-
Notifications
You must be signed in to change notification settings - Fork 523
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #916 from bcressey/systemd-update
update systemd to v245
- Loading branch information
Showing
11 changed files
with
308 additions
and
35 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 2 additions & 2 deletions
4
packages/systemd/9001-move-stateful-paths-to-ephemeral-storage.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
From 8862df96457fa790bb2dea414f89d1fe0a704716 Mon Sep 17 00:00:00 2001 | ||
From 4f14d52fb6951f3870bfbe6789471cd75a87c341 Mon Sep 17 00:00:00 2001 | ||
From: Ben Cressey <[email protected]> | ||
Date: Sun, 15 Sep 2019 00:21:26 +0000 | ||
Subject: [PATCH 9001/9004] move stateful paths to ephemeral storage | ||
Subject: [PATCH 9001/9005] move stateful paths to ephemeral storage | ||
|
||
We reserve most of /var for persistent local storage controlled by | ||
the administrator, and want to avoid depending on it for our own | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
From 1b3b7345d19a7877026690ef05852dbb4fb0efe8 Mon Sep 17 00:00:00 2001 | ||
From 8711db616a17523abcea9615c56233c68cf6a1e5 Mon Sep 17 00:00:00 2001 | ||
From: Ben Cressey <[email protected]> | ||
Date: Sun, 15 Sep 2019 00:51:25 +0000 | ||
Subject: [PATCH 9002/9004] do not create unused state directories | ||
Subject: [PATCH 9002/9005] do not create unused state directories | ||
|
||
We do not use the coredump handler, and the private directories have | ||
been relocated to `/run`. | ||
|
@@ -12,11 +12,11 @@ Signed-off-by: Ben Cressey <[email protected]> | |
1 file changed, 7 deletions(-) | ||
|
||
diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4 | ||
index 9c57d3b..30a9bd9 100644 | ||
index 11d87d2..c8fb51a 100644 | ||
--- a/tmpfiles.d/systemd.conf.m4 | ||
+++ b/tmpfiles.d/systemd.conf.m4 | ||
@@ -70,10 +70,3 @@ a+ /var/log/journal/%m - - - - d:group:wheel:r-x | ||
a+ /var/log/journal/%m - - - - group:wheel:r-x | ||
@@ -65,10 +65,3 @@ a+ /var/log/journal - - - - d:group::r-x,d:group:wheel:r-x,group::r-x,group:w | ||
a+ /var/log/journal/%m - - - - d:group:wheel:r-x,group:wheel:r-x | ||
a+ /var/log/journal/%m/system.journal - - - - group:wheel:r-- | ||
'')')')m4_dnl | ||
- | ||
|
4 changes: 2 additions & 2 deletions
4
packages/systemd/9003-use-absolute-path-for-var-run-symlink.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
From 6c298326187075878688ac06f7d99e5b9822aaec Mon Sep 17 00:00:00 2001 | ||
From 3cb32d73e064c2f5a6fde71c279b0cfe99e1c6ec Mon Sep 17 00:00:00 2001 | ||
From: Ben Cressey <[email protected]> | ||
Date: Tue, 17 Sep 2019 01:35:51 +0000 | ||
Subject: [PATCH 9003/9004] use absolute path for /var/run symlink | ||
Subject: [PATCH 9003/9005] use absolute path for /var/run symlink | ||
|
||
Otherwise the symlink may be broken if /var is a bind mount from | ||
somewhere else. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,7 @@ | ||
From 4d11f5d502ca4a61c491681cdfd99ebe24e3f58c Mon Sep 17 00:00:00 2001 | ||
From 2feddea6cbee14216e26a4312f5cb0e546a472ff Mon Sep 17 00:00:00 2001 | ||
From: Ben Cressey <[email protected]> | ||
Date: Tue, 10 Mar 2020 20:30:10 +0000 | ||
Subject: [PATCH 9004/9004] core: add separate timeout for system shutdown | ||
Subject: [PATCH 9004/9005] core: add separate timeout for system shutdown | ||
|
||
There is an existing setting for this (DefaultTimeoutStopUSec), but | ||
changing it has no effect because `reset_arguments()` is called just | ||
|
@@ -19,7 +19,7 @@ Signed-off-by: Ben Cressey <[email protected]> | |
2 files changed, 6 insertions(+), 1 deletion(-) | ||
|
||
diff --git a/src/basic/def.h b/src/basic/def.h | ||
index 970654a..b02f6f0 100644 | ||
index 970654a..9251bb9 100644 | ||
--- a/src/basic/def.h | ||
+++ b/src/basic/def.h | ||
@@ -13,6 +13,9 @@ | ||
|
@@ -33,7 +33,7 @@ index 970654a..b02f6f0 100644 | |
#define DEFAULT_UNIX_MAX_DGRAM_QLEN 512UL | ||
|
||
diff --git a/src/core/main.c b/src/core/main.c | ||
index c24b696..8ffa09f 100644 | ||
index 3c6b66e..f2e9776 100644 | ||
--- a/src/core/main.c | ||
+++ b/src/core/main.c | ||
@@ -114,6 +114,7 @@ static ExecOutput arg_default_std_error; | ||
|
@@ -44,7 +44,7 @@ index c24b696..8ffa09f 100644 | |
static usec_t arg_default_timeout_abort_usec; | ||
static bool arg_default_timeout_abort_set; | ||
static usec_t arg_default_start_limit_interval; | ||
@@ -1389,7 +1390,7 @@ static int become_shutdown( | ||
@@ -1398,7 +1399,7 @@ static int become_shutdown( | ||
env_block = strv_copy(environ); | ||
|
||
xsprintf(log_level, "%d", log_get_max_level()); | ||
|
@@ -53,7 +53,7 @@ index c24b696..8ffa09f 100644 | |
|
||
switch (log_get_target()) { | ||
|
||
@@ -2124,6 +2125,7 @@ static void reset_arguments(void) { | ||
@@ -2151,6 +2152,7 @@ static void reset_arguments(void) { | ||
arg_default_restart_usec = DEFAULT_RESTART_USEC; | ||
arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC; | ||
arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC; | ||
|
178 changes: 178 additions & 0 deletions
178
packages/systemd/9005-repart-always-use-random-UUIDs.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,178 @@ | ||
From b96a0d9b2449719a7152f4b3c2871fd3b18a8ebf Mon Sep 17 00:00:00 2001 | ||
From: Ben Cressey <[email protected]> | ||
Date: Thu, 16 Apr 2020 15:10:41 +0000 | ||
Subject: [PATCH 9005/9005] repart: always use random UUIDs | ||
|
||
We would like to avoid adding OpenSSL to the base OS, and for our use | ||
case we do not need the UUIDs assigned to disks or partitions to be | ||
reproducible. | ||
|
||
The upstream implementation keys off machine ID, and we will almost | ||
always be resizing the local data partition on first boot, when the | ||
machine ID will be freshly generated and therefore also random. | ||
|
||
This takes the fallback case of generating a random UUID in the event | ||
of a collision and makes it the default behavior for both partition | ||
and disk UUIDs. | ||
|
||
Signed-off-by: Ben Cressey <[email protected]> | ||
--- | ||
meson.build | 3 +- | ||
src/partition/repart.c | 101 ++++++----------------------------------- | ||
2 files changed, 14 insertions(+), 90 deletions(-) | ||
|
||
diff --git a/meson.build b/meson.build | ||
index fc216d2..eb28daa 100644 | ||
--- a/meson.build | ||
+++ b/meson.build | ||
@@ -1305,8 +1305,7 @@ substs.set('DEFAULT_DNS_OVER_TLS_MODE', default_dns_over_tls) | ||
|
||
want_repart = get_option('repart') | ||
if want_repart != 'false' | ||
- have = (conf.get('HAVE_OPENSSL') == 1 and | ||
- conf.get('HAVE_LIBFDISK') == 1) | ||
+ have = (conf.get('HAVE_LIBFDISK') == 1) | ||
if want_repart == 'true' and not have | ||
error('repart support was requested, but dependencies are not available') | ||
endif | ||
diff --git a/src/partition/repart.c b/src/partition/repart.c | ||
index 3e52f26..93f6834 100644 | ||
--- a/src/partition/repart.c | ||
+++ b/src/partition/repart.c | ||
@@ -13,9 +13,6 @@ | ||
#include <sys/ioctl.h> | ||
#include <sys/stat.h> | ||
|
||
-#include <openssl/hmac.h> | ||
-#include <openssl/sha.h> | ||
- | ||
#include "sd-id128.h" | ||
|
||
#include "alloc-util.h" | ||
@@ -1143,26 +1140,18 @@ static int fdisk_set_disklabel_id_by_uuid(struct fdisk_context *c, sd_id128_t id | ||
#define DISK_UUID_TOKEN "disk-uuid" | ||
|
||
static int disk_acquire_uuid(Context *context, sd_id128_t *ret) { | ||
- union { | ||
- unsigned char md[SHA256_DIGEST_LENGTH]; | ||
- sd_id128_t id; | ||
- } result; | ||
+ sd_id128_t id; | ||
+ int r; | ||
|
||
assert(context); | ||
assert(ret); | ||
|
||
- /* Calculate the HMAC-SHA256 of the string "disk-uuid", keyed off the machine ID. We use the machine | ||
- * ID as key (and not as cleartext!) since it's the machine ID we don't want to leak. */ | ||
- | ||
- if (!HMAC(EVP_sha256(), | ||
- &context->seed, sizeof(context->seed), | ||
- (const unsigned char*) DISK_UUID_TOKEN, strlen(DISK_UUID_TOKEN), | ||
- result.md, NULL)) | ||
- return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "HMAC-SHA256 calculation failed."); | ||
+ /* Calculate a random UUID for the indicated disk. */ | ||
+ r = sd_id128_randomize(&id); | ||
+ if (r < 0) | ||
+ return log_error_errno(r, "Failed to generate randomized UUID: %m"); | ||
|
||
- /* Take the first half, mark it as v4 UUID */ | ||
- assert_cc(sizeof(result.md) == sizeof(result.id) * 2); | ||
- *ret = id128_make_v4_uuid(result.id); | ||
+ *ret = id; | ||
return 0; | ||
} | ||
|
||
@@ -2073,83 +2062,19 @@ static int context_wipe_and_discard(Context *context, bool from_scratch) { | ||
} | ||
|
||
static int partition_acquire_uuid(Context *context, Partition *p, sd_id128_t *ret) { | ||
- struct { | ||
- sd_id128_t type_uuid; | ||
- uint64_t counter; | ||
- } _packed_ plaintext = {}; | ||
- union { | ||
- unsigned char md[SHA256_DIGEST_LENGTH]; | ||
- sd_id128_t id; | ||
- } result; | ||
- | ||
- uint64_t k = 0; | ||
- Partition *q; | ||
+ sd_id128_t id; | ||
int r; | ||
|
||
assert(context); | ||
assert(p); | ||
assert(ret); | ||
|
||
- /* Calculate a good UUID for the indicated partition. We want a certain degree of reproducibility, | ||
- * hence we won't generate the UUIDs randomly. Instead we use a cryptographic hash (precisely: | ||
- * HMAC-SHA256) to derive them from a single seed. The seed is generally the machine ID of the | ||
- * installation we are processing, but if random behaviour is desired can be random, too. We use the | ||
- * seed value as key for the HMAC (since the machine ID is something we generally don't want to leak) | ||
- * and the partition type as plaintext. The partition type is suffixed with a counter (only for the | ||
- * second and later partition of the same type) if we have more than one partition of the same | ||
- * time. Or in other words: | ||
- * | ||
- * With: | ||
- * SEED := /etc/machine-id | ||
- * | ||
- * If first partition instance of type TYPE_UUID: | ||
- * PARTITION_UUID := HMAC-SHA256(SEED, TYPE_UUID) | ||
- * | ||
- * For all later partition instances of type TYPE_UUID with INSTANCE being the LE64 encoded instance number: | ||
- * PARTITION_UUID := HMAC-SHA256(SEED, TYPE_UUID || INSTANCE) | ||
- */ | ||
- | ||
- LIST_FOREACH(partitions, q, context->partitions) { | ||
- if (p == q) | ||
- break; | ||
- | ||
- if (!sd_id128_equal(p->type_uuid, q->type_uuid)) | ||
- continue; | ||
- | ||
- k++; | ||
- } | ||
- | ||
- plaintext.type_uuid = p->type_uuid; | ||
- plaintext.counter = htole64(k); | ||
- | ||
- if (!HMAC(EVP_sha256(), | ||
- &context->seed, sizeof(context->seed), | ||
- (const unsigned char*) &plaintext, k == 0 ? sizeof(sd_id128_t) : sizeof(plaintext), | ||
- result.md, NULL)) | ||
- return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "SHA256 calculation failed."); | ||
- | ||
- /* Take the first half, mark it as v4 UUID */ | ||
- assert_cc(sizeof(result.md) == sizeof(result.id) * 2); | ||
- result.id = id128_make_v4_uuid(result.id); | ||
- | ||
- /* Ensure this partition UUID is actually unique, and there's no remaining partition from an earlier run? */ | ||
- LIST_FOREACH(partitions, q, context->partitions) { | ||
- if (p == q) | ||
- continue; | ||
- | ||
- if (sd_id128_equal(q->current_uuid, result.id) || | ||
- sd_id128_equal(q->new_uuid, result.id)) { | ||
- log_warning("Partition UUID calculated from seed for partition %" PRIu64 " exists already, reverting to randomized UUID.", p->partno); | ||
- | ||
- r = sd_id128_randomize(&result.id); | ||
- if (r < 0) | ||
- return log_error_errno(r, "Failed to generate randomized UUID: %m"); | ||
- | ||
- break; | ||
- } | ||
- } | ||
+ /* Calculate a random UUID for the indicated partition. */ | ||
+ r = sd_id128_randomize(&id); | ||
+ if (r < 0) | ||
+ return log_error_errno(r, "Failed to generate randomized UUID: %m"); | ||
|
||
- *ret = result.id; | ||
+ *ret = id; | ||
return 0; | ||
} | ||
|
||
-- | ||
2.21.0 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.