Fixups to the unit enablement logic#22649
Merged
keszybz merged 43 commits intosystemd:mainfrom Mar 29, 2022
Merged
Conversation
Member
|
I think it is better to add more test cases for the fixed issues. |
|
This pull request introduces 1 alert when merging 5a20a98 into 3a0692e - view on LGTM.com new alerts:
|
poettering
reviewed
Mar 4, 2022
poettering
reviewed
Mar 4, 2022
poettering
reviewed
Mar 4, 2022
poettering
reviewed
Mar 4, 2022
poettering
reviewed
Mar 4, 2022
5a20a98 to
c6e2024
Compare
c6e2024 to
d794487
Compare
Member
|
holy patchset, Batman |
|
This pull request introduces 1 alert when merging d794487 into 63a185d - view on LGTM.com new alerts:
|
Member
Author
So that looks at least partially unrelated, but |
Member
Author
|
Yeah, so this would need to be adjusted. But let's see if we actually want to do this before changing the tests there. |
Member
|
I cherry-picked a bunch of the initial commits into git main, since they should be riskless and make sense on their own. Please rebase |
poettering
reviewed
Mar 18, 2022
poettering
reviewed
Mar 18, 2022
poettering
reviewed
Mar 18, 2022
poettering
reviewed
Mar 18, 2022
poettering
reviewed
Mar 18, 2022
poettering
reviewed
Mar 18, 2022
poettering
reviewed
Mar 18, 2022
| _cleanup_(lookup_paths_free) LookupPaths lp = {}; | ||
| _cleanup_(install_context_done) InstallContext c = {}; | ||
| UnitFileInstallInfo *i, *target_info; | ||
| _cleanup_(install_context_done) InstallContext ctx = { .scope = scope }; |
Member
There was a problem hiding this comment.
why not add line breaks after the { and before the }?
Member
Author
There was a problem hiding this comment.
I think that as long as only one field is initialized, it's OK to do it in one line. But I don't feel very strongly about this, I can change it if you think it looks better.
poettering
reviewed
Mar 18, 2022
poettering
reviewed
Mar 18, 2022
I was considering deduplicating the list of target units in WantedBy/RequiredBy. But to do this meaningfully, we'd need to do alias expansion first, i.e. after the initial parsing is done. This seems to be more trouble than it would be worth. Instead, I added tests that we're doing the right thing and creating symlinks as expected. For duplicate links, we create the link, and on the second time we see that the link is already there, so the output is correct.
When chase_symlinks() fails, we'd get the generic error: Failed to disable: Permission denied. Let's at least add the failure to changes list, so the user gets a slightly better message. Ideally, we'd say where exactly the permission failure occured, but chase_symlinks() is a library level function and I don't think we should add logging there. The output looks like this now: Failed to resolve symlink "/tmp/systemctl-test.1r7Roj/etc/systemd/system/link5alias2.service": Permission denied Failed to resolve symlink "/tmp/systemctl-test.1r7Roj/etc/systemd/system/link5alias.service": Permission denied Failed to disable unit, file /tmp/systemctl-test.1r7Roj/etc/systemd/system/link5alias2.service: Permission denied. Failed to disable unit, file /tmp/systemctl-test.1r7Roj/etc/systemd/system/link5alias.service: Permission denied.
I linked a file as root, so I had a symlink /root/test.service ← /etc/systemd/system/test.service. To my surpise, when running test-systemctl-enable, it failed with a cryptic EACCES. The previous commit made the logs a bit better. Strace shows that we were trying to follow the symlink without taking --root into account. It seems that this bug was introduced in 66a19d8: before it, we'd do readlink_malloc(), which returned a path relative to root. But we only used that path for checking if the path is in remove_symlinks_to set, which contains relative paths. So if the path was relative, we'd get a false-negative answer, but we didn't go outside of the root. (We need to canonicalize the symlink to get a consistent answer.) But after 66a19 we use chase_symlinks(), without taking root into account which is completely bogus.
Current behaviour is wrong, but it cannot be shown in this test, because we don't have a running systemd instance here.
We use the symlink source name and destination names to decide whether to remove the symlink. But if the source name is enough to decide to remove the symlink, we'd still look up the destination for no good reason. This is a slow operation, let's skip it.
…/foo@one.service So far 'systemctl enable' would create absolute links to the target template name. And we would remove such symlinks just fine. But the user may create symlinks manually in a different form. In particular, symlinks for instanced units *must* have the instance in the source name, and then it is natural to also include it in the target name (.wants/foo@one.service → ../foo@one.service rather than .wants/foo@one.service → ../foo@.service). We would choke on such links, or not remove them at all. A test is added: before: + build-rawhide/systemctl --root=/tmp/systemctl-test.001xda disable templ1@.service Removed "/tmp/systemctl-test.001xda/etc/systemd/system/services.target.wants/templ1@seven.service". Removed "/tmp/systemctl-test.001xda/etc/systemd/system/services.target.wants/templ1@six.service". Removed "/tmp/systemctl-test.001xda/etc/systemd/system/services.target.wants/templ1@five.service". Removed "/tmp/systemctl-test.001xda/etc/systemd/system/services.target.wants/templ1@four.service". Removed "/tmp/systemctl-test.001xda/etc/systemd/system/services.target.wants/templ1@three.service". Failed to disable unit, refusing to operate on linked unit file /tmp/systemctl-test.001xda/etc/systemd/system/services.target.wants/templ1@two.service. Failed to disable unit, refusing to operate on linked unit file /tmp/systemctl-test.001xda/etc/systemd/system/services.target.wants/templ1@two.service. after: + build-rawhide/systemctl --root=/tmp/systemctl-test.QVP0ev disable templ1@.service Removed "/tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@seven.service". Removed "/tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@six.service". Removed "/tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@five.service". Removed "/tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@four.service". Removed "/tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@three.service". Removed "/tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@two.service". Removed "/tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@one.service". + test '!' -h /tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@one.service + test '!' -h /tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@two.service + test '!' -h /tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@three.service + test '!' -h /tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@four.service + test '!' -h /tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@five.service + test '!' -h /tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@six.service + test '!' -h /tmp/systemctl-test.QVP0ev/etc/systemd/system/services.target.wants/templ1@seven.service
This is a fairly noticable change, but I think it needs to be done. So far we'd create an absolute symlink to the target unit file: .wants/foo.service → /usr/lib/systemd/system/foo.service or alias.service → /etc/systemd/system/aliased.service. This works reasonably well, except in one case: where the unit file is linked. When we look at a file link, the name of the physical file isn't used, and we only take the account the symlink source name. (In fact, the destination filename may not even be a well-formed unit name, so we couldn't use it, even if we wanted to.) But this means that if a file is linked, and specifies aliases, we'd create absolute links for those aliases, and systemd would consider each "alias" to be a separate unit. This isn't checked by the tests here, because we don't have a running systemd instance, but it is easy enough to check manually. The most reasonable way to fix this is to create relative links to the unit file: .wants/foo.service → ../foo.service alias.service → aliased.service. I opted to use no prefix for aliases, both normal and 'default.target', and to add "../" for .wants/ and .requires/. Note that the link that is created doesn't necessarily point to the file. E.g. if we're enabling a file under /usr/lib/systemd/system, and create a symlink in /etc/systemd/system, it'll still be "../foo.service", not "../../usr/lib/systemd/system/foo.service". For our unit loading logic this doesn't matter, and figuring out a path that actually leads somewhere would be more work. Since the user is allowed to move the unit file, or add a new unit file in a different location, and we don't actually follow the symlink, I think it's OK to create a dangling symlink. The prefix of "../" is useful to give a hint that the link points to files that are conceptually "one level up" in the directory hierarchy. With the relative symlinks, systemd knows that those are aliases. The tests are adjusted to use the new forms. There were a few tests that weren't really testing something useful: 'test -e x' fails if 'x' is a a dangling symlink. Absolute links in the chroot would be dangling, even though the target existed in the expected path, but become non-dangling when made relative and the test fails. This should be described in NEWS, but I'm not adding that here, because it'd likely result in conflicts.
… symlink target We'd say that file is enabled indirectly if we had a symlink like: foo@.service ← bar.target.wants/foo@one.service but not when we had foo@one.service ← bar.target.wants/foo@one.service The effect of both link types is the same. In fact we don't care about the symlink target. (We'll warn if it is mismatched, but we honour it anyway.) So let's use the original match logic only for aliases. For .wants/.requires we instead look for a matching source name, or a source name that matches after stripping of instance.
…printf() All callers were just passing info + info->root, we can simplify this.
Having the reverse condition first makes changes that I want to do later awkward, so reverse it as a separate step first.
The two states are distinguished, but are treated everywhere identically, so there is no difference in behaviour except for slighlty different log output.
When we have a symlink that goes outside of our search path, we should just ignore the target file name. But we were verifying it, and rejecting in the case where a symlink was created manually.
Quoting is not necessary in many places, but I think it's nicer to use it consistently.
…nt symlinks We would only accept "identical" links, but having e.g. a symlink /usr/lib/systemd/system/foo-alias.service → /usr/lib/systemd/system/foo.service when we're trying to create /usr/lib/systemd/system/foo-alias.service → ./foo.service is OK. This fixes an issue found in ubuntuautopkg package installation, where we'd fail when enabling systemd-resolved.service, because the existing alias was absolute, and (with the recent patches) we were trying to create a relative one. A test is added. (For .wants/.requires symlinks we were already doing OK. A test is also added, to verify.)
Inspired by 7910ec3. '! true' passes, because it's a conditional expression. But '( ! true )' fails, because '( … )' creates a subshell, i.e. a separate program, and '! true' becomes the return value of that program, and the whole thing apparently is not a conditional expression for the outer shell. This is shorter, so let's just do this.
Tests were failing on centos7 because systemd-id128 is not in path.
As suggested in systemd@8b3ad39#r837345892 The define is generalized and moved to path-lookup.h, where it seems to fit better. This allows a recursive include to be removed and in general makes things simpler.
9f94ad1 to
b380b64
Compare
Member
Author
|
Updated. I think I addressed all the comments. A few things that were questions/suggestions are not done, but I think it's OK to leave them for later. I replied on the comments. Taking liberty to restore the green label. |
Member
Author
|
It's been running for 5+ h. I'll merge this without waiting for focal-*. |
kyllikki
pushed a commit
to pexip/os-systemd
that referenced
this pull request
Nov 10, 2023
systemd (252.17-1~deb12u1) bookworm; urgency=medium
.
* New upstream version 252.17. Fixes minor security issue in arm64
and riscv64 systemd-boot (EFI) with device tree blobs loading:
GHSA-6m6p-rjcq-334c
.
systemd (252.16-1~deb12u1) bookworm; urgency=medium
.
* New upstream version 252.16
* Refresh patches for v252.16
.
systemd (252.14-1~deb12u1) bookworm; urgency=medium
.
* New upstream version 252.14
* Refresh patches for 252.14
.
systemd (252.12-1~deb12u1) bookworm; urgency=medium
.
* New upstream version 252.12
* Refresh patches for v252.12
.
systemd (252.11-1~deb12u1) bookworm; urgency=medium
.
* Upload to bookworm.
.
systemd (252.11-1) unstable; urgency=medium
.
* New upstream version 252.11
* Refresh patches
.
systemd (252.6-1) unstable; urgency=medium
.
* Update timedated autopkgtest. We no longer support /etc/timezone, as
/etc/localtime is always available (cherry picked from commit
6ef7bb0ce0f89e732a8b95624af059e52c3712b5)
* Stop supporting /etc/timezone and just rely on /etc/localtime
* systemd-boot: update on package upgrade, if installed
* Override Lintian warning in systemd-coredump
* d/watch: restrict to v252.x for bookworm
* New upstream version 252.6
* Refresh patches
* systemd-boot: enable on install (Closes: #1031118)
.
systemd (252.5-2) unstable; urgency=medium
.
* Fix boot-and-services autopkgtest.
.
systemd (252.5-1) unstable; urgency=medium
.
[ Nick Rosbrook ]
* debian/tests: remove systemd-fsckd autopkgtest. This test never runs
in Debian autopkgtest because of missing machine isolation
requirements, and it nevers runs in Ubuntu because: SKIP: root file
system is being checked by initramfs already Since the test is not
providing any good feedback, and generally has not been maintained,
let's just remove it.
.
[ Luca Boccassi ]
* New upstream version 252.5
* Drop patches merged in v252.5
* Refresh patches
* Set default status format to 'combined': show both unit name and
description in logs/boot messages
.
systemd (252.4-2) unstable; urgency=medium
.
[ Michael Biebl ]
* Refresh patches
* Tweak description of systemd and systemd-sysv package.
Remove redundancy and de-emphasize sysvinit.
* autopkgtest: add psmsic to upstream suite.
Needed for the killall binary.
See systemd/systemd#24569
* autopkgtest: add xkb-data, locales and locales-all to upstream suite.
Use locales-all so all necessary locales can be installed into the test
image without having to generate them on-the-fly.
See systemd/systemd#23709
* autopkgtest: prefer knot-dnssecutils over knot-dnsutils for upstream
suite.
The kzonecheck utility required by TEST-75-RESOLVED was split out from
knot-dnsutils into knot-dnssecutils so update the test dependencies
accordingly. Keep knot-dnsutils as alternative dependency to make
backports easier.
* Cherry-pick upstream fixes for TEST-74-AUX-UTILS
* Cherry-pick upstream fix for TEST-73-LOCALE
* Skip firstboot --prompt-keymap check in TEST-74-AUX-UTILS.
This test requires compatible keymaps from kbd which are not available
in Debian.
.
[ Luca Boccassi ]
* autopkgtest: add netlabel-tools to networkd-test.py suite.
The netlabelctl tool is needed to test the NetLabel integration.
See systemd/systemd#23888
* autopkgtest: add bsdutils to upstream suite.
The logger utility is now used in TEST-04-JOURNAL.
See systemd/systemd#23086
* autopkgtest: add knot, knot-dnsutils, bind9-dnsutils, bind9-host to
upstream suite.
Needed by TEST-75-RESOLVED.
See systemd/systemd#23104
* autopkgtest: add jq to upstream suite.
Needed by TEST-58-REPART.
See systemd/systemd#24572
* autopkgtest: add mtools to upstream suite.
Needed by TEST-58-REPART.
See systemd/systemd#24944
* autopkgtest: add erofs-utils to upstream suite.
Needed by TEST-58-REPART.
See systemd/systemd#25686
.
systemd (252.4-1) unstable; urgency=medium
.
* Enable p11kit. Backport patch to dlopen-ify p11kit support and enable
it. (Closes: #1023635)
* New upstream version 252.4. (Closes: #1026831 and fixes CVE-2022-4415)
* Refresh patches
* Bump Standards-Version to 4.6.2, no changes
.
systemd (252.3-2) unstable; urgency=medium
.
* Skip flaky test_resolved_domain_restricted_dns in networkd-test.py.
This test is part of DnsmasqClientTest and does not work reliably under
LXC/debci, so skip it for the time being. (Closes: #1025908)
.
systemd (252.3-1) unstable; urgency=medium
.
* New upstream version 252.3
* Rebase patches
.
systemd (252.2-2) unstable; urgency=medium
.
* Keep policykit-1 as alternative dependency to polkitd for systemd.
This will make backports easier.
* Update remaining policykit-1 (test) dependencies and prefer polkitd.
Keep the policykit-1 dependency as alternative for easier backports.
(Closes: #1025591)
.
systemd (252.2-1) unstable; urgency=medium
.
[ Helmut Grohne ]
* Explicitly B-D on libcrypt-dev (Closes: #1024646)
.
[ Nick Rosbrook ]
* Add handling for /etc/default/locale to firstboot. The TEST-74-AUX-
UTILS upstream test revealed that firstboot does not currently handle
Debian's /etc/default/locale.
.
[ Luca Boccassi ]
* Build depend on dh-package-notes, sequence was removed. Only the
makefile is in use now, no files are generated at build time as
--package-metadata from the linkers is used now
* New upstream version 252.2
* Refresh patches
.
systemd (252.1-1) unstable; urgency=medium
.
* d/watch: switch back to stable repository
* New upstream version 252.1 (Closes: #1023607 #1023515)
* Drop patches merged upstream
* Refresh patches
* Suggest polkitd instead of policykit-1 (deprecated)
.
systemd (252-3) unstable; urgency=medium
.
* Backport patches to fix tmpfiles error and missing /dev/serial/by-
id/usb-* (Closes: #1023311)
* Drop :native suffix from python3-pyparsing build dependency (Closes:
#1023442)
* Enable support for libqrencode. dlopen() feature so no additional cost.
Allows printing out recovery keys in QR format.
.
systemd (252-2) unstable; urgency=medium
.
[ Jochen Sprickerhof ]
* Let dh_installsysusers fix the /var/log/journal permissions.
dh_installsysusers adds a systemd-sysusers in #DEBHELPER#. Otherwise
it fails with: /usr/lib/tmpfiles.d/systemd.conf:28: Failed to resolve
group 'systemd-journal'. Regression of fa0aade329. (Closes: #1023248)
* Move restarting units after #DEBHELPER#. This makes sure that systemd-
sysusers was executed as well as systemd-tmpfiles to setup proper
permissions for /var/log/journal before systemd-journald is being
restarted.
.
systemd (252-1) unstable; urgency=medium
.
* Use systemd-sysusers to setup systemd users and groups
* New upstream version 252
* Drop patches merged upstream
* libsystemd0: set symbols version to 252
* Drop unused lintian override
.
systemd (252~rc3-2) unstable; urgency=medium
.
* Upload to unstable.
.
systemd (252~rc3-1) experimental; urgency=medium
.
* New upstream version 252~rc3
* Refresh patches
* Backport patches to fix tests without machine-id. Drop out-of-tree
patch and backport upstream fixes.
.
systemd (252~rc2-1) experimental; urgency=medium
.
[ Jan Kiszka ]
* Enable systemd-boot for riscv64. Tested against U-Boot 2022.10 as UEFI
provider on the RZ/Five. Signed-off-by: Jan Kiszka
<jan.kiszka@siemens.com>
.
[ Helmut Grohne ]
* Conditionalize installation of cryptsetup plugins in stage1 using dh-
exec (Closes: #1021821)
.
[ Michael Biebl ]
* Install sysusers.d and tmpfiles.d man pages in standalone packages
(Closes: #1021933)
.
[ Luca Boccassi ]
* d/watch: switch to non-stable repo
* New upstream version 252~rc2
* Drop patches merged upstream
* Refresh patches
* Update symbols file
* Update Lintian overrides
* autopkgtest: update expected output of localectl
.
systemd (251.6-1) unstable; urgency=medium
.
* New upstream version 251.6
* Rebase patches
* Use dh_installsystemd to enable machines.target in systemd-container
.
systemd (251.5-3) unstable; urgency=medium
.
* Update symbol versions for the v251 release
* ata_id: fix getting Response Code from SCSI Sense Data (Closes: #1021579)
* logind: do not emit beep in wall messages (Closes: #1019510)
* logind: remember our idle state and use it to detect idle level
transitions (Closes: #963135)
* logind: fix getting property OnExternalPower via D-Bus (Closes: #1021644)
.
systemd (251.5-2) unstable; urgency=medium
.
[ Luca Boccassi ]
* Build and install libcryptsetup token plugins.
The interfaces are now mature and enabled in Debian/Ubuntu in
libcryptsetup, so enable and ship the plugins
.
[ Michael Biebl ]
* salsa-ci: drop no longer needed workaround for lintian false positives
* udev: fix regression in udev-builtin path_id when processing NVME devices
(Closes: #1021547)
.
[ наб ]
* systemd-sysv.postinst: which -> command -v
.
systemd (251.5-1) unstable; urgency=medium
.
[ Michael Biebl ]
* New upstream version 251.5
* Install NEWS.Debian file into all binary packages.
While it increases the disk footprint a little, it ensures that NEWS
entries are reliably shown by apt-listchanges.
* Handle removal of /var/log/README.
Remove /var/log/README symlink when the systemd package is purged.
This symlink is created via tmpfiles and documents that /var/log no
longer contains the traditional syslog text files. (Closes: #877414)
* Rebase patches
.
[ наб ]
* debian/extra/kernel/postinst.d/systemd-boot: prefix with zz-
Since we explicitly (though this is hidden by indirection through
85-initrd.install) depend on /boot/initrd.img-$1 existing or not existing,
hard-order ourselves at the end. The zz- prefix matches grub.
* debian/extra/kernel-install.d/85-initrd.install: install default initrd
with versioned basename.
This fixes #1020396 in a superior way by using
$KERNEL_INSTALL_STAGING_AREA, available since systemd v251.
By just copying the file we both simplify our code, but defer to
90-loaderentry to correctly permission it, and simply never generate an
unversioned initrd in the first place! (Closes: #1020396)
* debian/extra/kernel-install.d/85-initrd.install: explicitly ignore unknown
verbs
* debian/extra/kernel/postrm.d/systemd-boot: prefix with zz-
Doesn't actually matter, but the kernel handbook says we must and we
already renamed postinst. (Closes: #1014581)
.
[ Luca Boccassi ]
* Enable firstboot, disabled by default on Debian.
Currently the first-boot conditions are not met by any Debian
image (/etc/machine-id with content uninitialized, so we can
just enable the build and ship it in the main package.
This lets image builders (eg: cloud images) tinker with it.
https://www.freedesktop.org/software/systemd/man/machine-id.html#First%20Boot%20Semantics
(Closes: #844528)
.
systemd (251.4-3) unstable; urgency=medium
.
* resolv.conf: take backup as a fallback in case resolved/resolv.conf
is not available, and restore on uninstall, which is necessary for
piuparts checks.
.
systemd (251.4-2) unstable; urgency=medium
.
[ Johannes Schauer Marin Rodrigues ]
* use systemd-sysusers instead of adduser. This allows dropping the
dependency on adduser (reducing the dependency set) and in turn allows
for DPKG_ROOT support of systemd.
* debian/systemd.postinst: add --root argument to systemctl and
systemd-* calls for DPKG_ROOT support
.
[ Luca Boccassi ]
* resolved: use DPKG_ROOT and make postinst shellcheck-happy
* resolved: switch from .links to postinst/rm
* Update Lintian overrides for new incompatible syntax
.
systemd (251.4-1) unstable; urgency=medium
.
* New upstream version 251.4
* Rebase patches
* Rebuild against fixed dh-nss to avoid duplicates in /etc/nsswitch.conf
(Closes: #1017096)
.
systemd (251.3-2) unstable; urgency=medium
.
[ Luca Boccassi ]
* libnss-systemd: also let userdbd manage passwords.
As of upstream commit:
systemd/systemd@f43a19ecd6e3415e
in v249 userdbd can also synthesize shadow/gshadow records,
so add the shadow config to nsswitch.conf on installation.
(Closes: #1004326)
* homed: make PAM rules higher priority than unix users.
Make sure homed is tried first when logging in. This is required
after adding nss-systemd support for 'shadow' in /etc/nsswitch.conf.
See Arch bug: https://bugs.archlinux.org/task/72967
.
[ Gioele Barabucci ]
* d/control: Use dh_installnss
* d/libnss-myhostname.nss: Install NSS service `myhostname` via dh_installnss
* d/libnss-mymaschines.nss: Install NSS service `mymaschines` via dh_installnss
* d/libnss-resolve.nss: Install NSS service `resolve` via dh_installnss
* d/libnss-systemd.nss: Install NSS service `systemd` via dh_installnss
.
systemd (251.3-2~exp2) experimental; urgency=medium
.
* Note in systemd.NEWS that resolved has moved to a new package
* systemd-resolved: move conffile from systemd. Copied from systemd-
timesyncd
.
systemd (251.3-2~exp1) experimental; urgency=medium
.
* Split systemd-resolved into its own package which takes over
/etc/resolv.conf (Closes: #939904)
.
systemd (251.3-1) unstable; urgency=medium
.
* New upstream version 251.3
* Rebase patches
.
systemd (251.2-8) unstable; urgency=medium
.
* autopkgtest: install openssl for upstream test.
Install openssl explicitly and do not rely on other packages, like
swtpm-libs, to pull this dependency for us.
Used by TEST-50-DISSECT, which otherwise just silently skips the test.
* Add versioned dependency on init-system-helpers to systemd-homed.
Ensure that we have a version of deb-systemd-helper which properly
handles loops in Also= dependencies. (Closes: #1014115)
* Demote shlibs dependencies of libsystemd0 from Pre-Depends to Depends.
As systemctl, which is quasi-essential, no longer links against
libsystemd0, we do not need those strict requirements anymore.
* Work around some more dh_installman issues
.
systemd (251.2-7) unstable; urgency=medium
.
[ Luca Boccassi ]
* sd-boot: add kernel hooks scripts
.
[ Andrea Pappacoda ]
* sd-boot: add initramfs hook (Closes: #826045)
.
[ Michael Biebl ]
* sd-boot: exit early in initramfs and kernel hook scripts if package is
removed but not purged
* Do not fail with older binutils.
Test if the linker supports --no-warn-execstack and --no-warn-rwx-segments
before using those flags. (Closes: #1013967)
.
systemd (251.2-6) unstable; urgency=medium
.
[ Helmut Grohne ]
* Mark systemd-userdbd and systemd-homed as !stage1 (Closes: #1012738)
.
[ Luca Boccassi ]
* Remove unused Lintian overrides
* Stop overriding the build directory name.
We don't do a separate udeb build anymore, so there's no need
to specify a separate build directory.
* Use execute_before_/after_ instead of override_
* Add nodoc profile support.
Co-authored-by: Michael Biebl <biebl@debian.org>
.
[ Michael Biebl ]
* Do not fail EFI build with newer binutils (Closes: #1013482)
* shared/microhttp-util: silence gcc warning
* Clarify NEWS message about systemd-boot split (Closes: #1013340)
.
systemd (251.2-5) unstable; urgency=medium
.
* Tweak description of systemd-homed package
* Move shlibs dependencies of libsystemd-shared from Pre-Depends to Depends
(Closes: #1012637)
* Add versioned Breaks against sicherboot for the systemd-boot split
(Closes: #1012625)
* Drop old Conflicts against hal from udev.
The hal package has been gone for several release cycles, so this
Conflicts should not be necessary anymore.
.
systemd (251.2-4) unstable; urgency=medium
.
* Use try-restart in systemd-binfmt dpkg trigger
* Fix bashism in kernel-install
* Upload to unstable
.
systemd (251.2-3) experimental; urgency=medium
.
[ Luca Boccassi ]
* Add systemd-userdbd package. This can be used to synthetize dynamic
user/groups, and can be useful by itself. It will also be used by
homed.
* Add systemd-homed package (Closes: #976960)
* Add systemd-boot-efi multiarch package. Allows EFI binaries for
different architectures to be co-installed. Useful when the EFI has a
different architecture, or to manipulate images. The userspace tooling
doesn't need to match the EFI binaries. Also allows one to reduce the
number of packages and dependencies needed when i386 is not a full
architecture, but a subset for libraries and for EFI support.
.
[ Michael Biebl ]
* Move homectl and userdbctl to /usr/bin
* Install libsystemd-shared into rootpkglibdir
* Split out libsystemd-shared into its own package. Since libsystem-
shared is an internal implementation detail, do not generate a shlibs
file for it. This means dh_shlibdeps needs to be told explicitly where
it can find libsystemd-shared. Mark this new package as Multi-Arch:
same. (Closes: #990547)
* Split out systemd-boot into its own package
* Add NEWS entry for the systemd-boot package split
.
systemd (251.2-2) unstable; urgency=medium
.
* sha256: fix compilation on efi-ia32
.
systemd (251.2-1) unstable; urgency=medium
.
[ Michael Biebl ]
* New upstream version 251.2
- logind: do not print wall messages to local pseudoterminals
(Closes: #1012155)
* Rebase patches
* Fix parsing of command line options in fsckd (Closes: #1009032)
* Do not require a valid version when parsing sd-boot loader entries
(Closes: #993292)
* Add dpkg file trigger for systemd-binfmt to update binfmt registrations
* Use a single NEWS file shipped in the main systemd package
.
[ Luca Boccassi ]
* autopkgtest: add cryptsetup-initramfs for upstream suite.
Needed for systemd/systemd#23517
.
systemd (251.1-1) unstable; urgency=medium
.
[ Luca Boccassi ]
* Switch from gnutls to openssl. Upstream is slowly phasing out gnutls.
Start switching to openssl. Drops support for '--trust' in the
journal-gatewayd and journal-remote programs.
* New upstream version 251.1
* Add systemd-journal-remote.NEWS to inform about dropping --trust
.
[ Michael Biebl ]
* Enable pager Hyperlink ANSI sequence support. This requires less ≥
563. Add a versioned Breaks accordingly.
* Drop unnecessary version constraints / dependencies
* Update liblz4-dev Build-Depends as per meson.build
.
systemd (251-2) unstable; urgency=medium
.
* Salsa CI: suppress lintian false positive on dbgsym.
* Upload to unstable.
.
systemd (251-1) experimental; urgency=medium
.
* New upstream version 251. For a full list of changes, see:
https://github.com/systemd/systemd/releases/tag/v251
* Refresh patches
* Revert manual removal of ndisc test case, merged upstream
* Bump Standards-Version to 4.6.1, no changes
.
systemd (251~rc3-2) experimental; urgency=medium
.
* Backport removal of ndisc test case, breaks build on armhf/armel.
.
systemd (251~rc3-1) experimental; urgency=medium
.
* autopkgtest: add allow-stderr to boot-and-services. Sometimes we see
some ignored logs, don't fail the test run if that happens
* autopkgtest: disable networkd in rebooting tests. It seems that on
Semaphore CI, running in Bullseye images, having both Network-Manager
and systemd-networkd enabled causes 'systemctl start network-
online.target' to get stuck, and fail the run. Disable networkd in
those tests. See: systemd/systemd#22991
* autopkgtest: mark networkd-test.py as breaks-testbed. It will modify
the network configuration, which will often make the network stop
working. Mark it as breaks-testbed so that a new runner is started.
* autopkgtest: ignore rng-tools-debian failure in boot-and-services. It
seems sometimes it fails, which has happened on jammy-amd64:
https://bugs.debian.org/969568
* New upstream version 251~rc3
* Drop sd-device-always-translate-sysname-to-sysfs-filename.patch,
merged upstream
* Rebase patches
* Update lintian-overrides for false positives
.
systemd (251~rc2-2) experimental; urgency=medium
.
* sd-device: always translate sysname to sysfs filename
.
systemd (251~rc2-1) experimental; urgency=medium
.
* New upstream version 251~rc2
* Rebase patches
* Update symbols file for libsystemd0
.
systemd (251~rc1-3) experimental; urgency=medium
.
[ Luca Boccassi ]
* autopkgtest: install swtpm and tpm2-tools for upstream suite.
Required by systemd/systemd#22563
.
[ Michael Biebl ]
* Do not ship /usr/lib/tmpfiles.d/systemd-resolve.conf in systemd.
It potentially creates a broken symlink if systemd-resolved is not
enabled. For now the symlink to stub-resolv.conf needs to be created
manually. (Closes: #1007018)
* hwdb: fix parsing options (Closes: #1008989)
.
systemd (251~rc1-2) experimental; urgency=medium
.
[ Michael Biebl ]
* Revert "Ignore libsystemd-core in dh_shlibdeps"
This reverts commit c1d5ad5ac989376aa8100dea9ad9d7af0f0408d9.
We need the shlibs dependencies of libsystemd-shared and
libsystemd-core.
* Adjust library search path for dh_shlibdeps.
libsystemd-core uses libsystemd-shared but doesn't have RUNPATH or
RPATH set. So tell dh_shlibdeps where it can find the library.
.
[ Luca Boccassi ]
* autopkgtest: update unit-config test for new relative symlinking.
Required by systemd/systemd#22649
* autopkgtest: install libnss packages for unit-tests suite.
Required to enable nss tests:
systemd/systemd#21975
* autopkgtest: install libnss packages for upstream suite.
Required to enable nss tests:
systemd/systemd#21975
* autopkgtest: install python3-pexpect and screen for upstream suite.
Required for new test:
systemd/systemd#21838
.
systemd (251~rc1-1) experimental; urgency=medium
.
[ Michael Biebl ]
* New upstream version 251~rc1
* Rebase patches
* Update symbols file for libsystemd0
* Install shell completions for oomctl in systemd-oomd
.
[ Luca Boccassi ]
* Ignore libsystemd-core in dh_makeshlibs
* Ignore libsystemd-core in dh_shlibdeps
* Add libsystemd-core to shlibs.local.in
.
systemd (250.4-1) unstable; urgency=medium
.
[ Dimitri John Ledkov ]
* udev-udeb: ship modprobe.d snippet to force scsi_mod.scan=sync in d-i.
.
[ Luca Boccassi ]
* Build with dh_package_notes
* New upstream version 250.4
* Drop patches merged upstream
* Remove unneeded ${shlibs:Depends}
* autopkgtest: add libdw-dev to unit-tests job.
* Rebase patches on top of v250.4
.
systemd (250.3-2) unstable; urgency=medium
.
[ Yu Watanabe ]
* upstream-ci: logind test: use drop-in config
* upstream-ci: logind test: also show logs of systemd-suspend.service
* upstream-ci: logind test: make sure the fake lid switch processed by
udevd. Also, wait for other uevents, which possibly triggered by the
lid switch, being processed.
* upstream-ci: logind test: fix drop-in config.
.
[ Luca Boccassi ]
* Add myself to Uploaders
* systemd-tests: ignore hardening-no-relro too. Test binaries, we don't
care about hardening flags
* Backport patches to fix build reproducibility. EFI binaries have the
path embedded which breaks reproducibility, backport patches from
upstream to fix it.
.
[ Michael Biebl ]
* Add Recommends: dbus-user-session to libpam-systemd. For a fully
functioning systemd --user instance we want dbus-user-session
installed.
* Report status of dbus-user-session in systemd reportbug template. Most
users will likely file bugs for systemd --user related issues against
the main systemd package and not libpam-systemd.
.
systemd (250.3-1) unstable; urgency=medium
.
[ Luca Boccassi ]
* Update d/copyright listing for debian/*
Fixes Lintian warning: update-debian-copyright
* d/copyright: remove unused GPL-2 stanza
* d/watch: bump to version 4
* d/control: drop redundant Section/Priority fields.
Fixes Lintian warning: installable-field-mirrors-source
* d/control: extend descriptions of libudev and libsystemd
* systemd-oomd: add dependency on adduser.
Needed by postinst script.
* systemd-oomd: fix description-synopsis-starts-with-article Lintian warning
* systemd-standalone-*: copy manpages too
* Lintian: ignore very-long-line-length-in-source-file.
It's not a useful check, and it flags test data and such.
* Lintian: ignore source-contains-data-from-ieee-data-oui-db.
Data formats are not compatible, this is for hwdb.
* Lintian: ignore systemd-service-file-missing-install-key.
If we don't add [Install], it's because we don't want it and the units are
events-driven or enabled statically.
* Lintian: ignore spare-manual-page.
Lintian is not really good at associating manpages to package contents,
so just ignore this, as we have and will keep adding docs related
to unit types and so on.
* Lintian: ignore package-supports-alternative-init-but-no-init.d-script.
Well, duh!
* Lintian: ignore package-contains-documentation-outside-usr-share-doc.
False positives on test data and a web page.
* Lintian: ignore current set of package-contains-empty-directory.
These are shipped to provide a skeleton installation.
* Update Lintian override for
systemd-service-file-refers-to-unusual-wantedby-target
* Lintian: ignore systemd: shared-library-lacks-prerequisites false positive
on EFI binary
* Lintian: ignore maintainer-script-calls-systemctl in more packages
* Lintian: ignore executable-not-elf-or-script false positives for EFI
binaries
* Lintian: ignore spellcheck false positives
* Lintian: ignore hardening-no-fortify-functions for test binaries
* Ignore blhc false positives.
blhc hits false positives due to EFI PE-COFF binaries,
c++ fuzzing binaries and meson flags listings, ignore them.
* Add d/gitlab-ci.yml.
Disable unit tests, as some are failing due to the build environment.
.
[ Michael Biebl ]
* New upstream version 250.3
- network: wireguard: do not add routes to AllowedIPs= by default.
(Closes: #1003955)
* Add Recommends: libdw1 to systemd-coredump.
Starting with v250, systemd-coredump will use libdw/libelf via dlopen()
rather than directly linking against it. It is not a hard dependency but
we want to have it installed by default.
While hard-coding the library name is not ideal, we currently don't have
better means to derive this information automatically. (Closes: #1003879)
.
systemd (250.2-3) unstable; urgency=medium
.
[ Luca Boccassi ]
* Build with and suggest fido2 and tpm libraries.
These are used via dlopen only if available by some tools like
systemd-cryptsetup, systemd-cryptenroll and systemd-repart,
with graceful fallbacks if they are not found.
Build-depend on them so that the features get compiled in
(apart from stage1 builds), and add appropriate Suggests.
(Closes: #991129, #1003383)
* Disable libcryptsetup-plugins.
They are new, and might not even be supported by libcryptsetup yet
* Build-depend on libssl-dev.
Required to use libfido2-dev until #1003699 is fixed
.
[ Michael Biebl ]
* Don't stop systemd-oomd.socket during upgrades.
This works around an issue in systemd which doesn't process multiple
units that are passed to systemctl as a single transaction with the
correct ordering. (Closes: #1003641)
.
systemd (250.2-2) unstable; urgency=medium
.
* Ship systemd-oomd.socket in correct systemd-oomd package
* Don't install dbus-org.freedesktop.oom1.service symlink (Closes: #1003580)
.
systemd (250.2-1) unstable; urgency=medium
.
* New upstream version 250.2
- shared/rm-rf: loop over nested directories instead of recursing.
Fixes uncontrolled recursion in systemd-tmpfiles.
(CVE-2021-3997, Closes: #1003467)
* test: explicitly configure oomd stuff via dropins
* autopkgtest: add systemd-oomd dependency to upstream test.
We want systemd-oomd to be tested via the upstream provided
TEST-55-OOMD.
* Rebase patches
* Upload to unstable
.
systemd (250.1-2) experimental; urgency=medium
.
[ Lukas Märdian ]
* d/rules: Enable build of systemd-oomd
* d/control: Ship oomd in a systemd-oomd package.
Deploying the default configuration as used in Fedora.
* Start systemd-oomd.service after package installation
.
[ Michael Biebl ]
* oomd: move oomctl to bindir
* Enable systemd-repart and ship it in the main systemd package.
Add fdisk as test dependency, needed by test-repart which calls sfdisk.
* test-repart: append /sbin and /usr/sbin to $PATH= so sfdisk can be found
.
systemd (250.1-1) experimental; urgency=medium
.
* New upstream version 250.1
* Rebase patches
.
systemd (250-2) experimental; urgency=medium
.
* Drop separate udeb build.
The only real benefit from a separate build apparently is that udev does
not get a dependency on libacl and libselinux. But we have udebs for
those dependencies anyway.
Dropping the separate build basically cuts the build times in half and
simplifies debian/rules quite a bit.
It also brings udev as used in d-i closer to what is actually used in
the installed system, which is a good thing.
* Cherry-pick various fixes targeted for v250-stable
.
systemd (250-1) experimental; urgency=medium
.
* New upstream version 250
* Rebase patches
* Update symbol versions for the v250 release
.
systemd (250~rc3-1) experimental; urgency=medium
.
[ Michael Biebl ]
* New upstream version 250~rc3
* Switch debian-branch to experimental
* Bump meson Build-Depends to (>= 0.53.2)
* Rebase patches
* Update symbols file for libsystemd0
* Update removal of upstream provided license files
* Use -Durlify=false instead of shipping an upstream revert patch
* Explicitly disable OpenSSL support.
We don't want to pick up an OpenSSL dependency in a tainted build
environment and pull a second crypto stack into systemd's dependencies.
* autopkgtest: install dbus-user-session for upstream test.
Required by TEST-43-PRIVATEUSER-UNPRIV and TEST-20-MAINPIDGAMES.
* Revert "Temporarily disable LTO"
* Small updates to debian/copyright
* Remove dbus introspection files
.
[ Luca Boccassi ]
* autopkgtest: install libdw and libelf for upstream test.
Pulled in via dlopen since systemd/systemd#21454
.
systemd (249.7-1) unstable; urgency=medium
.
* New upstream version 249.7
* Rebase patches
.
systemd (249.6-3) unstable; urgency=medium
.
* scope: count successful cgroup additions when delegating via D-Bus
(Closes: #999745)
.
systemd (249.6-2) unstable; urgency=medium
.
* Consider dbus-broker in systemd-logind.service Condition check
(Closes: #999569)
* Temporarily disable LTO.
This is a test to see if it fixes the failure to build reproducibly on
arm*.
* sysusers: split up systemd.conf (Closes: #990349)
.
systemd (249.6-1) unstable; urgency=medium
.
[ Michael Biebl ]
* New upstream version 249.6
* Rebase patches
* test: use kbd-mode-map we ship in one more test case
* Bump Standards-Version to 4.6.0
* Drop obsolete C/R upstart from systemd-sysv
* Drop obsolete dpkg (>= 1.19.3) | systemd-sysv dependency from udev.
It was added to ensure we have a dpkg with --notify-await which is now
satisfied by a dpkg from oldstable.
* Make the C/R against systemd versioned in
systemd-standalone-{sysusers,tmpfiles}
Those were added to facilitate an upgrade from bullseye. The version
makes it more explicit.
* Drop obsolete migration code for RAMTMP, TPMTIME and UTC
.
[ Luca Boccassi ]
* Depend on default-dbus-system-bus | dbus-system-bus.
Allows users to install only a single system bus implementation.
Prefer the default (dbus-daemon).
.
systemd (249.5-2) unstable; urgency=medium
.
[ Helmut Grohne ]
* Fix FTCBFS: Annotate python3-jinja2 dependency with :native
(Closes: #996501)
.
[ Michael Biebl ]
* hwdb: Allow console users access to media* nodes (Closes: #996749)
.
systemd (249.5-1) unstable; urgency=medium
.
* New upstream version 249.5
* Rebase patches
* Update debian/copyright
* Clean up lintian overrides
.
systemd (249.4-2) unstable; urgency=medium
.
* Upload to unstable
* Remove unused initialize_coredump() function
* Fix #993738 by pulling the patches from upstream PR#20603
.
systemd (249.4-1) experimental; urgency=medium
.
* New upstream version 249.4
* Rebase patches
.
systemd (249.3-4) experimental; urgency=medium
.
* Add Conflicts/Replaces: systemd to systemd-standalone-{sysusers,tmpfiles}
This allows upgrades from older systemd versions which do not have
Provides: systemd-{sysusers,tmpfiles}. (Closes: #992376)
.
systemd (249.3-3) experimental; urgency=medium
.
* Use C/R/P for systemd-sysusers and systemd-tmpfiles.
It's an interface/facility that can only be provided by a single package
at a time.
.
systemd (249.3-2) experimental; urgency=medium
.
* Provide standalone binaries for sysusers and tmpfiles (Closes: #946456)
* Fix test dependencies of upstream test.
After splitting out the standalone binaries for sysusers and tmpfiles
into separate packages (which conflict with the main systemd package),
we can no longer use the '@' notation in the upstream test.
This reverts commit 5eeeb1b562a1a9802df105091bda4741c263336d and also
adds systemd-tests and systemd-timesyncd to the upstream test
dependencies.
.
systemd (249.3-1) experimental; urgency=medium
.
* New upstream version 249.3
* Rebase patches
* Remove obsolete systemd-resolve compat symlink
.
systemd (249.2-2) experimental; urgency=medium
.
* Remove obsolete upgrade code from maintainer scripts
* Clean up old versions from maintscript files
* Drop obsolete systemd Breaks/Replaces
* Drop obsolete python-dbusmock Breaks
* Turn versioned systemd-shim Breaks into unversioned Conflicts.
There never was a fixed systemd-shim version before it was removed from
the archive.
* Drop patches which are no longer needed after bullseye
* Stop setting up device symlinks for CD-RW/DVD drives.
Those udev rules were a Debian specific workaround that were mainly
added for compat with older software which wasn't able to automatically
discover those types of devices. Those rules didn't provide
stable/predictable names though, so remove them. (Closes: #991639)
* autopkgtest: add systemd-timesyncd dependency to timedated test.
We need systemd-timesyncd in the timedated test, not just an arbitrary
provider of time-daemon.
* autopkgtest: clean up dependencies of boot-smoke test.
A lot of the dependencies are not needed but were originally added to
avoid a testbed reset and make it possible to reuse the testbed of the
upstream test. This turned out to be a maintenance problem and the
dependencies were not updated accordingly. Instead of trying to keep the
two tests in sync, trim down the boot-smoke dependencies to its bare
minimum.
.
systemd (249.2-1) experimental; urgency=medium
.
* New upstream version 249.2
* Rebase patches
.
systemd (249.1-1) experimental; urgency=medium
.
* New upstream version 249.1
- basic/unit-name: do not use strdupa() on a path (CVE-2021-33910)
.
systemd (249-1) experimental; urgency=medium
.
* New upstream version 249
* Rebase patches
* Update symbol versions for the v249 release
* Fix removal of systemd-hwdb-update.service.
As we don't support factory-reset, we don't need this service.
In Debian, the hwdb binary database is updated via a dpkg file trigger.
.
systemd (249~rc3-1) experimental; urgency=medium
.
* New upstream version 249~rc3
* Rebase patches
.
systemd (249~rc2-1) experimental; urgency=medium
.
* New upstream version 249~rc2
* Rebase patches
.
systemd (249~rc1-1) experimental; urgency=medium
.
[ Michael Biebl ]
* New upstream version 249~rc1
* Rebase patches
* Replace m4 Build-Depends with python3-jinja2
* Update symbols file for libsystemd0
* test: do not run 'meson configure' if NO_BUILD is set
* test: drop the mawk-incompatible expression
* Add gawk <!nocheck> to Build-Depends.
It is used in tools/check-directives.sh which is run during "meson test".
* autopkgtest: add udev dependency to unit-tests.
Without a properly set up hwdb the test-sd-hwdb test is skipped.
.
[ Luca Boccassi ]
* autopkgtest: add dependency on dosfstools for upstream test.
Needed to create EFI partition (vfat)
.
systemd (248.3-1) experimental; urgency=medium
.
[ Michael Biebl ]
* New upstream version 248.3
* Rebase patches
.
[ Dan Streetman ]
* d/t: replace 'root-unittests' shell script with simple call to upstream script.
The upstream test runner script is much better, as it only prints failing test
output, and gives a summary of the test results at the end.
.
systemd (248.2-1) experimental; urgency=medium
.
* New upstream version 248.2
.
systemd (248.1-1) experimental; urgency=medium
.
[ Michael Biebl ]
* New upstream version 248.1
* Rebase patches
* d/e/checkout-upstream: switch to main branch
* Update make-fbdev-blacklist to not blacklist hyperv_fb
.
[ Luca Boccassi ]
* systemd.install: catch all files installed in usr/bin and bin.
At the moment, individual binaries are mentioned specifically in the
install file. When new binaries are added, manual work is needed to get
them packaged, which affects the upstream autopkgtest-based CI.
Change systemd.install to instead pick up everything from usr/bin and bin.
* upstream suite: add build-dep on vim-tiny.
Required by some of the images in the upstream test suite
.
[ Zbigniew Jędrzejewski-Szmek ]
* Let "upstream" test use upstream test runner
.
[ Dan Streetman ]
* Slight adjustments to previous patch for deny/black-list naming.
Also add in two vars used by the integration runner script
* d/t/upstream: use NO_BUILD=1.
Also don't bother sed-modifying test-functions file, as the NO_BUILD
changes remove the need for that.
* d/t/control: install all binary packages for upstream test.
With the change to just call the upstream script to run the integration
tests, the packages to test need to be installed so the test-function
script can list out the files each package contains, and copy those files
into each nspawn and/or qemu testbed. Without all packages installed,
some tests fail; specifically TEST-30 currently requires systemd-timesyncd
which was not previously installed for the 'upstream' test suite.
This changes the control file to just install all binary packages, using
the '@' notation.
* d/t/boot-smoke: update test to avoid false negatives
.
[ Frantisek Sumsal ]
* upstream-ci: fix test_no_failed() check.
Without `--plain` `systemctl` prints a circle (●) in the first column
for each failed service, which with the current code interferes with
attempted journal listing for each such service.
.
systemd (248-1) experimental; urgency=medium
.
[ Balint Reczey ]
* New upstream version 248
- add support for answering DNSSEC questions on the stub resolver
(Closes: #988132)
- turn off DNSSEC validation when timesyncd resolves hostnames
(Closes: #898530)
- add networkd/nspawn nftables backend
(Closes: #934584)
- support ipv6 for masquerade and dnat in nspawn and networkd
(Closes: #934676)
* Refresh patches
* debian/rules: Enable new systemd-sysext tool
* debian/rules: Build support for flushing of the nscd caches
* debian/rules: Build translations for debs but not for udebs
* debian/rules: Build without TPM2 support.
This is a new feature and needs further review.
* Ship systemd-cryptenroll in systemd package
* Update symbols file for libsystemd0
* debian/tests/control: Upstream test depends on attr
* debian/udev.postinst: Create the sgx system group.
Intel SGX enclave device nodes are now owned by this group.
* debian/rules: Don't ship README files in (/usr)/lib/*.d.
README files are typically shipped in /usr/share/doc.
* Revert "pager: stop disabling urlification under a pager"
Debian and Ubuntu do not yet have a less version that supports
urlification. This requires less 563 or later.
.
systemd (247.9-4) unstable; urgency=medium
.
* Revert "tests/udev-test.pl: add multiple device test"
Follow-up to make sure the udev autopkgtest passes successfully again
after reverting the multipath symlink race fix.
* test: Fix flakiness in TEST-10-ISSUE-2467
* autopktest: Fix timedated test dependencies.
Add an explicit systemd-timesyncd dependency as it is required by the
timedated test.
* autopkgtest: Merge configuration of logind test with timedated and related
tests.
They share the same restrictions and merging them avoids a bit of
duplication.
* Revert "test: disable DnsmasqClientTest.test_resolved_etc_hosts in
networkd-test.py"
Let's see if this test is still flaky on debci.
* networkd-test: fix resolved_domain_restricted_dns.
Cherry-pick upstream commit which hopefully fixes the flakiness in
DnsmasqClientTest.test_resolved_domain_restricted_dns.
.
systemd (247.9-3) unstable; urgency=medium
.
* Revert multipath symlink race fix.
Revert upstream commits which caused a regression in udev resulting in
long delays when processing partitions with the same label.
(Closes: #993738)
.
systemd (247.9-2) unstable; urgency=medium
.
* Demote systemd-timesyncd from Depends to Recommends.
This avoids a dependency cycle between systemd and systemd-timesyncd and
thus makes dist upgrades more predictable and robust.
It also allows minimal, systemd based containers where no NTP client is
strictly necessary.
To ensure that systemd-timesyncd is installed in a default installation
created by d-i, bump its priority to standard. (Closes: #986651, #993947)
.
systemd (247.9-1) unstable; urgency=medium
.
[ Michael Biebl ]
* New upstream version 247.9
* Rebase patches
* Fix removal of systemd-hwdb-update.service.
As we don't support factory-reset, we don't need this service.
In Debian, the hwdb binary database is updated via a dpkg file trigger.
.
[ Balint Reczey ]
* debian/rules: Don't ship README files in (/usr)/lib/*.d.
README files are typically shipped in /usr/share/doc.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.