Hello community,
here is the log from the commit of package systemd.13580 for
openSUSE:Leap:15.1:Update checked in at 2020-08-03 14:23:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.1:Update/systemd.13580 (Old)
and /work/SRC/openSUSE:Leap:15.1:Update/.systemd.13580.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "systemd.13580"
Mon Aug 3 14:23:13 2020 rev:1 rq:823714 version:234
Changes:
--------
New Changes file:
--- /dev/null 2020-07-16 02:54:20.700682797 +0200
+++
/work/SRC/openSUSE:Leap:15.1:Update/.systemd.13580.new.3592/systemd-mini.changes
2020-08-03 14:23:17.968975229 +0200
@@ -0,0 +1,9955 @@
+-------------------------------------------------------------------
+Mon Jun 29 14:58:54 UTC 2020 - Franck Bui <f...@suse.com>
+
+- Fix bsc#1173422
+
+ Add 0001-test-seccomp-add-log-messages-when-skipping-tests.patch
+ Add 0002-test-seccomp-log-function-names.patch
+ Add 0003-seccomp-shm-get-at-dt-now-have-their-own-numbers-eve.patch
+
+-------------------------------------------------------------------
+Wed Jun 24 11:58:29 UTC 2020 - Franck Bui <f...@suse.com>
+
+- migrate-sysconfig-i18n.sh: fix marker handling (bsc#1173229)
+
+ The marker is used to make sure the script is run only once. Instead
+ of storing it in /usr, use /var which is more appropriate for such
+ file.
+
+ Also make it owned by systemd package.
+
+-------------------------------------------------------------------
+Tue Jun 23 14:09:30 UTC 2020 - Franck Bui <f...@suse.com>
+
+- Fix inconsistent file modes for some ghost files (bsc#1173227)
+
+ Ghost files are assumed by rpm to have mode 000 by default which is
+ not consistent with file permissions set at runtime.
+
+ Also /var/lib/systemd/random-seed was tracked wrongly as a
+ directory.
+
+ Also don't track (ghost) /etc/systemd/system/runlevel*.target
+ aliases since we're not supposed to track units or aliases user
+ might define/override.
+
+-------------------------------------------------------------------
+Tue Jun 2 13:01:18 UTC 2020 - Franck Bui <f...@suse.com>
+
+- Import commit dca9b964628d1527a25d633f7728fe979f422358
+
+ 8c875b2d97 units: starting suspend.target should not fail when suspend is
successful (#6678) (bsc#1172072)
+ b7d5310937 core/mount: do not add Before=local-fs.target or remote-fs.target
if nofail mount option is set
+ 2a0e7062ff mount: let mount_add_extras() take care of remote-fs.target deps
(bsc#1169488)
+ 29c6b6b725 mount: set up local-fs.target/remote-fs.target deps in
mount_add_default_dependencies() too
+ 20a35f0bf0 udev: rename the persistent link for ATA devices (bsc#1164538)
+ 7dea560956 shared/install: try harder to find enablement symlinks when
disabling a unit (bsc#1157315)
+ 5a660c1d53 tmpfiles: remove unnecessary assert (bsc#1171145)
+ 2f86bc54bd test-engine: manager_free() was called too early
+ cc5170fcef pid1: by default make user units inherit their umask from the
user manager (bsc#1162698)
+
+-------------------------------------------------------------------
+Fri May 29 15:04:35 UTC 2020 - Franck Bui <f...@suse.com>
+
+- Split off networkd and resolved into separate subpackage "network"
+
+ Although resolved is still not built by default.
+
+-------------------------------------------------------------------
+Fri Apr 17 13:15:55 UTC 2020 - Franck Bui <f...@suse.com>
+
+- Import commit ac52edce0f820ffefa5110b6fc4b03e35bf68d61
+
+ 96a7639970 udev/net-id: Fix check for address to keep interface names stable
(#8458) (bsc#1168076)
+ ce5953a877 login: use free_and_replace() and TAKE_PTR()
+ e5190b4b51 logind: remove manager_start_slice()
+ cdeb8d1a48 logind: use free_and_replace in one spot
+ 109aac4b67 logind: drop unnecessary braces
+ 9194610e7e systemd-mount: don't check for non-normalized WHAT for network FS
(bsc#1165011)
+ 12b63cb73a systemd-mount: allow to specify an arbitrary string for
arg_mount_what when vfs is used (bsc#1165011)
+
+-------------------------------------------------------------------
+Wed Mar 18 17:46:09 UTC 2020 - Franck Bui <f...@suse.com>
+
+- Import commit 7c246f16a6358516a586629091375ee5d45739ec
+
+ 2205963ee2 manager: fix job mode when signalled to shutdown etc (bsc#1161262)
+ e9b76da147 manager: remove fallback for user/exit.target
+ fa4a1155e7 man: dbus method Manager.Exit() does not start exit.target
+ dc0ec526f2 units: do not install rescue.target for alt-↑
+ e3ba383bf8 Add %j/%J unit specifiers
+
+-------------------------------------------------------------------
+Tue Mar 10 08:13:00 UTC 2020 - Andreas Herrmann <aherrm...@suse.com>
+
+- Replace 60-ssd-scheduler.rules with 60-io-scheduler.rules from TW
+
+ This adds support for I/O scheduler selection with blk-mq
+ (bsc#1165579, bsc#1164717).
+
+-------------------------------------------------------------------
+Thu Mar 5 16:07:32 UTC 2020 - Franck Bui <f...@suse.com>
+
+- Add 60-ssd-scheduler.rules
+
+ This rules file which select the default IO scheduler for SSDs is
+ being moved out from the git repo since this is not related to
+ systemd or udev at all and is maintained by the kernel team.
+
+-------------------------------------------------------------------
+Thu Mar 5 15:44:16 UTC 2020 - Franck Bui <f...@suse.com>
+
+- Import commit 7e52d0c21a0c895d4f0ae2319f1eb4f2246147ba
+
+ eedd149d6c core: coldplug possible nop_job (bsc#1139459)
+ 09405f8eee Revert "udev: use 'deadline' IO scheduler for SSD disks"
+ 57cab4a328 Fix typo in function name
+ f846231c1a polkit: when authorizing via PK let's re-resolve
callback/userdata instead of caching it (bsc#1162108 CVE-2020-1712)
+ f799fd5371 sd-bus: introduce API for re-enqueuing incoming messages
+ 8a0214f61d polkit: on async pk requests, re-validate action/details
+
+-------------------------------------------------------------------
+Thu Mar 5 14:50:45 UTC 2020 - Franck Bui <f...@suse.com>
+
+- Drop 0001-core-coldplug-possible-nop_job.patch
+
+ It's been imported in SUSE/v234 branch.
+
+-------------------------------------------------------------------
+Thu Mar 5 14:42:53 UTC 2020 - Franck Bui <f...@suse.com>
+
+- Drop 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch
+ Drop 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch
+ Drop 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch
+
+ They have been imported in SUSE/v234 branch.
+
+-------------------------------------------------------------------
+Tue Feb 18 09:13:34 UTC 2020 - Franck Bui <f...@suse.com>
+
+- Remove TasksMax limit for both user and system slices (jsc#SLE-10123)
+
+-------------------------------------------------------------------
+Mon Feb 17 21:06:38 UTC 2020 - Franck Bui <f...@suse.com>
+
+- Import commit 4695ebe0b91ec6a23ba9ea238e61a7348474fbc5
+
+ Backport support of dash-truncated dropins.
+
+ The new mechanism is used (since v239) to configure TasksMax limit
+ for user slices and therefore is used to replace UserTasksMax=
+ option in logind.conf as it's more flexible.
+
+ The old option is still supported thanks to a generator that creates
+ a dash-truncated dropin at boot. It also warns about the use of the
+ old option. This will hopefully allow us to remove the support of
+ UserTasksMax option in the next major version of SLE.
+
+ ec0bddf1f4 logind: keep backward compatibility with UserTasksMax= in
logind.conf
+ 7804fb95bd logind: move two functions to logind_core utility lib
+ fb99d7bc4c login: fix typo in log message
+ 15a8ffa5cc Use a dash-truncated drop-in for user-%j.slice configuration
+ c5bf60565e man: document the new dash truncation drop-in directories
+ 38fb5d11cb test: add test for prefix unit loading
+ 7669c783e8 dropin: when looking for dropins for a unit, also look within "-"
prefix unit dirs
+ de1d19b8fb systemctl: fix indentation in output of "systemcl status" if
there are multiple drop-in dirs
+ 5da4984f6f unit-name: add new unit_name_build_from_type() helper
+ 278643dc78 tests: skip tests when cg_pid_get_path fails (#7033)
+ a77203d893 shared/dropin: improve error message
+
+-------------------------------------------------------------------
+Mon Feb 17 16:41:44 UTC 2020 - Franck Bui <f...@suse.com>
+
+- Import commit d2826c2ca2eab2b9f6fc08ff2010faafd4c1b9f9
+
+ Backport IP filtering feature (jsc#SLE-7743)
+
+ e6b00a63dc main: when bumping RLIMIT_MEMLOCK, save the previous value to
pass to children (bsc#1160595)
+ b7b5a3ba5d main: introduce a define HIGH_RLIMIT_MEMLOCK similar to
HIGH_RLIMIT_NOFILE
+ 61d77e2bda def: add a "high" limit for RLIMIT_NOFILE
+ 51a8b7fe9b core: bump mlock ulimit to 64Mb
+ 4a53ff678c Move warning about unsupported BPF firewall right before the
firewall would be created
+ f26201d72c core: refactor bpf firewall support into a pseudo-controller
+ 3c6af31da6 core: rename cgroup_queue → cgroup_realize_queue
+ 12ac94d9d4 cgroup: improve cg_mask_to_string a bit, and add tests for it
+ 6e049a2f46 unit: initialize bpf cgroup realization state properly
+ cfbb2dfb1b cgroup: always invalidate "cpu" and "cpuacct" together
+ 55a0d5a690 main: bump RLIMIT_MEMLOCK for the root user substantially
+ 3c0ec7c460 bpf-firewall: always use log_unit_xyz() insteadof log_xyz()
+ f8e7b8530a core: fix the check if CONFIG_CGROUP_BPF is on
+ a3950086e4 tree-wide: avoid assignment of r just to use in a comparison
+ 92ad831159 Fix three uses of bogus errno value in logs (and returned value
in one case)
+ 8f9b4436fa bpf: reset "extra" IP accounting counters when turning off IP
accounting for a unit
+ 4edd970f68 bpf: rework how we keep track and attach cgroup bpf programs
+ b6152deaa1 bpf-program: make bpf_program_load_kernel() idempotent
+ 49fa5c4f73 bpf: use BPF_F_ALLOW_MULTI flag if it is available
+ 089bac557e bpf-program: optionally take fd of program to detach
+ aed6959d28 bpf: beef up bpf detection, check if BPF_F_ALLOW_MULTI is
supported
+ c548f48cb2 bpf: add new bpf.h header copy from 4.15 kernel
+ 54cc371347 bpf-firewall: fix warning text
+ c08bb273ac ip-address-access: let's exit the loop after invalidating our
entry a (#7803)
+ 3dc5591f72 bpf-firewall: actually invoke BPF_PROG_ATTACH to check whether
cgroup/bpf is available
+ c5f34b169e cgroup: drop unused parameter from function
+ b519973b49 core: only warn about BPF/cgroup missing once per runtime (#7319)
+ cbeb2f95ac run: also show IP traffic accounting data on "systemd-run --wait"
+ 3ff2299ccb core: improve dbus-cgroup error message
+ 2f0c48782e bpf-firewall: properly handle kernels where BPF cgroup is
disabled but TRIE maps are enabled (#7298)
+ 867a8bf0d7 fix compile error on musl
++++ 9758 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:Leap:15.1:Update/.systemd.13580.new.3592/systemd-mini.changes
New Changes file:
systemd.changes: same change
New:
----
0001-mount-swap-cryptsetup-introduce-an-option-to-prevent.patch
0001-test-seccomp-add-log-messages-when-skipping-tests.patch
0001-udev-don-t-create-by-partlabel-primary-and-.-logical.patch
0002-test-seccomp-log-function-names.patch
0002-udev-optionally-disable-the-generation-of-the-partla.patch
0003-seccomp-shm-get-at-dt-now-have-their-own-numbers-eve.patch
60-io-scheduler.rules
80-acpi-container-hotplug.rules
80-hotplug-cpu-mem.rules
99-wakeup-from-idle.rules
_service
after-local.service
baselibs.conf
kbd-model-map.legacy
pre_checkin.sh
scripts-systemd-fix-machines-btrfs-subvol.sh
scripts-systemd-migrate-sysconfig-i18n.sh
scripts-systemd-upgrade-from-pre-210.sh
scripts-udev-convert-lib-udev-path.sh
systemd-mini-rpmlintrc
systemd-mini.changes
systemd-mini.spec
systemd-rpmlintrc
systemd-sysv-convert
systemd-sysv-install
systemd-user
systemd-v234+suse.562.gdca9b96462.tar.xz
systemd.changes
systemd.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ systemd-mini.spec ++++++
++++ 1484 lines (skipped)
systemd.spec: same change
++++++ 0001-mount-swap-cryptsetup-introduce-an-option-to-prevent.patch ++++++
>From c61c3e2ac903e6c8a53d0e70ec04eb0fe3a58fd6 Mon Sep 17 00:00:00 2001
From: Franck Bui <f...@suse.com>
Date: Thu, 31 Oct 2019 18:32:08 +0100
Subject: [PATCH 1/1] mount/swap/cryptsetup: introduce an option to prevent
systemd from making a unit wanted by its device unit
systemd introduced a behavior that consisted in activating automatically a unit
generated by either fstab-generator or cryptsetup-generator each time its
device unit is entering in plugged state and regardless of whether it happened
during the boot process or much later.
This behavior is confusing for a lot of users and interacts badly with tools
which are operating on block devices.
Fortunately this feature has been removed by upstream since v242 for both mount
and swap units, with commits 142b8142d7bb84f07ac33fc00527a4d48ac8ef9f and
9b88bb5023dfa3cea406c14fdaa3d8e3e320907a respectively.
However for backward compatibility reasons we can't simply drop it, therefore
this patch introduces a new (but temporary) kernel command line option named
'systemd.device_wants_unit' so one can choose to prevent systemd from starting
automagically a unit which was generated by {cryptsetup,fstab}-generator by
setting it to 'off'.
The default value for this option is 'on' so no behavior change will happen by
default but please note that next major versions of SLE will permanently switch
it to 'off' without any possibilities to change it.
With this option enabled, it's now possible to prevent all swap units to be
activated by masking the swap target.
[fbui: fixes jsc#SLE-7689]
---
src/basic/proc-cmdline.c | 15 +++++++++++++++
src/basic/proc-cmdline.h | 2 ++
src/core/unit.c | 3 ++-
src/cryptsetup/cryptsetup-generator.c | 8 +++++---
4 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/src/basic/proc-cmdline.c b/src/basic/proc-cmdline.c
index 8592a428d5..3936e809b6 100644
--- a/src/basic/proc-cmdline.c
+++ b/src/basic/proc-cmdline.c
@@ -247,6 +247,21 @@ int shall_restore_state(void) {
return r > 0 ? ret : true;
}
+bool shall_device_want_unit(void) {
+ static int device_wants_unit = -1;
+
+ if (device_wants_unit < 0) {
+ bool ret;
+
+ if (proc_cmdline_get_bool("systemd.device_wants_unit", &ret) >
0)
+ device_wants_unit = ret;
+ else
+ device_wants_unit = true;
+ }
+
+ return device_wants_unit;
+}
+
static const char * const rlmap[] = {
"emergency", SPECIAL_EMERGENCY_TARGET,
"-b", SPECIAL_EMERGENCY_TARGET,
diff --git a/src/basic/proc-cmdline.h b/src/basic/proc-cmdline.h
index ebfed355e9..bb4ebe5ee7 100644
--- a/src/basic/proc-cmdline.h
+++ b/src/basic/proc-cmdline.h
@@ -52,3 +52,5 @@ static inline bool proc_cmdline_value_missing(const char
*key, const char *value
return false;
}
+
+bool shall_device_want_unit(void);
diff --git a/src/core/unit.c b/src/core/unit.c
index febce9d242..736863e48c 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -46,6 +46,7 @@
#include "mkdir.h"
#include "parse-util.h"
#include "path-util.h"
+#include "proc-cmdline.h"
#include "process-util.h"
#include "set.h"
#include "signal-util.h"
@@ -3172,7 +3173,7 @@ int unit_add_node_link(Unit *u, const char *what, bool
wants, UnitDependency dep
if (r < 0)
return r;
- if (wants) {
+ if (wants && shall_device_want_unit()) {
r = unit_add_dependency(device, UNIT_WANTS, u, false);
if (r < 0)
return r;
diff --git a/src/cryptsetup/cryptsetup-generator.c
b/src/cryptsetup/cryptsetup-generator.c
index 312cdf3d1f..ce47f9f0da 100644
--- a/src/cryptsetup/cryptsetup-generator.c
+++ b/src/cryptsetup/cryptsetup-generator.c
@@ -195,9 +195,11 @@ static int create_disk(
return log_error_errno(r, "Failed to write file %s: %m", p);
if (!noauto) {
- r = generator_add_symlink(arg_dest, d, "wants", n);
- if (r < 0)
- return r;
+ if (shall_device_want_unit()) {
+ r = generator_add_symlink(arg_dest, d, "wants", n);
+ if (r < 0)
+ return r;
+ }
r = generator_add_symlink(arg_dest,
netdev ? "remote-cryptsetup.target"
: "cryptsetup.target",
--
2.16.4
++++++ 0001-test-seccomp-add-log-messages-when-skipping-tests.patch ++++++
>From cf8e59a3a6dc6c81e9e6f09d8d650ebaf6b4b022 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+git...@gmail.com>
Date: Fri, 14 Sep 2018 15:55:15 +0900
Subject: [PATCH 1/3] test-seccomp: add log messages when skipping tests
(cherry picked from commit cd90ec7544436463246b854b68ddcac7cff53cac)
[fbui: adjust context]
---
src/test/test-seccomp.c | 82 +++++++++++++++++++++++++++++++----------
1 file changed, 62 insertions(+), 20 deletions(-)
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 112fb8d0f9..f80a6a91f9 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -108,10 +108,14 @@ static void test_filter_sets(void) {
unsigned i;
int r;
- if (!is_seccomp_available())
+ if (!is_seccomp_available()) {
+ log_notice("Seccomp not available, skipping %s", __func__);
return;
- if (geteuid() != 0)
+ }
+ if (geteuid() != 0) {
+ log_notice("Not root, skipping %s", __func__);
return;
+ }
for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
pid_t pid;
@@ -172,10 +176,14 @@ static void test_restrict_namespace(void) {
assert_se(streq(s, "cgroup ipc net mnt pid user uts"));
assert_se(namespace_flag_from_string_many(s, &ul) == 0 && ul ==
NAMESPACE_FLAGS_ALL);
- if (!is_seccomp_available())
+ if (!is_seccomp_available()) {
+ log_notice("Seccomp not available, skipping remaining tests in
%s", __func__);
return;
- if (geteuid() != 0)
+ }
+ if (geteuid() != 0) {
+ log_notice("Not root, skipping remaining tests in %s",
__func__);
return;
+ }
pid = fork();
assert_se(pid >= 0);
@@ -235,13 +243,20 @@ static void test_restrict_namespace(void) {
static void test_protect_sysctl(void) {
pid_t pid;
- if (!is_seccomp_available())
+ if (!is_seccomp_available()) {
+ log_notice("Seccomp not available, skipping %s", __func__);
return;
- if (geteuid() != 0)
+ }
+ if (geteuid() != 0) {
+ log_notice("Not root, skipping %s", __func__);
return;
+ }
- if (detect_container() > 0) /* in containers _sysctl() is likely
missing anyway */
+ /* in containers _sysctl() is likely missing anyway */
+ if (detect_container() > 0) {
+ log_notice("Testing in container, skipping %s", __func__);
return;
+ }
pid = fork();
assert_se(pid >= 0);
@@ -268,10 +283,14 @@ static void test_protect_sysctl(void) {
static void test_restrict_address_families(void) {
pid_t pid;
- if (!is_seccomp_available())
+ if (!is_seccomp_available()) {
+ log_notice("Seccomp not available, skipping %s", __func__);
return;
- if (geteuid() != 0)
+ }
+ if (geteuid() != 0) {
+ log_notice("Not root, skipping %s", __func__);
return;
+ }
pid = fork();
assert_se(pid >= 0);
@@ -351,13 +370,20 @@ static void test_restrict_address_families(void) {
static void test_restrict_realtime(void) {
pid_t pid;
- if (!is_seccomp_available())
+ if (!is_seccomp_available()) {
+ log_notice("Seccomp not available, skipping %s", __func__);
return;
- if (geteuid() != 0)
+ }
+ if (geteuid() != 0) {
+ log_notice("Not root, skipping %s", __func__);
return;
+ }
- if (detect_container() > 0) /* in containers RT privs are likely
missing anyway */
+ /* in containers RT privs are likely missing anyway */
+ if (detect_container() > 0) {
+ log_notice("Testing in container, skipping %s", __func__);
return;
+ }
pid = fork();
assert_se(pid >= 0);
@@ -389,10 +415,14 @@ static void test_restrict_realtime(void) {
static void test_memory_deny_write_execute_mmap(void) {
pid_t pid;
- if (!is_seccomp_available())
+ if (!is_seccomp_available()) {
+ log_notice("Seccomp not available, skipping %s", __func__);
return;
- if (geteuid() != 0)
+ }
+ if (geteuid() != 0) {
+ log_notice("Not root, skipping %s", __func__);
return;
+ }
pid = fork();
assert_se(pid >= 0);
@@ -433,10 +463,14 @@ static void test_memory_deny_write_execute_shmat(void) {
int shmid;
pid_t pid;
- if (!is_seccomp_available())
+ if (!is_seccomp_available()) {
+ log_notice("Seccomp not available, skipping %s", __func__);
return;
- if (geteuid() != 0)
+ }
+ if (geteuid() != 0) {
+ log_notice("Not root, skipping %s", __func__);
return;
+ }
shmid = shmget(IPC_PRIVATE, page_size(), 0);
assert_se(shmid >= 0);
@@ -479,10 +513,14 @@ static void test_memory_deny_write_execute_shmat(void) {
static void test_restrict_archs(void) {
pid_t pid;
- if (!is_seccomp_available())
+ if (!is_seccomp_available()) {
+ log_notice("Seccomp not available, skipping %s", __func__);
return;
- if (geteuid() != 0)
+ }
+ if (geteuid() != 0) {
+ log_notice("Not root, skipping %s", __func__);
return;
+ }
pid = fork();
assert_se(pid >= 0);
@@ -513,10 +551,14 @@ static void test_restrict_archs(void) {
static void test_load_syscall_filter_set_raw(void) {
pid_t pid;
- if (!is_seccomp_available())
+ if (!is_seccomp_available()) {
+ log_notice("Seccomp not available, skipping %s", __func__);
return;
- if (geteuid() != 0)
+ }
+ if (geteuid() != 0) {
+ log_notice("Not root, skipping %s", __func__);
return;
+ }
pid = fork();
assert_se(pid >= 0);
--
2.26.2
++++++ 0001-udev-don-t-create-by-partlabel-primary-and-.-logical.patch ++++++
>From 34f38aa61d5189a0258982efd976da7d249a11d3 Mon Sep 17 00:00:00 2001
From: Martin Wilck <mwi...@suse.com>
Date: Mon, 16 Apr 2018 23:03:27 +0200
Subject: [PATCH 1/2] udev: don't create by-partlabel/primary and .../logical
symlinks
These links are created by libstorage / parted by default. They are ambiguous
and may be present hundred- or thousandfold on large systems. They are
meaningless for device identification and may slow down udev processing. They
aren't used anywhere. Don't create them.
A service has been added to detect at boot cases that likely need to be fixed:
a warning is thrown at both the console and syslog to encourage sysadmin to
consult the relevant TID explaining how to permanently fix the issue.
[fbui: added the detection part]
[fbui: fixes bsc#1089761]
---
Makefile.am | 2 ++
rules/60-persistent-storage.rules | 2 +-
units/detect-part-label-duplicates.service | 16 ++++++++++++++++
3 files changed, 19 insertions(+), 1 deletion(-)
create mode 100644 units/detect-part-label-duplicates.service
diff --git a/Makefile.am b/Makefile.am
index 240d193eb..84563d4a9 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -489,6 +489,7 @@ dist_sysctl_DATA = \
sysctl.d/50-default.conf
dist_systemunit_DATA = \
+ units/detect-part-label-duplicates.service \
units/graphical.target \
units/multi-user.target \
units/emergency.target \
@@ -6586,6 +6587,7 @@ MULTI_USER_TARGET_WANTS += \
systemd-ask-password-wall.path
SYSINIT_TARGET_WANTS += \
+ detect-part-label-duplicates.service \
dev-hugepages.mount \
dev-mqueue.mount \
sys-kernel-config.mount \
diff --git a/rules/60-persistent-storage.rules
b/rules/60-persistent-storage.rules
index d2745f65f..5e803d639 100644
--- a/rules/60-persistent-storage.rules
+++ b/rules/60-persistent-storage.rules
@@ -92,6 +92,6 @@ ENV{DEVTYPE}=="partition", ENV{ID_WWN_WITH_EXTENSION}=="?*",
SYMLINK+="disk/by-i
# by-partlabel/by-partuuid links (partition metadata)
ENV{ID_PART_ENTRY_UUID}=="?*",
SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}"
-ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*",
SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}"
+ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*",
ENV{ID_PART_ENTRY_NAME}!="primary|logical",
SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}"
LABEL="persistent_storage_end"
diff --git a/units/detect-part-label-duplicates.service
b/units/detect-part-label-duplicates.service
new file mode 100644
index 000000000..1fbca2114
--- /dev/null
+++ b/units/detect-part-label-duplicates.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Detect if the system suffers from bsc#1089761
+ConditionDirectoryNotEmpty=/run/udev/data
+
+[Service]
+RemainAfterExit=true
+StandardOutput=syslog+console
+SyslogLevel=warning
+ExecStart=/bin/sh -c " \
+ if [ $(grep -r "E:ID_PART_ENTRY_NAME=primary" /run/udev/data | wc -l) -ge
100 ]; then \
+ echo 'Warning: a high number of partitions uses \"primary\" or
\"logical\" as'; \
+ echo 'partition label name, which may cause slow-down in the boot
process.'; \
+ echo 'To prevent it, a workaround is temporarly in place but we
recommend to'; \
+ echo 'refer to TID #7023057 in order to permanently fix this issue (as
the'; \
+ echo 'workaround will be dropped in the future).'; \
+ fi"
--
2.18.0
++++++ 0002-test-seccomp-log-function-names.patch ++++++
>From b6573e577fb72bbec604851cd7f199f58571d14a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbys...@in.waw.pl>
Date: Fri, 21 Sep 2018 14:14:45 +0200
Subject: [PATCH 2/3] test-seccomp: log function names
Various tests produce similar output, and the function names make it
easier to see where the output is generated.
(cherry picked from commit f09da7ccbc67efd4e1a7ac7f3bc1356fad27fc40)
[fbui: adjust context]
---
src/test/test-seccomp.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index f80a6a91f9..7a951aec62 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -55,6 +55,8 @@ static void test_seccomp_arch_to_string(void) {
uint32_t a, b;
const char *name;
+ log_info("/* %s */", __func__);
+
a = seccomp_arch_native();
assert_se(a > 0);
name = seccomp_arch_to_string(a);
@@ -66,6 +68,8 @@ static void test_seccomp_arch_to_string(void) {
static void test_architecture_table(void) {
const char *n, *n2;
+ log_info("/* %s */", __func__);
+
NULSTR_FOREACH(n,
"native\0"
"x86\0"
@@ -94,6 +98,8 @@ static void test_architecture_table(void) {
}
static void test_syscall_filter_set_find(void) {
+ log_info("/* %s */", __func__);
+
assert_se(!syscall_filter_set_find(NULL));
assert_se(!syscall_filter_set_find(""));
assert_se(!syscall_filter_set_find("quux"));
@@ -108,6 +114,8 @@ static void test_filter_sets(void) {
unsigned i;
int r;
+ log_info("/* %s */", __func__);
+
if (!is_seccomp_available()) {
log_notice("Seccomp not available, skipping %s", __func__);
return;
@@ -156,6 +164,8 @@ static void test_restrict_namespace(void) {
unsigned long ul;
pid_t pid;
+ log_info("/* %s */", __func__);
+
assert_se(namespace_flag_to_string(0) == NULL);
assert_se(streq(namespace_flag_to_string(CLONE_NEWNS), "mnt"));
assert_se(namespace_flag_to_string(CLONE_NEWNS|CLONE_NEWIPC) == NULL);
@@ -243,6 +253,8 @@ static void test_restrict_namespace(void) {
static void test_protect_sysctl(void) {
pid_t pid;
+ log_info("/* %s */", __func__);
+
if (!is_seccomp_available()) {
log_notice("Seccomp not available, skipping %s", __func__);
return;
@@ -283,6 +295,8 @@ static void test_protect_sysctl(void) {
static void test_restrict_address_families(void) {
pid_t pid;
+ log_info("/* %s */", __func__);
+
if (!is_seccomp_available()) {
log_notice("Seccomp not available, skipping %s", __func__);
return;
@@ -370,6 +384,8 @@ static void test_restrict_address_families(void) {
static void test_restrict_realtime(void) {
pid_t pid;
+ log_info("/* %s */", __func__);
+
if (!is_seccomp_available()) {
log_notice("Seccomp not available, skipping %s", __func__);
return;
@@ -415,6 +431,8 @@ static void test_restrict_realtime(void) {
static void test_memory_deny_write_execute_mmap(void) {
pid_t pid;
+ log_info("/* %s */", __func__);
+
if (!is_seccomp_available()) {
log_notice("Seccomp not available, skipping %s", __func__);
return;
@@ -463,6 +481,8 @@ static void test_memory_deny_write_execute_shmat(void) {
int shmid;
pid_t pid;
+ log_info("/* %s */", __func__);
+
if (!is_seccomp_available()) {
log_notice("Seccomp not available, skipping %s", __func__);
return;
@@ -513,6 +533,8 @@ static void test_memory_deny_write_execute_shmat(void) {
static void test_restrict_archs(void) {
pid_t pid;
+ log_info("/* %s */", __func__);
+
if (!is_seccomp_available()) {
log_notice("Seccomp not available, skipping %s", __func__);
return;
@@ -551,6 +573,8 @@ static void test_restrict_archs(void) {
static void test_load_syscall_filter_set_raw(void) {
pid_t pid;
+ log_info("/* %s */", __func__);
+
if (!is_seccomp_available()) {
log_notice("Seccomp not available, skipping %s", __func__);
return;
--
2.26.2
++++++ 0002-udev-optionally-disable-the-generation-of-the-partla.patch ++++++
>From 749f0c9b1431470dbc3f36cc507e86f9894d65bc Mon Sep 17 00:00:00 2001
From: Franck Bui <f...@suse.com>
Date: Tue, 21 Aug 2018 16:21:53 +0200
Subject: [PATCH 2/2] udev: optionally disable the generation of the
'partlabel' symlinks
We already addressed bsc#1089761 to prevent the generation of
"primary" or "logical".
But it wasn't enough: some users could also have used their own
name other than "primary" and "logical" of course...
For them, we introduce "udev.no-partlabel-links" kernel command-line
option to prevent the generation of all by-partlabel symlinks
regardless of the name which was choosen.
This option should be *only* used to address performance issue related
to bsc#1089761 because it will be removed as soon as the udev
performance issue will be addressed.
[fbui: fixes bsc#1089761]
---
rules/60-persistent-storage.rules | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/rules/60-persistent-storage.rules
b/rules/60-persistent-storage.rules
index 5e803d639..eefa28f7d 100644
--- a/rules/60-persistent-storage.rules
+++ b/rules/60-persistent-storage.rules
@@ -92,6 +92,8 @@ ENV{DEVTYPE}=="partition", ENV{ID_WWN_WITH_EXTENSION}=="?*",
SYMLINK+="disk/by-i
# by-partlabel/by-partuuid links (partition metadata)
ENV{ID_PART_ENTRY_UUID}=="?*",
SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}"
-ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*",
ENV{ID_PART_ENTRY_NAME}!="primary|logical",
SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}"
+
+IMPORT{cmdline}="udev.no-partlabel-links"
+ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*",
ENV{ID_PART_ENTRY_NAME}!="primary|logical", ENV{udev.no-partlabel-links}!="?*",
SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}"
LABEL="persistent_storage_end"
--
2.18.0
++++++ 0003-seccomp-shm-get-at-dt-now-have-their-own-numbers-eve.patch ++++++
>From 029d0cc0864bda8228b0c193fae89fd720826b2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbys...@in.waw.pl>
Date: Fri, 15 Mar 2019 11:57:49 +0100
Subject: [PATCH 3/3] seccomp: shm{get,at,dt} now have their own numbers
everywhere
E.g. on i686:
(previously)
arch x86: SCMP_SYS(mmap) = 90
arch x86: SCMP_SYS(mmap2) = 192
arch x86: SCMP_SYS(shmat) = -221
arch x86: SCMP_SYS(shmat) = -221
arch x86: SCMP_SYS(shmdt) = -222
(now)
arch x86: SCMP_SYS(mmap) = 90
arch x86: SCMP_SYS(mmap2) = 192
arch x86: SCMP_SYS(shmat) = 397
arch x86: SCMP_SYS(shmat) = 397
arch x86: SCMP_SYS(shmdt) = 398
The relevant commit seems to be
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0d6040d46817.
(cherry picked from commit e55bdf9b6c5f72475b258a7a4585a0480551cb60)
[fbui: fixes bsc#1173422]
[fbui: later commit 67fb5f338fad added support to block shmat syscall on x86
but it was basically reverted by commit bed4668d1daeb6... therefore
let's only cherry pick this patch alone to fix the build failure on
architectures which defines a separate syscall but use a
multiplexer. This effectively means shmat is ignored and not blocked on
x86 and ppc.]
---
src/shared/seccomp-util.c | 5 -----
src/test/test-seccomp.c | 9 +++++++++
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
index 7a2da0dd92..74094029ca 100644
--- a/src/shared/seccomp-util.c
+++ b/src/shared/seccomp-util.c
@@ -1191,14 +1191,9 @@ static int add_seccomp_syscall_filter(scmp_filter_ctx
seccomp,
assert_cc(SCMP_SYS(shmget) > 0);
assert_cc(SCMP_SYS(shmat) > 0);
assert_cc(SCMP_SYS(shmdt) > 0);
-#elif defined(__i386__) || defined(__powerpc64__)
-assert_cc(SCMP_SYS(shmget) < 0);
-assert_cc(SCMP_SYS(shmat) < 0);
-assert_cc(SCMP_SYS(shmdt) < 0);
#endif
int seccomp_memory_deny_write_execute(void) {
-
uint32_t arch;
int r;
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 7a951aec62..c2aa72ea3f 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -480,9 +480,18 @@ static void test_memory_deny_write_execute_mmap(void) {
static void test_memory_deny_write_execute_shmat(void) {
int shmid;
pid_t pid;
+ uint32_t arch;
log_info("/* %s */", __func__);
+ SECCOMP_FOREACH_LOCAL_ARCH(arch) {
+ log_debug("arch %s: SCMP_SYS(mmap) = %d",
seccomp_arch_to_string(arch), SCMP_SYS(mmap));
+ log_debug("arch %s: SCMP_SYS(mmap2) = %d",
seccomp_arch_to_string(arch), SCMP_SYS(mmap2));
+ log_debug("arch %s: SCMP_SYS(shmget) = %d",
seccomp_arch_to_string(arch), SCMP_SYS(shmget));
+ log_debug("arch %s: SCMP_SYS(shmat) = %d",
seccomp_arch_to_string(arch), SCMP_SYS(shmat));
+ log_debug("arch %s: SCMP_SYS(shmdt) = %d",
seccomp_arch_to_string(arch), SCMP_SYS(shmdt));
+ }
+
if (!is_seccomp_available()) {
log_notice("Seccomp not available, skipping %s", __func__);
return;
--
2.26.2
++++++ 60-io-scheduler.rules ++++++
# Set optimal IO schedulers for HDD and SSD
ACTION!="add", GOTO="scheduler_end"
SUBSYSTEM!="block", GOTO="scheduler_end"
# Do not change scheduler if `elevator` cmdline parameter is set
IMPORT{cmdline}="elevator"
ENV{elevator}=="?*", GOTO="scheduler_end"
# Determine if BLK-MQ is enabled
TEST=="%S%p/mq", ENV{.IS_MQ}="1"
# MQ: BFQ scheduler for HDD
ENV{.IS_MQ}=="1", ATTR{queue/rotational}!="0", ATTR{queue/scheduler}="bfq"
# MQ: deadline scheduler for SSD
ENV{.IS_MQ}=="1", ATTR{queue/rotational}=="0",
ATTR{queue/scheduler}="mq-deadline"
# Non-MQ: CFQ scheduler for HDD
ENV{.IS_MQ}!="1", ATTR{queue/rotational}!="0", ATTR{queue/scheduler}="cfq"
# Non-MQ: deadline scheduler for SSD
ENV{.IS_MQ}!="1", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline"
LABEL="scheduler_end"
++++++ 80-acpi-container-hotplug.rules ++++++
# ACPI0004 container offline for Huawei Kunlun
# do not edit this file, it will be overwritten on update
SUBSYSTEM=="container", ACTION=="change", ENV{EVENT}=="offline",
ATTR{online}=="1", ATTR{[dmi/id]sys_vendor}=="Huawei",
ATTR{[dmi/id]product_name}=="9008|9016|9032", DEVPATH=="*/ACPI0004:??", \
RUN+="/usr/bin/sh -c ' \
/usr/bin/find -L /sys/$env{DEVPATH}/firmware_node/*/physical_node*
-maxdepth 1 -name online | \
while read line; do \
if [ $(/usr/bin/cat $line) -eq 1 ]; then \
/usr/bin/echo 0 > $line; \
fi \
done; \
/usr/bin/echo 0 > /sys/$env{DEVPATH}/online; '"
++++++ 80-hotplug-cpu-mem.rules ++++++
# do not edit this file, it will be overwritten on update
#
# Hotplug physical CPU
#
SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0",
ATTR{online}="1"
#
# Hotplug physical memory. Instances of tmpfs are remounted so their
# size are recalculated. This might be needed if some sizes were
# specified relative to the total amount of memory (boo#869603). For
# now make it simple and remount all tmpfs regardless of how their
# size are specified. It should be handled by the kernel as it has a
# lot of shortcomings anyways (tmpfs mounted by other processes, mount
# namespaces, ...)
#
SUBSYSTEM=="memory", ACTION=="add", PROGRAM=="/usr/bin/uname -m",
RESULT!="s390x", ATTR{state}=="offline", \
ATTR{state}="online", \
RUN+="/bin/sh -c ' \
while read src dst fs opts unused; do \
case $fs in \
tmpfs) mount -o remount \"$dst\" ;; \
esac \
done </proc/self/mounts"
++++++ 99-wakeup-from-idle.rules ++++++
# enable usb and standard AT Keyboards as wakeup sources for suspend-to-idle
(S2I) fate#323814
ACTION=="add", ATTR{power/wakeup}=="disabled", SUBSYSTEM=="serio",
ATTR{description}=="i8042 KBD port", ATTR{power/wakeup}="enabled"
ACTION=="add", ATTR{power/wakeup}=="disabled", SUBSYSTEM=="hid",
ATTRS{bInterfaceProtocol}=="01", ATTR{power/wakeup}="enabled"
++++++ _service ++++++
<!-- See https://en.opensuse.org/openSUSE:Build_Service_Concept_SourceService
-->
<!-- for more details on the syntax -->
<services>
<service name="tar_scm" mode="disabled">
<param name="scm">git</param>
<param
name="url">https://github.com/openSUSE/systemd.git</param>
<param name="filename">systemd</param>
<param
name="versionformat">@PARENT_TAG@+suse.@TAG_OFFSET@.g%h</param>
<param name="revision">SLE15</param>
</service>
<service name="recompress" mode="disabled">
<param name="file">*systemd-v234+suse.*.tar</param>
<param name="compression">xz</param>
</service>
</services>
++++++ after-local.service ++++++
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
[Unit]
Description=/etc/init.d/after.local Compatibility
ConditionFileIsExecutable=/etc/init.d/after.local
After=getty.target
[Service]
Type=idle
ExecStart=/etc/init.d/after.local
TimeoutSec=0
RemainAfterExit=yes
++++++ baselibs.conf ++++++
#
# https://en.opensuse.org/openSUSE:Build_Service_baselibs.conf#Quickstart
#
systemd
supplements "packageand(systemd:pam-<targettype>)"
-/lib/systemd/system/
-/usr/lib/systemd/libsystemd-shared.*\.so
post "<prefix>%{_sbindir}/pam-config -a --systemd || :"
libsystemd0
libudev1
libudev-devel
nss-myhostname
nss-mymachines
++++++ kbd-model-map.legacy ++++++
# Additional layouts offered by YaST
Pl02 pl pc105 -
terminate:ctrl_alt_bksp
arabic ara,us pc105 -
terminate:ctrl_alt_bksp,grp:shift_toggle
cn-latin1 ca pc105 multix
terminate:ctrl_alt_bksp
cz-lat2-us cz,us pc105 qwerty,basic
terminate:ctrl_alt_bksp,grp:shift_toggle
es-cp850 es pc105 -
terminate:ctrl_alt_bksp
ir ir pc105 -
terminate:ctrl_alt_bksp
korean kr pc105 -
terminate:ctrl_alt_bksp
lt.std lt pc105 std
terminate:ctrl_alt_bksp
no-latin1 no pc105 -
terminate:ctrl_alt_bksp
ruwin_alt-UTF-8 us,ru pc105 ,winkeys
terminate:ctrl_alt_bksp,grp:ctrl_shift_toggle,grp_led:scroll
++++++ pre_checkin.sh ++++++
#!/bin/sh
# This script is based on libcdio_spec-prepare.sh (thanks to sbra...@suse.cz)
# create a -mini spec for systemd for bootstrapping
ORIG_SPEC=systemd
EDIT_WARNING="##### WARNING: please do not edit this auto generated spec file.
Use the ${ORIG_SPEC}.spec! #####\n"
sed "s/^%define bootstrap .*$/${EDIT_WARNING}%define bootstrap 1/;
s/^%define mini .*$/${EDIT_WARNING}%define mini -mini/;
s/^Name:.*/&-mini/
" < ${ORIG_SPEC}.spec > ${ORIG_SPEC}-mini.spec
cp ${ORIG_SPEC}.changes ${ORIG_SPEC}-mini.changes
cp ${ORIG_SPEC}-rpmlintrc ${ORIG_SPEC}-mini-rpmlintrc
osc service localrun format_spec_file
++++++ scripts-systemd-fix-machines-btrfs-subvol.sh ++++++
#! /bin/bash
#
# This is used to initially create /var/lib/machines subvolume in case
# the system we're running on is using BTRFS with the specific layout
# used by snapper to perform snapshots, rollbacks, etc...
#
# Unfortunately some distros (TW) already shipped versions with
# systemd creating a plain subvolume which breaks snapper.
#
# If /var/lib/machines is already populated then it's going to be
# pretty ugly to convert the old subvolume into a new one specially
# since it can be in use.
#
# Hopefully not a lot of users are using machinectl to import
# container/VM images. So in most of the cases this directory should
# be empty and we can then simple delete the subvolume and create a
# new one respecting the snapper layout.
#
# In the rare case where /var/lib/machines is populated, we will warn
# the user and let him fix it manually.
#
# In order to avoid ugly dependencies added in systemd package, this
# script should only be called during package updates when
# mksubvolume(8) is available. During installation, /var/lib/machines
# is supposed to be created by the installer now.
#
# See bsc#992573
#
warn() {
echo >&2 "warning: $@"
}
is_btrfs_subvolume() {
# On btrfs subvolumes always have the inode 256
test $(stat --format=%i "$1") -eq 256
}
# This assumes the directory/subvol is emptied by the caller.
rm_subvolume_or_directory() {
is_btrfs_subvolume "$1" && {
btrfs subvolume delete "$1"
return
}
rmdir "$1"
}
on_exit() {
# Simply print a common error message in case something went
# wrong.
if test $? -ne 0; then
warn "Please fix /var/lib/machines manually."
# FIXME: point to a documentation explaining how to do
# that.
exit 1
fi
}
#
# If there's already an entry in fstab for /var/lib/machines, it
# means that:
#
# - the installer initialized /var/lib/machines correctly (default)
# - we already fixed it
# - the sysadmin added it manually
#
# In any cases we should exit.
#
# Note: we can't simply check if /var/lib/machines has been mounted
# because an update through a chroot might be in progress (see
# bsc#1030290).
#
if mount --fake /var/lib/machines 2>/dev/null; then
exit
fi
#
# If there is already an entry in fstab for /var, it means that:
#
# - the system has a seperate /var subvolume (default from Feb 2018)
# - the system has a seperate /var partition
#
# In any case we should exit
#
if mount --fake /var 2>/dev/null; then
exit
fi
#
# If something is already mounted don't try to fix anything, it's been
# done manually by the sysadmin.
#
if mountpoint -q /var/lib/machines; then
exit
fi
#
# Let's try to figure out if the current filesystem uses a Snapper
# BTRFS specific layout. Note that TW uses a different layout than
# SLE...
#
# FIXME: not sure if it's correct, reliable or optimal.
#
case $(findmnt -nr -t btrfs -o FSROOT / 2>/dev/null) in
*.snapshots/*/snapshot*)
;;
*)
exit 0
esac
trap on_exit EXIT
if test -d /var/lib/machines; then
#
# Ok, we're on a system supporting rollbacks and
# /var/lib/machines is not a subvolume remotely mounted so it
# cannot be suitable for systems supporting rollback. Fix it.
#
echo "Making /var/lib/machines suitable for rollbacks..."
type mksubvolume >/dev/null 2>&1 || {
warn "mksubvolume(8) is not installed, aborting."
exit 1
}
test "$(ls -A /var/lib/machines/)" && {
warn "/var/lib/machines is not empty, aborting."
exit 1
}
echo "Deleting empty /var/lib/machines directory/subvolume"
rm_subvolume_or_directory /var/lib/machines || {
warn "fail to delete /var/lib/machines"
exit 1
}
fi
# At this point /var/lib/machines shouldn't exist.
echo "Creating /var/lib/machines subvolume suitable for rollbacks."
mksubvolume /var/lib/machines
++++++ scripts-systemd-migrate-sysconfig-i18n.sh ++++++
#! /bin/bash
# /etc/sysconfig/console | /etc/vconsole.conf
# -------------------------+---------------------
# CONSOLE_FONT | FONT
# CONSOLE_SCREENMAP | FONT_MAP
# CONSOLE_UNICODEMAP | FONT_UNIMAP
migrate_locale () {
local migrated=""
if ! test -f /etc/sysconfig/console; then
return
fi
source /etc/sysconfig/console || return
if test -f /etc/vconsole.conf; then
source /etc/vconsole.conf || return
fi
if test -n "$CONSOLE_FONT" && test -z "$FONT"; then
echo "FONT=$CONSOLE_FONT" >>/etc/vconsole.conf
migrated+="CONSOLE_FONT "
fi
if test -n "$CONSOLE_SCREENMAP" && test -z "$FONT_MAP"; then
echo "FONT_MAP=$CONSOLE_SCREENMAP" >>/etc/vconsole.conf
migrated+="CONSOLE_SCREENMAP "
fi
if test -n "$CONSOLE_UNICODEMAP" && test -z "$FONT_UNIMAP"; then
echo "FONT_UNIMAP=$CONSOLE_UNICODEMAP" >>/etc/vconsole.conf
migrated+="CONSOLE_UNICODEMAP "
fi
if test -n "$migrated"; then
echo >&2 "The following variables from /etc/sysconfig/console
have been migrated"
echo >&2 "into /etc/vconsole.conf:"
echo >&2
for v in $migrated; do echo " - $v=${!v}"; done
echo >&2
echo >&2 "Please edit /etc/vconsole.conf if you need to tune
these settings"
echo >&2 "as /etc/sysconfig/console won't be considered
anymore."
echo >&2
fi
}
# /etc/sysconfig/keyboard | /etc/vconsole.conf
# -------------------------+---------------------
# KEYTABLE | KEYMAP
migrate_keyboard () {
local migrated=""
if ! test -f /etc/sysconfig/keyboard; then
return
fi
source /etc/sysconfig/keyboard || return
if test -f /etc/vconsole.conf; then
source /etc/vconsole.conf || return
fi
if test -n "$KEYTABLE" && test -z "$KEYMAP"; then
echo "KEYMAP=$KEYTABLE" >>/etc/vconsole.conf
migrated+="KEYTABLE "
fi
if test -n "$migrated"; then
echo >&2 "The following variables from /etc/sysconfig/keyboard
have been migrated"
echo >&2 "into /etc/vconsole.conf:"
echo >&2
for v in $migrated; do echo " - $v=${!v}"; done
echo >&2
echo >&2 "Please use localectl(1) if you need to tune these
settings since"
echo >&2 "/etc/sysconfig/keyboard won't be considered anymore."
echo >&2
fi
}
# According to
#
https://www.suse.com/documentation/sles-12/book_sle_admin/data/sec_suse_l10n.html,
# variables in /etc/sysconfig/language are supposed to be passed to
# the users' shell *only*. However it seems that there has been some
# confusion and they ended up configuring the system-wide locale as
# well. The logic followed by systemd was implemented in commit
# 01c4b6f4f0d951d17f6873f68156ecd7763429c6, which was reverted. The
# code below follows the same logic to migrate content of
# /etc/sysconfig/language into locale.conf.
migrate_language () {
local lang=
local migrated=false
if ! test -f /etc/sysconfig/language; then
return
fi
source /etc/sysconfig/language || return
lang=$(grep ^LANG= /etc/locale.conf 2>/dev/null)
lang=${lang#LANG=}
case "$ROOT_USES_LANG" in
yes)
if test -z "$lang" && test -n "$RC_LANG"; then
echo "LANG=$RC_LANG" >>/etc/locale.conf
migrated=true
fi
;;
ctype)
if ! grep -q ^LC_CTYPE= /etc/locale.conf 2>/dev/null; then
: ${lc_ctype:="$lang"}
: ${lc_ctype:="$RC_LC_CTYPE"}
: ${lc_ctype:="$RC_LANG"}
if test -n "$lc_ctype"; then
echo "LC_CTYPE=$lc_ctype" >>/etc/locale.conf
migrated=true
fi
fi
;;
esac
if $migrated; then
echo >&2 "The content of /etc/sysconfig/language has been
migrated into"
echo >&2 "/etc/locale.conf. The former file is now only used
for setting"
echo >&2 "the locale used by user's shells. The system-wide
locale is"
echo >&2 "only read from /etc/locale.conf since now."
echo >&2
echo >&2 "Please only use localectl(1) or YaST if you need to
change the"
echo >&2 "settings of the *system-wide* locale from now."
fi
}
# The marker could have been incorrectly put in /usr/lib. In this case
# move it to its new place.
mv /usr/lib/systemd/scripts/.migrate-sysconfig-i18n.sh~done \
/var/lib/systemd/i18n-migrated &>/dev/null
if ! test -e /var/lib/systemd/i18n-migrated; then
declare -i rv=0
migrate_locale; rv+=$?
migrate_keyboard; rv+=$?
migrate_language; rv+=$?
test $rv -eq 0 && touch /var/lib/systemd/i18n-migrated
fi
++++++ scripts-systemd-upgrade-from-pre-210.sh ++++++
#! /bin/bash
#
# This script is supposed to be executed from the %post section. It
# contains all hacks needed to update a system which was running
# systemd < v210. This also includes systems migrating from SysV.
#
# All hacks can potentially break the admin settings since they work
# in /etc...
# Try to read default runlevel from the old inittab if it exists. If
# it fails fallback to runlevel 3 which should still be better than
# the rescue shell.
#
# Note: /etc/inittab was part of the aaa_base package which can be
# upgraded before systemd is. Therefore this file is likely to be
# missing.
if [ ! -e /etc/systemd/system/default.target -a -e /etc/inittab ]; then
runlevel=$(sed -n -r "s/^id:([[:digit:]]):initdefault:/\1/p"
/etc/inittab)
: ${runlevel:=3}
echo "Initializing default.target to runlevel${runlevel}.target"
ln -s /usr/lib/systemd/system/runlevel${runlevel}.target
/etc/systemd/system/default.target
fi
# migrate any symlink which may refer to the old path
for f in $(find /etc/systemd/system -type l -xtype l); do
new_target="/usr$(readlink $f)"
[ -f "$new_target" ] && ln -s -f $new_target $f
done
++++++ scripts-udev-convert-lib-udev-path.sh ++++++
#! /bin/bash
#
# When upgrading from systems predating systemd (SLE11, openSUSE
# 12.x), udev libexec directory was changed from /lib/udev to
# /usr/lib/udev. Some customer scripts might still rely on the old
# path, therefore try to create a symlink that preserves the old path
# (see bsc#1050152).
#
# This script is supposed to be called from the %posttrans scection of
# the udev package.
#
convert_lib_udev_path () {
local failed=/bin/false
# Sanity check: /usr/lib/udev must exist at that point since
# the new udev package should have been installed.
if ! test -d /usr/lib/udev; then
echo >&2 "/usr/lib/udev does not exist, refusing to create"
echo >&2 "/lib/udev compat symlink."
return 1
fi
# If the symlink is missing it probably means that we're
# upgrading and the old /lib/udev path was removed as it was
# empty at the time the old version of udev was uninstalled.
if ! test -e /lib/udev; then
echo "Creating /lib/udev -> /usr/lib/udev symlink."
ln -s /usr/lib/udev /lib/udev
return
fi
# If a symlink already exists, simply assume that we already
# did the job. IOW we're just doing a simple update of
# systemd/udev (not upgrading).
if test -L /lib/udev; then
return
fi
# Sanity check: refuse to deal with anything but a directory.
if ! test -d /lib/udev; then
echo >&2 "/lib/udev is not either a directory nor a symlink !"
echo >&2 "It won't be converted into a symlink to
/usr/lib/udev."
echo >&2 "Please create it manually."
return 1
fi
# /lib/udev exists and is still a directory (probably not
# empty otherwise it would have been removed when the old
# version of udev was uninstalled), we try to merge its
# content with the new location and if it fails we warn the
# user and let him sort this out.
shopt -s globstar
for f in /lib/udev/**; do
if test -d "$f"; then
continue
fi
if test -e /usr/"$f"; then
echo >&2 "Failed to migrate '$f' to /usr/lib/udev
because it already exists."
failed=/bin/true
continue
fi
echo "Migrating '$f' in /usr/lib/udev"
if ! cp -a --parents "$f" /usr; then
echo >&2 "Failed to move '$f' in /usr/lib/udev."
failed=/bin/true
continue
fi
rm "$f"
done
shopt -u globstar
if ! $failed; then
rm -fr /lib/udev &&
ln -s ../usr/lib/udev /lib/udev &&
echo "The content of /lib/udev has been moved in /usr/lib/udev
successfully" &&
echo "and /lib/udev is now a symlink pointing to
/usr/lib/udev." &&
echo "Please note /lib/udev is deprecated and shouldn't be used
by" &&
echo "new scripts/applications anymore." ||
failed=/bin/true
fi
if $failed; then
echo >&2 "Converting /lib/udev into a symlink pointing to
/usr/lib/udev was not"
echo >&2 "possible due to previous error(s)."
echo >&2 "Please fix them and then create the symlink with:"
echo >&2 " 'ln -s ../usr/lib/udev /lib/udev'."
return 1
fi
}
convert_lib_udev_path
++++++ systemd-mini-rpmlintrc ++++++
addFilter("invalid-pkgconfig-file")
addFilter(".*dangling-symlink
/sbin/(halt|init|poweroff|telinit|shutdown|runlevel|reboot).*")
addFilter(".*dangling-symlink .* /dev/null.*")
addFilter(".*files-duplicate .*/reboot\.8.*")
addFilter(".*files-duplicate .*/sd_is_socket\.3.*")
addFilter("non-conffile-in-etc
/etc/bash_completion.d/systemd-bash-completion\.sh")
addFilter("non-conffile-in-etc /etc/rpm/macros\.systemd")
addFilter(".*dbus-policy-allow-receive")
addFilter(".*dangling-symlink /lib/udev/devices/std(in|out|err).*")
addFilter(".*dangling-symlink /lib/udev/devices/core.*")
addFilter(".*dangling-symlink /lib/udev/devices/fd.*")
addFilter(".*incoherent-init-script-name boot\.udev.*")
addFilter(".init-script-without-%stop_on_removal-preun /etc/init\.d/boot\.udev")
addFilter(".init-script-without-%restart_on_update-postun
/etc/init\.d/boot\.udev")
addFilter(".*devel-file-in-non-devel-package.*udev.pc.*")
addFilter(".*libgudev-.*shlib-fixed-dependency.*")
addFilter(".*suse-filelist-forbidden-systemd-userdirs.*")
addFilter("libudev-mini.*shlib-policy-name-error.*")
addFilter("nss-systemd.*shlib-policy-name-error.*")
addFilter("nss-myhostname.*shlib-policy-name-error.*")
addFilter("nss-mymachines.*shlib-policy-name-error.*")
addFilter("nss-resolve.*shlib-policy-name-error.*")
addFilter("systemd-logger.*useless-provides sysvinit(syslog).*")
addFilter("devel-file-in-non-devel-package.*/usr/share/pkgconfig/(udev|systemd)\.pc.*")
addFilter(".*script-without-shebang.*/usr/lib/udev/rule_generator.functions.*")
addFilter(".*files-duplicate.*/systemd-logger.*")
addFilter(".*missing-call-to-setgroups-before-setuid.*")
addFilter(".*missing-call-to-chdir-with-chroot.*")
addFilter(".*systemd-service-without-service.*")
addFilter(".*shlib-policy-missing-suffix.*")
addFilter(".*suse-missing-rclink.*")
++++++ systemd-rpmlintrc ++++++
addFilter("invalid-pkgconfig-file")
addFilter(".*dangling-symlink
/sbin/(halt|init|poweroff|telinit|shutdown|runlevel|reboot).*")
addFilter(".*dangling-symlink .* /dev/null.*")
addFilter(".*files-duplicate .*/reboot\.8.*")
addFilter(".*files-duplicate .*/sd_is_socket\.3.*")
addFilter("non-conffile-in-etc
/etc/bash_completion.d/systemd-bash-completion\.sh")
addFilter("non-conffile-in-etc /etc/rpm/macros\.systemd")
addFilter(".*dbus-policy-allow-receive")
addFilter(".*dangling-symlink /lib/udev/devices/std(in|out|err).*")
addFilter(".*dangling-symlink /lib/udev/devices/core.*")
addFilter(".*dangling-symlink /lib/udev/devices/fd.*")
addFilter(".*incoherent-init-script-name boot\.udev.*")
addFilter(".init-script-without-%stop_on_removal-preun /etc/init\.d/boot\.udev")
addFilter(".init-script-without-%restart_on_update-postun
/etc/init\.d/boot\.udev")
addFilter(".*devel-file-in-non-devel-package.*udev.pc.*")
addFilter(".*libgudev-.*shlib-fixed-dependency.*")
addFilter(".*suse-filelist-forbidden-systemd-userdirs.*")
addFilter("libudev-mini.*shlib-policy-name-error.*")
addFilter("nss-systemd.*shlib-policy-name-error.*")
addFilter("nss-myhostname.*shlib-policy-name-error.*")
addFilter("nss-mymachines.*shlib-policy-name-error.*")
addFilter("nss-resolve.*shlib-policy-name-error.*")
addFilter("systemd-logger.*useless-provides sysvinit(syslog).*")
addFilter("devel-file-in-non-devel-package.*/usr/share/pkgconfig/(udev|systemd)\.pc.*")
addFilter(".*script-without-shebang.*/usr/lib/udev/rule_generator.functions.*")
addFilter(".*files-duplicate.*/systemd-logger.*")
addFilter(".*missing-call-to-setgroups-before-setuid.*")
addFilter(".*missing-call-to-chdir-with-chroot.*")
addFilter(".*systemd-service-without-service.*")
addFilter(".*shlib-policy-missing-suffix.*")
addFilter(".*suse-missing-rclink.*")
++++++ systemd-sysv-convert ++++++
#!/bin/bash
if [ "$UID" != "0" ]; then
echo Need to be root.
exit 1
fi
declare -A results_target
usage() {
cat << EOF
usage: systemd-sysv-convert [-h] [--save] [--show] [--apply]
SERVICE [SERVICE ...]
EOF
}
help() {
usage
cat << EOF
Save and Restore SysV Service Runlevel Information
positional arguments:
SERVICE Service names
optional arguments:
-h, --help show this help message and exit
--save Save SysV runlevel information for one or more services
--show Show saved SysV runlevel information for one or more services
--apply Apply saved SysV runlevel information for one or more services
to systemd counterparts
EOF
}
find_service() {
local service=$1
local rcnd=$2
case $rcnd in
boot.d) [ -L /etc/rc.d/$rcnd/S??boot.$service ] ;;
*) [ -L /etc/rc.d/$rcnd/S??$service ]
esac
}
lookup_database() {
local services=$@
local service
local runlevel
local priority
# 'priority' field is not used but is kept for backward compat
# reason.
while read service runlevel priority; do
for s in $services ; do
if [ $s == $service ]; then
results_target[$service]+="
runlevel$runlevel.target"
break
fi
done
done < /var/lib/systemd/sysv-convert/database
}
declare -i fail=0
case "$1" in
-h|--help)
help
exit 0
;;
--save)
shift
for service in $@ ; do
if [ ! -r /etc/init.d/$service ] && [ ! -r
/etc/init.d/boot.$service ]; then
echo "SysV service $service does not exist,
skipping"
continue
fi
for rcnd in rc2.d rc3.d rc4.d rc5.d boot.d; do
case $rcnd in
rc*.d) runlevel=${rcnd:2:1} ;;
boot.d) runlevel=3 ;;
esac
# Write a dumb priority as it is not used.
find_service $service $rcnd &&
echo "$service $runlevel 50"
>>/var/lib/systemd/sysv-convert/database
done
done
;;
--show)
shift
services=$@
lookup_database $services
for service in $services; do
if [ -z "${results_target[$service]}" ]; then
echo "No information about service $service
found." >/dev/stderr
let fail++
continue
fi
for target in ${results_target[$service]}; do
echo "SysV service '$service' is pulled by
$target"
done
done
;;
--apply)
shift
services=$@
for service in $services; do
if [ ! -f "/lib/systemd/system/$service.service" -a !
-f "/usr/lib/systemd/system/$service.service" ]; then
echo systemd service $service.service does not
exist. >/dev/stderr
exit 1
fi
done
#
# The database might no have been created by a previous --save
# call. This can happen when:
#
# - we're upgrading a package which initially didn't
# have any unit file nor sysv init script and now
# start shipping one or more unit files (bsc#982303).
#
# - the sysv init service wasn't enabled at all before
# being migrated to a native unit file (bsc#982211).
#
if [ -e /var/lib/systemd/sysv-convert/database ]; then
lookup_database $services
for service in $services; do
[ -f "/lib/systemd/system/$service.service" ]
&& unit="/lib/systemd/system/$service.service"
[ -f "/usr/lib/systemd/system/$service.service"
] && unit="/usr/lib/systemd/system/$service.service"
# If $service is not present in the database,
# then it simply means that the sysv init
# service was not enabled at all.
for target in ${results_target[$service]}; do
echo ln -sf $unit
/etc/systemd/system/$target.wants/$service.service >/dev/stderr
mkdir -p
"/etc/systemd/system/$target.wants"
/bin/ln -sf $unit
/etc/systemd/system/$target.wants/$service.service
done
done
fi
;;
*)
usage
let fail=2
;;
esac
exit $fail
++++++ systemd-sysv-install ++++++
#!/bin/sh
# This script is called by "systemctl enable/disable" when the given unit is a
# SysV init.d script. It needs to call the distribution's mechanism for
# enabling/disabling those, such as chkconfig, update-rc.d, or similar. This
# can optionally take a --root argument for enabling a SysV init script
# in a chroot or similar.
set -e
usage() {
echo "Usage: $0 [--root=path] enable|disable|is-enabled <sysv script name>"
>&2
exit 1
}
# parse options
eval set -- "$(getopt -o r: --long root: -- "$@")"
while true; do
case "$1" in
-r|--root)
ROOT="$2"
shift 2 ;;
--) shift ; break ;;
*) usage ;;
esac
done
NAME="$2"
[ -n "$NAME" ] || usage
case "$1" in
enable)
chkconfig $ROOT --no-systemctl -s "$NAME" on
;;
disable)
chkconfig $ROOT --no-systemctl -s "$NAME" off
;;
is-enabled)
chkconfig $ROOT --no-systemctl -c "$NAME"
;;
*)
usage ;;
esac
++++++ systemd-user ++++++
# This file is part of systemd.
#
# Used by systemd --user instances.
account include common-account
session required pam_selinux.so close
session required pam_selinux.so nottys open
session include common-session
