Ubuntu
systemd package

Merge ~enr0n/ubuntu/+source/systemd:ubuntu-jammy-sru into ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-jammy

  1. Git
  2. lp:~enr0n/ubuntu/+source/systemd
  3. ubuntu-jammy-sru
  4. Merge into ubuntu-jammy
Proposed by Nick Rosbrook
Status: Merged
Merge reported by: Lukas Märdian
Merged at revision: 9e36277515a58976eeb46cf40b4f5b1816bc62c2
Proposed branch: ~enr0n/ubuntu/+source/systemd:ubuntu-jammy-sru
Merge into: ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-jammy
Diff against target: 506 lines (+442/-0)
10 files modified
debian/changelog (+22/-0)
debian/patches/lp2000880-network-create-stacked-netdevs-after-the-underlying-link-.patch (+33/-0)
debian/patches/lp2002445/sd-netlink-add-a-test-for-rtnl_set_link_name.patch (+81/-0)
debian/patches/lp2002445/sd-netlink-do-not-swap-old-name-and-alternative-name.patch (+54/-0)
debian/patches/lp2002445/sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch (+64/-0)
debian/patches/lp2002445/udev-attempt-device-rename-even-if-interface-is-up.patch (+63/-0)
debian/patches/lp2002445/udev-net-allow-new-link-name-as-an-altname-before-renamin.patch (+36/-0)
debian/patches/lp2004478-network-dhcp4-accept-local-subnet-routes-from-DHCP.patch (+54/-0)
debian/patches/lp2009502-Enable-dev-sgx_vepc-access-for-the-group-sgx.patch (+27/-0)
debian/patches/series (+8/-0)
Reviewer Review Type Date Requested Status
Lukas Märdian Approve
Review via email: mp+438247@code.launchpad.net
To post a comment you must log in.
~enr0n/ubuntu/+source/systemd:ubuntu-jammy-sru updated
434480a... by Nick Rosbrook

Enable /dev/sgx_vepc access for the group 'sgx' (LP: #2009502)

2d20df8... by Nick Rosbrook

Update changelog

9e36277... by Nick Rosbrook

Release systemd 249.11-0ubuntu3.7

Revision history for this message
Lukas Märdian (slyon) wrote :

Thank you for providing a test build and autopkgtest results and for confirming that the amd64 test passes for you locally.

This LGTM (thanks for making use of the "Gbp-Pq: Topic ..." header)!

Are the fixes/SRU for bug #2004478 & bug #2002445 for Kinetic and/or Lunar already in the pipeline? Those will block this SRU migrating to jammy-updates, but I think we can still go ahead and get it into -proposed for verification already. Generally, I feel it is the better approach to do SRUs from newer to older (Lunar -> ... -> Focal), but I know in this case we had some urgency to get the Focal SRU out and tested, so we'll work around this situation a bit.

I've rebased your work on the (very) recent security update "249.11-0ubuntu3.7" and picked the next free revision for your upload: "249.11-0ubuntu3.8".

review: Approve
Revision history for this message
Lukas Märdian (slyon) wrote :

https://launchpad.net/ubuntu/jammy/+queue?queue_state=1&queue_text=systemd

Revision history for this message
Nick Rosbrook (enr0n) wrote :

Thanks, Lukas!

In this case it was more convenient for patching and testing to go older->newer. I did not necessarily require that things be uploaded in that order, but it is convenient since Focal is the most urgent, and the releases are being prepped already.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 4ef5f38..7c17eb9 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,25 @@
6+systemd (249.11-0ubuntu3.7) jammy; urgency=medium
7+
8+ * network/dhcp4: accept local subnet routes from DHCP (LP: #2004478)
9+ File: debian/patches/lp2004478-network-dhcp4-accept-local-subnet-routes-from-DHCP.patch
10+ https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=96928d5f45ebbfe682b47e842d63506fa0ac9583
11+ * udev: avoid NIC renaming race with kernel (LP: #2002445)
12+ Files:
13+ - debian/patches/lp2002445/sd-netlink-add-a-test-for-rtnl_set_link_name.patch
14+ - debian/patches/lp2002445/sd-netlink-do-not-swap-old-name-and-alternative-name.patch
15+ - debian/patches/lp2002445/sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch
16+ - debian/patches/lp2002445/udev-attempt-device-rename-even-if-interface-is-up.patch
17+ - debian/patches/lp2002445/udev-net-allow-new-link-name-as-an-altname-before-renamin.patch
18+ https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=20dc4d51a340669c26c446c23b5a84516e82ea74
19+ * network: create stacked netdevs after the underlying link is (LP: #2000880)
20+ File: debian/patches/lp2000880-network-create-stacked-netdevs-after-the-underlying-link-.patch
21+ https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=ab620e709f3f62eda86af26fd66c00d6e5165a25
22+ * Enable /dev/sgx_vepc access for the group 'sgx' (LP: #2009502)
23+ File: debian/patches/lp2009502-Enable-dev-sgx_vepc-access-for-the-group-sgx.patch
24+ https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=434480ae4059a16ccbde9613be0c26ff1983cc3a
25+
26+ -- Nick Rosbrook <nick.rosbrook@canonical.com> Mon, 06 Mar 2023 14:51:06 -0500
27+
28 systemd (249.11-0ubuntu3.6) jammy; urgency=medium
29
30 * Deny-list TEST-58-REPART on ppc64el (LP: #1988994)
31diff --git a/debian/patches/lp2000880-network-create-stacked-netdevs-after-the-underlying-link-.patch b/debian/patches/lp2000880-network-create-stacked-netdevs-after-the-underlying-link-.patch
32new file mode 100644
33index 0000000..7ff29a1
34--- /dev/null
35+++ b/debian/patches/lp2000880-network-create-stacked-netdevs-after-the-underlying-link-.patch
36@@ -0,0 +1,33 @@
37+From: Yu Watanabe <watanabe.yu+github@gmail.com>
38+Date: Thu, 24 Feb 2022 08:20:44 +0900
39+Subject: network: create stacked netdevs after the underlying link is
40+ activated
41+
42+Origin: upstream, https://github.com/systemd/systemd-stable/commit/e74e1dc8cc339ee7bd6bc5c5a329f75ac5cf4821
43+Bug-Ubuntu: https://launchpad.net/bugs/2000880
44+
45+Otherwise, the activation policy for the netdevs are ignored.
46+
47+Fixes #22593.
48+
49+(cherry picked from commit 047b9991a4d0d93d0dfe3d144410c619a8b74699)
50+---
51+ src/network/netdev/netdev.c | 5 +++++
52+ 1 file changed, 5 insertions(+)
53+
54+diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c
55+index 53534d4..2698e36 100644
56+--- a/src/network/netdev/netdev.c
57++++ b/src/network/netdev/netdev.c
58+@@ -557,6 +557,11 @@ static bool netdev_is_ready_to_create(NetDev *netdev, Link *link) {
59+ if (ordered_set_contains(link->manager->request_queue, &req))
60+ return false;
61+
62++ /* If stacked netdevs are created before the underlying interface being activated, then
63++ * the activation policy for the netdevs are ignored. See issue #22593. */
64++ if (!link->activated)
65++ return false;
66++
67+ return true;
68+ }
69+
70diff --git a/debian/patches/lp2002445/sd-netlink-add-a-test-for-rtnl_set_link_name.patch b/debian/patches/lp2002445/sd-netlink-add-a-test-for-rtnl_set_link_name.patch
71new file mode 100644
72index 0000000..d8db683
73--- /dev/null
74+++ b/debian/patches/lp2002445/sd-netlink-add-a-test-for-rtnl_set_link_name.patch
75@@ -0,0 +1,81 @@
76+From: Nick Rosbrook <nick.rosbrook@canonical.com>
77+Date: Tue, 22 Nov 2022 17:01:47 -0500
78+Subject: sd-netlink: add a test for rtnl_set_link_name()
79+
80+Origin: upstream, https://github.com/systemd/systemd/commit/b338a8bb40
81+Bug-Ubuntu: https://launchpad.net/bugs/2002445
82+
83+Add a test that verifies a deleted alternative name is restored on error
84+in rtnl_set_link_name().
85+
86+(modified to apply to v249.11)
87+---
88+ src/libsystemd/sd-netlink/test-netlink.c | 30 ++++++++++++++++++++++++++++++
89+ 1 file changed, 30 insertions(+)
90+
91+diff --git a/src/libsystemd/sd-netlink/test-netlink.c b/src/libsystemd/sd-netlink/test-netlink.c
92+index 41a7280..6ee7f2d 100644
93+--- a/src/libsystemd/sd-netlink/test-netlink.c
94++++ b/src/libsystemd/sd-netlink/test-netlink.c
95+@@ -3,17 +3,20 @@
96+ #include <net/if.h>
97+ #include <netinet/ether.h>
98+ #include <linux/genetlink.h>
99++#include <unistd.h>
100+
101+ #include "sd-netlink.h"
102+
103+ #include "alloc-util.h"
104+ #include "ether-addr-util.h"
105+ #include "macro.h"
106++#include "netlink-internal.h"
107+ #include "netlink-util.h"
108+ #include "socket-util.h"
109+ #include "stdio-util.h"
110+ #include "string-util.h"
111+ #include "strv.h"
112++#include "tests.h"
113+ #include "util.h"
114+
115+ static void test_message_link_bridge(sd_netlink *rtnl) {
116+@@ -547,6 +550,32 @@ static void test_strv(sd_netlink *rtnl) {
117+ assert_se(sd_netlink_message_exit_container(m) >= 0);
118+ }
119+
120++static void test_rtnl_set_link_name(sd_netlink *rtnl, int ifindex) {
121++ _cleanup_strv_free_ char **alternative_names = NULL;
122++ int r;
123++
124++ log_debug("/* %s */", __func__);
125++
126++ if (geteuid() != 0)
127++ return (void) log_tests_skipped("not root");
128++
129++ /* Test that the new name (which is currently an alternative name) is
130++ * restored as an alternative name on error. Create an error by using
131++ * an invalid device name, namely one that exceeds IFNAMSIZ
132++ * (alternative names can exceed IFNAMSIZ, but not regular names). */
133++ r = rtnl_set_link_alternative_names(&rtnl, ifindex, STRV_MAKE("testlongalternativename"));
134++ if (r == -EPERM)
135++ return (void) log_tests_skipped("missing required capabilities");
136++ if (r == -EOPNOTSUPP)
137++ return (void) log_tests_skipped("alternative name is not supported");
138++
139++ assert_se(r >= 0);
140++ assert_se(rtnl_set_link_name(&rtnl, ifindex, "testlongalternativename") == -EINVAL);
141++ assert_se(rtnl_get_link_alternative_names(&rtnl, ifindex, &alternative_names) >= 0);
142++ assert_se(strv_contains(alternative_names, "testlongalternativename"));
143++ assert_se(rtnl_delete_link_alternative_names(&rtnl, ifindex, STRV_MAKE("testlongalternativename")) >= 0);
144++}
145++
146+ int main(void) {
147+ sd_netlink *rtnl;
148+ sd_netlink_message *m;
149+@@ -576,6 +605,7 @@ int main(void) {
150+ test_pipe(if_loopback);
151+ test_event_loop(if_loopback);
152+ test_link_configure(rtnl, if_loopback);
153++ test_rtnl_set_link_name(rtnl, if_loopback);
154+
155+ test_get_addresses(rtnl);
156+ test_message_link_bridge(rtnl);
157diff --git a/debian/patches/lp2002445/sd-netlink-do-not-swap-old-name-and-alternative-name.patch b/debian/patches/lp2002445/sd-netlink-do-not-swap-old-name-and-alternative-name.patch
158new file mode 100644
159index 0000000..83ba680
160--- /dev/null
161+++ b/debian/patches/lp2002445/sd-netlink-do-not-swap-old-name-and-alternative-name.patch
162@@ -0,0 +1,54 @@
163+From: Nick Rosbrook <nick.rosbrook@canonical.com>
164+Date: Fri, 2 Dec 2022 15:26:18 -0500
165+Subject: sd-netlink: do not swap old name and alternative name
166+
167+Origin: upstream, https://github.com/systemd/systemd/commit/080afbb57c
168+Bug-Ubuntu: https://launchpad.net/bugs/2002445
169+
170+Commit 434a348380 ("netlink: do not fail when new interface name is
171+already used as an alternative name") added logic to set the old
172+interface name as an alternative name, but only when the new name is
173+currently an alternative name. This is not the desired outcome in most
174+cases, and the important part of this commit was to delete the new name
175+from the list of alternative names if necessary.
176+
177+(modified to apply to v249.11)
178+---
179+ src/libsystemd/sd-netlink/netlink-util.c | 10 ----------
180+ 1 file changed, 10 deletions(-)
181+
182+diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c
183+index 1211145..14eb2e9 100644
184+--- a/src/libsystemd/sd-netlink/netlink-util.c
185++++ b/src/libsystemd/sd-netlink/netlink-util.c
186+@@ -12,7 +12,6 @@
187+ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
188+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
189+ _cleanup_strv_free_ char **alternative_names = NULL;
190+- char old_name[IF_NAMESIZE + 1] = {};
191+ int r;
192+
193+ assert(rtnl);
194+@@ -32,8 +31,6 @@ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
195+ if (r < 0)
196+ return log_debug_errno(r, "Failed to remove '%s' from alternative names on network interface %i: %m",
197+ name, ifindex);
198+-
199+- format_ifname(ifindex, old_name);
200+ }
201+
202+ r = sd_rtnl_message_new_link(*rtnl, &message, RTM_SETLINK, ifindex);
203+@@ -48,13 +45,6 @@ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
204+ if (r < 0)
205+ return r;
206+
207+- if (!isempty(old_name)) {
208+- r = rtnl_set_link_alternative_names(rtnl, ifindex, STRV_MAKE(old_name));
209+- if (r < 0)
210+- log_debug_errno(r, "Failed to set '%s' as an alternative name on network interface %i, ignoring: %m",
211+- old_name, ifindex);
212+- }
213+-
214+ return 0;
215+ }
216+
217diff --git a/debian/patches/lp2002445/sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch b/debian/patches/lp2002445/sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch
218new file mode 100644
219index 0000000..1619e97
220--- /dev/null
221+++ b/debian/patches/lp2002445/sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch
222@@ -0,0 +1,64 @@
223+From: Nick Rosbrook <nick.rosbrook@canonical.com>
224+Date: Wed, 2 Nov 2022 05:36:14 -0400
225+Subject: sd-netlink: restore altname on error in rtnl_set_link_name
226+
227+Origin: upstream, https://github.com/systemd/systemd/commit/4d600667f8
228+Bug-Ubuntu: https://launchpad.net/bugs/2002445
229+
230+If a current alternative name is to be used to rename a network
231+interface, the alternative name must be removed first. If interface
232+renaming fails, restore the alternative name that was deleted if
233+necessary.
234+---
235+ src/libsystemd/sd-netlink/netlink-util.c | 19 ++++++++++++++++---
236+ 1 file changed, 16 insertions(+), 3 deletions(-)
237+
238+diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c
239+index 88128d9..8a4c14c 100644
240+--- a/src/libsystemd/sd-netlink/netlink-util.c
241++++ b/src/libsystemd/sd-netlink/netlink-util.c
242+@@ -11,6 +11,7 @@
243+ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
244+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
245+ _cleanup_strv_free_ char **alternative_names = NULL;
246++ bool altname_deleted = false;
247+ int r;
248+
249+ assert(rtnl);
250+@@ -30,21 +31,33 @@ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
251+ if (r < 0)
252+ return log_debug_errno(r, "Failed to remove '%s' from alternative names on network interface %i: %m",
253+ name, ifindex);
254++
255++ altname_deleted = true;
256+ }
257+
258+ r = sd_rtnl_message_new_link(*rtnl, &message, RTM_SETLINK, ifindex);
259+ if (r < 0)
260+- return r;
261++ goto fail;
262+
263+ r = sd_netlink_message_append_string(message, IFLA_IFNAME, name);
264+ if (r < 0)
265+- return r;
266++ goto fail;
267+
268+ r = sd_netlink_call(*rtnl, message, 0, NULL);
269+ if (r < 0)
270+- return r;
271++ goto fail;
272+
273+ return 0;
274++
275++fail:
276++ if (altname_deleted) {
277++ int q = rtnl_set_link_alternative_names(rtnl, ifindex, STRV_MAKE(name));
278++ if (q < 0)
279++ log_debug_errno(q, "Failed to restore '%s' as an alternative name on network interface %i, ignoring: %m",
280++ name, ifindex);
281++ }
282++
283++ return r;
284+ }
285+
286+ int rtnl_set_link_properties(
287diff --git a/debian/patches/lp2002445/udev-attempt-device-rename-even-if-interface-is-up.patch b/debian/patches/lp2002445/udev-attempt-device-rename-even-if-interface-is-up.patch
288new file mode 100644
289index 0000000..4d007cd
290--- /dev/null
291+++ b/debian/patches/lp2002445/udev-attempt-device-rename-even-if-interface-is-up.patch
292@@ -0,0 +1,63 @@
293+From: Nick Rosbrook <nick.rosbrook@canonical.com>
294+Date: Fri, 2 Dec 2022 15:35:25 -0500
295+Subject: udev: attempt device rename even if interface is up
296+
297+Origin: upstream, https://github.com/systemd/systemd/commit/53584e7b61
298+Bug-Ubuntu: https://launchpad.net/bugs/2002445
299+
300+Currently rename_netif() will not attempt to rename a device if it is
301+already up, because the kernel will return -EBUSY unless live renaming
302+is allowed on the device. This restriction will be removed in a future
303+kernel version [1].
304+
305+To cover both cases, always attempt to rename the interface and return 0
306+if we get -EBUSY.
307+
308+[1] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=bd039b5ea2a9
309+
310+(modified to apply to v249.11)
311+---
312+ src/udev/udev-event.c | 16 +++++-----------
313+ 1 file changed, 5 insertions(+), 11 deletions(-)
314+
315+diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
316+index 56fe0a4..84822d9 100644
317+--- a/src/udev/udev-event.c
318++++ b/src/udev/udev-event.c
319+@@ -828,7 +828,6 @@ int udev_event_spawn(UdevEvent *event,
320+ static int rename_netif(UdevEvent *event) {
321+ sd_device *dev = event->dev;
322+ const char *oldname;
323+- unsigned flags;
324+ int ifindex, r;
325+
326+ if (!event->name)
327+@@ -856,16 +855,6 @@ static int rename_netif(UdevEvent *event) {
328+ return 0;
329+ }
330+
331+- r = rtnl_get_link_info(&event->rtnl, ifindex, NULL, &flags);
332+- if (r < 0)
333+- return log_device_warning_errno(dev, r, "Failed to get link flags: %m");
334+-
335+- if (FLAGS_SET(flags, IFF_UP)) {
336+- log_device_info(dev, "Network interface '%s' is already up, refusing to rename to '%s'.",
337+- oldname, event->name);
338+- return 0;
339+- }
340+-
341+ /* Set ID_RENAMING boolean property here, and drop it in the corresponding move uevent later. */
342+ r = device_add_property(dev, "ID_RENAMING", "1");
343+ if (r < 0)
344+@@ -887,6 +876,11 @@ static int rename_netif(UdevEvent *event) {
345+ return log_device_debug_errno(event->dev_db_clone, r, "Failed to update database under /run/udev/data/: %m");
346+
347+ r = rtnl_set_link_name(&event->rtnl, ifindex, event->name);
348++ if (r == -EBUSY) {
349++ log_device_info(dev, "Network interface '%s' is already up, cannot rename to '%s'.",
350++ oldname, event->name);
351++ return 0;
352++ }
353+ if (r < 0)
354+ return log_device_error_errno(dev, r, "Failed to rename network interface %i from '%s' to '%s': %m",
355+ ifindex, oldname, event->name);
356diff --git a/debian/patches/lp2002445/udev-net-allow-new-link-name-as-an-altname-before-renamin.patch b/debian/patches/lp2002445/udev-net-allow-new-link-name-as-an-altname-before-renamin.patch
357new file mode 100644
358index 0000000..2b00cd7
359--- /dev/null
360+++ b/debian/patches/lp2002445/udev-net-allow-new-link-name-as-an-altname-before-renamin.patch
361@@ -0,0 +1,36 @@
362+From: Nick Rosbrook <nick.rosbrook@canonical.com>
363+Date: Wed, 2 Nov 2022 11:05:01 -0400
364+Subject: udev/net: allow new link name as an altname before renaming happens
365+
366+Origin: upstream, https://github.com/systemd/systemd/commit/d0b31efc1a
367+Bug-Ubuntu: https://launchpad.net/bugs/2002445
368+
369+When configuring a link's alternative names, the link's new name to-be
370+is not allowed to be included because interface renaming will fail if
371+the new name is already present as an alternative name. However,
372+rtnl_set_link_name will delete the conflicting alternative name before
373+renaming the device, if necessary.
374+
375+Allow the new link name to be set as an alternative name before the
376+device is renamed. This means that if the rename is later skipped (i.e.
377+because the link is already up), then the name can at least still be
378+present as an alternative name.
379+
380+(modified to apply to v249.11)
381+---
382+ src/udev/net/link-config.c | 2 --
383+ 1 file changed, 2 deletions(-)
384+
385+diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
386+index 8dfe236..bb9bd37 100644
387+--- a/src/udev/net/link-config.c
388++++ b/src/udev/net/link-config.c
389+@@ -578,8 +578,6 @@ static int link_config_apply_alternative_names(sd_netlink **rtnl, const LinkConf
390+ }
391+ }
392+
393+- if (new_name)
394+- strv_remove(altnames, new_name);
395+ strv_remove(altnames, current_name);
396+
397+ r = rtnl_get_link_alternative_names(rtnl, ifindex, &current_altnames);
398diff --git a/debian/patches/lp2004478-network-dhcp4-accept-local-subnet-routes-from-DHCP.patch b/debian/patches/lp2004478-network-dhcp4-accept-local-subnet-routes-from-DHCP.patch
399new file mode 100644
400index 0000000..344fdd7
401--- /dev/null
402+++ b/debian/patches/lp2004478-network-dhcp4-accept-local-subnet-routes-from-DHCP.patch
403@@ -0,0 +1,54 @@
404+From: Tuetuopay <tuetuopay@me.com>
405+Date: Fri, 27 Jan 2023 15:10:49 +0100
406+Subject: network/dhcp4: accept local subnet routes from DHCP
407+
408+Origin: upstream, https://github.com/systemd/systemd/commit/1d84a3c7792a8910b05904937c703307ca19740f
409+Bug-Ubuntu: https://launchpad.net/bugs/2004478
410+
411+RFC3442 specifies option 121 (Classless Static Routes) that allow a DHCP
412+server to push arbitrary routes to a client. It has a Local Subnet
413+Routes section expliciting the behavior of routes with a null (0.0.0.0)
414+gateway.
415+
416+Such routes are to be installed on the interface with a Link scope, to
417+mark them as directly available on the link without any gateway.
418+
419+Networkd currently drops those routes, which is against the RFC, as
420+Linux has proper support for such routes.
421+
422+Fixes: 7f20627 ("network: dhcp4: ignore gateway in static routes if destination is link-local or in the same network")
423+---
424+ src/network/networkd-dhcp4.c | 19 +++++++++++--------
425+ 1 file changed, 11 insertions(+), 8 deletions(-)
426+
427+diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
428+index f80adcd..9b06edc 100644
429+--- a/src/network/networkd-dhcp4.c
430++++ b/src/network/networkd-dhcp4.c
431+@@ -349,15 +349,18 @@ static int dhcp4_request_route_auto(
432+ route->gw = IN_ADDR_NULL;
433+ route->prefsrc.in = address;
434+
435+- } else {
436+- if (in4_addr_is_null(gw)) {
437+- log_link_debug(link, "DHCP: requested route destination "IPV4_ADDRESS_FMT_STR"/%u is not in the assigned network "
438+- IPV4_ADDRESS_FMT_STR"/%u, but no gateway is specified, ignoring.",
439+- IPV4_ADDRESS_FMT_VAL(route->dst.in), route->dst_prefixlen,
440+- IPV4_ADDRESS_FMT_VAL(prefix), prefixlen);
441+- return 0;
442+- }
443++ } else if (in4_addr_is_null(gw)) {
444++ log_link_debug(link, "DHCP: requested route destination "IPV4_ADDRESS_FMT_STR"/%u is not in the assigned network "
445++ IPV4_ADDRESS_FMT_STR"/%u, but no gateway is specified, using 'link' scope.",
446++ IPV4_ADDRESS_FMT_VAL(route->dst.in), route->dst_prefixlen,
447++ IPV4_ADDRESS_FMT_VAL(prefix), prefixlen);
448++
449++ route->scope = RT_SCOPE_LINK;
450++ route->gw_family = AF_UNSPEC;
451++ route->gw = IN_ADDR_NULL;
452++ route->prefsrc.in = address;
453+
454++ } else {
455+ r = dhcp4_request_route_to_gateway(link, gw);
456+ if (r < 0)
457+ return r;
458diff --git a/debian/patches/lp2009502-Enable-dev-sgx_vepc-access-for-the-group-sgx.patch b/debian/patches/lp2009502-Enable-dev-sgx_vepc-access-for-the-group-sgx.patch
459new file mode 100644
460index 0000000..2f5adf2
461--- /dev/null
462+++ b/debian/patches/lp2009502-Enable-dev-sgx_vepc-access-for-the-group-sgx.patch
463@@ -0,0 +1,27 @@
464+From: Jarkko Sakkinen <jarkko.sakkinen@iki.fi>
465+Date: Sat, 11 Dec 2021 06:39:59 +0200
466+Subject: Enable /dev/sgx_vepc access for the group 'sgx'
467+
468+Origin: upstream, https://github.com/systemd/systemd/commit/b5d3138f9177bbc3505f42ba073d08d4f90b4888
469+Bug-Ubuntu: https://launchpad.net/bugs/2009502
470+
471+Enable /dev/sgx_vepc access for the group 'sgx', which allows KVM-backed VMs
472+to host Intel Software Guard eXtension (SGX) enclaves. The upcoming QEMU
473+6.2 uses /dev/sgx_vepc to reserve portions of Enclave Page Cache (EPC) for
474+VMs. EPC is the reserved physical memory used for hosting enclaves.
475+---
476+ rules.d/50-udev-default.rules.in | 1 +
477+ 1 file changed, 1 insertion(+)
478+
479+diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
480+index 18a3cf4..685b59a 100644
481+--- a/rules.d/50-udev-default.rules.in
482++++ b/rules.d/50-udev-default.rules.in
483+@@ -40,6 +40,7 @@ SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="render", MODE="{{GROUP_RENDER_MODE}
484+ SUBSYSTEM=="kfd", GROUP="render", MODE="{{GROUP_RENDER_MODE}}"
485+
486+ SUBSYSTEM=="misc", KERNEL=="sgx_enclave", GROUP="sgx", MODE="0660"
487++SUBSYSTEM=="misc", KERNEL=="sgx_vepc", GROUP="sgx", MODE="0660"
488+
489+ # When using static_node= with non-default permissions, also update
490+ # tmpfiles.d/static-nodes-permissions.conf.in to keep permissions synchronized.
491diff --git a/debian/patches/series b/debian/patches/series
492index 8bbe6c3..fb23adf 100644
493--- a/debian/patches/series
494+++ b/debian/patches/series
495@@ -99,3 +99,11 @@ lp1988078-sd-hwdb-include-sys-stat.h-in-hwdb-internal.h.patch
496 lp1988078-sd-hwdb-add-sd_hwdb_new_from_path.patch
497 lp1988078-hwdb-implement-root-option-for-systemd-hwdb-query.patch
498 lp1988994-Deny-list-TEST-58-REPART-on-ppc64el.patch
499+lp2004478-network-dhcp4-accept-local-subnet-routes-from-DHCP.patch
500+lp2002445/udev-net-allow-new-link-name-as-an-altname-before-renamin.patch
501+lp2002445/sd-netlink-do-not-swap-old-name-and-alternative-name.patch
502+lp2002445/sd-netlink-restore-altname-on-error-in-rtnl_set_link_name.patch
503+lp2002445/udev-attempt-device-rename-even-if-interface-is-up.patch
504+lp2002445/sd-netlink-add-a-test-for-rtnl_set_link_name.patch
505+lp2000880-network-create-stacked-netdevs-after-the-underlying-link-.patch
506+lp2009502-Enable-dev-sgx_vepc-access-for-the-group-sgx.patch

Subscribers

People subscribed via source and target branches