commit d04d10aa255767e67eba6e215d9a089ec7397a3c Author: overweight <5324761+overweight@user.noreply.gitee.com> Date: Mon Sep 30 11:17:58 2019 -0400 Package init diff --git a/0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch b/0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch new file mode 100644 index 0000000..39c2f50 --- /dev/null +++ b/0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch @@ -0,0 +1,178 @@ +From 224a4eaf6701431af907179e313138213b60ce6c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 3 Apr 2019 10:56:14 +0200 +Subject: [PATCH] Revert "units: set NoNewPrivileges= for all long-running + services" + +This reverts commit 64d7f7b4a15f1534fb19fda6b601fec50783bee4. +--- + units/systemd-coredump@.service.in | 1 - + units/systemd-hostnamed.service.in | 1 - + units/systemd-initctl.service.in | 1 - + units/systemd-journal-remote.service.in | 1 - + units/systemd-journald.service.in | 1 - + units/systemd-localed.service.in | 1 - + units/systemd-logind.service.in | 1 - + units/systemd-machined.service.in | 1 - + units/systemd-networkd.service.in | 1 - + units/systemd-resolved.service.in | 1 - + units/systemd-rfkill.service.in | 1 - + units/systemd-timedated.service.in | 1 - + units/systemd-timesyncd.service.in | 1 - + 13 files changed, 13 deletions(-) + +diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in +index afb2ab9d17..5babc11e4c 100644 +--- a/units/systemd-coredump@.service.in ++++ b/units/systemd-coredump@.service.in +@@ -22,7 +22,6 @@ IPAddressDeny=any + LockPersonality=yes + MemoryDenyWriteExecute=yes + Nice=9 +-NoNewPrivileges=yes + OOMScoreAdjust=500 + PrivateDevices=yes + PrivateNetwork=yes +diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in +index b4f606cf78..f7977e1504 100644 +--- a/units/systemd-hostnamed.service.in ++++ b/units/systemd-hostnamed.service.in +@@ -19,7 +19,6 @@ ExecStart=@rootlibexecdir@/systemd-hostnamed + IPAddressDeny=any + LockPersonality=yes + MemoryDenyWriteExecute=yes +-NoNewPrivileges=yes + PrivateDevices=yes + PrivateNetwork=yes + PrivateTmp=yes +diff --git a/units/systemd-initctl.service.in b/units/systemd-initctl.service.in +index c276283908..f48d673d58 100644 +--- a/units/systemd-initctl.service.in ++++ b/units/systemd-initctl.service.in +@@ -14,6 +14,5 @@ DefaultDependencies=no + + [Service] + ExecStart=@rootlibexecdir@/systemd-initctl +-NoNewPrivileges=yes + NotifyAccess=all + SystemCallArchitectures=native +diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in +index dd6322e62c..c867aca104 100644 +--- a/units/systemd-journal-remote.service.in ++++ b/units/systemd-journal-remote.service.in +@@ -17,7 +17,6 @@ ExecStart=@rootlibexecdir@/systemd-journal-remote --listen-https=-3 --output=/va + LockPersonality=yes + LogsDirectory=journal/remote + MemoryDenyWriteExecute=yes +-NoNewPrivileges=yes + PrivateDevices=yes + PrivateNetwork=yes + PrivateTmp=yes +diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in +index fab405502a..308622e9b3 100644 +--- a/units/systemd-journald.service.in ++++ b/units/systemd-journald.service.in +@@ -22,7 +22,6 @@ FileDescriptorStoreMax=4224 + IPAddressDeny=any + LockPersonality=yes + MemoryDenyWriteExecute=yes +-NoNewPrivileges=yes + Restart=always + RestartSec=0 + RestrictAddressFamilies=AF_UNIX AF_NETLINK +diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in +index 7bca34409a..05fb4f0c80 100644 +--- a/units/systemd-localed.service.in ++++ b/units/systemd-localed.service.in +@@ -19,7 +19,6 @@ ExecStart=@rootlibexecdir@/systemd-localed + IPAddressDeny=any + LockPersonality=yes + MemoryDenyWriteExecute=yes +-NoNewPrivileges=yes + PrivateDevices=yes + PrivateNetwork=yes + PrivateTmp=yes +diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in +index 3eef95c661..53af530aea 100644 +--- a/units/systemd-logind.service.in ++++ b/units/systemd-logind.service.in +@@ -27,7 +27,6 @@ FileDescriptorStoreMax=512 + IPAddressDeny=any + LockPersonality=yes + MemoryDenyWriteExecute=yes +-NoNewPrivileges=yes + PrivateTmp=yes + ProtectControlGroups=yes + ProtectHome=yes +diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in +index d6deefea08..092abc128f 100644 +--- a/units/systemd-machined.service.in ++++ b/units/systemd-machined.service.in +@@ -22,7 +22,6 @@ ExecStart=@rootlibexecdir@/systemd-machined + IPAddressDeny=any + LockPersonality=yes + MemoryDenyWriteExecute=yes +-NoNewPrivileges=yes + ProtectHostname=yes + RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 + RestrictRealtime=yes +diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in +index 2c74da6f1e..eaabcb9941 100644 +--- a/units/systemd-networkd.service.in ++++ b/units/systemd-networkd.service.in +@@ -24,7 +24,6 @@ CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_N + ExecStart=!!@rootlibexecdir@/systemd-networkd + LockPersonality=yes + MemoryDenyWriteExecute=yes +-NoNewPrivileges=yes + ProtectControlGroups=yes + ProtectHome=yes + ProtectKernelModules=yes +diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in +index eee5d5ea8f..a8f442ef6f 100644 +--- a/units/systemd-resolved.service.in ++++ b/units/systemd-resolved.service.in +@@ -25,7 +25,6 @@ CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE + ExecStart=!!@rootlibexecdir@/systemd-resolved + LockPersonality=yes + MemoryDenyWriteExecute=yes +-NoNewPrivileges=yes + PrivateDevices=yes + PrivateTmp=yes + ProtectControlGroups=yes +diff --git a/units/systemd-rfkill.service.in b/units/systemd-rfkill.service.in +index 3abb958310..7447ed5b5b 100644 +--- a/units/systemd-rfkill.service.in ++++ b/units/systemd-rfkill.service.in +@@ -18,7 +18,6 @@ Before=shutdown.target + + [Service] + ExecStart=@rootlibexecdir@/systemd-rfkill +-NoNewPrivileges=yes + StateDirectory=systemd/rfkill + TimeoutSec=30s + Type=notify +diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in +index df546f471f..4d50999a22 100644 +--- a/units/systemd-timedated.service.in ++++ b/units/systemd-timedated.service.in +@@ -19,7 +19,6 @@ ExecStart=@rootlibexecdir@/systemd-timedated + IPAddressDeny=any + LockPersonality=yes + MemoryDenyWriteExecute=yes +-NoNewPrivileges=yes + PrivateTmp=yes + ProtectControlGroups=yes + ProtectHome=yes +diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in +index 6512531e1c..2b2e1d73d2 100644 +--- a/units/systemd-timesyncd.service.in ++++ b/units/systemd-timesyncd.service.in +@@ -24,7 +24,6 @@ CapabilityBoundingSet=CAP_SYS_TIME + ExecStart=!!@rootlibexecdir@/systemd-timesyncd + LockPersonality=yes + MemoryDenyWriteExecute=yes +-NoNewPrivileges=yes + PrivateDevices=yes + PrivateTmp=yes + ProtectControlGroups=yes diff --git a/0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch b/0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch new file mode 100644 index 0000000..9aefc6d --- /dev/null +++ b/0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch @@ -0,0 +1,48 @@ +From 0c670fec00f3d5c103d9b7415d4e0510c61ad006 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Fri, 11 Mar 2016 17:06:17 -0500 +Subject: [PATCH] resolved: create /etc/resolv.conf symlink at runtime + +If the symlink doesn't exists, and we are being started, let's +create it to provie name resolution. + +If it exists, do nothing. In particular, if it is a broken symlink, +we cannot really know if the administator configured it to point to +a location used by some service that hasn't started yet, so we +don't touch it in that case either. + +https://bugzilla.redhat.com/show_bug.cgi?id=1313085 +--- + src/resolve/resolved.c | 4 ++++ + tmpfiles.d/etc.conf.m4 | 3 --- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c +index 2ca9fbdc72..3c8a9ff12a 100644 +--- a/src/resolve/resolved.c ++++ b/src/resolve/resolved.c +@@ -49,6 +49,10 @@ static int run(int argc, char *argv[]) { + /* Drop privileges, but only if we have been started as root. If we are not running as root we assume most + * privileges are already dropped. */ + if (getuid() == 0) { ++ r = symlink("../run/systemd/resolve/resolv.conf", "/etc/resolv.conf"); ++ if (r < 0 && errno != EEXIST) ++ log_warning_errno(errno, ++ "Could not create /etc/resolv.conf symlink: %m"); + + /* Drop privileges, but keep three caps. Note that we drop those too, later on (see below) */ + r = drop_privileges(uid, gid, +diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4 +index f82e0b82ce..66a777bdb2 100644 +--- a/tmpfiles.d/etc.conf.m4 ++++ b/tmpfiles.d/etc.conf.m4 +@@ -12,9 +12,6 @@ L+ /etc/mtab - - - - ../proc/self/mounts + m4_ifdef(`HAVE_SMACK_RUN_LABEL', + t /etc/mtab - - - - security.SMACK64=_ + )m4_dnl +-m4_ifdef(`ENABLE_RESOLVE', +-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf +-)m4_dnl + C! /etc/nsswitch.conf - - - - + m4_ifdef(`HAVE_PAM', + C! /etc/pam.d - - - - diff --git a/1509-fix-journal-file-descriptors-leak-problems.patch b/1509-fix-journal-file-descriptors-leak-problems.patch new file mode 100644 index 0000000..8ea3a5c --- /dev/null +++ b/1509-fix-journal-file-descriptors-leak-problems.patch @@ -0,0 +1,54 @@ +From 4f8cec1924bf00532f5350d9a4d7af8e853241fe Mon Sep 17 00:00:00 2001 +From: huangkaibin +Date: Thu, 28 Jun 2018 20:23:45 +0800 +Subject: [PATCH] systemd-journald: Fix journal file descriptors leak problems. + +Journal files opened and then be removed by external programs(for example, the journal rotation +of systemd-journald will removed jounal files) before journal directory notify watching is added +will not be closed properly. This patch fix this problem by removing and closing these deleted journal files +after notify watching is added. +--- + src/journal/sd-journal.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c +index 004fe64..8be5481 100644 +--- a/src/journal/sd-journal.c ++++ b/src/journal/sd-journal.c +@@ -1436,6 +1436,18 @@ fail: + log_debug_errno(errno, "Failed to enumerate directory %s, ignoring: %m", m->path); + } + ++static void remove_nonexistent_journal_files(sd_journal *j) { ++ Iterator i; ++ JournalFile *f = NULL; ++ ORDERED_HASHMAP_FOREACH(f, j->files, i) { ++ if(f->path && access(f->path, F_OK) < 0) { ++ log_debug("Remove not-existed file from the journal map: %s", f->path); ++ /*Its OK to remove entry from the hashmap although we are iterating on it.*/ ++ remove_file_real(j, f); ++ } ++ } ++} ++ + static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask) { + int r; + +@@ -1464,6 +1476,14 @@ static void directory_watch(sd_journal *j, Directory *m, int fd, uint32_t mask) + (void) inotify_rm_watch(j->inotify_fd, m->wd); + m->wd = -1; + } ++ ++ /* ++ * Before event watching, there were some files opened and if some of these opened files were ++ * deleted due to the journal rotation of systemd-jounald, they will become leaking files and will ++ * never be closed until the process exited. ++ * So here we remove these deleted files from the journal after event watching. ++ */ ++ remove_nonexistent_journal_files(j); + } + + static int add_directory(sd_journal *j, const char *prefix, const char *dirname) { +-- +1.8.3.1 + diff --git a/1602-activation-service-must-be-restarted-when-reactivated.patch b/1602-activation-service-must-be-restarted-when-reactivated.patch new file mode 100644 index 0000000..a71eaa8 --- /dev/null +++ b/1602-activation-service-must-be-restarted-when-reactivated.patch @@ -0,0 +1,44 @@ +From 4acc8a3168e5f11b5308cf8558d68bf2a0503444 Mon Sep 17 00:00:00 2001 +From: huangkaibin +Date: Mon, 7 Aug 2017 17:06:30 +0800 +Subject: [PATCH] systemd: Activation service must be restarted when it is already started and re-actived +by dbus + +When dbus-daemon service is killed, every activation service must be restarted +to reestblished dbus connection between dbus-daemon and the service. +Otherwise, there will be problem on the dbus connection. This patch fix this +problem by set JobType to JOB_RESTART when it is re-actived in signal_activation_request function. +--- + src/core/dbus.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/core/dbus.c b/src/core/dbus.c +index 29524d4..38940ef 100644 +--- a/src/core/dbus.c ++++ b/src/core/dbus.c +@@ -152,6 +152,8 @@ static int signal_activation_request(sd_bus_message *message, void *userdata, sd + const char *name; + Unit *u; + int r; ++ int jobtype; ++ Service *s = NULL; + + assert(message); + assert(m); +@@ -177,7 +179,13 @@ static int signal_activation_request(sd_bus_message *message, void *userdata, sd + goto failed; + } + +- r = manager_add_job(m, JOB_START, u, JOB_REPLACE, NULL, &error, NULL); ++ jobtype = JOB_START; ++ s = SERVICE(u); ++ if(s && s->state != SERVICE_DEAD) { ++ jobtype = JOB_RESTART; ++ log_unit_info(u, "Service '%s' will be restarted to activate the service. The current service state is %d.", u->id, s->state); ++ } ++ r = manager_add_job(m, jobtype, u, JOB_REPLACE, NULL, &error, NULL); + if (r < 0) + goto failed; + +-- +1.8.3.1 diff --git a/1605-systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch b/1605-systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch new file mode 100644 index 0000000..5075453 --- /dev/null +++ b/1605-systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch @@ -0,0 +1,40 @@ +From bf589755bd5b084f1b5dd099ea3e4917ac9911fd Mon Sep 17 00:00:00 2001 +From: huangkaibin +Date: Thu, 14 Sep 2017 12:54:01 +0800 +Subject: [PATCH] systemd-core: fix problem of dbus service can not be started + when dbus is dead and state of system dbus of systemd stay in + BUS_AUTHENTICATING. + +When systemd starts a dbus communication, it will first authenticate the bus by communicating with polkitd service, and then enter running state. +But if authenticating can not be establised within 25s(default timeout seconds) since authenticating starts +(maybe caused by polkitd service or dbus service can not be activated in time), the dbus state in systemd side will stays in BUS_AUTHENTICATING state, +and systemd will enter a mad state that it will handle authenticating(in bus_process_internal function) very frequently and will have no any change to +service for events of restarting services(by systemctl restart dbus.service --no-ask-password --no-block). So that the dbus service will never be restarted successfully. +systemd will enter such a state is caused by the timeout setting in sd_bus_get_timeout function. When in BUS_AUTHENTICATING state, the timeout is set +to a fix value of bus->auth_timeout(authenticating start time + 25s), if auth_timeout is an expired time, but not a furture time, systemd will always service +for the callback of function of dbus(time_callback) with no any delay when it got its chance, and leave no chance for events of restarting services. +This patch fix this problem by fixing the timeout to a furture time when bus->auth_timeout is expired. +--- + src/libsystemd/sd-bus/sd-bus.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index b0a3237..ca626d3 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -2267,7 +2267,11 @@ _public_ int sd_bus_get_timeout(sd_bus *bus, uint64_t *timeout_usec) { + switch (bus->state) { + + case BUS_AUTHENTICATING: +- *timeout_usec = bus->auth_timeout; ++ //delay 1 second to ensure it is a furture time but not an expired time ++ if(bus->auth_timeout <= now(CLOCK_MONOTONIC)) ++ *timeout_usec = now(CLOCK_MONOTONIC) + USEC_PER_SEC; ++ else ++ *timeout_usec = bus->auth_timeout; + return 1; + + case BUS_RUNNING: +-- +1.8.3.1 + diff --git a/1610-add-new-rules-for-lower-priority-events-to-preempt.patch b/1610-add-new-rules-for-lower-priority-events-to-preempt.patch new file mode 100644 index 0000000..8715946 --- /dev/null +++ b/1610-add-new-rules-for-lower-priority-events-to-preempt.patch @@ -0,0 +1,222 @@ +From 49f6a75e648c113fa9985675f47f78a4cd57c084 Mon Sep 17 00:00:00 2001 +From: yangbin +Date: Fri, 26 Jul 2019 10:02:58 +0800 +Subject: [PATCH] systemd-core: Add new rules for lower priority events to + preempt over higher priority events + +1. When a high priority event happenes very frequent, and this event takes long time for execution,systemd will get into busy for handling this event only, and lower priority events will have no any change to dispatch and run. + +2. One example is the event for /proc/self/mountinfo, which have a very high priority with -10. +When there are many mountpoints in mountinfo(for example, there may be many netns mountpoints),this event will take long time to finish. +Then if now there are mountpoints in repeating mounting and unmounting(for example, /run/user/uid mountpoint will be mounted then unmounted when for one su command), +this event will take all time of systemd, and lower priority lower events will not be dispatched anyway. +This will case a very severity problem that zombie process will not be reaped, for the evnet for reaping zombies has a lower priority of -6. + +3. This patch fix this problem by add the following rules to allow lower priority events to preempt over higher priority events. +a) If a higher priority event has already been execute for a certain count in consecutive, it can be preempted by lower priority events. The default value for this count is 10, and can be configured through 'sd_event_source_set_preempt_dispatch_count'. +b) If a lower priority gets into pending for 10 times in consecutive, it can preempt over higher priority events. +c) If a lower priority is in pending, and is not dispatched over 50 iteration, it can preempt over higher priority events. +d) The above rules only works for events with priority equal or higher than 'SD_EVENT_PRIORITY_NORMAL' or evnets with type of SOURCE_DEFER, since SOURCE_DEFER events is used for job running queues. +--- + src/core/mount.c | 4 ++ + src/libsystemd/sd-event/sd-event.c | 87 ++++++++++++++++++++++++++++++ + src/systemd/sd-event.h | 1 + + 3 files changed, 92 insertions(+) + +diff --git a/src/core/mount.c b/src/core/mount.c +index 1b94ab4..78b6e30 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -1742,6 +1742,10 @@ static void mount_enumerate(Manager *m) { + goto fail; + } + ++ r = sd_event_source_set_preempt_dispatch_count(m->mount_event_source, 5); ++ if (r < 0) ++ goto fail; ++ + (void) sd_event_source_set_description(m->mount_event_source, "mount-monitor-dispatch"); + } + +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index d53b9a7..7e33061 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -26,6 +26,11 @@ + #include "time-util.h" + #include "util.h" + ++#define DEFAULT_PREEMPTED_ITERATION_COUNT (3) ++#define DEFAULT_PREEMPT_DISPATCH_COUNT (10) ++#define DEFAULT_PREEMPT_PENDING_COUNT (10) ++#define DEFAULT_PREEMPT_ITERATION_COUNT (30) ++ + #define DEFAULT_ACCURACY_USEC (250 * USEC_PER_MSEC) + + typedef enum EventSourceType { +@@ -103,6 +108,11 @@ struct sd_event_source { + uint64_t pending_iteration; + uint64_t prepare_iteration; + ++ uint64_t preempted_iteration; /*The iteration that dispatched_count is greater than preempt_dispatch_count*/ ++ unsigned pending_count; /*times of pending not dispatched*/ ++ unsigned dispatched_count; /*consecutive dispatched count*/ ++ unsigned preempt_dispatch_count; /*Will be preempted by lower priority if dispatched count reaches to this*/ ++ + sd_event_destroy_t destroy_callback; + + LIST_FIELDS(sd_event_source, sources); +@@ -301,6 +311,11 @@ struct sd_event { + + LIST_HEAD(sd_event_source, sources); + ++ /*last dispatched source, its type is sd_event_source, ++ * here use void to avoid accessing its members, ++ * for it may have been freed already.*/ ++ void *last_source; ++ + usec_t last_run, last_log; + unsigned delays[sizeof(usec_t) * 8]; + }; +@@ -314,8 +329,42 @@ static sd_event *event_resolve(sd_event *e) { + return e == SD_EVENT_DEFAULT ? default_event : e; + } + ++static int preempt_prioq_compare(const sd_event_source *x, const sd_event_source *y) { ++ if((x->priority > SD_EVENT_PRIORITY_NORMAL && x->type != SOURCE_DEFER) ++ || (y->priority > SD_EVENT_PRIORITY_NORMAL && y->type != SOURCE_DEFER)) { ++ return 0; /*only high priority evnets can preempt*/ ++ } ++ ++ if(x->priority <= y->priority) { ++ if(x->dispatched_count >= x->preempt_dispatch_count) ++ return 1; ++ if(y->type != SOURCE_DEFER) { /*pending state for defer event is always true*/ ++ /*y has lower priority, but its pending count is greater than x, so y wins*/ ++ if(y->pending_count >= (x->pending_count + DEFAULT_PREEMPT_PENDING_COUNT)) ++ return 1; ++ /*y has lower priority, but is in pending longer than x, so y wins*/ ++ if(x->pending_iteration >= (y->pending_iteration + DEFAULT_PREEMPT_ITERATION_COUNT)) ++ return 1; ++ } ++ } else { ++ if(y->dispatched_count >= y->preempt_dispatch_count) ++ return -1; ++ if(x->type != SOURCE_DEFER) { /*pending state for defer event is always true*/ ++ /*x has lower priority, but its pending count is greater than y, so x wins*/ ++ if(x->pending_count >= (y->pending_count + DEFAULT_PREEMPT_PENDING_COUNT)) ++ return -1; ++ /*x has lower priority, but is in pending longer than y, so x wins*/ ++ if(y->pending_iteration >= (x->pending_iteration + DEFAULT_PREEMPT_ITERATION_COUNT)) ++ return -1; ++ } ++ } ++ ++ return 0; ++} ++ + static int pending_prioq_compare(const void *a, const void *b) { + const sd_event_source *x = a, *y = b; ++ int r; + + assert(x->pending); + assert(y->pending); +@@ -326,6 +375,10 @@ static int pending_prioq_compare(const void *a, const void *b) { + if (x->enabled == SD_EVENT_OFF && y->enabled != SD_EVENT_OFF) + return 1; + ++ r = preempt_prioq_compare(a, b); ++ if(r) ++ return r; ++ + /* Lower priority values first */ + if (x->priority < y->priority) + return -1; +@@ -1030,6 +1083,17 @@ static int source_set_pending(sd_event_source *s, bool b) { + assert(s); + assert(s->type != SOURCE_EXIT); + ++ if (b && s->pending == b) ++ s->pending_count++; ++ else ++ s->pending_count = (b ? 1 : 0); ++ if (b && s->preempted_iteration && ++ (s->pending_count >= DEFAULT_PREEMPTED_ITERATION_COUNT || ++ s->event->iteration >= (s->preempted_iteration + DEFAULT_PREEMPTED_ITERATION_COUNT)) ) { ++ s->dispatched_count = 0; ++ s->preempted_iteration = 0; ++ } ++ + if (s->pending == b) + return 0; + +@@ -1097,6 +1161,7 @@ static sd_event_source *source_new(sd_event *e, bool floating, EventSourceType t + .type = type, + .pending_index = PRIOQ_IDX_NULL, + .prepare_index = PRIOQ_IDX_NULL, ++ .preempt_dispatch_count = DEFAULT_PREEMPT_DISPATCH_COUNT, + }; + + if (!floating) +@@ -2263,6 +2328,7 @@ _public_ int sd_event_source_set_enabled(sd_event_source *s, int m) { + return r; + } + ++ s->pending_count = 0; + switch (s->type) { + + case SOURCE_IO: +@@ -3055,6 +3121,19 @@ static int process_inotify(sd_event *e) { + return done; + } + ++static void source_dispatch_pre(sd_event_source *s) { ++ if(s->event->last_source == s) { ++ s->dispatched_count++; ++ if(s->dispatched_count >= s->preempt_dispatch_count) ++ s->preempted_iteration = s->event->iteration; ++ } else { ++ s->preempted_iteration = 0; ++ s->dispatched_count = 0; ++ } ++ s->event->last_source = s; ++ s->pending_count = 0; ++} ++ + static int source_dispatch(sd_event_source *s) { + EventSourceType saved_type; + int r = 0; +@@ -3095,6 +3174,7 @@ static int source_dispatch(sd_event_source *s) { + return r; + } + ++ source_dispatch_pre(s); + s->dispatching = true; + + switch (s->type) { +@@ -3793,3 +3873,10 @@ _public_ int sd_event_source_get_destroy_callback(sd_event_source *s, sd_event_d + + return !!s->destroy_callback; + } ++ ++_public_ int sd_event_source_set_preempt_dispatch_count(sd_event_source *s, unsigned count) { ++ assert_return(s, -EINVAL); ++ ++ s->preempt_dispatch_count = count; ++ return 0; ++} +diff --git a/src/systemd/sd-event.h b/src/systemd/sd-event.h +index 7fcae4a..fdf9108 100644 +--- a/src/systemd/sd-event.h ++++ b/src/systemd/sd-event.h +@@ -143,6 +143,7 @@ int sd_event_source_get_child_pid(sd_event_source *s, pid_t *pid); + int sd_event_source_get_inotify_mask(sd_event_source *s, uint32_t *ret); + int sd_event_source_set_destroy_callback(sd_event_source *s, sd_event_destroy_t callback); + int sd_event_source_get_destroy_callback(sd_event_source *s, sd_event_destroy_t *ret); ++int sd_event_source_set_preempt_dispatch_count(sd_event_source *s, unsigned count); + + /* Define helpers so that __attribute__((cleanup(sd_event_unrefp))) and similar may be used. */ + _SD_DEFINE_POINTER_CLEANUP_FUNC(sd_event, sd_event_unref); +-- +2.17.1 + diff --git a/1612-serialize-pids-for-scope-when-not-started.patch b/1612-serialize-pids-for-scope-when-not-started.patch new file mode 100644 index 0000000..3d51aa6 --- /dev/null +++ b/1612-serialize-pids-for-scope-when-not-started.patch @@ -0,0 +1,89 @@ +From a5c08598384d44ad3bce24ff63ab320b3b3e5292 Mon Sep 17 00:00:00 2001 +From: huangkaibin +Date: Wed, 31 Jan 2018 22:28:36 +0800 +Subject: [PATCH] systemd-core: Serialize pids for scope unit when it is not + started + +1. when a scope unit is initialized, and daemon-reload is performed before it is started, +pids (generally comes from dbus) belog to this scope will not be attached to the cgroup of this scope, +because these pids are not serialized and are lost during daemon-reload. +2. this patch fix this problem by serializing scope pids when the state of the scope is DEAD(the init state). +--- + src/core/scope.c | 33 +++++++++++++++++++++++++++++++++ + 1 file changed, 33 insertions(+) + +diff --git a/src/core/scope.c b/src/core/scope.c +index ae6614f..8d96ee1 100644 +--- a/src/core/scope.c ++++ b/src/core/scope.c +@@ -194,6 +194,8 @@ static int scope_load(Unit *u) { + + static int scope_coldplug(Unit *u) { + Scope *s = SCOPE(u); ++ Iterator i; ++ void *pidp = NULL; + int r; + + assert(s); +@@ -214,6 +216,12 @@ static int scope_coldplug(Unit *u) { + bus_scope_track_controller(s); + + scope_set_state(s, s->deserialized_state); ++ if (s->state == SCOPE_DEAD && !u->cgroup_path && !set_isempty(u->pids)) { ++ SET_FOREACH(pidp, u->pids, i) { ++ log_unit_info(u, "Rewatch pid from serialized pids. unit: %s, pid: %u", u->id, PTR_TO_UINT32(pidp)); ++ unit_watch_pid(u, PTR_TO_UINT32(pidp)); ++ } ++ } + return 0; + } + +@@ -396,6 +404,8 @@ static int scope_get_timeout(Unit *u, usec_t *timeout) { + } + + static int scope_serialize(Unit *u, FILE *f, FDSet *fds) { ++ Iterator i; ++ void *pidp = NULL; + Scope *s = SCOPE(u); + + assert(s); +@@ -408,6 +418,14 @@ static int scope_serialize(Unit *u, FILE *f, FDSet *fds) { + if (s->controller) + unit_serialize_item(u, f, "controller", s->controller); + ++ /*serialize pids when scope is not started*/ ++ if (s->state == SCOPE_DEAD && !u->cgroup_path && !set_isempty(u->pids)) { ++ SET_FOREACH(pidp, u->pids, i) { ++ log_unit_info(u, "scope is not started yet, pids are serialized. unit: %s, pid: %u", u->id, PTR_TO_UINT32(pidp)); ++ unit_serialize_item_format(u, f, "scope_pids", PID_FMT, PTR_TO_UINT32(pidp)); ++ } ++ } ++ + return 0; + } + +@@ -443,6 +461,21 @@ static int scope_deserialize_item(Unit *u, const char *key, const char *value, F + if (r < 0) + log_oom(); + ++ } else if (streq(key, "scope_pids")) { ++ pid_t pid; ++ ++ if (parse_pid(value, &pid) < 0) ++ log_unit_debug(u, "Failed to parse scope-pid value %s.", value); ++ else { ++ if(!u->pids) { ++ r = set_ensure_allocated(&u->pids, NULL); ++ if (r < 0) ++ return r; ++ } ++ r = set_put(u->pids, pid); ++ if (r < 0) ++ return r; ++ } + } else + log_unit_debug(u, "Unknown serialization key: %s", key); + +-- +1.8.3.1 + diff --git a/1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch b/1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch new file mode 100644 index 0000000..d29e083 --- /dev/null +++ b/1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch @@ -0,0 +1,37 @@ +From 650352c713aeb3b47807c9699ceeb168f9f880b8 Mon Sep 17 00:00:00 2001 +From: huangkaibin +Date: Tue, 13 Mar 2018 20:51:37 +0800 +Subject: [PATCH] systemd-core: Do not finish job during daemon reloading in + unit_notify. + +1. During daemon reload, a service unit will restore its state from dead to its deserialized state, +and unit_notify will be triggered to notify the state change. +Since JobRemove signal will not be sent during daemon-reload(see details of job_uninstall), +if one job is finished in unit_notify due to the deserialization of a service, the corresponding +job observers(such as systemctl) will not receive any JobRemove signals will hang forever. +2. The above problem will cause a systemctl command to hang forever by using the following steps to reproduce. +a) Ensuere a service(named A)is in running state. +b) execute "systemctl daemon-reload" and "systemctl start A" concurrently +c) the systemctl command will hang for it is in waiting for the JobRemoved signal, but not signals will come from systemd. +3. This patch fix this bug by not finishing job in unit_notify when it is in daemon reload. +--- + src/core/unit.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 9e5f1a8..2da6f61 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1831,7 +1831,8 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, UnitNotifyFlag + + unit_update_on_console(u); + +- if (u->job) { ++ if (u->job && ++ !(m->n_reloading > 0 && u->job->state != JOB_RUNNING && os == UNIT_INACTIVE)) { /*do not finish job during daemon-reload*/ + unexpected = false; + + if (u->job->state == JOB_WAITING) +-- +1.8.3.1 + diff --git a/1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch b/1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch new file mode 100644 index 0000000..f457452 --- /dev/null +++ b/1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch @@ -0,0 +1,43 @@ +From 9315c29e4fdfa19c90bb483a364b017881f5cef7 Mon Sep 17 00:00:00 2001 +From: huangkaibin +Date: Sat, 21 Apr 2018 17:18:19 +0800 +Subject: [PATCH] systemd-core: Delay to restart when a service can not be + auto-restarted when there is one STOP_JOB for the service + +When a service current has a STOP job has not scheduled yet, +and also if the service is already scheduled with an auto-restart +with restart-second configured as 0, the service will not be restarted successfully, +and systemd will go into an endless loop to restart the service. +This is because restart-second is 0 and timer task has higher priority than IO tasks when there priority +is same(both with 0), so the STOP job has no chance to be scheduled, and systemd will go into the endless loop +to handle the time task. +This patch fix this problem by delaying 1 second to restart the service to cause STOP job to be scheduled. +--- + src/core/service.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/core/service.c b/src/core/service.c +index ad9c028..8217447 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -1716,14 +1716,15 @@ fail: + static void service_enter_restart(Service *s) { + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; + int r; ++ int restart_usec; + + assert(s); + + if (UNIT(s)->job && UNIT(s)->job->type == JOB_STOP) { + /* Don't restart things if we are going down anyway */ + log_unit_info(UNIT(s), "Stop job pending for unit, delaying automatic restart."); +- +- r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->restart_usec)); ++ restart_usec = (s->restart_usec == 0) ? 1*USEC_PER_SEC : s->restart_usec; ++ r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), restart_usec)); + if (r < 0) + goto fail; + +-- +1.8.3.1 + diff --git a/1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch b/1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch new file mode 100644 index 0000000..05c9cf4 --- /dev/null +++ b/1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch @@ -0,0 +1,46 @@ +From 07e13151c566588b5f679e2576d3dfc2125c6e7c Mon Sep 17 00:00:00 2001 +From: huangkaibin +Date: Sun, 22 Apr 2018 18:49:19 +0800 +Subject: [PATCH] systemd-core: nop_job of a unit must also be coldpluged after + deserization. + +When a unit is not in-active, and systemctl try-restart is executed for this unit, +systemd will do nothing for it and just accept it as a nop_job for the unit. +When then nop-job is still in the running queue, then daemon-reload is performed, this nop job +will be dropped from the unit since it is not coldpluged in the unit_coldplug function. +After then, the systemctl try-restart command will hang forever since no JOB_DONE dbus signal will be sent +to it from systemd. +This patch fix this problem by do coldplug for the nop_job in unit_coldplug function. +--- + src/core/unit.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 2da6f61..a862b79 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -3028,10 +3028,17 @@ int unit_coldplug(Unit *u) { + r = q; + } + +- if (u->job) { +- q = job_coldplug(u->job); +- if (q < 0 && r >= 0) +- r = q; ++ if (u->job || u->nop_job) { ++ if (u->job) { ++ q = job_coldplug(u->job); ++ if (q < 0 && r >= 0) ++ r = q; ++ } ++ if (u->nop_job) { ++ q = job_coldplug(u->nop_job); ++ if (q < 0 && r >= 0) ++ r = q; ++ } + } + + return r; +-- +1.8.3.1 + diff --git a/20-grubby.install b/20-grubby.install new file mode 100755 index 0000000..e059125 --- /dev/null +++ b/20-grubby.install @@ -0,0 +1,51 @@ +#!/bin/bash + +if [[ ! -x /sbin/new-kernel-pkg ]]; then + exit 0 +fi + +COMMAND="$1" +KERNEL_VERSION="$2" +BOOT_DIR_ABS="$3" +KERNEL_IMAGE="$4" + +KERNEL_DIR="${KERNEL_IMAGE%/*}" +[[ "$KERNEL_VERSION" == *\+* ]] && flavor=-"${KERNEL_VERSION##*+}" +case "$COMMAND" in + add) + if [[ "${KERNEL_DIR}" != "/boot" ]]; then + for i in \ + "$KERNEL_IMAGE" \ + "$KERNEL_DIR"/System.map \ + "$KERNEL_DIR"/config \ + "$KERNEL_DIR"/zImage.stub \ + "$KERNEL_DIR"/dtb \ + ; do + [[ -e "$i" ]] || continue + cp -aT "$i" "/boot/${i##*/}-${KERNEL_VERSION}" + command -v restorecon &>/dev/null && \ + restorecon -R "/boot/${i##*/}-${KERNEL_VERSION}" + done + # hmac is .vmlinuz-.hmac so needs a special treatment + i="$KERNEL_DIR/.${KERNEL_IMAGE##*/}.hmac" + if [[ -e "$i" ]]; then + cp -a "$i" "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + command -v restorecon &>/dev/null && \ + restorecon "/boot/.${KERNEL_IMAGE##*/}-${KERNEL_VERSION}.hmac" + fi + fi + /sbin/new-kernel-pkg --package "kernel${flavor}" --install "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --mkinitrd --dracut --depmod --update "$KERNEL_VERSION" || exit $? + /sbin/new-kernel-pkg --package "kernel${flavor}" --rpmposttrans "$KERNEL_VERSION" || exit $? + ;; + remove) + /sbin/new-kernel-pkg --package "kernel${flavor+-$flavor}" --rminitrd --rmmoddep --remove "$KERNEL_VERSION" || exit $? + ;; + *) + ;; +esac + +# skip other installation plugins, if we can't find a boot loader spec conforming setup +if ! [[ -d /boot/loader/entries || -L /boot/loader/entries ]]; then + exit 77 +fi diff --git a/20-yama-ptrace.conf b/20-yama-ptrace.conf new file mode 100644 index 0000000..4fbaf97 --- /dev/null +++ b/20-yama-ptrace.conf @@ -0,0 +1,42 @@ +# The ptrace system call is used for interprocess services, +# communication and introspection (like synchronisation, signaling, +# debugging, tracing and profiling) of processes. +# +# Usage of ptrace is restricted by normal user permissions. Normal +# unprivileged processes cannot use ptrace on processes that they +# cannot send signals to or processes that are running set-uid or +# set-gid. Nevertheless, processes running under the same uid will +# usually be able to ptrace one another. +# +# Fedora enables the Yama security mechanism which restricts ptrace +# even further. Sysctl setting kernel.yama.ptrace_scope can have one +# of the following values: +# +# 0 - Normal ptrace security permissions. +# 1 - Restricted ptrace. Only child processes plus normal permissions. +# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE. +# 3 - No attach. No process may call ptrace at all. Irrevocable. +# +# For more information see Documentation/security/Yama.txt in the +# kernel sources. +# +# The default is 1., which allows tracing of child processes, but +# forbids tracing of arbitrary processes. This allows programs like +# gdb or strace to work when the most common way of having the +# debugger start the debuggee is used: +# gdb /path/to/program ... +# Attaching to already running programs is NOT allowed: +# gdb -p ... +# This default setting is suitable for the common case, because it +# reduces the risk that one hacked process can be used to attack other +# processes. (For example, a hacked firefox process in a user session +# will not be able to ptrace the keyring process and extract passwords +# stored only in memory.) +# +# Developers and administrators might want to disable those protections +# to be able to attach debuggers to existing processes. Use +# sysctl kernel.yama.ptrace_scope=0 +# for change the setting temporarily, or copy this file to +# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots. + +kernel.yama.ptrace_scope = 0 diff --git a/464a73411c13596a130a7a8f0ac00ca728e5f69e.patch b/464a73411c13596a130a7a8f0ac00ca728e5f69e.patch new file mode 100644 index 0000000..4de01c4 --- /dev/null +++ b/464a73411c13596a130a7a8f0ac00ca728e5f69e.patch @@ -0,0 +1,40 @@ +From 464a73411c13596a130a7a8f0ac00ca728e5f69e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 14 Aug 2019 15:57:42 +0200 +Subject: [PATCH] udev: use bfq as the default scheduler + +As requested in https://bugzilla.redhat.com/show_bug.cgi?id=1738828. +Test results are that bfq seems to behave better and more consistently on +typical hardware. The kernel does not have a configuration option to set +the default scheduler, and it currently needs to be set by userspace. + +See the bug for more discussion and links. +--- + rules/60-block-scheduler.rules | 5 +++++ + rules/meson.build | 1 + + 2 files changed, 6 insertions(+) + create mode 100644 rules/60-block-scheduler.rules + +diff --git a/rules/60-block-scheduler.rules b/rules/60-block-scheduler.rules +new file mode 100644 +index 00000000000..480b941761f +--- /dev/null ++++ b/rules/60-block-scheduler.rules +@@ -0,0 +1,5 @@ ++# do not edit this file, it will be overwritten on update ++ ++ACTION=="add", SUBSYSTEM=="block", \ ++ KERNEL=="mmcblk*[0-9]|msblk*[0-9]|mspblk*[0-9]|sd*[!0-9]|sr*", \ ++ ATTR{queue/scheduler}="bfq" +diff --git a/rules/meson.build b/rules/meson.build +index b6a32ba77e2..1da958b4d46 100644 +--- a/rules/meson.build ++++ b/rules/meson.build +@@ -2,6 +2,7 @@ + + rules = files(''' + 60-block.rules ++ 60-block-scheduler.rules + 60-cdrom_id.rules + 60-drm.rules + 60-evdev.rules diff --git a/core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch b/core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch new file mode 100644 index 0000000..c9a66d9 --- /dev/null +++ b/core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch @@ -0,0 +1,67 @@ +From 95100aa8fa3182f3b066bdc5927b0a78c37550aa Mon Sep 17 00:00:00 2001 +From: huangkaibin +Date: Mon, 23 Jul 2018 17:58:18 +0800 +Subject: [PATCH] systemd-udevd: Call malloc_trim to return memory to OS + immediately in forked children. + +hen there are many events from kernel, memory used to store these events(in event_list) +will be large, may be up to 100M. The forked child process will have a copy of these events and +release them using free. But since glibc will release memory to OS immediately, and if this child process +is stuck due I/O waiting(in D state), these memory will never be released until it is recoveried from D-state. +When there are so many such child processes, it will eat up much memory from system. +This patch fix this problem by invoking glibc's malloc_trim to release memory immediately when the child is forked. +--- + meson.build | 6 ++++++ + src/udev/udevd.c | 12 ++++++++++++ + 2 files changed, 18 insertions(+) + +diff --git a/meson.build b/meson.build +index c14540a..5ee2fa7 100644 +--- a/meson.build ++++ b/meson.build +@@ -518,6 +518,12 @@ else + conf.set10('HAVE_GETRANDOM', have) + endif + ++if cc.has_function('malloc_trim', prefix : '''#include ''') ++ conf.set10('HAVE_MALLOC_TRIM', true) ++else ++ conf.set10('HAVE_MALLOC_TRIM', false) ++endif ++ + ##################################################################### + + sed = find_program('sed') +diff --git a/src/udev/udevd.c b/src/udev/udevd.c +index c1119c3..62f1c44 100644 +--- a/src/udev/udevd.c ++++ b/src/udev/udevd.c +@@ -27,6 +27,9 @@ + #include + #include + #include ++#ifdef HAVE_MALLOC_TRIM ++#include ++#endif + + #include "sd-daemon.h" + #include "sd-event.h" +@@ -233,6 +236,15 @@ static void worker_spawn(Manager *manager, struct event *event) { + + manager->event = sd_event_unref(manager->event); + ++#ifdef HAVE_MALLOC_TRIM ++ /* unused memory inherits from parent has been freed, but it will ++ * not release to OS immediately. We do the optimization by invoking ++ * glibc's malloc_trim to force these unused memory to return to OS immediately. ++ * Otherwise when there are many forked process, it will eat up system's memory, ++ * and will cause OOM problem. ++ */ ++ malloc_trim(0); ++#endif + sigfillset(&mask); + fd_signal = signalfd(-1, &mask, SFD_NONBLOCK|SFD_CLOEXEC); + if (fd_signal < 0) { +-- +1.8.3.1 + diff --git a/detect_virt b/detect_virt new file mode 100644 index 0000000..a436b62 --- /dev/null +++ b/detect_virt @@ -0,0 +1,4 @@ +#!/bin/bash + +VIRT_PLATFORM="$(/usr/bin/systemd-detect-virt)" +echo "$VIRT_PLATFORM" diff --git a/inittab b/inittab new file mode 100644 index 0000000..3f5e83c --- /dev/null +++ b/inittab @@ -0,0 +1,16 @@ +# inittab is no longer used. +# +# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM. +# +# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target +# +# systemd uses 'targets' instead of runlevels. By default, there are two main targets: +# +# multi-user.target: analogous to runlevel 3 +# graphical.target: analogous to runlevel 5 +# +# To view current default target, run: +# systemctl get-default +# +# To set a default target, run: +# systemctl set-default TARGET.target diff --git a/net-set-sriov-names b/net-set-sriov-names new file mode 100644 index 0000000..573a6cc --- /dev/null +++ b/net-set-sriov-names @@ -0,0 +1,79 @@ +#!/bin/bash -e +# +# This script is run to rename virtual interfaces +# + +if [ -n "$UDEV_LOG" ]; then + if [ "$UDEV_LOG" -ge 7 ]; then + set -x + fi +fi + +# according to dev_new_index(), ifindex is within [1, INT_MAX] +int_max=$(/usr/bin/getconf INT_MAX) +ifindex_before() { + a=$1 + b=$2 + + ((0 < (b - a) && (b - a) < int_max / 2 || + -1 * int_max < (b - a) && (b - a) < -1 * int_max / 2)) +} + +rename_interface() { + local src_net=$1 + local dest_net=$2 + local err=0 + + /sbin/ip link set dev $src_net down + /sbin/ip link set dev $src_net name $dest_net +} + +if [ -z "$INTERFACE" ]; then + echo "missing \$INTERFACE" >&2 + exit 1 +fi + +if [ -e "/sys/class/net/$INTERFACE/device/physfn" ]; then + pf=$(ls -1 "/sys/class/net/$INTERFACE/device/physfn/net") + if [ $(echo "$pf" | wc -l) -ne 1 ]; then + echo "too many pf's" >&2 + exit 1 + fi + read vfindex < "/sys/class/net/$INTERFACE/ifindex" + read pfindex < "/sys/class/net/$pf/ifindex" + if ifindex_before $pfindex $vfindex; then + bus_info=$(basename $(readlink "/sys/class/net/$INTERFACE/device")) + for virtfn in "/sys/class/net/$pf/device/"virtfn*; do + if [ "$(basename $(readlink "$virtfn"))" = "$bus_info" ]; then + vfnum=$(basename "$virtfn") + vfnum=${vfnum#virtfn} + echo "INTERFACE_NEW=$pf.vf$vfnum" + exit 0 + fi + done + fi +fi + +read pfindex < "/sys/class/net/$INTERFACE/ifindex" +shopt -s nullglob +for virtfn in "/sys/class/net/$INTERFACE/device/"virtfn*; do + vf=$(ls -1 "$virtfn/net") + if [ $(echo "$vf" | wc -l) -ne 1 ]; then + echo "too many vf's" >&2 + exit 1 + fi + read vfindex < "/sys/class/net/$vf/ifindex" + if ifindex_before $vfindex $pfindex; then + vfnum=$(basename "$virtfn") + vfnum=${vfnum#virtfn} + if [ "$INTERFACE_NEW" ]; then + new_name=$INTERFACE_NEW + else + new_name=$INTERFACE + fi + new_name="$new_name.vf$vfnum" + if [ "$vf" != "$new_name" ]; then + rename_interface "$vf" "$new_name" + fi + fi +done diff --git a/purge-nobody-user b/purge-nobody-user new file mode 100755 index 0000000..66404fe --- /dev/null +++ b/purge-nobody-user @@ -0,0 +1,101 @@ +#!/bin/bash -eu + +if [ $UID -ne 0 ]; then + echo "WARNING: This script needs to run as root to be effective" + exit 1 +fi + +export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 + +if [ "${1:-}" = "--ignore-journal" ]; then + shift + ignore_journal=1 +else + ignore_journal=0 +fi + +echo "Checking processes..." +if ps h -u 99 | grep .; then + echo "ERROR: ps reports processes with UID 99!" + exit 2 +fi +echo "... not found" + +echo "Checking UTMP..." +if w -h 199 | grep . ; then + echo "ERROR: w reports UID 99 as active!" + exit 2 +fi +if w -h nobody | grep . ; then + echo "ERROR: w reports user nobody as active!" + exit 2 +fi +echo "... not found" + +echo "Checking the journal..." +if [ "$ignore_journal" = 0 ] && journalctl -q -b -n10 _UID=99 | grep . ; then + echo "ERROR: journalctl reports messages from UID 99 in current boot!" + exit 2 +fi +echo "... not found" + +echo "Looking for files in /etc, /run, /tmp, and /var..." +if find /etc /run /tmp /var -uid 99 -print | grep -m 10 . ; then + echo "ERROR: found files belonging to UID 99" + exit 2 +fi +echo "... not found" + +echo "Checking if nobody is defined correctly..." +if getent passwd nobody | + grep '^nobody:[x*]:65534:65534:.*:/:/sbin/nologin'; +then + echo "OK, nothing to do." + exit 0 +else + echo "NOTICE: User nobody is not defined correctly" +fi + +echo "Checking if nfsnobody or something else is using the uid..." +if getent passwd 65534 | grep . ; then + echo "NOTICE: will have to remove this user" +else + echo "... not found" +fi + +if [ "${1:-}" = "-x" ]; then + if getent passwd nobody >/dev/null; then + # this will remove both the user and the group. + ( set -x + userdel nobody + ) + fi + + if getent passwd 65534 >/dev/null; then + # Make sure the uid is unused. This should free gid too. + name="$(getent passwd 65534 | cut -d: -f1)" + ( set -x + userdel "$name" + ) + fi + + if grep -qE '^(passwd|group):.*\bsss\b' /etc/nsswitch.conf; then + echo "Sleeping, so sss can catch up" + sleep 3 + fi + + if getent group 65534; then + # Make sure the gid is unused, even if uid wasn't. + name="$(getent group 65534 | cut -d: -f1)" + ( set -x + groupdel "$name" + ) + fi + + # systemd-sysusers uses the same gid and uid + ( set -x + systemd-sysusers --inline 'u nobody 65534 "Kernel Overflow User" / /sbin/nologin' + ) +else + echo "Pass '-x' to perform changes" +fi diff --git a/rc.local b/rc.local new file mode 100644 index 0000000..a7e0ad2 --- /dev/null +++ b/rc.local @@ -0,0 +1,13 @@ +#!/bin/bash +# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES +# +# It is highly advisable to create own systemd services or udev rules +# to run scripts during boot instead of using this file. +# +# In contrast to previous versions due to parallel execution during boot +# this script will NOT be run after all other services. +# +# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure +# that this script will be executed during boot. + +touch /var/lock/subsys/local diff --git a/rule_generator.functions b/rule_generator.functions new file mode 100644 index 0000000..ca290cc --- /dev/null +++ b/rule_generator.functions @@ -0,0 +1,107 @@ +# functions used by the udev rule generator +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation version 2 of the License. + +PATH='/usr/sbin:/usr/bin' + +# Read a single line from file $1 in the $DEVPATH directory. +# The function must not return an error even if the file does not exist. +sysread() { + local file="$1" + [ -e "/sys$DEVPATH/$file" ] || return 0 + local value + read value < "/sys$DEVPATH/$file" || return 0 + echo "$value" +} + +sysreadlink() { + local file="$1" + [ -e "/sys$DEVPATH/$file" ] || return 0 + readlink -f /sys$DEVPATH/$file 2> /dev/null || true +} + +# Return true if a directory is writeable. +writeable() { + if ln -s test-link $1/.is-writeable 2> /dev/null; then + rm -f $1/.is-writeable + return 0 + else + return 1 + fi +} + +# Create a lock file for the current rules file. +lock_rules_file() { + [ -e /dev/.udev/ ] || return 0 + + RULES_LOCK="/dev/.udev/.lock-${RULES_FILE##*/}" + + retry=30 + while ! mkdir $RULES_LOCK 2> /dev/null; do + if [ $retry -eq 0 ]; then + echo "Cannot lock $RULES_FILE!" >&2 + exit 2 + fi + sleep 1 + retry=$(($retry - 1)) + done +} + +unlock_rules_file() { + [ "$RULES_LOCK" ] || return 0 + rmdir $RULES_LOCK || true +} + +# Choose the real rules file if it is writeable or a temporary file if not. +# Both files should be checked later when looking for existing rules. +choose_rules_file() { + local tmp_rules_file="/dev/.udev/tmp-rules--${RULES_FILE##*/}" + [ -e "$RULES_FILE" -o -e "$tmp_rules_file" ] || PRINT_HEADER=1 + + local retry=5 + while :; + do + if [ $retry -eq 0 ]; then + echo "$RULES_FILE not writeable!" >&2 + exit 2 + elif writeable ${RULES_FILE%/*}; then + RO_RULES_FILE='/dev/null' + break + fi + sleep 1 + retry=$(($retry - 1)) + done +} + +# Return the name of the first free device. +raw_find_next_available() { + local links="$1" + + local basename=${links%%[ 0-9]*} + local max=-1 + for name in $links; do + local num=${name#$basename} + [ "$num" ] || num=0 + [ $num -gt $max ] && max=$num + done + + local max=$(($max + 1)) + # "name0" actually is just "name" + [ $max -eq 0 ] && return + echo "$max" +} + +# Find all rules matching a key (with action) and a pattern. +find_all_rules() { + local key="$1" + local linkre="$2" + local match="$3" + + local search='.*[[:space:],]'"$key"'"('"$linkre"')".*' + echo $(sed -n -r -e 's/^#.*//' -e "${match}s/${search}/\1/p" \ + $RO_RULES_FILE \ + $([ -e $RULES_FILE ] && echo $RULES_FILE) \ + 2>/dev/null) +} diff --git a/sysctl.conf.README b/sysctl.conf.README new file mode 100644 index 0000000..41c0c41 --- /dev/null +++ b/sysctl.conf.README @@ -0,0 +1,10 @@ +# sysctl settings are defined through files in +# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. +# +# Vendors settings live in /usr/lib/sysctl.d/. +# To override a whole file, create a new file with the same in +# /etc/sysctl.d/ and put new settings there. To override +# only specific settings, add a file with a lexically later +# name in /etc/sysctl.d/ and put new settings there. +# +# For more information, see sysctl.conf(5) and sysctl.d(5). diff --git a/systemd-243.tar.gz b/systemd-243.tar.gz new file mode 100644 index 0000000..9fab520 Binary files /dev/null and b/systemd-243.tar.gz differ diff --git a/systemd-core-Close-and-free-dbus-when-bus-authentica.patch b/systemd-core-Close-and-free-dbus-when-bus-authentica.patch new file mode 100644 index 0000000..114f541 --- /dev/null +++ b/systemd-core-Close-and-free-dbus-when-bus-authentica.patch @@ -0,0 +1,40 @@ +From 1245ae05c6e2ca7a2af055f9c44f19a0db2971a5 Mon Sep 17 00:00:00 2001 +From: yangbin +Date: Thu, 15 Aug 2019 15:24:03 +0800 +Subject: [PATCH 3/3] systemd-core: Close and free dbus when bus authenticating + timedout + +1. when timedout happened on authenticating a private dbus(can be established by systemctl command), +this dbus will never be freed and closed, and will left on systemd permanently even through the client +(for example, systemctl command) has closed the connection. This is because when timedout happend, +the event and also the timer to watch dbus actions is disabled by sd_event_source_set_enabled +from source_dispatch function, and systemd can do nothing on it since this dbus will not be activated again. +2. If a private dbus staying on authenticating state, and when systemd sends a signal message, it will also +add this message to the message write queue of this bus and will never send it out because the dbus is not in running. +systemd does this for it believe that the bus will change from authenticating to running sometime, but actually it will not. +3. When many private dbuses are left as authenticating and many signal messages are sent from dbus, it will eat up our memory +to hold these dbuses and messages, and memory usage of systemd will grow very fast. +4. This patch fix this problem by closing and freeing the dbus when authenticating timedout. +--- + src/libsystemd/sd-bus/sd-bus.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index 05cb4c3..65cf449 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -2946,6 +2946,11 @@ static int bus_process_internal(sd_bus *bus, bool hint_priority, int64_t priorit + if (IN_SET(r, -ENOTCONN, -ECONNRESET, -EPIPE, -ESHUTDOWN)) { + bus_enter_closing(bus); + r = 1; ++ } else if(r == -ETIMEDOUT && !bus->is_system) { ++ /*close dbus directly when timedout happened and it is a private dbus*/ ++ log_info("Private bus is closed due authentication timedout."); ++ bus_enter_closing(bus); ++ r = 1; + } else if (r < 0) + return r; + +-- +2.17.1 + diff --git a/systemd-journal-gatewayd.xml b/systemd-journal-gatewayd.xml new file mode 100644 index 0000000..a1b400c --- /dev/null +++ b/systemd-journal-gatewayd.xml @@ -0,0 +1,6 @@ + + + systemd-journal-gatewayd + Journal Gateway Service + + diff --git a/systemd-journal-remote.xml b/systemd-journal-remote.xml new file mode 100644 index 0000000..e115a12 --- /dev/null +++ b/systemd-journal-remote.xml @@ -0,0 +1,6 @@ + + + systemd-journal-remote + Journal Remote Sink + + diff --git a/systemd-udev-trigger-no-reload.conf b/systemd-udev-trigger-no-reload.conf new file mode 100644 index 0000000..c879427 --- /dev/null +++ b/systemd-udev-trigger-no-reload.conf @@ -0,0 +1,3 @@ +[Unit] +# https://bugzilla.redhat.com/show_bug.cgi?id=1378974#c17 +RefuseManualStop=true diff --git a/systemd-user b/systemd-user new file mode 100644 index 0000000..2725df9 --- /dev/null +++ b/systemd-user @@ -0,0 +1,10 @@ +# This file is part of systemd. +# +# Used by systemd --user instances. + +account include system-auth + +session required pam_selinux.so close +session required pam_selinux.so nottys open +session required pam_loginuid.so +session include system-auth diff --git a/systemd.spec b/systemd.spec new file mode 100644 index 0000000..f03cc7e --- /dev/null +++ b/systemd.spec @@ -0,0 +1,1755 @@ +%global __requires_exclude pkg-config +%global pkgdir %{_prefix}/lib/systemd +%global system_unit_dir %{pkgdir}/system +%global user_unit_dir %{pkgdir}/user +%global _docdir_fmt %{name} +%global _systemddir /usr/lib/systemd + +Name: systemd +Url: https://www.freedesktop.org/wiki/Software/systemd +Version: 243 +Release: 3 +License: MIT and LGPLv2+ and GPLv2+ +Summary: System and Service Manager + + +Source0: https://github.com/systemd/systemd/archive/v%{version}/%{name}-%{version}.tar.gz +Source3: purge-nobody-user + +Source4: yum-protect-systemd.conf + +Source5: inittab +Source6: sysctl.conf.README +Source7: systemd-journal-remote.xml +Source8: systemd-journal-gatewayd.xml +Source9: 20-yama-ptrace.conf +Source10: systemd-udev-trigger-no-reload.conf +Source11: 20-grubby.install +Source12: systemd-user +Source13: rc.local + +Source100: udev-40-openEuler.rules +Source101: udev-55-persistent-net-generator.rules +Source102: udev-56-net-sriov-names.rules +Source103: udev-61-euleros-persistent-storage.rules +Source104: net-set-sriov-names +Source105: rule_generator.functions +Source106: write_net_rules +Source107: detect_virt + +# https://bugzilla.redhat.com/show_bug.cgi?id=1738828 +#https://github.com/keszybz/systemd/commit/464a73411c13596a130a7a8f0ac00ca728e5f69e.patch +Patch0001: 464a73411c13596a130a7a8f0ac00ca728e5f69e.patch +Patch0002: 0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch +Patch0998: 0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch + +#openEuler +Patch9002: 1509-fix-journal-file-descriptors-leak-problems.patch +Patch9003: 1602-activation-service-must-be-restarted-when-reactivated.patch +Patch9004: 1605-systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch +#Patch9004: 1612-serialize-pids-for-scope-when-not-started.patch +#Patch9005: 1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch +Patch9007: 1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch +Patch9008: 1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch +#Patch9006: core-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch +#Patch9009: systemd-core-Close-and-free-dbus-when-bus-authentica.patch + +BuildRequires: gcc, gcc-c++ +BuildRequires: libcap-devel, libmount-devel, pam-devel, libselinux-devel +BuildRequires: audit-libs-devel, cryptsetup-devel, dbus-devel, libacl-devel +BuildRequires: gobject-introspection-devel, libblkid-devel, xz-devel, xz +BuildRequires: lz4-devel, lz4, bzip2-devel, libidn2-devel, libcurl-devel +BuildRequires: kmod-devel, elfutils-devel, libgcrypt-devel, libgpg-error-devel +BuildRequires: gnutls-devel, qrencode-devel, libmicrohttpd-devel, libxkbcommon-devel +BuildRequires: iptables-devel, docbook-style-xsl, pkgconfig, libxslt, gperf +BuildRequires: gawk, tree, hostname, git, meson >= 0.43, gettext, dbus >= 1.9.18 +BuildRequires: python3-devel, python3-lxml, firewalld-filesystem, libseccomp-devel +BuildRequires: gnu-efi gnu-efi-devel +BuildRequires: valgrind-devel, util-linux + +Requires(post): coreutils +Requires(post): sed +Requires(post): acl +Requires(post): grep +Requires(post): openssl +Requires(pre): coreutils +Requires(pre): /usr/bin/getent +Requires(pre): /usr/sbin/groupadd +Recommends: diffutils +Recommends: libxkbcommon%{?_isa} +Provides: /bin/systemctl +Provides: /sbin/shutdown +Provides: syslog +Provides: systemd-units = %{version}-%{release} +Obsoletes: system-setup-keyboard < 0.9 +Provides: system-setup-keyboard = 0.9 +Obsoletes: systemd-sysv < 206 +Obsoletes: %{name} < 229-5 +Provides: systemd-sysv = 206 +Conflicts: initscripts < 9.56.1 +Conflicts: fedora-release < 23-0.12 +Recommends: %{name}-help + +#libs +Obsoletes: libudev < 183 +Obsoletes: systemd < 185-4 +Conflicts: systemd < 185-4 +Obsoletes: systemd-compat-libs < 230 +Obsoletes: nss-myhostname < 0.4 +Provides: nss-myhostname = 0.4 +Provides: nss-myhostname%{_isa} = 0.4 +Requires(post): coreutils +Requires(post): sed +Requires(post): grep +Requires(post): /usr/bin/getent + +Provides: %{name}-libs +Provides: %{name}-libs%{?_isa} +Provides: %{name}-pam +Provides: %{name}-rpm-config +Obsoletes: %{name}-libs +Obsoletes: %{name}-libs%{?_isa} +Obsoletes: %{name}-pam +Obsoletes: %{name}-rpm-config + +%description +systemd is a system and service manager that runs as PID 1 and starts +the rest of the system. + +%package devel +Summary: Development headers for systemd +License: LGPLv2+ and MIT +Requires: %{name} = %{version}-%{release} +Provides: libudev-devel = %{version} +Provides: libudev-devel%{_isa} = %{version} +Obsoletes: libudev-devel < 183 + +%description devel +Development headers and auxiliary files for developing applications linking +to libudev or libsystemd. + +%package udev +Summary: Rule-based device node and kernel event manager +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +Requires(post): grep +Requires: kmod >= 18-4 +# obsolete parent package so that dnf will install new subpackage on upgrade (#1260394) +Obsoletes: %{name} < 229-5 +Provides: udev = %{version} +Provides: udev%{_isa} = %{version} +Obsoletes: udev < 183 +# https://bugzilla.redhat.com/show_bug.cgi?id=1377733#c9 +Recommends: systemd-bootchart +# https://bugzilla.redhat.com/show_bug.cgi?id=1408878 +Recommends: kbd +License: LGPLv2+ + +%description udev +This package contains systemd-udev and the rules and hardware database +needed to manage device nodes. This package is necessary on physical +machines and in virtual machines, but not in containers. + +%package container +Summary: Tools for containers and VMs +Requires: %{name}%{?_isa} = %{version}-%{release} +Obsoletes: %{name} < 229-5 +License: LGPLv2+ + +%description container +Systemd tools to spawn and manage containers and virtual machines. + +This package contains systemd-nspawn, machinectl, systemd-machined, +and systemd-importd. + +%package journal-remote +# Name is the same as in Debian +Summary: Tools to send journal events over the network +Requires: %{name}%{?_isa} = %{version}-%{release} +License: LGPLv2+ +Requires(pre): /usr/bin/getent +Requires: firewalld +Provides: %{name}-journal-gateway = %{version}-%{release} +Provides: %{name}-journal-gateway%{_isa} = %{version}-%{release} +Obsoletes: %{name}-journal-gateway < 227-7 + +%description journal-remote +Programs to forward journal entries over the network, using encrypted HTTP, +and to write journal files from serialized journal contents. + +%package udev-compat +Summary: Udev rules compatibility with NetworkManager +Requires: %{name} = %{version}-%{release} +License: LGPLv2+ +Requires(pre): /usr/bin/getent +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description udev-compat +systemd-udev-compat is a set of udev rules which conflict with NetworkManager. +If users choose to use the network-scripts to manager the network, the package can be used +to do somethings when down or up nics or disk. + +%package_help + +%prep +%autosetup -n %{name}-%{version} -p1 -Sgit + +%build + +CONFIGURE_OPTS=( + -Dsysvinit-path=/etc/rc.d/init.d + -Drc-local=/etc/rc.d/rc.local + -Ddev-kvm-mode=0666 + -Dkmod=true + -Dxkbcommon=true + -Dblkid=true + -Dseccomp=true + -Dima=true + -Dselinux=true + -Dapparmor=false + -Dpolkit=true + -Dxz=true + -Dzlib=true + -Dbzip2=true + -Dlz4=true + -Dpam=true + -Dacl=true + -Dsmack=true + -Dgcrypt=true + -Daudit=true + -Delfutils=true + -Dlibcryptsetup=true + -Delfutils=true + -Dqrencode=true + -Dgnutls=true + -Dmicrohttpd=true + -Dlibidn2=true + -Dlibiptc=true + -Dlibcurl=true + -Defi=true + -Dgnu-efi=true + -Dtpm=true + -Dhwdb=true + -Dsysusers=true + -Ddefault-kill-user-processes=false + -Dtests=false + -Dinstall-tests=false + -Dtty-gid=5 + -Dusers-gid=100 + -Dnobody-user=nobody + -Dnobody-group=nobody + -Dsplit-usr=false + -Dsplit-bin=true + -Db_lto=true + -Db_ndebug=false + -Dman=true + -Dversion-tag=v%{version}-%{release} + -Ddefault-hierarchy=legacy +) + +%meson "${CONFIGURE_OPTS[@]}" +%meson_build + +%install +%meson_install + +# udev links +mkdir -p %{buildroot}/%{_sbindir} +ln -sf ../bin/udevadm %{buildroot}%{_sbindir}/udevadm + +# Compatiblity and documentation files +touch %{buildroot}/etc/crypttab +chmod 600 %{buildroot}/etc/crypttab + +# /etc/initab +install -Dm0644 -t %{buildroot}/etc/ %{SOURCE5} + +# /etc/sysctl.conf compat +install -Dm0644 %{SOURCE6} %{buildroot}/etc/sysctl.conf +ln -s ../sysctl.conf %{buildroot}/etc/sysctl.d/99-sysctl.conf + +# Make sure these directories are properly owned +mkdir -p %{buildroot}%{system_unit_dir}/basic.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/default.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/dbus.target.wants +mkdir -p %{buildroot}%{system_unit_dir}/syslog.target.wants +mkdir -p %{buildroot}%{_localstatedir}/run +mkdir -p %{buildroot}%{_localstatedir}/log +touch %{buildroot}%{_localstatedir}/run/utmp +touch %{buildroot}%{_localstatedir}/log/{w,b}tmp + +# Make sure the user generators dir exists too +mkdir -p %{buildroot}%{pkgdir}/system-generators +mkdir -p %{buildroot}%{pkgdir}/user-generators + +# Create new-style configuration files so that we can ghost-own them +touch %{buildroot}%{_sysconfdir}/hostname +touch %{buildroot}%{_sysconfdir}/vconsole.conf +touch %{buildroot}%{_sysconfdir}/locale.conf +touch %{buildroot}%{_sysconfdir}/machine-id +touch %{buildroot}%{_sysconfdir}/machine-info +touch %{buildroot}%{_sysconfdir}/localtime +mkdir -p %{buildroot}%{_sysconfdir}/X11/xorg.conf.d +touch %{buildroot}%{_sysconfdir}/X11/xorg.conf.d/00-keyboard.conf + +# Make sure the shutdown/sleep drop-in dirs exist +mkdir -p %{buildroot}%{pkgdir}/system-shutdown/ +mkdir -p %{buildroot}%{pkgdir}/system-sleep/ + +# Make sure directories in /var exist +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/coredump +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/catalog +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/backlight +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/rfkill +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/linger +mkdir -p %{buildroot}%{_localstatedir}/lib/private +mkdir -p %{buildroot}%{_localstatedir}/log/private +mkdir -p %{buildroot}%{_localstatedir}/cache/private +mkdir -p %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload +mkdir -p %{buildroot}%{_localstatedir}/lib/systemd/timesync +ln -s ../private/systemd/journal-upload %{buildroot}%{_localstatedir}/lib/systemd/journal-upload +mkdir -p %{buildroot}%{_localstatedir}/log/journal +touch %{buildroot}%{_localstatedir}/lib/systemd/catalog/database +touch %{buildroot}%{_sysconfdir}/udev/hwdb.bin +touch %{buildroot}%{_localstatedir}/lib/systemd/random-seed +touch %{buildroot}%{_localstatedir}/lib/systemd/timesync/clock +touch %{buildroot}%{_localstatedir}/lib/private/systemd/journal-upload/state + +# Install yum protection fragment +install -Dm0644 %{SOURCE4} %{buildroot}/etc/dnf/protected.d/systemd.conf + +install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8} + +# Restore systemd-user pam config from before "removal of Fedora-specific bits" +install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12} + +# Install additional docs +# https://bugzilla.redhat.com/show_bug.cgi?id=1234951 +install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} + +# https://bugzilla.redhat.com/show_bug.cgi?id=1378974 +install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10} + +# A temporary work-around for https://bugzilla.redhat.com/show_bug.cgi?id=1663040 +mkdir -p %{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/ +cat >%{buildroot}%{system_unit_dir}/systemd-hostnamed.service.d/disable-privatedevices.conf <. + +# The contents of this are an example to be copied into systemd.spec. +# +# Minimum rpm version supported: 4.13.0 + +%transfiletriggerin -P 900900 -- %{_systemddir}/system /etc/systemd/system +# This script will run after any package is initially installed or +# upgraded. We care about the case where a package is initially +# installed, because other cases are covered by the *un scriptlets, +# so sometimes we will reload needlessly. +if test -d /run/systemd/system; then + %{_bindir}/systemctl daemon-reload +fi + +%transfiletriggerun -- %{_systemddir}/system /etc/systemd/system +# On removal, we need to run daemon-reload after any units have been +# removed. %transfiletriggerpostun would be ideal, but it does not get +# executed for some reason. +# On upgrade, we need to run daemon-reload after any new unit files +# have been installed, but before %postun scripts in packages get +# executed. %transfiletriggerun gets the right list of files +# but it is invoked too early (before changes happen). +# %filetriggerpostun happens at the right time, but it fires for +# every package. +# To execute the reload at the right time, we create a state +# file in %transfiletriggerun and execute the daemon-reload in +# the first %filetriggerpostun. + +if test -d "/run/systemd/system"; then + mkdir -p "%{_localstatedir}/lib/rpm-state/systemd" + touch "%{_localstatedir}/lib/rpm-state/systemd/needs-reload" +fi + +%filetriggerpostun -P 1000100 -- %{_systemddir}/system /etc/systemd/system +if test -f "%{_localstatedir}/lib/rpm-state/systemd/needs-reload"; then + rm -rf "%{_localstatedir}/lib/rpm-state/systemd" + %{_bindir}/systemctl daemon-reload +fi + +%transfiletriggerin -P 100700 -- /usr/lib/sysusers.d +# This script will process files installed in /usr/lib/sysusers.d to create +# specified users automatically. The priority is set such that it +# will run before the tmpfiles file trigger. +if test -d /run/systemd/system; then + %{_bindir}/systemd-sysusers || : +fi + +%transfiletriggerin -P 100500 -- /usr/lib/tmpfiles.d +# This script will process files installed in /usr/lib/tmpfiles.d to create +# tmpfiles automatically. The priority is set such that it will run +# after the sysusers file trigger, but before any other triggers. +if test -d /run/systemd/system; then + %{_bindir}/systemd-tmpfiles --create || : +fi + +%transfiletriggerin udev -- /usr/lib/udev/hwdb.d +# This script will automatically invoke hwdb update if files have been +# installed or updated in /usr/lib/udev/hwdb.d. +if test -d /run/systemd/system; then + %{_bindir}/systemd-hwdb update || : +fi + +%transfiletriggerin -- %{_systemddir}/catalog +# This script will automatically invoke journal catalog update if files +# have been installed or updated in %{_systemddir}/catalog. +if test -d /run/systemd/system; then + %{_bindir}/journalctl --update-catalog || : +fi + +%transfiletriggerin udev -- /usr/lib/udev/rules.d +# This script will automatically update udev with new rules if files +# have been installed or updated in /usr/lib/udev/rules.d. +if test -e /run/udev/control; then + %{_bindir}/udevadm control --reload || : +fi + +%transfiletriggerin -- /usr/lib/sysctl.d +# This script will automatically apply sysctl rules if files have been +# installed or updated in /usr/lib/sysctl.d. +if test -d /run/systemd/system; then + %{_systemddir}/systemd-sysctl || : +fi + +%transfiletriggerin -- /usr/lib/binfmt.d +# This script will automatically apply binfmt rules if files have been +# installed or updated in /usr/lib/binfmt.d. +if test -d /run/systemd/system; then + # systemd-binfmt might fail if binfmt_misc kernel module is not loaded + # during install + %{_systemddir}/systemd-binfmt || : +fi + +%pre +getent group cdrom &>/dev/null || groupadd -r -g 11 cdrom &>/dev/null || : +getent group utmp &>/dev/null || groupadd -r -g 22 utmp &>/dev/null || : +getent group tape &>/dev/null || groupadd -r -g 33 tape &>/dev/null || : +getent group dialout &>/dev/null || groupadd -r -g 18 dialout &>/dev/null || : +getent group input &>/dev/null || groupadd -r input &>/dev/null || : +getent group kvm &>/dev/null || groupadd -r -g 36 kvm &>/dev/null || : +getent group render &>/dev/null || groupadd -r render &>/dev/null || : +getent group systemd-journal &>/dev/null || groupadd -r -g 190 systemd-journal 2>&1 || : + +getent group systemd-coredump &>/dev/null || groupadd -r systemd-coredump 2>&1 || : +getent passwd systemd-coredump &>/dev/null || useradd -r -l -g systemd-coredump -d / -s /sbin/nologin -c "systemd Core Dumper" systemd-coredump &>/dev/null || : + +getent group systemd-network &>/dev/null || groupadd -r -g 192 systemd-network 2>&1 || : +getent passwd systemd-network &>/dev/null || useradd -r -u 192 -l -g systemd-network -d / -s /sbin/nologin -c "systemd Network Management" systemd-network &>/dev/null || : + +getent group systemd-resolve &>/dev/null || groupadd -r -g 193 systemd-resolve 2>&1 || : +getent passwd systemd-resolve &>/dev/null || useradd -r -u 193 -l -g systemd-resolve -d / -s /sbin/nologin -c "systemd Resolver" systemd-resolve &>/dev/null || : + +%post +systemd-machine-id-setup &>/dev/null || : +systemctl daemon-reexec &>/dev/null || : +journalctl --update-catalog &>/dev/null || : +systemd-tmpfiles --create &>/dev/null || : + +# create /var/log/journal only on initial installation, +# and only if it's writable (it won't be in rpm-ostree). +if [ $1 -eq 1 ] && [ -w %{_localstatedir} ]; then + mkdir -p %{_localstatedir}/log/journal +fi + +# Make sure new journal files will be owned by the "systemd-journal" group +machine_id=$(cat /etc/machine-id 2>/dev/null) +chgrp systemd-journal /{run,var}/log/journal/{,${machine_id}} &>/dev/null || : +chmod g+s /{run,var}/log/journal/{,${machine_id}} &>/dev/null || : + +# Apply ACL to the journal directory +setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/ &>/dev/null || : + +# We reset the enablement of all services upon initial installation +# https://bugzilla.redhat.com/show_bug.cgi?id=1118740#c23 +# This will fix up enablement of any preset services that got installed +# before systemd due to rpm ordering problems: +# https://bugzilla.redhat.com/show_bug.cgi?id=1647172 +if [ $1 -eq 1 ] ; then + systemctl preset-all &>/dev/null || : +fi + +#%post libs +%{?ldconfig} + +function mod_nss() { + if [ -f "$1" ] ; then + # sed-fu to add myhostname to hosts line + grep -E -q '^hosts:.* myhostname' "$1" || + sed -i.bak -e ' + /^hosts:/ !b + /\/ b + s/[[:blank:]]*$/ myhostname/ + ' "$1" &>/dev/null || : + + # Add nss-systemd to passwd and group + grep -E -q '^(passwd|group):.* systemd' "$1" || + sed -i.bak -r -e ' + s/^(passwd|group):(.*)/\1: \2 systemd/ + ' "$1" &>/dev/null || : + fi +} + +FILE="$(readlink /etc/nsswitch.conf || echo /etc/nsswitch.conf)" +if [ "$FILE" = "/etc/authselect/nsswitch.conf" ] && authselect check &>/dev/null; then + mod_nss "/etc/authselect/user-nsswitch.conf" + authselect apply-changes &> /dev/null || : +else + mod_nss "$FILE" + # also apply the same changes to user-nsswitch.conf to affect + # possible future authselect configuration + mod_nss "/etc/authselect/user-nsswitch.conf" +fi + +# check if nobody or nfsnobody is defined +export SYSTEMD_NSS_BYPASS_SYNTHETIC=1 +if getent passwd nfsnobody &>/dev/null; then + test -f /etc/systemd/dont-synthesize-nobody || { + echo 'Detected system with nfsnobody defined, creating /etc/systemd/dont-synthesize-nobody' + mkdir -p /etc/systemd || : + : >/etc/systemd/dont-synthesize-nobody || : + } +elif getent passwd nobody 2>/dev/null | grep -v 'nobody:[x*]:65534:65534:.*:/:/sbin/nologin' &>/dev/null; then + test -f /etc/systemd/dont-synthesize-nobody || { + echo 'Detected system with incompatible nobody defined, creating /etc/systemd/dont-synthesize-nobody' + mkdir -p /etc/systemd || : + : >/etc/systemd/dont-synthesize-nobody || : + } +fi + +%{?ldconfig:%postun -p %ldconfig} + +%global udev_services systemd-udev{d,-settle,-trigger}.service systemd-udevd-{control,kernel}.socket systemd-timesyncd.service + +%preun +if [ $1 -eq 0 ] ; then + systemctl disable --quiet \ + remote-fs.target \ + getty@.service \ + serial-getty@.service \ + console-getty.service \ + debug-shell.service \ + systemd-networkd.service \ + systemd-networkd-wait-online.service \ + systemd-resolved.service \ + >/dev/null || : +fi + +%pre udev +getent group systemd-timesync &>/dev/null || groupadd -r systemd-timesync 2>&1 || : +getent passwd systemd-timesync &>/dev/null || useradd -r -l -g systemd-timesync -d / -s /sbin/nologin -c "systemd Time Synchronization" systemd-timesync &>/dev/null || : + +%post udev +# Move old stuff around in /var/lib +mv %{_localstatedir}/lib/random-seed %{_localstatedir}/lib/systemd/random-seed &>/dev/null +mv %{_localstatedir}/lib/backlight %{_localstatedir}/lib/systemd/backlight &>/dev/null +if [ -L %{_localstatedir}/lib/systemd/timesync ]; then + rm %{_localstatedir}/lib/systemd/timesync + mv %{_localstatedir}/lib/private/systemd/timesync %{_localstatedir}/lib/systemd/timesync +fi +if [ -f %{_localstatedir}/lib/systemd/clock ] ; then + mkdir -p %{_localstatedir}/lib/systemd/timesync + mv %{_localstatedir}/lib/systemd/clock %{_localstatedir}/lib/systemd/timesync/. +fi + +udevadm hwdb --update &>/dev/null +%systemd_post %udev_services +%{_systemddir}/systemd-random-seed save 2>&1 + +# Replace obsolete keymaps +# https://bugzilla.redhat.com/show_bug.cgi?id=1151958 +grep -q -E '^KEYMAP="?fi-latin[19]"?' /etc/vconsole.conf 2>/dev/null && + sed -i.rpm.bak -r 's/^KEYMAP="?fi-latin[19]"?/KEYMAP="fi"/' /etc/vconsole.conf || : + +%preun udev +%systemd_preun %udev_services + +%postun udev +# Only restart systemd-udev, to run the upgraded dameon. +# Others are either oneshot services, or sockets, and restarting them causes issues (#1378974) +%systemd_postun_with_restart systemd-udevd.service + +%pre journal-remote +getent group systemd-journal-remote &>/dev/null || groupadd -r systemd-journal-remote 2>&1 || : +getent passwd systemd-journal-remote &>/dev/null || useradd -r -l -g systemd-journal-remote -d %{_localstatedir}/log/journal/remote -s /sbin/nologin -c "Journal Remote" systemd-journal-remote &>/dev/null || : + +%post journal-remote +%systemd_post systemd-journal-gatewayd.socket systemd-journal-gatewayd.service +%systemd_post systemd-journal-remote.socket systemd-journal-remote.service +%systemd_post systemd-journal-upload.service +%firewalld_reload + +%preun journal-remote +%systemd_preun systemd-journal-gatewayd.socket systemd-journal-gatewayd.service +%systemd_preun systemd-journal-remote.socket systemd-journal-remote.service +%systemd_preun systemd-journal-upload.service +if [ $1 -eq 1 ] ; then + if [ -f %{_localstatedir}/lib/systemd/journal-upload/state -a ! -L %{_localstatedir}/lib/systemd/journal-upload ] ; then + mkdir -p %{_localstatedir}/lib/private/systemd/journal-upload + mv %{_localstatedir}/lib/systemd/journal-upload/state %{_localstatedir}/lib/private/systemd/journal-upload/. + rmdir %{_localstatedir}/lib/systemd/journal-upload || : + fi +fi + +%postun journal-remote +%systemd_postun_with_restart systemd-journal-gatewayd.service +%systemd_postun_with_restart systemd-journal-remote.service +%systemd_postun_with_restart systemd-journal-upload.service +%firewalld_reload + +%files -f %{name}.lang +%doc %{_pkgdocdir} +%exclude %{_pkgdocdir}/LICENSE.* +%license LICENSE.GPL2 LICENSE.LGPL2.1 +%ghost %dir %attr(0755,-,-) /etc/systemd/system/basic.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/bluetooth.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/default.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/getty.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/graphical.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/local-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/machines.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/multi-user.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/network-online.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/printer.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/remote-fs.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sockets.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/sysinit.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/system-update.target.wants +%ghost %dir %attr(0755,-,-) /etc/systemd/system/timers.target.wants +%ghost %dir %attr(0755,-,-) /var/lib/rpm-state/systemd + +%ghost %dir /var/log/journal +%ghost %attr(0664,root,utmp) /var/log/wtmp +/var/log/README +%ghost %attr(0600,root,utmp) /var/log/btmp +%ghost %attr(0700,root,root) %dir /var/log/private +%ghost %attr(0664,root,utmp) /var/run/utmp +%ghost %attr(0700,root,root) %dir /var/cache/private +%ghost %attr(0700,root,root) %dir /var/lib/private +%dir /var/lib/systemd +%dir /var/lib/systemd/catalog +%ghost %dir /var/lib/systemd/coredump +%ghost %dir /var/lib/systemd/linger +%ghost /var/lib/systemd/catalog/database +%ghost %dir /var/lib/private/systemd +/usr/sbin/reboot +/usr/sbin/halt +/usr/sbin/telinit +/usr/sbin/resolvconf +/usr/sbin/init +/usr/sbin/runlevel +/usr/sbin/poweroff +/usr/sbin/shutdown +%dir /usr/share/systemd +%dir /usr/share/factory +%dir /usr/share/factory/etc +/usr/share/factory/etc/issue +/usr/share/factory/etc/nsswitch.conf +%dir /usr/share/factory/etc/pam.d +/usr/share/factory/etc/pam.d/other +/usr/share/factory/etc/pam.d/system-auth +/usr/share/systemd/language-fallback-map +/usr/share/systemd/kbd-model-map +/usr/share/bash-completion/completions/localectl +/usr/share/bash-completion/completions/systemd-path +/usr/share/bash-completion/completions/portablectl +/usr/share/bash-completion/completions/systemd-run +/usr/share/bash-completion/completions/systemd-cat +/usr/share/bash-completion/completions/resolvectl +/usr/share/bash-completion/completions/coredumpctl +/usr/share/bash-completion/completions/systemd-delta +/usr/share/bash-completion/completions/systemd-cgls +/usr/share/bash-completion/completions/systemd-resolve +/usr/share/bash-completion/completions/networkctl +/usr/share/bash-completion/completions/systemd-detect-virt +/usr/share/bash-completion/completions/hostnamectl +/usr/share/bash-completion/completions/systemd-cgtop +/usr/share/bash-completion/completions/systemctl +/usr/share/bash-completion/completions/journalctl +/usr/share/bash-completion/completions/systemd-analyze +/usr/share/bash-completion/completions/loginctl +/usr/share/bash-completion/completions/timedatectl +/usr/share/bash-completion/completions/busctl +/usr/share/zsh/site-functions/_loginctl +/usr/share/zsh/site-functions/_systemd-inhibit +/usr/share/zsh/site-functions/_journalctl +/usr/share/zsh/site-functions/_systemd-delta +/usr/share/zsh/site-functions/_systemd-tmpfiles +/usr/share/zsh/site-functions/_resolvectl +/usr/share/zsh/site-functions/_systemctl +/usr/share/zsh/site-functions/_systemd-run +/usr/share/zsh/site-functions/_sd_outputmodes +/usr/share/zsh/site-functions/_sd_unit_files +/usr/share/zsh/site-functions/_sd_machines +/usr/share/zsh/site-functions/_coredumpctl +/usr/share/zsh/site-functions/_networkctl +/usr/share/zsh/site-functions/_timedatectl +/usr/share/zsh/site-functions/_busctl +/usr/share/zsh/site-functions/_systemd +/usr/share/zsh/site-functions/_systemd-analyze +/usr/share/zsh/site-functions/_hostnamectl +/usr/share/zsh/site-functions/_sd_hosts_or_user_at_host +/usr/share/zsh/site-functions/_localectl +/usr/share/dbus-1/system-services/org.freedesktop.portable1.service +/usr/share/dbus-1/system-services/org.freedesktop.login1.service +/usr/share/dbus-1/system-services/org.freedesktop.locale1.service +/usr/share/dbus-1/system-services/org.freedesktop.resolve1.service +/usr/share/dbus-1/system-services/org.freedesktop.hostname1.service +/usr/share/dbus-1/system-services/org.freedesktop.network1.service +/usr/share/dbus-1/system-services/org.freedesktop.timedate1.service +/usr/share/dbus-1/system.d/org.freedesktop.resolve1.conf +/usr/share/dbus-1/system.d/org.freedesktop.timedate1.conf +/usr/share/dbus-1/system.d/org.freedesktop.hostname1.conf +/usr/share/dbus-1/system.d/org.freedesktop.login1.conf +/usr/share/dbus-1/system.d/org.freedesktop.systemd1.conf +/usr/share/dbus-1/system.d/org.freedesktop.locale1.conf +/usr/share/dbus-1/system.d/org.freedesktop.portable1.conf +/usr/share/dbus-1/system.d/org.freedesktop.network1.conf +/usr/share/pkgconfig/systemd.pc +/usr/share/pkgconfig/udev.pc +/usr/share/polkit-1/actions/org.freedesktop.hostname1.policy +/usr/share/polkit-1/actions/org.freedesktop.portable1.policy +/usr/share/polkit-1/actions/org.freedesktop.timedate1.policy +/usr/share/polkit-1/actions/org.freedesktop.resolve1.policy +/usr/share/polkit-1/actions/org.freedesktop.systemd1.policy +/usr/share/polkit-1/actions/org.freedesktop.login1.policy +/usr/share/polkit-1/actions/org.freedesktop.network1.policy +/usr/share/polkit-1/actions/org.freedesktop.locale1.policy +/usr/share/polkit-1/rules.d/systemd-networkd.rules +/usr/bin/systemd-machine-id-setup +/usr/bin/localectl +/usr/bin/systemd-path +/usr/bin/portablectl +/usr/bin/systemd-run +/usr/bin/systemd-firstboot +/usr/bin/systemd-escape +/usr/bin/systemd-tmpfiles +/usr/bin/systemd-cat +/usr/bin/systemd-inhibit +/usr/bin/systemd-ask-password +/usr/bin/resolvectl +/usr/bin/systemd-notify +/usr/bin/coredumpctl +/usr/bin/systemd-delta +/usr/bin/systemd-cgls +/usr/bin/systemd-resolve +/usr/bin/networkctl +/usr/bin/systemd-stdio-bridge +/usr/bin/systemd-detect-virt +/usr/bin/systemd-socket-activate +/usr/bin/hostnamectl +/usr/bin/systemd-mount +/usr/bin/systemd-umount +/usr/bin/systemd-cgtop +/usr/bin/systemd-id128 +/usr/bin/systemctl +/usr/bin/journalctl +/usr/bin/systemd-analyze +/usr/bin/loginctl +/usr/bin/timedatectl +/usr/bin/systemd-sysusers +/usr/bin/systemd-tty-ask-password-agent +/usr/bin/busctl +%dir /usr/lib/environment.d +%dir /usr/lib/binfmt.d +%dir /usr/lib/tmpfiles.d +%dir /usr/lib/sysctl.d +%dir /usr/lib/systemd +%dir /usr/lib/sysusers.d +/usr/lib/sysusers.d/systemd.conf +/usr/lib/sysusers.d/basic.conf +%{_systemddir}/systemd-update-done +%{_systemddir}/systemd-update-utmp +%{_systemddir}/systemd-initctl +%{_systemddir}/purge-nobody-user +%dir %{_systemddir}/system-shutdown +%dir %{_systemddir}/catalog +%dir %{_systemddir}/network +%{_systemddir}/systemd-cgroups-agent +%{_systemddir}/systemd-sulogin-shell +%{_systemddir}/systemd-boot-check-no-failures +%dir %{_systemddir}/ntp-units.d +%{_systemddir}/systemd-user-sessions +%{_systemddir}/systemd-sysctl +%{_systemddir}/systemd-networkd-wait-online +%{_systemddir}/systemd-socket-proxyd +%{_systemddir}/systemd-ac-power +%{_systemddir}/systemd-hostnamed +%{_systemddir}/systemd-bless-boot +%{_systemddir}/systemd-localed +%dir %{_systemddir}/user +%{_systemddir}/systemd-volatile-root +%{_systemddir}/systemd-journald +%{_systemddir}/systemd-user-runtime-dir +%{_systemddir}/systemd-logind +%{_systemddir}/systemd-networkd +%dir %{_systemddir}/system-preset +%dir %{_systemddir}/user-environment-generators +%{_systemddir}/systemd-shutdown +%{_systemddir}/systemd-portabled +%{_systemddir}/libsystemd-shared-243.so +%{_systemddir}/systemd-reply-password +%dir %{_systemddir}/system-generators +%dir %{_systemddir}/system +%{_systemddir}/systemd-export +%{_systemddir}/systemd-fsck +%{_systemddir}/systemd-timedated +%dir %{_systemddir}/user-generators +%dir %{_systemddir}/portable +%{_systemddir}/systemd +%dir %{_systemddir}/user-preset +%{_systemddir}/systemd-coredump +%{_systemddir}/resolv.conf +%{_systemddir}/systemd-dissect +%{_systemddir}/systemd-veritysetup +%{_systemddir}/systemd-network-generator +%{_systemddir}/systemd-time-wait-sync +%{_systemddir}/systemd-pstore +%{_systemddir}/systemd-resolved +%{_systemddir}/systemd-binfmt +%{_systemddir}/user-preset/90-systemd.preset +%dir %{_systemddir}/portable/profile +%dir %{_systemddir}/portable/profile/strict +%dir %{_systemddir}/portable/profile/nonetwork +%dir %{_systemddir}/portable/profile/trusted +%dir %{_systemddir}/portable/profile/default +%{_systemddir}/portable/profile/default/service.conf +%{_systemddir}/portable/profile/trusted/service.conf +%{_systemddir}/portable/profile/nonetwork/service.conf +%{_systemddir}/portable/profile/strict/service.conf +%{_unitdir}/systemd-networkd.socket +%{_unitdir}/systemd-binfmt.service +%{_unitdir}/systemd-machine-id-commit.service +%dir %{_unitdir}/basic.target.wants +%{_unitdir}/systemd-coredump.socket +%{_unitdir}/ctrl-alt-del.target +%{_unitdir}/systemd-tmpfiles-setup.service +%{_unitdir}/systemd-time-wait-sync.service +%{_unitdir}/rpcbind.target +%{_unitdir}/systemd-update-done.service +%{_unitdir}/dev-hugepages.mount +%{_unitdir}/systemd-firstboot.service +%dir %{_unitdir}/sockets.target.wants +%dir %{_unitdir}/dbus.target.wants +%{_unitdir}/network.target +%{_unitdir}/system-update-pre.target +%{_unitdir}/shutdown.target +%{_unitdir}/proc-sys-fs-binfmt_misc.automount +%{_unitdir}/syslog.socket +%{_unitdir}/systemd-localed.service +%{_unitdir}/systemd-ask-password-console.service +%{_unitdir}/systemd-pstore.service +%{_unitdir}/exit.target +%{_unitdir}/systemd-ask-password-console.path +%{_unitdir}/systemd-logind.service +%{_unitdir}/graphical.target +%{_unitdir}/systemd-initctl.service +%{_unitdir}/multi-user.target +%{_unitdir}/swap.target +%{_unitdir}/sys-kernel-debug.mount +%{_unitdir}/systemd-tmpfiles-clean.service +%{_unitdir}/basic.target +%{_unitdir}/remote-fs-pre.target +%{_unitdir}/systemd-journald-audit.socket +%{_unitdir}/getty@.service +%{_unitdir}/sigpwr.target +%dir %{_unitdir}/runlevel3.target.wants +%{_unitdir}/reboot.target +%{_unitdir}/systemd-boot-system-token.service +%{_unitdir}/systemd-user-sessions.service +%{_unitdir}/systemd-journald-dev-log.socket +%{_unitdir}/systemd-journald.socket +%{_unitdir}/time-set.target +%{_unitdir}/getty.target +%{_unitdir}/systemd-kexec.service +%{_unitdir}/remote-fs.target +%{_unitdir}/systemd-ask-password-wall.service +%{_unitdir}/poweroff.target +%{_unitdir}/runlevel2.target +%dir %{_unitdir}/runlevel5.target.wants +%{_unitdir}/initrd-fs.target +%{_unitdir}/runlevel6.target +%{_unitdir}/systemd-journal-flush.service +%{_unitdir}/initrd-cleanup.service +%{_unitdir}/systemd-timedated.service +%{_unitdir}/user-runtime-dir@.service +%{_unitdir}/nss-lookup.target +%{_unitdir}/tmp.mount +%dir %{_unitdir}/systemd-hostnamed.service.d +%{_unitdir}/timers.target +%{_unitdir}/systemd-fsck@.service +%{_unitdir}/printer.target +%{_unitdir}/systemd-reboot.service +%{_unitdir}/systemd-volatile-root.service +%dir %{_unitdir}/multi-user.target.wants +%{_unitdir}/sound.target +%{_unitdir}/kexec.target +%{_unitdir}/initrd-root-fs.target +%{_unitdir}/systemd-update-utmp.service +%dir %{_unitdir}/rescue.target.wants +%{_unitdir}/bluetooth.target +%{_unitdir}/systemd-networkd-wait-online.service +%{_unitdir}/systemd-ask-password-wall.path +%{_unitdir}/emergency.service +%{_unitdir}/network-pre.target +%{_unitdir}/rescue.service +%{_unitdir}/systemd-bless-boot.service +%{_unitdir}/sys-kernel-config.mount +%{_unitdir}/systemd-journald.service +%dir %{_unitdir}/runlevel2.target.wants +%dir %{_unitdir}/syslog.target.wants +%{_unitdir}/console-getty.service +%dir %{_unitdir}/timers.target.wants +%{_unitdir}/systemd-sysusers.service +%dir %{_unitdir}/runlevel4.target.wants +%dir %{_unitdir}/graphical.target.wants +%{_unitdir}/systemd-fsck-root.service +%{_unitdir}/dbus-org.freedesktop.login1.service +%{_unitdir}/systemd-update-utmp-runlevel.service +%{_unitdir}/network-online.target +%{_unitdir}/systemd-initctl.socket +%{_unitdir}/systemd-coredump@.service +%{_unitdir}/time-sync.target +%{_unitdir}/runlevel5.target +%{_unitdir}/paths.target +%dir %{_unitdir}/runlevel1.target.wants +%{_unitdir}/systemd-exit.service +%{_unitdir}/rescue.target +%{_unitdir}/umount.target +%{_unitdir}/initrd-switch-root.service +%{_unitdir}/initrd.target +%{_unitdir}/ldconfig.service +%{_unitdir}/initrd-root-device.target +%{_unitdir}/default.target +%{_unitdir}/boot-complete.target +%dir %{_unitdir}/sysinit.target.wants +%{_unitdir}/systemd-tmpfiles-clean.timer +%{_unitdir}/user@.service +%{_unitdir}/final.target +%{_unitdir}/sys-fs-fuse-connections.mount +%{_unitdir}/getty-pre.target +%{_unitdir}/runlevel4.target +%{_unitdir}/serial-getty@.service +%{_unitdir}/sysinit.target +%{_unitdir}/dbus-org.freedesktop.portable1.service +%{_unitdir}/rc-local.service +%{_unitdir}/debug-shell.service +%{_unitdir}/dev-mqueue.mount +%{_unitdir}/emergency.target +%{_unitdir}/systemd-portabled.service +%{_unitdir}/dbus-org.freedesktop.timedate1.service +%{_unitdir}/runlevel1.target +%dir %{_unitdir}/remote-fs.target.wants +%{_unitdir}/dbus-org.freedesktop.hostname1.service +%{_unitdir}/systemd-networkd.service +%{_unitdir}/runlevel0.target +%{_unitdir}/user.slice +%{_unitdir}/systemd-journal-catalog-update.service +%{_unitdir}/local-fs-pre.target +%{_unitdir}/systemd-halt.service +%{_unitdir}/systemd-resolved.service +%{_unitdir}/container-getty@.service +%{_unitdir}/slices.target +%{_unitdir}/systemd-network-generator.service +%{_unitdir}/autovt@.service +%dir %{_unitdir}/user-.slice.d +%{_unitdir}/systemd-boot-check-no-failures.service +%{_unitdir}/halt.target +%{_unitdir}/system-update-cleanup.service +%dir %{_unitdir}/local-fs.target.wants +%{_unitdir}/proc-sys-fs-binfmt_misc.mount +%{_unitdir}/dbus-org.freedesktop.locale1.service +%{_unitdir}/initrd-switch-root.target +%{_unitdir}/initrd-parse-etc.service +%{_unitdir}/nss-user-lookup.target +%{_unitdir}/sockets.target +%dir %{_unitdir}/default.target.wants +%{_unitdir}/systemd-poweroff.service +%{_unitdir}/systemd-sysctl.service +%{_unitdir}/runlevel3.target +%{_unitdir}/local-fs.target +%{_unitdir}/smartcard.target +%{_unitdir}/systemd-hostnamed.service +%{_unitdir}/system-update.target +%{_unitdir}/local-fs.target.wants/tmp.mount +%{_unitdir}/user-.slice.d/10-defaults.conf +%{_unitdir}/sysinit.target.wants/systemd-binfmt.service +%{_unitdir}/sysinit.target.wants/systemd-machine-id-commit.service +%{_unitdir}/sysinit.target.wants/systemd-tmpfiles-setup.service +%{_unitdir}/sysinit.target.wants/systemd-update-done.service +%{_unitdir}/sysinit.target.wants/dev-hugepages.mount +%{_unitdir}/sysinit.target.wants/systemd-firstboot.service +%{_unitdir}/sysinit.target.wants/proc-sys-fs-binfmt_misc.automount +%{_unitdir}/sysinit.target.wants/systemd-ask-password-console.path +%{_unitdir}/sysinit.target.wants/sys-kernel-debug.mount +%{_unitdir}/sysinit.target.wants/systemd-boot-system-token.service +%{_unitdir}/sysinit.target.wants/systemd-journal-flush.service +%{_unitdir}/sysinit.target.wants/systemd-update-utmp.service +%{_unitdir}/sysinit.target.wants/sys-kernel-config.mount +%{_unitdir}/sysinit.target.wants/systemd-journald.service +%{_unitdir}/sysinit.target.wants/systemd-sysusers.service +%{_unitdir}/sysinit.target.wants/ldconfig.service +%{_unitdir}/sysinit.target.wants/sys-fs-fuse-connections.mount +%{_unitdir}/sysinit.target.wants/dev-mqueue.mount +%{_unitdir}/sysinit.target.wants/systemd-journal-catalog-update.service +%{_unitdir}/sysinit.target.wants/systemd-sysctl.service +%{_unitdir}/graphical.target.wants/systemd-update-utmp-runlevel.service +%{_unitdir}/timers.target.wants/systemd-tmpfiles-clean.timer +%{_unitdir}/rescue.target.wants/systemd-update-utmp-runlevel.service +%{_unitdir}/multi-user.target.wants/systemd-logind.service +%{_unitdir}/multi-user.target.wants/systemd-user-sessions.service +%{_unitdir}/multi-user.target.wants/getty.target +%{_unitdir}/multi-user.target.wants/systemd-ask-password-wall.path +%{_unitdir}/multi-user.target.wants/systemd-update-utmp-runlevel.service +%{_unitdir}/systemd-hostnamed.service.d/disable-privatedevices.conf +%{_unitdir}/sockets.target.wants/systemd-coredump.socket +%{_unitdir}/sockets.target.wants/systemd-journald-audit.socket +%{_unitdir}/sockets.target.wants/systemd-journald-dev-log.socket +%{_unitdir}/sockets.target.wants/systemd-journald.socket +%{_unitdir}/sockets.target.wants/systemd-initctl.socket +%{_systemddir}/system-generators/systemd-fstab-generator +%{_systemddir}/system-generators/systemd-sysv-generator +%{_systemddir}/system-generators/systemd-rc-local-generator +%{_systemddir}/system-generators/systemd-bless-boot-generator +%{_systemddir}/system-generators/systemd-debug-generator +%{_systemddir}/system-generators/systemd-veritysetup-generator +%{_systemddir}/system-generators/systemd-run-generator +%{_systemddir}/system-generators/systemd-system-update-generator +%{_systemddir}/system-generators/systemd-getty-generator +%{_systemddir}/user-environment-generators/30-systemd-environment-d-generator +%{_systemddir}/system-preset/90-systemd.preset +%{_userunitdir}/systemd-tmpfiles-setup.service +%{_userunitdir}/graphical-session.target +%{_userunitdir}/shutdown.target +%{_userunitdir}/exit.target +%{_userunitdir}/systemd-tmpfiles-clean.service +%{_userunitdir}/basic.target +%{_userunitdir}/timers.target +%{_userunitdir}/printer.target +%{_userunitdir}/sound.target +%{_userunitdir}/bluetooth.target +%{_userunitdir}/graphical-session-pre.target +%{_userunitdir}/paths.target +%{_userunitdir}/systemd-exit.service +%{_userunitdir}/default.target +%{_userunitdir}/systemd-tmpfiles-clean.timer +%{_userunitdir}/sockets.target +%{_userunitdir}/smartcard.target +%{_systemddir}/network/80-container-host0.network +%{_systemddir}/catalog/systemd.fr.catalog +%{_systemddir}/catalog/systemd.be.catalog +%{_systemddir}/catalog/systemd.bg.catalog +%{_systemddir}/catalog/systemd.de.catalog +%{_systemddir}/catalog/systemd.pt_BR.catalog +%{_systemddir}/catalog/systemd.it.catalog +%{_systemddir}/catalog/systemd.be@latin.catalog +%{_systemddir}/catalog/systemd.pl.catalog +%{_systemddir}/catalog/systemd.zh_CN.catalog +%{_systemddir}/catalog/systemd.zh_TW.catalog +%{_systemddir}/catalog/systemd.ru.catalog +%{_systemddir}/catalog/systemd.catalog +/usr/lib/sysctl.d/50-coredump.conf +/usr/lib/sysctl.d/50-default.conf +/usr/lib/sysctl.d/50-pid-max.conf +/usr/lib/tmpfiles.d/systemd-tmp.conf +/usr/lib/tmpfiles.d/systemd-nologin.conf +/usr/lib/tmpfiles.d/systemd.conf +/usr/lib/tmpfiles.d/journal-nocow.conf +/usr/lib/tmpfiles.d/portables.conf +/usr/lib/tmpfiles.d/x11.conf +/usr/lib/tmpfiles.d/tmp.conf +/usr/lib/tmpfiles.d/home.conf +/usr/lib/tmpfiles.d/etc.conf +/usr/lib/tmpfiles.d/legacy.conf +/usr/lib/tmpfiles.d/static-nodes-permissions.conf +/usr/lib/tmpfiles.d/var.conf +/usr/lib/environment.d/99-environment.conf +%ghost %config(noreplace) /etc/localtime +%dir /etc/rc.d +%dir /etc/binfmt.d +%dir /etc/tmpfiles.d +%dir /etc/sysctl.d +%ghost %config(noreplace) /etc/locale.conf +%config(noreplace) /etc/sysctl.conf +%ghost %config(noreplace) /etc/crypttab +%dir /etc/systemd +/etc/inittab +%ghost %config(noreplace) /etc/machine-info +%ghost %config(noreplace) /etc/machine-id +%ghost %config(noreplace) /etc/hostname +%dir /etc/systemd/network +%config(noreplace) /etc/systemd/user.conf +%config(noreplace) /etc/systemd/coredump.conf +%dir /etc/systemd/user +%config(noreplace) /etc/systemd/logind.conf +%config(noreplace) /etc/systemd/networkd.conf +%config(noreplace) /etc/systemd/resolved.conf +%config(noreplace) /etc/systemd/journald.conf +%config(noreplace) /etc/systemd/pstore.conf +%dir /etc/systemd/system +%config(noreplace) /etc/systemd/system.conf +%ghost %config(noreplace) /etc/X11/xorg.conf.d/00-keyboard.conf +%config(noreplace) /etc/X11/xinit/xinitrc.d/50-systemd-user.sh +%config(noreplace) /etc/pam.d/systemd-user +%config(noreplace) /etc/sysctl.d/99-sysctl.conf +%config(noreplace) /etc/dnf/protected.d/systemd.conf +%dir /etc/rc.d/init.d +%config(noreplace) /etc/rc.d/rc.local +%config(noreplace) /etc/rc.local +%config(noreplace) /etc/rc.d/init.d/README +%dir /etc/xdg/systemd +%config(noreplace) /etc/xdg/systemd/user + +#%files libs +%license LICENSE.LGPL2.1 +/usr/lib64/libnss_systemd.so.2 +/usr/lib64/libudev.so.1 +/usr/lib64/libnss_resolve.so.2 +/usr/lib64/libsystemd.so.0.27.0 +/usr/lib64/libsystemd.so.0 +/usr/lib64/libnss_myhostname.so.2 +/usr/lib64/libudev.so.1.6.15 + +#%files pam +/usr/lib64/security/pam_systemd.so + + +#%files rpm-macros +/usr/lib/rpm/macros.d/macros.systemd + +%files devel +/usr/share/man/man3/* +%dir /usr/include/systemd +/usr/include/libudev.h +/usr/include/systemd/sd-event.h +/usr/include/systemd/_sd-common.h +/usr/include/systemd/sd-bus-vtable.h +/usr/include/systemd/sd-daemon.h +/usr/include/systemd/sd-hwdb.h +/usr/include/systemd/sd-device.h +/usr/include/systemd/sd-messages.h +/usr/include/systemd/sd-journal.h +/usr/include/systemd/sd-bus-protocol.h +/usr/include/systemd/sd-id128.h +/usr/include/systemd/sd-bus.h +/usr/include/systemd/sd-login.h +/usr/lib64/libudev.so +/usr/lib64/libsystemd.so +/usr/lib64/pkgconfig/libsystemd.pc +/usr/lib64/pkgconfig/libudev.pc + +%files udev +%ghost %dir /var/lib/systemd/backlight +%ghost %dir /var/lib/systemd/timesync +%ghost %dir /var/lib/systemd/rfkill +%ghost /var/lib/systemd/random-seed +%ghost /var/lib/systemd/timesync/clock +/usr/sbin/udevadm +/usr/share/bash-completion/completions/udevadm +/usr/share/bash-completion/completions/bootctl +/usr/share/bash-completion/completions/kernel-install +/usr/share/zsh/site-functions/_bootctl +/usr/share/zsh/site-functions/_udevadm +/usr/share/zsh/site-functions/_kernel-install +/usr/share/dbus-1/system-services/org.freedesktop.timesync1.service +/usr/share/dbus-1/system.d/org.freedesktop.timesync1.conf +/usr/bin/systemd-hwdb +/usr/bin/udevadm +/usr/bin/bootctl +/usr/bin/kernel-install +%dir /usr/lib/modprobe.d +%dir /usr/lib/udev +%dir /usr/lib/kernel +%dir /usr/lib/modules-load.d +%dir %{_systemddir}/boot +%{_systemddir}/systemd-timesyncd +%{_systemddir}/systemd-growfs +%{_systemddir}/systemd-modules-load +%dir %{_systemddir}/system-sleep +%{_systemddir}/systemd-makefs +%{_systemddir}/systemd-remount-fs +%{_systemddir}/systemd-backlight +%{_systemddir}/systemd-hibernate-resume +%{_systemddir}/systemd-random-seed +%{_systemddir}/systemd-sleep +%{_systemddir}/systemd-cryptsetup +%{_systemddir}/systemd-udevd +%{_systemddir}/systemd-quotacheck +%{_systemddir}/systemd-rfkill +%{_systemddir}/systemd-vconsole-setup +%{_unitdir}/systemd-udevd.service +%{_unitdir}/initrd-udevadm-cleanup-db.service +%{_unitdir}/systemd-rfkill.socket +%{_unitdir}/systemd-suspend.service +%{_unitdir}/suspend-then-hibernate.target +%{_unitdir}/systemd-modules-load.service +%{_unitdir}/systemd-tmpfiles-setup-dev.service +%{_unitdir}/systemd-vconsole-setup.service +%{_unitdir}/systemd-hibernate.service +%{_unitdir}/systemd-backlight@.service +%dir %{_unitdir}/systemd-udev-trigger.service.d +%{_unitdir}/systemd-random-seed.service +%{_unitdir}/systemd-quotacheck.service +%{_unitdir}/systemd-timesyncd.service +%{_unitdir}/systemd-udevd-control.socket +%{_unitdir}/hibernate.target +%{_unitdir}/systemd-remount-fs.service +%{_unitdir}/suspend.target +%{_unitdir}/systemd-hybrid-sleep.service +%{_unitdir}/systemd-rfkill.service +%{_unitdir}/systemd-suspend-then-hibernate.service +%{_unitdir}/cryptsetup-pre.target +%{_unitdir}/hybrid-sleep.target +%{_unitdir}/quotaon.service +%{_unitdir}/systemd-hwdb-update.service +%{_unitdir}/systemd-hibernate-resume@.service +%{_unitdir}/systemd-udev-settle.service +%{_unitdir}/sleep.target +%{_unitdir}/kmod-static-nodes.service +%{_unitdir}/systemd-udevd-kernel.socket +%{_unitdir}/remote-cryptsetup.target +%{_unitdir}/cryptsetup.target +%{_unitdir}/systemd-udev-trigger.service +%{_unitdir}/sysinit.target.wants/systemd-udevd.service +%{_unitdir}/sysinit.target.wants/systemd-modules-load.service +%{_unitdir}/sysinit.target.wants/systemd-tmpfiles-setup-dev.service +%{_unitdir}/sysinit.target.wants/systemd-random-seed.service +%{_unitdir}/sysinit.target.wants/systemd-hwdb-update.service +%{_unitdir}/sysinit.target.wants/kmod-static-nodes.service +%{_unitdir}/sysinit.target.wants/cryptsetup.target +%{_unitdir}/sysinit.target.wants/systemd-udev-trigger.service +%{_unitdir}/systemd-udev-trigger.service.d/systemd-udev-trigger-no-reload.conf +%{_unitdir}/sockets.target.wants/systemd-udevd-control.socket +%{_unitdir}/sockets.target.wants/systemd-udevd-kernel.socket +%{_systemddir}/system-generators/systemd-cryptsetup-generator +%{_systemddir}/system-generators/systemd-hibernate-resume-generator +%{_systemddir}/system-generators/systemd-gpt-auto-generator +%{_systemddir}/ntp-units.d/80-systemd-timesync.list +%dir %{_systemddir}/boot/efi +%{_systemddir}/boot/efi/systemd-bootaa64.efi +%{_systemddir}/boot/efi/linuxaa64.efi.stub +%{_systemddir}/network/99-default.link +%dir /usr/lib/kernel/install.d +/usr/lib/kernel/install.d/20-grubby.install +/usr/lib/kernel/install.d/00-entry-directory.install +/usr/lib/kernel/install.d/90-loaderentry.install +/usr/lib/kernel/install.d/50-depmod.install +/usr/lib/udev/v4l_id +%dir /usr/lib/udev/rules.d +/usr/lib/udev/ata_id +/usr/lib/udev/cdrom_id +/usr/lib/udev/mtd_probe +/usr/lib/udev/scsi_id +%dir /usr/lib/udev/hwdb.d +%{_udevhwdbdir}/20-bluetooth-vendor-product.hwdb +%{_udevhwdbdir}/70-touchpad.hwdb +%{_udevhwdbdir}/60-evdev.hwdb +%{_udevhwdbdir}/20-net-ifname.hwdb +%{_udevhwdbdir}/20-acpi-vendor.hwdb +%{_udevhwdbdir}/20-usb-classes.hwdb +%{_udevhwdbdir}/20-sdio-vendor-model.hwdb +%{_udevhwdbdir}/60-keyboard.hwdb +%{_udevhwdbdir}/20-pci-vendor-model.hwdb +%{_udevhwdbdir}/20-pci-classes.hwdb +%{_udevhwdbdir}/20-OUI.hwdb +%{_udevhwdbdir}/20-sdio-classes.hwdb +%{_udevhwdbdir}/20-usb-vendor-model.hwdb +%{_udevhwdbdir}/70-pointingstick.hwdb +%{_udevhwdbdir}/20-vmbus-class.hwdb +%{_udevhwdbdir}/70-joystick.hwdb +%{_udevhwdbdir}/60-sensor.hwdb +%{_udevhwdbdir}/70-mouse.hwdb +%{_udevrulesdir}/40-openEuler.rules +%{_udevrulesdir}/60-block.rules +%{_udevrulesdir}/60-input-id.rules +%{_udevrulesdir}/71-seat.rules +%{_udevrulesdir}/73-seat-late.rules +%{_udevrulesdir}/80-drivers.rules +%{_udevrulesdir}/60-cdrom_id.rules +%{_udevrulesdir}/64-btrfs.rules +%{_udevrulesdir}/60-drm.rules +%{_udevrulesdir}/70-mouse.rules +%{_udevrulesdir}/70-touchpad.rules +%{_udevrulesdir}/60-persistent-alsa.rules +%{_udevrulesdir}/75-net-description.rules +%{_udevrulesdir}/60-persistent-v4l.rules +%{_udevrulesdir}/70-joystick.rules +%{_udevrulesdir}/70-power-switch.rules +%{_udevrulesdir}/60-block-scheduler.rules +%{_udevrulesdir}/60-persistent-storage.rules +%{_udevrulesdir}/80-net-setup-link.rules +%{_udevrulesdir}/60-evdev.rules +%{_udevrulesdir}/60-sensor.rules +%{_udevrulesdir}/60-serial.rules +%{_udevrulesdir}/90-vconsole.rules +%{_udevrulesdir}/78-sound-card.rules +%{_udevrulesdir}/70-uaccess.rules +%{_udevrulesdir}/60-persistent-input.rules +%{_udevrulesdir}/75-probe_mtd.rules +%{_udevrulesdir}/99-systemd.rules +%{_udevrulesdir}/60-persistent-storage-tape.rules +%{_udevrulesdir}/50-udev-default.rules +/usr/lib/modprobe.d/systemd.conf +%ghost %config(noreplace) /etc/vconsole.conf +%dir /etc/udev +%dir /etc/kernel +%dir /etc/modules-load.d +%config(noreplace) /etc/systemd/timesyncd.conf +%config(noreplace) /etc/systemd/sleep.conf +%dir /etc/kernel/install.d +%ghost /etc/udev/hwdb.bin +%dir /etc/udev/rules.d +%config(noreplace) /etc/udev/udev.conf +%dir /etc/udev/hwdb.d + +%files container +/usr/share/bash-completion/completions/machinectl +/usr/share/bash-completion/completions/systemd-nspawn +/usr/share/zsh/site-functions/_machinectl +/usr/share/zsh/site-functions/_systemd-nspawn +/usr/share/dbus-1/system-services/org.freedesktop.import1.service +/usr/share/dbus-1/system-services/org.freedesktop.machine1.service +/usr/share/dbus-1/system.d/org.freedesktop.import1.conf +/usr/share/dbus-1/system.d/org.freedesktop.machine1.conf +/usr/share/polkit-1/actions/org.freedesktop.import1.policy +/usr/share/polkit-1/actions/org.freedesktop.machine1.policy +/usr/lib64/libnss_mymachines.so.2 +/usr/bin/machinectl +/usr/bin/systemd-nspawn +%{_systemddir}/systemd-import +%{_systemddir}/systemd-machined +%{_systemddir}/systemd-importd +%{_systemddir}/systemd-import-fs +%{_systemddir}/systemd-pull +%{_systemddir}/import-pubring.gpg +%{_unitdir}/systemd-machined.service +%{_unitdir}/dbus-org.freedesktop.import1.service +%{_unitdir}/var-lib-machines.mount +%{_unitdir}/systemd-importd.service +%{_unitdir}/dbus-org.freedesktop.machine1.service +%{_unitdir}/machine.slice +%{_unitdir}/machines.target +%dir %{_unitdir}/machines.target.wants +%{_unitdir}/systemd-nspawn@.service +%{_unitdir}/machines.target.wants/var-lib-machines.mount +%{_unitdir}/remote-fs.target.wants/var-lib-machines.mount +%{_systemddir}/network/80-container-vz.network +%{_systemddir}/network/80-container-ve.network +/usr/lib/tmpfiles.d/systemd-nspawn.conf + +%files journal-remote +%ghost %dir /var/log/journal/remote +%ghost /var/lib/systemd/journal-upload +%ghost %dir /var/lib/private/systemd/journal-upload +%ghost /var/lib/private/systemd/journal-upload/state +%dir /usr/share/systemd/gatewayd +/usr/share/systemd/gatewayd/browse.html +/usr/lib/sysusers.d/systemd-remote.conf +%{_systemddir}/systemd-journal-upload +%{_systemddir}/systemd-journal-gatewayd +%{_systemddir}/systemd-journal-remote +%{_unitdir}/systemd-journal-upload.service +%{_unitdir}/systemd-journal-gatewayd.service +%{_unitdir}/systemd-journal-gatewayd.socket +%{_unitdir}/systemd-journal-remote.socket +%{_unitdir}/systemd-journal-remote.service +/usr/lib/firewalld/services/systemd-journal-remote.xml +/usr/lib/firewalld/services/systemd-journal-gatewayd.xml +%config(noreplace) /etc/systemd/journal-remote.conf +%config(noreplace) /etc/systemd/journal-upload.conf + +%files udev-compat +%{_udevrulesdir}/55-persistent-net-generator.rules +%{_udevrulesdir}/56-net-sriov-names.rules +%{_udevrulesdir}/61-euleros-persistent-storage.rules +/usr/lib/udev/rule_generator.functions +/usr/lib/udev/write_net_rules +/usr/lib/udev/net-set-sriov-names +/usr/lib/udev/detect_virt + +%files help +/usr/share/man/*/* +%exclude /usr/share/man/man3/* + +%changelog +* Sat Sep 28 2019 guoxiaoqi - 243-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:modify default-hierarchy + +* Tue Sep 24 2019 shenyangyang - 243-2 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:revise requires + +* Thu Sep 12 2019 hexiaowen - 243-1 +- Update to release 243 + +* Tue Sep 10 2019 fangxiuning - 239-3.h43 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:revert fix two vf visual machines have the same mac address + +* Wed Sep 04 2019 fangxiuning - 239-3.h42 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix two vf visual machines have the same mac address + +* Sat Aug 31 2019 fangxiuning - 239-3.h41 +- Type:NA +- ID:NA +- SUG:NA +- DESC:timeout waiting for scaning on device 8:3 + +* Mon Aug 26 2019 shenyangyang - 239-3.h40 +- Type:NA +- ID:NA +- SUG:NA +- DESC:remove sensetive info + +* Wed Aug 21 2019 yangbin - 239-3.h39 +- Type:NA +- ID:NA +- SUG:NA +- DESC:merge from branch next to openeuler + +* Mon Aug 19 2019 fangxiuning - 239-3.h38 +- Type:NA +- ID:NA +- SUG:NA +- DESC:merge from branch next to openeuler + +* Thu Jul 25 2019 yangbin - 239-3.h37 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:change CPUSetMemMigrate type to bool + +* Thu Jul 23 2019 yangbin - 239-3.h36 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:add systemd cgroup config for cpuset and freezon + +* Thu Jul 18 2019 fangxiuning - 239-3.h35 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: change support URL shown in the catalog entries + +* Tue Jul 09 2019 fangxiuning - 239-3.h34 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: add systemd dependency requires openssl-libs + +* Tue Jul 09 2019 fangxiuning - 239-3.h33 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: login: use parse_uid() when unmounting user runtime directory + +* Tue Jul 9 2019 fangxiuning - 239-3.h32 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix timedatectl set-timezone, UTC time wrong + +* Wed Jun 19 2019 cangyi - 239-3.h31 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix memleak on invalid message + +* Tue Jun 18 2019 cangyi - 239-3.h30 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: revert fix memleak on invalid message + +* Mon Jun 17 2019 wenjun - 239-3.h29 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:revert h26 + +* Mon Jun 17 2019 cangyi - 239-3.h28 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: fix memleak on invalid message + +* Wed Jun 12 2019 cangyi - 239-3.h27 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix warnings + +* Tue Jun 11 2019 wenjun - 239-3.h26 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix race between daemon-reload and other commands,remove useless patch + +* Mon Jun 10 2019 gaoyi - 239-3.h25 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:repair the test test-journal-syslog + https://github.com/systemd/systemd/commit/8595102d3ddde6d25c282f965573a6de34ab4421 + +* Tue Jun 04 2019 gaoyi - 239-3.h24 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:backport CVE-2019-3844 CVE-2019-3843 + +* Mon Jun 3 2019 hexiaowen - 239-3.h23 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix CVE + +* Wed May 22 2019 hexiaowen - 239-3.h22 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix button_open sd_event_source leak + +* Mon May 20 2019 hexiaowen - 239-3.h21 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix some bugfix + +* Fri May 17 2019 hexiaowen - 239-3.h20 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix some bugfix + +* Thu May 16 2019 hexiaowen - 239-3.h19 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix some bugfix + +* Mon May 13 2019 hexiaowen - 239-3.h17 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix some bugfix + +* Mon May 13 2019 liuzhiqiang - 239-3.h16 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:remove 86-network.rules and its ifup-hotplug script + +* Sun May 12 2019 hexiaowen - 239-3.h15 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Set-DynamicUser-no-for-networkd-resolved-timesyncd + +* Wed May 8 2019 hexiaowen - 239-3.h14 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Set-DynamicUser-no-for-networkd-resolved-timesyncd + +* Wed May 8 2019 hexiaowen - 239-3.h13 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:rename patches + +* Thu Apr 4 2019 luochunsheng - 239-3.h11 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:remove sensitive information + +* Wed Mar 27 2019 wangjia - 239-3.h10 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: rollback patch 1610-add-new-rules-for-lower-priority-events-to-preempt.patch, + this patch caused mount failed + +* Fri Mar 22 2019 hexiaowen - 239-3.h9 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: Open source fragment reference rectification + +* Thu Mar 21 2019 wangxiao - 239-3.h8 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: systemctl-fix-assert-for-failed-mktime-conversion.patch + network-link-Fix-logic-error-in-matching-devices-by-.patch + bus-socket-Fix-line_begins-to-accept-word-matching-f.patch + networkd-fix-overflow-check.patch + resolve-fix-memleak.patch + syslog-fix-segfault-in-syslog_parse_priority.patch + journald-free-the-allocated-memory-before-returning-.patch + resolvectl-free-the-block-of-memory-hashed-points-to.patch + util-do-not-use-stack-frame-for-parsing-arbitrary-in.patch + dynamic-user-fix-potential-segfault.patch + journald-fixed-assertion-failure-when-system-journal.patch + core-socket-fix-memleak-in-the-error-paths-in-usbffs.patch + systemd-do-not-pass-.wants-fragment-path-to-manager_.patch + verbs-reset-optind-10116.patch + network-fix-memleak-about-routing-policy.patch + network-fix-memleak-around-Network.dhcp_vendor_class.patch + sd-dhcp-lease-fix-memleaks.patch + meson-use-the-host-architecture-compiler-linker-for-.patch + dhcp6-fix-an-off-by-one-error-in-dhcp6_option_parse_.patch + bus-message-use-structured-initialization-to-avoid-u.patch + bus-message-do-not-crash-on-message-with-a-string-of.patch + bus-message-fix-skipping-of-array-fields-in-gvariant.patch + basic-hexdecoct-check-for-overflow.patch + journal-upload-add-asserts-that-snprintf-does-not-re.patch + bus-unit-util-fix-parsing-of-IPAddress-Allow-Deny.patch + terminal-util-extra-safety-checks-when-parsing-COLUM.patch + core-handle-OOM-during-deserialization-always-the-sa.patch + systemd-nspawn-do-not-crash-on-var-log-journal-creat.patch + core-don-t-create-Requires-for-workdir-if-missing-ok.patch + chown-recursive-let-s-rework-the-recursive-logic-to-.patch + network-fix-segfault-in-manager_free.patch + network-fix-possible-memleak-caused-by-multiple-sett.patch + network-fix-memleak-in-config_parse_hwaddr.patch + network-fix-memleak-abot-Address.label.patch + tmpfiles-fix-minor-memory-leak-on-error-path.patch + udevd-explicitly-set-default-value-of-global-variabl.patch + udev-handle-sd_is_socket-failure.patch + basic-remove-an-assertion-from-cunescape_one.patch + debug-generator-fix-minor-memory-leak.patch + journald-check-whether-sscanf-has-changed-the-value-.patch + coredumpctl-fix-leak-of-bus-connection.patch + vconsole-Don-t-skip-udev-call-for-dummy-device.patch + mount-don-t-propagate-errors-from-mount_setup_unit-f.patch + sd-device-fix-segfault-when-error-occurs-in-device_n.patch + boot-efi-use-a-wildcard-section-copy-for-final-EFI-g.patch + basic-hexdecoct-be-more-careful-in-overflow-check.patch + +* Fri Mar 15 2019 wangjia - 239-3.h7 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: modify RemoveIPC to false by default value + +* Wed Mar 13 2019 hexiaowen - 239-3.h6 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: add rc.local + +* Fri Mar 8 2019 hexiaowen - 239-3.h5 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: disable-initialize_clock + +* Sat Feb 09 2019 xuchunmei - 239-3.h4 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:do not create /var/log/journal on initial installation refer to redhat8 + +* Sat Feb 02 2019 Yi Cang - 239-3.h3 +- Type:enhance +- ID:NA +- SUG:restart +- DESC:sync patch + +* Tue Jan 29 2019 Yining Shen - 239-3.h2 +- Type:enhance +- ID:NA +- SUG:restart +- DESC:sync patch + journald-fix-allocate-failed-journal-file.patch + 1602-activation-service-must-be-restarted-when-reactivated.patch + 1509-fix-journal-file-descriptors-leak-problems.patch + 2016-set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch + 1612-serialize-pids-for-scope-when-not-started.patch + 1615-do-not-finish-job-during-daemon-reload-in-unit_notify.patch + 1617-bus-cookie-must-wrap-around-to-1.patch + 1619-delay-to-restart-when-a-service-can-not-be-auto-restarted.patch + 1620-nop_job-of-a-unit-must-also-be-coldpluged-after-deserization.patch + 1605-systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch + 1611-systemd-core-fix-problem-on-forking-service.patch + uvp-bugfix-call-malloc_trim-to-return-memory-to-OS-immediately.patch + uvp-bugfix-also-stop-machine-when-unit-in-active-but-leader-exited.patch + +* Mon Dec 10 2018 Zhipeng Xie - 239-3.h1 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:fix obs build fail + +* Mon Dec 10 2018 hexiaowen - 239-1 +- Package init diff --git a/udev-40-openEuler.rules b/udev-40-openEuler.rules new file mode 100644 index 0000000..ed85acb --- /dev/null +++ b/udev-40-openEuler.rules @@ -0,0 +1,44 @@ +# do not edit this file, it will be overwritten on update + +# CPU hotadd request +SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1" + +# Memory hotadd request +SUBSYSTEM!="memory", ACTION!="add", GOTO="memory_hotplug_end" +PROGRAM="/bin/uname -p", RESULT=="s390*", GOTO="memory_hotplug_end" + +ENV{.state}="online" +ATTR{state}=="offline", ATTR{state}="$env{.state}" + +LABEL="memory_hotplug_end" + +# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded +ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge" + +# load SCSI generic (sg) driver +SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg" +SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="[module/sg]", RUN+="/sbin/modprobe -bv sg" + +# Rule for prandom character device node permissions +KERNEL=="prandom", MODE="0644" + + +# Rules for creating the ID_PATH for SCSI devices based on the CCW bus +# using the form: ccw--zfcp-: +# +ACTION=="remove", GOTO="zfcp_scsi_device_end" + +# +# Set environment variable "ID_ZFCP_BUS" to "1" if the devices +# (both disk and partition) are SCSI devices based on FCP devices +# +KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1" + +# For SCSI disks +KERNEL=="sd*[!0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}" + + +# For partitions on a SCSI disk +KERNEL=="sd*[0-9]", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n" + +LABEL="zfcp_scsi_device_end" diff --git a/udev-55-persistent-net-generator.rules b/udev-55-persistent-net-generator.rules new file mode 100644 index 0000000..8aa39d0 --- /dev/null +++ b/udev-55-persistent-net-generator.rules @@ -0,0 +1,104 @@ +# do not edit this file, it will be overwritten on update + +# these rules generate rules for persistent network device naming +# +# variables used to communicate: +# MATCHADDR MAC address used for the match +# MATCHID bus_id used for the match +# MATCHDRV driver name used for the match +# MATCHIFTYPE interface type match +# COMMENT comment to add to the generated rule +# INTERFACE_NAME requested name supplied by external tool +# INTERFACE_NEW new interface name returned by rule writer + +ACTION!="add", GOTO="persistent_net_generator_end" +SUBSYSTEM!="net", GOTO="persistent_net_generator_end" + +# ignore the interface if a name has already been set +NAME=="?*", GOTO="persistent_net_generator_end" + +# device name whitelist +KERNEL!="eth*|ath*|wlan*[0-9]|msh*|ra*|sta*|ctc*|lcs*|hsi*", GOTO="persistent_net_generator_end" + +# when net.ifnames=0 is not set in command line ,do not generate net-name rules +IMPORT{cmdline}="net.ifnames" +ENV{net.ifnames}!="0",SUBSYSTEMS=="pci", GOTO="persistent_net_generator_end" + +# ignore Xen virtual interfaces +#SUBSYSTEMS=="xen", GOTO="persistent_net_generator_end" + +# check if running in a guest +PROGRAM=="detect_virt", RESULT=="?*", ENV{VIRTPLATFORM}="$result" + +# read MAC address +ENV{MATCHADDR}="$attr{address}" + +# match interface type +ENV{MATCHIFTYPE}="$attr{type}" + +# These vendors are known to violate the local MAC address assignment scheme +# Interlan, DEC (UNIBUS or QBUS), Apollo, Cisco, Racal-Datacom +ENV{MATCHADDR}=="02:07:01:*", GOTO="globally_administered_whitelist" +# 3Com +ENV{MATCHADDR}=="02:60:60:*", GOTO="globally_administered_whitelist" +# 3Com IBM PC; Imagen; Valid; Cisco; Apple +ENV{MATCHADDR}=="02:60:8c:*", GOTO="globally_administered_whitelist" +# Intel +ENV{MATCHADDR}=="02:a0:c9:*", GOTO="globally_administered_whitelist" +# Olivetti +ENV{MATCHADDR}=="02:aa:3c:*", GOTO="globally_administered_whitelist" +# CMC Masscomp; Silicon Graphics; Prime EXL +ENV{MATCHADDR}=="02:cf:1f:*", GOTO="globally_administered_whitelist" +# Prominet Corporation Gigabit Ethernet Switch +ENV{MATCHADDR}=="02:e0:3b:*", GOTO="globally_administered_whitelist" +# BTI (Bus-Tech, Inc.) IBM Mainframes +ENV{MATCHADDR}=="02:e6:d3:*", GOTO="globally_administered_whitelist" +# Realtek +ENV{MATCHADDR}=="52:54:00:*", GOTO="globally_administered_whitelist" +# Novell 2000 +ENV{MATCHADDR}=="52:54:4c:*", GOTO="globally_administered_whitelist" +# Realtec +ENV{MATCHADDR}=="52:54:ab:*", GOTO="globally_administered_whitelist" +# Kingston Technologies +ENV{MATCHADDR}=="e2:0c:0f:*", GOTO="globally_administered_whitelist" + +# match interface dev_id +ATTR{dev_id}=="?*", ENV{MATCHDEVID}="$attr{dev_id}" + +# do not use "locally administered" MAC address +#ENV{MATCHADDR}=="?[2367abef]:*", ENV{MATCHADDR}="" + +# do not use "locally administered" MAC address only on host +ENV{VIRTPLATFORM}=="none", ENV{MATCHADDR}=="?[2367abef]:*", ENV{MATCHADDR}="" + +# do not use empty address +ENV{MATCHADDR}=="00:00:00:00:00:00", ENV{MATCHADDR}="" + +LABEL="globally_administered_whitelist" + +# build comment line for generated rule: +SUBSYSTEMS=="pci", ENV{COMMENT}="PCI device $attr{vendor}:$attr{device} ($driver)" +SUBSYSTEMS=="usb", ATTRS{idVendor}=="?*", ENV{COMMENT}="USB device 0x$attr{idVendor}:0x$attr{idProduct} ($driver)" +SUBSYSTEMS=="pcmcia", ENV{COMMENT}="PCMCIA device $attr{card_id}:$attr{manf_id} ($driver)" +SUBSYSTEMS=="ieee1394", ENV{COMMENT}="Firewire device $attr{host_id})" + +# ibmveth likes to use "locally administered" MAC addresses +DRIVERS=="ibmveth", ENV{MATCHADDR}="$attr{address}", ENV{COMMENT}="ibmveth ($id)" + +# S/390 uses id matches only, do not use MAC address match +SUBSYSTEMS=="ccwgroup", ENV{COMMENT}="S/390 $driver device at $id", ENV{MATCHID}="$id", ENV{MATCHDRV}="$driver", ENV{MATCHADDR}="", ENV{MATCHDEVID}="" + +# see if we got enough data to create a rule +ENV{MATCHADDR}=="", ENV{MATCHID}=="", ENV{INTERFACE_NAME}=="", GOTO="persistent_net_generator_end" + +# default comment +ENV{COMMENT}=="", ENV{COMMENT}="net device ($attr{driver})" + +# write rule +DRIVERS=="?*", IMPORT{program}="write_net_rules" + +# rename interface if needed +ENV{INTERFACE_NEW}=="?*", NAME="$env{INTERFACE_NEW}" + +LABEL="persistent_net_generator_end" + diff --git a/udev-56-net-sriov-names.rules b/udev-56-net-sriov-names.rules new file mode 100644 index 0000000..e562b2c --- /dev/null +++ b/udev-56-net-sriov-names.rules @@ -0,0 +1,17 @@ +# do not edit this file, it will be overwritten on update +# +# rename SRIOV virtual function interfaces + +ACTION=="remove", GOTO="net-sriov-names_end" + +# when net.ifnames=0 is not set in command line ,do not generate net-name rules +IMPORT{cmdline}="net.ifnames" +ENV{net.ifnames}!="0",SUBSYSTEMS=="pci", GOTO="net-sriov-names_end" + +SUBSYSTEM=="net", SUBSYSTEMS=="pci", ACTION=="add", NAME=="?*", ENV{INTERFACE_NEW}="$name" +SUBSYSTEM=="net", SUBSYSTEMS=="pci", ACTION=="add", IMPORT{program}="net-set-sriov-names" + +# rename interface if needed +ENV{INTERFACE_NEW}=="?*", NAME="$env{INTERFACE_NEW}" + +LABEL="net-sriov-names_end" diff --git a/udev-61-euleros-persistent-storage.rules b/udev-61-euleros-persistent-storage.rules new file mode 100644 index 0000000..50d7515 --- /dev/null +++ b/udev-61-euleros-persistent-storage.rules @@ -0,0 +1,3 @@ +# scsi compat links for ATA devices +KERNEL=="sd*[!0-9]", ENV{ID_BUS}=="ata", PROGRAM="scsi_id --whitelisted --replace-whitespace -p0x80 -d$tempnode", RESULT=="?*", ENV{ID_SCSI_COMPAT}="$result", SYMLINK+="disk/by-id/scsi-$env{ID_SCSI_COMPAT}" +KERNEL=="sd*[0-9]", ENV{ID_SCSI_COMPAT}=="?*", SYMLINK+="disk/by-id/scsi-$env{ID_SCSI_COMPAT}-part%n" diff --git a/write_net_rules b/write_net_rules new file mode 100644 index 0000000..5626820 --- /dev/null +++ b/write_net_rules @@ -0,0 +1,134 @@ +#!/bin/sh -e +# +# Copyright (C) 2006 Marco d'Itri +# Copyright (C) 2007 Kay Sievers +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation version 2 of the License. +# +# This script is run to create persistent network device naming rules +# based on properties of the device. +# If the interface needs to be renamed, INTERFACE_NEW= will be printed +# on stdout to allow udev to IMPORT it. + +# variables used to communicate: +# MATCHADDR MAC address used for the match +# MATCHID bus_id used for the match +# MATCHDEVID dev_id used for the match +# MATCHDRV driver name used for the match +# MATCHIFTYPE interface type match +# COMMENT comment to add to the generated rule +# INTERFACE_NAME requested name supplied by external tool +# INTERFACE_NEW new interface name returned by rule writer + +RULES_FILE='/etc/udev/rules.d/50-persistent-net.rules' + +. /usr/lib/udev/rule_generator.functions + +interface_name_taken() { + local value="$(find_all_rules 'NAME=' $INTERFACE)" + if [ "$value" ]; then + return 0 + else + return 1 + fi +} + +find_next_available() { + raw_find_next_available "$(find_all_rules 'NAME=' "$1")" +} + +write_rule() { + local match="$1" + local name="$2" + local comment="$3" + + { + if [ "$PRINT_HEADER" ]; then + PRINT_HEADER= + echo "# This file was automatically generated by the $0" + echo "# program, run by the persistent-net-generator.rules rules file." + echo "#" + echo "# You can modify it, as long as you keep each rule on a single" + echo "# line, and change only the value of the NAME= key." + fi + + echo "" + [ "$comment" ] && echo "# $comment" + echo "SUBSYSTEM==\"net\", ACTION==\"add\"$match, NAME=\"$name\"" + } >> $RULES_FILE +} + +if [ -z "$INTERFACE" ]; then + echo "missing \$INTERFACE" >&2 + exit 1 +fi + +mkdir -p /dev/.udev + +# Prevent concurrent processes from modifying the file at the same time. +lock_rules_file + +# Check if the rules file is writeable. +choose_rules_file + +# the DRIVERS key is needed to not match bridges and VLAN sub-interfaces +if [ "$MATCHADDR" ]; then + match="$match, DRIVERS==\"?*\", ATTR{address}==\"$MATCHADDR\"" +fi + +if [ "$MATCHDRV" ]; then + match="$match, DRIVERS==\"$MATCHDRV\"" +fi + +if [ "$MATCHDEVID" ]; then + match="$match, ATTR{dev_id}==\"$MATCHDEVID\"" +fi + +if [ "$MATCHID" ]; then + match="$match, KERNELS==\"$MATCHID\"" +fi + +if [ "$MATCHIFTYPE" ]; then + match="$match, ATTR{type}==\"$MATCHIFTYPE\"" +fi + +if [ -z "$match" ]; then + echo "missing valid match" >&2 + unlock_rules_file + exit 1 +fi + +basename=${INTERFACE%%[0-9]*} +match="$match, KERNEL==\"$basename*\"" + +if [ "$INTERFACE_NAME" ]; then + # external tools may request a custom name + COMMENT="$COMMENT (custom name provided by external tool)" + if [ "$INTERFACE_NAME" != "$INTERFACE" ]; then + INTERFACE=$INTERFACE_NAME; + echo "INTERFACE_NEW=$INTERFACE" + fi +else + # if a rule using the current name already exists, find a new name + if interface_name_taken; then + INTERFACE="$basename$(find_next_available "$basename[0-9]*")" + echo "INTERFACE_NEW=$INTERFACE" + fi +fi + +if [ "$MATCHADDR" ]; then + mac_found=0 + grep -qE "^\s*[^#].*==\"$MATCHADDR\"" "$RULES_FILE" || mac_found=$? + if [ $mac_found -ne 0 ]; then + # only add new rules while mac address not found + write_rule "$match" "$INTERFACE" "$COMMENT" + fi +else + write_rule "$match" "$INTERFACE" "$COMMENT" +fi + +unlock_rules_file + +exit 0 diff --git a/yum-protect-systemd.conf b/yum-protect-systemd.conf new file mode 100644 index 0000000..39426d7 --- /dev/null +++ b/yum-protect-systemd.conf @@ -0,0 +1,2 @@ +systemd +systemd-udev