The following security and bug-fix patches are included as part of the 250.4
update:
c6603da3ad boot: Properly check status code of console_key_read
2198c08d07 core: really skip automatic restart when a JOB_STOP job is pending
367041af81 pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon
160eeab224 virt: Fix Xen Dom0 detection logic to no longer report as VM
514a4c051c network: bridge: fix endian of vlan protocol
4dbc210124 resolve: fix possible memleak
d82bd80cf4 resolve: fix potential memleak and use-after-free
dcba78244e util: another set of CVE-2021-4034 assert()s
74dfb51f70 sd-dhcp6-client: fix sending prefix delegation request during rebind
df59c65a23 mkdir: allow to create directory whose path contains symlink
ae95ca27be sd-dhcp-lease: fix memleak
2b04d3b3fc sd-dhcp-lease: fix reading unaligned memory
1ef56ad928 network: xfrm: refuse zero interface ID
7dc0f80588 sd-dhcp-lease: fix a memory leak in dhcp_lease_parse_search_domains
426807c54b sd-dhcp-lease: fix an infinite loop found by the fuzzer
0456e3aaaa oomd: fix race with path unavailability when killing cgroups
As the following two patches:
0001-mkdir-allow-to-create-directory-whose-path-contains-.patch
0001-src-fundamental-list-fundamental_source_paths-using-.patch
have been merged in 250.4 or replaced, remove them.
(From OE-Core rev: ccf7b8948f0c02e28e8a0151c48bf169d3fc36c8)
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Move the systemd shared library (libsystemd-shared.so) into its own
package to prevent a runtime dependency from udev package to systemd
package and thereby to a second init manager.
(From OE-Core rev: d1473149816674e3a3aa3f565e8b6390d2d0f1a6)
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This fix boot from NFS for systemd enabled systems. Previously
systemd-networkd dropped network configuration on exit from initrd even
if there're NFS mount.
[YOCTO #14708]
(From OE-Core rev: afb6b1625a43d64eba090f0f4c5e231d87df7833)
Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Link udev shared with systemd helper to minimize the udev package size
if DISTRO_FEATURES doesn't configure sysvinit to be used.
It is only usefull to link udev static with systemd helper if udev
should be installed without systemd such as a mixed sysvinit and systemd environment
[RP: Fixed to use sysvinit distro feature instead of systemd]
(From OE-Core rev: 061cae73e2617dff62962fac131ff62d401e500c)
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a PACKAGECONFIG to link systemd-udev and its helpers to
libsystemd-shared.so. If enabled the udev package depends on the systemd
package.
(From OE-Core rev: 2e854402a899c26e25bd0edc198b40fe45fc6c7d)
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Systemd version 250 has a regression which blocks mountd service from
creating subdirectories if path contains symlink. This blocks bind
mounts under /var/run, /lib for example.
Bug-Url: https://github.com/systemd/systemd/issues/22334
(From OE-Core rev: 10f952f4a49ee340f3404df10e9309f90e0c58ab)
Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Redo the header include patch and add fixes for new code.
(From OE-Core rev: 7e35a575ef09a85e625a81e0b4d80b020e3e3a92)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This avoids the following warning:
WARNING: .../meta/recipes-core/systemd/systemd_250.1.bb: Var
<do_install>:1: DeprecationWarning: invalid escape sequence \$
seen when doing `devtool finish --force-patch-refresh systemd meta`.
(From OE-Core rev: 427ca80eb4ea6c607b00028adcc9302e29db1368)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The systemd-journal-gateway user and group are never added to an image
since the package name added to USERADD_PACKES is wrong.
(From OE-Core rev: 495dc879b1eff4f70da6f783341b9a3085180a22)
Signed-off-by: Florian Amstutz <florian.amstutz@scs.ch>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a partial revert of commit 5ace3ada (systemd:
'${systemd_unitdir}/system' => '${systemd_system_unitdir}') where
the string '${systemd_unitdir}/system' matched something other than the
intended directory.
(From OE-Core rev: c436124eb9a98400cc6872b252971477bb451551)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a partial revert of commit 5ace3ada (systemd:
'${systemd_unitdir}/system' => '${systemd_system_unitdir}') where
the string '${systemd_unitdir}/system' matched something other than the
intended directory.
(From OE-Core rev: b3334c7134e812fe839e47a3d06aa5379b7b8bd8)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
/var/log is typically a symbolic link to inside /var/volatile, which
is expected to be empty. Check ${VOLATILE_LOG_DIR} to see if it is ok
to install /var/log.
(From OE-Core rev: 73356f6d9d3881cf8ebde91a84758b25c63432cf)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The TPM2 support is used, among other things, for unlocking encrypted
volumes.
(From OE-Core rev: 7b7dfbfaedde775add3be7a3cb44b115d8ec5036)
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If the distro does not include the group 'wheel' systemd will
complain when trying to parse ACL rules for tmpfiles.d.
systemd-tmpfiles[273]: Failed to parse ACL "d:group:adm:r-x,d:group:wheel:r-x": Invalid argument. Ignoring
Systemd has a configuration parameter to avoid using 'wheel'
group in the standard config files for tmpfiles. Add this as
a PACKAGECONFIG and enable it by default to keep default.
(From OE-Core rev: 1b5648e6aeb9837cb807ce086c26fbfaa16f6f8b)
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Repo-wide replacement to use newer variable to represent systemd
system unitdir directory.
(From OE-Core rev: 5ace3ada5c54500c71becc8e0c6eddeb8bc053e3)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If systemd is built with fdisk support[1] and the openssl and cryptsetup
PACKAGECONFIG are enabled, systemd-homed[1] is automatically enabled.
The org.freedesktop.home1.conf file was forgotten, so this commit adds
the file and make enabling homed a explicit choice.
systemd-homed.service and systemd-homed-activate.service have a Also= on
each other, so "systemctl" has been fixed to handle the circular
dependency.
userdb isn't strictly speaking needed for homed but "systemctl" can't
handle the missing unit file and upstream recommend enabling both[3].
[1] Automatically enabled if the fdisk dependency is installed which it
is as util-linux is pulled in by systemd
[2] https://www.freedesktop.org/software/systemd/man/systemd-homed.service.html
[3] 871dc8d644
(From OE-Core rev: fff339b5bd7789db5d0c024fc84490ac17fa4fe9)
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
systemd-repart[1] is useful for partitioning the disk:
"systemd-repart grows and adds partitions to a partition table, based on
the configuration files described in repart.d(5)."[1]
openssl is required by repart, so it can be enabled like so:
PACKAGECONFIG += "openssl repart"
[1] https://www.freedesktop.org/software/systemd/man/systemd-repart.html
(From OE-Core rev: a9fb51b75d4536d13734d91222bb0bc612555ae2)
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes [YOCTO #14538]
Recipes shouldn't use the "virtual/" string in RPROVIDES and RDEPENDS.
That's confusing because "virtual/" has no special meaning in
RPROVIDES and RDEPENDS (unlike in PROVIDES and DEPENDS).
Instead, using "virtual-" instead of "virtual/"
as already done in the glibc recipe.
(From OE-Core rev: 93ac180d8c389f16964bce8bd5538d9389e970e6)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The patch changes are all git rearranging chunks on rebase; there are no functional changes.
(From OE-Core rev: 88cfba0762fe3bb6f593901f9a673b373534b756)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Switch the default PACKAGECONFIG for compression feature from xz
to zstd. zstd is significantly faster than xz with only slightly
worse compression ratios. It is therefore much better suited for
activities like systemd-journald.
(From OE-Core rev: b1558bb058243f3a3de600ef5cf04bfaeac4fdeb)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
systemd supports using zstd compression for journald and core files.
Add the necessary PACKAGECONFIG to enable zstd.
(From OE-Core rev: 0e0f8b708beeb1f6add5168b92a5a6a2c8ce96cd)
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* since the upgrade to 249.1 in:
https://git.openembedded.org/openembedded-core/commit/?id=323ec445dfe22860cd450c303db5ed8fcb4e791c
the builds with ld-is-gold are failing with:
[17/21] Generating linuxx64.elf.stub with a custom command
FAILED: src/boot/efi/linuxx64.elf.stub
/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/systemd-boot/249.1-r0/recipe-sysroot-native/usr/bin/x86_64-oe-linux/x86_64-oe-linux-ld -o src/boot/efi/linuxx64.elf.stub -T /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/systemd-boot/249.1-r0/recipe-sysroot/usr/lib/elf_x86_64_efi.lds -shared -Bsymbolic -nostdlib -znocombreloc --build-id=sha1 -L /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/systemd-boot/249.1-r0/recipe-sysroot/usr/lib /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/systemd-boot/249.1-r0/recipe-sysroot/usr/lib/crt0-efi-x86_64.o src/boot/efi/string-util-fundamental.c.o src/boot/efi/disk.c.o src/boot/efi/graphics.c.o src/boot/efi/measure.c.o src/boot/efi/pe.c.o src/boot/efi/secure-boot.c.o src/boot/efi/util.c.o src/boot/efi/linux.c.o src/boot/efi/splash.c.o src/boot/efi/stub.c.o -lefi -lgnuefi /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/systemd-boot/249.1-r0/recipe-sysroot/usr/lib/../lib/x86_64-oe-linux/11.2.0/libgcc.a
/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/systemd-boot/249.1-r0/recipe-sysroot-native/usr/bin/x86_64-oe-linux/x86_64-oe-linux-ld: internal error in segment_precedes, at ../../gold/layout.cc:3721
[18/21] Generating boot.c.o with a custom command
ninja: build stopped: subcommand failed.
WARNING: exit code 1 from a shell command.
as reported in:
https://lists.openembedded.org/g/openembedded-core/message/154246
* if someone is using lld or ld.lld in ${LD} then it would fail as well:
e39288193f
* work around this by always using ld.bfd instead of whatever is set in ${LD}
* it needs to be prefixed with ${HOST_PREFIX} to match how LD is constructed:
$ bitbake-getvar -r systemd-boot LD
#
# $LD [2 operations]
# exported /OE/build/oe-core/openembedded-core/meta/conf/bitbake.conf:523
# [export] "1"
# set /OE/build/oe-core/openembedded-core/meta/conf/bitbake.conf:523
# "${HOST_PREFIX}ld${TOOLCHAIN_OPTIONS} ${HOST_LD_ARCH}"
# pre-expansion value:
# "${HOST_PREFIX}ld${TOOLCHAIN_OPTIONS} ${HOST_LD_ARCH}"
export LD="x86_64-oe-linux-ld --sysroot=/OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/systemd-boot/249.1-r0/recipe-sysroot "
$ bitbake-getvar -r systemd-boot EFI_LD
#
# $EFI_LD
# set /OE/build/oe-core/openembedded-core/meta/recipes-core/systemd/systemd-boot_249.1.bb:23
# "${HOST_PREFIX}ld.bfd"
EFI_LD="x86_64-oe-linux-ld.bfd"
otherwise first ld.bfd it will find will be from HOSTTOOLS_NONFATAL and
fail when host's binutils isn't compatible as in:
https://autobuilder.yoctoproject.org/typhoon/#/builders/104/builds/2673/steps/11/logs/stdio
FAILED: src/boot/efi/linuxx64.elf.stub
/home/pokybuild/yocto-worker/genericx86-64-alt/build/build/tmp/hosttools/ld.bfd -o src/boot/efi/linuxx64.elf.stub -T /home/pokybuild/yocto-worker/genericx86-64-alt/build/build/tmp/work/core2-64-poky-linux/systemd-boot/249.1-r0/recipe-sysroot/usr/lib/elf_x86_64_efi.lds -shared -Bsymbolic -nostdlib -znocombreloc --build-id=sha1 -L /home/pokybuild/yocto-worker/genericx86-64-alt/build/build/tmp/work/core2-64-poky-linux/systemd-boot/249.1-r0/recipe-sysroot/usr/lib /home/pokybuild/yocto-worker/genericx86-64-alt/build/build/tmp/work/core2-64-poky-linux/systemd-boot/249.1-r0/recipe-sysroot/usr/lib/crt0-efi-x86_64.o src/boot/efi/string-util-fundamental.c.o src/boot/efi/disk.c.o src/boot/efi/graphics.c.o src/boot/efi/measure.c.o src/boot/efi/pe.c.o src/boot/efi/secure-boot.c.o src/boot/efi/util.c.o src/boot/efi/linux.c.o src/boot/efi/splash.c.o src/boot/efi/stub.c.o -lefi -lgnuefi /home/pokybuild/yocto-worker/genericx86-64-alt/build/build/tmp/work/core2-64-poky-linux/systemd-boot/249.1-r0/recipe-sysroot/usr/lib/../lib/x86_64-poky-linux/11.2.0/libgcc.a
/home/pokybuild/yocto-worker/genericx86-64-alt/build/build/tmp/hosttools/ld.bfd: warning: /home/pokybuild/yocto-worker/genericx86-64-alt/build/build/tmp/work/core2-64-poky-linux/systemd-boot/249.1-r0/recipe-sysroot/usr/lib/crt0-efi-x86_64.o: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002
/home/pokybuild/yocto-worker/genericx86-64-alt/build/build/tmp/hosttools/ld.bfd: warning: /home/pokybuild/yocto-worker/genericx86-64-alt/build/build/tmp/work/core2-64-poky-linux/systemd-boot/249.1-r0/recipe-sysroot/usr/lib/crt0-efi-x86_64.o: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001
/home/pokybuild/yocto-worker/genericx86-64-alt/build/build/tmp/hosttools/ld.bfd: /home/pokybuild/yocto-worker/genericx86-64-alt/build/build/tmp/work/core2-64-poky-linux/systemd-boot/249.1-r0/recipe-sysroot/usr/lib/crt0-efi-x86_64.o: unable to initialize decompress status for section .debug_line
/home/pokybuild/yocto-worker/genericx86-64-alt/build/build/tmp/hosttools/ld.bfd: /home/pokybuild/yocto-worker/genericx86-64-alt/build/build/tmp/work/core2-64-poky-linux/systemd-boot/249.1-r0/recipe-sysroot/usr/lib/crt0-efi-x86_64.o: unable to initialize decompress status for section .debug_line
/home/pokybuild/yocto-worker/genericx86-64-alt/build/build/tmp/work/core2-64-poky-linux/systemd-boot/249.1-r0/recipe-sysroot/usr/lib/crt0-efi-x86_64.o: file not recognized: File format not recognized
(From OE-Core rev: 603e50f3db224a0e36a65decb9a98df41b9e22b3)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We need to prevent systemd-network from managing veth interface when
using platforms like k3s as they control creation and management of the
interfaces.
(From OE-Core rev: b615bb279730ce3e0c4b4098a9e43700f2f095af)
Signed-off-by: Matt Spencer <matt.spencer@arm.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When systemctl fail it would throw an exception and
dump a traceback. Lets use a more controlled workflow.
[Yocto #14395]
(From OE-Core rev: df510ae9a1494bc1be8d6673fbaa43d3f7cc8f40)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is not needed as systemd-conf only packages
standalone config files.
(From OE-Core rev: 02bebaaf927e2cf5326bcae1de10cd4a82fd9495)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop backports:
48fff0a2af3f62acd446ebec8081b039b72caad8.patch
7c5fd25119a495009ea62f79e5daec34cc464628.patch
0001-analyze-resolve-executable-path-if-it-is-relative.patch
0001-analyze-resolve-executable-path-if-it-is-relative.patch
Drop 0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch
as difficult to rebase; please resend if you feel strongly that
it is needed.
Rebase the big pile of musl patches.
(From OE-Core rev: e8dd5a36bf2f1e645fb2ff15eb3b5e97c04776e6)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
