commit
130455a4f8
@ -1,2 +1,2 @@
|
|||||||
23da9fdb9eeaef49fe1adbf42a18d9e8a99d7911 SOURCES/0243-udev-Add-id-program-and-rule-for-FIDO-security-token.patch
|
1d053d0864d90fe6d2b55a4091cd6da0f3da9083 SOURCES/0243-udev-Add-id-program-and-rule-for-FIDO-security-token.patch
|
||||||
8803baa484cbe36680463c8c5e6febeff074b8e7 SOURCES/systemd-239.tar.gz
|
8803baa484cbe36680463c8c5e6febeff074b8e7 SOURCES/systemd-239.tar.gz
|
||||||
|
@ -0,0 +1,29 @@
|
|||||||
|
From 0e66d8f81574b13402b7356bf8261739c4b8b90e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Macku <jamacku@redhat.com>
|
||||||
|
Date: Thu, 25 Apr 2024 15:00:33 +0200
|
||||||
|
Subject: [PATCH] ci: update actions/upload-artifact to `v4`
|
||||||
|
|
||||||
|
`v3` will be deprecated soon, so update to `v4`.
|
||||||
|
|
||||||
|
https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/
|
||||||
|
|
||||||
|
rhel-only
|
||||||
|
|
||||||
|
Related: RHEL-32494
|
||||||
|
---
|
||||||
|
.github/workflows/gather-metadata.yml | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/.github/workflows/gather-metadata.yml b/.github/workflows/gather-metadata.yml
|
||||||
|
index f432f41811..08ad813971 100644
|
||||||
|
--- a/.github/workflows/gather-metadata.yml
|
||||||
|
+++ b/.github/workflows/gather-metadata.yml
|
||||||
|
@@ -22,7 +22,7 @@ jobs:
|
||||||
|
uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1
|
||||||
|
|
||||||
|
- name: Upload artifact with gathered metadata
|
||||||
|
- uses: actions/upload-artifact@v3
|
||||||
|
+ uses: actions/upload-artifact@v4
|
||||||
|
with:
|
||||||
|
name: pr-metadata
|
||||||
|
path: ${{ steps.Metadata.outputs.metadata-file }}
|
@ -0,0 +1,24 @@
|
|||||||
|
From 72040693da79d7ef3d1f210866ee1f651b720247 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jan Macku <jamacku@redhat.com>
|
||||||
|
Date: Thu, 25 Apr 2024 16:31:18 +0200
|
||||||
|
Subject: [PATCH] ci: drop unused variable
|
||||||
|
|
||||||
|
rhel-only
|
||||||
|
|
||||||
|
Related: RHEL-32494
|
||||||
|
---
|
||||||
|
.github/workflows/deploy-man-pages.yml | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/.github/workflows/deploy-man-pages.yml b/.github/workflows/deploy-man-pages.yml
|
||||||
|
index 9da38a1687..c65c9b62ee 100644
|
||||||
|
--- a/.github/workflows/deploy-man-pages.yml
|
||||||
|
+++ b/.github/workflows/deploy-man-pages.yml
|
||||||
|
@@ -37,7 +37,6 @@ jobs:
|
||||||
|
|
||||||
|
- name: Install dependencies
|
||||||
|
run: |
|
||||||
|
- RELEASE="$(lsb_release -cs)"
|
||||||
|
sudo add-apt-repository -y --no-update --enable-source
|
||||||
|
sudo apt-get -y update
|
||||||
|
sudo apt-get -y build-dep systemd
|
@ -0,0 +1,30 @@
|
|||||||
|
From df87420725157953268ed099c3c97989288db1fa Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frantisek Sumsal <fsumsal@redhat.com>
|
||||||
|
Date: Wed, 13 Mar 2024 12:13:23 +0100
|
||||||
|
Subject: [PATCH] ci: reduce ASLR entropy
|
||||||
|
|
||||||
|
The latest GH Action runners started using 32-bit entropy for ASLR,
|
||||||
|
which makes it incompatible with llvm-14. This was fixed in later llvm
|
||||||
|
releases, but these aren't available on Ubuntu Jammy (22.04). Let's
|
||||||
|
reduce the ASLR entropy to 28-bit, which should make llvm happy again,
|
||||||
|
until the issue is resolved.
|
||||||
|
|
||||||
|
See: actions/runner-images#9491
|
||||||
|
---
|
||||||
|
.github/workflows/unit_tests.yml | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
|
||||||
|
index f397e8ed6e..814e17b6bf 100644
|
||||||
|
--- a/.github/workflows/unit_tests.yml
|
||||||
|
+++ b/.github/workflows/unit_tests.yml
|
||||||
|
@@ -18,6 +18,9 @@ jobs:
|
||||||
|
steps:
|
||||||
|
- name: Repository checkout
|
||||||
|
uses: actions/checkout@v1
|
||||||
|
+ # FIXME: drop once https://github.com/actions/runner-images/issues/9491 is resolved
|
||||||
|
+ - name: Reduce ASLR entropy
|
||||||
|
+ run: sudo sysctl -w vm.mmap_rnd_bits=28
|
||||||
|
- name: Install build dependencies
|
||||||
|
run: sudo -E .github/workflows/unit_tests.sh SETUP
|
||||||
|
- name: Build & test (${{ env.CENTOS_RELEASE }} / ${{ matrix.phase }})
|
@ -0,0 +1,89 @@
|
|||||||
|
From a4e0b7ab90c8bc6ecb7bd883f19e5a5834ae9058 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frantisek Sumsal <fsumsal@redhat.com>
|
||||||
|
Date: Wed, 13 Mar 2024 12:41:17 +0100
|
||||||
|
Subject: [PATCH] test: skip the symlink part of test_touch_file() in GH
|
||||||
|
Actions
|
||||||
|
|
||||||
|
Our (RHEL 8) touch_file() is not clever enough and does chmod() on a
|
||||||
|
symlink, which fails with EOPNOTSUPP on newer kernels. This is not an
|
||||||
|
issue on the RHEL 8 kernel, where doing chmod() on a symlink works
|
||||||
|
(albeit only on tmpfs) but in GH Actions we run in a container, and with
|
||||||
|
the underlying kernel doing chmod() on a symlink fails even on tmpfs:
|
||||||
|
|
||||||
|
RHEL 8:
|
||||||
|
~# mount -t tmpfs tmpfs /tmp
|
||||||
|
~# (cd /tmp; ln -s symlink dangling; ln -s /etc/os-release symlink)
|
||||||
|
~# (cd /var/tmp; ln -s symlink dangling; ln -s /etc/os-release symlink)
|
||||||
|
~# gcc -o main main.c -D_GNU_SOURCE
|
||||||
|
~# ./main /tmp/dangling
|
||||||
|
chmod(/proc/self/fd/3)=0 (0)
|
||||||
|
~# ./main /tmp/symlink
|
||||||
|
chmod(/proc/self/fd/3)=0 (0)
|
||||||
|
~# ./main /var/tmp/dangling
|
||||||
|
chmod(/proc/self/fd/3)=-1 (95)
|
||||||
|
~# ./main /var/tmp/symlink
|
||||||
|
chmod(/proc/self/fd/3)=-1 (95)
|
||||||
|
|
||||||
|
Newer kernel:
|
||||||
|
~# uname -r
|
||||||
|
6.7.4-200.fc39.x86_64
|
||||||
|
~# ./main /tmp/dangling
|
||||||
|
chmod(/proc/self/fd/3)=-1 (95)
|
||||||
|
~# ./main /tmp/symlink
|
||||||
|
chmod(/proc/self/fd/3)=-1 (95)
|
||||||
|
~# ./main /var/tmp/dangling
|
||||||
|
chmod(/proc/self/fd/3)=-1 (95)
|
||||||
|
~# ./main /var/tmp/symlink
|
||||||
|
chmod(/proc/self/fd/3)=-1 (95)
|
||||||
|
|
||||||
|
Backporting the necessary patches would be way too risky so late in the
|
||||||
|
RHEL 8 cycle, so let's just skip the offending test when running in GH
|
||||||
|
Actions. To do that we have to jump through a couple of hoops, since
|
||||||
|
RHEL 8 systemd can't detect docker. Oh well.
|
||||||
|
|
||||||
|
See: #434
|
||||||
|
|
||||||
|
RHEL-only
|
||||||
|
---
|
||||||
|
src/test/test-fs-util.c | 21 ++++++++++++---------
|
||||||
|
1 file changed, 12 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
|
||||||
|
index aa32629f62..a3428f8c0d 100644
|
||||||
|
--- a/src/test/test-fs-util.c
|
||||||
|
+++ b/src/test/test-fs-util.c
|
||||||
|
@@ -15,6 +15,7 @@
|
||||||
|
#include "stdio-util.h"
|
||||||
|
#include "string-util.h"
|
||||||
|
#include "strv.h"
|
||||||
|
+#include "tests.h"
|
||||||
|
#include "user-util.h"
|
||||||
|
#include "util.h"
|
||||||
|
#include "virt.h"
|
||||||
|
@@ -544,15 +545,17 @@ static void test_touch_file(void) {
|
||||||
|
assert_se(timespec_load(&st.st_mtim) == test_mtime);
|
||||||
|
}
|
||||||
|
|
||||||
|
- a = strjoina(p, "/lnk");
|
||||||
|
- assert_se(symlink("target", a) >= 0);
|
||||||
|
- assert_se(touch_file(a, false, test_mtime, test_uid, test_gid, 0640) >= 0);
|
||||||
|
- assert_se(lstat(a, &st) >= 0);
|
||||||
|
- assert_se(st.st_uid == test_uid);
|
||||||
|
- assert_se(st.st_gid == test_gid);
|
||||||
|
- assert_se(S_ISLNK(st.st_mode));
|
||||||
|
- assert_se((st.st_mode & 0777) == 0640);
|
||||||
|
- assert_se(timespec_load(&st.st_mtim) == test_mtime);
|
||||||
|
+ if (!streq_ptr(ci_environment(), "github-actions")) {
|
||||||
|
+ a = strjoina(p, "/lnk");
|
||||||
|
+ assert_se(symlink("target", a) >= 0);
|
||||||
|
+ assert_se(touch_file(a, false, test_mtime, test_uid, test_gid, 0640) >= 0);
|
||||||
|
+ assert_se(lstat(a, &st) >= 0);
|
||||||
|
+ assert_se(st.st_uid == test_uid);
|
||||||
|
+ assert_se(st.st_gid == test_gid);
|
||||||
|
+ assert_se(S_ISLNK(st.st_mode));
|
||||||
|
+ assert_se((st.st_mode & 0777) == 0640);
|
||||||
|
+ assert_se(timespec_load(&st.st_mtim) == test_mtime);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
static void test_unlinkat_deallocate(void) {
|
@ -0,0 +1,53 @@
|
|||||||
|
From dd794489f97baf760d03b32e4e3188b5af799436 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Sekletar <msekleta@redhat.com>
|
||||||
|
Date: Wed, 7 Sep 2022 17:37:34 +0200
|
||||||
|
Subject: [PATCH] core: add possibility to not track certain unit types
|
||||||
|
|
||||||
|
(cherry picked from commit 88e4bfa62bd2561e04a90dc009e7a3865e0878fb)
|
||||||
|
|
||||||
|
Related: RHEL-5877
|
||||||
|
---
|
||||||
|
src/core/unit.c | 18 ++++++++++++++++++
|
||||||
|
1 file changed, 18 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||||
|
index d3459dcdd0..ac960ef0c8 100644
|
||||||
|
--- a/src/core/unit.c
|
||||||
|
+++ b/src/core/unit.c
|
||||||
|
@@ -18,6 +18,7 @@
|
||||||
|
#include "dbus-unit.h"
|
||||||
|
#include "dbus.h"
|
||||||
|
#include "dropin.h"
|
||||||
|
+#include "env-util.h"
|
||||||
|
#include "escape.h"
|
||||||
|
#include "execute.h"
|
||||||
|
#include "fd-util.h"
|
||||||
|
@@ -4786,11 +4787,28 @@ int unit_setup_dynamic_creds(Unit *u) {
|
||||||
|
}
|
||||||
|
|
||||||
|
bool unit_type_supported(UnitType t) {
|
||||||
|
+ static int8_t cache[_UNIT_TYPE_MAX] = {}; /* -1: disabled, 1: enabled: 0: don't know */
|
||||||
|
+ int r;
|
||||||
|
+
|
||||||
|
if (_unlikely_(t < 0))
|
||||||
|
return false;
|
||||||
|
if (_unlikely_(t >= _UNIT_TYPE_MAX))
|
||||||
|
return false;
|
||||||
|
|
||||||
|
+ if (cache[t] == 0) {
|
||||||
|
+ char *e;
|
||||||
|
+
|
||||||
|
+ e = strjoina("SYSTEMD_SUPPORT_", unit_type_to_string(t));
|
||||||
|
+
|
||||||
|
+ r = getenv_bool(ascii_strupper(e));
|
||||||
|
+ if (r < 0 && r != -ENXIO)
|
||||||
|
+ log_debug_errno(r, "Failed to parse $%s, ignoring: %m", e);
|
||||||
|
+
|
||||||
|
+ cache[t] = r == 0 ? -1 : 1;
|
||||||
|
+ }
|
||||||
|
+ if (cache[t] < 0)
|
||||||
|
+ return false;
|
||||||
|
+
|
||||||
|
if (!unit_vtable[t]->supported)
|
||||||
|
return true;
|
||||||
|
|
@ -0,0 +1,50 @@
|
|||||||
|
From c87954f7ee7859524c60e6ca724c68b0a35e26ce Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michal Sekletar <msekleta@redhat.com>
|
||||||
|
Date: Tue, 12 Dec 2023 19:03:39 +0100
|
||||||
|
Subject: [PATCH] logind: don't setup idle session watch for lock-screen and
|
||||||
|
greeter
|
||||||
|
|
||||||
|
Reason to skip the idle session logic for these session classes is that
|
||||||
|
they are idle by default.
|
||||||
|
|
||||||
|
(cherry picked from commit 508b4786e8592e82eb4832549f74aaa54335d14c)
|
||||||
|
|
||||||
|
Resolves: RHEL-19215
|
||||||
|
---
|
||||||
|
man/logind.conf.xml | 9 +++++----
|
||||||
|
src/login/logind-session.c | 2 +-
|
||||||
|
2 files changed, 6 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/man/logind.conf.xml b/man/logind.conf.xml
|
||||||
|
index 56981c1837..6cb41b6955 100644
|
||||||
|
--- a/man/logind.conf.xml
|
||||||
|
+++ b/man/logind.conf.xml
|
||||||
|
@@ -343,10 +343,11 @@
|
||||||
|
<term><varname>StopIdleSessionSec=</varname></term>
|
||||||
|
|
||||||
|
<listitem><para>Specifies a timeout in seconds, or a time span value after which
|
||||||
|
- <filename>systemd-logind</filename> checks the idle state of all sessions. Every session that is idle for
|
||||||
|
- longer then the timeout will be stopped. Defaults to <literal>infinity</literal>
|
||||||
|
- (<filename>systemd-logind</filename> is not checking the idle state of sessions). For details about the syntax
|
||||||
|
- of time spans, see
|
||||||
|
+ <filename>systemd-logind</filename> checks the idle state of all sessions. Every session that is idle
|
||||||
|
+ for longer than the timeout will be stopped. Note that this option doesn't apply to
|
||||||
|
+ <literal>greeter</literal> or <literal>lock-screen</literal> sessions. Defaults to
|
||||||
|
+ <literal>infinity</literal> (<filename>systemd-logind</filename> is not checking the idle state
|
||||||
|
+ of sessions). For details about the syntax of time spans, see
|
||||||
|
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
|
||||||
|
</para></listitem>
|
||||||
|
</varlistentry>
|
||||||
|
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
|
||||||
|
index 4edc4b9b88..57b9696d1d 100644
|
||||||
|
--- a/src/login/logind-session.c
|
||||||
|
+++ b/src/login/logind-session.c
|
||||||
|
@@ -713,7 +713,7 @@ static int session_setup_stop_on_idle_timer(Session *s) {
|
||||||
|
|
||||||
|
assert(s);
|
||||||
|
|
||||||
|
- if (s->manager->stop_idle_session_usec == USEC_INFINITY)
|
||||||
|
+ if (s->manager->stop_idle_session_usec == USEC_INFINITY || IN_SET(s->class, SESSION_GREETER, SESSION_LOCK_SCREEN))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
r = sd_event_add_time_relative(
|
@ -0,0 +1,47 @@
|
|||||||
|
From 77a215ecaca4e927a3465ac5f502d5873ef942ef Mon Sep 17 00:00:00 2001
|
||||||
|
From: Lennart Poettering <lennart@poettering.net>
|
||||||
|
Date: Thu, 4 Jan 2024 13:40:00 +0100
|
||||||
|
Subject: [PATCH] logind: tighten for which classes of sessions we do
|
||||||
|
stop-on-idle
|
||||||
|
|
||||||
|
We only want to do this for fully set up, interactive sessions, i.e.
|
||||||
|
user and user-early, but not for any others, hence restrict the rules a
|
||||||
|
bit.
|
||||||
|
|
||||||
|
Follow-up for: 508b4786e8592e82eb4832549f74aaa54335d14c
|
||||||
|
|
||||||
|
(cherry picked from commit ad23439eae718ac3634f260be0d29e01445983a8)
|
||||||
|
|
||||||
|
Related: RHEL-19215
|
||||||
|
---
|
||||||
|
src/login/logind-session.c | 2 +-
|
||||||
|
src/login/logind-session.h | 3 +++
|
||||||
|
2 files changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
|
||||||
|
index 57b9696d1d..9ec7bd3344 100644
|
||||||
|
--- a/src/login/logind-session.c
|
||||||
|
+++ b/src/login/logind-session.c
|
||||||
|
@@ -713,7 +713,7 @@ static int session_setup_stop_on_idle_timer(Session *s) {
|
||||||
|
|
||||||
|
assert(s);
|
||||||
|
|
||||||
|
- if (s->manager->stop_idle_session_usec == USEC_INFINITY || IN_SET(s->class, SESSION_GREETER, SESSION_LOCK_SCREEN))
|
||||||
|
+ if (s->manager->stop_idle_session_usec == USEC_INFINITY || !SESSION_CLASS_CAN_STOP_ON_IDLE(s->class))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
r = sd_event_add_time_relative(
|
||||||
|
diff --git a/src/login/logind-session.h b/src/login/logind-session.h
|
||||||
|
index 0557696761..955cd7de92 100644
|
||||||
|
--- a/src/login/logind-session.h
|
||||||
|
+++ b/src/login/logind-session.h
|
||||||
|
@@ -26,6 +26,9 @@ typedef enum SessionClass {
|
||||||
|
_SESSION_CLASS_INVALID = -1
|
||||||
|
} SessionClass;
|
||||||
|
|
||||||
|
+/* Which sessions classes should be subject to stop-in-idle */
|
||||||
|
+#define SESSION_CLASS_CAN_STOP_ON_IDLE(class) (IN_SET((class), SESSION_USER))
|
||||||
|
+
|
||||||
|
typedef enum SessionType {
|
||||||
|
SESSION_UNSPECIFIED,
|
||||||
|
SESSION_TTY,
|
@ -0,0 +1,27 @@
|
|||||||
|
From 3aae10768d08007dc087306431da60f85087ae57 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Frantisek Sumsal <frantisek@sumsal.cz>
|
||||||
|
Date: Wed, 26 Jun 2024 13:16:27 +0200
|
||||||
|
Subject: [PATCH] ci: point C8S containers to the Vault
|
||||||
|
|
||||||
|
Temporarily point repos in C8S containers to the Vault (since C8S is
|
||||||
|
EOL), until we figure out a _proper_ solution.
|
||||||
|
|
||||||
|
Related: RHEL-1087
|
||||||
|
---
|
||||||
|
.github/workflows/unit_tests.sh | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
|
||||||
|
index 3859433720..7cc7da164c 100755
|
||||||
|
--- a/.github/workflows/unit_tests.sh
|
||||||
|
+++ b/.github/workflows/unit_tests.sh
|
||||||
|
@@ -138,6 +138,9 @@ for phase in "${PHASES[@]}"; do
|
||||||
|
|
||||||
|
# Beautiful workaround for Fedora's version of Docker
|
||||||
|
sleep 1
|
||||||
|
+ # FIXME?: Point C8S repos to the Vault, since C8S is EOL
|
||||||
|
+ $DOCKER_EXEC bash -xec "sed -i 's/^mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*"
|
||||||
|
+ $DOCKER_EXEC bash -xec "sed -i 's|#baseurl=http://mirror.centos.org|baseurl=https://vault.centos.org|g' /etc/yum.repos.d/CentOS-*"
|
||||||
|
$DOCKER_EXEC dnf makecache
|
||||||
|
# Install and enable EPEL
|
||||||
|
$DOCKER_EXEC dnf -q -y install epel-release dnf-utils "${ADDITIONAL_DEPS[@]}"
|
Loading…
Reference in new issue