From 46ce43a77dc21ca04d6cf43cb1de20f9de175f88 Mon Sep 17 00:00:00 2001 From: Shuicheng Lin Date: Tue, 20 Nov 2018 20:18:08 +0800 Subject: [PATCH] refactor systemd Story: 2003768 Task: 27594 Package systemd-config is added to config customized config file of systemd. Several patches are converted to config files. These config files are based on systemd-219-57.el7.src.rpm. BuildRequires in system-config is set to equal "219-57.el7", to avoid system-config is missed check when do upgrade. So when do systemd upgrade, system-config need be upgraded also. "0003-spec-expand-_udevrulesdir-macro.patch" is removed which seems not needed. Test: Pass build and multi node deploy test. Confirmed related config file is the same as before. Change-Id: I879dc276f3280911d844cfa605c56ba03caabdad Signed-off-by: Shuicheng Lin --- base/systemd-config/centos/build_srpm.data | 2 + .../systemd-config/centos/systemd-config.spec | 55 +++++ .../files/60-persistent-storage.rules | 105 +++++++++ base/systemd-config/files/LICENSE | 202 ++++++++++++++++++ base/systemd-config/files/journald.conf | 40 ++++ .../files/systemd.conf.tmpfiles.d | 42 ++++ base/systemd-config/files/tmp.conf.tmpfiles.d | 20 ++ base/systemd-config/files/tmp.mount | 25 +++ ...0003-spec-expand-_udevrulesdir-macro.patch | 27 --- .../0007-Add-patch-for-journald-config.patch | 24 --- ...patch-for-journald-config-rate-limit.patch | 26 --- ...Add-patch-to-remove-ID_SAS_PATH-rule.patch | 24 --- ...L-warnings-from-systemd-tmpfiles-set.patch | 24 --- ...Add-patch-for-moving-vartmp-to-tmpfs.patch | 24 --- ...Add-patch-for-restricting-tmpfs-size.patch | 24 --- ...13-fix-systemd-tmpfiles-ACL-warnings.patch | 24 --- base/systemd/centos/meta_patches/PATCH_ORDER | 16 +- ...of-systemd-post-from-running-on-pat.patch} | 10 +- ...fix-build-error-for-unused-variable.patch} | 18 +- ...tch => spec-millisec-in-syslog-date.patch} | 6 +- ...e-package-versioning-for-TIS-format.patch} | 2 +- ...fix-build-error-for-unused-variable.patch} | 4 +- ...figure-journald-to-forward-to-syslog.patch | 34 --- .../0704-Configure-journald-rate-limit.patch | 29 --- .../0705-remove-id-sas-path-symlink.patch | 26 --- ...L-warnings-from-systemd-tmpfiles-set.patch | 38 ---- .../patches/0707-move-vartmp-to-tmpfs.patch | 33 --- ...-set-a-1GB-size-restriction-on-tpmfs.patch | 26 --- ...09-fix-systemd-tmpfiles-ACL-warnings.patch | 41 ---- centos_iso_image.inc | 1 + centos_pkg_dirs | 1 + 31 files changed, 517 insertions(+), 456 deletions(-) create mode 100644 base/systemd-config/centos/build_srpm.data create mode 100644 base/systemd-config/centos/systemd-config.spec create mode 100644 base/systemd-config/files/60-persistent-storage.rules create mode 100644 base/systemd-config/files/LICENSE create mode 100644 base/systemd-config/files/journald.conf create mode 100644 base/systemd-config/files/systemd.conf.tmpfiles.d create mode 100644 base/systemd-config/files/tmp.conf.tmpfiles.d create mode 100644 base/systemd-config/files/tmp.mount delete mode 100644 base/systemd/centos/meta_patches/0003-spec-expand-_udevrulesdir-macro.patch delete mode 100644 base/systemd/centos/meta_patches/0007-Add-patch-for-journald-config.patch delete mode 100644 base/systemd/centos/meta_patches/0008-Add-patch-for-journald-config-rate-limit.patch delete mode 100644 base/systemd/centos/meta_patches/0009-Add-patch-to-remove-ID_SAS_PATH-rule.patch delete mode 100644 base/systemd/centos/meta_patches/0010-fix-ACL-warnings-from-systemd-tmpfiles-set.patch delete mode 100644 base/systemd/centos/meta_patches/0011-Add-patch-for-moving-vartmp-to-tmpfs.patch delete mode 100644 base/systemd/centos/meta_patches/0012-Add-patch-for-restricting-tmpfs-size.patch delete mode 100644 base/systemd/centos/meta_patches/0013-fix-systemd-tmpfiles-ACL-warnings.patch rename base/systemd/centos/meta_patches/{0004-Protect-sections-of-systemd-post-from-running-on-pat.patch => Protect-sections-of-systemd-post-from-running-on-pat.patch} (99%) rename base/systemd/centos/meta_patches/{0014-fix-build-error-for-unused-variable.patch => fix-build-error-for-unused-variable.patch} (56%) rename base/systemd/centos/meta_patches/{0005-spec-millisec-in-syslog-date.patch => spec-millisec-in-syslog-date.patch} (99%) rename base/systemd/centos/meta_patches/{0001-update-package-versioning-for-TIS-format.patch => update-package-versioning-for-TIS-format.patch} (99%) rename base/systemd/centos/patches/{0710-fix-build-error-for-unused-variable.patch => 0702-fix-build-error-for-unused-variable.patch} (99%) delete mode 100644 base/systemd/centos/patches/0703-Configure-journald-to-forward-to-syslog.patch delete mode 100644 base/systemd/centos/patches/0704-Configure-journald-rate-limit.patch delete mode 100644 base/systemd/centos/patches/0705-remove-id-sas-path-symlink.patch delete mode 100644 base/systemd/centos/patches/0706-fix-ACL-warnings-from-systemd-tmpfiles-set.patch delete mode 100644 base/systemd/centos/patches/0707-move-vartmp-to-tmpfs.patch delete mode 100644 base/systemd/centos/patches/0708-set-a-1GB-size-restriction-on-tpmfs.patch delete mode 100644 base/systemd/centos/patches/0709-fix-systemd-tmpfiles-ACL-warnings.patch diff --git a/base/systemd-config/centos/build_srpm.data b/base/systemd-config/centos/build_srpm.data new file mode 100644 index 000000000..da1e20bd8 --- /dev/null +++ b/base/systemd-config/centos/build_srpm.data @@ -0,0 +1,2 @@ +SRC_DIR="files" +TIS_PATCH_VER=0 diff --git a/base/systemd-config/centos/systemd-config.spec b/base/systemd-config/centos/systemd-config.spec new file mode 100644 index 000000000..7f5d2bdc2 --- /dev/null +++ b/base/systemd-config/centos/systemd-config.spec @@ -0,0 +1,55 @@ +Summary: StarlingX systemd Configuration File +Name: systemd-config +Version: 1.0 +Release: %{tis_patch_ver}%{?_tis_dist} +License: Apache-2.0 +Group: config-files +Packager: StarlingX +URL: unknown +Source: %name-%version.tar.gz + +BuildArch: noarch +BuildRequires: systemd = 219-57.el7 +Requires: systemd + +%define debug_package %{nil} + +%description +StarlingX systemd configuration file + +%prep + +%setup + +%build + +%install +install -d %{buildroot}%{_datadir}/starlingx +install -m644 60-persistent-storage.rules %{buildroot}%{_datadir}/starlingx/60-persistent-storage.rules +install -m644 journald.conf %{buildroot}%{_datadir}/starlingx/journald.conf +install -m644 systemd.conf.tmpfiles.d %{buildroot}%{_datadir}/starlingx/systemd.conf.tmpfiles.d +install -m644 tmp.conf.tmpfiles.d %{buildroot}%{_datadir}/starlingx/tmp.conf.tmpfiles.d +install -m644 tmp.mount %{buildroot}%{_datadir}/starlingx/tmp.mount + +%post +if [ $1 -eq 1 ] ; then + cp -f %{_datadir}/starlingx/60-persistent-storage.rules %{_udevrulesdir}/ + chmod 644 %{_udevrulesdir}/60-persistent-storage.rules + cp -f %{_datadir}/starlingx/journald.conf %{_sysconfdir}/systemd + chmod 644 %{_sysconfdir}/systemd/journald.conf + cp -f %{_datadir}/starlingx/systemd.conf.tmpfiles.d %{_usr}/lib/tmpfiles.d/systemd.conf + chmod 644 %{_usr}/lib/tmpfiles.d/systemd.conf + cp -f %{_datadir}/starlingx/tmp.conf.tmpfiles.d %{_usr}/lib/tmpfiles.d/tmp.conf + chmod 644 %{_usr}/lib/tmpfiles.d/tmp.conf + cp -f %{_datadir}/starlingx/tmp.mount %{_unitdir}/ + chmod 644 %{_unitdir}/tmp.mount +fi + +%files +%defattr(-,root,root) +%license LICENSE +%{_datadir}/starlingx/60-persistent-storage.rules +%{_datadir}/starlingx/journald.conf +%{_datadir}/starlingx/systemd.conf.tmpfiles.d +%{_datadir}/starlingx/tmp.conf.tmpfiles.d +%{_datadir}/starlingx/tmp.mount diff --git a/base/systemd-config/files/60-persistent-storage.rules b/base/systemd-config/files/60-persistent-storage.rules new file mode 100644 index 000000000..f6900345e --- /dev/null +++ b/base/systemd-config/files/60-persistent-storage.rules @@ -0,0 +1,105 @@ +# do not edit this file, it will be overwritten on update + +# persistent storage links: /dev/disk/{by-id,by-uuid,by-label,by-path} +# scheme based on "Linux persistent device names", 2004, Hannes Reinecke + +# forward scsi device event to corresponding block device +ACTION=="change", SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST=="block", ATTR{block/*/uevent}="change" + +ACTION=="remove", GOTO="persistent_storage_end" + +# enable in-kernel media-presence polling +ACTION=="add", SUBSYSTEM=="module", KERNEL=="block", ATTR{parameters/events_dfl_poll_msecs}=="0", ATTR{parameters/events_dfl_poll_msecs}="2000" + +SUBSYSTEM!="block", GOTO="persistent_storage_end" + +# skip rules for inappropriate block devices +KERNEL=="fd*|mtd*|nbd*|gnbd*|btibm*|dm-*|md*|zram*|mmcblk[0-9]*rpmb", GOTO="persistent_storage_end" + +# ignore partitions that span the entire disk +TEST=="whole_disk", GOTO="persistent_storage_end" + +# for partitions import parent information +ENV{DEVTYPE}=="partition", IMPORT{parent}="ID_*" + +# NVMe +KERNEL=="nvme*[0-9]n*[0-9]", ATTR{wwid}=="?*", SYMLINK+="disk/by-id/nvme-$attr{wwid}" +KERNEL=="nvme*[0-9]n*[0-9]p*[0-9]", ENV{DEVTYPE}=="partition", ATTRS{wwid}=="?*", SYMLINK+="disk/by-id/nvme-$attr{wwid}-part%n" + +KERNEL=="nvme*[0-9]n*[0-9]", ENV{DEVTYPE}=="disk", ATTRS{serial}=="?*", ENV{ID_SERIAL_SHORT}="$attr{serial}" +KERNEL=="nvme*[0-9]n*[0-9]", ENV{DEVTYPE}=="disk", ATTRS{wwid}=="?*", ENV{ID_WWN}="$attr{wwid}" +KERNEL=="nvme*[0-9]n*[0-9]", ENV{DEVTYPE}=="disk", ATTRS{model}=="?*", ENV{ID_SERIAL_SHORT}=="?*", ENV{ID_SERIAL}="$attr{model}_$env{ID_SERIAL_SHORT}", SYMLINK+="disk/by-id/nvme-$env{ID_SERIAL}", OPTIONS="string_escape=replace" + +KERNEL=="nvme*[0-9]n*[0-9]p*[0-9]", ENV{DEVTYPE}=="partition", ATTRS{serial}=="?*", ENV{ID_SERIAL_SHORT}="$attr{serial}" +KERNEL=="nvme*[0-9]n*[0-9]p*[0-9]", ENV{DEVTYPE}=="partition", ATTRS{model}=="?*", ENV{ID_SERIAL_SHORT}=="?*", ENV{ID_SERIAL}="$attr{model}_$env{ID_SERIAL_SHORT}", SYMLINK+="disk/by-id/nvme-$env{ID_SERIAL}-part%n", OPTIONS="string_escape=replace" + +# virtio-blk +KERNEL=="vd*[!0-9]", ATTRS{serial}=="?*", ENV{ID_SERIAL}="$attr{serial}", SYMLINK+="disk/by-id/virtio-$env{ID_SERIAL}" +KERNEL=="vd*[0-9]", ATTRS{serial}=="?*", ENV{ID_SERIAL}="$attr{serial}", SYMLINK+="disk/by-id/virtio-$env{ID_SERIAL}-part%n" + +# ATA devices using the "scsi" subsystem +KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="scsi", ATTRS{vendor}=="ATA", IMPORT{program}="ata_id --export $devnode" +# ATA/ATAPI devices (SPC-3 or later) using the "scsi" subsystem +KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="scsi", ATTRS{type}=="5", ATTRS{scsi_level}=="[6-9]*", IMPORT{program}="ata_id --export $devnode" + +# Run ata_id on non-removable USB Mass Storage (SATA/PATA disks in enclosures) +KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", ATTR{removable}=="0", SUBSYSTEMS=="usb", IMPORT{program}="ata_id --export $devnode" +# Otherwise, fall back to using usb_id for USB devices +KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id" + +# scsi devices +KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", IMPORT{program}="scsi_id --export --whitelisted -d $devnode", ENV{ID_BUS}="scsi" +KERNEL=="cciss*", ENV{DEVTYPE}=="disk", ENV{ID_SERIAL}!="?*", IMPORT{program}="scsi_id --export --whitelisted -d $devnode", ENV{ID_BUS}="cciss" +KERNEL=="sd*|sr*|cciss*", ENV{DEVTYPE}=="disk", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}" +KERNEL=="sd*|cciss*", ENV{DEVTYPE}=="partition", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}-part%n" + +# firewire +KERNEL=="sd*[!0-9]|sr*", ATTRS{ieee1394_id}=="?*", SYMLINK+="disk/by-id/ieee1394-$attr{ieee1394_id}" +KERNEL=="sd*[0-9]", ATTRS{ieee1394_id}=="?*", SYMLINK+="disk/by-id/ieee1394-$attr{ieee1394_id}-part%n" + +KERNEL=="mmcblk[0-9]", SUBSYSTEMS=="mmc", ATTRS{name}=="?*", ATTRS{serial}=="?*", ENV{ID_NAME}="$attr{name}", ENV{ID_SERIAL}="$attr{serial}", SYMLINK+="disk/by-id/mmc-$env{ID_NAME}_$env{ID_SERIAL}" +KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/mmc-$env{ID_NAME}_$env{ID_SERIAL}-part%n" +KERNEL=="mspblk[0-9]", SUBSYSTEMS=="memstick", ATTRS{name}=="?*", ATTRS{serial}=="?*", ENV{ID_NAME}="$attr{name}", ENV{ID_SERIAL}="$attr{serial}", SYMLINK+="disk/by-id/memstick-$env{ID_NAME}_$env{ID_SERIAL}" +KERNEL=="mspblk[0-9]p[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/memstick-$env{ID_NAME}_$env{ID_SERIAL}-part%n" + +# by-path (parent device path) +ENV{DEVTYPE}=="disk", DEVPATH!="*/virtual/*", IMPORT{builtin}="path_id" +ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}" +ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n" + +# skip unpartitioned removable media devices from drivers which do not send "change" events +ENV{DEVTYPE}=="disk", KERNEL!="sd*|sr*", ATTR{removable}=="1", GOTO="persistent_storage_end" + +# legacy virtio-pci by-path links (deprecated) +KERNEL=="vd*[!0-9]", ENV{ID_PATH}=="pci-*", SYMLINK+="disk/by-path/virtio-$env{ID_PATH}" +KERNEL=="vd*[0-9]", ENV{ID_PATH}=="pci-*", SYMLINK+="disk/by-path/virtio-$env{ID_PATH}-part%n" + +# probe filesystem metadata of optical drives which have a media inserted +KERNEL=="sr*", ENV{DISK_EJECT_REQUEST}!="?*", ENV{ID_CDROM_MEDIA_TRACK_COUNT_DATA}=="?*", ENV{ID_CDROM_MEDIA_SESSION_LAST_OFFSET}=="?*", \ + IMPORT{builtin}="blkid --offset=$env{ID_CDROM_MEDIA_SESSION_LAST_OFFSET}" +# single-session CDs do not have ID_CDROM_MEDIA_SESSION_LAST_OFFSET +KERNEL=="sr*", ENV{DISK_EJECT_REQUEST}!="?*", ENV{ID_CDROM_MEDIA_TRACK_COUNT_DATA}=="?*", ENV{ID_CDROM_MEDIA_SESSION_LAST_OFFSET}=="", \ + IMPORT{builtin}="blkid --noraid" + +# probe filesystem metadata of disks +KERNEL!="sr*", IMPORT{builtin}="blkid" + +# watch metadata changes by tools closing the device after writing +KERNEL!="sr*", OPTIONS+="watch" + +# by-label/by-uuid links (filesystem metadata) +ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{ID_FS_UUID_ENC}=="?*", SYMLINK+="disk/by-uuid/$env{ID_FS_UUID_ENC}" +ENV{ID_FS_USAGE}=="filesystem|other", ENV{ID_FS_LABEL_ENC}=="?*", SYMLINK+="disk/by-label/$env{ID_FS_LABEL_ENC}" + +# by-id (World Wide Name) +ENV{DEVTYPE}=="disk", ENV{ID_WWN_WITH_EXTENSION}=="?*", SYMLINK+="disk/by-id/wwn-$env{ID_WWN_WITH_EXTENSION}" +ENV{DEVTYPE}=="partition", ENV{ID_WWN_WITH_EXTENSION}=="?*", SYMLINK+="disk/by-id/wwn-$env{ID_WWN_WITH_EXTENSION}-part%n" + +# by-partlabel/by-partuuid links (partition metadata) +ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_UUID}=="?*", SYMLINK+="disk/by-partuuid/$env{ID_PART_ENTRY_UUID}" +ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_ENTRY_NAME}=="?*", SYMLINK+="disk/by-partlabel/$env{ID_PART_ENTRY_NAME}" + +# add symlink to GPT root disk +ENV{ID_PART_ENTRY_SCHEME}=="gpt", ENV{ID_PART_GPT_AUTO_ROOT}=="1", SYMLINK+="gpt-auto-root" + +LABEL="persistent_storage_end" diff --git a/base/systemd-config/files/LICENSE b/base/systemd-config/files/LICENSE new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/base/systemd-config/files/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/base/systemd-config/files/journald.conf b/base/systemd-config/files/journald.conf new file mode 100644 index 000000000..932578e0d --- /dev/null +++ b/base/systemd-config/files/journald.conf @@ -0,0 +1,40 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. +# +# Entries in this file show the compile time defaults. +# You can change settings by editing this file. +# Defaults can be restored by simply deleting this file. +# +# See journald.conf(5) for details. + +[Journal] +Storage=none +#Compress=yes +#Seal=yes +#SplitMode=uid +#SyncIntervalSec=5m +RateLimitInterval=30s +RateLimitBurst=5000 +#SystemMaxUse= +#SystemKeepFree= +#SystemMaxFileSize= +#RuntimeMaxUse= +#RuntimeKeepFree= +#RuntimeMaxFileSize= +#MaxRetentionSec= +#MaxFileSec=1month +ForwardToSyslog=yes +#ForwardToKMsg=no +#ForwardToConsole=no +#ForwardToWall=yes +#TTYPath=/dev/console +#MaxLevelStore=debug +#MaxLevelSyslog=debug +#MaxLevelKMsg=notice +#MaxLevelConsole=info +#MaxLevelWall=emerg +#LineMax=48K diff --git a/base/systemd-config/files/systemd.conf.tmpfiles.d b/base/systemd-config/files/systemd.conf.tmpfiles.d new file mode 100644 index 000000000..44c2c3e56 --- /dev/null +++ b/base/systemd-config/files/systemd.conf.tmpfiles.d @@ -0,0 +1,42 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +d /run/user 0755 root root - +F! /run/utmp 0664 root utmp - + +d /run/systemd/ask-password 0755 root root - +d /run/systemd/seats 0755 root root - +d /run/systemd/sessions 0755 root root - +d /run/systemd/users 0755 root root - +d /run/systemd/machines 0755 root root - +d /run/systemd/shutdown 0755 root root - +d /run/systemd/netif 0755 systemd-network systemd-network - +d /run/systemd/netif/links 0755 systemd-network systemd-network - +d /run/systemd/netif/leases 0755 systemd-network systemd-network - + +d /run/log 0755 root root - + +z /run/log/journal 2755 root systemd-journal - - +Z /run/log/journal/%m ~2750 root systemd-journal - - + +a+ /run/log/journal/%m - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x +A+ /run/log/journal/%m - - - - group:wrs_protected:r-x,group:wheel:r-x + +z /var/log/journal 2755 root systemd-journal - - +z /var/log/journal/%m 2755 root systemd-journal - - +z /var/log/journal/%m/system.journal 0640 root systemd-journal - - + +a+ /var/log/journal - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x +a+ /var/log/journal - - - - group:wrs_protected:r-x,group:wheel:r-x +a+ /var/log/journal/%m - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x +a+ /var/log/journal/%m - - - - group:wrs_protected:r-x,group:wheel:r-x +a+ /var/log/journal/%m/system.journal - - - - group:wrs_protected:r--,group:wheel:r-- + +d /var/lib/systemd 0755 root root - +d /var/lib/systemd/coredump 0755 root root 3d diff --git a/base/systemd-config/files/tmp.conf.tmpfiles.d b/base/systemd-config/files/tmp.conf.tmpfiles.d new file mode 100644 index 000000000..4d2a732fe --- /dev/null +++ b/base/systemd-config/files/tmp.conf.tmpfiles.d @@ -0,0 +1,20 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# Clear tmp directories separately, to make them easier to override +v /tmp 1777 root root 10d +v /tmp/var.tmp 1777 root root 30d +L+ /var/tmp - - - - /tmp/var.tmp + +# Exclude namespace mountpoints created with PrivateTmp=yes +x /tmp/systemd-private-%b-* +X /tmp/systemd-private-%b-*/tmp +x /var/tmp/systemd-private-%b-* +X /var/tmp/systemd-private-%b-*/tmp +X /tmp/var.tmp diff --git a/base/systemd-config/files/tmp.mount b/base/systemd-config/files/tmp.mount new file mode 100644 index 000000000..eda2334b2 --- /dev/null +++ b/base/systemd-config/files/tmp.mount @@ -0,0 +1,25 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Temporary Directory +Documentation=man:hier(7) +Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +ConditionPathIsSymbolicLink=!/tmp +DefaultDependencies=no +Conflicts=umount.target +Before=local-fs.target umount.target + +[Mount] +What=tmpfs +Where=/tmp +Type=tmpfs +Options=mode=1777,strictatime,size=1G + +# Make 'systemctl enable tmp.mount' work: +[Install] +WantedBy=local-fs.target diff --git a/base/systemd/centos/meta_patches/0003-spec-expand-_udevrulesdir-macro.patch b/base/systemd/centos/meta_patches/0003-spec-expand-_udevrulesdir-macro.patch deleted file mode 100644 index 3a0b60d7d..000000000 --- a/base/systemd/centos/meta_patches/0003-spec-expand-_udevrulesdir-macro.patch +++ /dev/null @@ -1,27 +0,0 @@ -From f38825338641e2773b83bd24c824987ebe68f8d3 Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 17:53:00 -0400 -Subject: [PATCH] [PATCH 02/10] WRS: 0003-spec-expand-_udevrulesdir-macro.patch - -Conflicts: - SPECS/systemd.spec ---- - SPECS/systemd.spec | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec -index 3b2aa7f..6e1d7e1 100644 ---- a/SPECS/systemd.spec -+++ b/SPECS/systemd.spec -@@ -1030,7 +1030,7 @@ rm -f %{buildroot}%{_prefix}/lib/systemd/network/* - rm -f %{buildroot}%{_mandir}/man5/sysusers.d.5.gz - rm -f %{buildroot}%{_mandir}/man8/systemd-sysusers.* - --install -m 0644 %{SOURCE5} $RPM_BUILD_ROOT/%{_udevrulesdir}/ -+install -m 0644 %{SOURCE5} $RPM_BUILD_ROOT/usr/lib/udev/rules.d/ - - %pre - getent group cdrom >/dev/null 2>&1 || groupadd -r -g 11 cdrom >/dev/null 2>&1 || : --- -2.7.4 - diff --git a/base/systemd/centos/meta_patches/0007-Add-patch-for-journald-config.patch b/base/systemd/centos/meta_patches/0007-Add-patch-for-journald-config.patch deleted file mode 100644 index 39ae302ff..000000000 --- a/base/systemd/centos/meta_patches/0007-Add-patch-for-journald-config.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 4fadd91b4153c4e7a462585e78139ee530b6b292 Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 17:53:00 -0400 -Subject: [PATCH 1/7] WRS: 0007-Add-patch-for-journald-config.patch - ---- - SPECS/systemd.spec | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec -index 845d1dd..6c277f9 100644 ---- a/SPECS/systemd.spec -+++ b/SPECS/systemd.spec -@@ -655,6 +655,7 @@ Patch0613: 0613-sd-journal-when-picking-up-a-new-file-compare-inode-.patch - - #WRS Patches - Patch0701: 0701-inject-millisec-in-syslog-date.patch -+Patch0703: 0703-Configure-journald-to-forward-to-syslog.patch - - %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} - --- -2.7.4 - diff --git a/base/systemd/centos/meta_patches/0008-Add-patch-for-journald-config-rate-limit.patch b/base/systemd/centos/meta_patches/0008-Add-patch-for-journald-config-rate-limit.patch deleted file mode 100644 index 30a4829bd..000000000 --- a/base/systemd/centos/meta_patches/0008-Add-patch-for-journald-config-rate-limit.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 1f00385b6b64616f894aab1f31d41e3fdcb73055 Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 17:53:00 -0400 -Subject: [PATCH 2/7] WRS: 0008-Add-patch-for-journald-config-rate-limit.patch - -Conflicts: - SPECS/systemd.spec ---- - SPECS/systemd.spec | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec -index 6c277f9..ff9c519 100644 ---- a/SPECS/systemd.spec -+++ b/SPECS/systemd.spec -@@ -656,6 +656,7 @@ Patch0613: 0613-sd-journal-when-picking-up-a-new-file-compare-inode-.patch - #WRS Patches - Patch0701: 0701-inject-millisec-in-syslog-date.patch - Patch0703: 0703-Configure-journald-to-forward-to-syslog.patch -+Patch0704: 0704-Configure-journald-rate-limit.patch - - %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} - --- -2.7.4 - diff --git a/base/systemd/centos/meta_patches/0009-Add-patch-to-remove-ID_SAS_PATH-rule.patch b/base/systemd/centos/meta_patches/0009-Add-patch-to-remove-ID_SAS_PATH-rule.patch deleted file mode 100644 index c3860c5e3..000000000 --- a/base/systemd/centos/meta_patches/0009-Add-patch-to-remove-ID_SAS_PATH-rule.patch +++ /dev/null @@ -1,24 +0,0 @@ -From fddd11d477de4eced32cf40c0524a11a24994fa1 Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 17:53:00 -0400 -Subject: [PATCH 3/7] WRS: 0009-Add-patch-to-remove-ID_SAS_PATH-rule.patch - ---- - SPECS/systemd.spec | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec -index ff9c519..e9fc3a4 100644 ---- a/SPECS/systemd.spec -+++ b/SPECS/systemd.spec -@@ -657,6 +657,7 @@ Patch0613: 0613-sd-journal-when-picking-up-a-new-file-compare-inode-.patch - Patch0701: 0701-inject-millisec-in-syslog-date.patch - Patch0703: 0703-Configure-journald-to-forward-to-syslog.patch - Patch0704: 0704-Configure-journald-rate-limit.patch -+Patch0705: 0705-remove-id-sas-path-symlink.patch - - %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} - --- -2.7.4 - diff --git a/base/systemd/centos/meta_patches/0010-fix-ACL-warnings-from-systemd-tmpfiles-set.patch b/base/systemd/centos/meta_patches/0010-fix-ACL-warnings-from-systemd-tmpfiles-set.patch deleted file mode 100644 index 6d67d72e4..000000000 --- a/base/systemd/centos/meta_patches/0010-fix-ACL-warnings-from-systemd-tmpfiles-set.patch +++ /dev/null @@ -1,24 +0,0 @@ -From f651db58b668b32e1f365eaeb35bcff12bcbc5ad Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 17:53:00 -0400 -Subject: [PATCH 4/7] 0010-fix-ACL-warnings-from-systemd-tmpfiles-set.patch - ---- - SPECS/systemd.spec | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec -index e9fc3a4..e79f10e 100644 ---- a/SPECS/systemd.spec -+++ b/SPECS/systemd.spec -@@ -658,6 +658,7 @@ Patch0701: 0701-inject-millisec-in-syslog-date.patch - Patch0703: 0703-Configure-journald-to-forward-to-syslog.patch - Patch0704: 0704-Configure-journald-rate-limit.patch - Patch0705: 0705-remove-id-sas-path-symlink.patch -+Patch0706: 0706-fix-ACL-warnings-from-systemd-tmpfiles-set.patch - - %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} - --- -2.7.4 - diff --git a/base/systemd/centos/meta_patches/0011-Add-patch-for-moving-vartmp-to-tmpfs.patch b/base/systemd/centos/meta_patches/0011-Add-patch-for-moving-vartmp-to-tmpfs.patch deleted file mode 100644 index b9223e798..000000000 --- a/base/systemd/centos/meta_patches/0011-Add-patch-for-moving-vartmp-to-tmpfs.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 776961a3addc58b47e9b10bc29d07ae31f2853f8 Mon Sep 17 00:00:00 2001 -From: Scott Little -Date: Mon, 2 Oct 2017 17:53:00 -0400 -Subject: [PATCH 5/7] WRS: 0011-Add-patch-for-moving-vartmp-to-tmpfs.patch - ---- - SPECS/systemd.spec | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec -index e79f10e..acc059f 100644 ---- a/SPECS/systemd.spec -+++ b/SPECS/systemd.spec -@@ -659,6 +659,7 @@ Patch0703: 0703-Configure-journald-to-forward-to-syslog.patch - Patch0704: 0704-Configure-journald-rate-limit.patch - Patch0705: 0705-remove-id-sas-path-symlink.patch - Patch0706: 0706-fix-ACL-warnings-from-systemd-tmpfiles-set.patch -+Patch0707: 0707-move-vartmp-to-tmpfs.patch - - %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} - --- -2.7.4 - diff --git a/base/systemd/centos/meta_patches/0012-Add-patch-for-restricting-tmpfs-size.patch b/base/systemd/centos/meta_patches/0012-Add-patch-for-restricting-tmpfs-size.patch deleted file mode 100644 index 29ada9f57..000000000 --- a/base/systemd/centos/meta_patches/0012-Add-patch-for-restricting-tmpfs-size.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 2d2e804d3d48f47c207a6a58d6932e1119f61f93 Mon Sep 17 00:00:00 2001 -From: Kam Nasim -Date: Thu, 12 Oct 2017 18:22:33 -0400 -Subject: [PATCH 6/7] meta patch for restricting tmpfs size - ---- - SPECS/systemd.spec | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec -index acc059f..6152e33 100644 ---- a/SPECS/systemd.spec -+++ b/SPECS/systemd.spec -@@ -660,6 +660,7 @@ Patch0704: 0704-Configure-journald-rate-limit.patch - Patch0705: 0705-remove-id-sas-path-symlink.patch - Patch0706: 0706-fix-ACL-warnings-from-systemd-tmpfiles-set.patch - Patch0707: 0707-move-vartmp-to-tmpfs.patch -+Patch0708: 0708-set-a-1GB-size-restriction-on-tpmfs.patch - - %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} - --- -2.7.4 - diff --git a/base/systemd/centos/meta_patches/0013-fix-systemd-tmpfiles-ACL-warnings.patch b/base/systemd/centos/meta_patches/0013-fix-systemd-tmpfiles-ACL-warnings.patch deleted file mode 100644 index 819d4a845..000000000 --- a/base/systemd/centos/meta_patches/0013-fix-systemd-tmpfiles-ACL-warnings.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 151218c66280ec3984daf0a476e7b5cac69d305a Mon Sep 17 00:00:00 2001 -From: Andy Ning -Date: Wed, 28 Mar 2018 14:20:39 -0400 -Subject: [PATCH 7/7] fix systemd tmpfiles ACL warnings - ---- - SPECS/systemd.spec | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec -index 6152e33..ffd0770 100644 ---- a/SPECS/systemd.spec -+++ b/SPECS/systemd.spec -@@ -661,6 +661,7 @@ Patch0705: 0705-remove-id-sas-path-symlink.patch - Patch0706: 0706-fix-ACL-warnings-from-systemd-tmpfiles-set.patch - Patch0707: 0707-move-vartmp-to-tmpfs.patch - Patch0708: 0708-set-a-1GB-size-restriction-on-tpmfs.patch -+Patch0709: 0709-fix-systemd-tmpfiles-ACL-warnings.patch - - %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} - --- -2.7.4 - diff --git a/base/systemd/centos/meta_patches/PATCH_ORDER b/base/systemd/centos/meta_patches/PATCH_ORDER index d11a6b463..20366cc13 100644 --- a/base/systemd/centos/meta_patches/PATCH_ORDER +++ b/base/systemd/centos/meta_patches/PATCH_ORDER @@ -1,12 +1,4 @@ -0001-update-package-versioning-for-TIS-format.patch -0003-spec-expand-_udevrulesdir-macro.patch -0004-Protect-sections-of-systemd-post-from-running-on-pat.patch -0005-spec-millisec-in-syslog-date.patch -0007-Add-patch-for-journald-config.patch -0008-Add-patch-for-journald-config-rate-limit.patch -0009-Add-patch-to-remove-ID_SAS_PATH-rule.patch -0010-fix-ACL-warnings-from-systemd-tmpfiles-set.patch -0011-Add-patch-for-moving-vartmp-to-tmpfs.patch -0012-Add-patch-for-restricting-tmpfs-size.patch -0013-fix-systemd-tmpfiles-ACL-warnings.patch -0014-fix-build-error-for-unused-variable.patch +update-package-versioning-for-TIS-format.patch +Protect-sections-of-systemd-post-from-running-on-pat.patch +spec-millisec-in-syslog-date.patch +fix-build-error-for-unused-variable.patch diff --git a/base/systemd/centos/meta_patches/0004-Protect-sections-of-systemd-post-from-running-on-pat.patch b/base/systemd/centos/meta_patches/Protect-sections-of-systemd-post-from-running-on-pat.patch similarity index 99% rename from base/systemd/centos/meta_patches/0004-Protect-sections-of-systemd-post-from-running-on-pat.patch rename to base/systemd/centos/meta_patches/Protect-sections-of-systemd-post-from-running-on-pat.patch index eb952b073..ad017c539 100644 --- a/base/systemd/centos/meta_patches/0004-Protect-sections-of-systemd-post-from-running-on-pat.patch +++ b/base/systemd/centos/meta_patches/Protect-sections-of-systemd-post-from-running-on-pat.patch @@ -15,7 +15,7 @@ index 6e1d7e1..6a04c16 100644 @@ -1159,6 +1159,7 @@ fi rm -f /etc/sysconfig/i18n >/dev/null 2>&1 || : rm -f /etc/sysconfig/keyboard >/dev/null 2>&1 || : - + +if [ $1 -eq 1 ]; then # Migrate HOSTNAME= from /etc/sysconfig/network if [ -e /etc/sysconfig/network -a ! -e /etc/hostname ]; then @@ -25,13 +25,13 @@ index 6e1d7e1..6a04c16 100644 fi sed -i '/^HOSTNAME=/d' /etc/sysconfig/network >/dev/null 2>&1 || : +fi - + # Migrate the old systemd-setup-keyboard X11 configuration fragment if [ ! -e /etc/X11/xorg.conf.d/00-keyboard.conf ] ; then @@ -1174,6 +1176,7 @@ else rm -f /etc/X11/xorg.conf.d/00-system-setup-keyboard.conf >/dev/null 2>&1 || : fi - + +if [ 1 -eq 0 ] ; then # TIS: Skip this. We don't want myhostname in nsswitch.conf # sed-fu to add myhostname to the hosts line of /etc/nsswitch.conf # Only do that when installing, not when updating. @@ -41,9 +41,9 @@ index 6e1d7e1..6a04c16 100644 ' /etc/nsswitch.conf >/dev/null 2>&1 || : fi +fi - + %posttrans # Convert old /etc/sysconfig/desktop settings --- +-- 2.7.4 diff --git a/base/systemd/centos/meta_patches/0014-fix-build-error-for-unused-variable.patch b/base/systemd/centos/meta_patches/fix-build-error-for-unused-variable.patch similarity index 56% rename from base/systemd/centos/meta_patches/0014-fix-build-error-for-unused-variable.patch rename to base/systemd/centos/meta_patches/fix-build-error-for-unused-variable.patch index a788f0dfd..0bbf2bb87 100644 --- a/base/systemd/centos/meta_patches/0014-fix-build-error-for-unused-variable.patch +++ b/base/systemd/centos/meta_patches/fix-build-error-for-unused-variable.patch @@ -1,7 +1,7 @@ From 6aead74fb56ae75cc16be507165d3fc75c38fac0 Mon Sep 17 00:00:00 2001 From: slin14 Date: Thu, 9 Aug 2018 18:40:36 +0800 -Subject: [PATCH] Add 0710-fix-build-error-for-unused-variable.patch +Subject: [PATCH] Add 0702-fix-build-error-for-unused-variable.patch Signed-off-by: slin14 --- @@ -12,14 +12,14 @@ diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec index ffd0770..3f7cc10 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec -@@ -662,6 +662,7 @@ Patch0706: 0706-fix-ACL-warnings-from-systemd-tmpfiles-set.patch - Patch0707: 0707-move-vartmp-to-tmpfs.patch - Patch0708: 0708-set-a-1GB-size-restriction-on-tpmfs.patch - Patch0709: 0709-fix-systemd-tmpfiles-ACL-warnings.patch -+Patch0710: 0710-fix-build-error-for-unused-variable.patch - +@@ -655,6 +655,7 @@ Patch0613: 0613-sd-journal-when-picking-up-a-new-file-compare-inode-.patch + + #WRS Patches + Patch0701: 0701-inject-millisec-in-syslog-date.patch ++Patch0702: 0702-fix-build-error-for-unused-variable.patch + %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} - --- + +-- 2.7.4 diff --git a/base/systemd/centos/meta_patches/0005-spec-millisec-in-syslog-date.patch b/base/systemd/centos/meta_patches/spec-millisec-in-syslog-date.patch similarity index 99% rename from base/systemd/centos/meta_patches/0005-spec-millisec-in-syslog-date.patch rename to base/systemd/centos/meta_patches/spec-millisec-in-syslog-date.patch index 8f97abbda..816ec84fe 100644 --- a/base/systemd/centos/meta_patches/0005-spec-millisec-in-syslog-date.patch +++ b/base/systemd/centos/meta_patches/spec-millisec-in-syslog-date.patch @@ -16,13 +16,13 @@ index 6a04c16..845d1dd 100644 @@ -653,6 +653,9 @@ Patch0611: 0611-sd-journal-make-sure-it-s-safe-to-call-sd_journal_pr.patch Patch0612: 0612-journalctl-Periodically-call-sd_journal_process-in-j.patch Patch0613: 0613-sd-journal-when-picking-up-a-new-file-compare-inode-.patch - + +#WRS Patches +Patch0701: 0701-inject-millisec-in-syslog-date.patch + %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} - + BuildRequires: libcap-devel --- +-- 2.7.4 diff --git a/base/systemd/centos/meta_patches/0001-update-package-versioning-for-TIS-format.patch b/base/systemd/centos/meta_patches/update-package-versioning-for-TIS-format.patch similarity index 99% rename from base/systemd/centos/meta_patches/0001-update-package-versioning-for-TIS-format.patch rename to base/systemd/centos/meta_patches/update-package-versioning-for-TIS-format.patch index 89a2b3f08..840b70600 100644 --- a/base/systemd/centos/meta_patches/0001-update-package-versioning-for-TIS-format.patch +++ b/base/systemd/centos/meta_patches/update-package-versioning-for-TIS-format.patch @@ -22,6 +22,6 @@ index 6bdbb74..3b2aa7f 100644 # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: A System and Service Manager --- +-- 2.7.4 diff --git a/base/systemd/centos/patches/0710-fix-build-error-for-unused-variable.patch b/base/systemd/centos/patches/0702-fix-build-error-for-unused-variable.patch similarity index 99% rename from base/systemd/centos/patches/0710-fix-build-error-for-unused-variable.patch rename to base/systemd/centos/patches/0702-fix-build-error-for-unused-variable.patch index 36e5fcc66..302f299b9 100644 --- a/base/systemd/centos/patches/0710-fix-build-error-for-unused-variable.patch +++ b/base/systemd/centos/patches/0702-fix-build-error-for-unused-variable.patch @@ -19,8 +19,8 @@ index 33062ea..fd4e070 100644 - time_t t; - struct tm *tm; char *ident_buf = NULL; - + assert(s); --- +-- 2.7.4 diff --git a/base/systemd/centos/patches/0703-Configure-journald-to-forward-to-syslog.patch b/base/systemd/centos/patches/0703-Configure-journald-to-forward-to-syslog.patch deleted file mode 100644 index f5b313ecc..000000000 --- a/base/systemd/centos/patches/0703-Configure-journald-to-forward-to-syslog.patch +++ /dev/null @@ -1,34 +0,0 @@ -From b628fac8eec011503e5f86f17d9e68b7a2cc1e56 Mon Sep 17 00:00:00 2001 -From: Don Penney -Date: Tue, 7 Mar 2017 13:17:56 -0500 -Subject: [PATCH] Configure journald to forward to syslog - ---- - src/journal/journald.conf | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/journal/journald.conf b/src/journal/journald.conf -index 3907dfb..ef86ffe 100644 ---- a/src/journal/journald.conf -+++ b/src/journal/journald.conf -@@ -12,7 +12,7 @@ - # See journald.conf(5) for details. - - [Journal] --#Storage=auto -+Storage=none - #Compress=yes - #Seal=yes - #SplitMode=uid -@@ -27,7 +27,7 @@ - #RuntimeMaxFileSize= - #MaxRetentionSec= - #MaxFileSec=1month --#ForwardToSyslog=yes -+ForwardToSyslog=yes - #ForwardToKMsg=no - #ForwardToConsole=no - #ForwardToWall=yes --- -1.8.3.1 - diff --git a/base/systemd/centos/patches/0704-Configure-journald-rate-limit.patch b/base/systemd/centos/patches/0704-Configure-journald-rate-limit.patch deleted file mode 100644 index 87b55cdad..000000000 --- a/base/systemd/centos/patches/0704-Configure-journald-rate-limit.patch +++ /dev/null @@ -1,29 +0,0 @@ -From e5057bed6636f4ba4ec3d72ed5966e8dcd17200b Mon Sep 17 00:00:00 2001 -From: Tao Liu -Date: Mon, 15 May 2017 16:46:28 -0500 -Subject: [PATCH 1/1] CGTS-6814: syslog occasionally dropping logs Configure - Configure the journald rate limit to 5000 messages within 30 seconds. - This limit is required to support SM managed processes that share the limit. - ---- - src/journal/journald.conf | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/journal/journald.conf b/src/journal/journald.conf -index ef86ffe..2e7180e 100644 ---- a/src/journal/journald.conf -+++ b/src/journal/journald.conf -@@ -17,8 +17,8 @@ Storage=none - #Seal=yes - #SplitMode=uid - #SyncIntervalSec=5m --#RateLimitInterval=30s --#RateLimitBurst=1000 -+RateLimitInterval=30s -+RateLimitBurst=5000 - #SystemMaxUse= - #SystemKeepFree= - #SystemMaxFileSize= --- -1.8.3.1 - diff --git a/base/systemd/centos/patches/0705-remove-id-sas-path-symlink.patch b/base/systemd/centos/patches/0705-remove-id-sas-path-symlink.patch deleted file mode 100644 index c8787cda9..000000000 --- a/base/systemd/centos/patches/0705-remove-id-sas-path-symlink.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 3bc9bedbcc6dedd5b68875ce572884c686abce65 Mon Sep 17 00:00:00 2001 -From: Irina Mihai -Date: Mon, 15 May 2017 18:58:48 +0000 -Subject: [PATCH] [PATCH] Remove ID_SAS_PATH rule - ---- - rules/60-persistent-storage.rules | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/rules/60-persistent-storage.rules b/rules/60-persistent-storage.rules -index ba61963..f690034 100644 ---- a/rules/60-persistent-storage.rules -+++ b/rules/60-persistent-storage.rules -@@ -65,9 +65,7 @@ KERNEL=="mspblk[0-9]p[0-9]", ENV{ID_NAME}=="?*", ENV{ID_SERIAL}=="?*", SYMLINK+= - # by-path (parent device path) - ENV{DEVTYPE}=="disk", DEVPATH!="*/virtual/*", IMPORT{builtin}="path_id" - ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}" --ENV{DEVTYPE}=="disk", ENV{ID_SAS_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_SAS_PATH}" - ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n" --ENV{DEVTYPE}=="partition", ENV{ID_SAS_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_SAS_PATH}-part%n" - - # skip unpartitioned removable media devices from drivers which do not send "change" events - ENV{DEVTYPE}=="disk", KERNEL!="sd*|sr*", ATTR{removable}=="1", GOTO="persistent_storage_end" --- -2.7.4 - diff --git a/base/systemd/centos/patches/0706-fix-ACL-warnings-from-systemd-tmpfiles-set.patch b/base/systemd/centos/patches/0706-fix-ACL-warnings-from-systemd-tmpfiles-set.patch deleted file mode 100644 index 17f33fd0e..000000000 --- a/base/systemd/centos/patches/0706-fix-ACL-warnings-from-systemd-tmpfiles-set.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 65c3c74fd119db0309d68430ed89652666c884d5 Mon Sep 17 00:00:00 2001 -From: systemd team -Date: Tue, 10 Oct 2017 17:06:10 -0400 -Subject: fix ACL warnings from systemd tmpfiles set - ---- - tmpfiles.d/systemd.conf.m4 | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4 -index 0575408..d984912 100644 ---- a/tmpfiles.d/systemd.conf.m4 -+++ b/tmpfiles.d/systemd.conf.m4 -@@ -27,8 +27,8 @@ d /run/log 0755 root root - - z /run/log/journal 2755 root systemd-journal - - - Z /run/log/journal/%m ~2750 root systemd-journal - - - m4_ifdef(`HAVE_ACL',`` --a+ /run/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x --A+ /run/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x -+a+ /run/log/journal/%m - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x -+A+ /run/log/journal/%m - - - - group:wrs_protected:r-x,group:wheel:r-x - '')m4_dnl - - z /var/log/journal 2755 root systemd-journal - - -@@ -37,8 +37,8 @@ z /var/log/journal/%m/system.journal 0640 root systemd-journal - - - m4_ifdef(`HAVE_ACL',`` - a+ /var/log/journal - - - - d:group:adm:r-x,d:group:wheel:r-x - a+ /var/log/journal - - - - group:adm:r-x,group:wheel:r-x --a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x --a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x -+a+ /var/log/journal/%m - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x -+a+ /var/log/journal/%m - - - - group:wrs_protected:r-x,group:wheel:r-x - a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r-- - '')m4_dnl - --- -1.9.1 - diff --git a/base/systemd/centos/patches/0707-move-vartmp-to-tmpfs.patch b/base/systemd/centos/patches/0707-move-vartmp-to-tmpfs.patch deleted file mode 100644 index 8ef269603..000000000 --- a/base/systemd/centos/patches/0707-move-vartmp-to-tmpfs.patch +++ /dev/null @@ -1,33 +0,0 @@ -From e73dc9f146c7f29e7b08ddcbae3b89c6b573760f Mon Sep 17 00:00:00 2001 -From: Kam Nasim -Date: Mon, 25 Sep 2017 16:26:54 -0400 -Subject: [PATCH] US103091: IMA System Configuration - -Since /tmp is now mounted on tmpfs, we will make /var/tmp as a simlink -on /tmp. Ensure that the var.tmp subdir (within /tmp), to which /var/tmp -is similinked, does not get clobbered during cleanup ---- - tmpfiles.d/tmp.conf | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf -index ffdd82f..530866b 100644 ---- a/tmpfiles.d/tmp.conf -+++ b/tmpfiles.d/tmp.conf -@@ -9,10 +9,12 @@ - - # Clear tmp directories separately, to make them easier to override - v /tmp 1777 root root 10d --v /var/tmp 1777 root root 30d -+v /tmp/var.tmp 1777 root root 30d -+L+ /var/tmp - - - - /tmp/var.tmp - - # Exclude namespace mountpoints created with PrivateTmp=yes - x /tmp/systemd-private-%b-* - X /tmp/systemd-private-%b-*/tmp - x /var/tmp/systemd-private-%b-* - X /var/tmp/systemd-private-%b-*/tmp -+X /tmp/var.tmp --- -1.8.3.1 - diff --git a/base/systemd/centos/patches/0708-set-a-1GB-size-restriction-on-tpmfs.patch b/base/systemd/centos/patches/0708-set-a-1GB-size-restriction-on-tpmfs.patch deleted file mode 100644 index c69dd7cee..000000000 --- a/base/systemd/centos/patches/0708-set-a-1GB-size-restriction-on-tpmfs.patch +++ /dev/null @@ -1,26 +0,0 @@ -From e7b8b0d6308c2afcdbd17733226e7aaf7f876b09 Mon Sep 17 00:00:00 2001 -From: systemd team -Date: Thu, 12 Oct 2017 18:06:58 -0400 -Subject: [PATCH] set a 1GB size restriction on tpmfs, to prevent OOM Kernel - failures - ---- - units/tmp.mount | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/units/tmp.mount b/units/tmp.mount -index af0cf4a..eda2334 100644 ---- a/units/tmp.mount -+++ b/units/tmp.mount -@@ -18,7 +18,7 @@ Before=local-fs.target umount.target - What=tmpfs - Where=/tmp - Type=tmpfs --Options=mode=1777,strictatime -+Options=mode=1777,strictatime,size=1G - - # Make 'systemctl enable tmp.mount' work: - [Install] --- -1.8.3.1 - diff --git a/base/systemd/centos/patches/0709-fix-systemd-tmpfiles-ACL-warnings.patch b/base/systemd/centos/patches/0709-fix-systemd-tmpfiles-ACL-warnings.patch deleted file mode 100644 index 7e36c388e..000000000 --- a/base/systemd/centos/patches/0709-fix-systemd-tmpfiles-ACL-warnings.patch +++ /dev/null @@ -1,41 +0,0 @@ -From be01680d0b1df9d88e173cd2ee3eb60295bcdd47 Mon Sep 17 00:00:00 2001 -From: Andy Ning -Date: Wed, 28 Mar 2018 14:06:57 -0400 -Subject: fix systemd tmpfiles ACL warnings - -systemd tmpfiles configuration file append ACLs to journal log -directories/files to give access permissions to no-exist group "adm", -causing systemd-tmpfiles-setup service to generate ACL parsing warnings. - -The patch fixed these warnings by replacing group "adm" with "wrs_protected". -This also gives wrs_protected group members (including wrsroot) access to -journal logs. - -Note: this issue has been fixed before PIKE rebase. After the rebase the -original fix is no longer enough. ---- - tmpfiles.d/systemd.conf.m4 | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4 -index d984912..cdf0bf1 100644 ---- a/tmpfiles.d/systemd.conf.m4 -+++ b/tmpfiles.d/systemd.conf.m4 -@@ -35,11 +35,11 @@ z /var/log/journal 2755 root systemd-journal - - - z /var/log/journal/%m 2755 root systemd-journal - - - z /var/log/journal/%m/system.journal 0640 root systemd-journal - - - m4_ifdef(`HAVE_ACL',`` --a+ /var/log/journal - - - - d:group:adm:r-x,d:group:wheel:r-x --a+ /var/log/journal - - - - group:adm:r-x,group:wheel:r-x -+a+ /var/log/journal - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x -+a+ /var/log/journal - - - - group:wrs_protected:r-x,group:wheel:r-x - a+ /var/log/journal/%m - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x - a+ /var/log/journal/%m - - - - group:wrs_protected:r-x,group:wheel:r-x --a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r-- -+a+ /var/log/journal/%m/system.journal - - - - group:wrs_protected:r--,group:wheel:r-- - '')m4_dnl - - d /var/lib/systemd 0755 root root - --- -1.8.3.1 - diff --git a/centos_iso_image.inc b/centos_iso_image.inc index 086e527c0..adbf3a765 100644 --- a/centos_iso_image.inc +++ b/centos_iso_image.inc @@ -264,6 +264,7 @@ puppet-gnocchi # systemd systemd +systemd-config # python-gunicorn python2-gunicorn diff --git a/centos_pkg_dirs b/centos_pkg_dirs index f1b80a530..ddecd1686 100644 --- a/centos_pkg_dirs +++ b/centos_pkg_dirs @@ -83,6 +83,7 @@ utilities/tis-extensions python/python-eventlet python/python-requests base/systemd +base/systemd-config python/python-gunicorn config/puppet-modules/openstack/puppet-oslo-11.3.0 storage-drivers/python-3parclient