* 8c025c3bdf Accepting request 1184267 from Base:System
|\
| * 735f8c4ba4 - Import commit 5a8eadd0c021758337a020c423f25a353bdb9b3c (merge of v255.8) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/603cd1d4d81147d4f2eccd5e352064a4215119b4...5a8eadd0c021758337a020c423f25a353bdb9b3c - Drop 5003-Revert-run-pass-the-pty-slave-fd-to-transient-servic.patch as v255.8 contains the workaround (commit 639c922ede9485) for the broken commit 28459ba1f4df.
* | 37853fecc3 Accepting request 1183029 from Base:System
|/
* 638de11012 - Don't automatically clean unmodified config files up (bsc#1226415)
* 369c023c24 reorder one more time...
* ffa9f0ac80 reorder the runtime deps of the testsuite package so the format_spec_file thingy stop screwing up the spec file...
* 12c1190a79 fix rev 1529: the devel packages are really needed by the testsuite script to install the dlopened libs into the image
* ca8e7f54ce - systemd.spec: move a misplaced %endif in the testsuite sub-package.
* b7944f5b14 - Merge systemd-coredump back into the main package (bsc#1091684)
* 3fa0dea84a - Don't pull the devel packages in when installing the testsuite package.
- Stop installing the policy in the initramfs as it's not really
supported anyway (https://github.com/fedora-selinux/selinux-policy/issues/2221)
- Stop relabeling on first boot and prefer to do it at image build time
- Disable mkosi relabeling by default but enable it in CI
- Build image as root in CI so the SELinux relabeling works properly
Tom Yan [Mon, 8 Jul 2024 14:10:43 +0000 (22:10 +0800)]
logind-dbus: set gc_mode to USER_GC_BY_PIN when disable linger
The mode switch from any to pin is currently done in create_session().
However, if no (pinning) session is created before (or after) linger
is disabled, the user will not be gc'd after that. Therefore, also
perform the mode switch when linger is being disabled.
Derek J. Clark [Tue, 9 Jul 2024 09:57:04 +0000 (02:57 -0700)]
Add or fix mount matrix for multiple handhelds. (#33586)
- Breaks AYANEO AIR family into different entries as not all are mounted the same.
- Corrects AYANEO AIR mount matrix.
- Adds mount matrices for AYANEO device families: 2021, AYANEO 2, AYANEO GEEK, and AYANEO FLIP
- Adds mount matrix for GPD WinMax2
- Adds mount matrix for OrangePi NEO
In https://github.com/systemd/systemd/pull/33659 the commit was
updated to point to my fork without changing it back after the mkosi
PR was merged so let's change it back to point to the official
repository.
mkosi: Adapt configuration to take into account configuration rework
In https://github.com/systemd/mkosi/pull/2847, the '@' specifier is
removed, CLI arguments take priority over configuration files again
and the "main" image is defined at the top level instead of in
mkosi.images/. Additionally, not every setting from the top level
configuration is inherited by the images in mkosi.images/ anymore,
only settings which make sense to be inherited are inherited.
This commit gets rid of all the usages of '@', moves the "main" image
configuration from mkosi.images/system to the top level and gets rid
of various hacks we had in place to deal with quirks of the old
configuration parsing logic.
We also remove usages of Images= and --append as these options are
removed by the mentioned PR.
This update has been tested on the 2023 Chuwi Freebook N100. The hwdb entry has been verified using these commands:
cat /sys/`udevadm info -q path -n /dev/iio:device0`/../modalias
acpi:MDA6655:MDA6655:
The correct offset orientation has been tested with:
monitor-sensor
Waiting for iio-sensor-proxy to appear
+++ iio-sensor-proxy appeared
=== Has accelerometer (orientation: normal)
=== No ambient light sensor
=== No proximity sensor
path: drop IN_ATTRIB from parent directory watches
When watching a given pathspec, systemd unconditionally installs
IN_ATTRIB watches to track the link count of the resolved file. This
way, we are notified if the watched path disappears, even if the
resolved file inode is not removed.
Similarly, systemd installs inotify watches on each parent directory, to
be notified when the specified path appears. However, for these watches
IN_ATTRIB is an unnecessary addition to the mask. In inotify, IN_ATTRIB
on a directory is emitted whenever the attributes of any child changes,
which, for many paths, has the potential to cause a high number of
spurious wakeups in systemd. Let's remove IN_ATTRIB from the mask when
installing watches on the parent directories of the specified path.
22 characters in three colums + overhead slightly exceeds the available
width on terminals with 80 columns, causing each row to wrap to two lines.
Reduce the item width to 20 to fit even the list of ~600 timezones.
mkosi: Use the "default" root filesystem for each distribution
Let's not insist on btrfs everywhere. 93440db8b5eae1244aaf5fecfa68050a8b26f3e3
switched us back to btrfs as we wanted to rely on the fact it records
timestamps properly. Since we now prefer to do incremental builds on the host
with "mkosi -t none" we don't mind anymore that timestamps are not recorded
properly so we're not forced to use btrfs anymore.
This also increases test coverage as we'll now test with different root
filesystems.
Remove extra period at the end of systemd-bsod's unit description. (#33632)
* Remove extra period at end of unit description.
Having an extra period at the end of this unit description makes log entries pertaining to it appear weirdly, as it seems the default expectation is that there is not to be a period at the end of a unit description.
e.g.: `systemd[1]: Started Displays emergency message in full screen..`
I don't know why yet, but TEST-73-LOCALE can take more than 10
minutes. Until we figure out why, let's give it a higher priority
so it doesn't bottleneck the test run.
Otherwise fixfiles will try to relabel it which could potentially
lead to disaster. We also change the recommendation in HACKING.md
to set the default so that TEST-06-SELINUX can override it.
mkosi: use apt pinning for locally built debian/ubuntu packages
This ensures that even in case the distro repository has newer
versions, the locally built packages are preferred and installed,
even to the point of downgrading already installed ones.
This is needed especially for future stable branches, when the
distros will have a newer version.
stub: mem fixes in devicetree addon handling (#33624)
* stub: mem fixes in devicetree addon handling
Two bugs here: The elements are of size `DevicetreeAddon`, not `size_t`,
and `[]` binds stronger than `*`. This means the first element is ok,
but the second corrupts the stack.
We switch to PROJECT_VERSION instead of PROJECT_VERSION_FULL where
we report our version and which is likely being parsed to avoid
breaking compat. If we didn't, the output would change from systemd
255 to systemd 255.1 which could break various tools.
If the io.systemd.DynamicUser or io.systemd.Machine files exist,
but nothing is listening on them, the nss-systemd module returns
ECONNREFUSED and systemd-sysusers fails to creat the user/group.
This is problematic when ran by packaging scripts, as the package
assumes that after this has run, the user/group exist and can
be used. adduser does not fail in the same situation.
Change sysusers to print a loud warning but otherwise continue
when NSS returns an error.
The XDG base dir spec adopted ~/.local/state/ as a thing a while back,
and we updated our docs in b4d6bc63e602048188896110a585aa7de1c70c9b, but
forgot to to update the table at the bottom to fully reflect the update.
Fix that.
man: drop version info from file hiearchy man page
This file doesn't document features of systemd, but is more a of a
general description that generalizes/modernizes FHS. As such, the items
listed in it weren't "added" in systemd versions, they simply reflect
general concepts independent of any specific systemd version. hence
let's drop this misleading and confusing version info.
Or in other words, the man page currently claims under "/usr/": "Added
in version 215." – Which of course is rubbish, the directory existed
since time began.
os-util: avoid matching on the wrong extension-release file
The previous commit tries to extract a substring from the
extension-release suffix, but that is not right, it's only the
images that need to be versioned and extracted, use the extension-release
suffix as-is. Otherwise if it happens to contain a prefix that
matches the wrong image, it will be taken into account.
src/boot/efi/meson.build: ensure VERSION_TAG exists in case of cross build
The GIT_VERSION is changed to use VERSION_TAG, but in case of cross build
for src/boot/efi, it's not set, causing build error because the compiler cannot
know it's a macro thus treating it as some variable and error out.
Topi Miettinen [Wed, 26 Jun 2024 19:06:41 +0000 (22:06 +0300)]
load-fragment: allow MountImages= with paths starting with /dev
For MountImages=, if the source is a block device, it will most likely reside
in /dev. It should be also possible to mount a static device file system in
place of (or part of) /dev. So let's allow paths starting with /dev as an
exception for MountImages=.
Let's mention the new way to install the latest changes without
rebuilding the image. Let's also remove the duplicate info about
distribution packages that is already mentioned in its own section.
meson: add option to build systemd-executor "statically"
The new link-executor-shared option is similar to the existing
link-udev-shared: when set to false, we link to the static versions of our
internal libraries.
The resulting exuctor binary is fairly large, about as large as libsystemd-core
(14 MB without lto, 8 with lto).
This is intended as a workaround for the fuckup with the pinned executor
binary:
when an upgrade is performed, the package manager will install new version of
the libraries and new version of the code, and some time later reexecute the
managers. This creates a window when the pinned executor binary will fail to
execute. There are two factors which make the issue easier to hit:
- when the distribution uses a finely-grained shared-lib-tag. E.g. Fedora
uses version-release as the tag, which means that the issue occurs on
every package upgrade. This is the right thing to do, because the
ABI of our internal libraries is not stable at all, so replacing the
library from a different version in place creates a window where our
programs may crash or misbehave.
- when the distribution doesn't immediately reexec all the managers after
upgrade. In early versions of systemd, we used to hammer the machine during
upgrade, doing daemon-reexecs repeatedly. This works, but is ugly and
wasteful. Doing the reexecs while the upgrade is in progres also creates a
window where a mix of old and new configs or both is loaded. Users are
particularly annoyed by those reloads if there is some issue in the
configuration causing us to emit warnings on every reexec. Doing the
reexecs once after the new configuration and libraries have been put
in place is nicer.
The pinning of the executor binary breaks upgrades and in particular
it penalizes the distributions which make use of the features which
were previously added to avoid bugs and inefficiency during upgrades.
When the executor is linked statically, there is a smaller chance that it'll
fail to load libraries. The issue can still occur because other libraries, not
our own, are linked dynamically.
meson: build libsystemd-core via an intermediate static library
By itself, this is not useful. I'm making this a separate commit to
make debugging easier. It turns out that meson does static libraries
using references, so the "static library" a tiny stub stub that refers
to the object files on disk and this has negligible cost:
$ ls -lhd build/src/core/libsystemd-core-257.{a,so}
-rw-r--r-- 1 zbyszek zbyszek 36K Jul 3 16:54 build/src/core/libsystemd-core-257.a
-rwxr-xr-x 1 zbyszek zbyszek 6.1M Jul 3 16:54 build/src/core/libsystemd-core-257.so
Our variables for internal libraries are named 'libfoo' for the shared lib
variant, and 'libfoo_static' for the static lib variant. The only exception was
libbasic, because we didn't have a shared variant for it. But let's rename it
for consitency. This makes the build config easier to understand.
ukify: bring order of EFI sections in man + --help into same order as spec
Previously, the order was quite chaotic, even sometimes interleaved with
entirely unrelated switches. Let's clean this up and use the same order
as in the spec.
This doesn't change anything real, but I think it's a worthy clean-up in
particular as this order is documented as the PCR measurement order of
these sections, hence there's actually a bit of relevance to always
communicate the same order everywhere.
The patch is originally from Brenton Simpson, I (Lennart) just added some
comments and rebased it.
I didn't test this, but the patch looks so obviously right to me, that
I think we should just merge it, instead of delaying this further. In
the worst case noone notices, in the best case this makes sd-boot work
reasonably nicely on devices that only have a hadware power key + volume
rocker.
* systemd-measure should be used for measuring UKIs on vendor build
systems, i.e. only cover stuff predictable by the OS vendor, and
identical on all systems. And that is pretty much only PCR 11.
* systemd-pcrlock should cover the other PCRs, which carry inherently
local information, and can only be predicted locally and not already
on vendor build systems.
Because of that, let's not bother with any PCRs except for 11 in
systemd-measure. This was added at a time where systemd-pcrlock didn't
exist yet, and hence it wasn't clear how this will play out in the end.
efi: drop "ret_" prefix from "ret_sections[]" parameter
While we write data to this parameter, it's not really a return
parameter, we after all do not fully set it, we just fill in some
fields. Hence it must be initialized beforehand.
According to our coding style only parameters that are purely used for
returning something should be named "ret_xyz", hence this one should not
be.
(We'll later rely on the current behaviour that it leaves array entries
for which we find no sections untouched, hence leave behaviour as is,
just rename the parameters to something more appropriate).
(Since we are dropping the "ret_" prefix of "ret_sections", let's rename
the old "section" parameter at the same time to "section_names", to make
clearer what it is about).
mkosi: Copy packages to the build directory as well
With the latest mkosi, mkosi -t none can be used to rerun the build
script without messing with a previously built image. This allows
one to run "mkosi -t disk -f qemu" in one terminal to build and boot
an image in qemu and then run "mkosi -t none" in another terminal to
rebuild the packages. If one then has "RuntimeBuildSources=yes" set
in their mkosi configuration, the build directory is mounted into the
virtual machine, which means that one can then run "dnf upgrade
/work/build/*.rpm" from within the VM to install the new packages.
This allows for quickly iterating on changes without having to rebuild
the image all the time.
We'll probably want to document this at some point, but let's start
with making it possible by copying the built packages to the build directory.
mkosi: Make sure we don't hide errors from git merge-base
Currently if git merge-base fails we'll hide the error and exit with
exit status 0. Let's make we only exit early if git merge-base exits
with 1 which indicates the current commit is not on the target branch.
Any other error is considered fatal.
Anton Golubev [Wed, 3 Jul 2024 07:42:24 +0000 (10:42 +0300)]
hwdb: Add some HP IR cameras
Two very similar devices, with two functions - a regular camera and IR.
The peculiarity of their infrared camera is that it uses a color image
format (YUYV), although it is essentially black and white.
The IR camera interface differs from the regular camera interface by name:
"HP Wide Vision FHD Camera: HP W" for the regular camera and
"HP Wide Vision FHD Camera: HP I" for an infrared camera
Therefore, glob *I is used to separate the IR camera
* f9fe17dbde Use vmlinux.h from kernel-devel
* 9cbad936a6 Pull in openssl-devel-engine
* 8ae009f929 Only add Requires on python3-zstd on Fedora
* 750e910c7c Drop BuildRequires on python3-zstd
projects / thirdparty / systemd.git / log
