commit systemd for openSUSE:Factory
Hello community, here is the log from the commit of package systemd for openSUSE:Factory checked in at 2015-11-02 12:54:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/systemd (Old) and /work/SRC/openSUSE:Factory/.systemd.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "systemd" Changes: -------- --- /work/SRC/openSUSE:Factory/systemd/systemd-mini.changes 2015-09-27 14:31:51.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.systemd.new/systemd-mini.changes 2015-11-02 12:54:16.000000000 +0100 @@ -1,0 +2,57 @@ +Wed Oct 21 20:18:58 UTC 2015 - dmueller@suse.com + +- enable seccomp for aarch64 (fate#318444) + +------------------------------------------------------------------- +Thu Oct 15 14:12:44 UTC 2015 - fbui@suse.com + +- Fix again UEFI for mini package + +------------------------------------------------------------------- +Thu Oct 15 09:07:51 UTC 2015 - jengelh@inai.de + +- Drop one more undesirable Obsoletes/Provides. This should have + been a Conflicts. (There was already a Conflicts, and since + Conflicts go both ways, we won't need a second one.) + +------------------------------------------------------------------- +Thu Oct 15 08:19:00 UTC 2015 - werner@suse.de + +- No UEFI for systemd-mini + +------------------------------------------------------------------- +Mon Oct 12 11:34:13 UTC 2015 - fbui@suse.com + +- Add 2 upstream patches to fix boo#949574 and bsc#932284 + 0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch + 0002-units-enable-waiting-for-unit-termination-in-certain.patch + +------------------------------------------------------------------- +Fri Oct 9 18:03:02 UTC 2015 - fbui@suse.com + +- Disable systemd-boot on aarch64 since it fails to build. + Error while compiling src/boot/efi/util.o is: + usr/include/efi/aarch64/efibind.h:2:20: fatal error: stdint.h: No such file or directory + +------------------------------------------------------------------- +Fri Oct 9 07:16:45 UTC 2015 - fbui@suse.com + +- Fix UEFI detection logic: basically we let configure.ac figure out + if UEFI is supported by the current build environment. No need to + clutter the spec file with a new conditionnal %has_efi. + +- Provide systemd-bootx64.efi (aka gummiboot) + +------------------------------------------------------------------- +Tue Oct 6 15:13:04 UTC 2015 - werner@suse.de + +- Modify patch tty-ask-password-agent-on-console.patch to reflect + the changes done for pull request 1432 + +------------------------------------------------------------------- +Thu Oct 1 15:58:32 UTC 2015 - jengelh@inai.de + +- Undo Obsoletes/Provides (from Aug 11), creates too big a cycle. +- Provide systemd-sysv-install program/link [bnc#948353] + +------------------------------------------------------------------- systemd.changes: same change New: ---- 0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch 0002-units-enable-waiting-for-unit-termination-in-certain.patch systemd-sysv-install ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ systemd-mini.spec ++++++ --- /var/tmp/diff_new_pack.NuPtFS/_old 2015-11-02 12:54:18.000000000 +0100 +++ /var/tmp/diff_new_pack.NuPtFS/_new 2015-11-02 12:54:18.000000000 +0100 @@ -29,11 +29,6 @@ %bcond_with resolved %bcond_with python %bcond_with parentpathid -%ifarch %{ix86} x86_64 aarch64 -%define has_efi 1 -%else -%define has_efi 0 -%endif %if 0%{?suse_version} > 1315 %bcond_without permission %bcond_without blkrrpart @@ -77,16 +72,21 @@ BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libpci) >= 3 BuildRequires: pkgconfig(mount) >= 2.26 -%ifarch %ix86 x86_64 x32 %arm ppc64le s390x +%ifarch aarch64 %ix86 x86_64 x32 %arm ppc64le s390x BuildRequires: pkgconfig(libseccomp) %endif +%ifarch %{ix86} x86_64 +BuildRequires: gnu-efi +%endif BuildRequires: pkgconfig(libselinux) >= 2.1.9 BuildRequires: pkgconfig(libsepol) Conflicts: sysvinit +Conflicts: otherproviders(systemd) %if 0%{?bootstrap} #!BuildIgnore: dbus-1 +Requires: this-is-only-for-build-envs Provides: systemd = %version-%release -Conflicts: otherproviders(systemd) +Conflicts: kiwi %else BuildRequires: docbook-xsl-stylesheets BuildRequires: libgcrypt-devel @@ -143,6 +143,7 @@ Source9: nss-myhostname-config Source10: macros.systemd.upstream Source11: after-local.service +Source12: systemd-sysv-install Source1065: systemd-remount-tmpfs @@ -181,6 +182,10 @@ Patch84: make-emergency.service-conflict-with-syslog.socket.patch # PATCH-FIX-SUSE 0001-add-hdflush-for-reboot-or-hddown-for-poweroff.patch Patch86: 0001-add-hdflush-for-reboot-or-hddown-for-poweroff.patch +# PATCH-FIX-UPSTREAM (boo#949574) +Patch87: 0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch +# PATCH-FIX-UPSTREAM (bsc#932284) +Patch88: 0002-units-enable-waiting-for-unit-termination-in-certain.patch # PATCH-FIX-SUSE 0001-On_s390_con3270_disable_ANSI_colour_esc.patch Patch90: 0001-On_s390_con3270_disable_ANSI_colour_esc.patch # PATCH-FIX-SUSE plymouth-quit-and-wait-for-emergency-service.patch -- Make sure that no plymouthd is locking the tty @@ -324,11 +329,8 @@ Requires: systemd-rpm-macros %if 0%{?bootstrap} Provides: systemd-devel = %version-%release -Conflicts: otherproviders(systemd-devel) -%else -Obsoletes: systemd-mini-devel -Provides: systemd-mini-devel %endif +Conflicts: otherproviders(systemd-devel) %description devel Development headers and auxiliary files for developing applications for systemd. @@ -351,9 +353,7 @@ Group: System/Libraries %if 0%{?bootstrap} Conflicts: libsystemd0 -%else -Obsoletes: libsystemd0-mini -Provides: libsystemd0-mini +Requires: this-is-only-for-build-envs %endif %description -n libsystemd0%{?mini} @@ -411,11 +411,9 @@ Requires: filesystem %if 0%{?bootstrap} Provides: udev = %version-%release -Conflicts: otherproviders(udev) -%else -Obsoletes: udev-mini -Provides: udev-mini +Conflicts: kiwi %endif +Conflicts: otherproviders(udev) %description -n udev%{?mini} Udev creates and removes device nodes in /dev for devices discovered or @@ -433,9 +431,6 @@ Group: System/Libraries %if 0%{?bootstrap} Conflicts: libudev1 -%else -Obsoletes: libudev1-mini -Provides: libudev1-mini %endif %description -n libudev%{?mini}1 @@ -449,11 +444,8 @@ Requires: libudev%{?mini}1 = %version-%release %if 0%{?bootstrap} Provides: libudev-devel = %version-%release -Conflicts: otherproviders(libudev-devel) -%else -Obsoletes: libudev-mini-devel -Provides: libudev-mini-devel %endif +Conflicts: otherproviders(libudev-devel) %description -n libudev%{?mini}-devel This package contains the development files for the library libudev, a @@ -565,6 +557,8 @@ %patch42 -p1 %patch84 -p1 %patch86 -p1 +%patch87 -p1 +%patch88 -p1 %patch90 -p1 %patch91 -p1 %patch120 -p1 @@ -700,9 +694,6 @@ --enable-selinux \ --enable-split-usr \ --disable-static \ -%if ! 0%{?has_efi} - --disable-efi \ -%endif --with-rc-local-script-path-start=/etc/init.d/boot.local \ --with-rc-local-script-path-stop=/etc/init.d/halt.local \ --with-debug-shell=/bin/bash \ @@ -726,6 +717,7 @@ %install make install DESTDIR="%buildroot" +install -pm0755 "%_sourcedir/systemd-sysv-install" "%buildroot/%_prefix/lib/systemd/" # move to %{_lib} %if ! 0%{?bootstrap} @@ -1147,6 +1139,7 @@ %{_bindir}/networkctl %endif %{_bindir}/busctl +%{_bindir}/bootctl %{_bindir}/kernel-install %{_bindir}/hostnamectl %{_bindir}/localectl @@ -1187,6 +1180,7 @@ %dir %{_prefix}/lib/systemd %dir %{_prefix}/lib/systemd/user %dir %{_prefix}/lib/systemd/system +%exclude %{_prefix}/lib/systemd/systemd-sysv* %exclude %{_prefix}/lib/systemd/system/systemd-udev*.* %exclude %{_prefix}/lib/systemd/system/udev.service %exclude %{_prefix}/lib/systemd/system/initrd-udevadm-cleanup-db.service @@ -1236,9 +1230,6 @@ %{_prefix}/lib/systemd/system-generators/systemd-cryptsetup-generator %endif %{_prefix}/lib/systemd/system-generators/systemd-dbus1-generator -%if 0%{has_efi} -%{_bindir}/bootctl -%endif %{_prefix}/lib/systemd/system-generators/systemd-debug-generator %{_prefix}/lib/systemd/system-generators/systemd-hibernate-resume-generator %if %{with sysvcompat} @@ -1255,6 +1246,13 @@ /%{_lib}/security/pam_systemd.so %config /etc/pam.d/systemd-user +%ifarch %{ix86} x86_64 +%dir %{_prefix}/lib/systemd/boot +%dir %{_prefix}/lib/systemd/boot/efi +%{_prefix}/lib/systemd/boot/efi/*.efi +%{_prefix}/lib/systemd/boot/efi/*.stub +%endif + %dir %{_libexecdir}/modules-load.d %dir %{_sysconfdir}/modules-load.d %{_libexecdir}/modules-load.d/sg.conf @@ -1443,6 +1441,8 @@ %{_mandir}/man8/telinit.8* %{_mandir}/man8/runlevel.8* %endif +%dir %_prefix/lib/systemd +%_prefix/lib/systemd/systemd-sysv-install %files -n udev%{?mini} %defattr(-,root,root) ++++++ systemd.spec ++++++ --- /var/tmp/diff_new_pack.NuPtFS/_old 2015-11-02 12:54:18.000000000 +0100 +++ /var/tmp/diff_new_pack.NuPtFS/_new 2015-11-02 12:54:18.000000000 +0100 @@ -27,11 +27,6 @@ %bcond_with resolved %bcond_with python %bcond_with parentpathid -%ifarch %{ix86} x86_64 aarch64 -%define has_efi 1 -%else -%define has_efi 0 -%endif %if 0%{?suse_version} > 1315 %bcond_without permission %bcond_without blkrrpart @@ -72,16 +67,21 @@ BuildRequires: pkgconfig(liblzma) BuildRequires: pkgconfig(libpci) >= 3 BuildRequires: pkgconfig(mount) >= 2.26 -%ifarch %ix86 x86_64 x32 %arm ppc64le s390x +%ifarch aarch64 %ix86 x86_64 x32 %arm ppc64le s390x BuildRequires: pkgconfig(libseccomp) %endif +%ifarch %{ix86} x86_64 +BuildRequires: gnu-efi +%endif BuildRequires: pkgconfig(libselinux) >= 2.1.9 BuildRequires: pkgconfig(libsepol) Conflicts: sysvinit +Conflicts: otherproviders(systemd) %if 0%{?bootstrap} #!BuildIgnore: dbus-1 +Requires: this-is-only-for-build-envs Provides: systemd = %version-%release -Conflicts: otherproviders(systemd) +Conflicts: kiwi %else BuildRequires: docbook-xsl-stylesheets BuildRequires: libgcrypt-devel @@ -138,6 +138,7 @@ Source9: nss-myhostname-config Source10: macros.systemd.upstream Source11: after-local.service +Source12: systemd-sysv-install Source1065: systemd-remount-tmpfs @@ -176,6 +177,10 @@ Patch84: make-emergency.service-conflict-with-syslog.socket.patch # PATCH-FIX-SUSE 0001-add-hdflush-for-reboot-or-hddown-for-poweroff.patch Patch86: 0001-add-hdflush-for-reboot-or-hddown-for-poweroff.patch +# PATCH-FIX-UPSTREAM (boo#949574) +Patch87: 0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch +# PATCH-FIX-UPSTREAM (bsc#932284) +Patch88: 0002-units-enable-waiting-for-unit-termination-in-certain.patch # PATCH-FIX-SUSE 0001-On_s390_con3270_disable_ANSI_colour_esc.patch Patch90: 0001-On_s390_con3270_disable_ANSI_colour_esc.patch # PATCH-FIX-SUSE plymouth-quit-and-wait-for-emergency-service.patch -- Make sure that no plymouthd is locking the tty @@ -319,11 +324,8 @@ Requires: systemd-rpm-macros %if 0%{?bootstrap} Provides: systemd-devel = %version-%release -Conflicts: otherproviders(systemd-devel) -%else -Obsoletes: systemd-mini-devel -Provides: systemd-mini-devel %endif +Conflicts: otherproviders(systemd-devel) %description devel Development headers and auxiliary files for developing applications for systemd. @@ -346,9 +348,7 @@ Group: System/Libraries %if 0%{?bootstrap} Conflicts: libsystemd0 -%else -Obsoletes: libsystemd0-mini -Provides: libsystemd0-mini +Requires: this-is-only-for-build-envs %endif %description -n libsystemd0%{?mini} @@ -406,11 +406,9 @@ Requires: filesystem %if 0%{?bootstrap} Provides: udev = %version-%release -Conflicts: otherproviders(udev) -%else -Obsoletes: udev-mini -Provides: udev-mini +Conflicts: kiwi %endif +Conflicts: otherproviders(udev) %description -n udev%{?mini} Udev creates and removes device nodes in /dev for devices discovered or @@ -428,9 +426,6 @@ Group: System/Libraries %if 0%{?bootstrap} Conflicts: libudev1 -%else -Obsoletes: libudev1-mini -Provides: libudev1-mini %endif %description -n libudev%{?mini}1 @@ -444,11 +439,8 @@ Requires: libudev%{?mini}1 = %version-%release %if 0%{?bootstrap} Provides: libudev-devel = %version-%release -Conflicts: otherproviders(libudev-devel) -%else -Obsoletes: libudev-mini-devel -Provides: libudev-mini-devel %endif +Conflicts: otherproviders(libudev-devel) %description -n libudev%{?mini}-devel This package contains the development files for the library libudev, a @@ -560,6 +552,8 @@ %patch42 -p1 %patch84 -p1 %patch86 -p1 +%patch87 -p1 +%patch88 -p1 %patch90 -p1 %patch91 -p1 %patch120 -p1 @@ -695,9 +689,6 @@ --enable-selinux \ --enable-split-usr \ --disable-static \ -%if ! 0%{?has_efi} - --disable-efi \ -%endif --with-rc-local-script-path-start=/etc/init.d/boot.local \ --with-rc-local-script-path-stop=/etc/init.d/halt.local \ --with-debug-shell=/bin/bash \ @@ -721,6 +712,7 @@ %install make install DESTDIR="%buildroot" +install -pm0755 "%_sourcedir/systemd-sysv-install" "%buildroot/%_prefix/lib/systemd/" # move to %{_lib} %if ! 0%{?bootstrap} @@ -1142,6 +1134,7 @@ %{_bindir}/networkctl %endif %{_bindir}/busctl +%{_bindir}/bootctl %{_bindir}/kernel-install %{_bindir}/hostnamectl %{_bindir}/localectl @@ -1182,6 +1175,7 @@ %dir %{_prefix}/lib/systemd %dir %{_prefix}/lib/systemd/user %dir %{_prefix}/lib/systemd/system +%exclude %{_prefix}/lib/systemd/systemd-sysv* %exclude %{_prefix}/lib/systemd/system/systemd-udev*.* %exclude %{_prefix}/lib/systemd/system/udev.service %exclude %{_prefix}/lib/systemd/system/initrd-udevadm-cleanup-db.service @@ -1231,9 +1225,6 @@ %{_prefix}/lib/systemd/system-generators/systemd-cryptsetup-generator %endif %{_prefix}/lib/systemd/system-generators/systemd-dbus1-generator -%if 0%{has_efi} -%{_bindir}/bootctl -%endif %{_prefix}/lib/systemd/system-generators/systemd-debug-generator %{_prefix}/lib/systemd/system-generators/systemd-hibernate-resume-generator %if %{with sysvcompat} @@ -1250,6 +1241,13 @@ /%{_lib}/security/pam_systemd.so %config /etc/pam.d/systemd-user +%ifarch %{ix86} x86_64 +%dir %{_prefix}/lib/systemd/boot +%dir %{_prefix}/lib/systemd/boot/efi +%{_prefix}/lib/systemd/boot/efi/*.efi +%{_prefix}/lib/systemd/boot/efi/*.stub +%endif + %dir %{_libexecdir}/modules-load.d %dir %{_sysconfdir}/modules-load.d %{_libexecdir}/modules-load.d/sg.conf @@ -1438,6 +1436,8 @@ %{_mandir}/man8/telinit.8* %{_mandir}/man8/runlevel.8* %endif +%dir %_prefix/lib/systemd +%_prefix/lib/systemd/systemd-sysv-install %files -n udev%{?mini} %defattr(-,root,root) ++++++ 0001-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch ++++++
From 6a102f90a2ee50e43998d64819e8bd4ee241c22b Mon Sep 17 00:00:00 2001 From: Franck Bui <fbui@suse.com> Date: Thu, 8 Oct 2015 19:06:06 +0200 Subject: [PATCH 1/2] Make sure the mount units pulled by 'RequiresMountsFor=' are loaded (if they exist)
We should make sure that mount units involved by 'RequiresMountsFor=' directives are really loaded if not required by any others units so that Requires= dependencies on the mount units are applied and thus the mount unit dependencies are started. (cherry picked from commit 9b3757e9c8c8d6e161481193c4ef60e425a9ae41) --- src/core/unit.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/core/unit.c b/src/core/unit.c index dd5e801..dc7bc5a 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -1141,13 +1141,23 @@ static int unit_add_mount_dependencies(Unit *u) { char prefix[strlen(*i) + 1]; PATH_FOREACH_PREFIX_MORE(prefix, *i) { + _cleanup_free_ char *p = NULL; Unit *m; - r = manager_get_unit_by_path(u->manager, prefix, ".mount", &m); + r = unit_name_from_path(prefix, ".mount", &p); if (r < 0) return r; - if (r == 0) + + m = manager_get_unit(u->manager, p); + if (!m) { + /* Make sure to load the mount unit if + * it exists. If so the dependencies + * on this unit will be added later + * during the loading of the mount + * unit. */ + (void) manager_load_unit_prepare(u->manager, p, NULL, NULL, &m); continue; + } if (m == u) continue; -- 2.6.0 ++++++ 0002-units-enable-waiting-for-unit-termination-in-certain.patch ++++++
From d7f920bfcb0296fed214d4d3a21d64de09a68521 Mon Sep 17 00:00:00 2001 From: Lennart Poettering <lennart@poettering.net> Date: Tue, 1 Sep 2015 17:25:59 +0200 Subject: [PATCH 2/2] units: enable waiting for unit termination in certain cases
The legacy cgroup hierarchy does not support reliable empty notifications in containers and if there are left-over subgroups in a cgroup. This makes it hard to correctly wait for them running empty, and thus we previously disabled this logic entirely. With this change we explicitly check for the container case, and whether the unit is a "delegation" unit (i.e. one where programs may create their own subgroups). If we are neither in a container, nor operating on a delegation unit cgroup empty notifications become reliable and thus we start waiting for the empty notifications again. This doesn't really fix the general problem around cgroup notifications but reduces the effect around it. (This also reorders #include lines by their focus, as suggsted in CODING_STYLE. We have to add "virt.h", so let's do that at the right place.) Also see #317. (cherry picked from commit e9db43d5910717a1084924c512bf85e2b8265375) --- src/core/cgroup.c | 12 ++++++++++++ src/core/cgroup.h | 2 ++ src/core/unit.c | 40 +++++++++++++++++++++++----------------- 3 files changed, 37 insertions(+), 17 deletions(-) diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 6474e08..65af351 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -1127,6 +1127,18 @@ int unit_reset_cpu_usage(Unit *u) { return 0; } +bool unit_cgroup_delegate(Unit *u) { + CGroupContext *c; + + assert(u); + + c = unit_get_cgroup_context(u); + if (!c) + return false; + + return c->delegate; +} + static const char* const cgroup_device_policy_table[_CGROUP_DEVICE_POLICY_MAX] = { [CGROUP_AUTO] = "auto", [CGROUP_CLOSED] = "closed", diff --git a/src/core/cgroup.h b/src/core/cgroup.h index 869ddae..7b38d21 100644 --- a/src/core/cgroup.h +++ b/src/core/cgroup.h @@ -130,5 +130,7 @@ int unit_get_memory_current(Unit *u, uint64_t *ret); int unit_get_cpu_usage(Unit *u, nsec_t *ret); int unit_reset_cpu_usage(Unit *u); +bool unit_cgroup_delegate(Unit *u); + const char* cgroup_device_policy_to_string(CGroupDevicePolicy i) _const_; CGroupDevicePolicy cgroup_device_policy_from_string(const char *s) _pure_; diff --git a/src/core/unit.c b/src/core/unit.c index dc7bc5a..275f567 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -28,26 +28,28 @@ #include "sd-id128.h" #include "sd-messages.h" #include "set.h" -#include "unit.h" #include "macro.h" #include "strv.h" #include "path-util.h" -#include "load-fragment.h" -#include "load-dropin.h" #include "log.h" -#include "unit-name.h" -#include "dbus-unit.h" -#include "special.h" #include "cgroup-util.h" #include "missing.h" #include "mkdir.h" #include "fileio-label.h" +#include "formats-util.h" +#include "process-util.h" +#include "virt.h" #include "bus-common-errors.h" +#include "bus-util.h" +#include "dropin.h" +#include "unit-name.h" +#include "special.h" +#include "unit.h" +#include "load-fragment.h" +#include "load-dropin.h" #include "dbus.h" +#include "dbus-unit.h" #include "execute.h" -#include "dropin.h" -#include "formats-util.h" -#include "process-util.h" const UnitVTable * const unit_vtable[_UNIT_TYPE_MAX] = { [UNIT_SERVICE] = &service_vtable, @@ -3535,14 +3537,18 @@ int unit_kill_context( } else if (r > 0) { /* FIXME: For now, we will not wait for the - * cgroup members to die, simply because - * cgroup notification is unreliable. It - * doesn't work at all in containers, and - * outside of containers it can be confused - * easily by leaving directories in the - * cgroup. */ - - /* wait_for_exit = true; */ + * cgroup members to die if we are running in + * a container or if this is a delegation + * unit, simply because cgroup notification is + * unreliable in these cases. It doesn't work + * at all in containers, and outside of + * containers it can be confused easily by + * left-over directories in the cgroup -- + * which however should not exist in + * non-delegated units. */ + + if (detect_container(NULL) == 0 && !unit_cgroup_delegate(u)) + wait_for_exit = true; if (c->send_sighup && k != KILL_KILL) { set_free(pid_set); -- 2.6.0 ++++++ systemd-sysv-install ++++++ #!/bin/sh set -e usage() { echo "Usage: $0 [--root=path] enable|disable|is-enabled <sysv script name>" >&2 exit 1 } eval set -- "$(getopt -o r: --long root: -- "$@")" while true; do case "$1" in -r|--root) ROOT="$2" shift 2 ;; --) shift ; break ;; *) usage ;; esac done NAME="$2" ROOT="${ROOT:+--root=$ROOT}" [ -n "$NAME" ] || usage case "$1" in enable) chkconfig $ROOT -a "$NAME" ;; disable) chkconfig $ROOT -r "$NAME" ;; is-enabled) chkconfig $ROOT -t "$NAME" ;; *) usage ;; esac ++++++ tty-ask-password-agent-on-console.patch ++++++ --- /var/tmp/diff_new_pack.NuPtFS/_old 2015-11-02 12:54:18.000000000 +0100 +++ /var/tmp/diff_new_pack.NuPtFS/_new 2015-11-02 12:54:18.000000000 +0100 @@ -1,6 +1,6 @@ -From 633a5904c1c4e363a7147f47e2d9fdb1925f7b9f Mon Sep 17 00:00:00 2001 +From 907bc2aa36f58c6050cd4b7b290e0992a4373e49 Mon Sep 17 00:00:00 2001 From: Werner Fink <werner@suse.de> -Date: Fri, 25 Sep 2015 14:28:58 +0200 +Date: Wed, 30 Sep 2015 15:00:41 +0200 Subject: [PATCH] Ask for passphrases not only on the first console of /dev/console @@ -9,22 +9,45 @@ used. Even rack based servers attachted to both a serial console as well as having a virtual console do sometimes miss a connected monitor. + +To be able to ask on all terminal devices of /dev/console the devices +are collected. If more than one device are found, then on each of the +terminals a inquiring task for passphrase is forked and do not return +to the caller. + +Every task has its own session and its own controlling terminal. +If one of the tasks does handle a password, the remaining tasks +will be terminated. + +Also let contradictory options on the command of +systemd-tty-ask-password-agent fail. + +Spwan for each device of the system console /dev/console a own process. + +Replace the system call wait() with with system call waitid(). --- - src/tty-ask-password-agent/tty-ask-password-agent.c | 191 ++++++++++++++++++++- - 1 file changed, 186 insertions(+), 5 deletions(-) + src/tty-ask-password-agent.c | 264 ++++++++++++++++++++- + 1 file changed, 255 insertions(+), 9 deletions(-) diff --git src/tty-ask-password-agent/tty-ask-password-agent.c src/tty-ask-password-agent/tty-ask-password-agent.c -index 82cbf95..928a5e8 100644 +index 4630eb9..df4bada 100644 --- a/src/tty-ask-password-agent/tty-ask-password-agent.c +++ b/src/tty-ask-password-agent/tty-ask-password-agent.c -@@ -31,6 +31,10 @@ +@@ -4,6 +4,7 @@ + This file is part of systemd. + + Copyright 2010 Lennart Poettering ++ Copyright 2015 Werner Fink + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by +@@ -31,6 +32,9 @@ #include <getopt.h> #include <sys/signalfd.h> #include <fcntl.h> +#include <sys/prctl.h> +#include <signal.h> +#include <sys/wait.h> -+#include <sys/mman.h> #include "util.h" #include "mkdir.h" @@ -37,7 +60,7 @@ static enum { ACTION_LIST, -@@ -53,6 +59,19 @@ static enum { +@@ -53,8 +59,21 @@ static enum { ACTION_WALL } arg_action = ACTION_QUERY; @@ -46,88 +69,101 @@ + char *tty; +}; + -+static volatile unsigned long *usemask; +static volatile sig_atomic_t sigchild; -+static void chld_handler(int sig) -+{ -+ (void)sig; ++ ++static void chld_handler(int sig) { + ++sigchild; +} + static bool arg_plymouth = false; static bool arg_console = false; ++static bool arg_device = false; ++static const char *current_dev = "/dev/console"; -@@ -210,6 +229,69 @@ static int ask_password_plymouth( + static int ask_password_plymouth( + const char *message, +@@ -211,6 +230,80 @@ static int ask_password_plymouth( return 0; } -+static void free_consoles(struct console *con, const unsigned int num) { ++static void free_consoles(struct console *con, unsigned int num) { + unsigned int n; -+ if (!con || !num) ++ ++ if (!con || num == 0) + return; ++ + for (n = 0; n < num; n++) + free(con[n].tty); ++ + free(con); +} + -+static const char *current_dev = "/dev/console"; -+static struct console* collect_consoles(unsigned int * num) { ++static int collect_consoles(struct console **consoles, unsigned int *num) { + _cleanup_free_ char *active = NULL; + const char *word, *state; + struct console *con = NULL; + size_t con_len = 0, len; ++ unsigned int count = 0; + int ret; + + assert(num); -+ assert(*num == 0); ++ assert(consoles); + + ret = read_one_line_file("/sys/class/tty/console/active", &active); + if (ret < 0) -+ return con; ++ return log_error_errno(ret, "Failed to read /sys/class/tty/console/active: %m"); ++ + FOREACH_WORD(word, len, active, state) { + _cleanup_free_ char *tty = NULL; + -+ if (strneq(word, "tty0", len) && -+ read_one_line_file("/sys/class/tty/tty0/active", &tty) >= 0) { ++ if (len == 4 && strneq(word, "tty0", 4)) { ++ ++ ret = read_one_line_file("/sys/class/tty/tty0/active", &tty); ++ if (ret < 0) ++ return log_error_errno(ret, "Failed to read /sys/class/tty/tty0/active: %m"); ++ + word = tty; + len = strlen(tty); + } -+ con = greedy_realloc((void**)&con, &con_len, 1+(*num), sizeof(struct console)); -+ if (con == NULL) { -+ log_oom(); -+ return NULL; -+ } -+ if (asprintf(&con[*num].tty, "/dev/%.*s", (int)len, word) < 0) { -+ free_consoles(con, *num); -+ log_oom(); -+ *num = 0; -+ return NULL; ++ ++ con = GREEDY_REALLOC(con, con_len, 1+count); ++ if (!con) ++ return log_oom(); ++ ++ if (asprintf(&con[count].tty, "/dev/%.*s", (int)len, word) < 0) { ++ free_consoles(con, count); ++ return log_oom(); + } -+ con[*num].pid = 0; -+ (*num)++; ++ ++ con[count].pid = 0; ++ count++; + } -+ if (con == NULL) { -+ con = greedy_realloc((void**)&con, &con_len, 1, sizeof(struct console)); -+ if (con == NULL) { -+ log_oom(); -+ return NULL; -+ } ++ ++ if (!con) { ++ con = GREEDY_REALLOC(con, con_len, 1); ++ if (!con) ++ return log_oom(); ++ + con[0].tty = strdup(current_dev); -+ if (con[0].tty == NULL) { ++ if (!con[0].tty) { + free_consoles(con, 1); -+ log_oom(); -+ return NULL; ++ return log_oom(); + } ++ + con[0].pid = 0; -+ (*num)++; ++ count++; + } -+ return con; ++ ++ *num = count; ++ *consoles = con; ++ ++ return 0; +} + static int parse_password(const char *filename, char **wall) { _cleanup_free_ char *socket_name = NULL, *message = NULL, *packet = NULL; uint64_t not_after = 0; -@@ -310,7 +392,7 @@ static int parse_password(const char *filename, char **wall) { +@@ -311,7 +404,7 @@ static int parse_password(const char *fi _cleanup_free_ char *password = NULL; if (arg_console) { @@ -136,137 +172,208 @@ if (tty_fd < 0) return tty_fd; } -@@ -614,8 +696,90 @@ static int parse_argv(int argc, char *argv[]) { +@@ -554,7 +647,7 @@ static int parse_argv(int argc, char *ar + { "watch", no_argument, NULL, ARG_WATCH }, + { "wall", no_argument, NULL, ARG_WALL }, + { "plymouth", no_argument, NULL, ARG_PLYMOUTH }, +- { "console", no_argument, NULL, ARG_CONSOLE }, ++ { "console", optional_argument, NULL, ARG_CONSOLE }, + {} + }; + +@@ -598,6 +691,10 @@ static int parse_argv(int argc, char *ar + + case ARG_CONSOLE: + arg_console = true; ++ if (optarg && *optarg) { ++ current_dev = optarg; ++ arg_device = true; ++ } + break; + + case '?': +@@ -612,9 +709,143 @@ static int parse_argv(int argc, char *ar + return -EINVAL; + } + ++ if (arg_plymouth || arg_console) { ++ ++ if (!IN_SET(arg_action, ACTION_QUERY, ACTION_WATCH)) { ++ log_error("%s conflicting options --query and --watch.", program_invocation_short_name); ++ return -EINVAL; ++ } ++ ++ if (arg_plymouth && arg_console) { ++ log_error("%s conflicting options --plymouth and --console.", program_invocation_short_name); ++ return -EINVAL; ++ } ++ } ++ return 1; } -+static unsigned int wfa_child(const struct console * con, const unsigned int id) -+{ -+ setsid(); -+ release_terminal(); -+ *usemask |= 1 << id; /* shared memory area */ -+ current_dev = con[id].tty; -+ return id; -+} -+ -+static unsigned int wait_for_answer(void) -+{ -+ struct console *consoles; ++/* ++ * To be able to ask on all terminal devices of /dev/console ++ * the devices are collected. If more than one device are found, ++ * then on each of the terminals a inquiring task is forked. ++ * Every task has its own session and its own controlling terminal. ++ * If one of the tasks does handle a password, the remaining tasks ++ * will be terminated. ++ */ ++static int ask_on_consoles(int argc, char *argv[]) { ++ struct console *consoles = NULL; + struct sigaction sig = { + .sa_handler = chld_handler, + .sa_flags = SA_NOCLDSTOP | SA_RESTART, + }; + struct sigaction oldsig; -+ sigset_t set, oldset; ++ sigset_t oldset; + unsigned int num = 0, id; -+ int status = 0, ret; -+ pid_t job; ++ siginfo_t status = {}; ++ int ret; + -+ consoles = collect_consoles(&num); -+ if (!consoles) { -+ log_error("Failed to query password: %m"); -+ exit(EXIT_FAILURE); -+ } -+ if (num < 2) -+ return wfa_child(consoles, 0); ++ ret = collect_consoles(&consoles, &num); ++ if (ret < 0) ++ return log_error_errno(ret, "Failed to query password: %m"); ++ ++ assert_se(sigprocmask_many(SIG_UNBLOCK, &oldset, SIGHUP, SIGCHLD, -1) >= 0); ++ ++ assert_se(sigemptyset(&sig.sa_mask) >= 0); ++ assert_se(sigaction(SIGCHLD, &sig, &oldsig) >= 0); + -+ assert_se(sigemptyset(&set) == 0); -+ assert_se(sigaddset(&set, SIGHUP) == 0); -+ assert_se(sigaddset(&set, SIGCHLD) == 0); -+ assert_se(sigemptyset(&sig.sa_mask) == 0); -+ assert_se(sigprocmask(SIG_UNBLOCK, &set, &oldset) == 0); -+ assert_se(sigaction(SIGCHLD, &sig, &oldsig) == 0); + sig.sa_handler = SIG_DFL; -+ assert_se(sigaction(SIGHUP, &sig, NULL) == 0); ++ assert_se(sigaction(SIGHUP, &sig, NULL) >= 0); + + for (id = 0; id < num; id++) { + consoles[id].pid = fork(); + -+ if (consoles[id].pid < 0) { -+ log_error("Failed to query password: %m"); -+ exit(EXIT_FAILURE); -+ } ++ if (consoles[id].pid < 0) ++ return log_error_errno(errno, "Failed to query password: %m"); + + if (consoles[id].pid == 0) { -+ if (prctl(PR_SET_PDEATHSIG, SIGHUP) < 0) -+ _exit(EXIT_FAILURE); ++ char *conarg; ++ int ac; ++ ++ conarg = strjoina("--console=", consoles[id].tty); ++ if (!conarg) ++ return log_oom(); ++ ++ free_consoles(consoles, num); /* not used anymore */ ++ ++ assert_se(prctl(PR_SET_PDEATHSIG, SIGHUP) >= 0); ++ + zero(sig); -+ assert_se(sigprocmask(SIG_UNBLOCK, &oldset, NULL) == 0); -+ assert_se(sigaction(SIGCHLD, &oldsig, NULL) == 0); -+ return wfa_child(consoles, id); ++ assert_se(sigprocmask(SIG_UNBLOCK, &oldset, NULL) >= 0); ++ assert_se(sigaction(SIGCHLD, &oldsig, NULL) >= 0); ++ ++ for (ac = 0; ac < argc; ac++) { ++ if (streq(argv[ac], "--console")) { ++ argv[ac] = conarg; ++ break; ++ } ++ } ++ ++ execv(SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH, argv); ++ ++ return log_error_errno(errno, "Failed to execute %s: %m", program_invocation_name); + } + } + + ret = 0; -+ while ((job = wait(&status)) != 0) { -+ if (job < 0) { -+ if (errno != EINTR) ++ while (true) { ++ ++ if ((ret = waitid(P_ALL, 0, &status, WEXITED)) < 0) { ++ ++ if (errno != EINTR) { ++ ret = -errno; ++ if (errno == ECHILD) ++ ret = EXIT_SUCCESS; + break; ++ } + continue; + } ++ + for (id = 0; id < num; id++) { -+ if (consoles[id].pid == job || kill(consoles[id].pid, 0) < 0) { -+ *usemask &= ~(1 << id); /* shared memory area */ -+ continue; -+ } -+ if (*usemask & (1 << id)) /* shared memory area */ ++ struct timespec timeout; ++ sigset_t set; ++ int signum; ++ ++ if (consoles[id].pid == status.si_pid || kill(consoles[id].pid, 0) < 0) ++ consoles[id].pid = -1; ++ ++ if (consoles[id].pid < 0) + continue; ++ + kill(consoles[id].pid, SIGHUP); -+ usleep(50000); ++ ++ assert_se(sigemptyset(&set) >= 0); ++ assert_se(sigaddset(&set, SIGCHLD) >= 0); ++ ++ timespec_store(&timeout, 50 * USEC_PER_MSEC); ++ signum = sigtimedwait(&set, NULL, &timeout); ++ ++ if (signum != SIGCHLD) { ++ ++ if (signum < 0 && errno != EAGAIN) ++ return log_error_errno(errno, "sigtimedwait() failed: %m"); ++ ++ if (signum >= 0) ++ log_warning("sigtimedwait() returned unexpected signal."); ++ } ++ + kill(consoles[id].pid, SIGKILL); + } -+ if (WIFEXITED(status) && ret == 0) -+ ret = WEXITSTATUS(status); ++ ++ if (WIFEXITED(status.si_status) && ret == 0) ++ ret = WEXITSTATUS(status.si_status); + } ++ + free_consoles(consoles, num); -+ exit(ret != 0 ? EXIT_FAILURE : EXIT_SUCCESS); /* parent */ ++ ++ return ret; +} + int main(int argc, char *argv[]) { -- int r; -+ int r, id = 0; + int r; - log_set_target(LOG_TARGET_AUTO); - log_parse_environment(); -@@ -627,11 +791,27 @@ int main(int argc, char *argv[]) { +@@ -628,15 +859,28 @@ int main(int argc, char *argv[]) { if (r <= 0) goto finish; -+ /* -+ * Use this shared memory area to be able to synchronize the -+ * workers asking for password with the main process. -+ * This allows to continue if one of the consoles had been -+ * used as afterwards the remaining asking processes will -+ * be terminated. The wait_for_terminate() does not help -+ * for this use case. -+ */ -+ usemask = mmap(NULL, sizeof(*usemask), PROT_READ | PROT_WRITE, -+ MAP_ANONYMOUS | MAP_SHARED, -1, 0); -+ assert_se(usemask != NULL); -+ - if (arg_console) { +- if (arg_console) { - setsid(); - release_terminal(); -+ if (!arg_plymouth && -+ !IN_SET(arg_action, ACTION_WALL, ACTION_LIST)) { -+ id = wait_for_answer(); -+ } else { -+ setsid(); -+ release_terminal(); ++ if (arg_console && !arg_device) ++ /* ++ * Spwan for each console device a own process ++ */ ++ r = ask_on_consoles(argc, argv); ++ else { ++ ++ if (arg_device) { ++ /* ++ * Later on a controlling terminal will be will be acquired, ++ * therefore the current process has to become a session ++ * leader and should not have a controlling terminal already. ++ */ ++ (void) setsid(); ++ (void) release_terminal(); + } ++ ++ if (IN_SET(arg_action, ACTION_WATCH, ACTION_WALL)) ++ r = watch_passwords(); ++ else ++ r = show_passwords(); } - - if (IN_SET(arg_action, ACTION_WATCH, ACTION_WALL)) - r = watch_passwords(); - else -@@ -640,6 +820,7 @@ int main(int argc, char *argv[]) { +- if (IN_SET(arg_action, ACTION_WATCH, ACTION_WALL)) +- r = watch_passwords(); +- else +- r = show_passwords(); + if (r < 0) log_error_errno(r, "Error: %m"); -+ *usemask &= ~(1 << id); /* shared memory area */ - finish: - return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; - } -- 2.2.0
participants (1)
-
root@hilbert.suse.de