From 1d0ab60403234906de6a7a4623f26048adae49ba Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Thu, 31 Oct 2024 21:48:17 +0300 Subject: [PATCH] import systemd-256-15.el10 --- ...e-beta-branch-to-match-dist-git-name.patch | 25 ++++ ...device-symlink-properly-on-udev-acti.patch | 41 ++++++ ...-TDX-confidential-VM-on-Azure-platfo.patch | 121 ++++++++++++++++++ ...t-split-caching-of-CVM-detection-int.patch | 76 +++++++++++ ...-virt-add-detection-for-s390x-target.patch | 90 +++++++++++++ ...ct-virt-fix-row-spanning-for-VM-head.patch | 37 ++++++ ...ect-virt-list-known-CVM-technologies.patch | 74 +++++++++++ SPECS/systemd.spec | 22 +++- 8 files changed, 483 insertions(+), 3 deletions(-) create mode 100644 SOURCES/0091-ci-rename-beta-branch-to-match-dist-git-name.patch create mode 100644 SOURCES/0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch create mode 100644 SOURCES/0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch create mode 100644 SOURCES/0094-confidential-virt-split-caching-of-CVM-detection-int.patch create mode 100644 SOURCES/0095-confidential-virt-add-detection-for-s390x-target.patch create mode 100644 SOURCES/0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch create mode 100644 SOURCES/0097-man-systemd-detect-virt-list-known-CVM-technologies.patch diff --git a/SOURCES/0091-ci-rename-beta-branch-to-match-dist-git-name.patch b/SOURCES/0091-ci-rename-beta-branch-to-match-dist-git-name.patch new file mode 100644 index 0000000..10eeca5 --- /dev/null +++ b/SOURCES/0091-ci-rename-beta-branch-to-match-dist-git-name.patch @@ -0,0 +1,25 @@ +From d6ed92f6f6bffbf98700002eeed231af3336b40e Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Thu, 5 Sep 2024 12:36:01 +0200 +Subject: [PATCH] ci: rename beta branch to match dist-git name + +rhel-only: ci + +Related: RHEL-57603 +--- + .github/tracker-validator.yml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/.github/tracker-validator.yml b/.github/tracker-validator.yml +index 2e858606ff..1226b8a92a 100644 +--- a/.github/tracker-validator.yml ++++ b/.github/tracker-validator.yml +@@ -6,7 +6,7 @@ labels: + products: + - Red Hat Enterprise Linux 10 + - CentOS Stream 10 +- - rhel-10.0.beta ++ - rhel-10.0-beta + - rhel-10.0 + - rhel-10.0.z + - rhel-10.1 diff --git a/SOURCES/0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch b/SOURCES/0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch new file mode 100644 index 0000000..3fa0ed7 --- /dev/null +++ b/SOURCES/0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch @@ -0,0 +1,41 @@ +From ab07d071227dd878a7376296ab4baaca4522e4fb Mon Sep 17 00:00:00 2001 +From: Chengen Du +Date: Mon, 12 Aug 2024 11:41:52 +0800 +Subject: [PATCH] udev: Handle PTP device symlink properly on udev action + 'change' + +PTP device symlink creation rules are currently executed only when the +udev action is 'add'. If a user reloads the rules and runs the udevadm +trigger command to reapply changes, the symlink may be deleted, which +can prevent the chronyd service from restarting properly. + +Signed-off-by: Chengen Du +(cherry picked from commit 6bd12be3fa7761f190e17efdbdbff4440da7528b) + +Resolves: RHEL-59871 +--- + rules.d/50-udev-default.rules.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in +index 9b00c7037e..6f80feeecf 100644 +--- a/rules.d/50-udev-default.rules.in ++++ b/rules.d/50-udev-default.rules.in +@@ -30,6 +30,9 @@ SUBSYSTEM=="pci|usb|platform", IMPORT{builtin}="path_id" + + SUBSYSTEM=="net", IMPORT{builtin}="net_driver" + ++SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm" ++SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv" ++ + ACTION!="add", GOTO="default_end" + + SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666" +@@ -116,7 +119,4 @@ KERNEL=="vhost-net", GROUP="kvm", MODE="{{DEV_KVM_MODE}}", OPTIONS+="static_node + + KERNEL=="udmabuf", GROUP="kvm" + +-SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm" +-SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv" +- + LABEL="default_end" diff --git a/SOURCES/0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch b/SOURCES/0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch new file mode 100644 index 0000000..a4616df --- /dev/null +++ b/SOURCES/0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch @@ -0,0 +1,121 @@ +From 1fbfcb7d98c95e80e9332770b78613a803c15c20 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Tue, 30 Jul 2024 10:51:21 +0100 +Subject: [PATCH] Fix detection of TDX confidential VM on Azure platform +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The original CVM detection logic for TDX assumes that the guest can see +the standard TDX CPUID leaf. This was true in Azure when this code was +originally written, however, current Azure now blocks that leaf in the +paravisor. Instead it is required to use the same Azure specific CPUID +leaf that is used for SEV-SNP detection, which reports the VM isolation +type. + +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit 9d7be044cad1ae54e344daf8f2ec37da46faf0fd) + +Related: RHEL-56144 +--- + src/basic/confidential-virt.c | 11 ++++++++--- + src/boot/efi/vmm.c | 9 ++++++--- + src/fundamental/confidential-virt-fundamental.h | 1 + + 3 files changed, 15 insertions(+), 6 deletions(-) + +diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c +index b6521cf5bf..8a88a3eb83 100644 +--- a/src/basic/confidential-virt.c ++++ b/src/basic/confidential-virt.c +@@ -76,7 +76,7 @@ static uint64_t msr(uint64_t index) { + return ret; + } + +-static bool detect_hyperv_sev(void) { ++static bool detect_hyperv_cvm(uint32_t isoltype) { + uint32_t eax, ebx, ecx, edx, feat; + char sig[13] = {}; + +@@ -100,7 +100,7 @@ static bool detect_hyperv_sev(void) { + ebx = ecx = edx = 0; + cpuid(&eax, &ebx, &ecx, &edx); + +- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == CPUID_HYPERV_ISOLATION_TYPE_SNP) ++ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype) + return true; + } + +@@ -133,7 +133,7 @@ static ConfidentialVirtualization detect_sev(void) { + if (!(eax & EAX_SEV)) { + log_debug("No sev in CPUID, trying hyperv CPUID"); + +- if (detect_hyperv_sev()) ++ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_SNP)) + return CONFIDENTIAL_VIRTUALIZATION_SEV_SNP; + + log_debug("No hyperv CPUID"); +@@ -171,6 +171,11 @@ static ConfidentialVirtualization detect_tdx(void) { + if (memcmp(sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0) + return CONFIDENTIAL_VIRTUALIZATION_TDX; + ++ log_debug("No tdx in CPUID, trying hyperv CPUID"); ++ ++ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_TDX)) ++ return CONFIDENTIAL_VIRTUALIZATION_TDX; ++ + return CONFIDENTIAL_VIRTUALIZATION_NONE; + } + +diff --git a/src/boot/efi/vmm.c b/src/boot/efi/vmm.c +index 60e216d54c..3459461390 100644 +--- a/src/boot/efi/vmm.c ++++ b/src/boot/efi/vmm.c +@@ -337,7 +337,7 @@ static uint64_t msr(uint32_t index) { + return val; + } + +-static bool detect_hyperv_sev(void) { ++static bool detect_hyperv_cvm(uint32_t isoltype) { + uint32_t eax, ebx, ecx, edx, feat; + char sig[13] = {}; + +@@ -354,7 +354,7 @@ static bool detect_hyperv_sev(void) { + if (ebx & CPUID_HYPERV_ISOLATION && !(ebx & CPUID_HYPERV_CPU_MANAGEMENT)) { + __cpuid(CPUID_HYPERV_ISOLATION_CONFIG, eax, ebx, ecx, edx); + +- if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == CPUID_HYPERV_ISOLATION_TYPE_SNP) ++ if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype) + return true; + } + +@@ -379,7 +379,7 @@ static bool detect_sev(void) { + * specific CPUID checks. + */ + if (!(eax & EAX_SEV)) +- return detect_hyperv_sev(); ++ return detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_SNP); + + msrval = msr(MSR_AMD64_SEV); + +@@ -403,6 +403,9 @@ static bool detect_tdx(void) { + if (memcmp(sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0) + return true; + ++ if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_TDX)) ++ return true; ++ + return false; + } + #endif /* ! __i386__ && ! __x86_64__ */ +diff --git a/src/fundamental/confidential-virt-fundamental.h b/src/fundamental/confidential-virt-fundamental.h +index 986923e1c2..618b5800ea 100644 +--- a/src/fundamental/confidential-virt-fundamental.h ++++ b/src/fundamental/confidential-virt-fundamental.h +@@ -65,6 +65,7 @@ + + #define CPUID_HYPERV_ISOLATION_TYPE_MASK UINT32_C(0xf) + #define CPUID_HYPERV_ISOLATION_TYPE_SNP 2 ++#define CPUID_HYPERV_ISOLATION_TYPE_TDX 3 + + #define EAX_SEV (UINT32_C(1) << 1) + #define MSR_SEV (UINT64_C(1) << 0) diff --git a/SOURCES/0094-confidential-virt-split-caching-of-CVM-detection-int.patch b/SOURCES/0094-confidential-virt-split-caching-of-CVM-detection-int.patch new file mode 100644 index 0000000..7dafb36 --- /dev/null +++ b/SOURCES/0094-confidential-virt-split-caching-of-CVM-detection-int.patch @@ -0,0 +1,76 @@ +From d697ad145aa564aff3ac5cb9b6a63667ce2b391c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Fri, 2 Aug 2024 16:26:00 +0100 +Subject: [PATCH] confidential-virt: split caching of CVM detection into + separate method +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We have different impls of detect_confidential_virtualization per +architecture. The detection is cached in the x86_64 impl, and as we +add support for more targets, we want to use caching for all. It thus +makes sense to split caching out into an architecture independent +method. + +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit 1c4bd7adcc281af2a2dd40867f64f2ac54a43c7a) + +Related: RHEL-56144 +--- + src/basic/confidential-virt.c | 25 ++++++++++++++----------- + 1 file changed, 14 insertions(+), 11 deletions(-) + +diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c +index 8a88a3eb83..0e05ecffbf 100644 +--- a/src/basic/confidential-virt.c ++++ b/src/basic/confidential-virt.c +@@ -194,34 +194,37 @@ static bool detect_hypervisor(void) { + return is_hv; + } + +-ConfidentialVirtualization detect_confidential_virtualization(void) { +- static thread_local ConfidentialVirtualization cached_found = _CONFIDENTIAL_VIRTUALIZATION_INVALID; ++static ConfidentialVirtualization detect_confidential_virtualization_impl(void) { + char sig[13] = {}; +- ConfidentialVirtualization cv = CONFIDENTIAL_VIRTUALIZATION_NONE; +- +- if (cached_found >= 0) +- return cached_found; + + /* Skip everything on bare metal */ + if (detect_hypervisor()) { + cpuid_leaf(0, sig, true); + + if (memcmp(sig, CPUID_SIG_AMD, sizeof(sig)) == 0) +- cv = detect_sev(); ++ return detect_sev(); + else if (memcmp(sig, CPUID_SIG_INTEL, sizeof(sig)) == 0) +- cv = detect_tdx(); ++ return detect_tdx(); + } + +- cached_found = cv; +- return cv; ++ return CONFIDENTIAL_VIRTUALIZATION_NONE; + } + #else /* ! x86_64 */ +-ConfidentialVirtualization detect_confidential_virtualization(void) { ++static ConfidentialVirtualization detect_confidential_virtualization_impl(void) { + log_debug("No confidential virtualization detection on this architecture"); + return CONFIDENTIAL_VIRTUALIZATION_NONE; + } + #endif /* ! x86_64 */ + ++ConfidentialVirtualization detect_confidential_virtualization(void) { ++ static thread_local ConfidentialVirtualization cached_found = _CONFIDENTIAL_VIRTUALIZATION_INVALID; ++ ++ if (cached_found == _CONFIDENTIAL_VIRTUALIZATION_INVALID) ++ cached_found = detect_confidential_virtualization_impl(); ++ ++ return cached_found; ++} ++ + static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = { + [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none", + [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev", diff --git a/SOURCES/0095-confidential-virt-add-detection-for-s390x-target.patch b/SOURCES/0095-confidential-virt-add-detection-for-s390x-target.patch new file mode 100644 index 0000000..bd6a577 --- /dev/null +++ b/SOURCES/0095-confidential-virt-add-detection-for-s390x-target.patch @@ -0,0 +1,90 @@ +From a9da2854f199bb3729b29ea4175858067313659e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Fri, 2 Aug 2024 11:03:10 +0100 +Subject: [PATCH] confidential-virt: add detection for s390x target +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The s390x platform provides confidential VMs using the "Secure Execution" +technology, which is also referred to as "Protected Virtualization" or +just "prot virt" in Linux / QEMU. + +This can be detected through a simple sysfs attribute. + +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit 6c35e0a51cc6a852ce239ea46cd75c133212a68e) + +Resolves: RHEL-56144 +--- + src/basic/confidential-virt.c | 30 +++++++++++++++++++++++++----- + src/basic/confidential-virt.h | 1 + + 2 files changed, 26 insertions(+), 5 deletions(-) + +diff --git a/src/basic/confidential-virt.c b/src/basic/confidential-virt.c +index 0e05ecffbf..c246636c7c 100644 +--- a/src/basic/confidential-virt.c ++++ b/src/basic/confidential-virt.c +@@ -11,6 +11,7 @@ + #include "confidential-virt-fundamental.h" + #include "confidential-virt.h" + #include "fd-util.h" ++#include "fileio.h" + #include "missing_threads.h" + #include "string-table.h" + #include "utf8.h" +@@ -209,6 +210,24 @@ static ConfidentialVirtualization detect_confidential_virtualization_impl(void) + + return CONFIDENTIAL_VIRTUALIZATION_NONE; + } ++#elif defined(__s390x__) ++static ConfidentialVirtualization detect_confidential_virtualization_impl(void) { ++ _cleanup_free_ char *s = NULL; ++ size_t readsize; ++ int r; ++ ++ r = read_full_virtual_file("/sys/firmware/uv/prot_virt_guest", &s, &readsize); ++ if (r < 0) { ++ log_debug_errno(r, "Unable to read /sys/firmware/uv/prot_virt_guest: %m"); ++ return CONFIDENTIAL_VIRTUALIZATION_NONE; ++ } ++ ++ if (readsize >= 1 && s[0] == '1') ++ return CONFIDENTIAL_VIRTUALIZATION_PROTVIRT; ++ ++ return CONFIDENTIAL_VIRTUALIZATION_NONE; ++} ++ + #else /* ! x86_64 */ + static ConfidentialVirtualization detect_confidential_virtualization_impl(void) { + log_debug("No confidential virtualization detection on this architecture"); +@@ -226,11 +245,12 @@ ConfidentialVirtualization detect_confidential_virtualization(void) { + } + + static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = { +- [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none", +- [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev", +- [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es", +- [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp", +- [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx", ++ [CONFIDENTIAL_VIRTUALIZATION_NONE] = "none", ++ [CONFIDENTIAL_VIRTUALIZATION_SEV] = "sev", ++ [CONFIDENTIAL_VIRTUALIZATION_SEV_ES] = "sev-es", ++ [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp", ++ [CONFIDENTIAL_VIRTUALIZATION_TDX] = "tdx", ++ [CONFIDENTIAL_VIRTUALIZATION_PROTVIRT] = "protvirt", + }; + + DEFINE_STRING_TABLE_LOOKUP(confidential_virtualization, ConfidentialVirtualization); +diff --git a/src/basic/confidential-virt.h b/src/basic/confidential-virt.h +index c02f3b2321..f92e3e883d 100644 +--- a/src/basic/confidential-virt.h ++++ b/src/basic/confidential-virt.h +@@ -13,6 +13,7 @@ typedef enum ConfidentialVirtualization { + CONFIDENTIAL_VIRTUALIZATION_SEV_ES, + CONFIDENTIAL_VIRTUALIZATION_SEV_SNP, + CONFIDENTIAL_VIRTUALIZATION_TDX, ++ CONFIDENTIAL_VIRTUALIZATION_PROTVIRT, + + _CONFIDENTIAL_VIRTUALIZATION_MAX, + _CONFIDENTIAL_VIRTUALIZATION_INVALID = -EINVAL, diff --git a/SOURCES/0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch b/SOURCES/0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch new file mode 100644 index 0000000..06fdc49 --- /dev/null +++ b/SOURCES/0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch @@ -0,0 +1,37 @@ +From 776706c0b675a52ea83d1790e3598253592dd6a6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Fri, 2 Aug 2024 13:07:13 +0100 +Subject: [PATCH] man/systemd-detect-virt: fix row spanning for VM header +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This fixes + + commit 9b0688f491674b53ef7a52bdf561a430c53673d6 + Author: Yu Watanabe + Date: Tue Jan 9 10:52:49 2024 +0900 + + virt: add Google Compute Engine support + +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit 9ffdfc67c6aedcb66c2b18c2c61bc32e585e6d6e) + +Related: RHEL-56144 +--- + man/systemd-detect-virt.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml +index 2239294145..6b49e3a519 100644 +--- a/man/systemd-detect-virt.xml ++++ b/man/systemd-detect-virt.xml +@@ -62,7 +62,7 @@ + + + +- VM ++ VM + qemu + QEMU software virtualization, without KVM + diff --git a/SOURCES/0097-man-systemd-detect-virt-list-known-CVM-technologies.patch b/SOURCES/0097-man-systemd-detect-virt-list-known-CVM-technologies.patch new file mode 100644 index 0000000..092c06e --- /dev/null +++ b/SOURCES/0097-man-systemd-detect-virt-list-known-CVM-technologies.patch @@ -0,0 +1,74 @@ +From 390217689905f0e12f080ddf8bd4fdefefcd38df Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Fri, 2 Aug 2024 13:17:56 +0100 +Subject: [PATCH] man/systemd-detect-virt: list known CVM technologies +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add a section which lists the known confidential virtual machine +technologies. + +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit a8fb5d21fd6127a6d05757c793cc9ba47f65c893) + +Related: RHEL-56144 +--- + man/systemd-detect-virt.xml | 44 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 44 insertions(+) + +diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml +index 6b49e3a519..a4fcdfbc9d 100644 +--- a/man/systemd-detect-virt.xml ++++ b/man/systemd-detect-virt.xml +@@ -217,6 +217,50 @@ + WSL is categorized as a container for practical purposes. + Multiple WSL environments share the same kernel and services + should generally behave like when being run in a container. ++ ++ When executed with , instead of ++ printing the virtualization technology, it will display the ++ confidential virtual machine technology, if any. The ++ following technologies are currently identified: ++ ++ ++ Known confidential virtualization technologies ++ ++ ++ ++ ++ ++ Arch ++ ID ++ Technology ++ ++ ++ ++ ++ x86_64 ++ sev ++ AMD Secure Encrypted Virtualization ++ ++ ++ sev-es ++ AMD Secure Encrypted Virtualization - Encrypted State ++ ++ ++ sev-snp ++ AMD Secure Encrypted Virtualization - Secure Nested Paging ++ ++ ++ tdx ++ Intel Trust Domain Extensions ++ ++ ++ s390x ++ protvirt ++ IBM Protected Virtualization (Secure Execution) ++ ++ ++ ++
+ + + diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec index 8f8fea9..dc98737 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec @@ -48,7 +48,7 @@ Url: https://systemd.io # Allow users to specify the version and release when building the rpm by # setting the %%version_override and %%release_override macros. Version: %{?version_override}%{!?version_override:256} -Release: 14%{?dist} +Release: 15%{?dist} %global stable %(c="%version"; [ "$c" = "${c#*.*}" ]; echo $?) @@ -196,6 +196,13 @@ Patch0087: 0087-net-naming-scheme-disable-NAMING_FIRMWARE_NODE_SUN.patch Patch0088: 0088-net-naming-scheme-remove-NAMING_FIRMWARE_NODE_SUN-fr.patch Patch0089: 0089-Revert-cgroup-util-Don-t-try-to-open-pidfd-for-kerne.patch Patch0090: 0090-ukify-Skip-test-on-architectures-without-UEFI.patch +Patch0091: 0091-ci-rename-beta-branch-to-match-dist-git-name.patch +Patch0092: 0092-udev-Handle-PTP-device-symlink-properly-on-udev-acti.patch +Patch0093: 0093-Fix-detection-of-TDX-confidential-VM-on-Azure-platfo.patch +Patch0094: 0094-confidential-virt-split-caching-of-CVM-detection-int.patch +Patch0095: 0095-confidential-virt-add-detection-for-s390x-target.patch +Patch0096: 0096-man-systemd-detect-virt-fix-row-spanning-for-VM-head.patch +Patch0097: 0097-man-systemd-detect-virt-list-known-CVM-technologies.patch # Downstream-only patches (9000–9999) @@ -582,7 +589,7 @@ License: LGPL-2.1-or-later %description container Systemd tools to spawn and manage containers and virtual machines. -This package contains systemd-nspawn, systemd-vmspawn, machinectl, +This package contains systemd-nspawn, machinectl, systemd-machined, and systemd-importd. %package journal-remote @@ -1125,9 +1132,18 @@ rm -f .file-list-* rm -f %{name}.lang %changelog -* Fri Oct 25 2024 MSVSphere Packaging Team - 256-14 +* Fri Oct 25 2024 MSVSphere Packaging Team - 256-15 - Rebuilt for MSVSphere 10 +* Tue Oct 15 2024 systemd maintenance team - 256-15 +- ci: rename beta branch to match dist-git name (RHEL-57603) +- udev: Handle PTP device symlink properly on udev action 'change' (RHEL-59871) +- Fix detection of TDX confidential VM on Azure platform (RHEL-56144) +- confidential-virt: split caching of CVM detection into separate method (RHEL-56144) +- confidential-virt: add detection for s390x target (RHEL-56144) +- man/systemd-detect-virt: fix row spanning for VM header (RHEL-56144) +- man/systemd-detect-virt: list known CVM technologies (RHEL-56144) + * Fri Aug 30 2024 systemd maintenance team - 256-14 - Revert "cgroup-util: Don't try to open pidfd for kernel threads" (RHEL-52634) - ukify: Skip test on architectures without UEFI (RHEL-52634)