build(deps): bump systemd/mkosi from 93098e2406e12ea7f06f962d4808952b8a06d345 to d13ff85610c6fb01a2fff0a8187729ebe4a05595 #166
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
This backports the same fix from 6e91653 in systemd upstream that we can't backport directly because that commit introduces a new feature.
This reverts commit 75d7b59. This commit was confirmed to have introduced a regression with LUKS, so revert it for now. systemd/systemd#23429 Conflicts: src/core/device.c
kernel's 'make install' invokes install.sh which calls /sbin/install-kernel. Thus we are invoked as e.g. /sbin/installkernel 5.18.0 arch/x86/boot/bzImage System.map /boot The last two arguments would be passed as "initrds". Before , we would just quitely ignore /boot, because it doesn't pass the 'test -f' test, and possibly try to do something with System.map. 742561e tightened the check, so we now throw an error. It seems that the correct thing is to ignore those two arguments, because our plugin syntax has no notion of System.map. And the installation directory we can figure out ourselves better. Effectively, this makes things behave like before, but less by accident. Fixes #23490. (cherry picked from commit 620ecc9)
…g root"" This reverts commit 011161d.
This should cover cases regarding devices with `OPTIONS+="db_persist"` during initrd->sysroot transition. See: * systemd/systemd#23429 * systemd/systemd#23218 * systemd/systemd#23489 * https://bugzilla.redhat.com/show_bug.cgi?id=2087225 (cherry picked from commit 1fb7f8e)
Co-Authored-By: Yu Watanabe <[email protected]> (cherry picked from commit b22d90e)
(cherry picked from commit 6b70d3c)
dm-crypt device units generated by systemd-cryptsetup-generator habe BindsTo= dependencies on their backend devices. The dm-crypt devices have the db_persist flag set, and thus survive the udev db cleanup while switching root. But backend devices usually don't survive. These devices are neither mounted nor used for swap, thus they will seen as DEVICE_NOT_FOUND after switching root. The BindsTo dependency will cause systemd to schedule a stop job for the dm-crypt device, breaking boot: [ 68.929457] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Unit is stopped because bound to inactive unit dev-disk-by\x2duuid-3bf91f73\x2d1ee8\x2d4cfc\x2d9048\x2d93ba349b786d.device. [ 68.945660] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Trying to enqueue job systemd-cryptsetup@cr_root.service/stop/replace [ 69.473459] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Installed new job systemd-cryptsetup@cr_root.service/stop as 343 Avoid this by not setting the state of the backend devices to DEVICE_DEAD. Fixes the LUKS setup issue reported in #23429. (cherry picked from commit cf1ac0c)
On switching root, a device may have a persistent databse. In that case, Device.enumerated_found may have DEVICE_FOUND_UDEV flag, and it is not necessary to downgrade the Device.deserialized_found and Device.deserialized_state. Otherwise, the state of the device unit may be changed plugged -> dead -> plugged, if the device has not been mounted. Fixes #23429. [mwilck: cherry-picked from #23437] (cherry picked from commit 4fc69e8)
shmat() requires the CAP_IPC_OWNER capability. When running test-seccomp in environments with root + CAP_SYS_ADMIN, but not CAP_IPC_OWNER, memory_deny_write_execute_shmat would fail. This fixes it. (cherry picked from commit 7e46a5c)
(cherry picked from commit 97e7d49)
(cherry picked from commit 815068d)
(cherry picked from commit 93dbc22)
Fixes #21832. (cherry picked from commit 223a359)
Fixes #23401 (cherry picked from commit 5ee38ad)
Fixes #22816. (cherry picked from commit 8f24777)
Fixes #22966. Since there are competing conventions, let's not change our code, but make the docs match what is implemented. (cherry picked from commit b72308d)
(cherry picked from commit 4e12442)
as it may take a bit longer on slower machines:
```
[ OK ] Reached target System Reboot.
Found cgroup2 on /sys/fs/cgroup/, full unified hierarchy
Failed to open watchdog device /dev/watchdog0, ignoring: No such file or directory
binfmt_misc is not mounted, not detaching entries.
Sending SIGTERM to remaining processes...
ERROR:test-shutdown:Timeout exceeded.
<pexpect.pty_spawn.spawn object at 0x7f3d4bcd20b0>
command: /systemd-meson-build/systemd-nspawn
<...snip...>
buffer (last 100 chars): 'mbinfmt_misc is not mounted, not detaching entries.\x1b[0m\r\nSending SIGTERM to remaining processes...\r\n'
before (last 100 chars): 'mbinfmt_misc is not mounted, not detaching entries.\x1b[0m\r\nSending SIGTERM to remaining processes...\r\n'
after: <class 'pexpect.exceptions.TIMEOUT'>
match: None
match_index: None
exitstatus: None
flag_eof: False
pid: 572528
child_fd: 5
closed: False
timeout: 30
delimiter: <class 'pexpect.exceptions.EOF'>
logfile: <_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>
logfile_read: None
logfile_send: None
maxread: 2000
ignorecase: False
searchwindowsize: None
delaybeforesend: 0.05
delayafterclose: 0.1
delayafterterminate: 0.1
searcher: searcher_re:
0: re.compile('H login: ')
INFO:test-shutdown:killing child pid 572528
E: nspawn failed with exit code 1
```
(cherry picked from commit 3e624bb)
Include this header to fix errors when including hwdb-internal.h:
../src/libsystemd/sd-hwdb/hwdb-internal.h:16:21: error: field ‘st’ has incomplete type
16 | struct stat st;
(cherry picked from commit 9745b51)
Fixes #23486. (cherry picked from commit 89b6a3f)
Some compiler wrappers like honggfuzz pass -fno-builtin explicitly and because of that the tests where fabs is used fail to compile with something like ``` FAILED: test-bus-marshal ... /usr/bin/ld: test-bus-marshal.p/src_libsystemd_sd-bus_test-bus-marshal.c.o: undefined reference to symbol 'fabs@@GLIBC_2.2.5' /usr/bin/ld: /usr/lib64/libm.so.6: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status ``` Fun fact: it took honggfuzz less than a minute to discover GHSA-gmc7-pqv9-966m used by systemd to compress/descompress some stuff. (cherry picked from commit f232c83)
(cherry picked from commit c60ca42)
(cherry picked from commit 2f9f8b9)
… after SIGKILL but processes still remain After sending a SIGKILL to a process, the process might disappear from `cgroup.threads` but still show up in `cgroup.procs` and still remains in the cgroup and cause migrating new processes to `Delegate=yes` cgroups to fail with `-EBUSY`. This is especially likely for heavyweight processes that consume more kernel CPU time to clean up. Fix this by only returning 0 when both `cgroup.threads` and `cgroup.procs` are empty. (cherry picked from commit 37f0289)
(cherry picked from commit a52765a)
This just adds an unused parameter for future use. No change in behaviour. (cherry picked from commit 1661833)
Fixes #23520. Replaces #23555. The problem started with cdf3706 and 90b1ec0 which together started printing the wall message in more cases. The motivation for those change was reasonable, but this clearly causes problems described in #23520: users are getting unexpected wall messages. Xterm, urxvt, (anything using libutempter?), and tmux (in some configurations), register local pty sessions in utmp. So let's try to suppress the message for local pseudo-terminal logins. This patch based on #23538, but instead of filtering just on /dev/pts, it uses the .ut_addr_v6 to only filter out local entries. (cherry picked from commit 51a2b57)
…hibernate Fixes: #23520 [zjs: I added the comment and tweaked the patch a bit. The call to reset_scheduled_shutdown() is moved down a bit to allow the callback to have access to information about the operation being cancelled. This all happens within the same function, so there should be no observable change in behaviour.] (cherry picked from commit ea74f39)
DnsPacket.ifindex=1 (loopback) is normalized to 0 whenever a message is received on the loopback iface, so for both listeners, 127.0.0.53 and 127.0.0.54, the ifindex will be set to 0 by manager_recv() for queries that have a local origin. Replies to such local messages need to set a proper ifindex in any case, as the supplied source-address would otherwise be ignored in manager_ipv4_send() (CMSG generation is skipped due to ifindex > 0 check). Note that this change only forces `ifindex` to loopback if it was actually normalized to `0` before (due to a loopback detection) in order to keep the nat-to-127.0.0.54-from-another-interface usecase that was described in a8d0906 intact. Also note that nat is not supported for the main stub 127.0.0.53 which is why forcing LOOPBACK_IFINDEX was/is fine for that case. Fixes #23495 (cherry picked from commit dfa14e2)
We use unified /usr on Endless OS, but our CI environment has a split
/usr setup, so we need to make sure /sbin and /bin are included in PATH.
Without this change the build fails with the following errors:
145/251 test-path-util FAIL 0.39 s
--- command ---
PATH='/src/_build:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' SYSTEMD_KBD_MODEL_MAP='/src/src/locale/kbd-model-map' SYSTEMD_LANGUAGE_FALLBACK_MAP='/src/src/locale/language-fallback-map' /src/_build/test-path-util
--- stdout ---
/bin/sh
/src/_build/test-path-util
/bin/sh
--- stderr ---
Found container virtualization none.
---/a/b/c/d---
---/a/b/c---
---/a/b---
---/a---
------
---/a/b/c---
---/a/b---
---/a---
------
Assertion 'fsck_exists("minix") == 1' failed at ../src/test/test-path-util.c:253, function test_fsck_exists(). Aborting.
-------
428/556 test-path-util FAIL 0.01s (killed by signal 6 SIGABRT)
--- command ---
22:00:16 SYSTEMD_LANGUAGE_FALLBACK_MAP='/usr/src/packages/BUILD/src/locale/language-fallback-map' SYSTEMD_KBD_MODEL_MAP='/usr/src/packages/BUILD/src/locale/kbd-model-map' PATH='/usr/src/packages/BUILD/build-deb:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games' /usr/src/packages/BUILD/build-deb/test-path-util
--- stderr ---
Failed to read $container of PID 1, ignoring: Permission denied
Found container virtualization none.
DEFAULT_PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
DEFAULT_USER_PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
/* test_path */
/* test_path_simplify */
/* test_path_simplify */
/* test_path_simplify */
/* test_path_simplify */
/* test_path_simplify */
/* test_path_simplify */
/* test_path_simplify */
/* test_path_simplify */
/* test_path_simplify */
/* test_path_simplify */
/* test_path_simplify */
/* test_path_simplify */
/* test_path_simplify */
/* test_path_simplify */
/* test_path_equal_root */
/* test_find_executable_full */
Assertion 'find_executable_full("sh", false, &p) == 0' failed at src/test/test-path-util.c:170, function test_find_executable_full(). Aborting.
-------
https://phabricator.endlessm.com/T21201
https://phabricator.endlessm.com/T31222
Make the kernel pipe coredump data to /bin/false by default. https://phabricator.endlessm.com/T6048
In Debian's glibc package, ld-linux-x86-64.so.2 symlinks are created in /lib64 and /usr/lib/x86_64-linux-gnu. If /lib is a symlink to usr/lib and /lib64 is a symlink to usr/lib/x86_64-linux-gnu, these links end up at the same path. In that case, dpkg may remove them both on upgrade, making the system unusable because there's no longer a /lib64/ld-linux-x86-64.so.2 linker available. I'm not sure why you would ever want /lib64 -> usr/lib/x86_64-linux-gnu, but it's definitely wrong on Endless. There should already be a /lib64 -> usr/lib64 symlink in place, but unfortunately eos-convert-system was missing support to copy that from the deployment. https://phabricator.endlessm.com/T11645
This also sets the on-disk granularity to about 1 MiB per journal file. When the maximum storage is used, journald will delete the oldest journal file and allocate a new one to continue writing. Finer granularity results in larger journal retention but more-frequent file deletion and creation. With these settings, this retains about 20k lines of messages which roughly corresponds to 40 active hours on a relatively busy system. For the purposes of classrooms, this would likely span multiple weeks. NOTE: these changes only apply to the on-disk (persistent) journal and that only gets used if /var/log/journal exists and is writable. That is not true as of this writing but will soon be true for machines with durable (non-MMC/-SD) storage. https://phabricator.endlessm.com/T21771
The boot process relies on systemd-fsck return value when verifing the root filesystem in order to continue booting. Even if the root filesystem check fails with errors that can't be automatically recovered from, we should continue booting in read-only mode (per the filesystem mount options), to give the user the opportunity to backup their data before an manual recovery can be performed. This was working previously only with our downstream commit "fsck: disable fsck emergency mode", but a change in the code flow introduced by commit 9013653 "fsck: configure logging before use and define main through macro" affected the return value and half-disabled our downstream customization. https://phabricator.endlessm.com/T27126
EOS-2.1.0 shipped with /sysroot mounted here as read-only, and "ro" in the kernel boot args, and a static /etc/machine-id in ostree for all installations. To correct the machine-id situation, machine-id has been removed from ostree. So when upgrading from EOS-2.1.0, /sysroot must be mounted rw so that machine-id can be generated early during first boot into the upgraded OS. We don't have any mechanism to fix up the boot args during the upgrade; we can't fix this in ostree because the upgrade is driven by the ostree version already shipped in EOS-2.1.0. Instead, this change makes the ro/rw parameters be ignored at the initramfs level, now we always mount sysroot rw. https://github.com/endlessm/eos-shell/issues/3171
udisk (and udiskctl) relies on ID_FS_TYPE key when detecting the fs on
the CDROM. In our current setup ID_FS_TYPE is not set and udisk is
unable to detect any filesystem on the CDROM, refusing to mount it
using udiskctl (or programmatically).
ID_FS_TYPE (among other things) is set by 'blkid' in
60-persistent-storage.rules with the rule:
KERNEL=="sr*", ENV{DISK_EJECT_REQUEST}!="?*", \
ENV{ID_CDROM_MEDIA_TRACK_COUNT_DATA}=="?*", \
ENV{ID_CDROM_MEDIA_SESSION_LAST_OFFSET}=="", \
MPORT{builtin}="blkid --noraid"
Unfortunately this rule is never matched/executed since
ID_CDROM_MEDIA_TRACK_COUNT_DATA is never set.
ID_CDROM_MEDIA_TRACK_COUNT_DATA should be set by 'cdrom_id' in
60-cdrom_id.rules but on our system 'cdrom_id /dev/sr0' fails with
-EBUSY.
The problem is that 'cdrom_id' tries to open /dev/sr0 using O_EXCL.
O_EXCL on block devices fails with EBUSY if, and only if, there's
someone else also opening the device with O_EXCL [1]. In our case this call
fails since we are already booting from /dev/sr0 keeping it already
opened with O_EXCL.
As suggested here [2] we fix this by not relying anymore on
ID_CDROM_MEDIA_TRACK_COUNT_DATA for executing 'blkid' and importing
ID_FS_*.
[1] https://lists.freedesktop.org/archives/systemd-devel/2014-September/023160.html
[2] https://bugs.freedesktop.org/show_bug.cgi?id=52474
Signed-off-by: Carlo Caione <[email protected]>
Arduino devices expose a USB modem interface for communication. We want these to be accessible by all users in the system. Ideally we would add all real users to the dialout group, but this is not straightforward on an OSTree-based system at the moment. https://phabricator.endlessm.com/T21435
ostree uses symlinks on the boot filesystem, this isn't great when that filesystem is vfat, which can't do symlinks. Since the EFI ESP must be vfat on most implementation, this makes ostree incompaible with sd-boot. To allow ostree to keep making symlinks, we make a fake symlink that's just a text file with the name of the file that would be linked to. https://phabricator.endlessm.com/T27040
We want a combination of the built in parameters from the efi image and safe parameters from the loader config. https://phabricator.endlessm.com/T27591
…ot mode If secure boot is off it could be useful to pass arbitrary parameters for debug purposes. https://phabricator.endlessm.com/T27591
We've encountered firmware that searches the boot loader for the string "Microsoft" and uses that to determine which ACPI table to deliver to the kernel. Make sure that string is present so these computers do the right thing. https://phabricator.endlessm.com/T27753
This service stores a random-seed in the ESP so it can be passed to the kernel by systemd-boot on the next boot, to seed the kernel's entropy pool. This unit is only active if a boot loader fully supporting the Boot Loader Specificiation is detected (via a LoaderFeatures EFI var), which currently is only true for Endless PAYG images, which use systemd-boot instead of GRUB. This random seed is stored in /boot/loader/random-seed, with /boot/loader being created if it does not exist. The problem here is that in our systemd-boot + OSTree setup on PAYG images we need /boot/loader to be a symbolic link pointing to either /boot/loader.1 or /boot/loader.0 (OSTree requirement) living in the ESP (systemd-boot requirement) which is FAT32 (UEFI spec) and does not support symlinks. To solve that we implemented a fake symlink as a file in /boot/loader.lnk containing the path that should be the /boot/loader target, and taught OSTree about it, giving higher precedence to the real /boot/loader in case it exists. So if systemd-boot-system-token.service creates /boot/loader, most OSTree operations break, because the entries/ directory is not found. Let's disable this service here to avoid that problem. This unit is enabled by the build system at install time instead of using the more traditional approach of having a [Install] section and using systemctl and the preset system, so we have to disable it in units/meson.build. There is also an accompanying commit in the packaging branch that removes the installation of the symbolic link in sysinit.target.wants/systemd-boot-system-token.service. https://phabricator.endlessm.com/T29475
…espace" This reverts commit af918c4. This fixes a test-mountpoint-util failure: The output from the failed tests: 354/574 test-mountpoint-util FAIL 0.64s (killed by signal 6 SIGABRT) --- command --- 18:44:42 SYSTEMD_KBD_MODEL_MAP='/build/src/src/locale/kbd-model-map' PATH='/build/src/_build:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' SYSTEMD_LANGUAGE_FALLBACK_MAP='/build/src/src/locale/language-fallback-map' /build/src/_build/test-mountpoint-util --- stderr --- Found container virtualization none. Assertion 'mount(NULL, "/", NULL, MS_PRIVATE | MS_REC, NULL) >= 0' failed at src/test/test-mountpoint-util.c:301, function main(). Aborting. ------- https://phabricator.endlessm.com/T31222
For some reason passing this through debian/rules is not working. https://phabricator.endlessm.com/T33712
This test is currently failing. https://phabricator.endlessm.com/T33712
…util This test is currently failing. https://phabricator.endlessm.com/T33712
This reverts commit 855dd91. Drop for ECS EF20EA since EOS 5+ https://phabricator.endlessm.com/T33759
Revert "[Endless] sd-boot: Work around odd behaviour in some firmware"
This reverts commit 9746125. Debian's policy is to never clean-up /var/tmp to keep consistency with the SysV init system. Flatpak creates temporary files in /var/tmp during app updates but does not remove them on error, to avoid re-downloading them on a future update attempt, and expects these files to be automatically cleaned-up by the system eventually, according to the site's policy. With this policy in place these files are never removed, wasting the user's storage space. Revert this commit back to upstream's default policy of cleaning up /tmp every 10 days and /var/tmp every 30 days. https://phabricator.endlessm.com/T23762 https://phabricator.endlessm.com/T33887
Revert "[DEB] Bring tmpfiles.d/tmp.conf in line with Debian defaults"
Note that -O0 is deliberately filtered out as we have to compile with at least -O1 due to #24202. Fixes: #24323 (cherry picked from commit 7aa4762)
meson: Fix build with --optimization=plain
If LoaderDevicePartUUID isn't set because the boot loader doesn't support it, assume that the ESP partition on the root disk is the booted ESP. This is a weaker guarantee but likely the same for the vast majority of systems. Allowing the ESP automount in this case helps break a dependency loop. Existing boot loaders can be changed to set LoaderDevicePartUUID, but they can't be delivered to existing systems if the ESP is not mounted. Upstream: systemd/systemd#26430 https://phabricator.endlessm.com/T29930
Bumps [systemd/mkosi](https://github.com/systemd/mkosi) from 93098e2406e12ea7f06f962d4808952b8a06d345 to d13ff85610c6fb01a2fff0a8187729ebe4a05595. - [Release notes](https://github.com/systemd/mkosi/releases) - [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md) - [Commits](systemd/mkosi@93098e2...d13ff85) --- updated-dependencies: - dependency-name: systemd/mkosi dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps systemd/mkosi from 93098e2406e12ea7f06f962d4808952b8a06d345 to d13ff85610c6fb01a2fff0a8187729ebe4a05595.
Changelog
Sourced from systemd/mkosi's changelog.
... (truncated)
Commits
d13ff85Drop quotes where not neededa755214Merge pull request #1363 from DaanDeMeyer/drop-chdir865abe6Remove unused xescape() function657eb17Simplify --remove-filese46bffaRemove unused parse_bytes() functionc3ec8ffRemove unnecessary prefix variable02ff991Drop split usr support from gen_kernel_images()22b2c0bBump qemu default memory to 2G95479e4Make warn() output yellow1cdaeb5Bump EFI partition size to 1024MDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)