From 9b4d8b0ea6b5862f279fab62e6ccee3bd51ddcc2 Mon Sep 17 00:00:00 2001 From: Andrew Geissler Date: Fri, 19 Feb 2021 12:26:16 -0600 Subject: poky: subtree update:9294bc4bb4..488e39b623 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Alejandro Hernandez Samaniego (1): sstate.bbclass: Split sstate summary into locally and network found artifacts Alexander Kanavin (1): selftest/reproducible: track unusued entries in the exclusion list Andrei Gherzan (1): oe/recipeutils: Fix copying patches when BBLAYERS entries are not normalised Anthony Bagwell (1): kernel-fitimage: fix dtbo support for fit images Anuj Mittal (38): git: upgrade 2.30.0 -> 2.30.1 glib-2.0: upgrade 2.66.4 -> 2.66.7 help2man: upgrade 1.47.16 -> 1.48.1 libevdev: upgrade 1.10.1 -> 1.11.0 stress-ng: upgrade 0.12.02 -> 0.12.03 vte: upgrade 0.62.1 -> 0.62.2 x264: upgrade to latest revision createrepo-c: upgrade 0.16.2 -> 0.17.0 libuv: upgrade 1.40.0 -> 1.41.0 piglit: upgrade to latest revision pigz: upgrade 2.4 -> 2.6 python3-git: upgrade 3.1.12 -> 3.1.13 sysstat: upgrade 12.4.2 -> 12.4.3 python3-hypothesis: upgrade 6.0.2 -> 6.2.0 python3-more-itertools: upgrade 8.6.0 -> 8.7.0 python3-numpy: upgrade 1.20.0 -> 1.20.1 python3-pygments: upgrade 2.7.4 -> 2.8.0 python3-pytest: upgrade 6.2.1 -> 6.2.2 python3-setuptools: upgrade 52.0.0 -> 53.0.0 psmisc: upgrade 23.3 -> 23.4 gtk+3: upgrade 3.24.24 -> 3.24.25 lighttpd: upgrade 1.4.58 -> 1.4.59 libwebp: upgrade 1.1.0 -> 1.2.0 libcap: upgrade 2.47 -> 2.48 libxt: upgrade 1.2.0 -> 1.2.1 sysklogd: upgrade 2.1.2 -> 2.2.1 cmake: upgrade 3.19.3 -> 3.19.5 curl: upgrade 7.74.0 -> 7.75.0 diffoscope: upgrade 164 -> 166 libfm-extra: upgrade 1.3.1 -> 1.3.2 pcmanfm: upgrade 1.3.1 -> 1.3.2 json-glib: upgrade 1.6.0 -> 1.6.2 mesa: upgrade 20.3.2 -> 20.3.4 kmscube: upgrade to latest revision btrfs-tools: upgrade 5.10 -> 5.10.1 man-db: upgrade 2.9.3 -> 2.9.4 asciidoc: fix upstream check linux-yocto: update genericx86* to v5.4.94 Bruce Ashfield (6): linux-yocto-rt/5.10: update to -rt25 linux-yocto/5.10: update to v5.10.14 linux-yocto/5.4: update to v5.4.96 linux-yocto/5.10: update to v5.10.16 linux-yocto/5.4: update to v5.4.98 linux-yocto-dev: bump version to v5.11+ Jan-Simon Möller (2): oe-selftests: add rpm to reproducible build selftest package_rpm: Enable use_source_date_epoch_as_buildtime in package_rpm class Jose Quaresma (5): spirv-tools: disable tests spirv-tools: build all libaries as shared glslang: generate glslang pkg-config glslang: add comment about unversioned libraries shaderc: remove the receipe configure hack and use a patch for that Joshua Watt (7): libomxil: Fix up commercial license flag weston: remoting backend requires GStreamer base plugins oeqa: reproducible: Fix SSTATE_MIRRORS variable oeqa: reproducible: Add more logging bitbake: contrib: Add Dockerfile for building hash server bison: Fix up file name mapping acpica: Fix reproducibility issues Khem Raj (8): tcf-agent: Fix build on riscv32 security_flags.inc: Add same O as in SELECTED_OPTIMIZATION autoconf: Add missing perl modules to rdeps gdb: Drop SIGRTMIN definition patch musl: Update to latest master go: Update to 1.15.8 ruby: Do not use ucontext implementation for coroutines on musl/riscv libunwind: Disable for riscv Konrad Weihmann (1): cmake: set CMAKE_EXPORT_NO_PACKAGE_REGISTRY Luca Boccassi (1): systemd: add hostname fallback when polkit is not available Marek Vasut (1): weston-init: Fix weston-keyboard path in weston.ini Michael Halstead (1): yocto-uninative.inc: version 3.0 incorporate seccomp filter workaround Oleksandr Kravchuk (2): cryptodev: upgrade to 1.12 tar: update to 1.34 Richard Purdie (31): pseudo: Update for rename and faccessat fixes nativesdk-buildtools-perl-dummy: Add new autoconf dependencies selftest/reproducible: Sort the unused exclusion list selftest/reproducible: Remove no longer needed exclusions pseudo: Update to include fixes for glibc 2.33 bitbake: bitbake-worker/runqueue: Add support for BB_DEFAULT_UMASK bitbake: bitbake: Bump version to 1.49.2 systemd: Simplify mount error patch bitbake.conf: Set as default task umask of 022 classes: Drop now unneeded umask flags cwautomacros: Ensure version is set deterministically vim: Improve determinism vim: Fix a race over creation of the desktop files package_manager/deb: Fix image generation with package removal quilt: Be determnistic about column presence buildtools-extended-tarball: Add glibc-gconvs needed for build watchdog: Fix determinism issue from sendmail host path watchdog: Avoid reproducibility failures after fixing build xorg-fonts-minimal: Fix reproducibility xmlto: Fix reproducibility selftest/reproducible: Update exclusions distutils3-base: Fix after native packaging changes subversion: upgrade 1.14.0 -> 1.14.1 python3-jinja2: upgrade 2.11.2 -> 2.11.3 systemd: Drop unneeded musl patches qemu: Refresh mmap fixes patch status/content Revert "oe-selftests: add rpm to reproducible build selftest" local.conf.sample.extended: Bring back into sync with OE-Core xorg-minimal-fonts: Really fix determinism git: Fix determinism issue groff: Fix determinism issue Ross Burton (2): glibc: add workaround for faccessat2 being blocked by seccomp filters rootfs_deb: handle aarch64 SDK_ARCH Suji Velupillai (1): ffmpeg: move ffmpeg config into packageconfig Teoh Jay Shen (1): oeqa/runlevel : add test for runlevels Thomas Viehweger (1): mtd-utils: Remove duplicate assignments to alternative link names Tomasz Dziendzielski (1): bitbake: event: Prevent bitbake from executing event handler for wrong multiconfig target Vivien Didelot (2): local.conf.sample.extended: fix double 'of' typo local.conf.sample.extended: prefer INIT_MANAGER Wes Lindauer (1): df.py: Add feature check for read-only-rootfs Yi Fan Yu (2): valgrind: Disable ptest nlcontrolc for x86-64 valgrind: Remove reference to non-existent ptests Yoann Congal (1): npm.bbclass: avoid building target nodejs for native npm recipes akuster (1): connman: update to 1.39 Revert "libpam: remove unused code" This reverts commit e5b5c38a76bbf3f56353954bdc65fa8736ed76bf. This is needed for the backported libpam support Signed-off-by: Andrew Geissler Change-Id: Ia802c1f09ccbd2967e01098edb059e72ee670ad8 --- poky/meta/recipes-core/glib-2.0/glib-2.0_2.66.4.bb | 51 ---------------------- poky/meta/recipes-core/glib-2.0/glib-2.0_2.66.7.bb | 51 ++++++++++++++++++++++ .../recipes-core/glibc/glibc/faccessat2-perm.patch | 31 +++++++++++++ poky/meta/recipes-core/glibc/glibc_2.33.bb | 1 + .../meta/buildtools-extended-tarball.bb | 10 +++++ .../meta/nativesdk-buildtools-perl-dummy.bb | 3 ++ poky/meta/recipes-core/musl/musl_git.bb | 2 +- .../systemd/systemd/00-hostnamed-network-user.conf | 6 +++ .../systemd/systemd/0023-Include-sys-wait.h.patch | 31 ------------- .../systemd/systemd/0024-Include-signal.h.patch | 33 -------------- ...rigger-mount-error-with-invalid-options-o.patch | 43 +++--------------- .../org.freedesktop.hostname1_no_polkit.conf | 11 +++++ poky/meta/recipes-core/systemd/systemd_247.3.bb | 21 +++++++-- 13 files changed, 139 insertions(+), 155 deletions(-) delete mode 100644 poky/meta/recipes-core/glib-2.0/glib-2.0_2.66.4.bb create mode 100644 poky/meta/recipes-core/glib-2.0/glib-2.0_2.66.7.bb create mode 100644 poky/meta/recipes-core/glibc/glibc/faccessat2-perm.patch create mode 100644 poky/meta/recipes-core/systemd/systemd/00-hostnamed-network-user.conf delete mode 100644 poky/meta/recipes-core/systemd/systemd/0023-Include-sys-wait.h.patch delete mode 100644 poky/meta/recipes-core/systemd/systemd/0024-Include-signal.h.patch create mode 100644 poky/meta/recipes-core/systemd/systemd/org.freedesktop.hostname1_no_polkit.conf (limited to 'poky/meta/recipes-core') diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.66.4.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.66.4.bb deleted file mode 100644 index 5e1c0f2d3..000000000 --- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.66.4.bb +++ /dev/null @@ -1,51 +0,0 @@ -require glib.inc - -PE = "1" - -SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" - -SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ - file://run-ptest \ - file://0001-Fix-DATADIRNAME-on-uclibc-Linux.patch \ - file://Enable-more-tests-while-cross-compiling.patch \ - file://0001-Remove-the-warning-about-deprecated-paths-in-schemas.patch \ - file://0001-Install-gio-querymodules-as-libexec_PROGRAM.patch \ - file://0001-Do-not-ignore-return-value-of-write.patch \ - file://0010-Do-not-hardcode-python-path-into-various-tools.patch \ - file://0001-Set-host_machine-correctly-when-building-with-mingw3.patch \ - file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ - file://0001-meson-Run-atomics-test-on-clang-as-well.patch \ - file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ - file://0001-gio-tests-codegen.py-bump-timeout-to-100-seconds.patch \ - file://0001-tests-codegen.py-removing-unecessary-print-statement.patch \ - " - -SRC_URI_append_class-native = " file://relocate-modules.patch" - -SRC_URI[sha256sum] = "97df8670e32f9fd4f7392b0980e661dd625012015d58350da1e58e343f4af984" - -# Find any meson cross files in FILESPATH that are relevant for the current -# build (using siteinfo) and add them to EXTRA_OEMESON. -inherit siteinfo -def find_meson_cross_files(d): - if bb.data.inherits_class('native', d): - return "" - - corebase = d.getVar("COREBASE") - import collections - sitedata = siteinfo_data(d) - # filename -> found - files = collections.OrderedDict() - for path in d.getVar("FILESPATH").split(":"): - for element in sitedata: - filename = os.path.normpath(os.path.join(path, "meson.cross.d", element)) - files[filename.replace(corebase, "${COREBASE}")] = os.path.exists(filename) - - items = ["--cross-file=" + k for k,v in files.items() if v] - d.appendVar("EXTRA_OEMESON", " " + " ".join(items)) - items = ["%s:%s" % (k, "True" if v else "False") for k,v in files.items()] - d.appendVarFlag("do_configure", "file-checksums", " " + " ".join(items)) - -python () { - find_meson_cross_files(d) -} diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.66.7.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.66.7.bb new file mode 100644 index 000000000..15e9dbaf6 --- /dev/null +++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.66.7.bb @@ -0,0 +1,51 @@ +require glib.inc + +PE = "1" + +SHRT_VER = "${@oe.utils.trim_version("${PV}", 2)}" + +SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ + file://run-ptest \ + file://0001-Fix-DATADIRNAME-on-uclibc-Linux.patch \ + file://Enable-more-tests-while-cross-compiling.patch \ + file://0001-Remove-the-warning-about-deprecated-paths-in-schemas.patch \ + file://0001-Install-gio-querymodules-as-libexec_PROGRAM.patch \ + file://0001-Do-not-ignore-return-value-of-write.patch \ + file://0010-Do-not-hardcode-python-path-into-various-tools.patch \ + file://0001-Set-host_machine-correctly-when-building-with-mingw3.patch \ + file://0001-Do-not-write-bindir-into-pkg-config-files.patch \ + file://0001-meson-Run-atomics-test-on-clang-as-well.patch \ + file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ + file://0001-gio-tests-codegen.py-bump-timeout-to-100-seconds.patch \ + file://0001-tests-codegen.py-removing-unecessary-print-statement.patch \ + " + +SRC_URI_append_class-native = " file://relocate-modules.patch" + +SRC_URI[sha256sum] = "09f158769f6f26b31074e15b1ac80ec39b13b53102dfae66cfe826fb2cc65502" + +# Find any meson cross files in FILESPATH that are relevant for the current +# build (using siteinfo) and add them to EXTRA_OEMESON. +inherit siteinfo +def find_meson_cross_files(d): + if bb.data.inherits_class('native', d): + return "" + + corebase = d.getVar("COREBASE") + import collections + sitedata = siteinfo_data(d) + # filename -> found + files = collections.OrderedDict() + for path in d.getVar("FILESPATH").split(":"): + for element in sitedata: + filename = os.path.normpath(os.path.join(path, "meson.cross.d", element)) + files[filename.replace(corebase, "${COREBASE}")] = os.path.exists(filename) + + items = ["--cross-file=" + k for k,v in files.items() if v] + d.appendVar("EXTRA_OEMESON", " " + " ".join(items)) + items = ["%s:%s" % (k, "True" if v else "False") for k,v in files.items()] + d.appendVarFlag("do_configure", "file-checksums", " " + " ".join(items)) + +python () { + find_meson_cross_files(d) +} diff --git a/poky/meta/recipes-core/glibc/glibc/faccessat2-perm.patch b/poky/meta/recipes-core/glibc/glibc/faccessat2-perm.patch new file mode 100644 index 000000000..2ee7110ca --- /dev/null +++ b/poky/meta/recipes-core/glibc/glibc/faccessat2-perm.patch @@ -0,0 +1,31 @@ +Older seccomp-based filters used in container frameworks will block faccessat2 +calls as it's a relatively new syscall. This isn't a big problem with +glibc <2.33 but 2.33 will call faccessat2 itself, get EPERM, and thenn be confused +about what to do as EPERM isn't an expected error code. + +This manifests itself as mysterious errors, for example a kernel failing to link. + +The root cause of bad seccomp filters is mostly fixed (systemd 247, Docker 20.10.0) +but we can't expect everyone to upgrade, so add a workaound (originally from +Red Hat) to handle EPERM like ENOSYS and fallback to faccessat(). + +Upstream-Status: Inappropriate +Signed-off-by: Ross Burton + +diff --git a/sysdeps/unix/sysv/linux/faccessat.c b/sysdeps/unix/sysv/linux/faccessat.c +index 56cb6dcc8b4d58d3..5de75032bbc93a2c 100644 +--- a/sysdeps/unix/sysv/linux/faccessat.c ++++ b/sysdeps/unix/sysv/linux/faccessat.c +@@ -34,7 +34,11 @@ faccessat (int fd, const char *file, int mode, int flag) + #if __ASSUME_FACCESSAT2 + return ret; + #else +- if (ret == 0 || errno != ENOSYS) ++ /* Fedora-specific workaround: ++ As a workround for a broken systemd-nspawn that returns ++ EPERM when a syscall is not allowed instead of ENOSYS ++ we must check for EPERM here and fall back to faccessat. */ ++ if (ret == 0 || !(errno == ENOSYS || errno == EPERM)) + return ret; + + if (flag & ~(AT_SYMLINK_NOFOLLOW | AT_EACCESS)) diff --git a/poky/meta/recipes-core/glibc/glibc_2.33.bb b/poky/meta/recipes-core/glibc/glibc_2.33.bb index 4085c779e..e0002e604 100644 --- a/poky/meta/recipes-core/glibc/glibc_2.33.bb +++ b/poky/meta/recipes-core/glibc/glibc_2.33.bb @@ -12,6 +12,7 @@ NATIVESDKFIXES_class-nativesdk = "\ file://0005-nativesdk-glibc-Raise-the-size-of-arrays-containing-.patch \ file://0006-nativesdk-glibc-Allow-64-bit-atomics-for-x86.patch \ file://0007-nativesdk-glibc-Make-relocatable-install-for-locales.patch \ + file://faccessat2-perm.patch \ " SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ diff --git a/poky/meta/recipes-core/meta/buildtools-extended-tarball.bb b/poky/meta/recipes-core/meta/buildtools-extended-tarball.bb index 081648675..83e3fddcc 100644 --- a/poky/meta/recipes-core/meta/buildtools-extended-tarball.bb +++ b/poky/meta/recipes-core/meta/buildtools-extended-tarball.bb @@ -28,11 +28,21 @@ TOOLCHAIN_HOST_TASK += "\ nativesdk-libtool \ nativesdk-pkgconfig \ nativesdk-glibc-utils \ + nativesdk-glibc-gconv-ibm850 \ + nativesdk-glibc-gconv-iso8859-1 \ + nativesdk-glibc-gconv-utf-16 \ + nativesdk-glibc-gconv-cp1250 \ + nativesdk-glibc-gconv-cp1251 \ + nativesdk-glibc-gconv-cp1252 \ + nativesdk-glibc-gconv-euc-jp \ + nativesdk-glibc-gconv-libjis \ nativesdk-libxcrypt-dev \ nativesdk-parted \ nativesdk-dosfstools \ nativesdk-gptfdisk \ " +# gconv-cp1250, cp1251 and euc-jp needed for iconv to work in vim builds +# also copied list from uninative TOOLCHAIN_OUTPUTNAME = "${SDK_ARCH}-buildtools-extended-nativesdk-standalone-${DISTRO_VERSION}" diff --git a/poky/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb b/poky/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb index cce086caf..4909401c5 100644 --- a/poky/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb +++ b/poky/meta/recipes-core/meta/nativesdk-buildtools-perl-dummy.bb @@ -17,10 +17,13 @@ DUMMYPROVIDES_PACKAGES = "\ nativesdk-perl-module-file-path \ nativesdk-perl-module-file-spec \ nativesdk-perl-module-file-stat \ + nativesdk-perl-module-file-temp \ nativesdk-perl-module-getopt-long \ nativesdk-perl-module-io-file \ + nativesdk-perl-module-list-util \ nativesdk-perl-module-overloading \ nativesdk-perl-module-posix \ + nativesdk-perl-module-scalar-util \ nativesdk-perl-module-strict \ nativesdk-perl-module-text-parsewords \ nativesdk-perl-module-thread-queue \ diff --git a/poky/meta/recipes-core/musl/musl_git.bb b/poky/meta/recipes-core/musl/musl_git.bb index 249ce5352..562e80ae4 100644 --- a/poky/meta/recipes-core/musl/musl_git.bb +++ b/poky/meta/recipes-core/musl/musl_git.bb @@ -4,7 +4,7 @@ require musl.inc inherit linuxloader -SRCREV = "85e0e3519655220688e757b9d5bfd314923548bd" +SRCREV = "e5d2823631bbfebacf48e1a34ed28f28d7cb2570" BASEVER = "1.2.2" diff --git a/poky/meta/recipes-core/systemd/systemd/00-hostnamed-network-user.conf b/poky/meta/recipes-core/systemd/systemd/00-hostnamed-network-user.conf new file mode 100644 index 000000000..6b224ba9b --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/00-hostnamed-network-user.conf @@ -0,0 +1,6 @@ +[Service] +# By running with these options instead of root, networkd is allowed to request +# a hostname change via DBUS when policykit is not present +User=systemd-network +Group=systemd-hostname +AmbientCapabilities=CAP_SYS_ADMIN diff --git a/poky/meta/recipes-core/systemd/systemd/0023-Include-sys-wait.h.patch b/poky/meta/recipes-core/systemd/systemd/0023-Include-sys-wait.h.patch deleted file mode 100644 index ea4a024b8..000000000 --- a/poky/meta/recipes-core/systemd/systemd/0023-Include-sys-wait.h.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 359e7a38824a906b0a24f5775f41a2ae3358bf06 Mon Sep 17 00:00:00 2001 -From: Scott Murray -Date: Fri, 13 Sep 2019 19:26:27 -0400 -Subject: [PATCH 23/26] Include sys/wait.h - -Fixes: -src/login/logind-brightness.c:158:85: error: 'WEXITED' undeclared (first use in this function); did you mean 'WIFEXITED'? - 158 | r = sd_event_add_child(w->manager->event, &w->child_event_source, w->child, WEXITED, on_brightness_writer_exit, w); - | ^~~~~~~ - -Upstream-Status: Pending - -Signed-off-by: Scott Murray ---- - src/login/logind-brightness.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/login/logind-brightness.c b/src/login/logind-brightness.c -index a6a1603396..54848ce209 100644 ---- a/src/login/logind-brightness.c -+++ b/src/login/logind-brightness.c -@@ -1,5 +1,6 @@ - /* SPDX-License-Identifier: LGPL-2.1-or-later */ - -+#include - #include "bus-util.h" - #include "device-util.h" - #include "hash-funcs.h" --- -2.27.0 - diff --git a/poky/meta/recipes-core/systemd/systemd/0024-Include-signal.h.patch b/poky/meta/recipes-core/systemd/systemd/0024-Include-signal.h.patch deleted file mode 100644 index 2820d7b32..000000000 --- a/poky/meta/recipes-core/systemd/systemd/0024-Include-signal.h.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 0592da08e16a17ceef0949ec9901397d8ec5af92 Mon Sep 17 00:00:00 2001 -From: Scott Murray -Date: Fri, 13 Sep 2019 19:26:27 -0400 -Subject: [PATCH 24/26] Include signal.h - -Fixes several signal set related errors: -src/basic/copy.c:92:19: error: implicit declaration of function 'sigemptyset' [-Werror=implicit-function-declaration] -src/basic/copy.c:93:19: error: implicit declaration of function 'sigaddset' [-Werror=implicit-function-declaration] -src/basic/copy.c:93:34: error: 'SIGINT' undeclared (first use in this function) -src/basic/copy.c:95:13: error: implicit declaration of function 'sigtimedwait' [-Werror=implicit-function-declaration] - -Upstream-Status: Pending - -Signed-off-by: Scott Murray ---- - src/basic/copy.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/basic/copy.c b/src/basic/copy.c -index 6a9c3a396f..8948bb4013 100644 ---- a/src/basic/copy.c -+++ b/src/basic/copy.c -@@ -8,6 +8,7 @@ - #include - #include - #include -+#include - - #include "alloc-util.h" - #include "btrfs-util.h" --- -2.27.0 - diff --git a/poky/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch b/poky/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch index b1d3d6963..94a4c307b 100644 --- a/poky/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch +++ b/poky/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch @@ -36,10 +36,10 @@ systemd 247 and above plus kernel v5.7 or older will need this. Upstream-Status: Denied [https://github.com/systemd/systemd/issues/16896] Signed-off-by: Paul Gortmaker -diff --git a/src/core/namespace.c b/src/core/namespace.c -index cdf427a6ea93..f8fc33a89fc2 100644 ---- a/src/core/namespace.c -+++ b/src/core/namespace.c +Index: git/src/core/namespace.c +=================================================================== +--- git.orig/src/core/namespace.c ++++ git/src/core/namespace.c @@ -4,7 +4,9 @@ #include #include @@ -50,11 +50,9 @@ index cdf427a6ea93..f8fc33a89fc2 100644 #include #include -@@ -859,14 +861,34 @@ static int mount_sysfs(const MountEntry *m) { - } +@@ -860,13 +862,32 @@ static int mount_sysfs(const MountEntry static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { -+ _cleanup_free_ char *opts = NULL; const char *entry_path; - int r; + int r, major, minor; @@ -86,41 +84,14 @@ index cdf427a6ea93..f8fc33a89fc2 100644 /* Mount a new instance, so that we get the one that matches our user namespace, if we are running in * one. i.e we don't reuse existing mounts here under any condition, we want a new instance owned by * our user namespace and with our hidepid= settings applied. Hence, let's get rid of everything -@@ -875,9 +897,8 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { +@@ -875,8 +896,8 @@ static int mount_procfs(const MountEntry (void) mkdir_p_label(entry_path, 0755); (void) umount_recursive(entry_path, 0); - if (ns_info->protect_proc != PROTECT_PROC_DEFAULT || - ns_info->proc_subset != PROC_SUBSET_ALL) { -- _cleanup_free_ char *opts = NULL; + if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT || + ns_info->proc_subset != PROC_SUBSET_ALL)) { + _cleanup_free_ char *opts = NULL; /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it - * pretended to be per-instance but actually was per-namespace), hence let's make use of it -@@ -891,21 +912,9 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { - ns_info->proc_subset == PROC_SUBSET_PID ? ",subset=pid" : ""); - if (!opts) - return -ENOMEM; -- -- r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, opts); -- if (r < 0) { -- if (r != -EINVAL) -- return r; -- -- /* If this failed with EINVAL then this likely means the textual hidepid= stuff is -- * not supported by the kernel, and thus the per-instance hidepid= neither, which -- * means we really don't want to use it, since it would affect our host's /proc -- * mount. Hence let's gracefully fallback to a classic, unrestricted version. */ -- } else -- return 1; - } - -- r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL); -+ r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, opts); - if (r < 0) - return r; - --- -2.29.2 - diff --git a/poky/meta/recipes-core/systemd/systemd/org.freedesktop.hostname1_no_polkit.conf b/poky/meta/recipes-core/systemd/systemd/org.freedesktop.hostname1_no_polkit.conf new file mode 100644 index 000000000..f4d0271cd --- /dev/null +++ b/poky/meta/recipes-core/systemd/systemd/org.freedesktop.hostname1_no_polkit.conf @@ -0,0 +1,11 @@ + + + + + + + + + + diff --git a/poky/meta/recipes-core/systemd/systemd_247.3.bb b/poky/meta/recipes-core/systemd/systemd_247.3.bb index b1a38ba9b..59e000f1d 100644 --- a/poky/meta/recipes-core/systemd/systemd_247.3.bb +++ b/poky/meta/recipes-core/systemd/systemd_247.3.bb @@ -16,6 +16,8 @@ REQUIRED_DISTRO_FEATURES = "systemd" SRC_URI += "file://touchscreen.rules \ file://00-create-volatile.conf \ + ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://org.freedesktop.hostname1_no_polkit.conf', '', d)} \ + ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'file://00-hostnamed-network-user.conf', '', d)} \ file://init \ file://99-default.preset \ file://systemd-pager.sh \ @@ -51,8 +53,6 @@ SRC_URI_MUSL = "\ file://0020-Fix-incompatible-pointer-type-struct-sockaddr_un.patch \ file://0021-test-json.c-define-M_PIl.patch \ file://0022-do-not-disable-buffer-in-writing-files.patch \ - file://0023-Include-sys-wait.h.patch \ - file://0024-Include-signal.h.patch \ file://0025-Handle-__cpu_mask-usage.patch \ file://0026-Handle-missing-gshadow.patch \ " @@ -166,6 +166,10 @@ PACKAGECONFIG[openssl] = "-Dopenssl=true,-Dopenssl=false,openssl" PACKAGECONFIG[pam] = "-Dpam=true,-Dpam=false,libpam,${PAM_PLUGINS}" PACKAGECONFIG[pcre2] = "-Dpcre2=true,-Dpcre2=false,libpcre2" PACKAGECONFIG[polkit] = "-Dpolkit=true,-Dpolkit=false" +# If polkit is disabled and networkd+hostnamed are in use, enabling this option and +# using dbus-broker will allow networkd to be authorized to change the +# hostname without acquiring additional privileges +PACKAGECONFIG[polkit_hostnamed_fallback] = ",,,,dbus-broker,polkit" PACKAGECONFIG[portabled] = "-Dportabled=true,-Dportabled=false" PACKAGECONFIG[qrencode] = "-Dqrencode=true,-Dqrencode=false,qrencode,,qrencode" PACKAGECONFIG[quotacheck] = "-Dquotacheck=true,-Dquotacheck=false" @@ -308,6 +312,15 @@ do_install() { fi fi + # If polkit is not available and a fallback was requested, install a drop-in that allows networkd to + # request hostname changes via DBUS without elevating its privileges + if ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', 'true', 'false', d)}; then + install -d ${D}${systemd_unitdir}/system/systemd-hostnamed.service.d/ + install -m 0644 ${WORKDIR}/00-hostnamed-network-user.conf ${D}${systemd_unitdir}/system/systemd-hostnamed.service.d/ + install -d ${D}${datadir}/dbus-1/system.d/ + install -m 0644 ${WORKDIR}/org.freedesktop.hostname1_no_polkit.conf ${D}${datadir}/dbus-1/system.d/ + fi + # create link for existing udev rules ln -s ${base_bindir}/udevadm ${D}${base_sbindir}/udevadm @@ -372,7 +385,8 @@ USERADD_PACKAGES = "${PN} ${PN}-extra-utils \ ${@bb.utils.contains('PACKAGECONFIG', 'microhttpd', '${PN}-journal-remote', '', d)} \ ${@bb.utils.contains('PACKAGECONFIG', 'journal-upload', '${PN}-journal-upload', '', d)} \ " -GROUPADD_PARAM_${PN} = "-r systemd-journal" +GROUPADD_PARAM_${PN} = "-r systemd-journal;" +GROUPADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '-r systemd-hostname;', '', d)}" USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'coredump', '--system -d / -M --shell /sbin/nologin systemd-coredump;', '', d)}" USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'networkd', '--system -d / -M --shell /sbin/nologin systemd-network;', '', d)}" USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG', 'polkit', '--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;', '', d)}" @@ -591,6 +605,7 @@ FILES_${PN} = " ${base_bindir}/* \ ${datadir}/dbus-1/system.d/org.freedesktop.network1.conf \ ${datadir}/dbus-1/system.d/org.freedesktop.resolve1.conf \ ${datadir}/dbus-1/system.d/org.freedesktop.systemd1.conf \ + ${@bb.utils.contains('PACKAGECONFIG', 'polkit_hostnamed_fallback', '${datadir}/dbus-1/system.d/org.freedesktop.hostname1_no_polkit.conf', '', d)} \ ${datadir}/dbus-1/system.d/org.freedesktop.hostname1.conf \ ${datadir}/dbus-1/system.d/org.freedesktop.login1.conf \ ${datadir}/dbus-1/system.d/org.freedesktop.timesync1.conf \ -- cgit v1.2.3