dgit.raspbian.org Git - systemd.git/log

Merge version 245.5-3+rpi1 and 245.6-1 to produce 245.6-1+rpi1

Merge systemd (245.6-1) import into refs/heads/workingbranch

Revert "job: Don't mark as redundant if deps are relevant"

This reverts commit 097537f07a2fab3cb73aef7bc59f2a66aa93f533.

See https://github.com/systemd/systemd/issues/15091

Closes: #953670
Gbp-Pq: Topic debian
Gbp-Pq: Name Revert-job-Don-t-mark-as-redundant-if-deps-are-relevant.patch

udev: drop SystemCallArchitectures=native from systemd-udevd.service

We can't really control what helper programs are run from other udev
rules. E.g. running i386 binaries under amd64 is a valid use case and
should not trigger a SIGSYS failure.

Closes: #869719
Gbp-Pq: Topic debian
Gbp-Pq: Name udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch

blacklist-upstream-test-24-ppc64el

Bug: https://github.com/systemd/systemd/issues/11612

Gbp-Pq: Topic debian
Gbp-Pq: Name blacklist-upstream-test-24-ppc64el.patch

blacklist-upstream-test-25

Bug: https://github.com/systemd/systemd/issues/13973

Gbp-Pq: Topic debian
Gbp-Pq: Name blacklist-upstream-test-25.patch

Drop seccomp system call filter for udev

The seccomp based system call whitelist requires at least systemd 239 to
be the active init and during a dist-upgrade we can't guarantee that
systemd has been fully configured before udev is restarted.

This partially reverts upstream commit
ee8f26180d01e3ddd4e5f20b03b81e5e737657ae.

Once buster is released, this patch can be dropped.

Closes: #903224
Gbp-Pq: Topic debian
Gbp-Pq: Name Drop-seccomp-system-call-filter-for-udev.patch

Add env variable for machine ID path

During package build, in minimal chroots, or other systems which do not already
have an /etc/machine-id we get six test failures. Introduce a
$SYSTEMD_MACHINE_ID_PATH environment variable which can specify a location
other than /etc/machine-id, so that the unit tests are independent from the
environment.

Also adjust test-fs-util to not assume that /etc/machine-id exists. Use
/etc/passwd instead which is created by base-files.

Closes: #851445
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62344

Gbp-Pq: Topic debian
Gbp-Pq: Name Add-env-variable-for-machine-ID-path.patch

Let graphical-session-pre.target be manually started

This is needed until https://github.com/systemd/systemd/issues/3750 is fixed.

Forwarded: not-needed
Bug-Ubuntu: https://launchpad.net/bugs/1615341

Gbp-Pq: Topic debian
Gbp-Pq: Name Let-graphical-session-pre.target-be-manually-started.patch

Revert "core: enable TasksMax= for all services by default, and set it to 512"

This reverts commit 9ded9cd14cc03c67291b10a5c42ce5094ba0912f.

Introducing a default limit on number of threads broke a lot of software which
regularly needs more, such as MySQL and RabbitMQ, or services that spawn off an
indefinite number of subtasks that are not in a scope, like LXC or cron.

15% is way too much for most "simple" services, and it's too little for others
such as the ones mentioned above. There is also no particular rationale about
any particular global limit, so even if we'd bump it higher we'd just make the
limit even less useful while still breaking software.

It is both much safer and also much more effective in terms of guarding against
berserk programs/bugs/unintended fork bombs etc. to set limits in units
individually. Once someone looks at one, this is then a great time to also flip
on the other resource and privilege limitations that systemd offers.

Bug: https://github.com/systemd/systemd/issues/3211
Bug-Debian: https://bugs.debian.org/823530
Bug-Ubuntu: https://launchpad.net/bugs/1578080

Gbp-Pq: Topic debian
Gbp-Pq: Name Revert-core-enable-TasksMax-for-all-services-by-default-a.patch

Revert "core: set RLIMIT_CORE to unlimited by default"

Partially revert commit 15a900327ab as this completely breaks core dumps
without systemd-coredump. It's also contradicting core(8), and it's not
systemd's place to redefine the kernel definitions of core files.

Commit bdfd7b2c now honours the process' RLIMIT_CORE for systemd-coredump. This
isn't what RLIMIT_CORE is supposed to do (it limits the size of the core
*file*, but the kernel deliberately ignores it for piping), so set a static
2^63 core size limit for systemd-coredump to go back to the previous behaviour
(otherwise the change above would break systemd-coredump).

Bug-Debian: https://bugs.debian.org/815020

Gbp-Pq: Topic debian
Gbp-Pq: Name Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch

Revert "core: one step back again, for nspawn we actually can't wait for cgroups running empty since systemd will get exactly zero notifications about it"

This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7.

Bug-Debian: https://bugs.debian.org/784720
Bug-Ubuntu: https://launchpad.net/bugs/1448259
Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1141137

Gbp-Pq: Topic debian
Gbp-Pq: Name Revert-core-one-step-back-again-for-nspawn-we-actual.patch

Skip filesystem check if already done by the initramfs

Newer versions of initramfs-tools already fsck and mount / and /usr in
the initramfs. Skip the filesystem check in this case.

Based on a previous patch by Michael Biebl <biebl@debian.org>.

Closes: #782522
Closes: #810748
Gbp-Pq: Topic debian
Gbp-Pq: Name Skip-filesystem-check-if-already-done-by-the-initram.patch

fsckd daemon for inter-fsckd communication

Global logic:
Add systemd-fsckd multiplexer which accepts multiple (via systemd-fsck's
/run/systemd/fsck.progress socket) fsck instances to connect to it and sends
progress report. systemd-fsckd then computes and writes to /dev/console the
number of devices currently being checked and the minimum fsck progress.

Plymouth and user interaction:
Forward the progress to plymouth and support canellation of in progress fsck.
Try to connect and send to plymouth (if running) some checked report progress,
using direct plymouth protocole.

Update message is the following:
fsckd:<num_devices>:<progress>:<string>
* num_devices corresponds to the current number of devices being checked (int)
* progress corresponds to the current minimum percentage of all devices being
  checked (float, from 0 to 100)
* string is a translated message ready to be displayed by the plymouth theme
  displaying the information above. It can be overridden by plymouth themes
  supporting i18n.

Grab in fsckd plymouth watch key Control+C, and propagate this cancel request
to systemd-fsck which will terminate fsck.

Send a message to signal to user what key we are grabbing for fsck cancel.

Message is: fsckd-cancel-msg:<string>
Where string is a translated string ready to be displayed by the plymouth theme
indicating that Control+C can be used to cancel current checks. It can be
overridden (matching only fsckd-cancel-msg prefix) for themes supporting i18n.

Misc:
systemd-fsckd stops on idle when no fsck is connected.
Add man page explaining the plymouth theme protocol, usage of the daemon
as well as the socket activation part. Adapt existing fsck man page.

Note that fsckd had lived in the upstream tree for a while, but was removed.
More information at
http://lists.freedesktop.org/archives/systemd-devel/2015-April/030175.html
-

Gbp-Pq: Topic debian
Gbp-Pq: Name fsckd-daemon-for-inter-fsckd-communication.patch

Only start logind if dbus is installed

logind fails to start in environments without dbus, such as LXC containers or
servers. Add a startup condition to avoid the very noisy startup failure.

Part of #772700

Gbp-Pq: Topic debian
Gbp-Pq: Name Only-start-logind-if-dbus-is-installed.patch

Don't enable audit by default

It causes flooding of dmesg and syslog, suppressing actually important
messages.

Don't enable it for now, until a better solution is found:
http://lists.freedesktop.org/archives/systemd-devel/2014-December/026591.html

Bug-Debian: https://bugs.debian.org/773528

Gbp-Pq: Topic debian
Gbp-Pq: Name Don-t-enable-audit-by-default.patch

Re-enable journal forwarding to syslog

Revert upstream commit 46b131574fdd7d77 for now, until Debian's sysloggers
can/do all read from the journal directly. See

http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html

for details. Once we grow a journal.conf.d/ directory, sysloggers can be moved
to pulling from the journal one by one and disable forwarding again in such a
conf.d snippet.

Gbp-Pq: Topic debian
Gbp-Pq: Name Re-enable-journal-forwarding-to-syslog.patch

Add support for TuxOnIce hibernation

systemd does not support non-mainline kernel features so upstream rejected this
patch.
It is however required for systemd integration by tuxonice-userui package.

Forwarded: http://lists.freedesktop.org/archives/systemd-devel/2014-April/018960.html

Gbp-Pq: Topic debian
Gbp-Pq: Name Add-support-for-TuxOnIce-hibernation.patch

Make /run/lock tmpfs an API fs

The /run/lock directory is world-writable in Debian due to historic
reasons. To avoid user processes filling up /run, we mount a separate
tmpfs for /run/lock. As this directory needs to be available during
early boot, we make it an API fs.

Drop it from tmpfiles.d/legacy.conf to not clobber the permissions.

Closes: #751392
Gbp-Pq: Topic debian
Gbp-Pq: Name Make-run-lock-tmpfs-an-API-fs.patch

Bring tmpfiles.d/tmp.conf in line with Debian defaults

Closes: #675422
Gbp-Pq: Topic debian
Gbp-Pq: Name Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch

Use Debian specific config files

Use /etc/default/locale instead of /etc/locale.conf for locale settings.

Use /etc/default/keyboard instead of /etc/X11/xorg.conf.d/00-keyboard.conf for
keyboard configuration.

Read/write /etc/timezone if /etc/localtime does not exist.

Gbp-Pq: Topic debian
Gbp-Pq: Name Use-Debian-specific-config-files.patch

core: make sure to restore the control command id, too

Fixes: #15356
(cherry picked from commit e9da62b18af647bfa73807e1c7fc3bfa4bb4b2ac)

Gbp-Pq: Name core-make-sure-to-restore-the-control-command-id-too.patch

nss-systemd: don't synthesize root/nobody when iterating

Fixes: #15160
Gbp-Pq: Name nss-systemd-don-t-synthesize-root-nobody-when-iterating.patch

nss-systemd: use _cleanup_ for pthread_mutex_{lock,unlock}

v2: separate the declaration from the assignment to appease clang.
(cherry picked from commit 37bc9dcc0988fe81b2d98ad0686dd33df2271c2f)

Gbp-Pq: Name nss-systemd-use-_cleanup_-for-pthread_mutex_-lock-unlock.patch

basic: add _cleanup_ wrappers for pthread_mutex_{lock,unlock}

I put the helper functions in a separate header file, because they don't fit
anywhere else. pthread_mutex_{lock,unlock} is used in two places: nss-systemd
and hashmap. I don't indent to convert hashmap to use the helpers, because
there it'd make the code more complicated. Is it worth to create a new header
file even if the only use is in nss-systemd.c? I think yes, because it feels
clean and also I think it's likely that pthread_mutex_{lock,unlock} will be
used in other places later.

(cherry picked from commit 29d4392ca05a31db53176f552041bb6183351d63)

Gbp-Pq: Name basic-add-_cleanup_-wrappers-for-pthread_mutex_-lock-unlo.patch

logind: avoid shadow lookups when doing userdb client side

Let's not trigger MACs needlessly.

Ideally everybody would turn on userdb, but if people insist in not
doing so, then let's not attempt to open shadow.

It's a bit ugly to implement this, since shadow information is more than
just passwords (but accound validity metadata), and thus userdb's own
"privieleged" scheme is orthogonal to this, but let's still do this for
the client side.

Fixes: #15105
(cherry picked from commit b062ca616c778358d4da008a2950615fac74aa24)

Gbp-Pq: Name logind-avoid-shadow-lookups-when-doing-userdb-client-side.patch

userdb: when doing client-side NSS look-ups optionally avoid shadow look-ups

Gbp-Pq: Name userdb-when-doing-client-side-NSS-look-ups-optionally-avo.patch

test: verify RoutesToDNS= is independent of UseGateway=

(cherry picked from commit 06c2b0c76bf7e2756f8e9ef18765c85dee99ae14)

Gbp-Pq: Name test-verify-RoutesToDNS-is-independent-of-UseGateway.patch

network: honor SetDNSRoutes= even if UseGateway=False

(cherry picked from commit 244490f5e0a98f83190e92033fbdaa1bbcd9b000)

Gbp-Pq: Name network-honor-SetDNSRoutes-even-if-UseGateway-False.patch

test: modify/add tests for UseRoutes= and UseGateway= configuration

The last commit changed the UseGateway= default to the value of UseRoutes=
so the tests need to check for all combinations of the two parameters.

(cherry picked from commit 7c0d36ff5fc31d00e26661fd2ad45291ed0eb6f7)

Gbp-Pq: Name test-modify-add-tests-for-UseRoutes-and-UseGateway-config.patch

network: change UseGateway= default to UseRoutes= setting

Anyone previously using the UseRoutes=false parameter expected their
dhcp4-provided gateway route to be ignored, as well. However, with
the introduction of the UseGateway= parameter, this is no longer true.

In order to keep backwards compatibility, this sets the UseGateway=
default value to whatever UseRoutes= has been set to.

(cherry picked from commit 589397a27759bd650b3674029cb0ef73347c913b)

Gbp-Pq: Name network-change-UseGateway-default-to-UseRoutes-setting.patch

test-network: add a test case for DHCPv4.UseGateway=no

(cherry picked from commit 0d7bd445d26590aad7b05040c9d8423fcd6e5d4f)

Gbp-Pq: Name test-network-add-a-test-case-for-DHCPv4.UseGateway-no.patch

network: add a flag to ignore gateway provided by DHCP server

Closes #15117.

(cherry picked from commit b453122789ec4c6f39e6ceb9900e0e80a6abeb99)

Gbp-Pq: Name network-add-a-flag-to-ignore-gateway-provided-by-DHCP-ser.patch

units: make sure systemd-pstore stops at shutdown

This doesn't matter too much given that the service doesn't do anything
on shutdown, but let's still stop it to make things cleaner.

(cherry picked from commit b0c1a07654c80d3cbbbcc52f860d4206707c0b08)

Gbp-Pq: Name units-make-sure-systemd-pstore-stops-at-shutdown.patch

units: drop systemd-remount-fs.service dependency from more services

All services using StateDirectory= don't need the explicit dep anymore,
let's hence drop it everywhere.

(cherry picked from commit e0f968ad96e9a6340edced8e22089c802c2f6497)

Gbp-Pq: Name units-drop-systemd-remount-fs.service-dependency-from-mor.patch

units: drop dependency on systemd-remount-fs.service from systemd-pstore.service

This dependency is now generated automatically given we use
StateDirectory=. Moreover the combination of Wants= and After= was too
strong anyway, as whether remount-fs is pulled in or not should not be up
to systemd-pstore.service, and in fact is part of the initial
transaction anyway.

(cherry picked from commit 0c978faa16fa9ecf92f0bbb5c7cc709dc472d115)

Gbp-Pq: Name units-drop-dependency-on-systemd-remount-fs.service-from-.patch

core: automatically add dependency on systemd-remount-fs.service if StateDirectory= is used

And similar for other settings that require a writable /var/.

Rationale: if these options are used for early-boot services (such as
systemd-pstore.service) we need /var/ writable. And if /var/ is on the
root fs, then systemd-remount-fs.service is the service that ensures
that /var/ is writable.

This allows us to remove explicit deps in services such as
systemd-pstore.service.

(cherry picked from commit f3b7a79b973a28af4f7a592a8b2e199cc194218b)

Gbp-Pq: Name core-automatically-add-dependency-on-systemd-remount-fs.s.patch

units: pull in systemd-pstore.service from sysinit.target

sysinit.target is the target our early boot services are generally
pulled in from, make systemd-pstore.service not an exception of that.

Effectively this doesn't mean much, either way our unit is part of the
initial transaction.

(cherry picked from commit 167241912f51fbc0d7d0869b9af34c15b5ecc4b6)

Gbp-Pq: Name units-pull-in-systemd-pstore.service-from-sysinit.target.patch

docs: add a longer document explaining our rules on user/group names

(cherry picked from commit cafed7b32cdac13024c4093b7942a49ee8602dcf)

Gbp-Pq: Name docs-add-a-longer-document-explaining-our-rules-on-user-g.patch

pid1: by default make user units inherit their umask from the user manager

This patch changes the way user managers set the default umask for the units it
manages.

Indeed one can expect that if user manager's umask is redefined through PAM
(via /etc/login.defs or pam_umask), all its children including the units it
spawns have their umask set to the new value.

Hence make user units inherit their umask value from their parent instead of
the hard coded value 0022 but allow them to override this value via their unit
file.

Note that reexecuting managers with 'systemctl daemon-reexec' after changing
UMask= has no effect. To take effect managers need to be restarted with
'systemct restart' instead. This behavior was already present before this
patch.

Fixes #6077.

(cherry picked from commit 5e37d1930b41b24c077ce37c6db0e36c745106c7)

Gbp-Pq: Name pid1-by-default-make-user-units-inherit-their-umask-from-.patch

systemd (245.6-1) unstable; urgency=medium

  [ Michael Biebl ]
  * New upstream version 245.6
  * Rebase patches

  [ Balint Reczey ]
  * debian/tests/boot-and-services: Handle missing fstab (LP: #1877078)

[dgit import unpatched systemd 245.6-1]

Import systemd_245.6.orig.tar.gz

[dgit import orig systemd_245.6.orig.tar.gz]

Import systemd_245.6-1.debian.tar.xz

[dgit import tarball systemd 245.6-1 systemd_245.6-1.debian.tar.xz]

Merge version 245.5-2+rpi1 and 245.5-3 to produce 245.5-3+rpi1

Merge systemd (245.5-3) import into refs/heads/workingbranch