00 2001 -From: Geass-LL -Date: Fri, 2 Apr 2021 11:27:59 +0800 -Subject: [PATCH] unit: coldplug both job and nop_job if possible - -Sometimes, both job and nop_job are deserialized. In this case, -if we only cold plug the job, the nop_job will also stuck in the -job list. - -(cherry picked from commit 7dbd330c7ef28852db0fb044503ed6f072477d50) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/213ae9db6274227636fdca6731511499ed933e61 ---- - src/core/unit.c | 11 +++++++---- - 1 file changed, 7 insertions(+), 4 deletions(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index e469beb534..38d3eb703f 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3581,7 +3581,6 @@ int unit_add_blockdev_dependency(Unit *u, const char *what, UnitDependencyMask m - int unit_coldplug(Unit *u) { - int r = 0, q; - char **i; -- Job *uj; - - assert(u); - -@@ -3604,9 +3603,13 @@ int unit_coldplug(Unit *u) { - r = q; - } - -- uj = u->job ?: u->nop_job; -- if (uj) { -- q = job_coldplug(uj); -+ if (u->job) { -+ q = job_coldplug(u->job); -+ if (q < 0 && r >= 0) -+ r = q; -+ } -+ if (u->nop_job) { -+ q = job_coldplug(u->nop_job); - if (q < 0 && r >= 0) - r = q; - } --- -2.33.0 - diff --git a/backport-unit-escape.patch b/backport-unit-escape.patch deleted file mode 100644 index 2394762..0000000 --- a/backport-unit-escape.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 6e4d122ad1db11ca898de183f898f731c4839d4a Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 23 Feb 2022 01:29:42 +0900 -Subject: [PATCH] unit: escape % - -Fixes #22601. ---- - units/tmp.mount | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/units/tmp.mount b/units/tmp.mount -index 4e1bb8de24..734acea237 100644 ---- a/units/tmp.mount -+++ b/units/tmp.mount -@@ -22,4 +22,4 @@ After=swap.target - What=tmpfs - Where=/tmp - Type=tmpfs --Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m -+Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m --- -2.27.0 - diff --git a/backport-unit-file-avoid-null-in-debugging-logs.patch b/backport-unit-file-avoid-null-in-debugging-logs.patch deleted file mode 100644 index 5abc189..0000000 --- a/backport-unit-file-avoid-null-in-debugging-logs.patch +++ /dev/null @@ -1,43 +0,0 @@ -From e58e1472edc97ff2b234fda60fd0f977f12659fb Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 23 Jul 2022 12:48:35 +0900 -Subject: [PATCH] unit-file: avoid (null) in debugging logs - -The variable `inst` was set to NULL by TAKE_PTR(). - -This fixes the following log message: -``` -systemd[1]: Unit getty@tty2.service has alias (null). -``` - -(cherry picked from commit 7c35b78a0b96085e3d634542212c5521bc2a2f21) -(cherry picked from commit 9ac0ad80fe97c22ec3dc4670e859abaae9a1f8bf) -(cherry picked from commit 0e7214c8b5c95bc378ad6b9353e944ec0fba4e21) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/e58e1472edc97ff2b234fda60fd0f977f12659fb ---- - src/basic/unit-file.c | 5 +---- - 1 file changed, 1 insertion(+), 4 deletions(-) - -diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c -index d1e997ec9f..7b0c932654 100644 ---- a/src/basic/unit-file.c -+++ b/src/basic/unit-file.c -@@ -520,12 +520,9 @@ static int add_names( - continue; - } - -- r = set_consume(*names, TAKE_PTR(inst)); -- if (r > 0) -- log_debug("Unit %s has alias %s.", unit_name, inst); -+ r = add_name(unit_name, names, inst); - } else - r = add_name(unit_name, names, *alias); -- - if (r < 0) - return r; - } --- -2.27.0 - diff --git a/backport-unit_is_bound_by_inactive-fix-return-pointer-check.patch b/backport-unit_is_bound_by_inactive-fix-return-pointer-check.patch deleted file mode 100644 index 0829a03..0000000 --- a/backport-unit_is_bound_by_inactive-fix-return-pointer-check.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 02d51801672376505f07fae5938e195845f2c7a9 Mon Sep 17 00:00:00 2001 -From: Dominique Martinet -Date: Wed, 24 Nov 2021 22:27:22 +0900 -Subject: [PATCH] unit_is_bound_by_inactive: fix return pointer check - -*ret_culprit should be set if ret_culprit has been passed a non-null value, -checking the previous *ret_culprit value does not make sense. - -This would cause the culprit to not properly be assigned, leading to -pid1 crash when a unit could not be stopped. - -Fixes: #21476 - -(cherry picked from commit 3da361064bf550d1818c7cd800a514326058e5f2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/02d51801672376505f07fae5938e195845f2c7a9 ---- - src/core/unit.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index 38d3eb703f..c792bd8e82 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -2118,7 +2118,7 @@ bool unit_is_bound_by_inactive(Unit *u, Unit **ret_culprit) { - continue; - - if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) { -- if (*ret_culprit) -+ if (ret_culprit) - *ret_culprit = other; - - return true; --- -2.33.0 - diff --git a/backport-units-remove-the-restart-limit-on-the-modprobe-.serv.patch b/backport-units-remove-the-restart-limit-on-the-modprobe-.serv.patch deleted file mode 100644 index 2de832e..0000000 --- a/backport-units-remove-the-restart-limit-on-the-modprobe-.serv.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 639423416c18c3a41a8f326618e340c25585a40a Mon Sep 17 00:00:00 2001 -From: Alban Bedel -Date: Wed, 15 Jun 2022 13:12:46 +0200 -Subject: [PATCH] units: remove the restart limit on the modprobe@.service - -They are various cases where the same module might be repeatedly -loaded in a short time frame, for example if a service depending on a -module keep restarting, or if many instances of such service get -started at the same time. If this happend the modprobe@.service -instance will be marked as failed because it hit the restart limit. - -Overall it doesn't seems to make much sense to have a restart limit on -the modprobe service so just disable it. - -Fixes: #23742 -(cherry picked from commit 9625350e5381a68c1179ae4581e7586c206663e1) -(cherry picked from commit 8539a62207c9d0cc1656458eb53ffc9177b2c7c8) ---- - units/modprobe@.service | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/units/modprobe@.service b/units/modprobe@.service -index cf8baf6084..85a2c08dee 100644 ---- a/units/modprobe@.service -+++ b/units/modprobe@.service -@@ -13,6 +13,7 @@ DefaultDependencies=no - Before=sysinit.target - Documentation=man:modprobe(8) - ConditionCapability=CAP_SYS_MODULE -+StartLimitIntervalSec=0 - - [Service] - Type=oneshot --- -2.33.0 - diff --git a/backport-user-record-disable-two-pbkdf-fields-that-don-t-appl.patch b/backport-user-record-disable-two-pbkdf-fields-that-don-t-appl.patch deleted file mode 100644 index cd65874..0000000 --- a/backport-user-record-disable-two-pbkdf-fields-that-don-t-appl.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 5ee578fd13809e08fbda1a9bca2256ffd24e9857 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 5 Oct 2021 18:24:05 +0200 -Subject: [PATCH] user-record: disable two pbkdf fields that don't apply for - pkbdf2 - -Fixes: #20830 -(cherry picked from commit 8b4f88d13681c6dec839de06c668d32374d44724) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5ee578fd13809e08fbda1a9bca2256ffd24e9857 ---- - src/shared/user-record.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/src/shared/user-record.c b/src/shared/user-record.c -index 17460ceaf6..5fb3d4bbf2 100644 ---- a/src/shared/user-record.c -+++ b/src/shared/user-record.c -@@ -1913,9 +1913,9 @@ uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h) { - assert(h); - - /* Returns a value with kb granularity, since that's what libcryptsetup expects */ -- - if (h->luks_pbkdf_memory_cost == UINT64_MAX) -- return 64*1024*1024; /* We default to 64M, since this should work on smaller systems too */ -+ return streq(user_record_luks_pbkdf_type(h), "pbkdf2") ? 0 : /* doesn't apply for simple pbkdf2 */ -+ 64*1024*1024; /* We default to 64M, since this should work on smaller systems too */ - - return MIN(DIV_ROUND_UP(h->luks_pbkdf_memory_cost, 1024), UINT32_MAX) * 1024; - } -@@ -1923,8 +1923,9 @@ uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h) { - uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord *h) { - assert(h); - -- if (h->luks_pbkdf_memory_cost == UINT64_MAX) -- return 1; /* We default to 1, since this should work on smaller systems too */ -+ if (h->luks_pbkdf_parallel_threads == UINT64_MAX) -+ return streq(user_record_luks_pbkdf_type(h), "pbkdf2") ? 0 : /* doesn't apply for simple pbkdf2 */ -+ 1; /* We default to 1, since this should work on smaller systems too */ - - return MIN(h->luks_pbkdf_parallel_threads, UINT32_MAX); - } --- -2.33.0 - diff --git a/backport-user-record-fix-display-of-access-mode.patch b/backport-user-record-fix-display-of-access-mode.patch deleted file mode 100644 index bc28126..0000000 --- a/backport-user-record-fix-display-of-access-mode.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 9e318d9ff288b2b12b21a534d0cab3b4e153b462 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 5 Nov 2021 16:36:32 +0100 -Subject: [PATCH] user-record: fix display of access mode - -(cherry picked from commit 7cdd5c0d4c2213b791d8d22e7dd466a39e9c5db0) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/9e318d9ff288b2b12b21a534d0cab3b4e153b462 ---- - src/shared/user-record-show.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shared/user-record-show.c b/src/shared/user-record-show.c -index 29790282b4..54ff949ff5 100644 ---- a/src/shared/user-record-show.c -+++ b/src/shared/user-record-show.c -@@ -280,7 +280,7 @@ void user_record_show(UserRecord *hr, bool show_full_group_info) { - printf(" IO Weight: %" PRIu64 "\n", hr->io_weight); - - if (hr->access_mode != MODE_INVALID) -- printf(" Access Mode: 0%03oo\n", user_record_access_mode(hr)); -+ printf(" Access Mode: 0%03o\n", user_record_access_mode(hr)); - - if (storage == USER_LUKS) { - printf("LUKS Discard: online=%s offline=%s\n", yes_no(user_record_luks_discard(hr)), yes_no(user_record_luks_offline_discard(hr))); --- -2.33.0 - diff --git a/backport-userdb-fix-type-to-pass-to-connect.patch b/backport-userdb-fix-type-to-pass-to-connect.patch deleted file mode 100644 index 6c89beb..0000000 --- a/backport-userdb-fix-type-to-pass-to-connect.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 667eab61d4c5520d7875de5df489ec68a4c9f123 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Sat, 16 Oct 2021 05:04:26 +0900 -Subject: [PATCH] userdb: fix type to pass to connect() - -Fixes https://github.com/systemd/systemd/pull/20613#issuecomment-944621275. - -(cherry picked from commit c14e57356f1e82c35bf3a3e8aaeac134b545801b) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/667eab61d4c5520d7875de5df489ec68a4c9f123 ---- - src/userdb/userdbctl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/userdb/userdbctl.c b/src/userdb/userdbctl.c -index 8db0c34fb5..9ec0ad6c5e 100644 ---- a/src/userdb/userdbctl.c -+++ b/src/userdb/userdbctl.c -@@ -512,7 +512,7 @@ static int display_services(int argc, char *argv[], void *userdata) { - if (fd < 0) - return log_error_errno(r, "Failed to allocate AF_UNIX/SOCK_STREAM socket: %m"); - -- if (connect(fd, &sockaddr.un, sockaddr_len) < 0) { -+ if (connect(fd, &sockaddr.sa, sockaddr_len) < 0) { - no = strjoin("No (", errno_to_name(errno), ")"); - if (!no) - return log_oom(); --- -2.33.0 - diff --git a/backport-util-another-set-of-CVE-2021-4034-assert-s.patch b/backport-util-another-set-of-CVE-2021-4034-assert-s.patch deleted file mode 100644 index ca8b54d..0000000 --- a/backport-util-another-set-of-CVE-2021-4034-assert-s.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 356b1ee1febeecf636eec6b7e08036603bf760d5 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 1 Feb 2022 12:06:21 +0100 -Subject: [PATCH] util: another set of CVE-2021-4034 assert()s - -It's a good idea that we validate argc/argv when we are supposed to -store them away. - -(cherry picked from commit 007e03b284e8ffc0b92edb2122cd9d2d16f049ef) -(cherry picked from commit dcba78244e5dc3a4b57fb978a2d21640164c89a2) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/356b1ee1febeecf636eec6b7e08036603bf760d5 ---- - src/basic/util.h | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/basic/util.h b/src/basic/util.h -index b6c51c036e..22fcef719f 100644 ---- a/src/basic/util.h -+++ b/src/basic/util.h -@@ -9,6 +9,12 @@ extern int saved_argc; - extern char **saved_argv; - - static inline void save_argc_argv(int argc, char **argv) { -+ -+ /* Protect against CVE-2021-4034 style attacks */ -+ assert_se(argc > 0); -+ assert_se(argv); -+ assert_se(argv[0]); -+ - saved_argc = argc; - saved_argv = argv; - } --- -2.33.0 - diff --git a/backport-utmp-remove-dev-from-line.patch b/backport-utmp-remove-dev-from-line.patch deleted file mode 100644 index 5b6f2ef..0000000 --- a/backport-utmp-remove-dev-from-line.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 09534e85b5c51c664077637e7e8c7c68dec52972 Mon Sep 17 00:00:00 2001 -From: Vincent Bernat -Date: Mon, 18 Oct 2021 20:58:43 +0200 -Subject: [PATCH] utmp: remove /dev from line - -utmp(5) says `ut_line` is the device name minus the leading "/dev/". Therefore, -remove it. Without that, when using UtmpMode=user, we get `/dev/tty` in the -output of `last`/`w`. - -(cherry picked from commit 33331d116db2eaf1189ea56ee4b36540179ac3dd) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/09534e85b5c51c664077637e7e8c7c68dec52972 ---- - src/core/execute.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/core/execute.c b/src/core/execute.c -index 2a337b55a2..6ff757ff04 100644 ---- a/src/core/execute.c -+++ b/src/core/execute.c -@@ -4059,13 +4059,17 @@ static int exec_child( - } - } - -- if (context->utmp_id) -+ if (context->utmp_id) { -+ const char *line = context->tty_path ? -+ (path_startswith(context->tty_path, "/dev/") ?: context->tty_path) : -+ NULL; - utmp_put_init_process(context->utmp_id, getpid_cached(), getsid(0), -- context->tty_path, -+ line, - context->utmp_mode == EXEC_UTMP_INIT ? INIT_PROCESS : - context->utmp_mode == EXEC_UTMP_LOGIN ? LOGIN_PROCESS : - USER_PROCESS, - username); -+ } - - if (uid_is_valid(uid)) { - r = chown_terminal(STDIN_FILENO, uid); --- -2.33.0 - diff --git a/backport-varlink-disconnect-varlink-link-in-one-more-case.patch b/backport-varlink-disconnect-varlink-link-in-one-more-case.patch deleted file mode 100644 index 915d3db..0000000 --- a/backport-varlink-disconnect-varlink-link-in-one-more-case.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 968f2f3f5a76b05142e1de447bb79f4f97868721 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 21 Oct 2021 17:29:48 +0200 -Subject: [PATCH] varlink: disconnect varlink link in one more case - -Previously we'd possibly see POLLHUP on a varlink link, and continue to -run epoll on it even though we have nothing to read nor write anymore. - -Let's fix that, and once we know that there's nothing to write anymore -(or we saw a write error already) we'll disconnect after POLLHUP. - -Fixes: #20062 -(cherry picked from commit 7c26a631ad8bf91016db156b7d299ca68fd7866e) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/968f2f3f5a76b05142e1de447bb79f4f97868721 ---- - src/shared/varlink.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/src/shared/varlink.c b/src/shared/varlink.c -index 8da568e208..a57475b5ba 100644 ---- a/src/shared/varlink.c -+++ b/src/shared/varlink.c -@@ -417,9 +417,10 @@ static int varlink_test_disconnect(Varlink *v) { - if (IN_SET(v->state, VARLINK_IDLE_CLIENT) && (v->write_disconnected || v->got_pollhup)) - goto disconnect; - -- /* The server is still expecting to write more, but its write end is disconnected and it got a POLLHUP -- * (i.e. from a disconnected client), so disconnect. */ -- if (IN_SET(v->state, VARLINK_PENDING_METHOD, VARLINK_PENDING_METHOD_MORE) && v->write_disconnected && v->got_pollhup) -+ /* We are on the server side and still want to send out more replies, but we saw POLLHUP already, and -+ * either got no buffered bytes to write anymore or already saw a write error. In that case we should -+ * shut down the varlink link. */ -+ if (IN_SET(v->state, VARLINK_PENDING_METHOD, VARLINK_PENDING_METHOD_MORE) && (v->write_disconnected || v->output_buffer_size == 0) && v->got_pollhup) - goto disconnect; - - return 0; --- -2.33.0 - diff --git a/backport-veritysetup-print-help-for-help-h-help.patch b/backport-veritysetup-print-help-for-help-h-help.patch deleted file mode 100644 index a3725c9..0000000 --- a/backport-veritysetup-print-help-for-help-h-help.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 5e5923f272682476c053e5afd705e0f6b4595cbf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Sat, 31 Jul 2021 09:00:11 +0200 -Subject: [PATCH] veritysetup: print help for --help/-h/help - -In general our commands print help on --help, but here this would trigger -the error that two arguments are needed. Let's make this more user-friendly. - -(cherry picked from commit 5d5e43cc33637a12f743f17294cfbd3ede08a1b3) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5e5923f272682476c053e5afd705e0f6b4595cbf ---- - src/veritysetup/veritysetup.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/veritysetup/veritysetup.c b/src/veritysetup/veritysetup.c -index 34208dcd87..14d7462ddb 100644 ---- a/src/veritysetup/veritysetup.c -+++ b/src/veritysetup/veritysetup.c -@@ -130,7 +130,10 @@ static int run(int argc, char *argv[]) { - _cleanup_(crypt_freep) struct crypt_device *cd = NULL; - int r; - -- if (argc <= 1) -+ if (argc <= 1 || -+ strv_contains(strv_skip(argv, 1), "--help") || -+ strv_contains(strv_skip(argv, 1), "-h") || -+ streq(argv[1], "help")) - return help(); - - if (argc < 3) --- -2.33.0 - diff --git a/backport-virt-Fix-the-detection-for-Hyper-V-VMs.patch b/backport-virt-Fix-the-detection-for-Hyper-V-VMs.patch deleted file mode 100644 index fc435fc..0000000 --- a/backport-virt-Fix-the-detection-for-Hyper-V-VMs.patch +++ /dev/null @@ -1,45 +0,0 @@ -From ba22ee4985c6ca690b84fdca36cf012b200a3c4e Mon Sep 17 00:00:00 2001 -From: Boqun Feng -Date: Tue, 23 Nov 2021 15:09:26 +0800 -Subject: [PATCH] virt: Fix the detection for Hyper-V VMs - -Use product_version instead of product_name in DMI table and the string -"Hyper-V" to avoid misdetection. - -Fixes: #21468 - -Signed-off-by: Boqun Feng -(cherry picked from commit 76eec0649936d9ae2f9087769f463feaf0cf5cb4) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/ba22ee4985c6ca690b84fdca36cf012b200a3c4e ---- - src/basic/virt.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/basic/virt.c b/src/basic/virt.c -index cc123a286f..bbc583ae52 100644 ---- a/src/basic/virt.c -+++ b/src/basic/virt.c -@@ -146,7 +146,8 @@ static int detect_vm_dmi_vendor(void) { - "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */ - "/sys/class/dmi/id/sys_vendor", - "/sys/class/dmi/id/board_vendor", -- "/sys/class/dmi/id/bios_vendor" -+ "/sys/class/dmi/id/bios_vendor", -+ "/sys/class/dmi/id/product_version" /* For Hyper-V VMs test */ - }; - - static const struct { -@@ -165,7 +166,7 @@ static int detect_vm_dmi_vendor(void) { - { "Parallels", VIRTUALIZATION_PARALLELS }, - /* https://wiki.freebsd.org/bhyve */ - { "BHYVE", VIRTUALIZATION_BHYVE }, -- { "Microsoft", VIRTUALIZATION_MICROSOFT }, -+ { "Hyper-V", VIRTUALIZATION_MICROSOFT }, - }; - int r; - --- -2.33.0 - diff --git a/backport-virt-Improve-detection-of-EC2-metal-instances.patch b/backport-virt-Improve-detection-of-EC2-metal-instances.patch deleted file mode 100644 index 309cca9..0000000 --- a/backport-virt-Improve-detection-of-EC2-metal-instances.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 785e760653cf5249207caa80857956f0096525df Mon Sep 17 00:00:00 2001 -From: Benjamin Herrenschmidt -Date: Fri, 3 Sep 2021 11:36:46 +1000 -Subject: [PATCH] virt: Improve detection of EC2 metal instances - -The current detection code relies on /sys/firmware/dmi/entries/0-0/raw -to disambiguate Amazon EC2 virtualized from metal instances. - -Unfortunately this file is root only. Thus on a c6g.metal instance -(aarch64), we observe something like this: - -$ systemd-detect-virt -amazon -$ sudo systemd-detect-virt -none - -Only the latter is correct. - -The right long term fix is to extend the kernel to expose the SMBIOS BIOS -Characteristics properly via /sys/class/dmi, but until this happens (and -for backwards compatibility when it does), we need a plan B. - -This change implements such a workaround by falling back to using the -instance type from DMI and looking at the ".metal" string present on -metal instances. - -Signed-off-by: Benjamin Herrenschmidt -(cherry picked from commit f90eea7d18d9ebe88e6a66cd7a86b618def8945d) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/785e760653cf5249207caa80857956f0096525df ---- - src/basic/virt.c | 32 ++++++++++++++++++++++++++++++-- - 1 file changed, 30 insertions(+), 2 deletions(-) - -diff --git a/src/basic/virt.c b/src/basic/virt.c -index 7e88f09b48..7ed01ba3c9 100644 ---- a/src/basic/virt.c -+++ b/src/basic/virt.c -@@ -235,8 +235,36 @@ static int detect_vm_dmi(void) { - - /* The DMI vendor tables in /sys/class/dmi/id don't help us distinguish between Amazon EC2 - * virtual machines and bare-metal instances, so we need to look at SMBIOS. */ -- if (r == VIRTUALIZATION_AMAZON && detect_vm_smbios() == SMBIOS_VM_BIT_UNSET) -- return VIRTUALIZATION_NONE; -+ if (r == VIRTUALIZATION_AMAZON) { -+ switch (detect_vm_smbios()) { -+ case SMBIOS_VM_BIT_SET: -+ return VIRTUALIZATION_AMAZON; -+ case SMBIOS_VM_BIT_UNSET: -+ return VIRTUALIZATION_NONE; -+ case SMBIOS_VM_BIT_UNKNOWN: { -+ /* The DMI information we are after is only accessible to the root user, -+ * so we fallback to using the product name which is less restricted -+ * to distinguish metal systems from virtualized instances */ -+ _cleanup_free_ char *s = NULL; -+ -+ r = read_full_virtual_file("/sys/class/dmi/id/product_name", &s, NULL); -+ /* In EC2, virtualized is much more common than metal, so if for some reason -+ * we fail to read the DMI data, assume we are virtualized. */ -+ if (r < 0) { -+ log_debug_errno(r, "Can't read /sys/class/dmi/id/product_name," -+ " assuming virtualized: %m"); -+ return VIRTUALIZATION_AMAZON; -+ } -+ if (endswith(truncate_nl(s), ".metal")) { -+ log_debug("DMI product name ends with '.metal', assuming no virtualization"); -+ return VIRTUALIZATION_NONE; -+ } else -+ return VIRTUALIZATION_AMAZON; -+ } -+ default: -+ assert_not_reached("Bad virtualization value"); -+ } -+ } - - /* If we haven't identified a VM, but the firmware indicates that there is one, indicate as much. We - * have no further information about what it is. */ --- -2.33.0 - diff --git a/backport-virt-Support-detection-for-ARM64-Hyper-V-guests.patch b/backport-virt-Support-detection-for-ARM64-Hyper-V-guests.patch deleted file mode 100644 index 48ece31..0000000 --- a/backport-virt-Support-detection-for-ARM64-Hyper-V-guests.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 258968ba75bc27d4ea61967b9a27c1f139e89799 Mon Sep 17 00:00:00 2001 -From: Boqun Feng -Date: Wed, 13 Oct 2021 11:32:09 +0800 -Subject: [PATCH] virt: Support detection for ARM64 Hyper-V guests - -The detection of Microsoft Hyper-V VMs is done by cpuid currently, -however there is no cpuid on ARM64. And since ARM64 is now a supported -architecture for Microsoft Hyper-V guests[1], then use DMI tables to -detect a Hyper-V guest, which is more generic and works for ARM64. - -[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7aff79e297ee1aa0126924921fd87a4ae59d2467 - -(cherry picked from commit 506bbc8569014253ea8614b680ccbc4fc2513a87) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/258968ba75bc27d4ea61967b9a27c1f139e89799 ---- - src/basic/virt.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/basic/virt.c b/src/basic/virt.c -index 7ed01ba3c9..0243b2d2a8 100644 ---- a/src/basic/virt.c -+++ b/src/basic/virt.c -@@ -165,6 +165,7 @@ static int detect_vm_dmi_vendor(void) { - { "Parallels", VIRTUALIZATION_PARALLELS }, - /* https://wiki.freebsd.org/bhyve */ - { "BHYVE", VIRTUALIZATION_BHYVE }, -+ { "Microsoft", VIRTUALIZATION_MICROSOFT }, - }; - int r; - --- -2.33.0 - diff --git a/backport-virt-detect-OpenStack-Nova-instance.patch b/backport-virt-detect-OpenStack-Nova-instance.patch deleted file mode 100644 index 47f4df4..0000000 --- a/backport-virt-detect-OpenStack-Nova-instance.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 01d9fbccddd694bc584aed24eaa0543f831dc929 Mon Sep 17 00:00:00 2001 -From: wangyuhang -Date: Tue, 19 Apr 2022 21:05:25 +0800 -Subject: [PATCH] virt: detect OpenStack Nova instance - -Conflict:add testcase for virt detect OpenStack Nova instance -Reference:https://github.com/systemd/systemd/commit/01d9fbccddd694bc584aed24eaa0543f831dc929 ---- - src/basic/virt.c | 1 + - src/test/meson.build | 14 ++ - src/test/test-virt.c | 39 ++++++++++++++++++++++++++++++ - 3 file changed, 54 insertion(+) - -diff --git a/src/basic/virt.c b/src/basic/virt.c -index 7e88f09..d8740cf 100644 ---- a/src/basic/virt.c -+++ b/src/basic/virt.c -@@ -154,6 +154,7 @@ static int detect_vm_dmi_vendor(void) { - int id; - } dmi_vendor_table[] = { - { "KVM", VIRTUALIZATION_KVM }, -+ { "OpenStack", VIRTUALIZATION_KVM }, /* Detect OpenStack instance as KVM in non x86 architecture */ - { "Amazon EC2", VIRTUALIZATION_AMAZON }, - { "QEMU", VIRTUALIZATION_QEMU }, - { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */ - -diff --git a/src/test/meson.build b/src/test/meson.build -index e106059..ea64a12 100644 ---- a/src/test/meson.build -+++ b/src/test/meson.build -@@ -602,6 +602,14 @@ tests += [ - - [['src/test/test-nscd-flush.c'], - [], [], [], 'ENABLE_NSCD', 'manual'], -+ -+ [['src/test/test-virt.c', -+ 'src/basic/virt.c', -+ 'src/basic/virt.h'], -+ [libcore, -+ libshared], -+ [], -+ core_includes], - ] - - ############################################################ - -diff --git a/src/test/test-virt.c b/src/test/test-virt.c -new file mode 100644 -index 0000000..17cc22e ---- /dev/null -+++ b/src/test/test-virt.c -@@ -0,0 +1,39 @@ -+/* SPDX-License-Identifier: LGPL-2.1-or-later */ -+ -+#include -+#include -+#include -+ -+#include "string-util.h" -+#include "fileio.h" -+#include "virt.h" -+#include "log.h" -+#include "tests.h" -+ -+static void detect_virt(const char *vendor) { -+ assert_se(write_string_file("/sys/class/dmi/id/product_name", vendor, -+ WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MKDIR_0755) == 0); -+ -+ assert_se(detect_virtualization() == VIRTUALIZATION_KVM); -+} -+ -+int main(int argc, char *argv[]) { -+ char template[] = "/tmp/test-virt.XXXXXX"; -+ assert_se(mkdtemp(template)); -+ -+ if (geteuid() > 0 && unshare(CLONE_NEWUSER) != 0) { -+ (void) log_tests_skipped("Don't have namespace support"); -+ return EXIT_TEST_SKIP; -+ } -+ -+ if (chroot(template) != 0) { -+ (void) log_tests_skipped("Don't have chroot support"); -+ return EXIT_TEST_SKIP; -+ } -+ -+#if defined(__arm__) || defined(__aarch64__) -+ detect_virt("OpenStack Nova"); -+#endif -+ -+ return 0; -+} -\ No newline at end of file --- -2.27.0 - diff --git a/backport-wait-online-rename-Manager-elements.patch b/backport-wait-online-rename-Manager-elements.patch deleted file mode 100644 index 5011a97..0000000 --- a/backport-wait-online-rename-Manager-elements.patch +++ /dev/null @@ -1,175 +0,0 @@ -From 5d4fc5cb2a0d18f8a67468209227a59ec3f30b5f Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Wed, 26 Jan 2022 20:54:39 +0900 -Subject: [PATCH] wait-online: rename Manager elements - -(cherry picked from commit 5f200833ed0754adaba548b0b617f6c192615acd) -(cherry picked from commit 397ede8dcd29f35350c015f1d945e50c88476a93) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5d4fc5cb2a0d18f8a67468209227a59ec3f30b5f ---- - src/network/wait-online/link.c | 4 ++-- - src/network/wait-online/manager.c | 33 ++++++++++++++++++------------- - src/network/wait-online/manager.h | 8 ++++---- - 3 files changed, 25 insertions(+), 20 deletions(-) - -diff --git a/src/network/wait-online/link.c b/src/network/wait-online/link.c -index 5a33d563c2..0f5f68e765 100644 ---- a/src/network/wait-online/link.c -+++ b/src/network/wait-online/link.c -@@ -32,7 +32,7 @@ int link_new(Manager *m, Link **ret, int ifindex, const char *ifname) { - .required_operstate = LINK_OPERSTATE_RANGE_DEFAULT, - }; - -- r = hashmap_ensure_put(&m->links, NULL, INT_TO_PTR(ifindex), l); -+ r = hashmap_ensure_put(&m->links_by_index, NULL, INT_TO_PTR(ifindex), l); - if (r < 0) - return r; - -@@ -53,7 +53,7 @@ Link *link_free(Link *l) { - return NULL; - - if (l->manager) { -- hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex)); -+ hashmap_remove(l->manager->links_by_index, INT_TO_PTR(l->ifindex)); - hashmap_remove(l->manager->links_by_name, l->ifname); - } - -diff --git a/src/network/wait-online/manager.c b/src/network/wait-online/manager.c -index e1df0345c0..d8cf2338b0 100644 ---- a/src/network/wait-online/manager.c -+++ b/src/network/wait-online/manager.c -@@ -21,14 +21,15 @@ static bool manager_ignore_link(Manager *m, Link *link) { - return true; - - /* if interfaces are given on the command line, ignore all others */ -- if (m->interfaces && !hashmap_contains(m->interfaces, link->ifname)) -+ if (m->command_line_interfaces_by_name && -+ !hashmap_contains(m->command_line_interfaces_by_name, link->ifname)) - return true; - - if (!link->required_for_online) - return true; - - /* ignore interfaces we explicitly are asked to ignore */ -- return strv_fnmatch(m->ignore, link->ifname); -+ return strv_fnmatch(m->ignored_interfaces, link->ifname); - } - - static int manager_link_is_online(Manager *m, Link *l, LinkOperationalStateRange s) { -@@ -101,14 +102,14 @@ static int manager_link_is_online(Manager *m, Link *l, LinkOperationalStateRange - bool manager_configured(Manager *m) { - bool one_ready = false; - const char *ifname; -- void *p; - Link *l; - int r; - -- if (!hashmap_isempty(m->interfaces)) { -+ if (!hashmap_isempty(m->command_line_interfaces_by_name)) { -+ LinkOperationalStateRange *range; -+ - /* wait for all the links given on the command line to appear */ -- HASHMAP_FOREACH_KEY(p, ifname, m->interfaces) { -- LinkOperationalStateRange *range = p; -+ HASHMAP_FOREACH_KEY(range, ifname, m->command_line_interfaces_by_name) { - - l = hashmap_get(m->links_by_name, ifname); - if (!l && range->min == LINK_OPERSTATE_MISSING) { -@@ -139,7 +140,7 @@ bool manager_configured(Manager *m) { - - /* wait for all links networkd manages to be in admin state 'configured' - * and at least one link to gain a carrier */ -- HASHMAP_FOREACH(l, m->links) { -+ HASHMAP_FOREACH(l, m->links_by_index) { - if (manager_ignore_link(m, l)) { - log_link_debug(l, "link is ignored"); - continue; -@@ -191,7 +192,7 @@ static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void * - return 0; - } - -- l = hashmap_get(m->links, INT_TO_PTR(ifindex)); -+ l = hashmap_get(m->links_by_index, INT_TO_PTR(ifindex)); - - switch (type) { - -@@ -294,7 +295,7 @@ static int on_network_event(sd_event_source *s, int fd, uint32_t revents, void * - - sd_network_monitor_flush(m->network_monitor); - -- HASHMAP_FOREACH(l, m->links) { -+ HASHMAP_FOREACH(l, m->links_by_index) { - r = link_update_monitor(l); - if (r < 0 && r != -ENODATA) - log_link_warning_errno(l, r, "Failed to update link state, ignoring: %m"); -@@ -331,10 +332,14 @@ static int manager_network_monitor_listen(Manager *m) { - return 0; - } - --int manager_new(Manager **ret, Hashmap *interfaces, char **ignore, -+int manager_new(Manager **ret, -+ Hashmap *command_line_interfaces_by_name, -+ char **ignored_interfaces, - LinkOperationalStateRange required_operstate, - AddressFamily required_family, -- bool any, usec_t timeout) { -+ bool any, -+ usec_t timeout) { -+ - _cleanup_(manager_freep) Manager *m = NULL; - int r; - -@@ -345,8 +350,8 @@ int manager_new(Manager **ret, Hashmap *interfaces, char **ignore, - return -ENOMEM; - - *m = (Manager) { -- .interfaces = interfaces, -- .ignore = ignore, -+ .command_line_interfaces_by_name = command_line_interfaces_by_name, -+ .ignored_interfaces = ignored_interfaces, - .required_operstate = required_operstate, - .required_family = required_family, - .any = any, -@@ -384,7 +389,7 @@ Manager* manager_free(Manager *m) { - if (!m) - return NULL; - -- hashmap_free_with_destructor(m->links, link_free); -+ hashmap_free_with_destructor(m->links_by_index, link_free); - hashmap_free(m->links_by_name); - - sd_event_source_unref(m->network_monitor_event_source); -diff --git a/src/network/wait-online/manager.h b/src/network/wait-online/manager.h -index f2e091638c..01ad18f8f6 100644 ---- a/src/network/wait-online/manager.h -+++ b/src/network/wait-online/manager.h -@@ -13,12 +13,12 @@ typedef struct Manager Manager; - typedef struct Link Link; - - struct Manager { -- Hashmap *links; -+ Hashmap *links_by_index; - Hashmap *links_by_name; - - /* Do not free the two members below. */ -- Hashmap *interfaces; -- char **ignore; -+ Hashmap *command_line_interfaces_by_name; -+ char **ignored_interfaces; - - LinkOperationalStateRange required_operstate; - AddressFamily required_family; -@@ -34,7 +34,7 @@ struct Manager { - }; - - Manager* manager_free(Manager *m); --int manager_new(Manager **ret, Hashmap *interfaces, char **ignore, -+int manager_new(Manager **ret, Hashmap *command_line_interfaces_by_name, char **ignored_interfaces, - LinkOperationalStateRange required_operstate, - AddressFamily required_family, - bool any, usec_t timeout); --- -2.33.0 - diff --git a/backport-watchdog-pass-right-error-code-to-log-function-so-th.patch b/backport-watchdog-pass-right-error-code-to-log-function-so-th.patch deleted file mode 100644 index cdc4dc9..0000000 --- a/backport-watchdog-pass-right-error-code-to-log-function-so-th.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 11d5f109b04cd61c8bf437065b5e178c485a49b4 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 15 Sep 2021 15:43:42 +0200 -Subject: [PATCH] watchdog: pass right error code to log function so that %m - works - -(cherry picked from commit a4588af942af976c55f72869340c24d5017db278) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/11d5f109b04cd61c8bf437065b5e178c485a49b4 ---- - src/shared/watchdog.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/shared/watchdog.c b/src/shared/watchdog.c -index d33acafe64..8586a88e54 100644 ---- a/src/shared/watchdog.c -+++ b/src/shared/watchdog.c -@@ -47,8 +47,8 @@ static int update_timeout(void) { - flags = WDIOS_ENABLECARD; - if (ioctl(watchdog_fd, WDIOC_SETOPTIONS, &flags) < 0) { - /* ENOTTY means the watchdog is always enabled so we're fine */ -- log_full(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, -- "Failed to enable hardware watchdog: %m"); -+ log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, errno, -+ "Failed to enable hardware watchdog, ignoring: %m"); - if (!ERRNO_IS_NOT_SUPPORTED(errno)) - return -errno; - } --- -2.33.0 - diff --git a/backport-xdg-autostart-service-Ignore-missing-desktop-sepcifi.patch b/backport-xdg-autostart-service-Ignore-missing-desktop-sepcifi.patch deleted file mode 100644 index ab388d4..0000000 --- a/backport-xdg-autostart-service-Ignore-missing-desktop-sepcifi.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 5d3466ec91b05853b815db509b901e6a6d5f4db4 Mon Sep 17 00:00:00 2001 -From: Benjamin Berg -Date: Mon, 10 Jan 2022 12:35:46 +0100 -Subject: [PATCH] xdg-autostart-service: Ignore missing desktop-sepcific - condition binary - -If a desktop specific ExecCondition= binary does not exist, this just -means that the desktop environment is not available. As such, it is not -an error condition that should prevent the service from being installed -in the .wants target. - -Fix this by simply returning zero. - -(cherry picked from commit 6d0aef1dd15088e7379681b3bd93c3cb450f3c55) -(cherry picked from commit 19fbd7764da2e23a89e27b4d95afd77b99f4be87) - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/5d3466ec91b05853b815db509b901e6a6d5f4db4 ---- - src/xdg-autostart-generator/xdg-autostart-service.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/xdg-autostart-generator/xdg-autostart-service.c b/src/xdg-autostart-generator/xdg-autostart-service.c -index fe73bfe9db..16545beb50 100644 ---- a/src/xdg-autostart-generator/xdg-autostart-service.c -+++ b/src/xdg-autostart-generator/xdg-autostart-service.c -@@ -486,7 +486,7 @@ static int xdg_autostart_generate_desktop_condition( - log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r, - "%s not found: %m", test_binary); - fprintf(f, "# ExecCondition using %s skipped due to missing binary.\n", test_binary); -- return r; -+ return 0; - } - - e_autostart_condition = cescape(condition); --- -2.33.0 - diff --git a/bugfix-also-stop-machine-when-a-machine-un.patch b/bugfix-also-stop-machine-when-a-machine-un.patch deleted file mode 100644 index 39eebb2..0000000 --- a/bugfix-also-stop-machine-when-a-machine-un.patch +++ /dev/null @@ -1,145 +0,0 @@ -From 89110c823f246d3d2c398652999826107da446bf Mon Sep 17 00:00:00 2001 -From: yangbin -Date: Tue, 7 Apr 2020 12:01:39 +0800 -Subject: [PATCH] systemd-machined: Also stop machine when a machine unit is - active but the leader process is exited - -When a VM machine is created in a scenario as below, it will remain in systemd-machined even though it has already been terminated by libvirtd. -1. libvirtd sends a request to systemd-machined with the leader(the PID of the vm) to create a machine. -2. systemd-machined directs the request to systemd -3. systemd constructs a scope and creates cgroup for the machine. the scope unit is then added to job queue and will be started later. -4. the leader process(the PID of the vm) is terminated by libvirtd(due some reason) before the scope is started. -5. Since the scope unit is yet not started, systemd will not destroy the scope althrough it is noticed with the signal event. -6. systemd starts the scope, and now the scope and machine is in active but no leader process exist. -7. systemd-machined will not stop and destroy the machine, and remains in system until the scope is stopped by others or the OS is restarted. - -This patch fix this problem by ansering yes to stop machine in machine_check_gc -when the machine unit is active but the leader process has already exited. - -Change-Id: I80e3c32832f4ecf08b6cb149735978730ce1d1c0 ---- - src/machine/machine.c | 37 ++++++++++++++++++++++++++++++++++++- - src/machine/machined-dbus.c | 35 +++++++++++++++++++++++++++++++++++ - src/machine/machined.h | 1 + - 3 files changed, 72 insertions(+), 1 deletion(-) - -diff --git a/src/machine/machine.c b/src/machine/machine.c -index c0ed24b..b48aee6 100644 ---- a/src/machine/machine.c -+++ b/src/machine/machine.c -@@ -32,6 +32,7 @@ - #include "unit-name.h" - #include "user-util.h" - #include "util.h" -+#include "cgroup-util.h" - - Machine* machine_new(Manager *manager, MachineClass class, const char *name) { - Machine *m; -@@ -523,6 +524,40 @@ int machine_finalize(Machine *m) { - return 0; - } - -+static bool machine_validate_unit(Machine *m) { -+ int r; -+ _cleanup_free_ char *unit = NULL; -+ _cleanup_free_ char *cgroup = NULL; -+ -+ r = cg_pid_get_unit(m->leader, &unit); -+ if (!r && streq(m->unit, unit)) -+ return true; -+ -+ if (r == -ESRCH) { -+ /* the original leader may exit and be replaced with a new leader when qemu hotreplace is performed. -+ * so we don't return true here, otherwise the vm will be added to the gc list. -+ * */ -+ log_info("Machine unit is in active, but the leader process is exited. " -+ "machine: %s, leader: "PID_FMT", unit: %s.", m->name, m->leader, m->unit); -+ } else if (r) { -+ log_info_errno(r, "Can not get unit from cgroup. " -+ "machine: %s, leader: "PID_FMT", unit: %s, error: %m", m->name, m->leader, m->unit); -+ } else if (unit && !streq(m->unit, unit)) { -+ log_info("Machine unit name not match. " -+ "machine: %s, leader: "PID_FMT", machine unit: %s, real unit: %s", m->name, m->leader, m->unit, unit); -+ } -+ -+ r = manager_get_unit_cgroup_path(m->manager, m->unit, &cgroup); -+ if (!r && !isempty(cgroup) && cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, cgroup) > 0) { -+ log_info("Cgroup is empty in the machine unit. " -+ "machine: %s, leader: "PID_FMT", machine unit: %s.", m->name, m->leader, m->unit); -+ /*The vm will be added to gc list only when there is no any process in the scope*/ -+ return false; -+ } -+ -+ return true; -+} -+ - bool machine_may_gc(Machine *m, bool drop_not_started) { - assert(m); - -@@ -535,7 +570,7 @@ bool machine_may_gc(Machine *m, bool drop_not_started) { - if (m->scope_job && manager_job_is_active(m->manager, m->scope_job)) - return false; - -- if (m->unit && manager_unit_is_active(m->manager, m->unit)) -+ if (m->unit && manager_unit_is_active(m->manager, m->unit) && machine_validate_unit(m)) - return false; - - return true; -diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c -index 342b18a..dcc2253 100644 ---- a/src/machine/machined-dbus.c -+++ b/src/machine/machined-dbus.c -@@ -1614,3 +1614,38 @@ int manager_add_machine(Manager *m, const char *name, Machine **_machine) { - - return 0; - } -+ -+int manager_get_unit_cgroup_path(Manager *manager, const char *unit, char **cgroup) { -+ _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; -+ _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; -+ _cleanup_free_ char *path = NULL; -+ const char *cgroup_path = NULL; -+ int r; -+ -+ assert(manager); -+ assert(unit); -+ -+ path = unit_dbus_path_from_name(unit); -+ if (!path) -+ return -ENOMEM; -+ -+ r = sd_bus_get_property( -+ manager->bus, -+ "org.freedesktop.systemd1", -+ path, -+ endswith(unit, ".scope") ? "org.freedesktop.systemd1.Scope" : "org.freedesktop.systemd1.Service", -+ "ControlGroup", -+ &error, -+ &reply, -+ "s"); -+ if (r < 0) { -+ return r; -+ } -+ -+ r = sd_bus_message_read(reply, "s", &cgroup_path); -+ if (r < 0) -+ return -EINVAL; -+ *cgroup = strdup(cgroup_path); -+ -+ return 0; -+} -diff --git a/src/machine/machined.h b/src/machine/machined.h -index 280c32b..6b8d98b 100644 ---- a/src/machine/machined.h -+++ b/src/machine/machined.h -@@ -58,6 +58,7 @@ int manager_kill_unit(Manager *manager, const char *unit, int signo, sd_bus_erro - int manager_unref_unit(Manager *m, const char *unit, sd_bus_error *error); - int manager_unit_is_active(Manager *manager, const char *unit); - int manager_job_is_active(Manager *manager, const char *path); -+int manager_get_unit_cgroup_path(Manager *manager, const char *unit, char **cgroup); - - #if ENABLE_NSCD - int manager_enqueue_nscd_cache_flush(Manager *m); --- -2.23.0 - diff --git a/bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch b/bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch deleted file mode 100644 index f1c63b4..0000000 --- a/bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch +++ /dev/null @@ -1,40 +0,0 @@ -From c003873099e47dccf2e57816291bd6b7de4a5790 Mon Sep 17 00:00:00 2001 -From: jiangchuangang -Date: Wed, 13 Jul 2022 21:39:06 +0800 -Subject: [PATCH] bugfix for cpuset and Delegate - ---- - src/core/cgroup.c | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 0e4c94d..e887d49 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -1963,6 +1963,8 @@ static int unit_update_cgroup( - u->cgroup_enabled_mask = result_mask; - - migrate_mask = u->cgroup_realized_mask ^ target_mask; -+ if (u->type != UNIT_SLICE && FLAGS_SET(target_mask, CGROUP_MASK_CPUSET)) -+ migrate_mask |= CGROUP_MASK_CPUSET; - } - - /* Keep track that this is now realized */ -@@ -1977,9 +1979,11 @@ static int unit_update_cgroup( - * delegated units. - */ - if (cg_all_unified() == 0) { -- r = cg_migrate_v1_controllers(u->manager->cgroup_supported, migrate_mask, u->cgroup_path, migrate_callback, u); -- if (r < 0) -- log_unit_warning_errno(u, r, "Failed to migrate controller cgroups from %s, ignoring: %m", empty_to_root(u->cgroup_path)); -+ if (!unit_cgroup_delegate(u)) { -+ r = cg_migrate_v1_controllers(u->manager->cgroup_supported, migrate_mask, u->cgroup_path, migrate_callback, u); -+ if (r < 0) -+ log_unit_warning_errno(u, r, "Failed to migrate controller cgroups from %s, ignoring: %m", empty_to_root(u->cgroup_path)); -+ } - - is_root_slice = unit_has_name(u, SPECIAL_ROOT_SLICE); - r = cg_trim_v1_controllers(u->manager->cgroup_supported, ~target_mask, u->cgroup_path, !is_root_slice); --- -2.33.0 - diff --git a/change-NTP-server-to-x.pool.ntp.org.patch b/change-NTP-server-to-x.pool.ntp.org.patch deleted file mode 100644 index 33798fd..0000000 --- a/change-NTP-server-to-x.pool.ntp.org.patch +++ /dev/null @@ -1,25 +0,0 @@ -From bdf0536bace233a0da7e1ff094c8cb81ded18c38 Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Tue, 23 Feb 2021 15:07:17 +0800 -Subject: [PATCH] change NTP server to x.pool.ntp.org - ---- - meson_options.txt | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/meson_options.txt b/meson_options.txt -index 163c8df..ba7adf9 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -312,7 +312,7 @@ option('dns-servers', type : 'string', - value : '1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google') - option('ntp-servers', type : 'string', - description : 'space-separated list of default NTP servers', -- value : 'time1.google.com time2.google.com time3.google.com time4.google.com') -+ value : '0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org') - option('support-url', type : 'string', - description : 'the support URL to show in catalog entries included in systemd', - value : 'https://lists.freedesktop.org/mailman/listinfo/systemd-devel') --- -2.27.0 - diff --git a/check-whether-command_prev-is-null-before-assigning-.patch b/check-whether-command_prev-is-null-before-assigning-.patch deleted file mode 100644 index bdca1fe..0000000 --- a/check-whether-command_prev-is-null-before-assigning-.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 5fe226b4378a2466d906ae45b8544f1003e9885a Mon Sep 17 00:00:00 2001 -From: yefei25 -Date: Wed, 8 Apr 2020 23:10:58 -0400 -Subject: [PATCH 1/2] check whether command_prev is null before assigning value - ---- - src/core/service.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/core/service.c b/src/core/service.c -index 9a26271f72..3c255b3bcc 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -2569,12 +2569,16 @@ static unsigned service_exec_command_index(Unit *u, ServiceExecCommand id, ExecC - assert(s); - assert(id >= 0); - assert(id < _SERVICE_EXEC_COMMAND_MAX); -- -+ if (!current) -+ return 0; - first = s->exec_command[id]; - - /* Figure out where we are in the list by walking back to the beginning */ -- for (c = current; c != first; c = c->command_prev) -+ for (c = current; c != first; c = c->command_prev) { - idx++; -+ if (!c->command_prev) -+ return idx; -+ } - - return idx; - } --- -2.19.1 - diff --git a/core-add-OptionalLog-to-allow-users-change-log-level.patch b/core-add-OptionalLog-to-allow-users-change-log-level.patch deleted file mode 100644 index 4a88705..0000000 --- a/core-add-OptionalLog-to-allow-users-change-log-level.patch +++ /dev/null @@ -1,144 +0,0 @@ -From 637310cf1903f9072a391074a65855fc1c41ae2b Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Fri, 15 Apr 2022 09:28:15 +0800 -Subject: [PATCH] core: add OptionalLog to allow users change log level. -This adds log_optional* log_unit_optional* to log messages in LOG_INFO -or LOG_DEBUG. Set "OptionalLog=yes" to log in LOG_INFO. Defaults to no. - ---- - src/basic/log.h | 2 ++ - src/core/dbus-manager.c | 1 + - src/core/main.c | 4 ++++ - src/core/manager.h | 1 + - src/core/mount.c | 2 +- - src/core/system.conf.in | 1 + - src/core/unit.h | 2 ++ - 7 files changed, 12 insertions(+), 1 deletion(-) - -diff --git a/src/basic/log.h b/src/basic/log.h -index 625be22..6ff143f 100644 ---- a/src/basic/log.h -+++ b/src/basic/log.h -@@ -239,6 +239,7 @@ int log_emergency_level(void); - #define log_warning(...) log_full(LOG_WARNING, __VA_ARGS__) - #define log_error(...) log_full(LOG_ERR, __VA_ARGS__) - #define log_emergency(...) log_full(log_emergency_level(), __VA_ARGS__) -+#define log_optional(use_info, ...) log_full(((use_info) ? LOG_INFO : LOG_DEBUG), __VA_ARGS__) - - /* Logging triggered by an errno-like error */ - #define log_debug_errno(error, ...) log_full_errno(LOG_DEBUG, error, __VA_ARGS__) -@@ -235,6 +236,7 @@ int log_emergency_level(void); - #define log_warning_errno(error, ...) log_full_errno(LOG_WARNING, error, __VA_ARGS__) - #define log_error_errno(error, ...) log_full_errno(LOG_ERR, error, __VA_ARGS__) - #define log_emergency_errno(error, ...) log_full_errno(log_emergency_level(), error, __VA_ARGS__) -+#define log_optional_errno(error, use_info, ...) log_full_errno(((use_info) ? LOG_INFO : LOG_DEBUG), error, __VA_ARGS__) - - /* This logs at the specified level the first time it is called, and then - * logs at debug. If the specified level is debug, this logs only the first -diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c -index 184df9d..acf782d 100644 ---- a/src/core/dbus-manager.c -+++ b/src/core/dbus-manager.c -@@ -2656,6 +2656,7 @@ const sd_bus_vtable bus_manager_vtable[] = { - BUS_PROPERTY_DUAL_TIMESTAMP("InitRDUnitsLoadFinishTimestamp", offsetof(Manager, timestamps[MANAGER_TIMESTAMP_INITRD_UNITS_LOAD_FINISH]), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_WRITABLE_PROPERTY("LogLevel", "s", bus_property_get_log_level, property_set_log_level, 0, 0), - SD_BUS_WRITABLE_PROPERTY("LogTarget", "s", bus_property_get_log_target, property_set_log_target, 0, 0), -+ SD_BUS_PROPERTY("OptionalLog", "b", bus_property_get_bool, offsetof(Manager, optional_log), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("NNames", "u", property_get_hashmap_size, offsetof(Manager, units), 0), - SD_BUS_PROPERTY("NFailedUnits", "u", property_get_set_size, offsetof(Manager, failed_units), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), - SD_BUS_PROPERTY("NJobs", "u", property_get_hashmap_size, offsetof(Manager, jobs), 0), -diff --git a/src/core/main.c b/src/core/main.c -index 2a6b9b8..15a3cb9 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -110,6 +110,7 @@ static const char *arg_bus_introspect = NULL; - * defaults are assigned in reset_arguments() below. */ - static char *arg_default_unit; - static bool arg_system; -+static bool arg_optional_log; - static bool arg_dump_core; - static int arg_crash_chvt; - static bool arg_crash_shell; -@@ -641,6 +642,7 @@ static int parse_config_file(void) { - { "Manager", "LogColor", config_parse_color, 0, NULL }, - { "Manager", "LogLocation", config_parse_location, 0, NULL }, - { "Manager", "LogTime", config_parse_time, 0, NULL }, -+ { "Manager", "OptionalLog", config_parse_bool, 0, &arg_optional_log }, - { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core }, - { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, &arg_crash_chvt }, - { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt }, -@@ -748,6 +750,7 @@ static void set_manager_defaults(Manager *m) { - * affect the manager itself, but are just what newly allocated units will have set if they haven't set - * anything else. (Also see set_manager_settings() for the settings that affect the manager's own behaviour) */ - -+ m->optional_log = arg_optional_log; - m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec; - m->default_std_output = arg_default_std_output; - m->default_std_error = arg_default_std_error; -@@ -2327,6 +2330,7 @@ static void reset_arguments(void) { - - /* arg_system — ignore */ - -+ arg_optional_log = false; - arg_dump_core = true; - arg_crash_chvt = -1; - arg_crash_shell = false; -diff --git a/src/core/manager.h b/src/core/manager.h -index c20abd5..543f30c 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -378,6 +378,7 @@ struct Manager { - LogTarget original_log_target; - bool log_level_overridden; - bool log_target_overridden; -+ bool optional_log; - - struct rlimit *rlimit[_RLIMIT_MAX]; - -diff --git a/src/core/mount.c b/src/core/mount.c -index 9d676c2..dba8566 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -674,7 +674,7 @@ static void mount_set_state(Mount *m, MountState state) { - } - - if (state != old_state) -- log_unit_debug(UNIT(m), "Changed %s -> %s", mount_state_to_string(old_state), mount_state_to_string(state)); -+ log_unit_optional(UNIT(m), UNIT(m)->manager->optional_log, "Changed %s -> %s", mount_state_to_string(old_state), mount_state_to_string(state)); - - unit_notify(UNIT(m), state_translation_table[old_state], state_translation_table[state], - m->reload_result == MOUNT_SUCCESS ? 0 : UNIT_NOTIFY_RELOAD_FAILURE); -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index d6cc751..f521f3e 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -20,6 +20,7 @@ - #LogColor=yes - #LogLocation=no - #LogTime=no -+#OptionalLog=no - #DumpCore=yes - #ShowStatus=yes - #CrashChangeVT=no -diff --git a/src/core/unit.h b/src/core/unit.h -index 759104f..02f4cb2 100644 ---- a/src/core/unit.h -+++ b/src/core/unit.h -@@ -990,12 +990,14 @@ int unit_thaw_vtable_common(Unit *u); - #define log_unit_notice(unit, ...) log_unit_full(unit, LOG_NOTICE, __VA_ARGS__) - #define log_unit_warning(unit, ...) log_unit_full(unit, LOG_WARNING, __VA_ARGS__) - #define log_unit_error(unit, ...) log_unit_full(unit, LOG_ERR, __VA_ARGS__) -+#define log_unit_optional(unit, use_info, ...) log_unit_full(unit, ((use_info) ? LOG_INFO : LOG_DEBUG), __VA_ARGS__) - - #define log_unit_debug_errno(unit, error, ...) log_unit_full_errno(unit, LOG_DEBUG, error, __VA_ARGS__) - #define log_unit_info_errno(unit, error, ...) log_unit_full_errno(unit, LOG_INFO, error, __VA_ARGS__) - #define log_unit_notice_errno(unit, error, ...) log_unit_full_errno(unit, LOG_NOTICE, error, __VA_ARGS__) - #define log_unit_warning_errno(unit, error, ...) log_unit_full_errno(unit, LOG_WARNING, error, __VA_ARGS__) - #define log_unit_error_errno(unit, error, ...) log_unit_full_errno(unit, LOG_ERR, error, __VA_ARGS__) -+#define log_unit_optional_errno(unit, use_info, error, ...) log_unit_full_errno(unit, ((use_info) ? LOG_INFO : LOG_DEBUG), error, __VA_ARGS__) - - #define log_unit_struct_errno(unit, level, error, ...) \ - ({ \ --- -2.23.0 - diff --git a/core-add-invalidate-cgroup-config.patch b/core-add-invalidate-cgroup-config.patch deleted file mode 100644 index 3b122fa..0000000 --- a/core-add-invalidate-cgroup-config.patch +++ /dev/null @@ -1,117 +0,0 @@ -From d56b3978bbcd28246b3e3ce3f8c958ac95785dd7 Mon Sep 17 00:00:00 2001 -From: fangxiuning -Date: Wed, 22 Apr 2020 11:55:18 +0800 -Subject: - After systemd 239 version, a new feature is added to cgroups. -The processes started by users default to the cgroup group belonging -to user.slice, and the processes started by the system default to -system.slice. This is the direction of github systemd evolution. -However, there are still a large number of operations downstream -that systemd does not perceive to modify the cgroup group, -such as directly echo the process number to system.slice. - -For example: -1. sleep 1000 & -2. echo sleep pid > /sys/fs/cgroup/memory/system.slice/task -3. systemctl daemon-reload -4. cat /proc/sleep pid/cgroup -this kind of operation, systemd is not aware of it. -When systemctl disable service or systemctl daemon-reload operation -is executed, systemd will re-attach each process to its original -Under the group(user.slice). - ---- - src/core/main.c | 4 ++++ - src/core/manager.c | 1 + - src/core/manager.h | 1 + - src/core/system.conf.in | 1 + - src/core/unit-serialize.c | 2 +- - 5 files changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/core/main.c b/src/core/main.c -index 09075ef..a39d7d3 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -154,6 +154,7 @@ static bool arg_default_cpuset_accounting; - static bool arg_default_freezer_accounting; - static bool arg_default_tasks_accounting; - static TasksMax arg_default_tasks_max; -+static bool arg_default_invalidate_cgroup; - static sd_id128_t arg_machine_id; - static EmergencyAction arg_cad_burst_action; - static OOMPolicy arg_default_oom_policy; -@@ -704,6 +705,7 @@ static int parse_config_file(void) { - { "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_default_freezer_accounting }, - { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting }, - { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, -+ { "Manager", "DefaultInvalidateCgroup", config_parse_bool, 0, &arg_default_invalidate_cgroup }, - { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action }, - { "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_default_oom_policy }, - { "Manager", "DefaultUnitSlice", config_parse_string, 0, &arg_default_unit_slice }, -@@ -780,6 +782,7 @@ static void set_manager_defaults(Manager *m) { - m->default_freezer_accounting = arg_default_freezer_accounting; - m->default_tasks_accounting = arg_default_tasks_accounting; - m->default_tasks_max = arg_default_tasks_max; -+ m->default_invalidate_cgroup = arg_default_invalidate_cgroup; - m->default_oom_policy = arg_default_oom_policy; - - (void) manager_set_default_rlimits(m, arg_default_rlimit); -@@ -2401,6 +2404,7 @@ static void reset_arguments(void) { - arg_default_freezer_accounting = false; - arg_default_tasks_accounting = true; - arg_default_tasks_max = DEFAULT_TASKS_MAX; -+ arg_default_invalidate_cgroup = true; - arg_machine_id = (sd_id128_t) {}; - arg_cad_burst_action = EMERGENCY_ACTION_REBOOT_FORCE; - arg_default_oom_policy = OOM_STOP; -diff --git a/src/core/manager.c b/src/core/manager.c -index 29ef96b..740bad5 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -780,6 +780,7 @@ int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager - .default_cpuset_accounting = false, - .default_tasks_accounting = true, - .default_tasks_max = TASKS_MAX_UNSET, -+ .default_invalidate_cgroup = true, - .default_timeout_start_usec = DEFAULT_TIMEOUT_USEC, - .default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC, - .default_restart_usec = DEFAULT_RESTART_USEC, -diff --git a/src/core/manager.h b/src/core/manager.h -index 9a38737..485bab1 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -371,6 +371,7 @@ struct Manager { - - TasksMax default_tasks_max; - usec_t default_timer_accuracy_usec; -+ bool default_invalidate_cgroup; - - OOMPolicy default_oom_policy; - -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index f521f3e..c1fd308 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -74,5 +74,6 @@ DefaultLimitMEMLOCK=64M - #DefaultLimitNICE= - #DefaultLimitRTPRIO= - #DefaultLimitRTTIME= -+#DefaultInvalidateCgroup=yes - #DefaultOOMPolicy=stop - DefaultDFXReboot=yes -diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c -index 689a536..f3b3e70 100644 ---- a/src/core/unit-serialize.c -+++ b/src/core/unit-serialize.c -@@ -526,7 +526,7 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { - /* Let's make sure that everything that is deserialized also gets any potential new cgroup settings - * applied after we are done. For that we invalidate anything already realized, so that we can - * realize it again. */ -- if (u->cgroup_realized) { -+ if (u->cgroup_realized && u->manager->default_invalidate_cgroup) { - unit_invalidate_cgroup(u, _CGROUP_MASK_ALL); - unit_invalidate_cgroup_bpf(u); - } --- -2.27.0 - diff --git a/core-cgroup-support-cpuset.patch b/core-cgroup-support-cpuset.patch deleted file mode 100644 index 7902994..0000000 --- a/core-cgroup-support-cpuset.patch +++ /dev/null @@ -1,872 +0,0 @@ -From 2ea8175b3d8ec118fa0f42392485ce0f4308456a Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Thu, 6 May 2021 09:38:54 +0800 -Subject: [PATCH] core-cgroup: support cpuset - -This patch add support for cpuset subsystem. ---- - src/basic/cgroup-util.c | 3 +- - src/basic/cgroup-util.h | 10 ++- - src/basic/string-util.c | 42 +++++++++ - src/basic/string-util.h | 2 + - src/core/cgroup.c | 86 ++++++++++++++++--- - src/core/cgroup.h | 10 ++- - src/core/dbus-cgroup.c | 52 +++++++++-- - src/core/dbus-manager.c | 1 + - src/core/load-fragment-gperf.gperf.in | 5 ++ - src/core/load-fragment.c | 73 +++++++++++++++- - src/core/load-fragment.h | 1 + - src/core/main.c | 4 + - src/core/manager.c | 1 + - src/core/manager.h | 1 + - src/core/system.conf.in | 1 + - src/core/unit.c | 1 + - src/shared/bus-unit-util.c | 15 +++- - src/shared/cpu-set-util.c | 1 + - src/test/test-cgroup-mask.c | 5 +- - .../fuzz-unit-file/directives-all.service | 5 ++ - test/fuzz/fuzz-unit-file/directives.mount | 5 ++ - test/fuzz/fuzz-unit-file/directives.scope | 5 ++ - test/fuzz/fuzz-unit-file/directives.service | 5 ++ - test/fuzz/fuzz-unit-file/directives.slice | 5 ++ - test/fuzz/fuzz-unit-file/directives.socket | 5 ++ - test/fuzz/fuzz-unit-file/directives.swap | 5 ++ - 26 files changed, 319 insertions(+), 30 deletions(-) - -diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c -index 1ff6160..01a4181 100644 ---- a/src/basic/cgroup-util.c -+++ b/src/basic/cgroup-util.c -@@ -2155,12 +2155,13 @@ bool fd_is_cgroup_fs(int fd) { - static const char *const cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = { - [CGROUP_CONTROLLER_CPU] = "cpu", - [CGROUP_CONTROLLER_CPUACCT] = "cpuacct", -- [CGROUP_CONTROLLER_CPUSET] = "cpuset", -+ [CGROUP_CONTROLLER_CPUSET2] = "cpuset2", - [CGROUP_CONTROLLER_IO] = "io", - [CGROUP_CONTROLLER_BLKIO] = "blkio", - [CGROUP_CONTROLLER_MEMORY] = "memory", - [CGROUP_CONTROLLER_DEVICES] = "devices", - [CGROUP_CONTROLLER_PIDS] = "pids", -+ [CGROUP_CONTROLLER_CPUSET] = "cpuset", - [CGROUP_CONTROLLER_BPF_FIREWALL] = "bpf-firewall", - [CGROUP_CONTROLLER_BPF_DEVICES] = "bpf-devices", - [CGROUP_CONTROLLER_BPF_FOREIGN] = "bpf-foreign", -diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h -index ce2f4c6..06a23ff 100644 ---- a/src/basic/cgroup-util.h -+++ b/src/basic/cgroup-util.h -@@ -20,12 +20,13 @@ typedef enum CGroupController { - /* Original cgroup controllers */ - CGROUP_CONTROLLER_CPU, - CGROUP_CONTROLLER_CPUACCT, /* v1 only */ -- CGROUP_CONTROLLER_CPUSET, /* v2 only */ -+ CGROUP_CONTROLLER_CPUSET2, /* v2 only */ - CGROUP_CONTROLLER_IO, /* v2 only */ - CGROUP_CONTROLLER_BLKIO, /* v1 only */ - CGROUP_CONTROLLER_MEMORY, - CGROUP_CONTROLLER_DEVICES, /* v1 only */ - CGROUP_CONTROLLER_PIDS, -+ CGROUP_CONTROLLER_CPUSET, - - /* BPF-based pseudo-controllers, v2 only */ - CGROUP_CONTROLLER_BPF_FIREWALL, -@@ -43,22 +44,23 @@ typedef enum CGroupController { - typedef enum CGroupMask { - CGROUP_MASK_CPU = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPU), - CGROUP_MASK_CPUACCT = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUACCT), -- CGROUP_MASK_CPUSET = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET), -+ CGROUP_MASK_CPUSET2 = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET2), - CGROUP_MASK_IO = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_IO), - CGROUP_MASK_BLKIO = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BLKIO), - CGROUP_MASK_MEMORY = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_MEMORY), - CGROUP_MASK_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_DEVICES), - CGROUP_MASK_PIDS = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_PIDS), -+ CGROUP_MASK_CPUSET = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET), - CGROUP_MASK_BPF_FIREWALL = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FIREWALL), - CGROUP_MASK_BPF_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_DEVICES), - CGROUP_MASK_BPF_FOREIGN = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FOREIGN), - CGROUP_MASK_BPF_SOCKET_BIND = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_SOCKET_BIND), - - /* All real cgroup v1 controllers */ -- CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS, -+ CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_CPUSET|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS, - - /* All real cgroup v2 controllers */ -- CGROUP_MASK_V2 = CGROUP_MASK_CPU|CGROUP_MASK_CPUSET|CGROUP_MASK_IO|CGROUP_MASK_MEMORY|CGROUP_MASK_PIDS, -+ CGROUP_MASK_V2 = CGROUP_MASK_CPU|CGROUP_MASK_CPUSET2|CGROUP_MASK_IO|CGROUP_MASK_MEMORY|CGROUP_MASK_PIDS, - - /* All cgroup v2 BPF pseudo-controllers */ - CGROUP_MASK_BPF = CGROUP_MASK_BPF_FIREWALL|CGROUP_MASK_BPF_DEVICES|CGROUP_MASK_BPF_FOREIGN|CGROUP_MASK_BPF_SOCKET_BIND, -diff --git a/src/basic/string-util.c b/src/basic/string-util.c -index a645958..45f358b 100644 ---- a/src/basic/string-util.c -+++ b/src/basic/string-util.c -@@ -1146,3 +1146,45 @@ int string_contains_word_strv(const char *string, const char *separators, char * - *ret_word = found; - return !!found; - } -+ -+int string_isvalid_interval(const char *instr) -+{ -+ const char *pstr = instr; /* tmp */ -+ const char *pstr_front = instr; /* front char */ -+ const char *pstr_behind = instr; /* behind char */ -+ -+ if (isempty(instr)) -+ { -+ return 1; -+ } -+ -+ while (*pstr != '\0') -+ { -+ /* behind */ -+ pstr_behind = pstr + 1; -+ -+ /* 0-3,4,6,7-10 */ -+ if (((*pstr < '0') || (*pstr > '9')) && -+ (*pstr != '-') && -+ (*pstr != ',')) -+ { -+ return 2; -+ } -+ -+ /* - , must is a num */ -+ if (('-' == *pstr) || (',' == *pstr)) -+ { -+ if ((*pstr_front < '0') || (*pstr_front > '9') || -+ (*pstr_behind < '0') || (*pstr_behind > '9')) -+ { -+ return 3; -+ } -+ } -+ -+ /* front */ -+ pstr_front = pstr; -+ pstr++; -+ } -+ -+ return 0; -+} -diff --git a/src/basic/string-util.h b/src/basic/string-util.h -index 9155e50..338dcd5 100644 ---- a/src/basic/string-util.h -+++ b/src/basic/string-util.h -@@ -242,3 +242,5 @@ int string_contains_word_strv(const char *string, const char *separators, char * - static inline int string_contains_word(const char *string, const char *separators, const char *word) { - return string_contains_word_strv(string, separators, STRV_MAKE(word), NULL); - } -+ -+int string_isvalid_interval(const char *instr); -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index de1d5f4..2c2d1b0 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -246,8 +246,14 @@ void cgroup_context_done(CGroupContext *c) { - while (c->bpf_foreign_programs) - cgroup_context_remove_bpf_foreign_program(c, c->bpf_foreign_programs); - -- cpu_set_reset(&c->cpuset_cpus); -- cpu_set_reset(&c->cpuset_mems); -+ if (c->cpuset_cpus) -+ c->cpuset_cpus = mfree(c->cpuset_cpus); -+ -+ if (c->cpuset_mems) -+ c->cpuset_mems = mfree(c->cpuset_mems); -+ -+ cpu_set_reset(&c->cpuset_cpus2); -+ cpu_set_reset(&c->cpuset_mems2); - } - - static int unit_get_kernel_memory_limit(Unit *u, const char *file, uint64_t *ret) { -@@ -382,7 +388,7 @@ static char *format_cgroup_memory_limit_comparison(char *buf, size_t l, Unit *u, - } - - void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { -- _cleanup_free_ char *disable_controllers_str = NULL, *cpuset_cpus = NULL, *cpuset_mems = NULL; -+ _cleanup_free_ char *disable_controllers_str = NULL, *cpuset_cpus2 = NULL, *cpuset_mems2 = NULL; - CGroupIODeviceLimit *il; - CGroupIODeviceWeight *iw; - CGroupIODeviceLatency *l; -@@ -412,14 +418,15 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - - (void) cg_mask_to_string(c->disable_controllers, &disable_controllers_str); - -- cpuset_cpus = cpu_set_to_range_string(&c->cpuset_cpus); -- cpuset_mems = cpu_set_to_range_string(&c->cpuset_mems); -+ cpuset_cpus2 = cpu_set_to_range_string(&c->cpuset_cpus2); -+ cpuset_mems2 = cpu_set_to_range_string(&c->cpuset_mems2); - - fprintf(f, - "%sCPUAccounting: %s\n" - "%sIOAccounting: %s\n" - "%sBlockIOAccounting: %s\n" - "%sMemoryAccounting: %s\n" -+ "%sCPUSetAccounting: %s\n" - "%sTasksAccounting: %s\n" - "%sIPAccounting: %s\n" - "%sCPUWeight: %" PRIu64 "\n" -@@ -442,6 +449,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - "%sMemoryMax: %" PRIu64 "%s\n" - "%sMemorySwapMax: %" PRIu64 "%s\n" - "%sMemoryLimit: %" PRIu64 "\n" -+ "%sCPUSetCpus=%s\n" -+ "%sCPUSetMems=%s\n" -+ "%sCPUSetCloneChildren=%s\n" -+ "%sCPUSetMemMigrate=%s\n" - "%sTasksMax: %" PRIu64 "\n" - "%sDevicePolicy: %s\n" - "%sDisableControllers: %s\n" -@@ -454,6 +465,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - prefix, yes_no(c->io_accounting), - prefix, yes_no(c->blockio_accounting), - prefix, yes_no(c->memory_accounting), -+ prefix, yes_no(c->cpuset_accounting), - prefix, yes_no(c->tasks_accounting), - prefix, yes_no(c->ip_accounting), - prefix, c->cpu_weight, -@@ -462,8 +474,8 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - prefix, c->startup_cpu_shares, - prefix, format_timespan(q, sizeof(q), c->cpu_quota_per_sec_usec, 1), - prefix, format_timespan(v, sizeof(v), c->cpu_quota_period_usec, 1), -- prefix, strempty(cpuset_cpus), -- prefix, strempty(cpuset_mems), -+ prefix, strempty(cpuset_cpus2), -+ prefix, strempty(cpuset_mems2), - prefix, c->io_weight, - prefix, c->startup_io_weight, - prefix, c->blockio_weight, -@@ -476,6 +488,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - prefix, c->memory_max, format_cgroup_memory_limit_comparison(cdd, sizeof(cdd), u, "MemoryMax"), - prefix, c->memory_swap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemorySwapMax"), - prefix, c->memory_limit, -+ prefix, c->cpuset_cpus, -+ prefix, c->cpuset_mems, -+ prefix, yes_no(c->cpuset_clone_children), -+ prefix, yes_no(c->cpuset_memory_migrate), - prefix, tasks_max_resolve(&c->tasks_max), - prefix, cgroup_device_policy_to_string(c->device_policy), - prefix, strempty(disable_controllers_str), -@@ -1277,9 +1293,9 @@ static void cgroup_context_apply( - } - } - -- if ((apply_mask & CGROUP_MASK_CPUSET) && !is_local_root) { -- cgroup_apply_unified_cpuset(u, &c->cpuset_cpus, "cpuset.cpus"); -- cgroup_apply_unified_cpuset(u, &c->cpuset_mems, "cpuset.mems"); -+ if ((apply_mask & CGROUP_MASK_CPUSET2) && !is_local_root) { -+ cgroup_apply_unified_cpuset(u, &c->cpuset_cpus2, "cpuset.cpus"); -+ cgroup_apply_unified_cpuset(u, &c->cpuset_mems2, "cpuset.mems"); - } - - /* The 'io' controller attributes are not exported on the host's root cgroup (being a pure cgroup v2 -@@ -1477,6 +1493,45 @@ static void cgroup_context_apply( - } - } - -+ if ((apply_mask & CGROUP_MASK_CPUSET) && !is_local_root) { -+ (void) set_attribute_and_warn(u, "cpuset", "cgroup.clone_children", one_zero(c->cpuset_clone_children)); -+ (void) set_attribute_and_warn(u, "cpuset", "cpuset.memory_migrate", one_zero(c->cpuset_memory_migrate)); -+ if (c->cpuset_cpus) { -+ if (streq(c->cpuset_cpus, "all")) { -+ _cleanup_free_ char *str_cpuset_cpus = NULL; -+ _cleanup_free_ char *cg_root_path_cpus = NULL; -+ r = cg_get_root_path(&cg_root_path_cpus); -+ if (r < 0) -+ log_info_errno(r, "Failed to determine root cgroup, ignoring cgroup cpuset cpus: %m"); -+ if (cg_root_path_cpus) { -+ r = cg_get_attribute("cpuset", cg_root_path_cpus, "cpuset.cpus", &str_cpuset_cpus); -+ if (r < 0) -+ log_error("cgroup context apply: cg get attribute is error(%d), path=%s.", r, cg_root_path_cpus); -+ if (str_cpuset_cpus) -+ (void) set_attribute_and_warn(u, "cpuset", "cpuset.cpus", str_cpuset_cpus); -+ } -+ } else -+ (void) set_attribute_and_warn(u, "cpuset", "cpuset.cpus", c->cpuset_cpus); -+ } -+ if (c->cpuset_mems) { -+ if (streq(c->cpuset_mems, "all")) { -+ _cleanup_free_ char *str_cpuset_mems = NULL; -+ _cleanup_free_ char *cg_root_path_mems = NULL; -+ r = cg_get_root_path(&cg_root_path_mems); -+ if (r < 0) -+ log_info_errno(r, "Failed to determine root cgroup, ignoring cgroup cpuset mems: %m"); -+ if (cg_root_path_mems) { -+ r = cg_get_attribute("cpuset", cg_root_path_mems, "cpuset.mems", &str_cpuset_mems); -+ if (r < 0) -+ log_error("cgroup context apply: cg get attribute is error(%d), path=%s.", r, cg_root_path_mems); -+ if (str_cpuset_mems) -+ (void) set_attribute_and_warn(u, "cpuset", "cpuset.mems", str_cpuset_mems); -+ } -+ } else -+ (void) set_attribute_and_warn(u, "cpuset", "cpuset.mems", c->cpuset_mems); -+ } -+ } -+ - /* On cgroup v2 we can apply BPF everywhere. On cgroup v1 we apply it everywhere except for the root of - * containers, where we leave this to the manager */ - if ((apply_mask & (CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES)) && -@@ -1603,8 +1658,8 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { - c->cpu_quota_per_sec_usec != USEC_INFINITY) - mask |= CGROUP_MASK_CPU; - -- if (c->cpuset_cpus.set || c->cpuset_mems.set) -- mask |= CGROUP_MASK_CPUSET; -+ if (c->cpuset_cpus2.set || c->cpuset_mems2.set) -+ mask |= CGROUP_MASK_CPUSET2; - - if (cgroup_context_has_io_config(c) || cgroup_context_has_blockio_config(c)) - mask |= CGROUP_MASK_IO | CGROUP_MASK_BLKIO; -@@ -1614,6 +1669,11 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { - unit_has_unified_memory_config(u)) - mask |= CGROUP_MASK_MEMORY; - -+ if (c->cpuset_accounting || -+ c->cpuset_cpus || -+ c->cpuset_mems) -+ mask |= CGROUP_MASK_CPUSET; -+ - if (c->device_allow || - c->device_policy != CGROUP_DEVICE_POLICY_AUTO) - mask |= CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES; -@@ -3984,7 +4044,7 @@ int unit_get_cpuset(Unit *u, CPUSet *cpus, const char *name) { - if (!u->cgroup_path) - return -ENODATA; - -- if ((u->cgroup_realized_mask & CGROUP_MASK_CPUSET) == 0) -+ if ((u->cgroup_realized_mask & CGROUP_MASK_CPUSET2) == 0) - return -ENODATA; - - r = cg_all_unified(); -diff --git a/src/core/cgroup.h b/src/core/cgroup.h -index ea92936..a8a4726 100644 ---- a/src/core/cgroup.h -+++ b/src/core/cgroup.h -@@ -115,6 +115,7 @@ struct CGroupContext { - bool io_accounting; - bool blockio_accounting; - bool memory_accounting; -+ bool cpuset_accounting; - bool tasks_accounting; - bool ip_accounting; - -@@ -131,8 +132,8 @@ struct CGroupContext { - usec_t cpu_quota_per_sec_usec; - usec_t cpu_quota_period_usec; - -- CPUSet cpuset_cpus; -- CPUSet cpuset_mems; -+ CPUSet cpuset_cpus2; -+ CPUSet cpuset_mems2; - - uint64_t io_weight; - uint64_t startup_io_weight; -@@ -148,6 +149,11 @@ struct CGroupContext { - uint64_t memory_max; - uint64_t memory_swap_max; - -+ char *cpuset_cpus; -+ char *cpuset_mems; -+ bool cpuset_clone_children; -+ bool cpuset_memory_migrate; -+ - bool default_memory_min_set; - bool default_memory_low_set; - bool memory_min_set; -diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c -index 84c3caf..0cdc98c 100644 ---- a/src/core/dbus-cgroup.c -+++ b/src/core/dbus-cgroup.c -@@ -414,8 +414,8 @@ const sd_bus_vtable bus_cgroup_vtable[] = { - SD_BUS_PROPERTY("StartupCPUShares", "t", NULL, offsetof(CGroupContext, startup_cpu_shares), 0), - SD_BUS_PROPERTY("CPUQuotaPerSecUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_per_sec_usec), 0), - SD_BUS_PROPERTY("CPUQuotaPeriodUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_period_usec), 0), -- SD_BUS_PROPERTY("AllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_cpus), 0), -- SD_BUS_PROPERTY("AllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_mems), 0), -+ SD_BUS_PROPERTY("AllowedCPUs", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_cpus2), 0), -+ SD_BUS_PROPERTY("AllowedMemoryNodes", "ay", property_get_cpuset, offsetof(CGroupContext, cpuset_mems2), 0), - SD_BUS_PROPERTY("IOAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, io_accounting), 0), - SD_BUS_PROPERTY("IOWeight", "t", NULL, offsetof(CGroupContext, io_weight), 0), - SD_BUS_PROPERTY("StartupIOWeight", "t", NULL, offsetof(CGroupContext, startup_io_weight), 0), -@@ -440,6 +440,11 @@ const sd_bus_vtable bus_cgroup_vtable[] = { - SD_BUS_PROPERTY("MemoryMax", "t", NULL, offsetof(CGroupContext, memory_max), 0), - SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0), - SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), -+ SD_BUS_PROPERTY("CPUSetAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_accounting), 0), -+ SD_BUS_PROPERTY("CPUSetCpus", "s", NULL, offsetof(CGroupContext, cpuset_cpus), 0), -+ SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems), 0), -+ SD_BUS_PROPERTY("CPUSetCloneChildren", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_clone_children), 0), -+ SD_BUS_PROPERTY("CPUSetMemMigrate", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_memory_migrate), 0), - SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), - SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), - SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0), -@@ -1065,6 +1070,43 @@ int bus_cgroup_set_property( - if (streq(name, "MemoryLimitScale")) - return bus_cgroup_set_memory_scale(u, name, &c->memory_limit, message, flags, error); - -+ if (streq(name, "CPUSetAccounting")) -+ return bus_cgroup_set_boolean(u, name, &c->cpuset_accounting, CGROUP_MASK_CPUSET, message, flags, error); -+ -+ if (STR_IN_SET(name, "CPUSetCpus", "CPUSetMems")) { -+ const char *cpuset_str = NULL; -+ -+ r = sd_bus_message_read(message, "s", &cpuset_str); -+ if (r < 0) -+ return r; -+ -+ if (!UNIT_WRITE_FLAGS_NOOP(flags)) { -+ unit_invalidate_cgroup(u, CGROUP_MASK_CPUSET); -+ if (streq(name, "CPUSetCpus")) { -+ if (c->cpuset_cpus) -+ c->cpuset_cpus = mfree(c->cpuset_cpus); -+ c->cpuset_cpus = strdup(cpuset_str); -+ if (!c->cpuset_cpus) -+ return -ENOMEM; -+ unit_write_settingf(u, flags, name, "CPUSetCpus=%s", cpuset_str); -+ } else { -+ if (c->cpuset_mems) -+ c->cpuset_mems = mfree(c->cpuset_mems); -+ c->cpuset_mems = strdup(cpuset_str); -+ if (!c->cpuset_mems) -+ return -ENOMEM; -+ unit_write_settingf(u, flags, name, "CPUSetMems=%s", cpuset_str); -+ } -+ } -+ return 1; -+ } -+ -+ if (streq(name, "CPUSetCloneChildren")) -+ return bus_cgroup_set_boolean(u, name, &c->cpuset_clone_children, CGROUP_MASK_CPUSET, message, flags, error); -+ -+ if (streq(name, "CPUSetMemMigrate")) -+ return bus_cgroup_set_boolean(u, name, &c->cpuset_memory_migrate, CGROUP_MASK_CPUSET, message, flags, error); -+ - if (streq(name, "TasksAccounting")) - return bus_cgroup_set_boolean(u, name, &c->tasks_accounting, CGROUP_MASK_PIDS, message, flags, error); - -@@ -1146,15 +1188,15 @@ int bus_cgroup_set_property( - return -ENOMEM; - - if (streq(name, "AllowedCPUs")) -- set = &c->cpuset_cpus; -+ set = &c->cpuset_cpus2; - else -- set = &c->cpuset_mems; -+ set = &c->cpuset_mems2; - - cpu_set_reset(set); - *set = new_set; - new_set = (CPUSet) {}; - -- unit_invalidate_cgroup(u, CGROUP_MASK_CPUSET); -+ unit_invalidate_cgroup(u, CGROUP_MASK_CPUSET2); - unit_write_settingf(u, flags, name, "%s=%s", name, setstr); - } - -diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c -index de057a0..82896af 100644 ---- a/src/core/dbus-manager.c -+++ b/src/core/dbus-manager.c -@@ -2690,6 +2690,7 @@ const sd_bus_vtable bus_manager_vtable[] = { - SD_BUS_PROPERTY("DefaultCPUAccounting", "b", bus_property_get_bool, offsetof(Manager, default_cpu_accounting), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("DefaultBlockIOAccounting", "b", bus_property_get_bool, offsetof(Manager, default_blockio_accounting), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, default_memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST), -+ SD_BUS_PROPERTY("DefaultCpusetAccounting", "b", bus_property_get_bool, offsetof(Manager, default_cpuset_accounting), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("DefaultTasksAccounting", "b", bus_property_get_bool, offsetof(Manager, default_tasks_accounting), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("DefaultLimitCPU", "t", bus_property_get_rlimit, offsetof(Manager, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("DefaultLimitCPUSoft", "t", bus_property_get_rlimit, offsetof(Manager, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), -diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in -index 42441ea..60c9dbc 100644 ---- a/src/core/load-fragment-gperf.gperf.in -+++ b/src/core/load-fragment-gperf.gperf.in -@@ -197,6 +197,11 @@ - {{type}}.MemoryMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) - {{type}}.MemorySwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) - {{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) -+{{type}}.CPUSetAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_accounting) -+{{type}}.CPUSetCpus, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_cpus) -+{{type}}.CPUSetMems, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_mems) -+{{type}}.CPUSetCloneChildren, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_clone_children) -+{{type}}.CPUSetMemMigrate, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_memory_migrate) - {{type}}.DeviceAllow, config_parse_device_allow, 0, offsetof({{type}}, cgroup_context) - {{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy) - {{type}}.IOAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.io_accounting) -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 399a759..ad80a64 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -3632,7 +3632,7 @@ int config_parse_allowed_cpus( - - CGroupContext *c = data; - -- (void) parse_cpu_set_extend(rvalue, &c->cpuset_cpus, true, unit, filename, line, lvalue); -+ (void) parse_cpu_set_extend(rvalue, &c->cpuset_cpus2, true, unit, filename, line, lvalue); - - return 0; - } -@@ -3651,7 +3651,7 @@ int config_parse_allowed_mems( - - CGroupContext *c = data; - -- (void) parse_cpu_set_extend(rvalue, &c->cpuset_mems, true, unit, filename, line, lvalue); -+ (void) parse_cpu_set_extend(rvalue, &c->cpuset_mems2, true, unit, filename, line, lvalue); - - return 0; - } -@@ -3722,6 +3722,75 @@ int config_parse_memory_limit( - return 0; - } - -+int config_parse_cpuset_cpumems( -+ const char *unit, -+ const char *filename, -+ unsigned line, -+ const char *section, -+ unsigned section_line, -+ const char *lvalue, -+ int ltype, -+ const char *rvalue, -+ void *data, -+ void *userdata) -+{ -+ char **pcpumems = data; -+ char *pinstr = NULL; -+ int iret = 0; -+ -+ assert(filename); -+ assert(lvalue); -+ assert(rvalue); -+ assert(data); -+ (void)section; -+ (void)section_line; -+ (void)ltype; -+ (void)userdata; -+ -+ if (!utf8_is_valid(rvalue)) -+ { -+ log_syntax_invalid_utf8(unit, LOG_ERR, filename, line, rvalue); -+ return 0; -+ } -+ -+ if (0 == strcmp(rvalue, "all")) -+ { -+ pinstr = strdup(rvalue); -+ if (!pinstr) -+ { -+ return log_oom(); -+ } -+ -+ free(*pcpumems); -+ *pcpumems = pinstr; -+ -+ return 0; -+ } -+ -+ /* 0-2,4 */ -+ iret = string_isvalid_interval(rvalue); -+ if (0 != iret) -+ { -+ pinstr = NULL; -+ log_syntax(unit, LOG_ERR, filename, line, EINVAL, -+ "cpuset cpumems '%s' is invalid, Ignoring(%d).", -+ rvalue, iret); -+ } -+ else -+ { -+ pinstr = strdup(rvalue); -+ if (!pinstr) -+ { -+ return log_oom(); -+ } -+ } -+ -+ free(*pcpumems); -+ *pcpumems = pinstr; -+ -+ return 0; -+} -+ - int config_parse_tasks_max( - const char *unit, - const char *filename, -diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h -index 45e9c39..1ecad67 100644 ---- a/src/core/load-fragment.h -+++ b/src/core/load-fragment.h -@@ -74,6 +74,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_unit_slice); - CONFIG_PARSER_PROTOTYPE(config_parse_cg_weight); - CONFIG_PARSER_PROTOTYPE(config_parse_cpu_shares); - CONFIG_PARSER_PROTOTYPE(config_parse_memory_limit); -+CONFIG_PARSER_PROTOTYPE(config_parse_cpuset_cpumems); - CONFIG_PARSER_PROTOTYPE(config_parse_tasks_max); - CONFIG_PARSER_PROTOTYPE(config_parse_delegate); - CONFIG_PARSER_PROTOTYPE(config_parse_managed_oom_mode); -diff --git a/src/core/main.c b/src/core/main.c -index 9282b09..c4564e8 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -148,6 +148,7 @@ static bool arg_default_io_accounting; - static bool arg_default_ip_accounting; - static bool arg_default_blockio_accounting; - static bool arg_default_memory_accounting; -+static bool arg_default_cpuset_accounting; - static bool arg_default_tasks_accounting; - static TasksMax arg_default_tasks_max; - static sd_id128_t arg_machine_id; -@@ -693,6 +694,7 @@ static int parse_config_file(void) { - { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting }, - { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting }, - { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting }, -+ { "Manager", "DefaultCpusetAccounting", config_parse_bool, 0, &arg_default_cpuset_accounting }, - { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting }, - { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, - { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action }, -@@ -764,6 +766,7 @@ static void set_manager_defaults(Manager *m) { - m->default_ip_accounting = arg_default_ip_accounting; - m->default_blockio_accounting = arg_default_blockio_accounting; - m->default_memory_accounting = arg_default_memory_accounting; -+ m->default_cpuset_accounting = arg_default_cpuset_accounting; - m->default_tasks_accounting = arg_default_tasks_accounting; - m->default_tasks_max = arg_default_tasks_max; - m->default_oom_policy = arg_default_oom_policy; -@@ -2358,6 +2361,7 @@ static void reset_arguments(void) { - arg_default_ip_accounting = false; - arg_default_blockio_accounting = false; - arg_default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT; -+ arg_default_cpuset_accounting = false; - arg_default_tasks_accounting = true; - arg_default_tasks_max = DEFAULT_TASKS_MAX; - arg_machine_id = (sd_id128_t) {}; -diff --git a/src/core/manager.c b/src/core/manager.c -index 38482c0..3a12d6d 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -776,6 +776,7 @@ int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager - - .default_timer_accuracy_usec = USEC_PER_MINUTE, - .default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT, -+ .default_cpuset_accounting = false, - .default_tasks_accounting = true, - .default_tasks_max = TASKS_MAX_UNSET, - .default_timeout_start_usec = DEFAULT_TIMEOUT_USEC, -diff --git a/src/core/manager.h b/src/core/manager.h -index 0c39626..f658caa 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -360,6 +360,7 @@ struct Manager { - - bool default_cpu_accounting; - bool default_memory_accounting; -+ bool default_cpuset_accounting; - bool default_io_accounting; - bool default_blockio_accounting; - bool default_tasks_accounting; -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index f2c75fc..fcc20d0 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -53,6 +53,7 @@ - #DefaultIPAccounting=no - #DefaultBlockIOAccounting=no - #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} -+#DefaultCpusetAccounting= - #DefaultTasksAccounting=yes - #DefaultTasksMax=80% - #DefaultLimitCPU= -diff --git a/src/core/unit.c b/src/core/unit.c -index e30c14b..bfd47cf 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -176,6 +176,7 @@ static void unit_init(Unit *u) { - cc->io_accounting = u->manager->default_io_accounting; - cc->blockio_accounting = u->manager->default_blockio_accounting; - cc->memory_accounting = u->manager->default_memory_accounting; -+ cc->cpuset_accounting = u->manager->default_cpuset_accounting; - cc->tasks_accounting = u->manager->default_tasks_accounting; - cc->ip_accounting = u->manager->default_ip_accounting; - -diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c -index d3a5b25..caad3ab 100644 ---- a/src/shared/bus-unit-util.c -+++ b/src/shared/bus-unit-util.c -@@ -460,7 +460,10 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons - "IOAccounting", - "BlockIOAccounting", - "TasksAccounting", -- "IPAccounting")) -+ "IPAccounting", -+ "CPUSetAccounting", -+ "CPUSetCloneChildren", -+ "CPUSetMemMigrate")) - return bus_append_parse_boolean(m, field, eq); - - if (STR_IN_SET(field, "CPUWeight", -@@ -561,6 +564,16 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons - return bus_append_parse_size(m, field, eq, 1024); - } - -+ if (STR_IN_SET(field, "CPUSetCpus", "CPUSetMems")) { -+ if (string_isvalid_interval(eq) == 0 || streq(eq, "all")) -+ r = sd_bus_message_append(m, "(sv)", field, "s", eq); -+ else -+ r = -EINVAL; -+ if (r < 0) -+ return bus_log_create_error(r); -+ return 1; -+ } -+ - if (streq(field, "CPUQuota")) { - if (isempty(eq)) - r = sd_bus_message_append(m, "(sv)", "CPUQuotaPerSecUSec", "t", USEC_INFINITY); -diff --git a/src/shared/cpu-set-util.c b/src/shared/cpu-set-util.c -index e3e6963..2cb4a36 100644 ---- a/src/shared/cpu-set-util.c -+++ b/src/shared/cpu-set-util.c -@@ -7,6 +7,7 @@ - - #include "alloc-util.h" - #include "cpu-set-util.h" -+#include "cgroup-util.h" - #include "dirent-util.h" - #include "errno-util.h" - #include "extract-word.h" -diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c -index 19e159b..425fe19 100644 ---- a/src/test/test-cgroup-mask.c -+++ b/src/test/test-cgroup-mask.c -@@ -55,6 +55,7 @@ static int test_cgroup_mask(void) { - * else. */ - m->default_cpu_accounting = - m->default_memory_accounting = -+ m->default_cpuset_accounting = - m->default_blockio_accounting = - m->default_io_accounting = - m->default_tasks_accounting = false; -@@ -140,10 +141,10 @@ static void test_cg_mask_to_string_one(CGroupMask mask, const char *t) { - - static void test_cg_mask_to_string(void) { - test_cg_mask_to_string_one(0, NULL); -- test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset io blkio memory devices pids bpf-firewall bpf-devices bpf-foreign bpf-socket-bind"); -+ test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset2 io blkio memory devices pids cpuset bpf-firewall bpf-devices bpf-foreign bpf-socket-bind"); - test_cg_mask_to_string_one(CGROUP_MASK_CPU, "cpu"); - test_cg_mask_to_string_one(CGROUP_MASK_CPUACCT, "cpuacct"); -- test_cg_mask_to_string_one(CGROUP_MASK_CPUSET, "cpuset"); -+ test_cg_mask_to_string_one(CGROUP_MASK_CPUSET2, "cpuset2"); - test_cg_mask_to_string_one(CGROUP_MASK_IO, "io"); - test_cg_mask_to_string_one(CGROUP_MASK_BLKIO, "blkio"); - test_cg_mask_to_string_one(CGROUP_MASK_MEMORY, "memory"); -diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service -index 3039d1c..5f8cdd8 100644 ---- a/test/fuzz/fuzz-unit-file/directives-all.service -+++ b/test/fuzz/fuzz-unit-file/directives-all.service -@@ -48,6 +48,11 @@ BusName= - CoredumpFilter= - CPUAccounting= - CPUQuota= -+CPUSetAccounting= -+CPUSetCloneChildren= -+CPUSetCpus= -+CPUSetMemMigrate= -+CPUSetMems= - CPUShares= - CPUWeight= - CapabilityBoundingSet= -diff --git a/test/fuzz/fuzz-unit-file/directives.mount b/test/fuzz/fuzz-unit-file/directives.mount -index 451f291..3adfd5b 100644 ---- a/test/fuzz/fuzz-unit-file/directives.mount -+++ b/test/fuzz/fuzz-unit-file/directives.mount -@@ -19,6 +19,11 @@ CPUQuotaPeriodSec= - CPUSchedulingPolicy= - CPUSchedulingPriority= - CPUSchedulingResetOnFork= -+CPUSetAccounting= -+CPUSetCloneChildren= -+CPUSetCpus= -+CPUSetMemMigrate= -+CPUSetMems= - CPUShares= - CPUWeight= - CacheDirectory= -diff --git a/test/fuzz/fuzz-unit-file/directives.scope b/test/fuzz/fuzz-unit-file/directives.scope -index 7e69cf8..c953f9c 100644 ---- a/test/fuzz/fuzz-unit-file/directives.scope -+++ b/test/fuzz/fuzz-unit-file/directives.scope -@@ -11,6 +11,11 @@ BlockIOWriteBandwidth= - CPUAccounting= - CPUQuota= - CPUQuotaPeriodSec= -+CPUSetAccounting= -+CPUSetCloneChildren= -+CPUSetCpus= -+CPUSetMemMigrate= -+CPUSetMems= - CPUShares= - CPUWeight= - DefaultMemoryLow= -diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service -index de7d2c7..aa5ad32 100644 ---- a/test/fuzz/fuzz-unit-file/directives.service -+++ b/test/fuzz/fuzz-unit-file/directives.service -@@ -63,6 +63,11 @@ ConditionSecurity= - ConditionUser= - ConditionVirtualization= - Conflicts= -+CPUSetAccounting= -+CPUSetCloneChildren= -+CPUSetCpus= -+CPUSetMemMigrate= -+CPUSetMems= - DefaultDependencies= - Description= - Documentation= -diff --git a/test/fuzz/fuzz-unit-file/directives.slice b/test/fuzz/fuzz-unit-file/directives.slice -index 789ac8f..54cb55d 100644 ---- a/test/fuzz/fuzz-unit-file/directives.slice -+++ b/test/fuzz/fuzz-unit-file/directives.slice -@@ -11,6 +11,11 @@ BlockIOWriteBandwidth= - CPUAccounting= - CPUQuota= - CPUQuotaPeriodSec= -+CPUSetAccounting= -+CPUSetCloneChildren= -+CPUSetCpus= -+CPUSetMemMigrate= -+CPUSetMems= - CPUShares= - CPUWeight= - DefaultMemoryLow= -diff --git a/test/fuzz/fuzz-unit-file/directives.socket b/test/fuzz/fuzz-unit-file/directives.socket -index 11f589e..aa9e758 100644 ---- a/test/fuzz/fuzz-unit-file/directives.socket -+++ b/test/fuzz/fuzz-unit-file/directives.socket -@@ -24,6 +24,11 @@ CPUQuotaPeriodSec= - CPUSchedulingPolicy= - CPUSchedulingPriority= - CPUSchedulingResetOnFork= -+CPUSetAccounting= -+CPUSetCloneChildren= -+CPUSetCpus= -+CPUSetMemMigrate= -+CPUSetMems= - CPUShares= - CPUWeight= - CacheDirectory= -diff --git a/test/fuzz/fuzz-unit-file/directives.swap b/test/fuzz/fuzz-unit-file/directives.swap -index 582a136..bc07775 100644 ---- a/test/fuzz/fuzz-unit-file/directives.swap -+++ b/test/fuzz/fuzz-unit-file/directives.swap -@@ -19,6 +19,11 @@ CPUQuotaPeriodSec= - CPUSchedulingPolicy= - CPUSchedulingPriority= - CPUSchedulingResetOnFork= -+CPUSetAccounting= -+CPUSetCloneChildren= -+CPUSetCpus= -+CPUSetMemMigrate= -+CPUSetMems= - CPUShares= - CPUWeight= - CacheDirectory= --- -2.23.0 - diff --git a/core-cgroup-support-default-slice-for-all-uni.patch b/core-cgroup-support-default-slice-for-all-uni.patch deleted file mode 100644 index 361286c..0000000 --- a/core-cgroup-support-default-slice-for-all-uni.patch +++ /dev/null @@ -1,216 +0,0 @@ -From a25f206a49d8a3111ac42791b2eca8a3c9af4991 Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Thu, 6 May 2021 09:38:55 +0800 -Subject: [PATCH] core-cgroup: support default slice for all units. - -With this patch, users can specify a default slice for all units by -adding DefaultUnitSlice=xxx.slice in /etc/systemd/system.conf. ---- - src/core/main.c | 22 +++++++++++ - src/core/manager.h | 2 + - src/core/unit.c | 98 ++++++++++++++++++++++++++++++++++++++++++---- - 3 files changed, 114 insertions(+), 8 deletions(-) - -diff --git a/src/core/main.c b/src/core/main.c -index 48e8a4b..c3d9e1c 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -159,6 +159,7 @@ static EmergencyAction arg_cad_burst_action; - static OOMPolicy arg_default_oom_policy; - static CPUSet arg_cpu_affinity; - static NUMAPolicy arg_numa_policy; -+static char *arg_default_unit_slice = NULL; - static usec_t arg_clock_usec; - static void *arg_random_seed; - static size_t arg_random_seed_size; -@@ -705,6 +706,7 @@ static int parse_config_file(void) { - { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, - { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action }, - { "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_default_oom_policy }, -+ { "Manager", "DefaultUnitSlice", config_parse_string, 0, &arg_default_unit_slice }, - {} - }; - -@@ -784,6 +786,26 @@ static void set_manager_defaults(Manager *m) { - - (void) manager_default_environment(m); - (void) manager_transient_environment_add(m, arg_default_environment); -+ if (m->default_unit_slice) -+ { -+ free(m->default_unit_slice); -+ m->default_unit_slice = NULL; -+ } -+ -+ if (arg_default_unit_slice) -+ { -+ char *default_unit_slice_tmp = NULL; -+ -+ default_unit_slice_tmp = strdup(arg_default_unit_slice); -+ if (!default_unit_slice_tmp) -+ log_oom(); -+ -+ m->default_unit_slice = default_unit_slice_tmp; -+ -+ /* free */ -+ free(arg_default_unit_slice); -+ arg_default_unit_slice = NULL; -+ } - } - - static void set_manager_settings(Manager *m) { -diff --git a/src/core/manager.h b/src/core/manager.h -index 25d058f..ddddc8e 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -23,6 +23,7 @@ typedef struct Unit Unit; - - /* Enforce upper limit how many names we allow */ - #define MANAGER_MAX_NAMES 131072 /* 128K */ -+#define DEFAULT_UNIT_NAME_LEN_MAX 32 - - typedef struct Manager Manager; - -@@ -445,6 +446,7 @@ struct Manager { - unsigned sigchldgen; - unsigned notifygen; - -+ char *default_unit_slice; - bool in_manager_catchup; - - VarlinkServer *varlink_server; -diff --git a/src/core/unit.c b/src/core/unit.c -index cbb02ea..e3dee86 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -3316,6 +3316,58 @@ int unit_set_slice(Unit *u, Unit *slice) { - return 1; - } - -+/* system-xxx.slice, xxx must be (a b c/A B C...and 0 1 2...) */ -+static bool slicename_is_valid(const char *slicename) { -+ const char *str_start = "system-"; -+ const char *str_end = ".slice"; -+ const char *str_tmp = NULL; -+ size_t len_in = 0; -+ size_t len_start = 0; -+ size_t len_end = 0; -+ size_t i = 0; -+ -+ if (isempty(slicename)) -+ return false; -+ -+ len_in = strlen(slicename); -+ len_start = strlen(str_start); -+ len_end = strlen(str_end); -+ -+ if (len_in > DEFAULT_UNIT_NAME_LEN_MAX) -+ return false; -+ -+ if (len_in <= len_start + len_end) -+ return false; -+ -+ /* system- */ -+ if (strncmp(slicename, str_start, len_start) != 0) -+ return false; -+ -+ str_tmp = slicename + len_start; -+ -+ len_in = strlen(str_tmp); -+ if (len_in <= len_end) -+ return false; -+ -+ /* .slice */ -+ if (!strneq(str_tmp + len_in - len_end, str_end, len_end)) -+ return false; -+ -+ /* a b c/A B C...and 0 1 2... */ -+ for (i = 0; i < (len_in - len_end); i++) { -+ char c = *(str_tmp + i); -+ -+ if ((c >= 'a' && c <= 'z') || -+ (c >= 'A' && c <= 'Z') || -+ (c >= '0' && c <= '9')) -+ continue; -+ else -+ return false; -+ } -+ -+ return true; -+} -+ - int unit_set_default_slice(Unit *u) { - const char *slice_name; - Unit *slice; -@@ -3326,6 +3378,20 @@ int unit_set_default_slice(Unit *u) { - if (UNIT_GET_SLICE(u)) - return 0; - -+ bool isdefaultslice = false; -+ char *default_unit_slice = u->manager->default_unit_slice; -+ -+ if (default_unit_slice) { -+ isdefaultslice = true; -+ -+ if (streq(default_unit_slice, SPECIAL_SYSTEM_SLICE)) -+ isdefaultslice = false; -+ else if (!slicename_is_valid(default_unit_slice)) { -+ log_error("default unit slice is error. slice name '%s' is invalid.", default_unit_slice); -+ isdefaultslice = false; -+ } -+ } -+ - if (u->instance) { - _cleanup_free_ char *prefix = NULL, *escaped = NULL; - -@@ -3343,24 +3409,40 @@ int unit_set_default_slice(Unit *u) { - if (!escaped) - return -ENOMEM; - -- if (MANAGER_IS_SYSTEM(u->manager)) -- slice_name = strjoina("system-", escaped, ".slice"); -- else -+ if (MANAGER_IS_SYSTEM(u->manager)) { -+ if (isdefaultslice) { -+ _cleanup_free_ char *default_unit_slice_tmp = NULL; -+ -+ default_unit_slice_tmp = strreplace(default_unit_slice, ".slice", "-"); -+ if (!default_unit_slice_tmp) -+ return -ENOMEM; -+ -+ slice_name = strjoina(default_unit_slice_tmp, escaped, ".slice"); -+ } else -+ slice_name = strjoina("system-", escaped, ".slice"); -+ } else - slice_name = strjoina("app-", escaped, ".slice"); - -- } else if (unit_is_extrinsic(u)) -+ } else if (unit_is_extrinsic(u)) { - /* Keep all extrinsic units (e.g. perpetual units and swap and mount units in user mode) in - * the root slice. They don't really belong in one of the subslices. */ - slice_name = SPECIAL_ROOT_SLICE; -- -- else if (MANAGER_IS_SYSTEM(u->manager)) -- slice_name = SPECIAL_SYSTEM_SLICE; -- else -+ isdefaultslice = false; -+ } else if (MANAGER_IS_SYSTEM(u->manager)) { -+ if (isdefaultslice) -+ slice_name = default_unit_slice; -+ else -+ slice_name = SPECIAL_SYSTEM_SLICE; -+ } else { - slice_name = SPECIAL_APP_SLICE; -+ isdefaultslice = false; -+ } - - r = manager_load_unit(u->manager, slice_name, NULL, NULL, &slice); - if (r < 0) - return r; -+ if (isdefaultslice) -+ slice->default_dependencies=false; - - return unit_set_slice(u, slice); - } --- -2.27.0 - diff --git a/core-cgroup-support-freezer.patch b/core-cgroup-support-freezer.patch deleted file mode 100644 index e383190..0000000 --- a/core-cgroup-support-freezer.patch +++ /dev/null @@ -1,589 +0,0 @@ -From 05a0f33b0d0a650b25ce7955a171d725f9c3f5f6 Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Thu, 6 May 2021 09:38:54 +0800 -Subject: [PATCH] core-cgroup: support freezer. - -This patch add support for freezer subsystem. ---- - src/basic/cgroup-util.c | 1 + - src/basic/cgroup-util.h | 4 +- - src/core/cgroup.c | 16 +++++++ - src/core/cgroup.h | 4 ++ - src/core/dbus-cgroup.c | 29 +++++++++++++ - src/core/dbus-manager.c | 1 + - src/core/load-fragment-gperf.gperf.in | 2 + - src/core/load-fragment.c | 33 ++++++++++++++ - src/core/load-fragment.h | 1 + - src/core/main.c | 4 ++ - src/core/manager.h | 1 + - src/core/system.conf.in | 1 + - src/core/unit.c | 1 + - src/shared/bus-unit-util.c | 11 +++++ - src/test/meson.build | 6 +++ - src/test/test-cgroup-freezer.c | 43 +++++++++++++++++++ - src/test/test-cgroup-mask.c | 3 +- - .../fuzz-unit-file/directives-all.service | 2 + - test/fuzz/fuzz-unit-file/directives.mount | 2 + - test/fuzz/fuzz-unit-file/directives.scope | 2 + - test/fuzz/fuzz-unit-file/directives.service | 2 + - test/fuzz/fuzz-unit-file/directives.slice | 2 + - test/fuzz/fuzz-unit-file/directives.socket | 2 + - test/fuzz/fuzz-unit-file/directives.swap | 2 + - 24 files changed, 173 insertions(+), 2 deletions(-) - create mode 100644 src/test/test-cgroup-freezer.c - -diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c -index 01a4181..f912b65 100644 ---- a/src/basic/cgroup-util.c -+++ b/src/basic/cgroup-util.c -@@ -2162,6 +2162,7 @@ static const char *const cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = { - [CGROUP_CONTROLLER_DEVICES] = "devices", - [CGROUP_CONTROLLER_PIDS] = "pids", - [CGROUP_CONTROLLER_CPUSET] = "cpuset", -+ [CGROUP_CONTROLLER_FREEZER] = "freezer", - [CGROUP_CONTROLLER_BPF_FIREWALL] = "bpf-firewall", - [CGROUP_CONTROLLER_BPF_DEVICES] = "bpf-devices", - [CGROUP_CONTROLLER_BPF_FOREIGN] = "bpf-foreign", -diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h -index 06a23ff..a491eca 100644 ---- a/src/basic/cgroup-util.h -+++ b/src/basic/cgroup-util.h -@@ -27,6 +27,7 @@ typedef enum CGroupController { - CGROUP_CONTROLLER_DEVICES, /* v1 only */ - CGROUP_CONTROLLER_PIDS, - CGROUP_CONTROLLER_CPUSET, -+ CGROUP_CONTROLLER_FREEZER, - - /* BPF-based pseudo-controllers, v2 only */ - CGROUP_CONTROLLER_BPF_FIREWALL, -@@ -51,13 +52,14 @@ typedef enum CGroupMask { - CGROUP_MASK_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_DEVICES), - CGROUP_MASK_PIDS = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_PIDS), - CGROUP_MASK_CPUSET = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET), -+ CGROUP_MASK_FREEZER = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_FREEZER), - CGROUP_MASK_BPF_FIREWALL = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FIREWALL), - CGROUP_MASK_BPF_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_DEVICES), - CGROUP_MASK_BPF_FOREIGN = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FOREIGN), - CGROUP_MASK_BPF_SOCKET_BIND = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_SOCKET_BIND), - - /* All real cgroup v1 controllers */ -- CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_CPUSET|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS, -+ CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_CPUSET|CGROUP_MASK_FREEZER|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS, - - /* All real cgroup v2 controllers */ - CGROUP_MASK_V2 = CGROUP_MASK_CPU|CGROUP_MASK_CPUSET2|CGROUP_MASK_IO|CGROUP_MASK_MEMORY|CGROUP_MASK_PIDS, -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 83e94c7..f811a8b 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -139,6 +139,7 @@ void cgroup_context_init(CGroupContext *c) { - .startup_blockio_weight = CGROUP_BLKIO_WEIGHT_INVALID, - - .tasks_max = TASKS_MAX_UNSET, -+ .freezer_state = NULL, - - .moom_swap = MANAGED_OOM_AUTO, - .moom_mem_pressure = MANAGED_OOM_AUTO, -@@ -260,6 +261,9 @@ void cgroup_context_done(CGroupContext *c) { - - cpu_set_reset(&c->cpuset_cpus2); - cpu_set_reset(&c->cpuset_mems2); -+ -+ if (c->freezer_state) -+ c->freezer_state = mfree(c->freezer_state); - } - - static int unit_get_kernel_memory_limit(Unit *u, const char *file, uint64_t *ret) { -@@ -433,6 +437,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - "%sBlockIOAccounting: %s\n" - "%sMemoryAccounting: %s\n" - "%sCPUSetAccounting: %s\n" -+ "%sFreezerAccounting=%s\n" - "%sTasksAccounting: %s\n" - "%sIPAccounting: %s\n" - "%sCPUWeight: %" PRIu64 "\n" -@@ -460,6 +465,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - "%sCPUSetCloneChildren=%s\n" - "%sCPUSetMemMigrate=%s\n" - "%sTasksMax: %" PRIu64 "\n" -+ "%sFreezerState=%s\n" - "%sDevicePolicy: %s\n" - "%sDisableControllers: %s\n" - "%sDelegate: %s\n" -@@ -472,6 +478,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - prefix, yes_no(c->blockio_accounting), - prefix, yes_no(c->memory_accounting), - prefix, yes_no(c->cpuset_accounting), -+ prefix, yes_no(c->freezer_accounting), - prefix, yes_no(c->tasks_accounting), - prefix, yes_no(c->ip_accounting), - prefix, c->cpu_weight, -@@ -499,6 +506,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - prefix, yes_no(c->cpuset_clone_children), - prefix, yes_no(c->cpuset_memory_migrate), - prefix, tasks_max_resolve(&c->tasks_max), -+ prefix, c->freezer_state, - prefix, cgroup_device_policy_to_string(c->device_policy), - prefix, strempty(disable_controllers_str), - prefix, yes_no(c->delegate), -@@ -1566,6 +1574,11 @@ static void cgroup_context_apply( - } - } - -+ if ((apply_mask & CGROUP_MASK_FREEZER) && !is_local_root) { -+ if (c->freezer_state) -+ (void) set_attribute_and_warn(u, "freezer", "freezer.state", c->freezer_state); -+ } -+ - /* On cgroup v2 we can apply BPF everywhere. On cgroup v1 we apply it everywhere except for the root of - * containers, where we leave this to the manager */ - if ((apply_mask & (CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES)) && -@@ -1708,6 +1721,9 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { - c->cpuset_mems) - mask |= CGROUP_MASK_CPUSET; - -+ if (c->freezer_accounting || c->freezer_state) -+ mask |= CGROUP_MASK_FREEZER; -+ - if (c->device_allow || - c->device_policy != CGROUP_DEVICE_POLICY_AUTO) - mask |= CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES; -diff --git a/src/core/cgroup.h b/src/core/cgroup.h -index 1e27104..6833d5b 100644 ---- a/src/core/cgroup.h -+++ b/src/core/cgroup.h -@@ -116,6 +116,7 @@ struct CGroupContext { - bool blockio_accounting; - bool memory_accounting; - bool cpuset_accounting; -+ bool freezer_accounting; - bool tasks_accounting; - bool ip_accounting; - -@@ -186,6 +187,9 @@ struct CGroupContext { - /* Common */ - TasksMax tasks_max; - -+ /* Freezer */ -+ char *freezer_state; -+ - /* Settings for systemd-oomd */ - ManagedOOMMode moom_swap; - ManagedOOMMode moom_mem_pressure; -diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c -index 0cdc98c..8527a1a 100644 ---- a/src/core/dbus-cgroup.c -+++ b/src/core/dbus-cgroup.c -@@ -445,6 +445,8 @@ const sd_bus_vtable bus_cgroup_vtable[] = { - SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems), 0), - SD_BUS_PROPERTY("CPUSetCloneChildren", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_clone_children), 0), - SD_BUS_PROPERTY("CPUSetMemMigrate", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_memory_migrate), 0), -+ SD_BUS_PROPERTY("FreezerAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, freezer_accounting), 0), -+ SD_BUS_PROPERTY("FreezerState", "s", NULL, offsetof(CGroupContext, freezer_state), 0), - SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), - SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), - SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0), -@@ -1073,6 +1075,9 @@ int bus_cgroup_set_property( - if (streq(name, "CPUSetAccounting")) - return bus_cgroup_set_boolean(u, name, &c->cpuset_accounting, CGROUP_MASK_CPUSET, message, flags, error); - -+ if (streq(name, "FreezerAccounting")) -+ return bus_cgroup_set_boolean(u, name, &c->freezer_accounting, CGROUP_MASK_FREEZER, message, flags, error); -+ - if (STR_IN_SET(name, "CPUSetCpus", "CPUSetMems")) { - const char *cpuset_str = NULL; - -@@ -1107,6 +1112,30 @@ int bus_cgroup_set_property( - if (streq(name, "CPUSetMemMigrate")) - return bus_cgroup_set_boolean(u, name, &c->cpuset_memory_migrate, CGROUP_MASK_CPUSET, message, flags, error); - -+ if (streq(name, "FreezerState")) { -+ const char *state = NULL; -+ -+ r = sd_bus_message_read(message, "s", &state); -+ if (r < 0) -+ return r; -+ -+ if (!UNIT_WRITE_FLAGS_NOOP(flags)) { -+ unit_invalidate_cgroup(u, CGROUP_MASK_FREEZER); -+ -+ if (c->freezer_state) { -+ free(c->freezer_state); -+ c->freezer_state = NULL; -+ } -+ -+ c->freezer_state = strdup(state); -+ if (!c->freezer_state) -+ return -ENOMEM; -+ -+ unit_write_settingf(u, flags, name, "FreezerState=%s", state); -+ } -+ return 1; -+ } -+ - if (streq(name, "TasksAccounting")) - return bus_cgroup_set_boolean(u, name, &c->tasks_accounting, CGROUP_MASK_PIDS, message, flags, error); - -diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c -index 82896af..184df9d 100644 ---- a/src/core/dbus-manager.c -+++ b/src/core/dbus-manager.c -@@ -2691,6 +2691,7 @@ const sd_bus_vtable bus_manager_vtable[] = { - SD_BUS_PROPERTY("DefaultBlockIOAccounting", "b", bus_property_get_bool, offsetof(Manager, default_blockio_accounting), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, default_memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("DefaultCpusetAccounting", "b", bus_property_get_bool, offsetof(Manager, default_cpuset_accounting), SD_BUS_VTABLE_PROPERTY_CONST), -+ SD_BUS_PROPERTY("DefaultFreezerAccounting", "b", bus_property_get_bool, offsetof(Manager, default_freezer_accounting), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("DefaultTasksAccounting", "b", bus_property_get_bool, offsetof(Manager, default_tasks_accounting), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("DefaultLimitCPU", "t", bus_property_get_rlimit, offsetof(Manager, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), - SD_BUS_PROPERTY("DefaultLimitCPUSoft", "t", bus_property_get_rlimit, offsetof(Manager, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST), -diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in -index 60c9dbc..5b7ecd2 100644 ---- a/src/core/load-fragment-gperf.gperf.in -+++ b/src/core/load-fragment-gperf.gperf.in -@@ -202,6 +202,8 @@ - {{type}}.CPUSetMems, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_mems) - {{type}}.CPUSetCloneChildren, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_clone_children) - {{type}}.CPUSetMemMigrate, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_memory_migrate) -+{{type}}.FreezerAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.freezer_accounting) -+{{type}}.FreezerState, config_parse_freezer_state, 0, offsetof({{type}}, cgroup_context.freezer_state) - {{type}}.DeviceAllow, config_parse_device_allow, 0, offsetof({{type}}, cgroup_context) - {{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy) - {{type}}.IOAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.io_accounting) -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 5f6a703..d5eb932 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -3791,6 +3791,39 @@ int config_parse_cpuset_cpumems( - return 0; - } - -+int config_parse_freezer_state( -+ const char *unit, -+ const char *filename, -+ unsigned line, -+ const char *section, -+ unsigned section_line, -+ const char *lvalue, -+ int ltype, -+ const char *rvalue, -+ void *data, -+ void *userdata) { -+ -+ char **freezer_state = data; -+ char *pinstr = NULL; -+ -+ assert(filename); -+ assert(lvalue); -+ assert(rvalue); -+ -+ if (!STR_IN_SET(rvalue, "FROZEN", "THAWED")) { -+ log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Freezer state '%s' is invalid, Ignoring.", rvalue); -+ return 0; -+ } -+ -+ pinstr = strdup(rvalue); -+ if (!pinstr) -+ return log_oom(); -+ -+ free(*freezer_state); -+ *freezer_state = pinstr; -+ return 0; -+} -+ - int config_parse_tasks_max( - const char *unit, - const char *filename, -diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h -index 1ecad67..090776c 100644 ---- a/src/core/load-fragment.h -+++ b/src/core/load-fragment.h -@@ -75,6 +75,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cg_weight); - CONFIG_PARSER_PROTOTYPE(config_parse_cpu_shares); - CONFIG_PARSER_PROTOTYPE(config_parse_memory_limit); - CONFIG_PARSER_PROTOTYPE(config_parse_cpuset_cpumems); -+CONFIG_PARSER_PROTOTYPE(config_parse_freezer_state); - CONFIG_PARSER_PROTOTYPE(config_parse_tasks_max); - CONFIG_PARSER_PROTOTYPE(config_parse_delegate); - CONFIG_PARSER_PROTOTYPE(config_parse_managed_oom_mode); -diff --git a/src/core/main.c b/src/core/main.c -index 6309aab..9cc7fec 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -149,6 +149,7 @@ static bool arg_default_ip_accounting; - static bool arg_default_blockio_accounting; - static bool arg_default_memory_accounting; - static bool arg_default_cpuset_accounting; -+static bool arg_default_freezer_accounting; - static bool arg_default_tasks_accounting; - static TasksMax arg_default_tasks_max; - static sd_id128_t arg_machine_id; -@@ -695,6 +696,7 @@ static int parse_config_file(void) { - { "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting }, - { "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting }, - { "Manager", "DefaultCpusetAccounting", config_parse_bool, 0, &arg_default_cpuset_accounting }, -+ { "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_default_freezer_accounting }, - { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting }, - { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, - { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action }, -@@ -767,6 +769,7 @@ static void set_manager_defaults(Manager *m) { - m->default_blockio_accounting = arg_default_blockio_accounting; - m->default_memory_accounting = arg_default_memory_accounting; - m->default_cpuset_accounting = arg_default_cpuset_accounting; -+ m->default_freezer_accounting = arg_default_freezer_accounting; - m->default_tasks_accounting = arg_default_tasks_accounting; - m->default_tasks_max = arg_default_tasks_max; - m->default_oom_policy = arg_default_oom_policy; -@@ -2405,6 +2408,7 @@ static void reset_arguments(void) { - arg_default_blockio_accounting = false; - arg_default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT; - arg_default_cpuset_accounting = false; -+ arg_default_freezer_accounting = false; - arg_default_tasks_accounting = true; - arg_default_tasks_max = DEFAULT_TASKS_MAX; - arg_machine_id = (sd_id128_t) {}; -diff --git a/src/core/manager.h b/src/core/manager.h -index b7a51cf..72fd86e 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -361,6 +361,7 @@ struct Manager { - bool default_cpu_accounting; - bool default_memory_accounting; - bool default_cpuset_accounting; -+ bool default_freezer_accounting; - bool default_io_accounting; - bool default_blockio_accounting; - bool default_tasks_accounting; -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index fcc20d0..f97bd2f 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -54,6 +54,7 @@ - #DefaultBlockIOAccounting=no - #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} - #DefaultCpusetAccounting= -+#DefaultFreezerAccounting=no - #DefaultTasksAccounting=yes - #DefaultTasksMax=80% - #DefaultLimitCPU= -diff --git a/src/core/unit.c b/src/core/unit.c -index 2f20053..70849e4 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -177,6 +177,7 @@ static void unit_init(Unit *u) { - cc->blockio_accounting = u->manager->default_blockio_accounting; - cc->memory_accounting = u->manager->default_memory_accounting; - cc->cpuset_accounting = u->manager->default_cpuset_accounting; -+ cc->freezer_accounting = u->manager->default_freezer_accounting; - cc->tasks_accounting = u->manager->default_tasks_accounting; - cc->ip_accounting = u->manager->default_ip_accounting; - -diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c -index caad3ab..f20fcbf 100644 ---- a/src/shared/bus-unit-util.c -+++ b/src/shared/bus-unit-util.c -@@ -462,6 +462,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons - "TasksAccounting", - "IPAccounting", - "CPUSetAccounting", -+ "FreezerAccounting", - "CPUSetCloneChildren", - "CPUSetMemMigrate")) - return bus_append_parse_boolean(m, field, eq); -@@ -574,6 +575,16 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons - return 1; - } - -+ if (streq(field, "FreezerState")) { -+ if (STR_IN_SET(eq, "FROZEN", "THAWED")) -+ r = sd_bus_message_append(m, "(sv)", field, "s", eq); -+ else -+ r = -EINVAL; -+ if (r < 0) -+ return bus_log_create_error(r); -+ return 1; -+ } -+ - if (streq(field, "CPUQuota")) { - if (isempty(eq)) - r = sd_bus_message_append(m, "(sv)", "CPUQuotaPerSecUSec", "t", USEC_INFINITY); -diff --git a/src/test/meson.build b/src/test/meson.build -index c0faeb4..fc891bb 100644 ---- a/src/test/meson.build -+++ b/src/test/meson.build -@@ -450,6 +450,12 @@ tests += [ - [], - core_includes], - -+ [['src/test/test-cgroup-freezer.c'], -+ [libcore, -+ libshared], -+ [], -+ core_includes], -+ - [['src/test/test-cgroup-unit-default.c'], - [libcore, - libshared], -diff --git a/src/test/test-cgroup-freezer.c b/src/test/test-cgroup-freezer.c -new file mode 100644 -index 0000000..a533d16 ---- /dev/null -+++ b/src/test/test-cgroup-freezer.c -@@ -0,0 +1,43 @@ -+/* SPDX-License-Identifier: LGPL-2.1+ */ -+ -+#include "load-fragment.h" -+#include "string-util.h" -+ -+static void test_config_parse_freezer_state(void) { -+ /* int config_parse_freezer_state( -+ const char *unit, -+ const char *filename, -+ unsigned line, -+ const char *section, -+ unsigned section_line, -+ const char *lvalue, -+ int ltype, -+ const char *rvalue, -+ void *data, -+ void *userdata) */ -+ int r; -+ _cleanup_free_ char *pstate = NULL; -+ -+ r = config_parse_freezer_state(NULL, "fake", 1, "section", 1, "FreezerState", 0, "FROZEN", &pstate, NULL); -+ assert_se(r >= 0); -+ assert_se(streq(pstate, "FROZEN")); -+ -+ pstate = mfree(pstate); -+ r = config_parse_freezer_state(NULL, "fake", 1, "section", 1, "FreezerState", 0, "THAWED", &pstate, NULL); -+ assert_se(r >= 0); -+ assert_se(streq(pstate, "THAWED")); -+ -+ pstate = mfree(pstate); -+ r = config_parse_freezer_state(NULL, "fake", 1, "section", 1, "FreezerState", 0, "test", &pstate, NULL); -+ assert_se(r >= 0); -+ assert_se(!pstate); -+ -+ r = config_parse_freezer_state(NULL, "fake", 1, "section", 1, "FreezerState", 0, "", &pstate, NULL); -+ assert_se(r >= 0); -+ assert_se(!pstate); -+} -+ -+int main(int argc, char *argv[]){ -+ test_config_parse_freezer_state(); -+ return 0; -+} -diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c -index 425fe19..31fd5d0 100644 ---- a/src/test/test-cgroup-mask.c -+++ b/src/test/test-cgroup-mask.c -@@ -56,6 +56,7 @@ static int test_cgroup_mask(void) { - m->default_cpu_accounting = - m->default_memory_accounting = - m->default_cpuset_accounting = -+ m->default_freezer_accounting = - m->default_blockio_accounting = - m->default_io_accounting = - m->default_tasks_accounting = false; -@@ -141,7 +142,7 @@ static void test_cg_mask_to_string_one(CGroupMask mask, const char *t) { - - static void test_cg_mask_to_string(void) { - test_cg_mask_to_string_one(0, NULL); -- test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset2 io blkio memory devices pids cpuset bpf-firewall bpf-devices bpf-foreign bpf-socket-bind"); -+ test_cg_mask_to_string_one(_CGROUP_MASK_ALL, "cpu cpuacct cpuset2 io blkio memory devices pids cpuset freezer bpf-firewall bpf-devices bpf-foreign bpf-socket-bind"); - test_cg_mask_to_string_one(CGROUP_MASK_CPU, "cpu"); - test_cg_mask_to_string_one(CGROUP_MASK_CPUACCT, "cpuacct"); - test_cg_mask_to_string_one(CGROUP_MASK_CPUSET2, "cpuset2"); -diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service -index 5f8cdd8..1cd161d 100644 ---- a/test/fuzz/fuzz-unit-file/directives-all.service -+++ b/test/fuzz/fuzz-unit-file/directives-all.service -@@ -107,6 +107,8 @@ FileDescriptorName= - FileDescriptorStoreMax= - ForceUnmount= - FreeBind= -+FreezerAccounting= -+FreezerState= - Group= - GuessMainPID= - IOAccounting= -diff --git a/test/fuzz/fuzz-unit-file/directives.mount b/test/fuzz/fuzz-unit-file/directives.mount -index 3adfd5b..53c035a 100644 ---- a/test/fuzz/fuzz-unit-file/directives.mount -+++ b/test/fuzz/fuzz-unit-file/directives.mount -@@ -47,6 +47,8 @@ ExecPaths= - ExtensionImages= - FinalKillSignal= - ForceUnmount= -+FreezerAccounting= -+FreezerState= - Group= - IOAccounting= - IODeviceLatencyTargetSec= -diff --git a/test/fuzz/fuzz-unit-file/directives.scope b/test/fuzz/fuzz-unit-file/directives.scope -index c953f9c..1dd6c60 100644 ---- a/test/fuzz/fuzz-unit-file/directives.scope -+++ b/test/fuzz/fuzz-unit-file/directives.scope -@@ -25,6 +25,8 @@ DeviceAllow= - DevicePolicy= - DisableControllers= - FinalKillSignal= -+FreezerAccounting= -+FreezerState= - IOAccounting= - IODeviceLatencyTargetSec= - IODeviceWeight= -diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service -index aa5ad32..a5f7f07 100644 ---- a/test/fuzz/fuzz-unit-file/directives.service -+++ b/test/fuzz/fuzz-unit-file/directives.service -@@ -73,6 +73,8 @@ Description= - Documentation= - FailureAction= - FailureActionExitStatus= -+FreezerAccounting= -+FreezerState= - IgnoreOnIsolate= - IgnoreOnSnapshot= - JobRunningTimeoutSec= -diff --git a/test/fuzz/fuzz-unit-file/directives.slice b/test/fuzz/fuzz-unit-file/directives.slice -index 54cb55d..2328a24 100644 ---- a/test/fuzz/fuzz-unit-file/directives.slice -+++ b/test/fuzz/fuzz-unit-file/directives.slice -@@ -24,6 +24,8 @@ Delegate= - DeviceAllow= - DevicePolicy= - DisableControllers= -+FreezerAccounting= -+FreezerState= - IOAccounting= - IODeviceLatencyTargetSec= - IODeviceWeight= -diff --git a/test/fuzz/fuzz-unit-file/directives.socket b/test/fuzz/fuzz-unit-file/directives.socket -index aa9e758..6fb1e5f 100644 ---- a/test/fuzz/fuzz-unit-file/directives.socket -+++ b/test/fuzz/fuzz-unit-file/directives.socket -@@ -59,6 +59,8 @@ FileDescriptorName= - FinalKillSignal= - FlushPending= - FreeBind= -+FreezerAccounting= -+FreezerState= - Group= - IOAccounting= - IODeviceLatencyTargetSec= -diff --git a/test/fuzz/fuzz-unit-file/directives.swap b/test/fuzz/fuzz-unit-file/directives.swap -index bc07775..6ca6198 100644 ---- a/test/fuzz/fuzz-unit-file/directives.swap -+++ b/test/fuzz/fuzz-unit-file/directives.swap -@@ -45,6 +45,8 @@ EnvironmentFile= - ExecPaths= - ExtensionImages= - FinalKillSignal= -+FreezerAccounting= -+FreezerState= - Group= - IOAccounting= - IODeviceLatencyTargetSec= --- -2.23.0 - diff --git a/core-cgroup-support-memorysw.patch b/core-cgroup-support-memorysw.patch deleted file mode 100644 index 5b2141d..0000000 --- a/core-cgroup-support-memorysw.patch +++ /dev/null @@ -1,263 +0,0 @@ -From cfb8a3cf09d9a958388ca1181bb92d9f77ab100e Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Thu, 6 May 2021 09:38:54 +0800 -Subject: [PATCH] core-cgroup: support memorysw - -Upstream systemd dosen't support setting memory.memsw.limit_in_bytes. -This patch enables setting memory.memsw.limit_in_bytes by MemoryMemswLimit. ---- - src/core/cgroup.c | 17 +++++++++++++++-- - src/core/cgroup.h | 1 + - src/core/dbus-cgroup.c | 4 ++++ - src/core/load-fragment-gperf.gperf.in | 1 + - src/core/load-fragment.c | 2 ++ - src/shared/bus-print-properties.c | 2 +- - src/shared/bus-unit-util.c | 1 + - test/fuzz/fuzz-unit-file/directives-all.service | 1 + - test/fuzz/fuzz-unit-file/directives.mount | 1 + - test/fuzz/fuzz-unit-file/directives.scope | 1 + - test/fuzz/fuzz-unit-file/directives.service | 1 + - test/fuzz/fuzz-unit-file/directives.slice | 1 + - test/fuzz/fuzz-unit-file/directives.socket | 1 + - test/fuzz/fuzz-unit-file/directives.swap | 1 + - 14 files changed, 32 insertions(+), 3 deletions(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index d9b1d9b..4eedaf7 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -125,6 +125,7 @@ void cgroup_context_init(CGroupContext *c) { - .memory_swap_max = CGROUP_LIMIT_MAX, - - .memory_limit = CGROUP_LIMIT_MAX, -+ .memory_memsw_limit = CGROUP_LIMIT_MAX, - - .io_weight = CGROUP_WEIGHT_INVALID, - .startup_io_weight = CGROUP_WEIGHT_INVALID, -@@ -454,6 +455,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - "%sMemoryMax: %" PRIu64 "%s\n" - "%sMemorySwapMax: %" PRIu64 "%s\n" - "%sMemoryLimit: %" PRIu64 "\n" -+ "%sMemoryMemswLimit=%" PRIu64 "\n" - "%sCPUSetCpus=%s\n" - "%sCPUSetMems=%s\n" - "%sCPUSetCloneChildren=%s\n" -@@ -495,6 +497,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { - prefix, c->memory_max, format_cgroup_memory_limit_comparison(cdd, sizeof(cdd), u, "MemoryMax"), - prefix, c->memory_swap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemorySwapMax"), - prefix, c->memory_limit, -+ prefix, c->memory_memsw_limit, - prefix, c->cpuset_cpus, - prefix, c->cpuset_mems, - prefix, yes_no(c->cpuset_clone_children), -@@ -1484,13 +1487,16 @@ static void cgroup_context_apply( - - } else { - char buf[DECIMAL_STR_MAX(uint64_t) + 1]; -- uint64_t val; -+ uint64_t val, sw_val; - - if (unit_has_unified_memory_config(u)) { - val = c->memory_max; -+ sw_val = CGROUP_LIMIT_MAX; - log_cgroup_compat(u, "Applying MemoryMax=%" PRIi64 " as MemoryLimit=", val); -- } else -+ } else { - val = c->memory_limit; -+ sw_val = c->memory_memsw_limit; -+ } - - if (val == CGROUP_LIMIT_MAX) - strncpy(buf, "-1\n", sizeof(buf)); -@@ -1498,6 +1504,12 @@ static void cgroup_context_apply( - xsprintf(buf, "%" PRIu64 "\n", val); - - (void) set_attribute_and_warn(u, "memory", "memory.limit_in_bytes", buf); -+ -+ if (sw_val == CGROUP_LIMIT_MAX) -+ strncpy(buf, "-1\n", sizeof(buf)); -+ else -+ xsprintf(buf, "%" PRIu64 "\n", sw_val); -+ (void) set_attribute_and_warn(u, "memory", "memory.memsw.limit_in_bytes", buf); - } - } - -@@ -1679,6 +1691,7 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { - - if (c->memory_accounting || - c->memory_limit != CGROUP_LIMIT_MAX || -+ c->memory_memsw_limit != CGROUP_LIMIT_MAX || - unit_has_unified_memory_config(u)) - mask |= CGROUP_MASK_MEMORY; - -diff --git a/src/core/cgroup.h b/src/core/cgroup.h -index 9177415..1a36c2d 100644 ---- a/src/core/cgroup.h -+++ b/src/core/cgroup.h -@@ -177,6 +177,7 @@ struct CGroupContext { - LIST_HEAD(CGroupBlockIODeviceBandwidth, blockio_device_bandwidths); - - uint64_t memory_limit; -+ uint64_t memory_memsw_limit; - - CGroupDevicePolicy device_policy; - LIST_HEAD(CGroupDeviceAllow, device_allow); -diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c -index 509ae4f..a200710 100644 ---- a/src/core/dbus-cgroup.c -+++ b/src/core/dbus-cgroup.c -@@ -440,6 +440,7 @@ const sd_bus_vtable bus_cgroup_vtable[] = { - SD_BUS_PROPERTY("MemoryMax", "t", NULL, offsetof(CGroupContext, memory_max), 0), - SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0), - SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), -+ SD_BUS_PROPERTY("MemoryMemswLimit", "t", NULL, offsetof(CGroupContext, memory_memsw_limit), 0), - SD_BUS_PROPERTY("CPUSetAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_accounting), 0), - SD_BUS_PROPERTY("CPUSetCpus", "s", NULL, offsetof(CGroupContext, cpuset_cpus), 0), - SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems), 0), -@@ -1032,6 +1033,9 @@ int bus_cgroup_set_property( - if (streq(name, "MemoryLimit")) - return bus_cgroup_set_memory(u, name, &c->memory_limit, message, flags, error); - -+ if (streq(name, "MemoryMemswLimit")) -+ return bus_cgroup_set_memory(u, name, &c->memory_memsw_limit, message, flags, error); -+ - if (streq(name, "MemoryMinScale")) { - r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_min, message, flags, error); - if (r > 0) -diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in -index 5b7ecd2..0702aa0 100644 ---- a/src/core/load-fragment-gperf.gperf.in -+++ b/src/core/load-fragment-gperf.gperf.in -@@ -197,6 +197,7 @@ - {{type}}.MemoryMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) - {{type}}.MemorySwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) - {{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) -+{{type}}.MemoryMemswLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) - {{type}}.CPUSetAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_accounting) - {{type}}.CPUSetCpus, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_cpus) - {{type}}.CPUSetMems, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_mems) -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 1fb097d..a2ad32b 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -3716,6 +3716,8 @@ int config_parse_memory_limit( - c->memory_swap_max = bytes; - else if (streq(lvalue, "MemoryLimit")) - c->memory_limit = bytes; -+ else if (streq(lvalue, "MemoryMemswLimit")) -+ c->memory_memsw_limit = bytes; - else - return -EINVAL; - -diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c -index b459219..a16aca8 100644 ---- a/src/shared/bus-print-properties.c -+++ b/src/shared/bus-print-properties.c -@@ -165,7 +165,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b - - bus_print_property_value(name, expected_value, flags, "[not set]"); - -- else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || -+ else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryLimit", "MemoryMemswLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || - (STR_IN_SET(name, "TasksMax", "DefaultTasksMax") && u == UINT64_MAX) || - (startswith(name, "Limit") && u == UINT64_MAX) || - (startswith(name, "DefaultLimit") && u == UINT64_MAX)) -diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c -index f20fcbf..b4b04e1 100644 ---- a/src/shared/bus-unit-util.c -+++ b/src/shared/bus-unit-util.c -@@ -521,6 +521,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons - "MemoryMax", - "MemorySwapMax", - "MemoryLimit", -+ "MemoryMemswLimit", - "TasksMax")) { - - if (streq(eq, "infinity")) { -diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service -index 1cd161d..208c33b 100644 ---- a/test/fuzz/fuzz-unit-file/directives-all.service -+++ b/test/fuzz/fuzz-unit-file/directives-all.service -@@ -158,6 +158,7 @@ MemoryHigh= - MemoryLimit= - MemoryLow= - MemoryMax= -+MemoryMemswLimit= - MemorySwapMax= - MessageQueueMaxMessages= - MessageQueueMessageSize= -diff --git a/test/fuzz/fuzz-unit-file/directives.mount b/test/fuzz/fuzz-unit-file/directives.mount -index 53c035a..0c3cd57 100644 ---- a/test/fuzz/fuzz-unit-file/directives.mount -+++ b/test/fuzz/fuzz-unit-file/directives.mount -@@ -109,6 +109,7 @@ MemoryLimit= - MemoryLow= - MemoryMax= - MemoryMin= -+MemoryMemswLimit= - MemorySwapMax= - MountAPIVFS= - MountFlags= -diff --git a/test/fuzz/fuzz-unit-file/directives.scope b/test/fuzz/fuzz-unit-file/directives.scope -index 1dd6c60..36a60f6 100644 ---- a/test/fuzz/fuzz-unit-file/directives.scope -+++ b/test/fuzz/fuzz-unit-file/directives.scope -@@ -52,6 +52,7 @@ MemoryLimit= - MemoryLow= - MemoryMax= - MemoryMin= -+MemoryMemswLimit= - MemorySwapMax= - NetClass= - RestartKillSignal= -diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service -index a5f7f07..8044977 100644 ---- a/test/fuzz/fuzz-unit-file/directives.service -+++ b/test/fuzz/fuzz-unit-file/directives.service -@@ -231,6 +231,7 @@ MemoryLimit= - MemoryLow= - MemoryMax= - MemoryMin= -+MemoryMemswLimit= - MemorySwapMax= - MountAPIVFS= - MountFlags= -diff --git a/test/fuzz/fuzz-unit-file/directives.slice b/test/fuzz/fuzz-unit-file/directives.slice -index 2328a24..097ff4e 100644 ---- a/test/fuzz/fuzz-unit-file/directives.slice -+++ b/test/fuzz/fuzz-unit-file/directives.slice -@@ -49,6 +49,7 @@ MemoryLimit= - MemoryLow= - MemoryMax= - MemoryMin= -+MemoryMemswLimit= - MemorySwapMax= - NetClass= - Slice= -diff --git a/test/fuzz/fuzz-unit-file/directives.socket b/test/fuzz/fuzz-unit-file/directives.socket -index 6fb1e5f..c372f1e 100644 ---- a/test/fuzz/fuzz-unit-file/directives.socket -+++ b/test/fuzz/fuzz-unit-file/directives.socket -@@ -137,6 +137,7 @@ MemoryLimit= - MemoryLow= - MemoryMax= - MemoryMin= -+MemoryMemswLimit= - MemorySwapMax= - MessageQueueMaxMessages= - MessageQueueMessageSize= -diff --git a/test/fuzz/fuzz-unit-file/directives.swap b/test/fuzz/fuzz-unit-file/directives.swap -index 6ca6198..a46164e 100644 ---- a/test/fuzz/fuzz-unit-file/directives.swap -+++ b/test/fuzz/fuzz-unit-file/directives.swap -@@ -106,6 +106,7 @@ MemoryLimit= - MemoryLow= - MemoryMax= - MemoryMin= -+MemoryMemswLimit= - MemorySwapMax= - MountAPIVFS= - MountFlags= --- -2.23.0 - diff --git a/core-skip-change-device-to-dead-in-manager_catchup-d.patch b/core-skip-change-device-to-dead-in-manager_catchup-d.patch deleted file mode 100644 index 3c8bdbd..0000000 --- a/core-skip-change-device-to-dead-in-manager_catchup-d.patch +++ /dev/null @@ -1,106 +0,0 @@ -From e5c023a1c20058703f1517a48848b4ecec563db6 Mon Sep 17 00:00:00 2001 -From: xujing -Date: Mon, 10 Jan 2022 22:42:30 +0800 -Subject: [PATCH] core: skip change device to dead in manager_catchup during - booting - -There is a problem during booting as follows: -1.systemd is processing all udev devices state but not finished -2.now calling daemon-reload, it will serialize and deserialize the device state -3.after deserialize, some devices is processed finished, it will cause devices - state changed when calling manager_catchup and then set device to DEVICE_DEAD - later which will cause some fs unmounted. - -This patch just fix that fs will not unmounted during booting when calling -daemon-reload, if boot time is more than 10min, just ensure fs will not -unmounted during 10min after booting. ---- - src/core/device.c | 16 +++++++++++++++- - src/core/manager.c | 5 +++++ - src/core/manager.h | 2 ++ - 3 files changed, 22 insertions(+), 1 deletion(-) - -diff --git a/src/core/device.c b/src/core/device.c -index 58007cc..7be59bd 100644 ---- a/src/core/device.c -+++ b/src/core/device.c -@@ -728,7 +728,10 @@ static void device_process_new(Manager *m, sd_device *dev) { - } - - static void device_found_changed(Device *d, DeviceFound previous, DeviceFound now) { -+ Manager *m; -+ - assert(d); -+ m = UNIT(d)->manager; - - /* Didn't exist before, but does now? if so, generate a new invocation ID for it */ - if (previous == DEVICE_NOT_FOUND && now != DEVICE_NOT_FOUND) -@@ -741,10 +744,21 @@ static void device_found_changed(Device *d, DeviceFound previous, DeviceFound no - /* If the device has not been seen by udev yet, but is now referenced by the kernel, then we assume the - * kernel knows it now, and udev might soon too. */ - device_set_state(d, DEVICE_TENTATIVE); -- else -+ else { -+ if (m->in_manager_catchup && !MANAGER_IS_FINISHED(m)) { -+ dual_timestamp boot_timestamp; -+ -+ dual_timestamp_get(&boot_timestamp); -+ if (boot_timestamp.monotonic < 10*USEC_PER_MINUTE) { -+ log_info("Want to change device to dead in manager_catchup during booting, skipping!"); -+ return; -+ } -+ } -+ - /* If nobody sees the device, or if the device was previously seen by udev and now is only referenced - * from the kernel, then we consider the device is gone, the kernel just hasn't noticed it yet. */ - device_set_state(d, DEVICE_DEAD); -+ } - } - - static void device_update_found_one(Device *d, DeviceFound found, DeviceFound mask) { -diff --git a/src/core/manager.c b/src/core/manager.c -index 5becd30..c5dd041 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -811,6 +811,7 @@ int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager - .test_run_flags = test_run_flags, - - .default_oom_policy = OOM_STOP, -+ .in_manager_catchup = false, - }; - - #if ENABLE_EFI -@@ -1579,6 +1580,8 @@ static void manager_catchup(Manager *m) { - - log_debug("Invoking unit catchup() handlers…"); - -+ m->in_manager_catchup = true; -+ - /* Let's catch up on any state changes that happened while we were reloading/reexecing */ - HASHMAP_FOREACH_KEY(u, k, m->units) { - -@@ -1588,6 +1591,8 @@ static void manager_catchup(Manager *m) { - - unit_catchup(u); - } -+ -+ m->in_manager_catchup = false; - } - - static void manager_distribute_fds(Manager *m, FDSet *fds) { -diff --git a/src/core/manager.h b/src/core/manager.h -index 67c204f..d298dce 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -442,6 +442,8 @@ struct Manager { - unsigned sigchldgen; - unsigned notifygen; - -+ bool in_manager_catchup; -+ - VarlinkServer *varlink_server; - /* Only systemd-oomd should be using this to subscribe to changes in ManagedOOM settings */ - Varlink *managed_oom_varlink_request; --- -2.33.0 - diff --git a/core-update-arg_default_rlimit-in-bump_rlimit.patch b/core-update-arg_default_rlimit-in-bump_rlimit.patch deleted file mode 100644 index 796ff6d..0000000 --- a/core-update-arg_default_rlimit-in-bump_rlimit.patch +++ /dev/null @@ -1,24 +0,0 @@ -From a80954ddf69d90d3b02ab62fb025534862069dc3 Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Wed, 24 Jun 2020 17:23:03 +0800 -Subject: [PATCH] core-update-arg_default_rlimit-in-bump_rlimit - ---- - src/core/system.conf.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index a58f65a..4762669 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -61,7 +61,7 @@ - #DefaultLimitNOFILE=1024:{{HIGH_RLIMIT_NOFILE}} - #DefaultLimitAS= - #DefaultLimitNPROC= --#DefaultLimitMEMLOCK= -+DefaultLimitMEMLOCK=64M - #DefaultLimitLOCKS= - #DefaultLimitSIGPENDING= - #DefaultLimitMSGQUEUE= --- -2.23.0 diff --git a/delay-to-restart-when-a-service-can-not-be-auto-restarted.patch b/delay-to-restart-when-a-service-can-not-be-auto-restarted.patch deleted file mode 100644 index 557e0de..0000000 --- a/delay-to-restart-when-a-service-can-not-be-auto-restarted.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 9315c29e4fdfa19c90bb483a364b017881f5cef7 Mon Sep 17 00:00:00 2001 -From: huangkaibin -Date: Sat, 21 Apr 2018 17:18:19 +0800 -Subject: [PATCH] systemd-core: Delay to restart when a service can not be - auto-restarted when there is one STOP_JOB for the service - -When a service current has a STOP job has not scheduled yet, -and also if the service is already scheduled with an auto-restart -with restart-second configured as 0, the service will not be restarted successfully, -and systemd will go into an endless loop to restart the service. -This is because restart-second is 0 and timer task has higher priority than IO tasks when there priority -is same(both with 0), so the STOP job has no chance to be scheduled, and systemd will go into the endless loop -to handle the time task. -This patch fix this problem by delaying 1 second to restart the service to cause STOP job to be scheduled. ---- - src/core/service.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/core/service.c b/src/core/service.c -index e368ec8..9b4b5b1 100644 ---- a/src/core/service.c -+++ b/src/core/service.c -@@ -2262,13 +2262,17 @@ fail: - static void service_enter_restart(Service *s) { - _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; - int r; -+ int restart_usec; - - assert(s); - - if (unit_has_job_type(UNIT(s), JOB_STOP)) { - /* Don't restart things if we are going down anyway */ - log_unit_info(UNIT(s), "Stop job pending for unit, skipping automatic restart."); -- return; -+ restart_usec = (s->restart_usec == 0) ? 1*USEC_PER_SEC : s->restart_usec; -+ r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), restart_usec)); -+ if (r < 0) -+ goto fail; - } - - /* Any units that are bound to this service must also be --- -1.8.3.1 - diff --git a/delete-journal-files-except-system.journal-when-jour.patch b/delete-journal-files-except-system.journal-when-jour.patch deleted file mode 100644 index bb57e4e..0000000 --- a/delete-journal-files-except-system.journal-when-jour.patch +++ /dev/null @@ -1,186 +0,0 @@ -From 02d47bd2108d46cf9790500a7568a7523df485f9 Mon Sep 17 00:00:00 2001 -From: xujing -Date: Fri, 26 Aug 2022 20:32:37 +0800 -Subject: [PATCH] delete journal files except system.journal when journal~ - is generated - -In the case of time change and system panic, the function of invoking -sd_journal_next to obtain logs may not meet expectations(rsyslog cannot obtain -logs). Therefore, when the journal~ file is generated, delete all journal files -except system.journal, to ensure that the sd_journal_next function meets user -expectations. ---- - meson.build | 2 ++ - src/basic/dirent-util.c | 24 ++++++++++++++++ - src/basic/dirent-util.h | 2 ++ - src/libsystemd/sd-journal/journal-file.c | 35 ++++++++++++++++++++++++ - src/libsystemd/sd-journal/sd-journal.c | 22 --------------- - 5 files changed, 63 insertions(+), 22 deletions(-) - -diff --git a/meson.build b/meson.build -index 278e264..9ab40b6 100644 ---- a/meson.build -+++ b/meson.build -@@ -1644,6 +1644,8 @@ basic_includes = include_directories( - 'src/basic', - 'src/fundamental', - 'src/systemd', -+ 'src/libsystemd/sd-id128', -+ 'src/libsystemd/sd-journal', - '.') - - libsystemd_includes = [basic_includes, include_directories( -diff --git a/src/basic/dirent-util.c b/src/basic/dirent-util.c -index f6213a3..b227cae 100644 ---- a/src/basic/dirent-util.c -+++ b/src/basic/dirent-util.c -@@ -6,6 +6,8 @@ - #include "dirent-util.h" - #include "path-util.h" - #include "string-util.h" -+#include "id128-util.h" -+#include "syslog-util.h" - - static int dirent_ensure_type(DIR *d, struct dirent *de) { - struct stat st; -@@ -59,6 +61,28 @@ bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) { - return endswith(de->d_name, suffix); - } - -+bool dirent_is_journal_subdir(const struct dirent *de) { -+ const char *e, *n; -+ assert(de); -+ -+ /* returns true if the specified directory entry looks like a directory that might contain journal -+ * files we might be interested in, i.e. is either a 128bit ID or a 128bit ID suffixed by a -+ * namespace. */ -+ -+ if (!IN_SET(de->d_type, DT_DIR, DT_LNK, DT_UNKNOWN)) -+ return false; -+ -+ e = strchr(de->d_name, '.'); -+ if (!e) -+ return id128_is_valid(de->d_name); /* No namespace */ -+ -+ n = strndupa(de->d_name, e - de->d_name); -+ if (!id128_is_valid(n)) -+ return false; -+ -+ return log_namespace_name_valid(e + 1); -+} -+ - struct dirent *readdir_ensure_type(DIR *d) { - struct dirent *de; - -diff --git a/src/basic/dirent-util.h b/src/basic/dirent-util.h -index c7956e7..f72a731 100644 ---- a/src/basic/dirent-util.h -+++ b/src/basic/dirent-util.h -@@ -11,6 +11,8 @@ - bool dirent_is_file(const struct dirent *de) _pure_; - bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) _pure_; - -+bool dirent_is_journal_subdir(const struct dirent *de); -+ - struct dirent *readdir_ensure_type(DIR *d); - struct dirent *readdir_no_dot(DIR *dirp); - -diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c -index 6807c46..0abda23 100644 ---- a/src/libsystemd/sd-journal/journal-file.c -+++ b/src/libsystemd/sd-journal/journal-file.c -@@ -33,6 +33,7 @@ - #include "string-util.h" - #include "strv.h" - #include "xattr-util.h" -+#include "dirent-util.h" - - #define DEFAULT_DATA_HASH_TABLE_SIZE (2047ULL*sizeof(HashItem)) - #define DEFAULT_FIELD_HASH_TABLE_SIZE (333ULL*sizeof(HashItem)) -@@ -3781,9 +3782,37 @@ int journal_file_rotate( - return r; - } - -+static void delete_dumped_journal_files(const char *path) { -+ _cleanup_closedir_ DIR *d = NULL; -+ struct dirent *de; -+ -+ d = opendir(path); -+ if (!d) -+ return; -+ -+ FOREACH_DIRENT_ALL(de, d, return) { -+ if (IN_SET(de->d_type, DT_REG, DT_LNK, DT_UNKNOWN) && -+ (endswith(de->d_name, ".journal") || -+ endswith(de->d_name, ".journal~")) && -+ strcmp(de->d_name, "system.journal") != 0) -+ (void) unlinkat_deallocate(dirfd(d), de->d_name, 0); -+ -+ if (dirent_is_journal_subdir(de)) { -+ _cleanup_free_ char *sub_path = NULL; -+ -+ sub_path = path_join(path, de->d_name); -+ if (!sub_path) -+ continue; -+ -+ delete_dumped_journal_files(sub_path); -+ } -+ } -+} -+ - int journal_file_dispose(int dir_fd, const char *fname) { - _cleanup_free_ char *p = NULL; - _cleanup_close_ int fd = -1; -+ dual_timestamp boot_timestamp; - - assert(fname); - -@@ -3804,6 +3833,12 @@ int journal_file_dispose(int dir_fd, const char *fname) { - if (renameat(dir_fd, fname, dir_fd, p) < 0) - return -errno; - -+ dual_timestamp_get(&boot_timestamp); -+ if (boot_timestamp.monotonic < 10*USEC_PER_MINUTE) { -+ delete_dumped_journal_files("/var/log/journal"); -+ return 0; -+ } -+ - /* btrfs doesn't cope well with our write pattern and fragments heavily. Let's defrag all files we rotate */ - fd = openat(dir_fd, p, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW); - if (fd < 0) -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index 1a76bb6..56e1398 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -1523,28 +1523,6 @@ static bool dirent_is_journal_file(const struct dirent *de) { - endswith(de->d_name, ".journal~"); - } - --static bool dirent_is_journal_subdir(const struct dirent *de) { -- const char *e, *n; -- assert(de); -- -- /* returns true if the specified directory entry looks like a directory that might contain journal -- * files we might be interested in, i.e. is either a 128bit ID or a 128bit ID suffixed by a -- * namespace. */ -- -- if (!IN_SET(de->d_type, DT_DIR, DT_LNK, DT_UNKNOWN)) -- return false; -- -- e = strchr(de->d_name, '.'); -- if (!e) -- return id128_is_valid(de->d_name); /* No namespace */ -- -- n = strndupa(de->d_name, e - de->d_name); -- if (!id128_is_valid(n)) -- return false; -- -- return log_namespace_name_valid(e + 1); --} -- - static int directory_open(sd_journal *j, const char *path, DIR **ret) { - DIR *d; - --- -2.23.0 - diff --git a/disable-initialize_clock.patch b/disable-initialize_clock.patch deleted file mode 100644 index 508c052..0000000 --- a/disable-initialize_clock.patch +++ /dev/null @@ -1,62 +0,0 @@ -From fbd28b3b40701f1fda29707dfa09d1e481c4162c Mon Sep 17 00:00:00 2001 -From: hexiaowen -Date: Tue, 9 Jul 2019 19:13:43 +0800 -Subject: [PATCH] delete clock_apply_epoch - -resolved: apply epoch to system time from PID 1 - -For use in timesyncd we already defined a compile-time "epoch" value, which is based on the mtime of the NEWS file, and -specifies a point in time we know lies in the past at runtime. timesyncd uses this to filter out nonsensical timestamp -file data, and bump the system clock to a time that is after the build time of systemd. This patch adds similar bumping -code to earliest PID 1 initialization, so that the system never continues operation with a clock that is in the 1970ies -or even 1930s. we think it is ok when current system time is before build time. - -And, don't restore time when systemd-timesyncd started. - ---- - src/core/main.c | 5 ----- - src/timesync/timesyncd.c | 12 ------------ - 2 files changed, 17 deletions(-) - -diff --git a/src/core/main.c b/src/core/main.c -index a114257..bac746f 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -1473,11 +1473,6 @@ static void initialize_clock(void) { - */ - (void) clock_reset_timewarp(); - -- r = clock_apply_epoch(); -- if (r < 0) -- log_error_errno(r, "Current system time is before build time, but cannot correct: %m"); -- else if (r > 0) -- log_info("System time before build time, advancing clock."); - } - - static void apply_clock_update(void) { -diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c -index e56e09c..028e5d6 100644 ---- a/src/timesync/timesyncd.c -+++ b/src/timesync/timesyncd.c -@@ -73,18 +73,6 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) { - } - - settime: -- ct = now(CLOCK_REALTIME); -- if (ct < min) { -- struct timespec ts; -- char date[FORMAT_TIMESTAMP_MAX]; -- -- log_info("System clock time unset or jumped backwards, restoring from recorded timestamp: %s", -- format_timestamp(date, sizeof(date), min)); -- -- if (clock_settime(CLOCK_REALTIME, timespec_store(&ts, min)) < 0) -- log_error_errno(errno, "Failed to restore system clock, ignoring: %m"); -- } -- - return 0; - } - --- -2.23.0 - diff --git a/disable-systemd-timesyncd-networkd-resolved-homed-us.patch b/disable-systemd-timesyncd-networkd-resolved-homed-us.patch deleted file mode 100644 index 8c0381e..0000000 --- a/disable-systemd-timesyncd-networkd-resolved-homed-us.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 72e9c079d0fd769d1bdb7d7db9c49454ce4bd255 Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Wed, 1 Dec 2021 17:27:07 +0800 -Subject: [PATCH] disable systemd-{timesyncd, networkd, resolved, homed, - userdbd, pstore} by default - ---- - presets/90-systemd.preset | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/presets/90-systemd.preset b/presets/90-systemd.preset -index d260874..2a7396c 100644 ---- a/presets/90-systemd.preset -+++ b/presets/90-systemd.preset -@@ -16,12 +16,6 @@ enable remote-cryptsetup.target - enable machines.target - - enable getty@.service --enable systemd-timesyncd.service --enable systemd-networkd.service --enable systemd-resolved.service --enable systemd-homed.service --enable systemd-userdbd.socket --enable systemd-pstore.service - - disable console-getty.service - disable debug-shell.service -@@ -44,3 +38,9 @@ disable syslog.socket - disable systemd-journal-gatewayd.* - disable systemd-journal-remote.* - disable systemd-journal-upload.* -+disable systemd-timesyncd.service -+disable systemd-networkd.service -+disable systemd-resolved.service -+disable systemd-homed.service -+disable systemd-userdbd.socket -+disable systemd-pstore.service --- -2.23.0 - diff --git a/fix-capsh-drop-but-ping-success.patch b/fix-capsh-drop-but-ping-success.patch deleted file mode 100644 index eb82ea4..0000000 --- a/fix-capsh-drop-but-ping-success.patch +++ /dev/null @@ -1,29 +0,0 @@ -From c20f91b6d99ac98a7d883e77f609e52482fe7c3b Mon Sep 17 00:00:00 2001 -From: openEuler Buildteam -Date: Fri, 17 Jan 2020 23:00:49 +0800 -Subject: [PATCH] change -fix capsh --drop=cap_net_raw -- -c "/bin/ping -c 1 localhost" -but ping success, the reson is github issue. - -https://github.com/systemd/systemd/pull/13141/commits/0a8ce60ee87de9a817284b31c6ccba062664057f - ---- - sysctl.d/50-default.conf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf -index 41bd1f9..4d9bef8 100644 ---- a/sysctl.d/50-default.conf -+++ b/sysctl.d/50-default.conf -@@ -36,7 +36,7 @@ net.ipv4.conf.all.promote_secondaries = 1 - # #define GID_T_MAX (((gid_t)~0U) >> 1) - # That's not so bad because values between 2^31 and 2^32-1 are reserved on - # systemd-based systems anyway: https://systemd.io/UIDS-GIDS#summary ---net.ipv4.ping_group_range = 0 2147483647 -+net.ipv4.ping_group_range = 1 0 - - # Fair Queue CoDel packet scheduler to fight bufferbloat - -net.core.default_qdisc = fq_codel --- -1.8.3.1 - diff --git a/fix-journal-file-descriptors-leak-problems.patch b/fix-journal-file-descriptors-leak-problems.patch deleted file mode 100644 index 486699e..0000000 --- a/fix-journal-file-descriptors-leak-problems.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 4f8cec1924bf00532f5350d9a4d7af8e853241fe Mon Sep 17 00:00:00 2001 -From: huangkaibin -Date: Thu, 28 Jun 2018 20:23:45 +0800 -Subject: [PATCH] systemd-journald: Fix journal file descriptors leak problems. - -Journal files opened and then be removed by external programs(for example, the journal rotation -of systemd-journald will removed jounal files) before journal directory notify watching is added -will not be closed properly. This patch fix this problem by removing and closing these deleted journal files -after notify watching is added. ---- - src/libsystemd/sd-journal/sd-journal.c | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index 5728c53..1238652 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -1584,6 +1584,17 @@ fail: - log_debug_errno(errno, "Failed to enumerate directory %s, ignoring: %m", m->path); - } - -+static void remove_nonexistent_journal_files(sd_journal *j) { -+ JournalFile *f = NULL; -+ ORDERED_HASHMAP_FOREACH(f, j->files) { -+ if(f->path && access(f->path, F_OK) < 0) { -+ log_debug("Remove not-existed file from the journal map: %s", f->path); -+ /*Its OK to remove entry from the hashmap although we are iterating on it.*/ -+ remove_file_real(j, f); -+ } -+ } -+} -+ - static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask) { - int r; - -@@ -1612,6 +1623,14 @@ static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask) - (void) inotify_rm_watch(j->inotify_fd, m->wd); - m->wd = -1; - } -+ -+ /* -+ * Before event watching, there were some files opened and if some of these opened files were -+ * deleted due to the journal rotation of systemd-jounald, they will become leaking files and will -+ * never be closed until the process exited. -+ * So here we remove these deleted files from the journal after event watching. -+ */ -+ remove_nonexistent_journal_files(j); - } - - static int add_directory( --- -2.27.0 - diff --git a/fix-mount-failed-while-daemon-reexec.patch b/fix-mount-failed-while-daemon-reexec.patch deleted file mode 100644 index ea7e69b..0000000 --- a/fix-mount-failed-while-daemon-reexec.patch +++ /dev/null @@ -1,62 +0,0 @@ -From e485f8a182f8a141676f7ffe0311a1a4724c3c1a Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Tue, 28 Jun 2022 21:56:26 +0800 -Subject: [PATCH] fix mount failed while daemon-reexec - ---- - src/core/manager.c | 1 + - src/core/manager.h | 1 + - src/core/mount.c | 5 ++++- - 3 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/core/manager.c b/src/core/manager.c -index 55adcd1..74f8304 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -1808,6 +1808,7 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { - } - - manager_ready(m); -+ m->mountinfo_uptodate = false; - - manager_set_switching_root(m, false); - -diff --git a/src/core/manager.h b/src/core/manager.h -index 31b4670..df74200 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -259,6 +259,7 @@ struct Manager { - /* Data specific to the mount subsystem */ - struct libmnt_monitor *mount_monitor; - sd_event_source *mount_event_source; -+ bool mountinfo_uptodate; - - /* Data specific to the swap filesystem */ - FILE *proc_swaps; -diff --git a/src/core/mount.c b/src/core/mount.c -index 8fed04c..00482e9 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -1785,6 +1785,7 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) { - (void) mount_setup_unit(m, device, path, options, fstype, set_flags); - } - -+ m->mountinfo_uptodate = true; - return 0; - } - -@@ -1948,8 +1949,10 @@ static int mount_process_proc_self_mountinfo(Manager *m) { - assert(m); - - r = drain_libmount(m); -- if (r <= 0) -+ if (r < 0) - return r; -+ if (r == 0 && m->mountinfo_uptodate) -+ return 0; - - r = mount_load_proc_self_mountinfo(m, true); - if (r < 0) { --- -2.33.0 - diff --git a/fix-two-VF-virtual-machines-have-same-mac-address.patch b/fix-two-VF-virtual-machines-have-same-mac-address.patch deleted file mode 100644 index f7b0335..0000000 --- a/fix-two-VF-virtual-machines-have-same-mac-address.patch +++ /dev/null @@ -1,45 +0,0 @@ -From: fangxiuning -Date: Thu, 5 Sep 2019 07:40:41 +0800 -Subject: fix two vf virtual machine has same mac address -through 82599,hns3 physical network cart vf two virtual machine, -two virtual machine have the same mac address. - -MACAddressPolicy= -The policy by which the MAC address should be set. The available -policies are: - -persistent -If the hardware has a persistent MAC address, as most hardware should, -and if it is used by the kernel, nothing is done. Otherwise, a new MAC -address is generated which is guaranteed to be the same on every boot -for the given machine and the given device, but which is otherwise random. -This feature depends on ID_NET_NAME_* properties to exist for the link. -On hardware where these properties are not set, the generation of a -persistent MAC address will fail. - - -random -If the kernel is using a random MAC address, nothing is done. Otherwise, -a new address is randomly generated each time the device appears, -typically at boot. Either way, the random address will have the "unicast" -and "locally administered" bits set. - -none -Keeps the MAC address assigned by the kernel. ---- - network/99-default.link | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/network/99-default.link b/network/99-default.link -index dc7a42bf58..2b8f46a84c 100644 ---- a/network/99-default.link -+++ b/network/99-default.link -@@ -13,4 +13,4 @@ OriginalName=* - [Link] - NamePolicy=keep kernel database onboard slot path - AlternativeNamesPolicy=database onboard slot path --MACAddressPolicy=persistent -+MACAddressPolicy=none --- -2.23.0 - diff --git a/fuser-print-umount-message-to-reboot-umount-msg.patch b/fuser-print-umount-message-to-reboot-umount-msg.patch deleted file mode 100644 index 734396c..0000000 --- a/fuser-print-umount-message-to-reboot-umount-msg.patch +++ /dev/null @@ -1,225 +0,0 @@ -From 224b51420b0e3b62cda4bb16f31c6d28e96c7123 Mon Sep 17 00:00:00 2001 -From: sunshihao -Date: Mon, 25 Jan 2021 14:42:23 +0800 -Subject: [PATCH] fuser: print umount info to /.reboot-umount-msg.log - -The patch tries to save which processes holds the mountpoint -persistently to /.reboot-umount-msg.log, when the system is -suspended during system restart. - -This patch change the value of DefaultDFXReboot that is set in -/etc/systemd/system.conf file from no to yes.The systemd reboot -feature will open when the process start. - -Signed-off-by: sunshihao -Signed-off-by: Zhiqiang Liu -Signed-off-by: lixiaokeng ---- - src/core/fuser.c | 57 +++++++++++++++++++++++++++++++++++++---- - src/core/fuser.h | 3 +++ - src/core/job.c | 38 +++++++++++++++++++++++++++ - src/core/system.conf.in | 2 +- - 4 files changed, 94 insertions(+), 6 deletions(-) - -diff --git a/src/core/fuser.c b/src/core/fuser.c -index 0a0c791..dd2ca60 100644 ---- a/src/core/fuser.c -+++ b/src/core/fuser.c -@@ -383,6 +383,8 @@ static void print_matches(const struct name *name) { - static char P_cmd_long[MAX_COMM_LEN]; - char cmd_path[PATH_MAX]; - int r = 0; -+ FILE *fp = NULL; -+ int flag = 0; - - if (name == NULL) { - manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -@@ -390,11 +392,29 @@ static void print_matches(const struct name *name) { - return; - } - -+ /* Write the content in the back of previous one */ -+ fp = fopen(REBOOT_UMOUNT_FILE_NAME, "a+"); -+ -+ /* print the time info to /.reboot-umount-msg.log file */ -+ if (fp == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Open %s failed!", REBOOT_UMOUNT_FILE_NAME); -+ } -+ - manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, - "\t\tUSER\t\tPID\tCOMMAND"); - manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, - "%s:", name->filename); - -+ /* print the umount fail point to the /.reboot-umount-msg.log file */ -+ if (fp != NULL) { -+ if (strlen(name->filename) <= MOUNT_FILE_NAME_MAX_LEN) { -+ fprintf(fp, "%-20s\t", name->filename); -+ } else { -+ fprintf(fp, "%s\n\t\t\t", name->filename); -+ } -+ } -+ - for (pptr = name->matched_procs; pptr != NULL; pptr = pptr->next) { - if (pwent == NULL || pwent->pw_uid != pptr->uid) - pwent = getpwuid(pptr->uid); //get username -@@ -402,7 +422,7 @@ static void print_matches(const struct name *name) { - r = snprintf(cmd_path, sizeof(cmd_path), "/proc/%d", pptr->pid); - if (r <= 0) { - manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't snprintf /proc/%d.", pptr->pid); -- return; -+ goto out; - } - - read_cmdline(P_cmd_long, sizeof(P_cmd_long), cmd_path, "cmdline", ' '); -@@ -415,22 +435,49 @@ static void print_matches(const struct name *name) { - if (pptr->command == NULL) - continue; - -+ if (flag > 0) { -+ if (fp != NULL) { -+ fprintf(fp, "\t\t\t"); -+ } -+ } else { -+ flag++; -+ } -+ - if (pwent != NULL) { -- if (pptr->pid != 0) -+ if (pptr->pid != 0) { - manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, - "\t\t%-s\t\t%-d\t%-s", pwent->pw_name, pptr->pid, pptr->command); -- else -+ if (fp != NULL) { -+ fprintf(fp, "%-s\t\t%-d\t%-s\n", pwent->pw_name, pptr->pid, pptr->command); -+ } -+ } else { - manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, - "\t\t%-s\t\t%-s\t%-s", pwent->pw_name, "kernel", pptr->command); -+ if (fp != NULL) { -+ fprintf(fp, "%-s\t\t%-s\t%-s\n", pwent->pw_name, "kernel", pptr->command); -+ } -+ } - } else { -- if (pptr->pid != 0) -+ if (pptr->pid != 0) { - manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, - "\t\t%-d\t\t%-d\t%-s", pptr->uid, pptr->pid, pptr->command); -- else -+ if (fp != NULL) { -+ fprintf(fp, "%-d\t\t%-d\t%-s\n", pptr->uid, pptr->pid, pptr->command); -+ } -+ } else { - manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, - "\t\t%-d\t\t%-s\t%-s", pptr->uid, "kernel", pptr->command); -+ if (fp != NULL) { -+ fprintf(fp, "%-d\t\t%-s\t%-s\n", pptr->uid, "kernel", pptr->command); -+ } -+ } - } - } -+ -+out: -+ if (fp != NULL) { -+ fclose(fp); -+ } - } - - static void free_matched_procs(struct procs *matched_procs) { -diff --git a/src/core/fuser.h b/src/core/fuser.h -index b74b879..2729c9b 100644 ---- a/src/core/fuser.h -+++ b/src/core/fuser.h -@@ -14,6 +14,7 @@ - #include - #include - #include -+#include - - #include "manager.h" - -@@ -51,5 +52,7 @@ struct device { - #define MAX_COMM_LEN 1024 - #define PROC_MOUNTS "/proc/mounts" - #define PROC_SWAPS "/proc/swaps" -+#define REBOOT_UMOUNT_FILE_NAME "/.reboot-umount-msg.log" -+#define MOUNT_FILE_NAME_MAX_LEN 20 - - int fuser(const char *dir); -diff --git a/src/core/job.c b/src/core/job.c -index 3645c11..7a0ed48 100644 ---- a/src/core/job.c -+++ b/src/core/job.c -@@ -31,6 +31,8 @@ - #include "mount.h" - #include "process-util.h" - -+bool g_first_print = true; -+ - Job* job_new_raw(Unit *unit) { - Job *j; - -@@ -682,6 +684,9 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult - const char *ident, *format; - int r = 0; - pid_t pid; -+ FILE *fp = NULL; -+ time_t tmpt; -+ struct tm local_time; - - assert(u); - assert(t >= 0); -@@ -751,6 +756,39 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult - ((u->type == UNIT_MOUNT || u->type == UNIT_AUTOMOUNT) && t == JOB_STOP && result == JOB_FAILED)) { - - Mount *m = MOUNT(u); -+ if (g_first_print) { -+ /* Overwrite previous content at the first time */ -+ fp = fopen(REBOOT_UMOUNT_FILE_NAME, "w+"); -+ -+ /* Only get the local time once */ -+ tmpt = time(NULL); -+ if (!localtime_r(&tmpt, &local_time)) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Get local time failed!"); -+ } -+ } -+ -+ /* print the time info to /.reboot-umount-msg.log file */ -+ if (g_first_print && fp == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Open %s failed!", REBOOT_UMOUNT_FILE_NAME); -+ } else if (g_first_print) { -+ /* Only do this part one time */ -+ g_first_print = false; -+ -+ if (chmod(REBOOT_UMOUNT_FILE_NAME, S_IRUSR | S_IWUSR)) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Set %s file attributes failed!", REBOOT_UMOUNT_FILE_NAME); -+ } -+ -+ fprintf(fp, "reboot time is %d/%d/%d-%d:%d:%d.\n", local_time.tm_year + 1900, -+ local_time.tm_mon + 1, local_time.tm_mday, local_time.tm_hour, -+ local_time.tm_min, local_time.tm_sec); -+ -+ fprintf(fp, "\n\t\t\tUSER\t\tPID\tCOMMAND\n"); -+ fclose(fp); -+ } -+ - - r = safe_fork("(fuser-shutdown)", FORK_RESET_SIGNALS, &pid); - if (r < 0) { -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index cf34a12..d6cc751 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -74,4 +74,4 @@ DefaultLimitMEMLOCK=64M - #DefaultLimitRTPRIO= - #DefaultLimitRTTIME= - #DefaultOOMPolicy=stop --#DefaultDFXReboot=no -+DefaultDFXReboot=yes --- -2.27.0 - diff --git a/journal-don-t-enable-systemd-journald-audit.socket-b.patch b/journal-don-t-enable-systemd-journald-audit.socket-b.patch deleted file mode 100644 index ca97a3e..0000000 --- a/journal-don-t-enable-systemd-journald-audit.socket-b.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 7a650ee8d3faf79fd5ef866b69741880a3a42b8d Mon Sep 17 00:00:00 2001 -From: Jan Synacek -Date: Thu, 2 May 2019 14:11:54 +0200 -Subject: [PATCH] journal: don't enable systemd-journald-audit.socket - by default - -Resolves: #1699287 - ---- - units/meson.build | 3 +-- - units/systemd-journald.service.in | 2 +- - 2 files changed, 2 insertions(+), 3 deletions(-) - -diff --git a/units/meson.build b/units/meson.build -index 4eb09a3..ccea8a6 100644 ---- a/units/meson.build -+++ b/units/meson.build -@@ -110,8 +110,7 @@ units = [ - 'sysinit.target.wants/'], - ['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], - ['systemd-journal-remote.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'], -- ['systemd-journald-audit.socket', '', -- 'sockets.target.wants/'], -+ ['systemd-journald-audit.socket', ''], - ['systemd-journald-dev-log.socket', '', - 'sockets.target.wants/'], - ['systemd-journald.socket', '', -diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in -index 0cb1bfa..fa7348a 100644 ---- a/units/systemd-journald.service.in -+++ b/units/systemd-journald.service.in -@@ -34,7 +34,7 @@ RestrictRealtime=yes - RestrictSUIDSGID=yes - RuntimeDirectory=systemd/journal - RuntimeDirectoryPreserve=yes --Sockets=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-audit.socket -+Sockets=systemd-journald.socket systemd-journald-dev-log.socket - StandardOutput=null - SystemCallArchitectures=native - SystemCallErrorNumber=EPERM --- -2.23.0 - diff --git a/keep-weight-consistent-with-the-set-value.patch b/keep-weight-consistent-with-the-set-value.patch deleted file mode 100644 index 5f6385b..0000000 --- a/keep-weight-consistent-with-the-set-value.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 7424b6c0f38d4a32fd96e74d7078707c026c6c66 Mon Sep 17 00:00:00 2001 -From: wangyuhang -Date: Thu, 9 Jun 2022 20:10:50 +0800 -Subject: [PATCH] keep weight consistent with the set value - ---- - src/core/cgroup.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index ee15d50..4c5feef 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -1249,7 +1249,7 @@ static void set_io_weight(Unit *u, uint64_t weight) { - * See also: https://github.com/systemd/systemd/pull/13335 and - * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. - * The range is 1..1000 apparently, and the default is 100. */ -- xsprintf(buf, "%" PRIu64 "\n", BFQ_WEIGHT(weight)); -+ xsprintf(buf, "%" PRIu64 "\n", weight); - (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf); - - xsprintf(buf, "default %" PRIu64 "\n", weight); -@@ -1262,7 +1262,7 @@ static void set_blkio_weight(Unit *u, uint64_t weight) { - assert(u); - - /* FIXME: see comment in set_io_weight(). */ -- xsprintf(buf, "%" PRIu64 "\n", BFQ_WEIGHT(weight)); -+ xsprintf(buf, "%" PRIu64 "\n", weight); - (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf); - - xsprintf(buf, "%" PRIu64 "\n", weight); --- -2.33.0 - diff --git a/let-the-child-of-one-unit-don-t-affect-each-other.patch b/let-the-child-of-one-unit-don-t-affect-each-other.patch deleted file mode 100644 index f60169f..0000000 --- a/let-the-child-of-one-unit-don-t-affect-each-other.patch +++ /dev/null @@ -1,96 +0,0 @@ -From 8c9de291f2b782f5d7d40447f08553b5e325a34d Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Fri, 19 Mar 2021 01:29:01 +0800 -Subject: [PATCH] let the child of one unit don't affect each other. -This should only be used for .slice unit in the [Unit] section. -To reproduce the problem resolved by this patch, try the following steps: -1. start service A in a slice; -2. change the cgroup property by "echo 512 > service_a/cpu.shares"; -3. systemctl daemon-reload; -4. start service B in a slice; -5. check the cgroup property by "cat service_a/cpu.shares"; -With this directive enabled, the value will stay as 512; if disabled, -if will be restored to the default value of systemd. Defaults to "no". - ---- - src/core/cgroup.c | 3 +++ - src/core/load-fragment-gperf.gperf.in | 1 + - src/core/unit-serialize.c | 2 ++ - src/core/unit.h | 2 ++ - test/fuzz/fuzz-unit-file/directives.service | 1 + - 5 files changed, 9 insertions(+) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 4eedaf7..ab6d602 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -2618,6 +2618,9 @@ void unit_add_family_to_cgroup_realize_queue(Unit *u) { - - UNIT_FOREACH_DEPENDENCY(m, u, UNIT_ATOM_SLICE_OF) { - -+ if (u->independent_child) -+ continue; -+ - /* No point in doing cgroup application for units without active processes. */ - if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(m))) - continue; -diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in -index 0702aa0..76b1217 100644 ---- a/src/core/load-fragment-gperf.gperf.in -+++ b/src/core/load-fragment-gperf.gperf.in -@@ -286,6 +286,7 @@ Unit.JoinsNamespaceOf, config_parse_unit_deps, - Unit.RequiresOverridable, config_parse_obsolete_unit_deps, UNIT_REQUIRES, 0 - Unit.RequisiteOverridable, config_parse_obsolete_unit_deps, UNIT_REQUISITE, 0 - Unit.RequiresMountsFor, config_parse_unit_requires_mounts_for, 0, 0 -+Unit.IndependentChild, config_parse_bool, 0, offsetof(Unit, independent_child) - Unit.StopWhenUnneeded, config_parse_bool, 0, offsetof(Unit, stop_when_unneeded) - Unit.RefuseManualStart, config_parse_bool, 0, offsetof(Unit, refuse_manual_start) - Unit.RefuseManualStop, config_parse_bool, 0, offsetof(Unit, refuse_manual_stop) -diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c -index f3b3e70..b818181 100644 ---- a/src/core/unit-serialize.c -+++ b/src/core/unit-serialize.c -@@ -801,6 +801,7 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) { - if (u->load_state == UNIT_LOADED) { - - fprintf(f, -+ "%s\tIndependentChild:%s\n" - "%s\tStopWhenUnneeded: %s\n" - "%s\tRefuseManualStart: %s\n" - "%s\tRefuseManualStop: %s\n" -@@ -808,6 +809,7 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) { - "%s\tOnSuccessJobMode: %s\n" - "%s\tOnFailureJobMode: %s\n" - "%s\tIgnoreOnIsolate: %s\n", -+ prefix, yes_no(u->independent_child), - prefix, yes_no(u->stop_when_unneeded), - prefix, yes_no(u->refuse_manual_start), - prefix, yes_no(u->refuse_manual_stop), -diff --git a/src/core/unit.h b/src/core/unit.h -index cb85dfc..439714a 100644 ---- a/src/core/unit.h -+++ b/src/core/unit.h -@@ -350,6 +350,8 @@ typedef struct Unit { - sd_id128_t invocation_id; - char invocation_id_string[SD_ID128_STRING_MAX]; /* useful when logging */ - -+ bool independent_child; -+ - /* Garbage collect us we nobody wants or requires us anymore */ - bool stop_when_unneeded; - -diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service -index 8044977..03eab60 100644 ---- a/test/fuzz/fuzz-unit-file/directives.service -+++ b/test/fuzz/fuzz-unit-file/directives.service -@@ -98,6 +98,7 @@ RefuseManualStop= - ReloadPropagatedFrom= - Requires= - RequiresMountsFor= -+IndependentChild= - RequiresOverridable= - Requisite= - RequisiteOverridable= --- -2.27.0 - diff --git a/logind-set-RemoveIPC-to-false-by-default.patch b/logind-set-RemoveIPC-to-false-by-default.patch deleted file mode 100644 index 657b28a..0000000 --- a/logind-set-RemoveIPC-to-false-by-default.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 0b3833d6c3b751c6dfb40eeb2ef852984c58f546 Mon Sep 17 00:00:00 2001 -From: openEuler Buildteam -Date: Wed, 1 Aug 2018 10:58:28 +0200 -Subject: logind: set RemoveIPC to false by default - -Resolves: #1523233 ---- - man/logind.conf.xml | 2 +- - src/login/logind-core.c | 2 +- - src/login/logind.conf.in | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/man/logind.conf.xml b/man/logind.conf.xml -index b00daf366d..a9fed78aa6 100644 ---- a/man/logind.conf.xml -+++ b/man/logind.conf.xml -@@ -340,7 +340,7 @@ - user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the - last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as - well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users -- are excluded from the effect of this setting. Defaults to yes. -+ are excluded from the effect of this setting. Defaults to no. - - - -diff --git a/src/login/logind-core.c b/src/login/logind-core.c -index 4289461df6..556945be20 100644 ---- a/src/login/logind-core.c -+++ b/src/login/logind-core.c -@@ -35,7 +35,7 @@ void manager_reset_config(Manager *m) { - - m->n_autovts = 6; - m->reserve_vt = 6; -- m->remove_ipc = true; -+ m->remove_ipc = false; - m->inhibit_delay_max = 5 * USEC_PER_SEC; - m->user_stop_delay = 10 * USEC_PER_SEC; - -diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in -index ed1084b06e..07ff0d195e 100644 ---- a/src/login/logind.conf.in -+++ b/src/login/logind.conf.in -@@ -33,6 +33,6 @@ - #IdleActionSec=30min - #RuntimeDirectorySize=10% - #RuntimeDirectoryInodesMax= --#RemoveIPC=yes -+#RemoveIPC=no - #InhibitorsMax=8192 - #SessionsMax=8192 --- -2.23.0 - diff --git a/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch b/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch deleted file mode 100644 index 8db3b77..0000000 --- a/pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch +++ /dev/null @@ -1,64 +0,0 @@ -From ad2da19e1e80a9ab9d0dfae17a74f5009e4d1898 Mon Sep 17 00:00:00 2001 -From: openEuler Buildteam -Date: Tue, 10 Mar 2020 21:01:43 +0800 -Subject: [PATCH] pid1 bump DefaultTasksMax to 80% of the kernel pid.max value - ---- - man/systemd-system.conf.xml | 2 +- - src/core/main.c | 2 +- - src/core/system.conf.in | 2 +- - units/user-.slice.d/10-defaults.conf | 2 +- - 4 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml -index c11dd46..b259631 100644 ---- a/man/systemd-system.conf.xml -+++ b/man/systemd-system.conf.xml -@@ -389,7 +389,7 @@ - Configure the default value for the per-unit TasksMax= setting. See - systemd.resource-control5 - for details. This setting applies to all unit types that support resource control settings, with the exception -- of slice units. Defaults to 15% of the minimum of kernel.pid_max=, kernel.threads-max= -+ of slice units. Defaults to 80% of the minimum of kernel.pid_max=, kernel.threads-max= - and root cgroup pids.max. - Kernel has a default value for kernel.pid_max= and an algorithm of counting in case of more than 32 cores. - For example with the default kernel.pid_max=, DefaultTasksMax= defaults to 4915, -diff --git a/src/core/main.c b/src/core/main.c -index da6c50a..f4fe751 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -92,7 +92,7 @@ - #include - #endif - --#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */ -+#define DEFAULT_TASKS_MAX ((TasksMax) { 80U, 100U }) /* 80% */ - - static enum { - ACTION_RUN, -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index e88280b..f2c75fc 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -54,7 +54,7 @@ - #DefaultBlockIOAccounting=no - #DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }} - #DefaultTasksAccounting=yes --#DefaultTasksMax=15% -+#DefaultTasksMax=80% - #DefaultLimitCPU= - #DefaultLimitFSIZE= - #DefaultLimitDATA= -diff --git a/units/user-.slice.d/10-defaults.conf b/units/user-.slice.d/10-defaults.conf -index cb3651b..be8fa28 100644 ---- a/units/user-.slice.d/10-defaults.conf -+++ b/units/user-.slice.d/10-defaults.conf -@@ -14,4 +14,4 @@ After=systemd-user-sessions.service - StopWhenUnneeded=yes - - [Slice] --TasksMax=33% -+TasksMax=80% --- -2.27.0 - diff --git a/print-the-process-status-to-console-when-shutdown.patch b/print-the-process-status-to-console-when-shutdown.patch deleted file mode 100644 index 51b9839..0000000 --- a/print-the-process-status-to-console-when-shutdown.patch +++ /dev/null @@ -1,1283 +0,0 @@ -From 5966f7a3b90ee25f23182e9320621a8477a40a51 Mon Sep 17 00:00:00 2001 -From: jiangchuangang -Date: Thu, 2 Sep 2021 12:14:19 +0800 -Subject: [PATCH] print process status to console when shutdown - ---- - meson.build | 6 +- - src/basic/process-util.c | 58 ++++ - src/basic/process-util.h | 2 + - src/core/fuser.c | 506 +++++++++++++++++++++++++++++++++ - src/core/fuser.h | 55 ++++ - src/core/job.c | 36 +++ - src/core/main.c | 13 +- - src/core/manager.c | 1 + - src/core/manager.h | 2 + - src/core/meson.build | 2 + - src/core/system.conf.in | 1 + - src/shutdown/meson.build | 10 +- - src/shutdown/process-status.c | 143 ++++++++++ - src/shutdown/process-status.h | 24 ++ - src/shutdown/shutdown.c | 45 +++ - src/shutdown/umount.c | 8 +- - src/test/meson.build | 17 ++ - src/test/test-fuser.c | 14 + - src/test/test-process-status.c | 10 + - 19 files changed, 945 insertions(+), 8 deletions(-) - create mode 100644 src/core/fuser.c - create mode 100644 src/core/fuser.h - create mode 100644 src/shutdown/process-status.c - create mode 100644 src/shutdown/process-status.h - create mode 100644 src/test/test-fuser.c - create mode 100644 src/test/test-process-status.c - -diff --git a/meson.build b/meson.build -index 1c088ba..278e264 100644 ---- a/meson.build -+++ b/meson.build -@@ -3211,8 +3211,10 @@ public_programs += executable( - executable( - 'systemd-shutdown', - systemd_shutdown_sources, -- include_directories : includes, -- link_with : [libshared], -+ include_directories : [includes, -+ core_includes], -+ link_with : [libcore, -+ libshared], - dependencies : [libmount], - install_rpath : rootlibexecdir, - install : true, -diff --git a/src/basic/process-util.c b/src/basic/process-util.c -index 14259ea..e28412a 100644 ---- a/src/basic/process-util.c -+++ b/src/basic/process-util.c -@@ -1729,3 +1729,61 @@ static const char* const sched_policy_table[] = { - }; - - DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sched_policy, int, INT_MAX); -+ -+unsigned int read_cmdline(char *restrict const dst, unsigned sz, const char* whom, const char *what, char sep) { -+ char path[PATH_MAX]; -+ _cleanup_close_ int fd = 0; -+ int len = 0; -+ unsigned n = 0; -+ -+ if (sz <= 0) -+ return 0; -+ -+ if (sz >= INT_MAX) -+ sz = INT_MAX-1; -+ -+ dst[0] = '\0'; -+ -+ len = snprintf(path, sizeof(path), "%s/%s", whom, what); -+ if (len <= 0 || (size_t)len >= sizeof(path)) -+ return 0; -+ -+ fd = open(path, O_RDONLY); -+ if (fd == -1) -+ return 0; -+ -+ for (;;) { -+ ssize_t r = read(fd, dst+n, sz-n); -+ -+ if (r == -1) { -+ if (errno == EINTR) -+ continue; -+ break; -+ } -+ -+ if (r <= 0) -+ break; -+ n += r; -+ -+ if (n == sz) { -+ --n; -+ break; -+ } -+ } -+ -+ if (n) { -+ unsigned i = n; -+ -+ while (i && dst[i-1] == '\0') -+ --i; -+ -+ while (i--) -+ if (dst[i] == '\n' || dst[i] == '\0') dst[i] = sep; -+ -+ if (dst[n-1] == ' ') -+ dst[n-1] = '\0'; -+ } -+ -+ dst[n] = '\0'; -+ return n; -+} -diff --git a/src/basic/process-util.h b/src/basic/process-util.h -index 0e064de..6f9b577 100644 ---- a/src/basic/process-util.h -+++ b/src/basic/process-util.h -@@ -205,3 +205,5 @@ int pidfd_get_pid(int fd, pid_t *ret); - int setpriority_closest(int priority); - - bool invoked_as(char *argv[], const char *token); -+ -+unsigned int read_cmdline(char *restrict const dst, unsigned sz, const char* whom, const char *what, char sep); -diff --git a/src/core/fuser.c b/src/core/fuser.c -new file mode 100644 -index 0000000..0a0c791 ---- /dev/null -+++ b/src/core/fuser.c -@@ -0,0 +1,506 @@ -+#include "fuser.h" -+#include "process-util.h" -+ -+static int parse_dir(struct name *this_name, struct inode *match_inode) { -+ if ((this_name == NULL) || (match_inode == NULL)) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Can't parse dir."); -+ return -1; -+ } -+ -+ if (stat(this_name->filename, &this_name->st) != 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Can't stat dir %s.", this_name->filename); -+ return -1; -+ } -+ -+ match_inode->name = this_name; -+ match_inode->device = this_name->st.st_dev; -+ match_inode->inode = this_name->st.st_ino; -+ -+ return 0; -+} -+ -+static int parse_mounts(struct name *this_name, struct device *match_device) { -+ if ((this_name == NULL) && (match_device == NULL)) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Can't parse mounts."); -+ return -1; -+ } -+ -+ match_device->name = this_name; -+ -+ if (S_ISBLK(this_name->st.st_mode)) -+ match_device->device = this_name->st.st_rdev; -+ else -+ match_device->device = this_name->st.st_dev; -+ -+ return 0; -+} -+ -+static uid_t getpiduid(const pid_t pid) { -+ char pathname[PATH_MAX]; -+ struct stat st; -+ int r = 0; -+ -+ r = snprintf(pathname, sizeof(pathname), "/proc/%d", pid); -+ if (r < 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Snprintf run failed in getpiduid."); -+ return 0; -+ } -+ -+ if (stat(pathname, &st) != 0) -+ return 0; -+ -+ return st.st_uid; -+} -+ -+static struct stat *get_pidstat(const pid_t pid) { -+ char pathname[PATH_MAX]; -+ struct stat *st = NULL; -+ int r = 0; -+ -+ st = (struct stat *)malloc(sizeof(struct stat)); -+ if (st == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Malloc failed in get_pidstat."); -+ return NULL; -+ } -+ -+ r = snprintf(pathname, sizeof(pathname), "/proc/%d/cwd", pid); -+ if (r < 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Snprintf run failed in get_pidstat."); -+ return NULL; -+ } -+ -+ if (stat(pathname, st) != 0) { -+ free(st); -+ return NULL; -+ } -+ -+ return st; -+} -+ -+static void add_matched_proc(struct name *name, const pid_t pid, const uid_t uid) { -+ struct procs *pptr = NULL; -+ struct procs *last_proc = NULL; -+ char pathname[PATH_MAX]; -+ char cmdname[CMD_NAME_LEN + 1]; -+ char *cptr = NULL; -+ int cmdlen = 0; -+ FILE *fp = NULL; -+ -+ if (name == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Name should not be NULL."); -+ return; -+ } -+ -+ //find out wheather the pid already in pptr->pid -+ for (pptr = name->matched_procs; pptr != NULL; pptr = pptr->next) { -+ last_proc = pptr; -+ -+ if (pptr->pid == pid) -+ return; -+ } -+ -+ pptr = (struct procs *)malloc(sizeof(struct procs)); -+ if (pptr == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Can't malloc in add_matched_proc."); -+ return; -+ } -+ -+ pptr->pid = pid; -+ pptr->uid = uid; -+ pptr->username = NULL; -+ pptr->next = NULL; -+ pptr->command = NULL; -+ -+ if ((snprintf(pathname, sizeof(pathname), "/proc/%d/stat", pid) > 0) && -+ ((fp = fopen(pathname, "r")) != NULL) && (fscanf(fp, "%*d (%100[^)]", cmdname) == 1)) { -+ pptr->command = (char *)malloc(COMM_LEN + 1); -+ -+ if (pptr->command != NULL) { -+ cmdlen = 0; -+ -+ for (cptr = cmdname; cmdlen < COMM_LEN && *cptr; cptr++) { -+ if (isprint(*cptr)) { -+ pptr->command[cmdlen++] = *cptr; -+ } else if (cmdlen < (COMM_LEN - 4)) { -+ cmdlen += sprintf(&(pptr->command[cmdlen]), "\\%03o", *cptr); -+ } -+ } -+ -+ pptr->command[cmdlen] = '\0'; -+ } -+ } -+ -+ if (last_proc == NULL) -+ name->matched_procs = pptr; -+ else -+ last_proc->next = pptr; -+ -+ if (fp) -+ fclose(fp); -+} -+ -+static void check_dir(const pid_t pid, const char *dirname, const struct device *dev, -+ const struct inode *ino, const uid_t uid) { -+ DIR *dirp = NULL; -+ dev_t thedev; -+ struct dirent *direntry = NULL; -+ struct stat st; -+ char dirpath[PATH_MAX]; -+ char filepath[PATH_MAX]; -+ int r = 0; -+ -+ if (dirname == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Dirname is NULL."); -+ return; -+ } -+ -+ r = snprintf(dirpath, sizeof(dirpath), "/proc/%d/%s", pid, dirname); -+ if (r < 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Snprintf run failed in check_dir."); -+ return; -+ } -+ -+ dirp = opendir(dirpath); -+ if (dirp == NULL) -+ return; -+ -+ while ((direntry = readdir(dirp)) != NULL) { -+ if (direntry->d_name[0] < '0' || direntry->d_name[0] > '9') -+ continue; -+ -+ snprintf(filepath, sizeof(filepath), "/proc/%d/%s/%s", -+ pid, dirname, direntry->d_name); -+ -+ if (stat(filepath, &st) != 0) -+ continue; -+ -+ thedev = st.st_dev; -+ -+ if ((dev != NULL) && (thedev == dev->device)) { -+ add_matched_proc(dev->name, pid, uid); -+ } -+ -+ if ((ino != NULL) && (thedev == ino->device)) { -+ if (st.st_ino == ino->inode) { -+ add_matched_proc(ino->name, pid, uid); -+ } -+ } -+ } //end while -+ -+ closedir(dirp); -+} -+ -+static int scan_procs(const struct name *name, const struct inode *ino, const struct device *dev) { -+ DIR *topproc_dir = NULL; -+ struct dirent *topproc_dent = NULL; -+ pid_t pid; -+ pid_t my_pid; -+ uid_t uid; -+ -+ if (name == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Name should not be null in scan_procs."); -+ return -1; -+ } -+ -+ if ((ino == NULL) && (dev == NULL)) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Ino and dev should not be NULL in scan_procs."); -+ return -1; -+ } -+ -+ topproc_dir = opendir("/proc"); -+ if (topproc_dir == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Can't open dir proc."); -+ return -1; -+ } -+ -+ my_pid = getpid(); -+ -+ while ((topproc_dent = readdir(topproc_dir)) != NULL) { -+ dev_t scan_dev; -+ struct stat *st = NULL; -+ -+ /* Not a process */ -+ if ((topproc_dent->d_name[0] < '0') || (topproc_dent->d_name[0] > '9')) -+ continue; -+ -+ pid = atoi(topproc_dent->d_name); -+ if (pid == my_pid) -+ continue; -+ -+ uid = getpiduid(pid); -+ -+ st = get_pidstat(pid); -+ scan_dev = st ? st->st_dev : 0; -+ -+ if ((dev != NULL) && (scan_dev == dev->device)) -+ add_matched_proc(dev->name, pid, uid); -+ -+ if ((ino != NULL) && (scan_dev == ino->device)) { -+ if (!st) -+ st = get_pidstat(pid); -+ -+ if (st && (st->st_dev == ino->device) && (st->st_ino == ino->inode)) -+ add_matched_proc(ino->name, pid, uid); -+ } -+ -+ if (st) -+ free(st); -+ -+ check_dir(pid, "fd", dev, ino, uid); -+ } // end while -+ -+ closedir(topproc_dir); -+ return 0; -+} -+ -+static void add_special_proc(struct name *name, const uid_t uid, const char *command) { -+ struct procs *pptr = NULL; -+ -+ if (name == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Name should not be null in add_special_proc."); -+ return; -+ } -+ -+ for (pptr = name->matched_procs; pptr != NULL; pptr = pptr->next) { -+ if (pptr->command != NULL && strcmp(pptr->command, command) == 0) -+ return; -+ } -+ -+ if ((pptr = malloc(sizeof(struct procs))) == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Can't allocate memory for add_special_proc() proc"); -+ return; -+ } -+ -+ pptr->pid = 0; -+ pptr->uid = uid; -+ pptr->next = name->matched_procs; -+ pptr->command = strdup(command); -+ -+ name->matched_procs = pptr; -+} -+ -+static void scan_mounts_and_swaps(const struct name *name, const struct inode *ino, -+ const struct device *dev, const char *file) { -+ FILE *fp = NULL; -+ char line[PATH_MAX]; -+ char *find_mountp = NULL; -+ char *find_space_mounts = NULL; -+ char *find_space_swaps = NULL; -+ struct stat st; -+ -+ if (name == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Name should not be null in scan_mounts_and_swaps."); -+ return; -+ } -+ -+ if ((ino == NULL) && (dev == NULL)) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Ino and dev should not be null in scan_mounts_and_swaps."); -+ return; -+ } -+ -+ fp = fopen(file, "r"); -+ if (fp == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Can't open file %s", file); -+ return; -+ } -+ -+ while (fgets(line, PATH_MAX, fp) != NULL) { -+ if (strcmp(file, PROC_MOUNTS) == 0) { -+ if ((find_mountp = strchr(line, ' ')) == NULL) -+ continue; -+ -+ find_mountp++; -+ -+ find_space_mounts = strchr(find_mountp, ' '); -+ if (find_space_mounts == NULL) -+ continue; -+ -+ *find_space_mounts = '\0'; -+ -+ if (stat(find_mountp, &st) != 0) -+ continue; -+ } else { -+ find_space_swaps = strchr(line, ' '); -+ if (find_space_swaps == NULL) -+ continue; -+ -+ *find_space_swaps = '\0'; -+ find_space_swaps++; -+ -+ while (*find_space_swaps == ' ') { -+ find_space_swaps++; -+ -+ if (*find_space_swaps == '\0') -+ continue; -+ } -+ -+ if (stat(line, &st) != 0) { -+ continue; -+ } -+ } -+ -+ if ((dev != NULL) && (st.st_dev == dev->device)) { -+ if (strcmp(file, PROC_MOUNTS) == 0) -+ add_special_proc(dev->name, 0, find_mountp); -+ -+ if (strcmp(file, PROC_SWAPS) == 0) -+ add_special_proc(dev->name, 0, line); -+ } -+ -+ if ((ino != NULL) && (st.st_dev == ino->device) && (st.st_ino == ino->inode)) { -+ if (strcmp(file, PROC_MOUNTS) == 0) -+ add_special_proc(ino->name, 0, find_mountp); -+ -+ if (strcmp(file, PROC_SWAPS) == 0) -+ add_special_proc(ino->name, 0, line); -+ } -+ } // end while -+ -+ fclose(fp); -+} -+ -+static void print_matches(const struct name *name) { -+ struct procs *pptr = NULL; -+ struct passwd *pwent = NULL; -+ static char P_cmd_long[MAX_COMM_LEN]; -+ char cmd_path[PATH_MAX]; -+ int r = 0; -+ -+ if (name == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Name should not be null in print_matches."); -+ return; -+ } -+ -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "\t\tUSER\t\tPID\tCOMMAND"); -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "%s:", name->filename); -+ -+ for (pptr = name->matched_procs; pptr != NULL; pptr = pptr->next) { -+ if (pwent == NULL || pwent->pw_uid != pptr->uid) -+ pwent = getpwuid(pptr->uid); //get username -+ -+ r = snprintf(cmd_path, sizeof(cmd_path), "/proc/%d", pptr->pid); -+ if (r <= 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't snprintf /proc/%d.", pptr->pid); -+ return; -+ } -+ -+ read_cmdline(P_cmd_long, sizeof(P_cmd_long), cmd_path, "cmdline", ' '); -+ -+ if (strlen(P_cmd_long) != 0){ -+ free(pptr->command); -+ pptr->command = strdup(P_cmd_long); -+ } -+ -+ if (pptr->command == NULL) -+ continue; -+ -+ if (pwent != NULL) { -+ if (pptr->pid != 0) -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "\t\t%-s\t\t%-d\t%-s", pwent->pw_name, pptr->pid, pptr->command); -+ else -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "\t\t%-s\t\t%-s\t%-s", pwent->pw_name, "kernel", pptr->command); -+ } else { -+ if (pptr->pid != 0) -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "\t\t%-d\t\t%-d\t%-s", pptr->uid, pptr->pid, pptr->command); -+ else -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "\t\t%-d\t\t%-s\t%-s", pptr->uid, "kernel", pptr->command); -+ } -+ } -+} -+ -+static void free_matched_procs(struct procs *matched_procs) { -+ struct procs *procs_tmp = NULL; -+ struct procs *procs_next = NULL; -+ -+ procs_tmp = matched_procs; -+ -+ while (procs_tmp != NULL) { -+ procs_next = procs_tmp->next; -+ -+ if (procs_tmp->command) -+ free(procs_tmp->command); -+ -+ free(procs_tmp); -+ -+ procs_tmp = procs_next; -+ } -+} -+ -+int fuser(const char *dir) { -+ struct name this_name; -+ struct inode match_inode; -+ struct device match_device; -+ int r = 0; -+ -+ if (dir == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Dir should not be NULL."); -+ return -1; -+ } -+ -+ this_name.matched_procs = NULL; -+ -+ this_name.filename = strdup(dir); //need to free -+ if (this_name.filename == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Can't allocate memory for fuser() this_name->filename."); -+ return -1; -+ } -+ -+ r = parse_dir(&this_name, &match_inode); -+ if (r < 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "%s", "Failed to parse file."); -+ free(this_name.filename); -+ return -1; -+ } -+ -+ r = parse_mounts(&this_name, &match_device); -+ if (r < 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "%s", "Failed to parse mounts."); -+ free(this_name.filename); -+ return -1; -+ } -+ -+ r = scan_procs(&this_name, &match_inode, &match_device); -+ if (r < 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "%s", "Failed to scan_procs."); -+ free(this_name.filename); -+ return -1; -+ } -+ -+ scan_mounts_and_swaps(&this_name, &match_inode, &match_device, PROC_MOUNTS); -+ scan_mounts_and_swaps(&this_name, &match_inode, &match_device, PROC_SWAPS); -+ print_matches(&this_name); -+ -+ free_matched_procs(this_name.matched_procs); -+ free(this_name.filename); -+ return 0; -+} -diff --git a/src/core/fuser.h b/src/core/fuser.h -new file mode 100644 -index 0000000..b74b879 ---- /dev/null -+++ b/src/core/fuser.h -@@ -0,0 +1,55 @@ -+#pragma once -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "manager.h" -+ -+struct procs { -+ pid_t pid; -+ uid_t uid; -+ char *username; -+ char *command; -+ struct procs *next; -+}; -+ -+struct name { -+ char *filename; -+ struct stat st; -+ struct procs *matched_procs; -+}; -+ -+struct inode { -+ struct name *name; -+ dev_t device; -+ ino_t inode; -+}; -+ -+struct device { -+ struct name *name; -+ dev_t device; -+}; -+ -+#ifndef PATH_MAX -+#define PATH_MAX 4096 -+#endif /* PATH_MAX */ -+ -+#define CMD_NAME_LEN 100 -+#define COMM_LEN 64 -+#define MAX_COMM_LEN 1024 -+#define PROC_MOUNTS "/proc/mounts" -+#define PROC_SWAPS "/proc/swaps" -+ -+int fuser(const char *dir); -diff --git a/src/core/job.c b/src/core/job.c -index eb6728a..3645c11 100644 ---- a/src/core/job.c -+++ b/src/core/job.c -@@ -27,6 +27,9 @@ - #include "terminal-util.h" - #include "unit.h" - #include "virt.h" -+#include "fuser.h" -+#include "mount.h" -+#include "process-util.h" - - Job* job_new_raw(Unit *unit) { - Job *j; -@@ -677,6 +680,8 @@ static const char* job_done_mid(JobType type, JobResult result) { - static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult result) { - _cleanup_free_ char *free_ident = NULL; - const char *ident, *format; -+ int r = 0; -+ pid_t pid; - - assert(u); - assert(t >= 0); -@@ -741,6 +746,37 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult - "See 'systemctl status %s' for details.", quoted); - } - } -+ -+ if (IN_SET(manager_state(u->manager), MANAGER_STOPPING) && u->manager->default_dfx_reboot && -+ ((u->type == UNIT_MOUNT || u->type == UNIT_AUTOMOUNT) && t == JOB_STOP && result == JOB_FAILED)) { -+ -+ Mount *m = MOUNT(u); -+ -+ r = safe_fork("(fuser-shutdown)", FORK_RESET_SIGNALS, &pid); -+ if (r < 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Failed to fork for fuser!"); -+ return; -+ } -+ if (r == 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "-------------fuser -mv %s----------------", m->where); -+ -+ r = fuser(m->where); -+ if (r < 0) -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't run fuser."); -+ -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "%s","----------------------------------------------------------------------"); -+ _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS); -+ } -+ -+ r = wait_for_terminate_with_timeout(pid, 3 * USEC_PER_SEC); -+ if (r == -ETIMEDOUT) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Timeout to run (fuser-shutdown)."); -+ (void) kill(pid, SIGKILL); -+ } -+ } - } - - static int job_perform_on_unit(Job **j) { -diff --git a/src/core/main.c b/src/core/main.c -index 8de32a7..2a6b9b8 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -114,6 +114,7 @@ static bool arg_dump_core; - static int arg_crash_chvt; - static bool arg_crash_shell; - static bool arg_crash_reboot; -+static bool arg_default_dfx_reboot; - static char *arg_confirm_spawn; - static ShowStatus arg_show_status; - static StatusUnitFormat arg_status_unit_format; -@@ -645,6 +646,7 @@ static int parse_config_file(void) { - { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt }, - { "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell }, - { "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot }, -+ { "Manager", "DefaultDFXReboot", config_parse_bool, 0, &arg_default_dfx_reboot }, - { "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status }, - { "Manager", "StatusUnitFormat", config_parse_status_unit_format, 0, &arg_status_unit_format }, - { "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, &arg_cpu_affinity }, -@@ -756,6 +758,7 @@ static void set_manager_defaults(Manager *m) { - m->default_restart_usec = arg_default_restart_usec; - m->default_start_limit_interval = arg_default_start_limit_interval; - m->default_start_limit_burst = arg_default_start_limit_burst; -+ m->default_dfx_reboot = arg_default_dfx_reboot; - - /* On 4.15+ with unified hierarchy, CPU accounting is essentially free as it doesn't require the CPU - * controller to be enabled, so the default is to enable it unless we got told otherwise. */ -@@ -1473,18 +1476,20 @@ static int become_shutdown( - - char log_level[DECIMAL_STR_MAX(int) + 1], - exit_code[DECIMAL_STR_MAX(uint8_t) + 1], -- timeout[DECIMAL_STR_MAX(usec_t) + 1]; -+ timeout[DECIMAL_STR_MAX(usec_t) + 1], -+ dfx_reboot[DECIMAL_STR_MAX(bool)+1]; - -- const char* command_line[13] = { -+ const char* command_line[15] = { - SYSTEMD_SHUTDOWN_BINARY_PATH, - shutdown_verb, - "--timeout", timeout, - "--log-level", log_level, -+ "--dfx-reboot", dfx_reboot, - "--log-target", - }; - - _cleanup_strv_free_ char **env_block = NULL; -- size_t pos = 7; -+ size_t pos = 9; - int r; - usec_t watchdog_timer = 0; - -@@ -1494,6 +1499,7 @@ static int become_shutdown( - - xsprintf(log_level, "%d", log_get_max_level()); - xsprintf(timeout, "%" PRI_USEC "us", arg_default_timeout_stop_usec); -+ xsprintf(dfx_reboot, "%d", arg_default_dfx_reboot); - - switch (log_get_target()) { - -@@ -2325,6 +2331,7 @@ static void reset_arguments(void) { - arg_crash_chvt = -1; - arg_crash_shell = false; - arg_crash_reboot = false; -+ arg_default_dfx_reboot = false; - arg_confirm_spawn = mfree(arg_confirm_spawn); - arg_show_status = _SHOW_STATUS_INVALID; - arg_status_unit_format = STATUS_UNIT_FORMAT_DEFAULT; -diff --git a/src/core/manager.c b/src/core/manager.c -index 3a12d6d..29ef96b 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -771,6 +771,7 @@ int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager - *m = (Manager) { - .unit_file_scope = scope, - .objective = _MANAGER_OBJECTIVE_INVALID, -+ .default_dfx_reboot = false, - - .status_unit_format = STATUS_UNIT_FORMAT_DEFAULT, - -diff --git a/src/core/manager.h b/src/core/manager.h -index dada79c..c20abd5 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -335,6 +335,8 @@ struct Manager { - /* Have we ever changed the "kernel.pid_max" sysctl? */ - bool sysctl_pid_max_changed; - -+ bool default_dfx_reboot; -+ - ManagerTestRunFlags test_run_flags; - - /* If non-zero, exit with the following value when the systemd -diff --git a/src/core/meson.build b/src/core/meson.build -index f0d2c6f..825eede 100644 ---- a/src/core/meson.build -+++ b/src/core/meson.build -@@ -127,6 +127,8 @@ libcore_sources = ''' - unit-serialize.h - unit.c - unit.h -+ fuser.c -+ fuser.h - '''.split() - - subdir('bpf/socket_bind') -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index dfc2477..cf34a12 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -74,3 +74,4 @@ DefaultLimitMEMLOCK=64M - #DefaultLimitRTPRIO= - #DefaultLimitRTTIME= - #DefaultOOMPolicy=stop -+#DefaultDFXReboot=no -diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build -index e1348d9..12fbef3 100644 ---- a/src/shutdown/meson.build -+++ b/src/shutdown/meson.build -@@ -1,15 +1,21 @@ - # SPDX-License-Identifier: LGPL-2.1-or-later - -+shutdown_includes = [includes, include_directories('.')] -+ - systemd_shutdown_sources = files(''' - shutdown.c - umount.c - umount.h -+ process-status.c -+ process-status.h - '''.split()) - - tests += [ - [['src/shutdown/test-umount.c', - 'src/shutdown/umount.c', - 'src/shutdown/umount.h'], -- [], -- [libmount]], -+ [libshared, -+ libcore], -+ [libmount], -+ core_includes], - ] -diff --git a/src/shutdown/process-status.c b/src/shutdown/process-status.c -new file mode 100644 -index 0000000..11837a2 ---- /dev/null -+++ b/src/shutdown/process-status.c -@@ -0,0 +1,143 @@ -+#include "process-status.h" -+#include "process-util.h" -+ -+static uid_t P_uid; -+static int P_pid; -+static int P_ppid; -+static char P_stat[COMM_LEN]; -+static char P_cmd_short[COMM_LEN]; -+static char P_user[COMM_LEN]; -+static char P_cmd_long[COMM_LEN]; -+ -+static int read_from_stat(int pid) { -+ char buf[PATH_MAX]; -+ char cmd_path[PATH_MAX]; -+ char pathname[PATH_MAX]; -+ int fd = 0; -+ struct stat st; -+ int r = 0; -+ -+ memset(buf, 0, sizeof(buf)); -+ memset(cmd_path, 0, sizeof(cmd_path)); -+ memset(pathname, 0, sizeof(pathname)); -+ -+ r = snprintf(pathname, sizeof(pathname), "/proc/%d", pid); -+ if (r <= 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Can't snprintf /proc/%d.", pid); -+ return -1; -+ } -+ -+ if (stat(pathname, &st) != 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Can't stat %s.", pathname); -+ return -1; -+ } -+ -+ P_uid = st.st_uid; -+ -+ r = snprintf(buf, sizeof(buf), "/proc/%d/stat", pid); -+ if (r <= 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Can't snprintf /proc/%d/stat.", pid); -+ return -1; -+ } -+ -+ fd = open(buf, O_RDONLY, 0); -+ if (fd == -1) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Can't open %s.", buf); -+ return -1; -+ } -+ -+ r = read(fd, buf, sizeof(buf) - 1); -+ if (r < 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Can't read /proc/%d/stat.", pid); -+ close(fd); -+ return -1; -+ } -+ -+ r = sscanf(buf, "%d %s %s %d", &P_pid, P_cmd_short, P_stat, &P_ppid); -+ if (r < 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Can't run sscanf."); -+ close(fd); -+ return -1; -+ } -+ -+ close(fd); -+ -+ if(P_pid != pid) -+ return -1; -+ -+ r = snprintf(cmd_path, sizeof(cmd_path), "/proc/%d", pid); -+ if (r <= 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't snprintf /proc/%d.", pid); -+ return -1; -+ } -+ -+ /* read from /proc/$pid/cmdline */ -+ read_cmdline(P_cmd_long, sizeof(P_cmd_long), cmd_path, "cmdline", ' '); -+ -+ return 0; -+} -+ -+static void do_user(void) { -+ struct passwd *p = NULL; -+ -+ p = getpwuid(P_uid); -+ if (p) { -+ snprintf(P_user, sizeof(P_user), "%s", p->pw_name); -+ } else { -+ snprintf(P_user, sizeof(P_user), "%u", P_uid); -+ } -+} -+ -+static void print_proc(void) { -+ if ((P_ppid != KTHREADD) && (strcmp(P_cmd_short, "(kthreadd)") != 0)) { -+ if (strlen(P_cmd_long) != 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", -+ "%-s\t%-d\t%-d\t%-s", P_user, P_pid, P_ppid, P_cmd_long); -+ } else { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", -+ "%-s\t%-d\t%-d\t%-s", P_user, P_pid, P_ppid, P_cmd_short); -+ } -+ } -+} -+ -+int process_status(void) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", -+ "%s", "-----------------------------------------------------------------"); -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", -+ "%s", "USER\tPID\tPPID\tCMD"); -+ -+ struct dirent *ent = NULL; -+ DIR *dir = NULL; -+ -+ dir = opendir("/proc"); -+ if (dir == NULL) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", -+ "%s", "can't open /proc"); -+ return -1; -+ } -+ -+ while((ent = readdir(dir))){ -+ if (*ent->d_name < '0' || *ent->d_name > '9') -+ continue; -+ -+ if (read_from_stat(atoi(ent->d_name)) != 0) -+ continue; -+ -+ do_user(); -+ -+ print_proc(); -+ } -+ -+ closedir(dir); -+ -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL,"systemd-shutdown", -+ "%s", "------------------------------------------------------------------"); -+ -+ return 0; -+} -diff --git a/src/shutdown/process-status.h b/src/shutdown/process-status.h -new file mode 100644 -index 0000000..2f4333d ---- /dev/null -+++ b/src/shutdown/process-status.h -@@ -0,0 +1,24 @@ -+#pragma once -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include "manager.h" -+ -+#define COMM_LEN 512 -+ -+#ifndef PATH_MAX -+#define PATH_MAX 4096 -+#endif -+ -+#define KTHREADD 2 -+ -+int process_status(void); -diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c -index a98cfc4..1ad6fa0 100644 ---- a/src/shutdown/shutdown.c -+++ b/src/shutdown/shutdown.c -@@ -38,13 +38,17 @@ - #include "util.h" - #include "virt.h" - #include "watchdog.h" -+#include "process-status.h" - - #define SYNC_PROGRESS_ATTEMPTS 3 - #define SYNC_TIMEOUT_USEC (10*USEC_PER_SEC) -+#define SHUTDOWN_TIMEOUT_MIN (0*USEC_PER_SEC) -+#define SHUTDOWN_TIMEOUT_INTERVAL (30*USEC_PER_SEC) - - static char* arg_verb; - static uint8_t arg_exit_code; - static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC; -+static bool dfx_reboot = false; - - static int parse_argv(int argc, char *argv[]) { - enum { -@@ -55,6 +59,7 @@ static int parse_argv(int argc, char *argv[]) { - ARG_LOG_TIME, - ARG_EXIT_CODE, - ARG_TIMEOUT, -+ ARG_DFX_REBOOT, - }; - - static const struct option options[] = { -@@ -65,6 +70,7 @@ static int parse_argv(int argc, char *argv[]) { - { "log-time", optional_argument, NULL, ARG_LOG_TIME }, - { "exit-code", required_argument, NULL, ARG_EXIT_CODE }, - { "timeout", required_argument, NULL, ARG_TIMEOUT }, -+ { "dfx-reboot", required_argument, NULL, ARG_DFX_REBOOT }, - {} - }; - -@@ -78,6 +84,13 @@ static int parse_argv(int argc, char *argv[]) { - while ((c = getopt_long(argc, argv, "-", options, NULL)) >= 0) - switch (c) { - -+ case ARG_DFX_REBOOT: -+ if (streq(optarg, "1")) { -+ dfx_reboot = true; -+ } -+ -+ break; -+ - case ARG_LOG_LEVEL: - r = log_set_max_level_from_string(optarg); - if (r < 0) -@@ -313,6 +326,9 @@ int main(int argc, char *argv[]) { - char *arguments[3], *watchdog_device; - int cmd, r, umount_log_level = LOG_INFO; - static const char* const dirs[] = {SYSTEM_SHUTDOWN_PATH, NULL}; -+ usec_t now_time, time_interval; -+ pid_t pid; -+ bool fork_failed = false; - - /* The log target defaults to console, but the original systemd process will pass its log target in through a - * command line argument, which will override this default. Also, ensure we'll never log to the journal or -@@ -405,8 +421,37 @@ int main(int argc, char *argv[]) { - need_md_detach = !in_container; - can_initrd = !in_container && !in_initrd() && access("/run/initramfs/shutdown", X_OK) == 0; - -+ now_time = now(CLOCK_MONOTONIC); -+ time_interval = SHUTDOWN_TIMEOUT_MIN; - /* Unmount all mountpoints, swaps, and loopback devices */ - for (;;) { -+ if (dfx_reboot && (now(CLOCK_MONOTONIC) >= now_time + time_interval)) { -+ r = safe_fork("(process_status)", FORK_RESET_SIGNALS, &pid); -+ if (r < 0) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, -+ "Failed to fork for process_status!"); -+ fork_failed = true; -+ } -+ if (r == 0) { -+ r = process_status(); -+ if (r < 0) -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't run ps."); -+ -+ _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS); -+ } -+ -+ now_time = now(CLOCK_MONOTONIC); -+ time_interval = SHUTDOWN_TIMEOUT_INTERVAL; -+ -+ if (!fork_failed) { -+ r = wait_for_terminate_with_timeout(pid, 3 * USEC_PER_SEC); -+ if (r == -ETIMEDOUT) { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Timeout to run (process_status)."); -+ (void) kill(pid, SIGKILL); -+ } -+ } -+ } -+ - bool changed = false; - - if (use_watchdog) -diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c -index c2a2624..1541bcc 100644 ---- a/src/shutdown/umount.c -+++ b/src/shutdown/umount.c -@@ -37,6 +37,7 @@ - #include "umount.h" - #include "util.h" - #include "virt.h" -+#include "manager.h" - - static void mount_point_free(MountPoint **head, MountPoint *m) { - assert(head); -@@ -553,6 +554,7 @@ static int umount_with_timeout(MountPoint *m, int umount_log_level) { - return r; - if (r == 0) { - log_info("Unmounting '%s'.", m->path); -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Unmounting '%s'.", m->path); - - /* Start the mount operation here in the child Using MNT_FORCE - * causes some filesystems (e.g. FUSE and NFS and other network -@@ -562,8 +564,12 @@ static int umount_with_timeout(MountPoint *m, int umount_log_level) { - * filesystem less busy so the unmount might succeed (rather - * than return EBUSY). */ - r = umount2(m->path, MNT_FORCE); -- if (r < 0) -+ if (r < 0) { - log_full_errno(umount_log_level, errno, "Failed to unmount %s: %m", m->path); -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Failed to unmount '%s'.", m->path); -+ } else { -+ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Unmounted '%s'.", m->path); -+ } - - _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS); - } -diff --git a/src/test/meson.build b/src/test/meson.build -index 561386d..09c5298 100644 ---- a/src/test/meson.build -+++ b/src/test/meson.build -@@ -616,6 +616,23 @@ tests += [ - libshared], - [], - core_includes], -+ -+ [['src/test/test-process-status.c', -+ 'src/shutdown/process-status.c', -+ 'src/shutdown/process-status.h'], -+ [libcore, -+ libshared], -+ [], -+ [shutdown_includes, -+ core_includes]], -+ -+ [['src/test/test-fuser.c', -+ 'src/core/fuser.c', -+ 'src/core/fuser.h'], -+ [libcore, -+ libshared], -+ [], -+ core_includes], - ] - - ############################################################ -diff --git a/src/test/test-fuser.c b/src/test/test-fuser.c -new file mode 100644 -index 0000000..1527b5b ---- /dev/null -+++ b/src/test/test-fuser.c -@@ -0,0 +1,14 @@ -+#include "fuser.h" -+#include "tests.h" -+ -+int main(int argc, char *argv[]){ -+ test_setup_logging(LOG_DEBUG); -+ -+ assert_se(fuser("/") == 0); -+ assert_se(fuser(NULL) < 0); -+ assert_se(fuser("/dev") == 0); -+ assert_se(fuser("/dev/empty/mountpoint") < 0); -+ assert_se(fuser("") < 0); -+ -+ return 0; -+} -diff --git a/src/test/test-process-status.c b/src/test/test-process-status.c -new file mode 100644 -index 0000000..4a4c3da ---- /dev/null -+++ b/src/test/test-process-status.c -@@ -0,0 +1,10 @@ -+#include "process-status.h" -+#include "tests.h" -+ -+int main(int argc, char *argv[]){ -+ -+ assert_se(process_status() == 0); -+ -+ return 0; -+ -+} --- -2.23.0 - diff --git a/process-util-log-more-information-when-runnin.patch b/process-util-log-more-information-when-runnin.patch deleted file mode 100644 index 059ef8d..0000000 --- a/process-util-log-more-information-when-runnin.patch +++ /dev/null @@ -1,156 +0,0 @@ -From f4b4008495211c60bda7e1edda45beb36a553bc7 Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Thu, 14 Jan 2021 15:57:59 +0800 -Subject: [PATCH] process-util: log more information when running - systemctl. - - Print the PID and its cmdline to the system log when a process - runs systemctl command. ---- - src/basic/process-util.c | 31 +++++++++++++++++++++++++++++++ - src/basic/process-util.h | 1 + - src/systemctl/systemctl.c | 12 ++++++++++++ - src/test/test-process-util.c | 22 ++++++++++++++++++++++ - 4 files changed, 66 insertions(+) - -diff --git a/src/basic/process-util.c b/src/basic/process-util.c -index 5452edd..f137ba0 100644 ---- a/src/basic/process-util.c -+++ b/src/basic/process-util.c -@@ -42,6 +42,7 @@ - #include "stdio-util.h" - #include "string-table.h" - #include "string-util.h" -+#include "strv.h" - #include "terminal-util.h" - #include "user-util.h" - #include "utf8.h" -@@ -189,6 +190,36 @@ int get_process_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags - return 0; - } - -+int print_process_cmdline_with_arg(pid_t pid, int argc, char *argv[], char *filter[]) { -+ bool is_filtered = false; -+ int r; -+ const char *arg_cmdline = "["; -+ _cleanup_free_ char *cmdline = NULL; -+ -+ r = get_process_cmdline(pid, SIZE_MAX, 0, &cmdline); -+ if (r < 0) { -+ syslog(LOG_INFO, "Failed to get cmdline of PID %d. Ignoring.", pid); -+ return r; -+ } else { -+ for (int i = 0; i < argc; i++ ) { -+ if (filter && strv_find(filter, argv[i])) { -+ is_filtered = true; -+ break; -+ } -+ if (i == 0) { -+ arg_cmdline = strjoina(arg_cmdline, argv[i]); -+ } else { -+ arg_cmdline = strjoina(arg_cmdline, " ", argv[i]); -+ } -+ } -+ if (!is_filtered) { -+ syslog(LOG_INFO, "%s] called by PID %d (%s)", arg_cmdline, pid, cmdline); -+ } -+ return 0; -+ } -+ -+} -+ - static int update_argv(const char name[], size_t l) { - static int can_do = -1; - -diff --git a/src/basic/process-util.h b/src/basic/process-util.h -index 41d4759..4d8147e 100644 ---- a/src/basic/process-util.h -+++ b/src/basic/process-util.h -@@ -38,6 +38,7 @@ typedef enum ProcessCmdlineFlags { - - int get_process_comm(pid_t pid, char **name); - int get_process_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags, char **line); -+int print_process_cmdline_with_arg(pid_t pid, int argc, char *argv[], char *filter[]); - int get_process_exe(pid_t pid, char **name); - int get_process_uid(pid_t pid, uid_t *uid); - int get_process_gid(pid_t pid, gid_t *gid); -diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c -index 1c01914..dd5bee9 100644 ---- a/src/systemctl/systemctl.c -+++ b/src/systemctl/systemctl.c -@@ -12,6 +12,7 @@ - - #include - #include -+#include - #include - - #include "sd-daemon.h" -@@ -9272,6 +9273,14 @@ static int logind_cancel_shutdown(void) { - - static int run(int argc, char *argv[]) { - int r; -+ pid_t ppid; -+ char *filter[] = { -+ "status", "show", "cat", -+ "is-active", "is-failed", "is-enabled", "is-system-running", -+ "list-units", "list-sockets", "list-timers", "list-dependencies", -+ "list-unit-files", "list-machines", "list-jobs", -+ "get-default", "show-environment", NULL -+ }; - - setlocale(LC_ALL, ""); - log_parse_environment(); -@@ -9291,6 +9300,9 @@ static int run(int argc, char *argv[]) { - if (r <= 0) - goto finish; - -+ ppid = getppid(); -+ (void) print_process_cmdline_with_arg(ppid, argc, argv, filter); -+ - if (arg_action != ACTION_SYSTEMCTL && running_in_chroot() > 0) { - if (!arg_quiet) - log_info("Running in chroot, ignoring request."); -diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c -index 8dc9fdd..1cb4ee2 100644 ---- a/src/test/test-process-util.c -+++ b/src/test/test-process-util.c -@@ -601,6 +601,27 @@ static void test_ioprio_class_from_to_string(void) { - } - } - -+static void test_print_process_cmdline_with_arg(pid_t pid) { -+ char *arg_filter_empty[] = {"", NULL}; -+ char *arg_filter_1_in[] = {"status", NULL}; -+ char *arg_filter_1_no[] = {"stop", NULL}; -+ char *arg_filter_2_in[] = {"restart", "status", NULL}; -+ char *arg_filter_2_no[] = {"restart", "stop", NULL}; -+ char *arg_var_1[1] = {"systemctl"}; -+ char *arg_var_10[10] = {"systemctl", "restart", "1", "2", "3", "4", "5", "6", "7", "8"}; -+ char *arg_var_filter[3] = {"systemctl", "status", "dbus.service"}; -+ assert_se(print_process_cmdline_with_arg(pid, 0, NULL, NULL) >=0); -+ assert_se(print_process_cmdline_with_arg(pid, 1, arg_var_1, NULL) >= 0); -+ assert_se(print_process_cmdline_with_arg(pid, 10, arg_var_10, NULL) >= 0); -+ assert_se(print_process_cmdline_with_arg(897349, 1, arg_var_1, NULL) < 0); -+ assert_se(print_process_cmdline_with_arg(897349, 10, arg_var_10, NULL) < 0); -+ assert_se(print_process_cmdline_with_arg(pid, 3, arg_var_filter, arg_filter_empty) >= 0); -+ assert_se(print_process_cmdline_with_arg(pid, 3, arg_var_filter, arg_filter_1_in) >= 0); -+ assert_se(print_process_cmdline_with_arg(pid, 3, arg_var_filter, arg_filter_1_no) >= 0); -+ assert_se(print_process_cmdline_with_arg(pid, 3, arg_var_filter, arg_filter_2_in) >= 0); -+ assert_se(print_process_cmdline_with_arg(pid, 3, arg_var_filter, arg_filter_2_no) >= 0); -+} -+ - int main(int argc, char *argv[]) { - log_show_color(true); - test_setup_logging(LOG_INFO); -@@ -627,6 +648,7 @@ int main(int argc, char *argv[]) { - test_ioprio_class_from_to_string(); - test_setpriority_closest(); - test_get_process_ppid(); -+ test_print_process_cmdline_with_arg(getpid()); - - return 0; - } --- -2.23.0 - diff --git a/resolved-create-etc-resolv.conf-symlink-at-runtime.patch b/resolved-create-etc-resolv.conf-symlink-at-runtime.patch deleted file mode 100644 index 21ba790..0000000 --- a/resolved-create-etc-resolv.conf-symlink-at-runtime.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 0c670fec00f3d5c103d9b7415d4e0510c61ad006 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= -Date: Fri, 11 Mar 2016 17:06:17 -0500 -Subject: [PATCH] resolved: create /etc/resolv.conf symlink at runtime - -If the symlink doesn't exists, and we are being started, let's -create it to provie name resolution. - -If it exists, do nothing. In particular, if it is a broken symlink, -we cannot really know if the administator configured it to point to -a location used by some service that hasn't started yet, so we -don't touch it in that case either. - -https://bugzilla.redhat.com/show_bug.cgi?id=1313085 ---- - src/resolve/resolved.c | 5 +++++ - tmpfiles.d/etc.conf.in | 3 --- - 2 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c -index 50989a6b0a..95a51a574a 100644 ---- a/src/resolve/resolved.c -+++ b/src/resolve/resolved.c -@@ -58,6 +58,11 @@ static int run(int argc, char *argv[]) { - if (r < 0) - return log_error_errno(r, "Could not create runtime directory: %m"); - -+ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf"); -+ if (r < 0 && errno != EEXIST) -+ log_warning_errno(errno, -+ "Could not create /etc/resolv.conf symlink: %m"); -+ - /* Drop privileges, but keep three caps. Note that we drop two of those too, later on (see below) */ - r = drop_privileges(uid, gid, - (UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */ -diff --git a/tmpfiles.d/etc.conf.in b/tmpfiles.d/etc.conf.in -index f82e0b82ce..66a777bdb2 100644 ---- a/tmpfiles.d/etc.conf.in -+++ b/tmpfiles.d/etc.conf.in -@@ -12,9 +12,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts - {% if HAVE_SMACK_RUN_LABEL %} - t /etc/mtab - - - - security.SMACK64=_ - {% endif %} --{% if ENABLE_RESOLVE %} --L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf --{% endif %} - C! /etc/nsswitch.conf - - - - - {% if HAVE_PAM %} - C! /etc/pam.d - - - - --- -2.23.0 - diff --git a/revert-rpm-restart-services-in-posttrans.patch b/revert-rpm-restart-services-in-posttrans.patch deleted file mode 100644 index b76853f..0000000 --- a/revert-rpm-restart-services-in-posttrans.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 3b2ba67cfc83905a88e3ebb88a2b43222a06e869 Mon Sep 17 00:00:00 2001 -From: wangyuhang -Date: Fri, 17 Jun 2022 14:26:16 +0800 -Subject: [PATCH] revert rpm: restart services in %posttrans -Reason:In version 22.03, if we do not add 'systemctl reload or restart --marked' in -%transfiletriggerpostun, %systemd_postun_with_restart will not restart the -service. In order to maintain compatibility with version 20.03, revert the commit -and use the version 20.03 scheme - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/fa97d2fcf64e0558054bee673f734f523373b146 ---- - src/rpm/macros.systemd.in | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/src/rpm/macros.systemd.in b/src/rpm/macros.systemd.in -index 3a0169a..8dae941 100644 ---- a/src/rpm/macros.systemd.in -+++ b/src/rpm/macros.systemd.in -@@ -86,9 +86,7 @@ fi \ - %{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# systemd_postun_with_restart}} \ - if [ $1 -ge 1 ] && [ -x %{_bindir}/systemctl ]; then \ - # Package upgrade, not uninstall \ -- for unit in %{?*}; do \ -- %{_bindir}/systemctl set-property $unit Markers=+needs-restart || : \ -- done \ -+ %{_bindir}/systemctl try-restart %{?*} || : \ - fi \ - %{nil} - --- -2.33.0 - diff --git a/rules-add-elevator-kernel-command-line-parameter.patch b/rules-add-elevator-kernel-command-line-parameter.patch deleted file mode 100644 index 4e5f126..0000000 --- a/rules-add-elevator-kernel-command-line-parameter.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 1255584bb0a595fb555af7e14230ab1b7aa6adcd Mon Sep 17 00:00:00 2001 -From: Lukas Nykryn -Date: Tue, 12 Feb 2019 16:58:16 +0100 -Subject: [PATCH] rules: add elevator= kernel command line parameter - -Kernel removed the elevator= option - -Resolves: #1670126 ---- - rules.d/40-elevator.rules | 20 ++++++++++++++++++++ - 1 file changed, 20 insertions(+) - create mode 100644 rules.d/40-elevator.rules - -diff --git a/rules.d/40-elevator.rules b/rules.d/40-elevator.rules -new file mode 100644 -index 0000000000..5f615bf51a ---- /dev/null -+++ b/rules.d/40-elevator.rules -@@ -0,0 +1,20 @@ -+# We aren't adding devices skip the elevator check -+ACTION!="add", GOTO="sched_out" -+ -+SUBSYSTEM!="block", GOTO="sched_out" -+ENV{DEVTYPE}!="disk", GOTO="sched_out" -+ -+# Technically, dm-multipath can be configured to use an I/O scheduler. -+# However, there are races between the 'add' uevent and the linking in -+# of the queue/scheduler sysfs file. For now, just skip dm- devices. -+KERNEL=="dm-*|md*", GOTO="sched_out" -+ -+# Skip bio-based devices, which don't support an I/O scheduler. -+ATTR{queue/scheduler}=="none", GOTO="sched_out" -+ -+# If elevator= is specified on the kernel command line, change the -+# scheduler to the one specified. -+IMPORT{cmdline}="elevator" -+ENV{elevator}!="", ATTR{queue/scheduler}="$env{elevator}" -+ -+LABEL="sched_out" --- -2.23.0 - diff --git a/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch b/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch deleted file mode 100644 index af9c43c..0000000 --- a/rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 2991b22f5f40a66ad1cc088e502e7f40ae1806c2 Mon Sep 17 00:00:00 2001 -From: Michal Sekletar -Date: Mon, 22 Sep 2014 07:53:52 +0200 -Subject: rules: add rule for naming Dell iDRAC USB Virtual NIC - as 'idrac' - -Related: #1523227 ---- - rules.d/73-idrac.rules | 6 ++++++ - rules.d/meson.build | 1 + - 2 files changed, 7 insertions(+) - create mode 100644 rules.d/73-idrac.rules - -diff --git a/rules.d/73-idrac.rules b/rules.d/73-idrac.rules -new file mode 100644 -index 0000000000..d67fc425b1 ---- /dev/null -+++ b/rules.d/73-idrac.rules -@@ -0,0 +1,6 @@ -+# do not edit this file, it will be overwritten on update -+ -+# On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC -+# with terminates in the iDRAC. Help identify this with 'idrac' -+ -+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", ATTRS{idVendor}=="413c", ATTRS{idProduct}=="a102", NAME="idrac" -diff --git a/rules.d/meson.build b/rules.d/meson.build -index 13d1d330cf..b06edf0621 100644 ---- a/rules.d/meson.build -+++ b/rules.d/meson.build -@@ -18,6 +18,7 @@ rules = files(''' - 70-joystick.rules - 70-mouse.rules - 70-touchpad.rules -+ 73-idrac.rules - 75-net-description.rules - 75-probe_mtd.rules - 78-sound-card.rules --- -2.23.0 - diff --git a/rules-add-the-rule-that-adds-elevator-kernel-command.patch b/rules-add-the-rule-that-adds-elevator-kernel-command.patch deleted file mode 100644 index 768c72b..0000000 --- a/rules-add-the-rule-that-adds-elevator-kernel-command.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 16d1f6e5122038fa24392e166a0a88c6cab41dd0 Mon Sep 17 00:00:00 2001 -From: Lukas Nykryn -Date: Tue, 26 Feb 2019 15:22:38 +0100 -Subject: [PATCH] rules: add the rule that adds elevator= kernel - command line parameter - -Resolves: #1670126 - ---- - rules.d/meson.build | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/rules.d/meson.build b/rules.d/meson.build -index 62026fd..4a3c32f 100644 ---- a/rules.d/meson.build -+++ b/rules.d/meson.build -@@ -5,6 +5,7 @@ install_data( - install_dir : udevrulesdir) - - rules = files(''' -+ 40-elevator.rules - 60-autosuspend.rules - 60-block.rules - 60-cdrom_id.rules --- -2.23.0 - diff --git a/sd-bus-properly-initialize-containers.patch b/sd-bus-properly-initialize-containers.patch deleted file mode 100644 index a6583b8..0000000 --- a/sd-bus-properly-initialize-containers.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 220a60a61a91153fd8e49e58884b9b0b904888f6 Mon Sep 17 00:00:00 2001 -From: Jan Synacek -Date: Wed, 31 Oct 2018 12:50:19 +0100 -Subject: [PATCH] sd-bus: properly initialize containers - -Fixes a SIGSEGV introduced by commit 38a5315a3a6fab745d8c86ff9e486faaf50b28d1. -The same problem doesn't exist upstream, as the container structure -there is initialized using a compound literal, which is zeroed out by -default. - -Related: #1635435 - ---- - src/libsystemd/sd-bus/bus-message.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c -index eb029e4..e0c8338 100644 ---- a/src/libsystemd/sd-bus/bus-message.c -+++ b/src/libsystemd/sd-bus/bus-message.c -@@ -2051,6 +2051,7 @@ _public_ int sd_bus_message_open_container( - .enclosing = type, - .signature = TAKE_PTR(signature), - .array_size = array_size, -+ .peeked_signature = NULL, - .before = before, - .begin = begin, - .need_offsets = need_offsets, --- -2.19.1 - diff --git a/set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch b/set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch deleted file mode 100644 index 7c7f99b..0000000 --- a/set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 22f8c4c2a22d9766d86b23429bd404a0864b0a9e Mon Sep 17 00:00:00 2001 -From: linfeilong -Date: Sat, 21 Oct 2017 14:48:18 +0800 -Subject: [PATCH] set forwardtowall no to avoid emerg log shown on shell - ---- - man/journald.conf.xml | 2 +- - src/journal/journald.conf | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/man/journald.conf.xml b/man/journald.conf.xml -index 44fd0d2..8d38fe3 100644 ---- a/man/journald.conf.xml -+++ b/man/journald.conf.xml -@@ -292,7 +292,7 @@ - traditional syslog daemon, to the kernel log buffer (kmsg), to the system console, or sent as wall - messages to all logged-in users. These options take boolean arguments. If forwarding to syslog is - enabled but nothing reads messages from the socket, forwarding to syslog has no effect. By default, -- only forwarding to wall is enabled. These settings may be overridden at boot time with the kernel -+ these four configs are all disabled. These settings may be overridden at boot time with the kernel - command line options systemd.journald.forward_to_syslog, - systemd.journald.forward_to_kmsg, - systemd.journald.forward_to_console, and -diff --git a/src/journal/journald.conf b/src/journal/journald.conf -index 2f1c661..17dda27 100644 ---- a/src/journal/journald.conf -+++ b/src/journal/journald.conf -@@ -32,7 +32,7 @@ - #ForwardToSyslog=no - #ForwardToKMsg=no - #ForwardToConsole=no --#ForwardToWall=yes -+ForwardToWall=no - #TTYPath=/dev/console - #MaxLevelStore=debug - #MaxLevelSyslog=debug --- -2.19.1 - diff --git a/set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch b/set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch deleted file mode 100644 index da49b05..0000000 --- a/set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 14b69596b0bff64f7482d93ea3f043520a716921 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 8 Jun 2023 20:02:50 +0800 -Subject: [PATCH] set the cpuset.cpus/mems of machine.slice to all by default - This is necessary after merging core-cgroup-support-cpuset.patch. - -When creating a vm, libvirt will issue a dbus method_call to -systemd-machined. systemd-machined will start transient unit -usually named xxx.scope with Delegate=1 set after receiving -the method_call. If Delegate=1 is set, systemd will create -machine.slice in /sys/fs/cgroup for every cgroup subsystem, this -includes cpuset. cpuset is different, you can't migrate processes -to the created directory unless you have set proper cpuset.cpus -and cpuset.mems. - -Without this patch, libvirt sees machine.slice, it won't check -if cpuset.cpus or cpuset.mems is valid, and just migrate the vm -process to machine.slice. This action will fail because core-cgroup --support-cpuset.patch only supports create the machine.slice -directory when Delegate=1 is set, but won't set cpuset.cpus -and cpuset.mems automatically. - -Now we have this patch, it will make systemd automatically set -cpuset.cpus and cpuset.mems according to /sys/fs/cgroup/cpuset/{ -cpuset.cpus, cpuset.mems}. Then libvirt can migrate vm processes -freely. ---- - units/machine.slice | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/units/machine.slice b/units/machine.slice -index 501d353..8d87851 100644 ---- a/units/machine.slice -+++ b/units/machine.slice -@@ -11,3 +11,8 @@ - Description=Virtual Machine and Container Slice - Documentation=man:systemd.special(7) - Before=slices.target -+ -+[Slice] -+CPUSetCpus=all -+CPUSetMems=all -+CPUSetCloneChildren=1 --- -2.33.0 - diff --git a/shutdown-reboot-when-recieve-crash-signal.patch b/shutdown-reboot-when-recieve-crash-signal.patch deleted file mode 100644 index 4213090..0000000 --- a/shutdown-reboot-when-recieve-crash-signal.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 3ac4d1fc1a067afc0e0d4ca37a44ac252ee8b96b Mon Sep 17 00:00:00 2001 -From: xujing -Date: Tue, 8 Feb 2022 21:02:31 +0800 -Subject: [PATCH] shutdown: reboot when recieve crash signal - ---- - src/shutdown/shutdown.c | 33 +++++++++++++++++++++++++++++++++ - 1 files changed, 33 insertions(+) - -diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c -index 680de4f..066a03a 100644 ---- a/src/shutdown/shutdown.c -+++ b/src/shutdown/shutdown.c -@@ -307,6 +307,26 @@ static void bump_sysctl_printk_log_level(int min_level) { - log_debug_errno(r, "Failed to bump kernel.printk to %i: %m", min_level + 1); - } - -+_noreturn_ static void crash(int sig) { -+ if (getpid_cached() != 1) -+ /* Pass this on immediately, if this is not PID 1 */ -+ (void) raise(sig); -+ else { -+ bool in_container = detect_container() > 0; -+ -+ log_info("Recieve signal %d.", sig); -+ -+ broadcast_signal(SIGTERM, true, true, arg_timeout); -+ broadcast_signal(SIGKILL, true, false, arg_timeout); -+ -+ if (!in_container) -+ sync_with_progress(); -+ -+ log_info("Rebooting now."); -+ (void) reboot(RB_AUTOBOOT); -+ } -+} -+ - int main(int argc, char *argv[]) { - bool need_umount, need_swapoff, need_loop_detach, need_dm_detach, need_md_detach, in_container, use_watchdog = false, can_initrd; - _cleanup_free_ char *cgroup = NULL; -@@ -316,6 +336,19 @@ int main(int argc, char *argv[]) { - usec_t now_time, time_interval; - pid_t pid; - bool fork_failed = false; -+ static const struct sigaction sa = { -+ .sa_handler = crash, -+ .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */ -+ }; -+ -+ (void) reset_all_signal_handlers(); -+ (void) ignore_signals(SIGNALS_IGNORE, -1); -+ -+ /* We ignore the return value here, since, we don't mind if we -+ * cannot set up a crash handler */ -+ r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1); -+ if (r < 0) -+ log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m"); - - /* The log target defaults to console, but the original systemd process will pass its log target in through a - * command line argument, which will override this default. Also, ensure we'll never log to the journal or --- -2.23.0 - diff --git a/support-disable-cgroup-controllers-we-don-t-want.patch b/support-disable-cgroup-controllers-we-don-t-want.patch deleted file mode 100644 index 5fc541a..0000000 --- a/support-disable-cgroup-controllers-we-don-t-want.patch +++ /dev/null @@ -1,216 +0,0 @@ -From ef31366523d784d92f25abd99b3782acda29a01c Mon Sep 17 00:00:00 2001 -From: xujing -Date: Fri, 8 Jul 2022 19:47:45 +0800 -Subject: [PATCH] support disable cgroup controllers we don't want - ---- - src/basic/cgroup-util.c | 14 +++++++++++ - src/basic/cgroup-util.h | 1 + - src/core/cgroup.c | 1 + - src/core/main.c | 7 ++++++ - src/core/manager.h | 2 ++ - src/core/system.conf.in | 1 + - src/shared/conf-parser.c | 54 ++++++++++++++++++++++++++++++++++++++++ - src/shared/conf-parser.h | 1 + - 8 files changed, 81 insertions(+) - -diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c -index f912b65..79089ac 100644 ---- a/src/basic/cgroup-util.c -+++ b/src/basic/cgroup-util.c -@@ -1951,6 +1951,20 @@ int cg_mask_supported(CGroupMask *ret) { - return cg_mask_supported_subtree(root, ret); - } - -+int cg_mask_disable_cgroup(CGroupMask disabled, CGroupMask *ret) { -+ int r; -+ -+ r = cg_all_unified(); -+ if (r < 0) -+ return r; -+ -+ /* We only care CGROUP_V1 */ -+ if (r == 0) -+ *ret &= ~disabled; -+ -+ return 0; -+} -+ - int cg_kernel_controllers(Set **ret) { - _cleanup_set_free_free_ Set *controllers = NULL; - _cleanup_fclose_ FILE *f = NULL; -diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h -index a491eca..faa253b 100644 ---- a/src/basic/cgroup-util.h -+++ b/src/basic/cgroup-util.h -@@ -269,6 +269,7 @@ typedef const char* (*cg_migrate_callback_t)(CGroupMask mask, void *userdata); - - int cg_mask_supported(CGroupMask *ret); - int cg_mask_supported_subtree(const char *root, CGroupMask *ret); -+int cg_mask_disable_cgroup(CGroupMask disabled, CGroupMask *ret); - int cg_mask_from_string(const char *s, CGroupMask *ret); - int cg_mask_to_string(CGroupMask mask, char **ret); - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index ab6d602..6101d53 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -3378,6 +3378,7 @@ int manager_setup_cgroup(Manager *m) { - if (r < 0) - return log_error_errno(r, "Failed to determine supported bpf-based pseudo-controllers: %m"); - m->cgroup_supported |= mask; -+ m->system_cgroup_supported = m->cgroup_supported; - - /* 10. Log which controllers are supported */ - for (CGroupController c = 0; c < _CGROUP_CONTROLLER_MAX; c++) -diff --git a/src/core/main.c b/src/core/main.c -index a39d7d3..c4ce9a8 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -145,6 +145,7 @@ static nsec_t arg_timer_slack_nsec; - static usec_t arg_default_timer_accuracy_usec; - static Set* arg_syscall_archs; - static FILE* arg_serialization; -+static CGroupMask arg_disable_cgroup_controllers; - static int arg_default_cpu_accounting; - static bool arg_default_io_accounting; - static bool arg_default_ip_accounting; -@@ -696,6 +697,7 @@ static int parse_config_file(void) { - { "Manager", "DefaultLimitNICE", config_parse_rlimit, RLIMIT_NICE, arg_default_rlimit }, - { "Manager", "DefaultLimitRTPRIO", config_parse_rlimit, RLIMIT_RTPRIO, arg_default_rlimit }, - { "Manager", "DefaultLimitRTTIME", config_parse_rlimit, RLIMIT_RTTIME, arg_default_rlimit }, -+ { "Manager", "DisableCGroupControllers", config_parse_cgroup, 0, &arg_disable_cgroup_controllers }, - { "Manager", "DefaultCPUAccounting", config_parse_tristate, 0, &arg_default_cpu_accounting }, - { "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_default_io_accounting }, - { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting }, -@@ -767,6 +769,10 @@ static void set_manager_defaults(Manager *m) { - m->default_start_limit_burst = arg_default_start_limit_burst; - m->default_dfx_reboot = arg_default_dfx_reboot; - -+ m->cgroup_disabled = arg_disable_cgroup_controllers; -+ m->cgroup_supported = m->system_cgroup_supported; -+ (void) cg_mask_disable_cgroup(m->cgroup_disabled, &m->cgroup_supported); -+ - /* On 4.15+ with unified hierarchy, CPU accounting is essentially free as it doesn't require the CPU - * controller to be enabled, so the default is to enable it unless we got told otherwise. */ - if (arg_default_cpu_accounting >= 0) -@@ -2395,6 +2401,7 @@ static void reset_arguments(void) { - - /* arg_serialization — ignore */ - -+ arg_disable_cgroup_controllers = 0; - arg_default_cpu_accounting = -1; - arg_default_io_accounting = false; - arg_default_ip_accounting = false; -diff --git a/src/core/manager.h b/src/core/manager.h -index 54c1d3e..1f7d3b5 100644 ---- a/src/core/manager.h -+++ b/src/core/manager.h -@@ -295,6 +295,8 @@ struct Manager { - /* Data specific to the cgroup subsystem */ - Hashmap *cgroup_unit; - CGroupMask cgroup_supported; -+ CGroupMask system_cgroup_supported; -+ CGroupMask cgroup_disabled; - char *cgroup_root; - - /* Notifications from cgroups, when the unified hierarchy is used is done via inotify. */ -diff --git a/src/core/system.conf.in b/src/core/system.conf.in -index c1fd308..2fe6f60 100644 ---- a/src/core/system.conf.in -+++ b/src/core/system.conf.in -@@ -49,6 +49,7 @@ - #DefaultStartLimitIntervalSec=10s - #DefaultStartLimitBurst=5 - #DefaultEnvironment= -+#DisableCGroupControllers=no - #DefaultCPUAccounting=no - #DefaultIOAccounting=no - #DefaultIPAccounting=no -diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c -index d0ac1b2..23fc1f5 100644 ---- a/src/shared/conf-parser.c -+++ b/src/shared/conf-parser.c -@@ -10,6 +10,7 @@ - #include "alloc-util.h" - #include "conf-files.h" - #include "conf-parser.h" -+#include "cgroup-util.h" - #include "def.h" - #include "ether-addr-util.h" - #include "extract-word.h" -@@ -1196,6 +1197,59 @@ int config_parse_rlimit( - return 0; - } - -+int config_parse_cgroup( -+ const char *unit, -+ const char *filename, -+ unsigned line, -+ const char *section, -+ unsigned section_line, -+ const char *lvalue, -+ int ltype, -+ const char *rvalue, -+ void *data, -+ void *userdata) { -+ assert(filename); -+ assert(lvalue); -+ assert(rvalue); -+ assert(data); -+ -+ CGroupMask *disabled_mask = data; -+ int r; -+ -+ for (;;) { -+ _cleanup_free_ char *word = NULL; -+ CGroupController cc; -+ int yes_or_no = 0; -+ -+ r = extract_first_word(&rvalue, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE); -+ if (r == 0) -+ break; -+ if (r == -ENOMEM) -+ return log_oom(); -+ if (r < 0) { -+ log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue); -+ break; -+ } -+ -+ yes_or_no = parse_boolean(word); -+ if (yes_or_no == 0) { -+ *disabled_mask = 0; -+ break; -+ } else if (yes_or_no == 1) { -+ *disabled_mask = CGROUP_MASK_V1; -+ break; -+ } -+ -+ cc = cgroup_controller_from_string(word); -+ if (cc < 0) { -+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse DisableCGroupControllers, ignoring: %s", word); -+ break; -+ } -+ *disabled_mask |= CGROUP_CONTROLLER_TO_MASK(cc); -+ } -+ return 0; -+} -+ - int config_parse_permille( - const char* unit, - const char *filename, -diff --git a/src/shared/conf-parser.h b/src/shared/conf-parser.h -index c3a1382..65ef71e 100644 ---- a/src/shared/conf-parser.h -+++ b/src/shared/conf-parser.h -@@ -146,6 +146,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_ifnames); - CONFIG_PARSER_PROTOTYPE(config_parse_ip_port); - CONFIG_PARSER_PROTOTYPE(config_parse_mtu); - CONFIG_PARSER_PROTOTYPE(config_parse_rlimit); -+CONFIG_PARSER_PROTOTYPE(config_parse_cgroup); - CONFIG_PARSER_PROTOTYPE(config_parse_vlanprotocol); - CONFIG_PARSER_PROTOTYPE(config_parse_hwaddr); - CONFIG_PARSER_PROTOTYPE(config_parse_hwaddrs); --- -2.23.0 - diff --git a/systemd-249.tar.gz b/systemd-253.tar.gz similarity index 54% rename from systemd-249.tar.gz rename to systemd-253.tar.gz index 7d0d938..0337f9f 100644 Binary files a/systemd-249.tar.gz and b/systemd-253.tar.gz differ diff --git a/systemd-change-time-log-level.patch b/systemd-change-time-log-level.patch deleted file mode 100644 index 80c7db6..0000000 --- a/systemd-change-time-log-level.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 7ca51ff9a4213025070f29c7814bba82984b90e7 Mon Sep 17 00:00:00 2001 -From: yefei25 -Date: Tue, 19 Nov 2019 21:49:52 +0800 -Subject: [PATCH] systemd: change time log level - - -Signed-off-by: yefei25 ---- - src/core/manager.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/core/manager.c b/src/core/manager.c -index 32c340f..29eccd8 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -2681,11 +2681,11 @@ static int manager_dispatch_time_change_fd(sd_event_source *source, int fd, uint - - assert(m); - assert(m->time_change_fd == fd); -- -- log_struct(LOG_DEBUG, -+ if (getpid_cached() == 1) { -+ log_struct(LOG_INFO, - "MESSAGE_ID=" SD_MESSAGE_TIME_CHANGE_STR, - LOG_MESSAGE("Time has been changed")); -- -+ } - /* Restart the watch */ - (void) manager_setup_time_change(m); - --- -2.19.1 diff --git a/systemd-core-Add-new-rules-for-lower-priority-events.patch b/systemd-core-Add-new-rules-for-lower-priority-events.patch deleted file mode 100644 index 921b362..0000000 --- a/systemd-core-Add-new-rules-for-lower-priority-events.patch +++ /dev/null @@ -1,224 +0,0 @@ -From 135dce487e4637e8afc4090334ccb2cb9feccdf1 Mon Sep 17 00:00:00 2001 -From: yangbin -Date: Fri, 3 Apr 2020 11:56:41 +0800 -Subject: [PATCH] systemd-core: Add new rules for lower priority events to - preempt over higher priority events - -1. When a high priority event happenes very frequent, and this event takes long time for execution,systemd will get into busy for handling this event only, and lower priority events will have no any change to dispatch and run. - -2. One example is the event for /proc/self/mountinfo, which have a very high priority with -10. -When there are many mountpoints in mountinfo(for example, there may be many netns mountpoints),this event will take long time to finish. -Then if now there are mountpoints in repeating mounting and unmounting(for example, /run/user/uid mountpoint will be mounted then unmounted when for one su command), -this event will take all time of systemd, and lower priority lower events will not be dispatched anyway. -This will case a very severity problem that zombie process will not be reaped, for the evnet for reaping zombies has a lower priority of -6. - -3. This patch fix this problem by add the following rules to allow lower priority events to preempt over higher priority events. -a) If a higher priority event has already been execute for a certain count in consecutive, it can be preempted by lower priority events. The default value for this count is 10, and can be configured through 'sd_event_source_set_preempt_dispatch_count'. -b) If a lower priority gets into pending for 10 times in consecutive, it can preempt over higher priority events. -c) If a lower priority is in pending, and is not dispatched over 50 iteration, it can preempt over higher priority events. -d) The above rules only works for events with priority equal or higher than 'SD_EVENT_PRIORITY_NORMAL' or evnets with type of SOURCE_DEFER, since SOURCE_DEFER events is used for job running queues. ---- - src/core/mount.c | 4 ++ - src/libsystemd/sd-event/event-source.h | 5 ++ - src/libsystemd/sd-event/sd-event.c | 81 ++++++++++++++++++++++++++ - src/systemd/sd-event.h | 1 + - 4 files changed, 91 insertions(+) - -diff --git a/src/core/mount.c b/src/core/mount.c -index 053deac..de5b745 100644 ---- a/src/core/mount.c -+++ b/src/core/mount.c -@@ -1895,6 +1895,10 @@ static void mount_enumerate(Manager *m) { - goto fail; - } - -+ r = sd_event_source_set_preempt_dispatch_count(m->mount_event_source, 5); -+ if (r < 0) -+ goto fail; -+ - (void) sd_event_source_set_description(m->mount_event_source, "mount-monitor-dispatch"); - } - -diff --git a/src/libsystemd/sd-event/event-source.h b/src/libsystemd/sd-event/event-source.h -index d2dc214..0fa41aa 100644 ---- a/src/libsystemd/sd-event/event-source.h -+++ b/src/libsystemd/sd-event/event-source.h -@@ -70,6 +70,11 @@ struct sd_event_source { - uint64_t pending_iteration; - uint64_t prepare_iteration; - -+ uint64_t preempted_iteration; /*The iteration that dispatched_count is greater than preempt_dispatch_count*/ -+ unsigned pending_count; /*times of pending not dispatched*/ -+ unsigned dispatched_count; /*consecutive dispatched count*/ -+ unsigned preempt_dispatch_count; /*Will be preempted by lower priority if dispatched count reaches to this*/ -+ - sd_event_destroy_t destroy_callback; - - LIST_FIELDS(sd_event_source, sources); -diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c -index e9199de..46f8aff 100644 ---- a/src/libsystemd/sd-event/sd-event.c -+++ b/src/libsystemd/sd-event/sd-event.c -@@ -27,6 +27,11 @@ - #include "strxcpyx.h" - #include "time-util.h" - -+#define DEFAULT_PREEMPTED_ITERATION_COUNT (3) -+#define DEFAULT_PREEMPT_DISPATCH_COUNT (10) -+#define DEFAULT_PREEMPT_PENDING_COUNT (10) -+#define DEFAULT_PREEMPT_ITERATION_COUNT (30) -+ - #define DEFAULT_ACCURACY_USEC (250 * USEC_PER_MSEC) - - static bool EVENT_SOURCE_WATCH_PIDFD(sd_event_source *s) { -@@ -152,6 +157,11 @@ struct sd_event { - - LIST_HEAD(sd_event_source, sources); - -+ /*last dispatched source, its type is sd_event_source, -+ * here use void to avoid accessing its members, -+ * for it may have been freed already.*/ -+ void *last_source; -+ - usec_t last_run_usec, last_log_usec; - unsigned delays[sizeof(usec_t) * 8]; - }; -@@ -165,6 +175,39 @@ static sd_event *event_resolve(sd_event *e) { - return e == SD_EVENT_DEFAULT ? default_event : e; - } - -+static int preempt_prioq_compare(const sd_event_source *x, const sd_event_source *y) { -+ if((x->priority > SD_EVENT_PRIORITY_NORMAL && x->type != SOURCE_DEFER) -+ || (y->priority > SD_EVENT_PRIORITY_NORMAL && y->type != SOURCE_DEFER)) { -+ return 0; /*only high priority evnets can preempt*/ -+ } -+ -+ if(x->priority <= y->priority) { -+ if(x->dispatched_count >= x->preempt_dispatch_count) -+ return 1; -+ if(y->type != SOURCE_DEFER) { /*pending state for defer event is always true*/ -+ /*y has lower priority, but its pending count is greater than x, so y wins*/ -+ if(y->pending_count >= (x->pending_count + DEFAULT_PREEMPT_PENDING_COUNT)) -+ return 1; -+ /*y has lower priority, but is in pending longer than x, so y wins*/ -+ if(x->pending_iteration >= (y->pending_iteration + DEFAULT_PREEMPT_ITERATION_COUNT)) -+ return 1; -+ } -+ } else { -+ if(y->dispatched_count >= y->preempt_dispatch_count) -+ return -1; -+ if(x->type != SOURCE_DEFER) { /*pending state for defer event is always true*/ -+ /*x has lower priority, but its pending count is greater than y, so x wins*/ -+ if(x->pending_count >= (y->pending_count + DEFAULT_PREEMPT_PENDING_COUNT)) -+ return -1; -+ /*x has lower priority, but is in pending longer than y, so x wins*/ -+ if(y->pending_iteration >= (x->pending_iteration + DEFAULT_PREEMPT_ITERATION_COUNT)) -+ return -1; -+ } -+ } -+ -+ return 0; -+} -+ - static int pending_prioq_compare(const void *a, const void *b) { - const sd_event_source *x = a, *y = b; - int r; -@@ -182,6 +225,10 @@ static int pending_prioq_compare(const void *a, const void *b) { - if (r != 0) - return r; - -+ r = preempt_prioq_compare(a, b); -+ if(r != 0) -+ return r; -+ - /* Lower priority values first */ - r = CMP(x->priority, y->priority); - if (r != 0) -@@ -998,6 +1045,17 @@ static int source_set_pending(sd_event_source *s, bool b) { - assert(s); - assert(s->type != SOURCE_EXIT); - -+ if (b && s->pending == b) -+ s->pending_count++; -+ else -+ s->pending_count = (b ? 1 : 0); -+ if (b && s->preempted_iteration && -+ (s->pending_count >= DEFAULT_PREEMPTED_ITERATION_COUNT || -+ s->event->iteration >= (s->preempted_iteration + DEFAULT_PREEMPTED_ITERATION_COUNT)) ) { -+ s->dispatched_count = 0; -+ s->preempted_iteration = 0; -+ } -+ - if (s->pending == b) - return 0; - -@@ -1057,6 +1115,7 @@ static sd_event_source *source_new(sd_event *e, bool floating, EventSourceType t - .type = type, - .pending_index = PRIOQ_IDX_NULL, - .prepare_index = PRIOQ_IDX_NULL, -+ .preempt_dispatch_count = DEFAULT_PREEMPT_DISPATCH_COUNT, - }; - - if (!floating) -@@ -2370,6 +2429,7 @@ static int event_source_offline( - s->enabled = enabled; - s->ratelimited = ratelimited; - -+ s->pending_count = 0; - switch (s->type) { - - case SOURCE_IO: -@@ -3443,6 +3503,19 @@ static int process_inotify(sd_event *e) { - return done; - } - -+static void source_dispatch_pre(sd_event_source *s) { -+ if(s->event->last_source == s) { -+ s->dispatched_count++; -+ if(s->dispatched_count >= s->preempt_dispatch_count) -+ s->preempted_iteration = s->event->iteration; -+ } else { -+ s->preempted_iteration = 0; -+ s->dispatched_count = 0; -+ } -+ s->event->last_source = s; -+ s->pending_count = 0; -+} -+ - static int source_dispatch(sd_event_source *s) { - _cleanup_(sd_event_unrefp) sd_event *saved_event = NULL; - EventSourceType saved_type; -@@ -3496,6 +3569,7 @@ static int source_dispatch(sd_event_source *s) { - return r; - } - -+ source_dispatch_pre(s); - s->dispatching = true; - - switch (s->type) { -@@ -4449,3 +4523,10 @@ _public_ int sd_event_source_is_ratelimited(sd_event_source *s) { - - return s->ratelimited; - } -+ -+_public_ int sd_event_source_set_preempt_dispatch_count(sd_event_source *s, unsigned count) { -+ assert_return(s, -EINVAL); -+ -+ s->preempt_dispatch_count = count; -+ return 0; -+} -diff --git a/src/systemd/sd-event.h b/src/systemd/sd-event.h -index 2ae2a0d..f113aba 100644 ---- a/src/systemd/sd-event.h -+++ b/src/systemd/sd-event.h -@@ -165,6 +165,7 @@ int sd_event_source_set_exit_on_failure(sd_event_source *s, int b); - int sd_event_source_set_ratelimit(sd_event_source *s, uint64_t interval_usec, unsigned burst); - int sd_event_source_get_ratelimit(sd_event_source *s, uint64_t *ret_interval_usec, unsigned *ret_burst); - int sd_event_source_is_ratelimited(sd_event_source *s); -+int sd_event_source_set_preempt_dispatch_count(sd_event_source *s, unsigned count); - - /* Define helpers so that __attribute__((cleanup(sd_event_unrefp))) and similar may be used. */ - _SD_DEFINE_POINTER_CLEANUP_FUNC(sd_event, sd_event_unref); --- -2.23.0 - diff --git a/systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch b/systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch deleted file mode 100644 index 5075453..0000000 --- a/systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch +++ /dev/null @@ -1,40 +0,0 @@ -From bf589755bd5b084f1b5dd099ea3e4917ac9911fd Mon Sep 17 00:00:00 2001 -From: huangkaibin -Date: Thu, 14 Sep 2017 12:54:01 +0800 -Subject: [PATCH] systemd-core: fix problem of dbus service can not be started - when dbus is dead and state of system dbus of systemd stay in - BUS_AUTHENTICATING. - -When systemd starts a dbus communication, it will first authenticate the bus by communicating with polkitd service, and then enter running state. -But if authenticating can not be establised within 25s(default timeout seconds) since authenticating starts -(maybe caused by polkitd service or dbus service can not be activated in time), the dbus state in systemd side will stays in BUS_AUTHENTICATING state, -and systemd will enter a mad state that it will handle authenticating(in bus_process_internal function) very frequently and will have no any change to -service for events of restarting services(by systemctl restart dbus.service --no-ask-password --no-block). So that the dbus service will never be restarted successfully. -systemd will enter such a state is caused by the timeout setting in sd_bus_get_timeout function. When in BUS_AUTHENTICATING state, the timeout is set -to a fix value of bus->auth_timeout(authenticating start time + 25s), if auth_timeout is an expired time, but not a furture time, systemd will always service -for the callback of function of dbus(time_callback) with no any delay when it got its chance, and leave no chance for events of restarting services. -This patch fix this problem by fixing the timeout to a furture time when bus->auth_timeout is expired. ---- - src/libsystemd/sd-bus/sd-bus.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index b0a3237..ca626d3 100644 ---- a/src/libsystemd/sd-bus/sd-bus.c -+++ b/src/libsystemd/sd-bus/sd-bus.c -@@ -2267,7 +2267,11 @@ _public_ int sd_bus_get_timeout(sd_bus *bus, uint64_t *timeout_usec) { - switch (bus->state) { - - case BUS_AUTHENTICATING: -- *timeout_usec = bus->auth_timeout; -+ //delay 1 second to ensure it is a furture time but not an expired time -+ if(bus->auth_timeout <= now(CLOCK_MONOTONIC)) -+ *timeout_usec = now(CLOCK_MONOTONIC) + USEC_PER_SEC; -+ else -+ *timeout_usec = bus->auth_timeout; - return 1; - - case BUS_RUNNING: --- -1.8.3.1 - diff --git a/systemd-solve-that-rsyslog-reads-journal-s-object-of.patch b/systemd-solve-that-rsyslog-reads-journal-s-object-of.patch deleted file mode 100644 index 27dc8db..0000000 --- a/systemd-solve-that-rsyslog-reads-journal-s-object-of.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 6aa35d7d911b6895043f222293703ef7cf60aca1 Mon Sep 17 00:00:00 2001 -From: yefei25 -Date: Thu, 5 Mar 2020 21:45:36 +0800 -Subject: [PATCH] systemd: solve that rsyslog reads journal's object of -size 0 - - -Signed-off-by: yefei25 - ---- - src/libsystemd/sd-journal/journal-file.c | 3 ++- - src/libsystemd/sd-journal/sd-journal.c | 9 +++++++--- - 2 files changed, 9 insertions(+), 3 deletions(-) - -diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c -index 220717d..221f8c4 100644 ---- a/src/libsystemd/sd-journal/journal-file.c -+++ b/src/libsystemd/sd-journal/journal-file.c -@@ -895,8 +895,9 @@ static int journal_file_check_object(JournalFile *f, uint64_t offset, Object *o) - le64toh(o->tag.epoch), offset); - - break; -+ default: -+ return -EBADMSG; - } -- - return 0; - } - -diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c -index d08b51e..489144b 100644 ---- a/src/libsystemd/sd-journal/sd-journal.c -+++ b/src/libsystemd/sd-journal/sd-journal.c -@@ -127,6 +127,10 @@ static void init_location(Location *l, LocationType type, JournalFile *f, Object - assert(IN_SET(type, LOCATION_DISCRETE, LOCATION_SEEK)); - assert(f); - -+ if(o->object.type != OBJECT_ENTRY || o->object.size == 0){ -+ return; -+ } -+ - *l = (Location) { - .type = type, - .seqnum = le64toh(o->entry.seqnum), -@@ -856,7 +860,8 @@ static int real_journal_next(sd_journal *j, direction_t direction) { - return r; - - set_location(j, new_file, o); -- -+ if(o->object.size == 0) -+ return -EBADMSG; - return 1; - } - -@@ -2300,7 +2305,7 @@ static int return_data(sd_journal *j, JournalFile *f, Object *o, const void **da - assert(f); - - l = le64toh(READ_NOW(o->object.size)); -- if (l < offsetof(Object, data.payload)) -+ if (l == 0 || o->object.type == 0 || l < offsetof(Object, data.payload)) - return -EBADMSG; - l -= offsetof(Object, data.payload); - --- -2.19.1 - diff --git a/systemd.spec b/systemd.spec index 7184ccd..930d615 100644 --- a/systemd.spec +++ b/systemd.spec @@ -20,8 +20,8 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd -Version: 249 -Release: 52 +Version: 253 +Release: 1 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -46,530 +46,6 @@ Source105: rule_generator.functions Source106: write_net_rules Source107: detect_virt -Patch6000: backport-hostnamed-correct-variable-with-errno-in-fallback_ch.patch -Patch6001: backport-docs-improve-wording-when-mentioning-the-acronym-ESP.patch -Patch6002: backport-systemctl-show-error-when-help-for-unknown-unit-is-r.patch -Patch6003: backport-shared-format-table-allocate-buffer-of-sufficient-si.patch -Patch6004: backport-fix-CVE-2021-33910.patch -Patch6005: backport-sd-bus-fix-missing-initializer-in-SD_BUS_VTABLE_END-.patch -Patch6006: backport-pid1-propagate-the-original-command-line-when-reexec.patch -Patch6007: backport-coredump-stacktrace.c-avoid-crash-on-binaries-withou.patch -Patch6008: backport-machined-varlink-fix-double-free.patch -Patch6009: backport-malloc-uses-getrandom-now.patch -Patch6010: backport-discover-image-mount-as-read-only-when-extracting-me.patch -Patch6011: backport-networkd-Include-linux-netdevice.h-header.patch -Patch6012: backport-seccomp-drop-getrandom-from-system-service.patch -Patch6013: backport-seccomp-move-sched_getaffinity-from-system-service-t.patch -Patch6014: backport-systemctl-allow-set-property-to-be-called-with-a-glo.patch -Patch6015: backport-Use-correct-fcntl.h-include.patch -Patch6016: backport-Use-correct-poll.h-include.patch -Patch6017: backport-veritysetup-print-help-for-help-h-help.patch -Patch6018: backport-network-use-address_equal-route_equal-to-compare-add.patch -Patch6019: backport-mkosi-openSUSE-update-bootable-no-dependencies.patch -Patch6020: backport-mkosi-Fix-openSUSE-Jinja2-package-name.patch -Patch6021: backport-sd-netlink-always-append-new-bridge-FDB-entries.patch -Patch6022: backport-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch -Patch6023: backport-core-wrap-cgroup-path-with-empty_to_root-in-log-mess.patch -Patch6024: backport-network-add-comments.patch -Patch6025: backport-network-ignore-errors-on-setting-bridge-config.patch -Patch6026: backport-network-ignore-errors-on-unsetting-master-ifindex.patch -Patch6027: backport-network-also-check-addresses-when-determine-a-gatewa.patch -Patch6028: backport-network-check-the-received-interface-name-is-actuall.patch -Patch6029: backport-network-configure-address-with-requested-lifetime.patch -Patch6030: backport-network-use-monotonic-instead-of-boot-time-to-handle.patch -Patch6031: backport-udev-when-setting-up-lo-do-not-return-an-error.patch -Patch6032: backport-network-fix-configuring-of-CAN-devices.patch -Patch6033: backport-network-fix-logic-for-checking-gateway-address-is-re.patch -Patch6034: backport-Fix-the-Failed-to-open-random-seed-.-message.patch -Patch6035: backport-resolved-Don-t-omit-AD-bit-in-reply-if-DO-is-set-in-.patch -Patch6036: backport-sd-dhcp6-client-fix-copy-and-paste-mistake.patch -Patch6037: backport-sd-dhcp6-client-cirtainly-adjust-T1-and-T2.patch -Patch6038: backport-Get-rid-of-dangling-setutxent.patch -Patch6039: backport-sd-dhcp-server-fix-possible-double-free-or-use-after.patch -Patch6040: backport-hostname-fix-off-by-one-issue-in-gethostname.patch -Patch6041: backport-systemd-analyze-parse-ip_filters_custom_egress-corre.patch -Patch6042: backport-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch -Patch6043: backport-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch -Patch6044: backport-sd-boot-Fix-possible-null-pointer-dereference.patch -Patch6045: backport-resolved-retry-on-SERVFAIL-before-downgrading-featur.patch -Patch6046: backport-Don-t-open-var-journals-in-volatile-mode-when-runtim.patch -Patch6047: backport-network-allow-users-to-forbid-passthru-MACVLAN-from-.patch -Patch6048: backport-unit-coldplug-both-job-and-nop_job-if-possible.patch -Patch6049: backport-network-do-not-assume-the-highest-priority-when-Prio.patch -Patch6050: backport-fstab-generator-Respect-nofail-when-ordering.patch -Patch6051: backport-discover-image-pass-the-right-fd-to-fd_getcrtime.patch -Patch6052: backport-src-boot-efi-linux-fix-linux_exec-prototype.patch -Patch6053: backport-timesync-fix-wrong-type-for-receiving-timestamp-in-n.patch -Patch6054: backport-import-turn-off-weird-protocols-in-curl.patch -Patch6055: backport-network-fix-wrong-flag-manage_foreign_routes-manage_.patch -Patch6056: backport-icmp6-drop-unnecessary-assertion.patch -Patch6057: backport-socket-util-introduce-CMSG_SPACE_TIMEVAL-TIMESPEC-ma.patch -Patch6058: backport-timesync-check-cmsg-length.patch -Patch6059: backport-journal-network-timesync-fix-segfault-on-32bit-timev.patch -Patch6060: backport-tpm-util-fix-TPM-parameter-handling.patch -Patch6061: backport-basic-linux-Sync-if_arp.h-with-Linux-5.14.patch -Patch6062: backport-Drop-bundled-copy-of-linux-if_arp.h.patch -Patch6063: backport-explicitly-close-FIDO2-devices.patch -Patch6064: backport-core-respect-install_sysconfdir_samples-in-meson-fil.patch -Patch6065: backport-login-respect-install_sysconfdir_samples-in-meson-fi.patch -Patch6066: backport-core-Remove-circular-include.patch -Patch6067: backport-path-util-make-find_executable-work-without-proc-mou.patch -Patch6068: backport-Fix-another-crash-due-to-missing-NHDR.patch -Patch6069: backport-hwdb-remove-double-empty-line-in-help-text.patch -Patch6070: backport-run-mount-systemctl-don-t-fork-off-PolicyKit-ask-pw-.patch -Patch6071: backport-homed-make-sure-to-use-right-asssesors-for-GID-acces.patch -Patch6072: backport-homed-fix-log-message-referring-to-fsck-when-we-actu.patch -Patch6073: backport-homed-add-missing-SYNTHETIC_ERRNO.patch -Patch6074: backport-homed-remove-misplaced-assert.patch -Patch6075: backport-network-print-Ethernet-Link-Layer-DHCP-client-ID-wit.patch -Patch6076: backport-udev-fix-potential-memleak.patch -Patch6077: backport-nspawn-fix-type-to-pass-to-connect.patch -Patch6078: backport-home-secret-argument-of-handle_generic_user_record_e.patch -Patch6079: backport-docs-portablectl-is-in-bin.patch -Patch6080: backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch -Patch6081: backport-sd-event-take-ref-on-event-loop-object-before-dispat.patch -Patch6082: backport-nss-systemd-pack-pw_passwd-result-into-supplied-buff.patch -Patch6083: backport-nss-systemd-ensure-returned-strings-point-into-provi.patch -Patch6084: backport-core-Parse-log-environment-settings-again-after-appl.patch -Patch6085: backport-network-fix-handling-of-network-interface-renaming.patch -Patch6086: backport-virt-Improve-detection-of-EC2-metal-instances.patch -Patch6087: backport-Fix-error-building-repart-with-no-libcryptsetup-2073.patch -Patch6088: backport-sd-journal-Don-t-compare-hashes-from-different-journ.patch -Patch6089: backport-test-use-a-less-restrictive-portable-profile-when-ru.patch -Patch6090: backport-Respect-install_sysconfdir.patch -Patch6091: backport-journalctl-never-fail-at-flushing-when-the-flushed-f.patch -Patch6092: backport-sd-journal-Ignore-data-threshold-if-set-to-zero-in-s.patch -Patch6093: backport-watchdog-pass-right-error-code-to-log-function-so-th.patch -Patch6094: backport-fileio-lower-maximum-virtual-file-buffer-size-by-one.patch -Patch6095: backport-fileio-set-O_NOCTTY-when-reading-virtual-files.patch -Patch6096: backport-fileio-start-with-4k-buffer-for-procfs.patch -Patch6097: backport-fileio-fix-truncated-read-handling-in-read_virtual_f.patch -Patch6098: backport-test-fileio-test-read_virtual_file-with-more-files-f.patch -Patch6099: backport-bootctl-Fix-update-not-adding-EFI-entry-if-Boot-IDs-.patch -Patch6100: backport-network-disable-event-sources-before-unref-them.patch -Patch6101: backport-libsystemd-network-disable-event-sources-before-unre.patch -Patch6102: backport-resolved-suppress-writing-DNS-server-info-into-etc-r.patch -Patch6103: backport-resolvconf-compat-make-u-operation-a-NOP.patch -Patch6104: backport-basic-unit-file-don-t-filter-out-names-starting-with.patch -Patch6105: backport-core-mount-add-implicit-unit-dependencies-even-if-wh.patch -Patch6106: backport-seccomp-Always-install-filters-for-native-architectu.patch -Patch6107: backport-test-Check-that-native-architecture-is-always-filter.patch -Patch6108: backport-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch -Patch6109: backport-sleep-don-t-skip-resume-device-with-low-priority-ava.patch -Patch6110: backport-repart-use-right-error-variable.patch -Patch6111: backport-basic-env-util-correctly-parse-extended-vars-after-n.patch -Patch6112: backport-user-record-disable-two-pbkdf-fields-that-don-t-appl.patch -Patch6113: backport-core-fix-SIGABRT-on-empty-exec-command-argv.patch -Patch6114: backport-core-service-also-check-path-in-exec-commands.patch -Patch6115: backport-coredump-Don-t-log-an-error-if-D-Bus-isn-t-running.patch -Patch6116: backport-ether-addr-util-make-hw_addr_to_string-return-valid-.patch -Patch6117: backport-localed-use-PROJECT_FILE-rather-than-__FILE__-for-lo.patch -Patch6118: backport-coredumpctl-stop-truncating-information-about-coredu.patch -Patch6119: backport-sd-dhcp6-client-ignore-IAs-whose-IAID-do-not-match-c.patch -Patch6120: backport-sd-boot-Unify-error-handling.patch -Patch6121: backport-sd-boot-Rework-console-input-handling.patch -Patch6122: backport-coredump-fix-filename-in-journal-when-not-compressed.patch -Patch6123: backport-virt-Support-detection-for-ARM64-Hyper-V-guests.patch -Patch6124: backport-homework-fix-incorrect-error-variable-use.patch -Patch6125: backport-sd-device-monitor-update-log-message-to-clarify-the-.patch -Patch6126: backport-homework-don-t-bother-with-BLKRRPART-on-images-that-.patch -Patch6127: backport-userdb-fix-type-to-pass-to-connect.patch -Patch6128: backport-homed-shutdown-call-valgrind-magic-after-LOOP_GET_ST.patch -Patch6129: backport-utmp-remove-dev-from-line.patch -Patch6130: backport-network-route-fix-possible-overflow-in-conversion-us.patch -Patch6131: backport-varlink-disconnect-varlink-link-in-one-more-case.patch -Patch6132: backport-udev-do-not-try-to-rename-interface-if-it-is-already.patch -Patch6133: backport-stat-util-specify-O_DIRECTORY-when-reopening-dir-in-.patch -Patch6134: backport-json-do-something-remotely-reasonable-when-we-see-Na.patch -Patch6135: backport-change-indicator-used-for-later-versions-of-VirtualB.patch -Patch6136: backport-hwdb-Allow-console-users-access-to-media-nodes.patch -Patch6137: backport-test-do-not-use-alloca-in-function-call.patch -Patch6138: backport-systemctl-pretty-print-ExtensionImages-property.patch -Patch6139: backport-systemctl-small-fixes-for-MountImages-pretty-printin.patch -Patch6140: backport-core-normalize-r-variable-handling-in-unit_attach_pi.patch -Patch6141: backport-scope-refuse-activation-of-scopes-if-no-PIDs-to-add-.patch -Patch6142: backport-homework-repart-turn-on-cryptsetup-logging-before-we.patch -Patch6143: backport-systemctl-only-fall-back-to-local-cgroup-display-if-.patch -Patch6144: backport-execute-respect-selinux_context_ignore.patch -Patch6145: backport-core-ignore-failure-on-setting-smack-process-label-w.patch -Patch6146: backport-process-util-wait-for-processes-we-killed-even-if-ki.patch -Patch6147: backport-scope-count-successful-cgroup-additions-when-delegat.patch -Patch6148: backport-creds-util-switch-to-OpenSSL-3.0-APIs.patch -Patch6149: backport-openssl-util-use-EVP-API-to-get-RSA-bits.patch -Patch6150: backport-ci-fix-indentation.patch -Patch6151: backport-ci-cancel-previous-jobs-on-ref-update.patch -Patch6152: backport-ci-take-CIFuzz-s-matrix-into-consideration.patch -Patch6153: backport-ci-run-the-unit_tests-and-mkosi-jobs-on-stable-branc.patch -Patch6154: backport-test-oomd-util-skip-tests-if-cgroup-memory-controlle.patch -Patch6155: backport-ci-pin-the-debian-systemd-repo-to-a-specific-revisio.patch -Patch6156: backport-basic-mountpoint-util-detect-erofs-as-a-read-only-FS.patch -Patch6157: backport-user-record-fix-display-of-access-mode.patch -Patch6158: backport-logind-downgrade-message-about-run-utmp-missing-to-L.patch -Patch6159: backport-tree-wide-use-sd_event_source_disable_unref-where-we.patch -Patch6160: backport-sd-event-don-t-destroy-inotify-data-structures-from-.patch -Patch6161: backport-Change-gendered-terms-to-be-gender-neutral-21325.patch -Patch6162: backport-binfmt-fix-exit-value.patch -Patch6163: backport-unit_is_bound_by_inactive-fix-return-pointer-check.patch -Patch6164: backport-umask-util-add-helper-that-resets-umask-until-end-of.patch -Patch6165: backport-namespace-rebreak-a-few-comments.patch -Patch6166: backport-namespace-make-whole-namespace_setup-work-regardless.patch -Patch6167: backport-namespace-make-tmp-dir-handling-code-independent-of-.patch -Patch6168: backport-tests-add-test-case-for-UMask-BindPaths-combination.patch -Patch6169: backport-sd-dhcp6-client-constify-one-argument.patch -Patch6170: backport-sd-dhcp6-client-modernize-dhcp6_option_parse.patch -Patch6171: backport-test-add-tests-for-reading-unaligned-data.patch -Patch6172: backport-sd-dhcp6-client-fix-buffer-size-calculation-in-dhcp6.patch -Patch6173: backport-sd-dhcp6-client-constify-several-arguments.patch -Patch6174: backport-sd-dhcp6-client-make-dhcp6_lease_free-accepts-NULL.patch -Patch6175: backport-sd-dhcp6-client-do-not-merge-NTP-and-SNTP-options.patch -Patch6176: backport-dhcp-fix-assertion-failure.patch -Patch6177: backport-network-address-read-flags-from-message-header-when-.patch -Patch6178: backport-seccomp-move-mprotect-to-default.patch -Patch6179: backport-journal-Skip-over-corrupt-entry-items-in-enumerate_d.patch -Patch6180: backport-journal-Use-separate-variable-for-Data-object-in-sd_.patch -Patch6181: backport-journal-Skip-corrupt-Data-objects-in-sd_journal_get_.patch -Patch6182: backport-analyze-fix-printing-config-when-there-is-no-main-co.patch -Patch6183: backport-resolved-fix-ResolveService-hostname-handling.patch -Patch6184: backport-resolved-properly-signal-transient-errors-back-to-NS.patch -Patch6185: backport-resolved-make-sure-we-don-t-hit-an-assert-when-deali.patch -Patch6186: backport-resolved-clean-up-manager_write_resolv_conf-a-bit.patch -Patch6187: backport-virt-Fix-the-detection-for-Hyper-V-VMs.patch -Patch6188: backport-homework-fix-a-bad-error-propagation.patch -Patch6189: backport-journal-Remove-entry-seqnum-revert-logic.patch -Patch6190: backport-mmap-cache-LIST_REMOVE-after-w-unused_prev.patch -Patch6191: backport-journal-Deduplicate-entry-items-before-they-are-stor.patch -Patch6192: backport-test-journal-flush-allow-testing-against-specific-fi.patch -Patch6193: backport-test-journal-flush-do-not-croak-on-corrupted-input-f.patch -Patch6194: backport-fix-ConditionDirectoryNotEmpty-when-it-comes-to-a-No.patch -Patch6195: backport-fix-ConditionPathIsReadWrite-when-path-does-not-exis.patch -Patch6196: backport-sd-dhcp6-client-fix-error-handling.patch -Patch6197: backport-core-bpf-firewall-make-bpf_firewall_supported-always.patch -Patch6198: backport-cgroup-don-t-emit-BPF-firewall-warning-when-manager-.patch -Patch6199: backport-cryptenroll-fix-wrong-error-messages.patch -Patch6200: backport-Bump-the-max-number-of-inodes-for-dev-to-128k.patch -Patch6201: backport-fix-DirectoryNotEmpty-when-it-comes-to-a-Non-directo.patch -Patch6202: backport-core-use-correct-level-for-CPU-time-log-message.patch -Patch6203: backport-core-cgroup-set-bfq.weight-first-and-fixes-blkio.wei.patch -Patch6204: backport-core-cgroup-use-helper-macro-for-bfq-conversion.patch -Patch6205: backport-resolve-remove-server-large-level.patch -Patch6206: backport-mkosi-Build-Fedora-35-images.patch -Patch6207: backport-home-fix-heap-use-after-free.patch -Patch6208: backport-journactl-show-info-about-journal-range-only-at-debu.patch -Patch6209: backport-fstab-generator-do-not-remount-sys-when-running-in-a.patch -Patch6210: backport-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch -Patch6211: backport-repart-use-real-disk-start-end-for-bar-production.patch -Patch6212: backport-machined-set-TTYPath-for-container-shell.patch -Patch6213: backport-sd-journal-free-incomplete-match-on-failure.patch -Patch6214: backport-sd-journal-fix-segfault-when-match_new-fails.patch -Patch6215: backport-random-util-use-ssize_t-for-getrandom-return-value.patch -Patch6216: backport-dbus-wait-for-jobs-add-extra_args-to-bus_wait_for_jo.patch -Patch6217: backport-systemd-run-ensure-error-logs-suggest-to-use-user-wh.patch -Patch6218: backport-sysusers-use-filename-if-proc-is-not-mounted.patch -Patch6219: backport-nss-systemd-fix-required-buffer-size-calculation.patch -Patch6220: backport-nss-systemd-fix-alignment-of-gr_mem.patch -Patch6221: backport-nss-myhostname-do-not-apply-non-zero-offset-to-null-.patch -Patch6222: backport-syscalls-update-syscall-definitions.patch -Patch6223: backport-missing-syscall-add-__NR_openat2.patch -Patch6224: backport-basic-log-allow-errno-values-higher-than-255.patch -Patch6225: backport-backlight-ignore-error-if-the-backlight-device-is-al.patch -Patch6226: backport-logind-do-not-propagate-error-in-delayed-action.patch -Patch6227: backport-test-watchdog-mark-as-unsafe.patch -Patch6228: backport-fstab-generator-skip-root-directory-handling-when-nf.patch -Patch6229: backport-seccomp-move-arch_prctl-to-default.patch -Patch6230: backport-boot-timestamps-Discard-firmware-init-time-when-runn.patch -Patch6231: backport-CVE-2021-3997-rm-rf-refactor-rm_rf_children-split-out-body-of-dire.patch -Patch6232: backport-CVE-2021-3997-rm-rf-optionally-fsync-after-removing-directory-tree.patch -Patch6233: backport-CVE-2021-3997-tmpfiles-st-may-have-been-used-uninitialized.patch -Patch6234: backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch -Patch6235: backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch -Patch6236: backport-CVE-2021-3997-shared-rm-rf-loop-over-nested-directories-instead-of.patch -Patch6237: backport-nss-drop-dummy-setup_logging-helpers.patch -Patch6238: backport-nss-only-read-logging-config-from-environment-variab.patch -Patch6239: backport-fix-test-string-util-failed-when-locale-is-not-utf8.patch -Patch6240: backport-policy-files-adjust-landing-page-link.patch -Patch6241: backport-xdg-autostart-service-Ignore-missing-desktop-sepcifi.patch -Patch6242: backport-journal-Skip-data-objects-with-invalid-offsets.patch -Patch6243: backport-namespace-allow-ProcSubset-pid-with-some-ProtectKern.patch -Patch6244: backport-sysext-use-LO_FLAGS_PARTSCAN-when-opening-image.patch -Patch6245: backport-dissect-image-validate-extension-release-even-if-the.patch -Patch6246: backport-core-refuse-to-mount-ExtensionImages-if-the-base-lay.patch -Patch6247: backport-resolve-fix-assertion-triggered-when-r-0.patch -Patch6248: backport-oomd-fix-race-with-path-unavailability-when-killing-.patch -Patch6249: backport-oomd-handle-situations-when-no-cgroups-are-killed.patch -Patch6250: backport-udevadm-cleanup_dir-use-dot_or_dot_dot.patch -Patch6251: backport-udevadm-cleanup-db-don-t-delete-information-for-kept.patch -Patch6252: backport-core-namespace-allow-using-ProtectSubset-pid-and-Pro.patch -Patch6253: backport-core-namespace-s-normalize_mounts-drop_unused_mounts.patch -Patch6254: backport-logind.conf-Fix-name-of-option-RuntimeDirectoryInode.patch -Patch6255: backport-sd-dhcp-server-refuse-too-large-packet-to-send.patch -Patch6256: backport-basic-mac_-selinux-smack-_apply_fd-does-not-work-whe.patch -Patch6257: backport-sd-dhcp-lease-fix-an-infinite-loop-found-by-the-fuzz.patch -Patch6258: backport-sd-dhcp-lease-fix-a-memory-leak-in-dhcp_lease_parse_.patch -Patch6259: backport-core-don-t-fail-on-EEXIST-when-creating-mount-point.patch -Patch6260: backport-bus-util-retrieve-bus-error-from-message.patch -Patch6261: backport-core-unit-use-bus_error_message-at-one-more-place.patch -Patch6262: backport-login-use-bus_error_message-at-one-more-place.patch -Patch6263: backport-pid1-pass-PAM_DATA_SILENT-to-pam_end-in-child.patch -Patch6264: backport-execute-use-_cleanup_-logic-where-appropriate.patch -Patch6265: backport-execute-line-break-comments-a-bit-less-aggressively.patch -Patch6266: backport-execute-document-that-the-env-param-is-input-and-out.patch -Patch6267: backport-sd-dhcp-lease-fix-memleak.patch -Patch6269: backport-util-another-set-of-CVE-2021-4034-assert-s.patch -Patch6270: backport-resolve-fix-potential-memleak-and-use-after-free.patch -Patch6271: backport-resolve-fix-possible-memleak.patch -Patch6272: backport-resolve-use-_cleanup_-attribute-for-freeing-DnsQuery.patch -Patch6273: backport-network-bridge-fix-endian-of-vlan-protocol.patch -Patch6274: backport-basic-escape-add-helper-for-quoting-command-lines.patch -Patch6275: backport-core-use-the-new-quoting-helper.patch -Patch6276: backport-sd-bus-print-quoted-commandline-when-in-bus_socket_e.patch -Patch6277: backport-sd-bus-print-debugging-information-if-bus_container_.patch -Patch6278: backport-sd-bus-allow-numerical-uids-in-M-user-.host.patch -Patch6279: backport-packit-remove-unsupported-Dcryptolib-openssl-option.patch -Patch6280: backport-sd-device-silence-gcc-warning-with-newest-gcc.patch -Patch6281: backport-packit-build-on-and-use-Fedora-35-spec-file.patch -Patch6282: backport-ci-use-the-system-llvm-11-package-on-Focal.patch -Patch6283: backport-resolve-refuse-AF_UNSPEC-when-resolving-address.patch -Patch6284: backport-resolve-add-reference-of-the-original-bus-message-to.patch -Patch6285: backport-ci-replace-apt-key-with-signed-by.patch -Patch6286: backport-ci-fix-clang-13-installation.patch -Patch6287: backport-tree-wide-mark-set-but-not-used-variables-as-unused-.patch -Patch6288: backport-sd-dhcp-server-rename-server_send_nak-server_send_na.patch -Patch6289: backport-packit-drop-unnumbered-patches-as-well.patch -Patch6290: backport-dns-domain-re-introduce-dns_name_is_empty.patch -Patch6291: backport-resolve-synthesize-empty-name.patch -Patch6292: backport-resolve-synthesize-null-address-IPv4-broadcast-addre.patch -Patch6293: backport-resolve-drop-never-matched-condition.patch -Patch6294: backport-resolve-make-dns_scope_good_domain-take-DnsQuery.patch -Patch6295: backport-resolve-synthesize-empty-domain-only-when-A-and-or-A.patch -Patch6296: backport-pid1-watch-bus-name-always-when-we-have-it.patch -Patch6297: backport-pid1-lookup-owning-PID-of-BusName-name-of-services-a.patch -Patch6298: backport-docs-SYSTEMD_NSS_BYPASS_BUS-is-not-honoured-anymore-.patch -Patch6299: backport-pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-db.patch -Patch6300: backport-systemctl-make-timestamp-affect-the-show-verb-as-wel.patch -Patch6301: backport-core-really-skip-automatic-restart-when-a-JOB_STOP-j.patch -Patch6302: backport-test-oomd-util-style-fixlets.patch -Patch6303: backport-test-oomd-util-fix-conditional-jump-on-uninitialised.patch -Patch6304: backport-test-fix-file-descriptor-leak-in-test-catalog.patch -Patch6305: backport-test-fix-file-descriptor-leak-in-test-oomd-util.patch -Patch6306: backport-test-fix-file-descriptor-leak-in-test-fs-util.patch -Patch6307: backport-test-fix-file-descriptor-leak-in-test-tmpfiles.c.patch -Patch6308: backport-test-fix-file-descriptor-leak-in-test-psi-util.patch -Patch6309: backport-clang-format-we-actually-typically-use-16ch-continua.patch -Patch6310: backport-test-journal-send-close-fd-opend-by-syslog.patch -Patch6311: backport-journal-send-close-fd-on-exit-when-running-with-valg.patch -Patch6312: backport-udev-builtin-input_id-don-t-label-absolute-mice-as-p.patch -Patch6313: backport-mkosi-Remove-Arch-nspawn-workaround.patch -Patch6314: backport-core-check-size-before-mmap.patch -Patch6315: backport-devnode-acl-use-_cleanup_-to-free-acl_t.patch -Patch6316: backport-dissect-image-add-extension-specific-validation-flag.patch -Patch6317: backport-portabled-error-out-if-there-are-no-units-only-after.patch -Patch6318: backport-portabled-validate-SYSEXT_LEVEL-when-attaching.patch -Patch6319: backport-portabled-refactor-extraction-validation-into-a-comm.patch -Patch6320: backport-portable-move-profile-search-helper-to-path-lookup.patch -Patch6321: backport-portable-add-flag-to-return-extension-releases-in-Ge.patch -Patch6322: backport-portablectl-reorder-if-branches-to-match-previous-co.patch -Patch6323: backport-portable-inline-one-variable-declaration.patch -Patch6324: backport-portable-add-return-parameter-to-GetImageMetadataWit.patch -Patch6325: backport-wait-online-rename-Manager-elements.patch -Patch6326: backport-journald-make-sure-SIGTERM-handling-doesn-t-get-star.patch -Patch6327: backport-journal-file-if-we-are-going-down-don-t-use-event-lo.patch -Patch6328: backport-kernel-install-also-remove-modules.builtin.alias.bin.patch -Patch6329: backport-Bump-the-max-number-of-inodes-for-dev-to-a-million.patch -Patch6330: backport-Bump-the-max-number-of-inodes-for-tmp-to-a-million-t.patch -Patch6331: backport-unit-escape.patch -Patch6332: backport-udev-rename-type-name-e.g.-struct-worker-Worker.patch -Patch6333: backport-udev-run-the-main-process-workers-and-spawned-comman.patch -Patch6334: backport-Add-meson-option-to-disable-urlify.patch -Patch6335: backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch -Patch6336: backport-login-drop-non-default-value-for-RuntimeDirectoryIno.patch -Patch6337: backport-login-make-RuntimeDirectoryInodesMax-support-K-G-M-s.patch -Patch6338: backport-virt-detect-OpenStack-Nova-instance.patch -Patch6339: backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch -Patch6340: backport-revert-delete-initrd-usr-fs-target.patch -Patch6341: backport-journal-Only-move-to-objects-when-necessary.patch -Patch6342: backport-sd-device-introduce-device_has_devlink.patch -Patch6343: backport-udev-node-split-out-permission-handling-from-udev_no.patch -Patch6344: backport-udev-node-stack-directory-must-exist-when-adding-dev.patch -Patch6345: backport-udev-node-save-information-about-device-node-and-pri.patch -Patch6346: backport-udev-node-always-update-timestamp-of-stack-directory.patch -Patch6347: backport-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch -Patch6348: backport-udev-node-always-atomically-create-symlink-to-device.patch -Patch6349: backport-udev-node-check-stack-directory-change-even-if-devli.patch -Patch6350: backport-udev-node-shorten-code-a-bit-and-update-log-message.patch -Patch6351: backport-udev-node-add-random-delay-on-conflict-in-updating-d.patch -Patch6352: backport-udev-node-drop-redundant-trial-of-devlink-creation.patch -Patch6353: backport-udev-node-simplify-the-example-of-race.patch -Patch6354: backport-udev-node-do-not-ignore-unexpected-errors-on-removin.patch -Patch6355: backport-calendarspec-fix-possibly-skips-next-elapse.patch -Patch6356: backport-macro-account-for-negative-values-in-DECIMAL_STR_WID.patch -Patch6357: backport-core-command-argument-can-be-longer-than-PATH_MAX.patch -Patch6358: backport-hwdb-fix-parsing-options.patch -Patch6359: backport-sd-bus-fix-buffer-overflow.patch -Patch6360: backport-temporarily-disable-test-seccomp.patch -Patch6362: backport-meson.build-change-operator-combining-bools-from-to-.patch -Patch6363: backport-core-replace-slice-dependencies-as-they-get-added.patch -Patch6364: backport-scsi_id-retry-inquiry-ioctl-if-host_byte-is-DID_TRAN.patch -Patch6365: backport-revert-units-add-ProtectClock-yes.patch -Patch6366: backport-fix-CVE-2022-3821.patch -Patch6367: backport-CVE-2022-4415-test-Create-convenience-macros-to-declare-tests.patch -Patch6368: backport-CVE-2022-4415-test-Slightly-rework-DEFINE_TEST_MAIN-macros.patch -Patch6369: backport-CVE-2022-4415-test-Add-TEST_RET-macro.patch -Patch6370: backport-CVE-2022-4415-test-Add-sd_booted-condition-test-to-TEST-macro.patch -Patch6371: backport-CVE-2022-4415-basic-add-STRERROR-wrapper-for-strerror_r.patch -Patch6372: backport-CVE-2022-4415-tree-wide-define-and-use-STRERROR_OR_EOF.patch -Patch6373: backport-coredump-Fix-format-string-type-mismatch.patch -Patch6374: backport-coredump-drop-an-unused-variable.patch -Patch6375: backport-CVE-2022-4415-coredump-adjust-whitespace.patch -Patch6376: backport-CVE-2022-4415-dont-allow-user-access-coredumps-with-changed-uid.patch -Patch6377: backport-dns-domain-make-each-label-nul-terminated.patch -Patch6378: backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch -Patch6379: backport-sd-bus-do-not-pass-NULL-when-received-message-with-i.patch -Patch6380: backport-growfs-don-t-actually-resize-on-dry-run.patch -Patch6381: backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch -Patch6382: backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch -Patch6383: backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch -Patch6384: backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch -Patch6385: backport-unit-file-avoid-null-in-debugging-logs.patch -Patch6386: backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch -Patch6387: backport-dhcp-fix-potential-buffer-overflow.patch -Patch6388: backport-sd-device-monitor-actually-refuse-to-send-invalid-de.patch -Patch6389: backport-sysusers-add-fsync-for-passwd-24324.patch -Patch6390: backport-condition-fix-device-tree-firmware-path.patch -Patch6391: backport-log-don-t-attempt-to-duplicate-closed-fd.patch -Patch6392: backport-mount-util-fix-error-code.patch -Patch6393: backport-analyze-add-forgotten-return-statement.patch -Patch6394: backport-shared-condition-avoid-nss-lookup-in-PID1.patch -Patch6395: backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch -Patch6396: backport-udev-support-by-path-devlink-for-multipath-nvme-bloc.patch -Patch6397: backport-argv-util-also-update-program_invocation_short_name.patch -Patch6398: backport-pid1-fix-segv-triggered-by-status-query.patch -Patch6399: backport-main-log-which-process-send-SIGNAL-to-PID1.patch -Patch6400: backport-main-drop-get_process_cmdline-from-crash-handler.patch -Patch6401: backport-core-unit-drop-dependency-to-the-unit-being-merged.patch -Patch6402: backport-core-unit-fix-logic-of-dropping-self-referencing-dep.patch -Patch6403: backport-core-unit-merge-two-loops-into-one.patch -Patch6404: backport-core-unit-merge-unit-names-after-merging-deps.patch -Patch6405: backport-core-unit-fix-log-message.patch -Patch6406: backport-test-add-test-case-for-sysv-generator-and-invalid-de.patch -Patch6407: backport-udev-also-rename-struct-udev_ctrl-UdevCtrl.patch -Patch6408: backport-udev-move-several-functions.patch -Patch6409: backport-udev-update-log-message-to-clarify-that-the-error-is-ignored.patch -Patch6410: backport-udev-make-event_free-return-NULL.patch -Patch6411: backport-udev-make-event_queue_start-return-negative-errno-on-error.patch -Patch6412: backport-udev-add-usec_add-at-one-more-place.patch -Patch6413: backport-udev-propagate-error-on-spawning-a-worker.patch -Patch6414: backport-udev-do-not-try-to-process-events-if-there-is-no-free-worker.patch -Patch6415: backport-udev-rename-is_device_busy-event_is_blocked.patch -Patch6416: backport-list-introduce-LIST_FOREACH_BACKWARDS-macro-and-drop.patch -Patch6417: backport-udev-do-not-try-to-find-blocker-again-when-no-blocker-found.patch -Patch6418: backport-udev-skip-event-when-its-dependency-cannot-be-checked.patch -Patch6419: backport-event-util-introduce-event_reset_time_relative.patch -Patch6420: backport-udev-update-comment-and-log-messages.patch -Patch6421: backport-udev-remove-run-udev-queue-in-on_post.patch -Patch6422: backport-errno-util-add-ERRNO_IS_DEVICE_ABSENT-macro.patch -Patch6423: backport-udev-only-ignore-ENOENT-or-friends-which-suggest-the-block.patch -Patch6424: backport-udev-assume-there-is-no-blocker-when-failed-to-check-event.patch -Patch6425: backport-udev-drop-unnecessary-clone-of-received-sd-device-object.patch -Patch6426: backport-udev-introduce-device_broadcast_helper_function.patch -Patch6427: backport-udev-store-action-in-struct-Event.patch -Patch6428: backport-udev-requeue-event-when-the-corresponding-block-device-is.patch -Patch6429: backport-udev-split-worker_lock_block_device-into-two.patch -Patch6430: backport-udev-assume-block-device-is-not-locked-when-a-new-event-is-queued.patch -Patch6431: backport-udev-fix-inversed-inequality-for-timeout-of-retrying-event.patch -Patch6432: backport-udev-certainly-restart-event-for-previously-locked-device.patch -Patch6433: backport-udev-drop-unnecessary-calls-of-event_queue_start.patch -Patch6434: backport-timedatectl-fix-a-memory-leak.patch -Patch6435: backport-core-slice-make-slice_freezer_action-return-0-if-fre.patch -Patch6436: backport-core-unit-fix-use-after-free.patch -Patch6437: backport-shared-json-fix-memory-leak-on-failed-normalization.patch -Patch6438: backport-core-timer-fix-memleak.patch -Patch6439: backport-core-timer-fix-potential-use-after-free.patch -Patch6440: backport-units-remove-the-restart-limit-on-the-modprobe-.serv.patch -Patch6441: backport-udev-cdrom_id-check-last-track-info.patch -Patch6442: backport-manager-reformat-boolean-expression-in-unit_is_prist.patch -Patch6443: backport-manager-allow-transient-units-to-have-drop-ins.patch -Patch6444: backport-TEST-15-also-test-hierarchical-drop-ins-for-slices.patch -Patch6445: backport-TEST-15-add-test-for-transient-units-with-drop-ins.patch -Patch6446: backport-TEST-15-add-one-more-test-for-drop-in-precedence.patch -Patch6447: backport-sd-event-always-initialize-sd_event.perturb.patch -Patch6448: backport-sd-event-fix-error-handling.patch -Patch6449: backport-core-refuse-dbus-activation-if-dbus-is-not-running.patch -Patch6450: backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch -Patch6451: backport-core-device-drop-unnecessary-condition.patch -Patch6452: backport-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch -Patch6453: backport-test-cover-initrd-sysroot-transition-in-TEST-24.patch -Patch6454: backport-test-generate-a-custom-initrd-for-TEST-24-if-INITRD-.patch -Patch6455: backport-test-store-the-key-on-a-separate-device.patch -Patch6456: backport-core-device-device_coldplug-don-t-set-DEVICE_DEAD.patch -Patch6457: backport-core-device-do-not-downgrade-device-state-if-it-is-a.patch -Patch6458: backport-core-introduce-MANAGER_IS_SWITCHING_ROOT-helper-func.patch -Patch6459: backport-core-replace-m-honor_device_enumeration-with-MANAGER.patch -Patch6460: backport-core-device-update-comment.patch -Patch6461: backport-core-device-also-serialize-deserialize-device-syspat.patch -Patch6462: backport-core-device-verify-device-syspath-on-switching-root.patch -Patch6463: backport-sd-lldp-use-memcpy_safe-as-the-buffer-size-may-be-ze.patch -Patch6464: backport-shared-bootspec-avoid-crashing-on-config-without-a-v.patch -Patch6465: backport-sysext-refuse-empty-release-ID-to-avoid-triggering-a.patch - -Patch9001: update-rtc-with-system-clock-when-shutdown.patch -Patch9002: udev-add-actions-while-rename-netif-failed.patch -Patch9003: fix-two-VF-virtual-machines-have-same-mac-address.patch -Patch9004: logind-set-RemoveIPC-to-false-by-default.patch -Patch9005: rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch -Patch9006: unit-don-t-add-Requires-for-tmp.mount.patch -Patch9007: rules-add-elevator-kernel-command-line-parameter.patch -Patch9008: rules-add-the-rule-that-adds-elevator-kernel-command.patch -Patch9009: units-add-Install-section-to-tmp.mount.patch -Patch9010: Make-systemd-udevd.service-start-after-systemd-remou.patch -Patch9011: udev-virsh-shutdown-vm.patch -Patch9012: sd-bus-properly-initialize-containers.patch -Patch9013: Revert-core-one-step-back-again-for-nspawn-we-actual.patch -Patch9014: journal-don-t-enable-systemd-journald-audit.socket-b.patch -Patch9015: systemd-change-time-log-level.patch -Patch9016: fix-capsh-drop-but-ping-success.patch -Patch9017: resolved-create-etc-resolv.conf-symlink-at-runtime.patch -Patch9018: pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch -Patch9019: fix-journal-file-descriptors-leak-problems.patch -Patch9020: activation-service-must-be-restarted-when-reactivated.patch -Patch9021: systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch -Patch9022: delay-to-restart-when-a-service-can-not-be-auto-restarted.patch -Patch9023: disable-initialize_clock.patch -Patch9024: systemd-solve-that-rsyslog-reads-journal-s-object-of.patch -Patch9025: check-whether-command_prev-is-null-before-assigning-.patch -Patch9027: core-skip-change-device-to-dead-in-manager_catchup-d.patch -Patch9028: revert-rpm-restart-services-in-posttrans.patch -Patch9029: Don-t-set-AlternativeNamesPolicy-by-default.patch -Patch9030: change-NTP-server-to-x.pool.ntp.org.patch -Patch9031: keep-weight-consistent-with-the-set-value.patch -Patch9032: Systemd-Add-sw64-architecture.patch -%ifarch loongarch64 -Patch9033: 0029-Add-support-for-the-LoongArch-architecture.patch -Patch9034: 0030-Add-LoongArch-dmi-virt-detection-and-testcase.patch -Patch9035: add-loongarch-for-missing_syscall_def.patch -%endif -Patch9036: core-update-arg_default_rlimit-in-bump_rlimit.patch -Patch9037: set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch -Patch9038: core-cgroup-support-cpuset.patch -Patch9039: core-cgroup-support-freezer.patch -Patch9040: core-cgroup-support-memorysw.patch -Patch9041: systemd-core-Add-new-rules-for-lower-priority-events.patch -Patch9042: bugfix-also-stop-machine-when-a-machine-un.patch -Patch9043: print-the-process-status-to-console-when-shutdown.patch -Patch9044: Retry-to-handle-the-uevent-when-worker-is-terminated.patch -Patch9045: treat-hyphen-as-valid-hostname-char.patch -Patch9046: process-util-log-more-information-when-runnin.patch -Patch9047: fuser-print-umount-message-to-reboot-umount-msg.patch -Patch9048: shutdown-reboot-when-recieve-crash-signal.patch -Patch9049: core-add-OptionalLog-to-allow-users-change-log-level.patch -Patch9050: core-cgroup-support-default-slice-for-all-uni.patch -Patch9051: core-add-invalidate-cgroup-config.patch -Patch9052: let-the-child-of-one-unit-don-t-affect-each-other.patch -Patch9053: support-disable-cgroup-controllers-we-don-t-want.patch -Patch9054: fix-mount-failed-while-daemon-reexec.patch -Patch9055: bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch -Patch9056: delete-journal-files-except-system.journal-when-jour.patch -Patch9057: set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch - BuildRequires: gcc, gcc-c++ BuildRequires: libcap-devel, libmount-devel, pam-devel, libselinux-devel BuildRequires: audit-libs-devel, dbus-devel, libacl-devel @@ -752,9 +228,6 @@ Systemd PAM module registers the session with systemd-logind. %prep %autosetup -n %{name}-%{version} -p1 -Sgit -%ifnarch sw_64 -%patch9032 -R -p1 -%endif %build @@ -840,6 +313,8 @@ CONFIGURE_OPTS=( -Dtime-epoch=0 -Dmode=release -Durlify=false + -Dlink-journalctl-shared=false + -Dlink-boot-shared=false ) %meson "${CONFIGURE_OPTS[@]}" @@ -1242,11 +717,6 @@ fi %files -f %{name}.lang %doc %{_pkgdocdir} %exclude %{_pkgdocdir}/LICENSE.* -%exclude %{_systemddir}/systemd-bless-boot -%exclude %{_unitdir}/systemd-bless-boot.service -%exclude %{_systemddir}/system-generators/systemd-bless-boot-generator -%exclude %{_unitdir}/systemd-boot-system-token.service -%exclude %{_unitdir}/sysinit.target.wants/systemd-boot-system-token.service %license LICENSE.GPL2 LICENSE.LGPL2.1 %ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants %ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants @@ -1267,7 +737,6 @@ fi %ghost %dir /var/log/journal %ghost %attr(0664,root,utmp) /var/log/wtmp -/var/log/README %ghost %attr(0600,root,utmp) /var/log/btmp %ghost %attr(0700,root,root) %dir /var/log/private %ghost %attr(0664,root,utmp) /var/run/utmp @@ -1290,6 +759,7 @@ fi %dir /usr/share/factory %dir /usr/share/factory/etc /usr/share/factory/etc/issue +/usr/share/factory/etc/locale.conf /usr/share/factory/etc/nsswitch.conf %dir /usr/share/factory/etc/pam.d /usr/share/factory/etc/pam.d/other @@ -1309,6 +779,7 @@ fi /usr/share/bash-completion/completions/systemctl /usr/share/bash-completion/completions/journalctl /usr/share/bash-completion/completions/systemd-analyze +/usr/share/bash-completion/completions/systemd-dissect /usr/share/bash-completion/completions/loginctl /usr/share/bash-completion/completions/timedatectl /usr/share/bash-completion/completions/busctl @@ -1346,6 +817,28 @@ fi /usr/share/polkit-1/actions/org.freedesktop.systemd1.policy /usr/share/polkit-1/actions/org.freedesktop.login1.policy /usr/share/polkit-1/actions/org.freedesktop.locale1.policy +/usr/share/dbus-1/interfaces/org.freedesktop.hostname1.xml +/usr/share/dbus-1/interfaces/org.freedesktop.locale1.xml +/usr/share/dbus-1/interfaces/org.freedesktop.LogControl1.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.Manager.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.Seat.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.Session.xml +/usr/share/dbus-1/interfaces/org.freedesktop.login1.User.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Automount.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Device.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Job.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Manager.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Mount.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Path.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Scope.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Service.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Slice.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Socket.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Swap.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Target.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Timer.xml +/usr/share/dbus-1/interfaces/org.freedesktop.systemd1.Unit.xml +/usr/share/dbus-1/interfaces/org.freedesktop.timedate1.xml /usr/bin/systemd-machine-id-setup /usr/bin/localectl /usr/bin/systemd-path @@ -1376,16 +869,17 @@ fi /usr/bin/systemd-tty-ask-password-agent /usr/bin/busctl /usr/bin/coredumpctl +/usr/bin/systemd-ac-power +/usr/bin/systemd-creds %dir /usr/lib/environment.d %dir /usr/lib/binfmt.d %dir /usr/lib/tmpfiles.d %dir /usr/lib/sysctl.d %dir /usr/lib/systemd %dir /usr/lib/sysusers.d -/usr/lib/sysusers.d/systemd.conf /usr/lib/sysusers.d/basic.conf -/usr/lib/systemd/system/hwclock-save.service -/usr/lib/systemd/system/sysinit.target.wants/hwclock-save.service +/usr/lib/sysusers.d/systemd-coredump.conf +/usr/lib/sysusers.d/systemd-journal.conf %{_systemddir}/systemd-update-done %{_systemddir}/systemd-update-utmp %{_systemddir}/systemd-initctl @@ -1399,9 +893,10 @@ fi %{_systemddir}/systemd-user-sessions %{_systemddir}/systemd-sysctl %{_systemddir}/systemd-socket-proxyd -%{_systemddir}/systemd-ac-power %{_systemddir}/systemd-hostnamed %{_systemddir}/systemd-localed +%{_systemddir}/systemd-sysroot-fstab-check +%{_systemddir}/systemd-update-helper %dir %{_systemddir}/user %{_systemddir}/systemd-volatile-root %{_systemddir}/systemd-journald @@ -1410,7 +905,8 @@ fi %dir %{_systemddir}/system-preset %dir %{_systemddir}/user-environment-generators %{_systemddir}/systemd-shutdown -%{_systemddir}/libsystemd-shared*.so +/usr/lib64/systemd/libsystemd-core-*.so +/usr/lib64/systemd/libsystemd-shared*.so %{_systemddir}/systemd-reply-password %dir %{_systemddir}/system-generators %dir %{_systemddir}/system @@ -1548,6 +1044,10 @@ fi %{_unitdir}/systemd-network-generator.service %{_unitdir}/autovt@.service %dir %{_unitdir}/user-.slice.d +%dir %{_unitdir}/user@.service.d +%dir %{_unitdir}/user@0.service.d +%{_unitdir}/user@.service.d/10-login-barrier.conf +%{_unitdir}/user@0.service.d/10-login-barrier.conf %{_unitdir}/systemd-boot-check-no-failures.service %{_unitdir}/halt.target %{_unitdir}/system-update-cleanup.service @@ -1595,7 +1095,6 @@ fi %{_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path %{_unitdir}/multi-user.target.wants/systemd-update-utmp-runlevel.service %{_unitdir}/systemd-hostnamed.service.d/disable-privatedevices.conf -%{_unitdir}/sockets.target.wants/systemd-coredump.socket %{_unitdir}/sockets.target.wants/systemd-journald-dev-log.socket %{_unitdir}/sockets.target.wants/systemd-journald.socket %{_unitdir}/sockets.target.wants/systemd-initctl.socket @@ -1607,6 +1106,8 @@ fi %{_unitdir}/systemd-journald@.service %{_unitdir}/systemd-journald@.socket %{_unitdir}/modprobe@.service +%{_unitdir}/factory-reset.target +%{_unitdir}/initrd-usr-fs.target %{_systemddir}/system-generators/systemd-fstab-generator %{_systemddir}/system-generators/systemd-sysv-generator %{_systemddir}/system-generators/systemd-rc-local-generator @@ -1633,18 +1134,7 @@ fi %{_userunitdir}/systemd-tmpfiles-clean.timer %{_userunitdir}/sockets.target %{_userunitdir}/smartcard.target -%{_systemddir}/catalog/systemd.fr.catalog -%{_systemddir}/catalog/systemd.be.catalog -%{_systemddir}/catalog/systemd.bg.catalog -%{_systemddir}/catalog/systemd.de.catalog -%{_systemddir}/catalog/systemd.pt_BR.catalog -%{_systemddir}/catalog/systemd.it.catalog -%{_systemddir}/catalog/systemd.be@latin.catalog -%{_systemddir}/catalog/systemd.pl.catalog -%{_systemddir}/catalog/systemd.zh_CN.catalog -%{_systemddir}/catalog/systemd.zh_TW.catalog -%{_systemddir}/catalog/systemd.ru.catalog -%{_systemddir}/catalog/systemd.catalog +%{_systemddir}/catalog/systemd*.catalog /usr/lib/sysctl.d/50-default.conf /usr/lib/sysctl.d/50-pid-max.conf /usr/lib/sysctl.d/50-coredump.conf @@ -1659,6 +1149,8 @@ fi /usr/lib/tmpfiles.d/legacy.conf /usr/lib/tmpfiles.d/static-nodes-permissions.conf /usr/lib/tmpfiles.d/var.conf +/usr/lib/tmpfiles.d/credstore.conf +/usr/lib/tmpfiles.d/provision.conf /usr/lib/environment.d/99-environment.conf %ghost %config(noreplace) /etc/localtime %dir /etc/rc.d @@ -1728,6 +1220,7 @@ fi /usr/include/systemd/sd-bus.h /usr/include/systemd/sd-login.h /usr/include/systemd/sd-path.h +/usr/include/systemd/sd-gpt.h %{_libdir}/libudev.so %{_libdir}/libsystemd.so %{_libdir}/pkgconfig/libsystemd.pc @@ -1737,17 +1230,15 @@ fi %exclude /usr/share/bash-completion/completions/kernel-install %exclude /usr/share/zsh/site-functions/_kernel-install %exclude /usr/bin/kernel-install -%exclude /usr/lib/kernel/install.d/00-entry-directory.install %exclude /usr/lib/kernel/install.d/90-loaderentry.install %exclude /usr/lib/kernel/install.d/50-depmod.install %exclude /usr/lib/kernel/install.d/20-grubby.install +%exclude /usr/lib/kernel/install.d/90-uki-copy.install +%exclude /usr/lib/kernel/install.conf %exclude %dir /etc/kernel/install.d %exclude %dir /etc/kernel %exclude %dir /usr/lib/kernel %exclude %dir /usr/lib/kernel/install.d -%exclude /usr/bin/bootctl -%exclude /usr/share/zsh/site-functions/_bootctl -%exclude /usr/share/bash-completion/completions/bootctl %exclude %{_unitdir}/usb-gadget.target %ghost /var/lib/systemd/random-seed /etc/modules-load.d @@ -1769,6 +1260,8 @@ fi %{_systemddir}/systemd-sleep %{_systemddir}/systemd-udevd %{_systemddir}/systemd-vconsole-setup +%{_unitdir}/systemd-growfs-root.service +%{_unitdir}/systemd-growfs@.service %{_unitdir}/systemd-udevd.service %{_unitdir}/initrd-udevadm-cleanup-db.service %{_unitdir}/systemd-suspend.service @@ -1842,13 +1335,15 @@ fi %{_udevhwdbdir}/60-autosuspend-fingerprint-reader.hwdb %{_udevhwdbdir}/60-seat.hwdb %{_udevhwdbdir}/80-ieee1394-unit-function.hwdb +%{_udevhwdbdir}/70-analyzers.hwdb +%{_udevhwdbdir}/70-av-production.hwdb +%{_udevhwdbdir}/70-cameras.hwdb +%{_udevhwdbdir}/70-pda.hwdb %{_udevhwdbdir}/README %dir /usr/lib/udev/rules.d %{_udevrulesdir}/60-autosuspend.rules %{_udevrulesdir}/40-%{vendor}.rules -%{_udevrulesdir}/40-elevator.rules -%{_udevrulesdir}/73-idrac.rules %{_udevrulesdir}/60-block.rules %{_udevrulesdir}/60-input-id.rules %{_udevrulesdir}/71-seat.rules @@ -1879,6 +1374,8 @@ fi %{_udevrulesdir}/50-udev-default.rules %{_udevrulesdir}/60-fido-id.rules %{_udevrulesdir}/81-net-dhcp.rules +%{_udevrulesdir}/60-infiniband.rules +%{_udevrulesdir}/70-camera.rules %ifnarch sw_64 riscv64 %{_udevrulesdir}/70-memory.rules %endif @@ -1902,6 +1399,9 @@ fi /usr/share/dbus-1/system-services/org.freedesktop.systemd1.service /usr/share/dbus-1/system.d/org.freedesktop.machine1.conf /usr/share/polkit-1/actions/org.freedesktop.machine1.policy +/usr/share/dbus-1/interfaces/org.freedesktop.machine1.Image.xml +/usr/share/dbus-1/interfaces/org.freedesktop.machine1.Machine.xml +/usr/share/dbus-1/interfaces/org.freedesktop.machine1.Manager.xml %{_libdir}/libnss_mymachines.so.2 /usr/bin/machinectl %{_systemddir}/systemd-machined @@ -1928,12 +1428,17 @@ fi /usr/share/dbus-1/system-services/org.freedesktop.resolve1.service /usr/share/dbus-1/system.d/org.freedesktop.resolve1.conf /usr/share/polkit-1/actions/org.freedesktop.resolve1.policy +/usr/share/dbus-1/interfaces/org.freedesktop.resolve1.DnssdService.xml +/usr/share/dbus-1/interfaces/org.freedesktop.resolve1.Link.xml +/usr/share/dbus-1/interfaces/org.freedesktop.resolve1.Manager.xml /usr/bin/systemd-resolve %{_systemddir}/resolv.conf %{_systemddir}/systemd-resolved %config(noreplace) /etc/systemd/resolved.conf %{_libdir}/libnss_resolve.so.2 %{_unitdir}/systemd-resolved.service +/usr/lib/sysusers.d/systemd-resolve.conf +/usr/lib/tmpfiles.d/systemd-resolve.conf %files nspawn /usr/share/bash-completion/completions/systemd-nspawn @@ -1948,12 +1453,17 @@ fi /usr/share/dbus-1/system-services/org.freedesktop.network1.service /usr/share/dbus-1/system.d/org.freedesktop.network1.conf /usr/share/polkit-1/actions/org.freedesktop.network1.policy +/usr/share/dbus-1/interfaces/org.freedesktop.network1.DHCPServer.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.Link.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.Manager.xml +/usr/share/dbus-1/interfaces/org.freedesktop.network1.Network.xml /usr/share/polkit-1/rules.d/systemd-networkd.rules /usr/bin/networkctl %{_systemddir}/systemd-networkd-wait-online %{_systemddir}/systemd-networkd %{_unitdir}/systemd-networkd.socket %{_unitdir}/systemd-networkd-wait-online.service +%{_unitdir}/systemd-networkd-wait-online@.service %{_unitdir}/systemd-networkd.service %{_systemddir}/network/80-container-host0.network %dir /etc/systemd/network @@ -1963,6 +1473,11 @@ fi %{_systemddir}/network/80-wifi-adhoc.network %{_systemddir}/network/80-wifi-ap.network.example %{_systemddir}/network/80-wifi-station.network.example +%{_systemddir}/network/80-6rd-tunnel.network +%{_systemddir}/network/80-container-vb.network +%{_systemddir}/network/80-ethernet.network.example +/usr/lib/sysusers.d/systemd-network.conf +/usr/lib/tmpfiles.d/systemd-network.conf %files timesyncd %dir %{_systemddir}/ntp-units.d @@ -1972,15 +1487,20 @@ fi %ghost /var/lib/systemd/timesync/clock /usr/share/dbus-1/system-services/org.freedesktop.timesync1.service /usr/share/dbus-1/system.d/org.freedesktop.timesync1.conf +/usr/share/polkit-1/actions/org.freedesktop.timesync1.policy %{_systemddir}/systemd-timesyncd %{_unitdir}/systemd-timesyncd.service %{_systemddir}/ntp-units.d/80-systemd-timesync.list %config(noreplace) /etc/systemd/timesyncd.conf +/usr/lib/sysusers.d/systemd-timesync.conf %files pam %{_libdir}/security/pam_systemd.so %changelog +* Thu Jul 20 2023 huyubiao - 253-1 +- systemd update to v253 + * Thu Jun 15 2023 hongjinghao - 249-52 - backport: sync patches from systemd community diff --git a/treat-hyphen-as-valid-hostname-char.patch b/treat-hyphen-as-valid-hostname-char.patch deleted file mode 100644 index b2fbe87..0000000 --- a/treat-hyphen-as-valid-hostname-char.patch +++ /dev/null @@ -1,51 +0,0 @@ -From c04904a4f54f8949a6a7821a0859e2732366259b Mon Sep 17 00:00:00 2001 -From: licunlong -Date: Tue, 24 Nov 2020 19:57:38 +0800 -Subject: [PATCH] treat hyphen as valid hostname char - ---- - src/basic/hostname-util.c | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/src/basic/hostname-util.c b/src/basic/hostname-util.c -index 5bfa028..b80a2b8 100644 ---- a/src/basic/hostname-util.c -+++ b/src/basic/hostname-util.c -@@ -77,6 +77,16 @@ bool valid_ldh_char(char c) { - c == '-'; - } - -+static bool hostname_valid_char(char c) { -+ return -+ (c >= 'a' && c <= 'z') || -+ (c >= 'A' && c <= 'Z') || -+ (c >= '0' && c <= '9') || -+ c == '-' || -+ c == '_' || -+ c == '.'; -+} -+ - bool hostname_is_valid(const char *s, ValidHostnameFlags flags) { - unsigned n_dots = 0; - const char *p; -@@ -117,7 +127,7 @@ bool hostname_is_valid(const char *s, bool allow_trailing_dot) { - hyphen = true; - - } else { -- if (!valid_ldh_char(*p)) -+ if (!hostname_valid_char(*p)) - return false; - - dot = false; -@@ -160,7 +170,7 @@ char* hostname_cleanup(char *s) { - dot = false; - hyphen = true; - -- } else if (valid_ldh_char(*p)) { -+ } else if (hostname_valid_char(*p)) { - *(d++) = *p; - dot = false; - hyphen = false; --- -2.23.0 - diff --git a/udev-add-actions-while-rename-netif-failed.patch b/udev-add-actions-while-rename-netif-failed.patch deleted file mode 100644 index 9832a3c..0000000 --- a/udev-add-actions-while-rename-netif-failed.patch +++ /dev/null @@ -1,73 +0,0 @@ -From e21318d22359c7160ea7c7f4a610b28a30d48c84 Mon Sep 17 00:00:00 2001 -From: systemd team -Date: Tue, 7 Mar 2017 08:20:10 +0000 -Subject: [PATCH] udev-add-actions-while-rename-netif-failed ---- - src/udev/udev-event.c | 42 ++++++++++++++++++++++++++++++++++++++---- - 1 file changed, 38 insertions(+), 4 deletions(-) - -diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c -index e1c2baf..b64d279 100644 ---- a/src/udev/udev-event.c -+++ b/src/udev/udev-event.c -@@ -820,6 +820,7 @@ static int rename_netif(UdevEvent *event) { - const char *oldname; - unsigned flags; - int ifindex, r; -+ char name[IFNAMSIZ]; - - if (!event->name) - return 0; /* No new name is requested. */ -@@ -860,12 +861,45 @@ static int rename_netif(UdevEvent *event) { - if (r < 0) - return log_device_debug_errno(event->dev_db_clone, r, "Failed to update database under /run/udev/data/: %m"); - -- r = rtnl_set_link_name(&event->rtnl, ifindex, event->name); -+ strscpy(name, IFNAMSIZ, event->name); -+ -+ r = rtnl_set_link_name(&event->rtnl, ifindex, name); - if (r < 0) -- return log_device_error_errno(dev, r, "Failed to rename network interface %i from '%s' to '%s': %m", -- ifindex, oldname, event->name); -+ { -+ int loop; -+ if (r != -EEXIST) { -+ return log_error_errno(r, "error changing net interface name '%s' to '%s': %m", oldname, name); -+ } -+ -+ snprintf(name, IFNAMSIZ, "rename%u", ifindex); -+ r = rtnl_set_link_name(&event->rtnl, ifindex, name); -+ if (r < 0) { -+ return log_error_errno(r, "error changing net interface name '%s' to '%s': %m", oldname, name); -+ } -+ -+ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, name); -+ -+ /* wait 90 seconds for our target to become available */ -+ loop = 90 * 20; -+ while (loop--) { -+ const struct timespec duration = { 0, 1000 * 1000 * 1000 / 20 }; -+ -+ r = rtnl_set_link_name(&event->rtnl, ifindex, event->name); -+ if (r == 0) { -+ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, name, event->name); -+ return 0; -+ } -+ -+ if (r != -EEXIST) { -+ return log_error_errno(r, "error changing net interface name '%s' to '%s': %m", name, event->name); -+ } -+ log_debug( "wait for netif '%s' to become free, loop=%i\n", -+ event->name, (90 * 20) - loop); -+ nanosleep(&duration, NULL); -+ } -+ } - -- log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, event->name); -+ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, event->name); - - return 1; - } --- -2.23.0 - diff --git a/udev-virsh-shutdown-vm.patch b/udev-virsh-shutdown-vm.patch deleted file mode 100644 index 1940931..0000000 --- a/udev-virsh-shutdown-vm.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 3d5e0620b4a3298620c8d985cec42772c7f77c6d Mon Sep 17 00:00:00 2001 -From: openEuler Buildteam -Date: Thu, 31 Jan 2019 02:24:16 -0500 -Subject: [PATCH] systemd:virsh shutdown vm - ---- - src/login/70-power-switch.rules | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/login/70-power-switch.rules b/src/login/70-power-switch.rules -index d69e65b..cb77f7a 100644 ---- a/src/login/70-power-switch.rules -+++ b/src/login/70-power-switch.rules -@@ -11,5 +11,6 @@ ACTION=="remove", GOTO="power_switch_end" - - SUBSYSTEM=="input", KERNEL=="event*", ENV{ID_INPUT_SWITCH}=="1", TAG+="power-switch" - SUBSYSTEM=="input", KERNEL=="event*", ENV{ID_INPUT_KEY}=="1", TAG+="power-switch" -+SUBSYSTEM=="input", KERNEL=="event*", SUBSYSTEMS=="platform", ATTRS{keys}=="116", TAG+="power-switch" - - LABEL="power_switch_end" --- -1.8.3.1 - diff --git a/unit-don-t-add-Requires-for-tmp.mount.patch b/unit-don-t-add-Requires-for-tmp.mount.patch deleted file mode 100644 index 99d5db2..0000000 --- a/unit-don-t-add-Requires-for-tmp.mount.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 03e52d33bbdea731eaa79545bb1d30c5b21abe3d Mon Sep 17 00:00:00 2001 -From: Lukas Nykryn -Date: Mon, 5 Sep 2016 12:47:09 +0200 -Subject: [PATCH] unit: don't add Requires for tmp.mount - -Resolves: #1619292 - ---- - src/core/unit.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/core/unit.c b/src/core/unit.c -index c9f756c..721d8d6 100644 ---- a/src/core/unit.c -+++ b/src/core/unit.c -@@ -1421,7 +1421,7 @@ static int unit_add_mount_dependencies(Unit *u) { - if (r < 0) - return r; - -- if (m->fragment_path) { -+ if (m->fragment_path && !streq(m->id, "tmp.mount")) { - r = unit_add_dependency(u, UNIT_REQUIRES, m, true, di.origin_mask); - if (r < 0) - return r; --- -1.8.3.1 - diff --git a/units-add-Install-section-to-tmp.mount.patch b/units-add-Install-section-to-tmp.mount.patch deleted file mode 100644 index b7c1fd4..0000000 --- a/units-add-Install-section-to-tmp.mount.patch +++ /dev/null @@ -1,25 +0,0 @@ -From bb3d205bea1c83cbd0e27b504f5f1faa884fb602 Mon Sep 17 00:00:00 2001 -From: Jan Synacek -Date: Tue, 22 Jan 2019 10:28:42 +0100 -Subject: [PATCH] units: add [Install] section to tmp.mount - -Resolves: #1667065 ---- - units/tmp.mount | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/units/tmp.mount b/units/tmp.mount -index cf68378..66d9a32 100644 ---- a/units/tmp.mount -+++ b/units/tmp.mount -@@ -23,3 +23,7 @@ What=tmpfs - Where=/tmp - Type=tmpfs - Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m -+ -+# Make 'systemctl enable tmp.mount' work: -+[Install] -+WantedBy=local-fs.target --- -2.23.0 - diff --git a/update-rtc-with-system-clock-when-shutdown.patch b/update-rtc-with-system-clock-when-shutdown.patch deleted file mode 100644 index 2f90dc6..0000000 --- a/update-rtc-with-system-clock-when-shutdown.patch +++ /dev/null @@ -1,51 +0,0 @@ -From a13f14c6a2da55b9f797b6f33449ba523c07dd46 Mon Sep 17 00:00:00 2001 -From: update-rtc-with-system-clock-when-shutdown -Date: Sat, 2 Feb 2019 02:54:52 -0500 -Subject: [PATCH] Module: modification summary ---- - units/hwclock-save.service.in | 19 +++++++++++++++++++ - units/meson.build | 2 ++ - 2 files changed, 21 insertions(+) - create mode 100644 units/hwclock-save.service.in - -diff --git a/units/hwclock-save.service.in b/units/hwclock-save.service.in -new file mode 100644 -index 0000000..db33418 ---- /dev/null -+++ b/units/hwclock-save.service.in -@@ -0,0 +1,19 @@ -+# This file is part of systemd. -+# -+# systemd is free software; you can redistribute it and/or modify it+ -+# under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 2 of the License, or -+# (at your option) any later version. -+ -+[Unit] -+Description=Update RTC With System Clock -+ -+[Service] -+Type=oneshot -+ExecStart=/usr/bin/true -+ExecStop=/sbin/hwclock --systohc -+RemainAfterExit=yes -+ -+[Install] -+WantedBy=default.target -+ -diff --git a/units/meson.build b/units/meson.build -index aa2ed11..9992389 100644 ---- a/units/meson.build -+++ b/units/meson.build -@@ -220,6 +220,8 @@ in_units = [ - 'sysinit.target.wants/'], - ['systemd-update-done.service', '', - 'sysinit.target.wants/'], -+ ['hwclock-save.service', '', -+ 'sysinit.target.wants/'], - ['systemd-update-utmp-runlevel.service', 'ENABLE_UTMP HAVE_SYSV_COMPAT', - 'multi-user.target.wants/ graphical.target.wants/ rescue.target.wants/'], - ['systemd-update-utmp.service', 'ENABLE_UTMP', --- -2.23.0 -