v253 batch up to 067dac40e99111e753ea343b59fbc789dc1559e1#473
Merged
bluca merged 70 commits intosystemd:v253-stablefrom Mar 5, 2025
Merged
v253 batch up to 067dac40e99111e753ea343b59fbc789dc1559e1#473bluca merged 70 commits intosystemd:v253-stablefrom
bluca merged 70 commits intosystemd:v253-stablefrom
Conversation
|
We were not able to find or create Copr project Unless the HTTP status code above is >= 500, please check your configuration for:
|
(cherry picked from commit 7af1542)
|
We were not able to find or create Copr project Unless the HTTP status code above is >= 500, please check your configuration for:
|
Especially when using in-memory logging, these are too noisy so let's drop them back to debug level. (cherry picked from commit afc47ee)
Prompted by: systemd/systemd#27890 (comment) (cherry picked from commit f96a32c) (cherry picked from commit 8975666)
Unfortunately kernel reports EOF if there's an inconsistency between efivarfs var list and what's actually stored in firmware, c.f. #34304. A zero size env var is not allowed in efi and hence the variable doesn't really exist in the backing store as long as it is zero sized, and the kernel calls this "uncommitted". Hence we translate EOF back to ENOENT here, as with kernel behavior before torvalds/linux@3fab70c If the kernel changes behaviour (to flush dentries on resume), we can drop this at some point in the future. But note that the commit is 11 years old at this point so we'll need to deal with the current behaviour for a long time. Fix #34304. (cherry picked from commit 6013dee) (cherry picked from commit 87df05b) (cherry picked from commit 537b527) (cherry picked from commit 7ab4191) (cherry picked from commit 0aca8e2)
…ANTS=
Let consider the following udev rules:
===
PROGRAM="/usr/bin/systemd-escape foo-bar-baz", ENV{SYSTEMD_WANTS}+="test1@$result.service"
PROGRAM="/usr/bin/systemd-escape aaa-bbb-ccc", ENV{SYSTEMD_WANTS}+="test2@$result.service"
===
Then, a device expectedly gains a property:
===
SYSTEMD_WANTS=test1@foo\x2dbar\x2dbaz.service test2@aaa\x2dbbb\x2dccc.service
===
After the event being processed by udevd, PID1 processes the device, the
property previously was parsed with extract_first_word(EXTRACT_UNQUOTE),
then the device unit gained the following dependencies:
===
[email protected] [email protected]
===
So both '%i' and '%I' for the template services did not match with the original
data, and it was hard to use systemd-escape in PROGRAM= udev rule token.
This makes the property parsed with extract_first_word(EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE),
hence the device unit now gains the following dependencies:
===
Wants=test1@foo\x2dbar\x2dbaz.service test2@aaa\x2dbbb\x2dccc.service
===
and '%I' for the template services match with the original data.
Fixes a bug caused by ceed8f0 (v233).
Fixes #16735.
Replaces #16737 and #35768.
(cherry picked from commit a467358)
(cherry picked from commit 0c1daaf)
(cherry picked from commit cfa5775)
(cherry picked from commit a783d12)
(cherry picked from commit 9b07c0e)
This was added originally as it was thought that Windows applied the same cap. Nowadays the specs do not mention it, and it is believed Windows no longer applies it either, so drop it in order to allow an arbitrary number of DTBs to be included Fixes systemd/systemd#35943 (cherry picked from commit 8c5b359) (cherry picked from commit 9518481) (cherry picked from commit 5cbe2b8) (cherry picked from commit e79cea6) (cherry picked from commit 203f344)
We were missing one service result (oom-kill), and the ratelimit one is called differently. Correct that so that we generate proper log messages for these cases. (cherry picked from commit a7620f5) (cherry picked from commit 13ce2fd) (cherry picked from commit dbc791b) (cherry picked from commit 760afe6) (cherry picked from commit 67cc085)
Follow-up for 656bbff The commit reworked job merging logic so that reload jobs won't get merged. However, they might get dropped from transaction due to being deemed redundant, i.e. way before it even hits job_install(). Let's make sure reload jobs are always kept during transaction construction stage, too. (cherry picked from commit 7b940d8) (cherry picked from commit 1e7b1ce) (cherry picked from commit d770304) (cherry picked from commit 42082ed) (cherry picked from commit 4f96683)
Fixes the following error:
```
../src/basic/random-util.c: In function "fallback_random_bytes":
../src/basic/random-util.c:45:26: error: initializer-string for array of "char" is too long [-Werror=unterminated-string-initialization]
45 | .label = "systemd fallback random bytes v1",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
```
(cherry picked from commit e722fe7)
(cherry picked from commit 8f2f04b)
(cherry picked from commit 57d2446)
(cherry picked from commit 85eafb5)
(cherry picked from commit 64f98ed)
legionus/kbd#127 adds a Georgian mapping to kbd. console-setup already has one. Let's support it here, so it's used for Georgian installs on distros that use this table. Signed-off-by: Adam Williamson <[email protected]> (cherry picked from commit f89d4c5) (cherry picked from commit 52b5a79) (cherry picked from commit c9e1a4a) (cherry picked from commit 48fd2d3) (cherry picked from commit de0e698)
otherwise it will use the system input.h which will fail to build if newer than the bundled version Fixes: 0a73c8e ("linux: import input.h and friends") (cherry picked from commit bc996fd) (cherry picked from commit a485c92) (cherry picked from commit f3d5204) (cherry picked from commit 00c2000) (cherry picked from commit 6e96abd)
This is printed by bus_manager_log_shutdown() in logind-dbus.c, near the start of the shutdown process. Clarify that events *will* happen, long after this message is sent. (cherry picked from commit 6c45c5a) (cherry picked from commit 6936658) (cherry picked from commit c25f8b9) (cherry picked from commit 8b516d4) (cherry picked from commit 5fa7e25)
The UKI file has to be writable to be able to do boot counting in the UEFI firmware which involves renaming the file by writing to the file metadata which requires the file to be writable in the FAT filesystem. Fixes #36170 (cherry picked from commit 0e470e1) (cherry picked from commit 7358b67) (cherry picked from commit dcffc79) (cherry picked from commit 9d0ad1a) (cherry picked from commit d6875a5)
The script runs the binaries which try to find the internal libs via /proc/self/exe due
to glibc's RPATH resolution and fail:
/var/cache/src/systemd/tools/dbus_exporter.py interfaces
/var/cache/src/systemd/build/systemd
/var/cache/src/systemd/build/systemd-homed
/var/cache/src/systemd/build/systemd-hostnamed
/var/cache/src/systemd/build/systemd-importd
/var/cache/src/systemd/build/systemd-localed
/var/cache/src/systemd/build/systemd-logind
/var/cache/src/systemd/build/systemd-machined
/var/cache/src/systemd/build/systemd-networkd
/var/cache/src/systemd/build/systemd-oomd
/var/cache/src/systemd/build/systemd-portabled
/var/cache/src/systemd/build/systemd-resolved
/var/cache/src/systemd/build/systemd-sysupdated
/var/cache/src/systemd/build/systemd-timedated
execve("/var/cache/src/systemd/build/systemd", ["/var/cache/src/systemd/build/sys"..., "--bus-introspect", "list"], 0x7ffc7ab68600 /* 20 vars */) = 0
brk(NULL) = 0x56265bf70000
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56ced7f000
readlinkat(AT_FDCWD, "/proc/self/exe", 0x7ffedeaa7a90, 4096) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=20293, ...}) = 0
mmap(NULL, 20293, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f56ced7a000
close(3) = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v4/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v4/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/x86_64-linux-gnu/", {st_mode=S_IFDIR|0755, st_size=19312, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v4/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v4/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v3/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/glibc-hwcaps/x86-64-v2/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/", {st_mode=S_IFDIR|0755, st_size=19312, ...}, 0) = 0
openat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v4/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v4/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v3/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v3/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v2/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/glibc-hwcaps/x86-64-v2/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/lib/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/lib/", {st_mode=S_IFDIR|0755, st_size=642, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v4/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v4/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v3/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v3/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v2/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/glibc-hwcaps/x86-64-v2/", 0x7ffedeaa80b0, 0) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib/libsystemd-core-258.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/", {st_mode=S_IFDIR|0755, st_size=642, ...}, 0) = 0
writev(2, [{iov_base="/var/cache/src/systemd/build/sys"..., iov_len=36},
{iov_base=": ", iov_len=2},
{iov_base="error while loading shared libra"..., iov_len=36},
{iov_base=": ", iov_len=2},
{iov_base="libsystemd-core-258.so", iov_len=22},
{iov_base=": ", iov_len=2},
{iov_base="cannot open shared object file", iov_len=30},
{iov_base=": ", iov_len=2},
{iov_base="No such file or directory", iov_len=25},
{iov_base="\n", iov_len=1}],
10/var/cache/src/systemd/build/systemd: error while loading shared libraries: libsystemd-core-258.so: cannot open shared object file: No such file or directory
) = 158
(cherry picked from commit c6a932f)
(cherry picked from commit 8b84cad)
(cherry picked from commit 06f05ba)
(cherry picked from commit 626e117)
(cherry picked from commit 96ae2e0)
…ects While this is obvious if you spend a few minutes thinking about how D-Bus signals work (in this case, they are broadcast from a system service, so cannot apply to a specific user/session/seat), it’s a bit easy to overlook this while putting code together which uses the login1 D-Bus API, so it’s helpful to point this hazard out specifically in the docs. The signals can only be emitted on the canonical objects. The convenience objects are useful for method calls, as the calling context can be used to dereference ‘self’ and ‘auto’, but this can’t work for signals. Signed-off-by: Philip Withnall <[email protected]> (cherry picked from commit 82b32b9) (cherry picked from commit afc6244) (cherry picked from commit aa560db) (cherry picked from commit e3e2147) (cherry picked from commit 0b3dcc9)
When hardlink recreation is requested, it creates temporary files that will be deleted once the context is destroyed. The deletion (potentially) updates the directory's timestamps, so it's crucial that the deletion happens before the directory timestamps are restored when `COPY_RESTORE_DIRECTORY_TIMESTAMPS` is requested. (cherry picked from commit b662914) (cherry picked from commit 9e2ba7e) (cherry picked from commit 9ade693) (cherry picked from commit 0ef8791) (cherry picked from commit 75a7236)
…Y=1 when notify-reload Follow-up for 3bd28bf SERVICE_RELOAD_SIGNAL state can only be reached via explicit reload jobs, and we have a clear distinction between that and plain RELOADING=1 notifications, the latter of which is issued by clients doing reload outside of our job engine. I.e. upon SERVICE_RELOAD_SIGNAL + RELOADING=1 we don't propagate reload jobs again, since that's done during transaction construction stage already. The handling of combined RELOADING=1 + READY=1 so far is bogus however, as it tries to propagate duplicate reload jobs. Amend this by following the logic for standalone RELOADING=1. (cherry picked from commit c337a13) (cherry picked from commit aef4add) (cherry picked from commit 7e6e8b3) (cherry picked from commit f6b973d) (cherry picked from commit bcabdc5)
All dbus programs have to be up-to-date for update-dbus-docs to produce the expected output, so add the missing dependency. (cherry picked from commit 461bd92) (cherry picked from commit cd727da) (cherry picked from commit c5e562c) (cherry picked from commit bf899b7) (cherry picked from commit e6885d3)
fido2_generate_hmac_hash() sets req->keyring to "fido2-pin" when calling ask_password_auto(), suggesting that a key by this name can be read from the kernel keyring. But the keyring is never opened because the ASK_PASSWORD_ACCEPT_CACHED flag is not set. Set ASK_PASSWORD_ACCEPT_CACHED to allow automated / scripted setup of encrypted volumes with FIDO2. If the PIN turns out to be invalid, clear ASK_PASSWORD_ACCEPT_CACHED to avoid retrying and possible lockout. (cherry picked from commit 505c2f2) (cherry picked from commit f2054b8) (cherry picked from commit 012cde1) (cherry picked from commit 993f1e9) (cherry picked from commit 3a9fd52)
When using UEFI with bhyve it behaves similarly to qemu, and provides a product_uuid. Use it if found, just like with qemu. (cherry picked from commit 113c159) (cherry picked from commit 4cdaff2) (cherry picked from commit ebdb1df) (cherry picked from commit 4c70218) (cherry picked from commit 3f2bf5d)
…ocked In various scenarios we invoke containers with access to the kernel keyring blocked. Let's make sure we can handle this properly: when the invocation ID is stored in in the kernel keyring and we try to read it and get EPERM we should handle it gracefully, like EOPNOTSUPP. (cherry picked from commit f2e38b0) (cherry picked from commit a2abc3b) (cherry picked from commit 9cd3101) (cherry picked from commit e52806d) (cherry picked from commit 4d5da5c)
The values assigned to 'r' were never used, and overwritten by the next call of read_line_full(). Fixes CID#1548043 and CID#1548064. (cherry picked from commit 00575cf) (cherry picked from commit 244790a) (cherry picked from commit f92b518) (cherry picked from commit 8858f69) (cherry picked from commit 4494ce2)
Import thew new key from https://data.iana.org/root-anchors/root-anchors.xml. The old one remains valid, as per provided data. Fixes: #36260 (cherry picked from commit 8113361) (cherry picked from commit 961e351) (cherry picked from commit 6cb60bb) (cherry picked from commit 6a97871) (cherry picked from commit 7773582)
If we use TCP fastopen to connect to a DNS server via TCP, and it responds really quickly between our connection attempt and our immediate check back, then we have not identified the peer yet, and will not be able to use the peer metadata to fill in our packet info. Let's fix that, and simply not read from the socket until identification is complete. Fixes: #34956 (cherry picked from commit facc943) (cherry picked from commit 11da527) (cherry picked from commit 9bf15a2) (cherry picked from commit e22b61d) (cherry picked from commit 8398ac6)
/usr/bin/pacman-key: line 31: /usr/share/makepkg/util/message.sh: No such file or directory /usr/bin/pacman-key: line 32: /usr/share/makepkg/util/parseopts.sh: No such file or directory /usr/bin/pacman-key: line 620: parseopts: command not found (cherry picked from commit 66ffce7) (cherry picked from commit 70dfddd)
Traceback (most recent call last):
File "<frozen runpy>", line 198, in _run_module_as_main
File "<frozen runpy>", line 88, in _run_code
File "/home/runner/work/_actions/systemd/mkosi/bbe715f42911f9660712377a5b39335b9391ae22/mkosi/__main__.py", line 60, in <module>
main()
File "/usr/lib/python3.12/contextlib.py", line 81, in inner
return func(*args, **kwds)
^^^^^^^^^^^^^^^^^^^
File "/home/runner/work/_actions/systemd/mkosi/bbe715f42911f9660712377a5b39335b9391ae22/mkosi/__main__.py", line 52, in main
run_verb(args, images)
File "/home/runner/work/_actions/systemd/mkosi/bbe715f42911f9660712377a5b39335b9391ae22/mkosi/__init__.py", line 2789, in run_verb
become_root()
File "/home/runner/work/_actions/systemd/mkosi/bbe715f42911f9660712377a5b39335b9391ae22/mkosi/run.py", line 125, in become_root
os.setresuid(0, 0, 0)
PermissionError: [Errno 1] Operation not permitted
(cherry picked from commit f47a460)
(cherry picked from commit 05e990c)
F39 doesn't build anymore: GPG key at https://fedoraproject.org/fedora.gpg (0x31645531) is already installed Public key for filesystem-3.18-6.fc39.x86_64.rpm is not installed. Failing package is: filesystem-3.18-6.fc39.x86_64 GPG Keys are configured as: https://fedoraproject.org/fedora.gpg Public key for setup-2.14.4-1.fc39.noarch.rpm is not installed. Failing package is: setup-2.14.4-1.fc39.noarch GPG Keys are configured as: https://fedoraproject.org/fedora.gpg The GPG keys listed for the "updates" repository are already installed but they are not correct for this package. Check that the correct key URLs are configured for this repository.. Failing package is: fedora-gpg-keys-39-2.noarch GPG Keys are configured as: https://fedoraproject.org/fedora.gpg Public key for fedora-release-39-36.noarch.rpm is not installed. Failing package is: fedora-release-39-36.noarch GPG Keys are configured as: https://fedoraproject.org/fedora.gpg Public key for fedora-release-common-39-36.noarch.rpm is not installed. Failing package is: fedora-release-common-39-36.noarch GPG Keys are configured as: https://fedoraproject.org/fedora.gpg Public key for fedora-release-identity-basic-39-36.noarch.rpm is not installed. Failing package is: fedora-release-identity-basic-39-36.noarch GPG Keys are configured as: https://fedoraproject.org/fedora.gpg Public key for fedora-repos-39-2.noarch.rpm is not installed. Failing package is: fedora-repos-39-2.noarch GPG Keys are configured as: https://fedoraproject.org/fedora.gpg Error: GPG check FAILED These are throw-away CI images, so just skip the checks (cherry picked from commit 44a978a) (cherry picked from commit 7e20ff0)
Now, ubuntu-24.04 has mold-2.30.0+dfsg-1build1 . See https://packages.ubuntu.com/noble/mold . (cherry picked from commit c0b78d2)
Otherwise mkosi tries to change user and fails (cherry picked from commit 067dac4)
|
We were not able to find or create Copr project Unless the HTTP status code above is >= 500, please check your configuration for:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.