Merge pull request #916 from bcressey/systemd-update

update systemd to v245

packages/login/login.spec

@@ -21,7 +21,11 @@ Requires: %{_cross_os}systemd-console
 install -d %{buildroot}%{_cross_bindir}
 install -p -m 0755 %{S:0} %{buildroot}%{_cross_bindir}/login
 
+install -d %{buildroot}%{_cross_sbindir}
+ln -s ../bin/login %{buildroot}%{_cross_sbindir}/sulogin
+
 %files
 %{_cross_bindir}/login
+%{_cross_sbindir}/sulogin
 
 %changelog

packages/release/prepare-local.service

@@ -38,7 +38,7 @@ ExecStart=/usr/bin/mount \
 ExecStart=/usr/lib/systemd/systemd-growfs ${LOCAL_DIR}
 ExecStart=/usr/bin/mkdir -p ${LOCAL_DIR}/var ${LOCAL_DIR}/opt
 
-RemainAfterExit=false
+RemainAfterExit=true
 StandardError=journal+console
 
 [Install]

packages/systemd/9001-move-stateful-paths-to-ephemeral-storage.patch

@@ -1,7 +1,7 @@
-From 8862df96457fa790bb2dea414f89d1fe0a704716 Mon Sep 17 00:00:00 2001
+From 4f14d52fb6951f3870bfbe6789471cd75a87c341 Mon Sep 17 00:00:00 2001
 From: Ben Cressey <bcressey@amazon.com>
 Date: Sun, 15 Sep 2019 00:21:26 +0000
-Subject: [PATCH 9001/9004] move stateful paths to ephemeral storage
+Subject: [PATCH 9001/9005] move stateful paths to ephemeral storage
 
 We reserve most of /var for persistent local storage controlled by
 the administrator, and want to avoid depending on it for our own

packages/systemd/9002-do-not-create-unused-state-directories.patch

@@ -1,7 +1,7 @@
-From 1b3b7345d19a7877026690ef05852dbb4fb0efe8 Mon Sep 17 00:00:00 2001
+From 8711db616a17523abcea9615c56233c68cf6a1e5 Mon Sep 17 00:00:00 2001
 From: Ben Cressey <bcressey@amazon.com>
 Date: Sun, 15 Sep 2019 00:51:25 +0000
-Subject: [PATCH 9002/9004] do not create unused state directories
+Subject: [PATCH 9002/9005] do not create unused state directories
 
 We do not use the coredump handler, and the private directories have
 been relocated to `/run`.
@@ -12,11 +12,11 @@ Signed-off-by: Ben Cressey <bcressey@amazon.com>
  1 file changed, 7 deletions(-)
 
 diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4
-index 9c57d3b..30a9bd9 100644
+index 11d87d2..c8fb51a 100644
 --- a/tmpfiles.d/systemd.conf.m4
 +++ b/tmpfiles.d/systemd.conf.m4
-@@ -70,10 +70,3 @@ a+ /var/log/journal/%m - - - - d:group:wheel:r-x
- a+ /var/log/journal/%m - - - - group:wheel:r-x
+@@ -65,10 +65,3 @@ a+ /var/log/journal    - - - - d:group::r-x,d:group:wheel:r-x,group::r-x,group:w
+ a+ /var/log/journal/%m - - - - d:group:wheel:r-x,group:wheel:r-x
  a+ /var/log/journal/%m/system.journal - - - - group:wheel:r--
  '')')')m4_dnl
 -

packages/systemd/9003-use-absolute-path-for-var-run-symlink.patch

@@ -1,7 +1,7 @@
-From 6c298326187075878688ac06f7d99e5b9822aaec Mon Sep 17 00:00:00 2001
+From 3cb32d73e064c2f5a6fde71c279b0cfe99e1c6ec Mon Sep 17 00:00:00 2001
 From: Ben Cressey <bcressey@amazon.com>
 Date: Tue, 17 Sep 2019 01:35:51 +0000
-Subject: [PATCH 9003/9004] use absolute path for /var/run symlink
+Subject: [PATCH 9003/9005] use absolute path for /var/run symlink
 
 Otherwise the symlink may be broken if /var is a bind mount from
 somewhere else.

packages/systemd/9004-core-add-separate-timeout-for-system-shutdown.patch

@@ -1,7 +1,7 @@
-From 4d11f5d502ca4a61c491681cdfd99ebe24e3f58c Mon Sep 17 00:00:00 2001
+From 2feddea6cbee14216e26a4312f5cb0e546a472ff Mon Sep 17 00:00:00 2001
 From: Ben Cressey <bcressey@amazon.com>
 Date: Tue, 10 Mar 2020 20:30:10 +0000
-Subject: [PATCH 9004/9004] core: add separate timeout for system shutdown
+Subject: [PATCH 9004/9005] core: add separate timeout for system shutdown
 
 There is an existing setting for this (DefaultTimeoutStopUSec), but
 changing it has no effect because `reset_arguments()` is called just
@@ -19,7 +19,7 @@ Signed-off-by: Ben Cressey <bcressey@amazon.com>
  2 files changed, 6 insertions(+), 1 deletion(-)
 
 diff --git a/src/basic/def.h b/src/basic/def.h
-index 970654a..b02f6f0 100644
+index 970654a..9251bb9 100644
 --- a/src/basic/def.h
 +++ b/src/basic/def.h
 @@ -13,6 +13,9 @@
@@ -33,7 +33,7 @@ index 970654a..b02f6f0 100644
  #define DEFAULT_UNIX_MAX_DGRAM_QLEN 512UL
 
 diff --git a/src/core/main.c b/src/core/main.c
-index c24b696..8ffa09f 100644
+index 3c6b66e..f2e9776 100644
 --- a/src/core/main.c
 +++ b/src/core/main.c
 @@ -114,6 +114,7 @@ static ExecOutput arg_default_std_error;
@@ -44,7 +44,7 @@ index c24b696..8ffa09f 100644
  static usec_t arg_default_timeout_abort_usec;
  static bool arg_default_timeout_abort_set;
  static usec_t arg_default_start_limit_interval;
-@@ -1389,7 +1390,7 @@ static int become_shutdown(
+@@ -1398,7 +1399,7 @@ static int become_shutdown(
          env_block = strv_copy(environ);
 
          xsprintf(log_level, "%d", log_get_max_level());
@@ -53,7 +53,7 @@ index c24b696..8ffa09f 100644
 
          switch (log_get_target()) {
 
-@@ -2124,6 +2125,7 @@ static void reset_arguments(void) {
+@@ -2151,6 +2152,7 @@ static void reset_arguments(void) {
          arg_default_restart_usec = DEFAULT_RESTART_USEC;
          arg_default_timeout_start_usec = DEFAULT_TIMEOUT_USEC;
          arg_default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC;

packages/systemd/9005-repart-always-use-random-UUIDs.patch

@@ -0,0 +1,178 @@
+From b96a0d9b2449719a7152f4b3c2871fd3b18a8ebf Mon Sep 17 00:00:00 2001
+From: Ben Cressey <bcressey@amazon.com>
+Date: Thu, 16 Apr 2020 15:10:41 +0000
+Subject: [PATCH 9005/9005] repart: always use random UUIDs
+
+We would like to avoid adding OpenSSL to the base OS, and for our use
+case we do not need the UUIDs assigned to disks or partitions to be
+reproducible.
+
+The upstream implementation keys off machine ID, and we will almost
+always be resizing the local data partition on first boot, when the
+machine ID will be freshly generated and therefore also random.
+
+This takes the fallback case of generating a random UUID in the event
+of a collision and makes it the default behavior for both partition
+and disk UUIDs.
+
+Signed-off-by: Ben Cressey <bcressey@amazon.com>
+---
+ meson.build            |   3 +-
+ src/partition/repart.c | 101 ++++++-----------------------------------
+ 2 files changed, 14 insertions(+), 90 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index fc216d2..eb28daa 100644
+--- a/meson.build
++++ b/meson.build
+@@ -1305,8 +1305,7 @@ substs.set('DEFAULT_DNS_OVER_TLS_MODE', default_dns_over_tls)
+
+ want_repart = get_option('repart')
+ if want_repart != 'false'
+-        have = (conf.get('HAVE_OPENSSL') == 1 and
+-                conf.get('HAVE_LIBFDISK') == 1)
++        have = (conf.get('HAVE_LIBFDISK') == 1)
+         if want_repart == 'true' and not have
+                 error('repart support was requested, but dependencies are not available')
+         endif
+diff --git a/src/partition/repart.c b/src/partition/repart.c
+index 3e52f26..93f6834 100644
+--- a/src/partition/repart.c
++++ b/src/partition/repart.c
+@@ -13,9 +13,6 @@
+ #include <sys/ioctl.h>
+ #include <sys/stat.h>
+
+-#include <openssl/hmac.h>
+-#include <openssl/sha.h>
+-
+ #include "sd-id128.h"
+
+ #include "alloc-util.h"
+@@ -1143,26 +1140,18 @@ static int fdisk_set_disklabel_id_by_uuid(struct fdisk_context *c, sd_id128_t id
+ #define DISK_UUID_TOKEN "disk-uuid"
+
+ static int disk_acquire_uuid(Context *context, sd_id128_t *ret) {
+-        union {
+-                unsigned char md[SHA256_DIGEST_LENGTH];
+-                sd_id128_t id;
+-        } result;
++        sd_id128_t id;
++        int r;
+
+         assert(context);
+         assert(ret);
+
+-        /* Calculate the HMAC-SHA256 of the string "disk-uuid", keyed off the machine ID. We use the machine
+-         * ID as key (and not as cleartext!) since it's the machine ID we don't want to leak. */
+-
+-        if (!HMAC(EVP_sha256(),
+-                  &context->seed, sizeof(context->seed),
+-                  (const unsigned char*) DISK_UUID_TOKEN, strlen(DISK_UUID_TOKEN),
+-                  result.md, NULL))
+-                return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "HMAC-SHA256 calculation failed.");
++        /* Calculate a random UUID for the indicated disk. */
++        r = sd_id128_randomize(&id);
++        if (r < 0)
++            return log_error_errno(r, "Failed to generate randomized UUID: %m");
+
+-        /* Take the first half, mark it as v4 UUID */
+-        assert_cc(sizeof(result.md) == sizeof(result.id) * 2);
+-        *ret = id128_make_v4_uuid(result.id);
++        *ret = id;
+         return 0;
+ }
+
+@@ -2073,83 +2062,19 @@ static int context_wipe_and_discard(Context *context, bool from_scratch) {
+ }
+
+ static int partition_acquire_uuid(Context *context, Partition *p, sd_id128_t *ret) {
+-        struct {
+-                sd_id128_t type_uuid;
+-                uint64_t counter;
+-        } _packed_  plaintext = {};
+-        union {
+-                unsigned char md[SHA256_DIGEST_LENGTH];
+-                sd_id128_t id;
+-        } result;
+-
+-        uint64_t k = 0;
+-        Partition *q;
++        sd_id128_t id;
+         int r;
+
+         assert(context);
+         assert(p);
+         assert(ret);
+
+-        /* Calculate a good UUID for the indicated partition. We want a certain degree of reproducibility,
+-         * hence we won't generate the UUIDs randomly. Instead we use a cryptographic hash (precisely:
+-         * HMAC-SHA256) to derive them from a single seed. The seed is generally the machine ID of the
+-         * installation we are processing, but if random behaviour is desired can be random, too. We use the
+-         * seed value as key for the HMAC (since the machine ID is something we generally don't want to leak)
+-         * and the partition type as plaintext. The partition type is suffixed with a counter (only for the
+-         * second and later partition of the same type) if we have more than one partition of the same
+-         * time. Or in other words:
+-         *
+-         * With:
+-         *     SEED := /etc/machine-id
+-         *
+-         * If first partition instance of type TYPE_UUID:
+-         *     PARTITION_UUID := HMAC-SHA256(SEED, TYPE_UUID)
+-         *
+-         * For all later partition instances of type TYPE_UUID with INSTANCE being the LE64 encoded instance number:
+-         *     PARTITION_UUID := HMAC-SHA256(SEED, TYPE_UUID || INSTANCE)
+-         */
+-
+-        LIST_FOREACH(partitions, q, context->partitions) {
+-                if (p == q)
+-                        break;
+-
+-                if (!sd_id128_equal(p->type_uuid, q->type_uuid))
+-                        continue;
+-
+-                k++;
+-        }
+-
+-        plaintext.type_uuid = p->type_uuid;
+-        plaintext.counter = htole64(k);
+-
+-        if (!HMAC(EVP_sha256(),
+-                  &context->seed, sizeof(context->seed),
+-                  (const unsigned char*) &plaintext, k == 0 ? sizeof(sd_id128_t) : sizeof(plaintext),
+-                  result.md, NULL))
+-                return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "SHA256 calculation failed.");
+-
+-        /* Take the first half, mark it as v4 UUID */
+-        assert_cc(sizeof(result.md) == sizeof(result.id) * 2);
+-        result.id = id128_make_v4_uuid(result.id);
+-
+-        /* Ensure this partition UUID is actually unique, and there's no remaining partition from an earlier run? */
+-        LIST_FOREACH(partitions, q, context->partitions) {
+-                if (p == q)
+-                        continue;
+-
+-                if (sd_id128_equal(q->current_uuid, result.id) ||
+-                    sd_id128_equal(q->new_uuid, result.id)) {
+-                        log_warning("Partition UUID calculated from seed for partition %" PRIu64 " exists already, reverting to randomized UUID.", p->partno);
+-
+-                        r = sd_id128_randomize(&result.id);
+-                        if (r < 0)
+-                                return log_error_errno(r, "Failed to generate randomized UUID: %m");
+-
+-                        break;
+-                }
+-        }
++        /* Calculate a random UUID for the indicated partition. */
++        r = sd_id128_randomize(&id);
++        if (r < 0)
++                return log_error_errno(r, "Failed to generate randomized UUID: %m");
+
+-        *ret = result.id;
++        *ret = id;
+         return 0;
+ }
+
+-- 
+2.21.0
+

packages/systemd/Cargo.toml

@@ -9,8 +9,8 @@ build = "build.rs"
 path = "pkg.rs"
 
 [[package.metadata.build-package.external-files]]
-url = "/~https://github.com/systemd/systemd/archive/v244/systemd-244.tar.gz"
-sha512 = "08f260fb15b5eb273faafda826dd9154e9a02841b4c5911cc1c7e1445072ad51389f8cced7b9acf112737c20fd56b2fbf48b3f914733c934c774d38a23b616fb"
+url = "/~https://github.com/systemd/systemd/archive/v245/systemd-245.tar.gz"
+sha512 = "1b80d0e02472dfc4197f11dab4f56cf90e8a6e105ce19f837cb11335b6d8577ed49031dad94cdb41aa9bdc06ec8eec62c8e9246272b83935e7bb9dcd3cd8c012"
 
 [build-dependencies]
 glibc = { path = "../glibc" }