Ubuntu
systemd package

Merge ~enr0n/ubuntu/+source/systemd:ubuntu-jammy-sru into ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-jammy

Proposed by Nick Rosbrook on 2023-08-15

Status:

Merged

Merged at revision:

0b9eadf05ee6db0e009dacbc71521480095880b3

Proposed branch:

~enr0n/ubuntu/+source/systemd:ubuntu-jammy-sru

Merge into:

~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-jammy

Diff against target:

796 lines (+623/-45)

16 files modified

debian/patches/lp1977630-fix_machinectl_pull_tar.patch (+81/-0)
debian/patches/lp1978079-efi-pstore-not-cleared-on-boot.patch (+5/-4)
debian/patches/lp1991829-add-CAP_LINUX_IMMUTABLE-to-systemd-machined-so-it-ca.patch (+29/-0)
debian/patches/lp1999275/binfmt-check-if-binfmt-is-mounted-before-applying-rules.patch (+80/-0)
debian/patches/lp1999275/binfmt-util-also-check-if-binfmt-is-mounted-in-read-write.patch (+41/-0)
debian/patches/lp1999275/binfmt-util-split-out-binfmt_mounted.patch (+69/-0)
debian/patches/lp1999275/unit-check-more-specific-path-to-be-written-by-systemd-bi.patch (+26/-0)
debian/patches/lp2009743/network-dhcp4-do-not-ignore-the-gateway-even-if-the-desti.patch (+59/-0)
debian/patches/lp2009743/test-network-add-one-more-testcase-for-DHCPv4-classless-r.patch (+33/-0)
debian/patches/lp2013543-core-reorder-systemd-arguments-on-reexec.patch (+58/-0)
debian/patches/lp2025563-shutdown-get-only-active-md-arrays.patch (+67/-0)
debian/patches/lp2028180-udev-rules-fix-nvme-symlink-creation-on-namespace-changes.patch (+47/-0)
debian/patches/series (+11/-1)
debian/systemd.postinst (+16/-1)
debian/tests/tests-in-lxd (+1/-1)
dev/null (+0/-38)

Related bugs:

Bug #1977630: machinectl pull-tar/pull-raw Operation not permitted	High	Fix Released
Bug #1981622: mtd device must be supplied (device name is empty)	Medium	Fix Released
Bug #1982218: wait-online does not correctly identify managed links	Low	Fix Released
Bug #1991829: machinectl read-only does not work	Low	Fix Released
Bug #1999275: systemd-binfmt.service fails in tests-in-lxd	High	Fix Released
Bug #2009743: networkd: classless routes served by DHCP are created incorrectly	Low	Fix Released
Bug #2013543: systemctl daemon-reexec forgets running services and starts everything new	Medium	Fix Released
Bug #2023462: chromeos_pstore.service started on non chrome platform hardware.	Undecided	Fix Released
Bug #2025563: System can not shutdown if system has multiple VROC RAID arrays	Medium	Fix Released
Bug #2028180: [SRU][Ubuntu 22.04] Duplicate link for NVMe device by-id	Undecided	Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Lukas Märdian		2023-08-15	Approve on 2023-08-16
Review via email: mp+449220@code.launchpad.net

Description of the change

SRU several bug fixes to Jammy.

Revision history for this message

Lukas Märdian (slyon) wrote on 2023-08-16:

Thanks, lgtm!

I've added two inline comments about the "systemd-networkd-wait-online --any" behavior on GKE cloud images (see my forwarded email) and a potential systemd.postinst interference with debhelper for extra considerations.

review: Approve

Revision history for this message

Nick Rosbrook (enr0n) wrote on 2023-08-17:

Thanks for your review! I will review the email before proceeding.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Dimitri John Ledkov

Nick Rosbrook

Ubuntu Core Development Team

 diff --git a/debian/patches/debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch b/debian/patches/debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch
 deleted file mode 100644
 index 56295f5..0000000
 --- a/debian/patches/debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch
 +++ /dev/null
@@ -1,38 +0,0 @@
--From: Dimitri John Ledkov <xnox@ubuntu.com>
--Date: Mon, 26 Mar 2018 13:17:01 +0100
--Subject: wait-online: exit, if no links are managed.
--
--(cherry picked from commit 19d11f607ac0f8b1e31f72a8e9d3d44371b9dadb)
-----
-- src/network/wait-online/manager.c | 7 ++++++-
-- 1 file changed, 6 insertions(+), 1 deletion(-)
--
----- a/src/network/wait-online/manager.c
--+++ b/src/network/wait-online/manager.c
--@@ -118,6 +118,7 @@ static int manager_link_is_online(Manage
--
-- bool manager_configured(Manager *m) {
--         bool one_ready = false;
--+        bool none_managed = true;
--         const char *ifname;
--         Link *l;
--         int r;
--@@ -168,13 +169,17 @@ bool manager_configured(Manager *m) {
--                                                                          _LINK_OPERSTATE_INVALID });
--                 if (r < 0 && !m->any)
--                         return false;
--+                if (l->state && STR_IN_SET(l->state, "configured", "failed")) {
--+                        log_info("managing: %s", l->ifname);
--+                        none_managed = false;
--+                }
--                 if (r > 0)
--                         /* we wait for at least one link to be ready,
--                          * regardless of who manages it */
--                         one_ready = true;
--         }
--
---        return one_ready;
--+        return one_ready || none_managed;
-- }
--
-- static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void *userdata) {
 diff --git a/debian/patches/lp1977630-fix_machinectl_pull_tar.patch b/debian/patches/lp1977630-fix_machinectl_pull_tar.patch
 new file mode 100644
 index 0000000..675cd43
 --- /dev/null
 +++ b/debian/patches/lp1977630-fix_machinectl_pull_tar.patch
@@ -0,0 +1,81 @@
++From: Dan Streetman <ddstreet@ieee.org>
++Bug-Ubuntu: https://bugs.launchpad.net/bugs/1977630
++Forwarded: not-needed
++
++Since import_make_read_only handles a dir by chattr +i, that has to happen
++after renaming, since an immutable dir can't be renamed.
++
++--- a/src/import/pull-tar.c
+++++ b/src/import/pull-tar.c
++@@ -353,10 +353,6 @@ static void tar_pull_job_on_finished(Pul
++                 if (r < 0)
++                         goto finish;
++
++-                r = import_make_read_only(i->temp_path);
++-                if (r < 0)
++-                        goto finish;
++-
++                 r = rename_noreplace(AT_FDCWD, i->temp_path, AT_FDCWD, i->final_path);
++                 if (r < 0) {
++                         log_error_errno(r, "Failed to rename to final image name to %s: %m", i->final_path);
++@@ -365,6 +361,10 @@ static void tar_pull_job_on_finished(Pul
++
++                 i->temp_path = mfree(i->temp_path);
++
+++                r = import_make_read_only(i->final_path);
+++                if (r < 0)
+++                        goto finish;
+++
++                 if (i->settings_job &&
++                     i->settings_job->error == 0) {
++
++@@ -380,10 +380,6 @@ static void tar_pull_job_on_finished(Pul
++                         if (r < 0)
++                                 goto finish;
++
++-                        r = import_make_read_only(i->settings_temp_path);
++-                        if (r < 0)
++-                                goto finish;
++-
++                         r = rename_noreplace(AT_FDCWD, i->settings_temp_path, AT_FDCWD, i->settings_path);
++                         if (r < 0) {
++                                 log_error_errno(r, "Failed to rename settings file to %s: %m", i->settings_path);
++@@ -391,6 +387,10 @@ static void tar_pull_job_on_finished(Pul
++                         }
++
++                         i->settings_temp_path = mfree(i->settings_temp_path);
+++
+++                        r = import_make_read_only(i->settings_path);
+++                        if (r < 0)
+++                                goto finish;
++                 }
++         }
++
++--- a/src/import/import-tar.c
+++++ b/src/import/import-tar.c
++@@ -179,12 +179,6 @@ static int tar_import_finish(TarImport *
++         if (r < 0)
++                 return r;
++
++-        if (i->flags & IMPORT_READ_ONLY) {
++-                r = import_make_read_only(i->temp_path);
++-                if (r < 0)
++-                        return r;
++-        }
++-
++         if (i->flags & IMPORT_FORCE)
++                 (void) rm_rf(i->final_path, REMOVE_ROOT|REMOVE_PHYSICAL|REMOVE_SUBVOLUME);
++
++@@ -194,6 +188,12 @@ static int tar_import_finish(TarImport *
++
++         i->temp_path = mfree(i->temp_path);
++
+++        if (i->flags & IMPORT_READ_ONLY) {
+++                r = import_make_read_only(i->final_path);
+++                if (r < 0)
+++                        return r;
+++        }
+++
++         return 0;
++ }
++
 diff --git a/debian/patches/lp1978079-efi-pstore-not-cleared-on-boot.patch b/debian/patches/lp1978079-efi-pstore-not-cleared-on-boot.patch
 index 9331b73..49584bd 100644
 --- a/debian/patches/lp1978079-efi-pstore-not-cleared-on-boot.patch
 +++ b/debian/patches/lp1978079-efi-pstore-not-cleared-on-boot.patch
@@ -6,9 +6,10 @@ Subject: [PATCH] pstore: Run after modules are loaded
  Origin: upstream, https://github.com/systemd/systemd/commit/70e74a5997ae2ce7ba72a74ac949c3b2dad1a1d6
  Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1978079
  Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1981622
--Last-Updated: 2022-07-22
++Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2023462
++Last-Updated: 2023-08-02
--The original commit has been modified to not load mtdpstore.
++The original commit has been modified to only load efi_pstore, as that is all that was really needed.
  ---
  The systemd-pstore service takes pstore files on boot and transfers them
@@ -42,8 +43,8 @@ index 848e311e9642..86de30ad4a72 100644
   DefaultDependencies=no
   Conflicts=shutdown.target
   Before=sysinit.target shutdown.target
--+After=modprobe@efi_pstore.service modprobe@chromeos_pstore.service modprobe@ramoops.service modprobe@pstore_zone.service modprobe@pstore_blk.service
--+Wants=modprobe@efi_pstore.service modprobe@chromeos_pstore.service modprobe@ramoops.service modprobe@pstore_zone.service modprobe@pstore_blk.service
+++After=modprobe@efi_pstore.service
+++Wants=modprobe@efi_pstore.service
   [Service]
   Type=oneshot
 diff --git a/debian/patches/lp1991829-add-CAP_LINUX_IMMUTABLE-to-systemd-machined-so-it-ca.patch b/debian/patches/lp1991829-add-CAP_LINUX_IMMUTABLE-to-systemd-machined-so-it-ca.patch
 new file mode 100644
 index 0000000..d35aa0f
 --- /dev/null
 +++ b/debian/patches/lp1991829-add-CAP_LINUX_IMMUTABLE-to-systemd-machined-so-it-ca.patch
@@ -0,0 +1,29 @@
++From 137d162c42ed858613afc3d7493d08d4ae6d5c1b Mon Sep 17 00:00:00 2001
++From: Dan Streetman <ddstreet@ieee.org>
++Date: Fri, 16 Sep 2022 10:50:59 -0400
++Subject: [PATCH] add CAP_LINUX_IMMUTABLE to systemd-machined, so it can handle
++ machinectl read-only requests
++Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1991829
++Origin: upstream, https://github.com/systemd/systemd/pull/24697
++
++Without this, the 'machinectl read-only ...' command always fails.
++---
++ units/systemd-machined.service.in | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
++index e92f436dfd..d3f8abd9e4 100644
++--- a/units/systemd-machined.service.in
+++++ b/units/systemd-machined.service.in
++@@ -18,7 +18,7 @@ RequiresMountsFor=/var/lib/machines
++
++ [Service]
++ BusName=org.freedesktop.machine1
++-CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD
+++CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_LINUX_IMMUTABLE
++ ExecStart={{ROOTLIBEXECDIR}}/systemd-machined
++ IPAddressDeny=any
++ LockPersonality=yes
++--
++2.34.1
++
 diff --git a/debian/patches/lp1999275/binfmt-check-if-binfmt-is-mounted-before-applying-rules.patch b/debian/patches/lp1999275/binfmt-check-if-binfmt-is-mounted-before-applying-rules.patch
 new file mode 100644
 index 0000000..792097d
 --- /dev/null
 +++ b/debian/patches/lp1999275/binfmt-check-if-binfmt-is-mounted-before-applying-rules.patch
@@ -0,0 +1,80 @@
++From: Yu Watanabe <watanabe.yu+github@gmail.com>
++Date: Sat, 10 Dec 2022 11:42:50 +0900
++Subject: binfmt: check if binfmt is mounted before applying rules
++
++Origin: upstream, https://github.com/systemd/systemd/commit/94ba5b15329d9d19277ca418bfd0266da98f7b2a
++Bug-Ubuntu: https://launchpad.net/bugs/1999275
++
++---
++ src/binfmt/binfmt.c      | 19 +++++++++++++++++++
++ src/shared/binfmt-util.c |  2 +-
++ src/shared/binfmt-util.h |  1 +
++ 3 files changed, 21 insertions(+), 1 deletion(-)
++
++diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c
++index 981218f..999ccd0 100644
++--- a/src/binfmt/binfmt.c
+++++ b/src/binfmt/binfmt.c
++@@ -184,6 +184,18 @@ static int parse_argv(int argc, char *argv[]) {
++         return 1;
++ }
++
+++static int binfmt_mounted_warn(void) {
+++        int r;
+++
+++        r = binfmt_mounted();
+++        if (r < 0)
+++                return log_error_errno(r, "Failed to check if /proc/sys/fs/binfmt_misc is mounted: %m");
+++        if (r == 0)
+++                log_debug("/proc/sys/fs/binfmt_misc is not mounted in read-write mode, skipping.");
+++
+++        return r;
+++}
+++
++ static int run(int argc, char *argv[]) {
++         int r, k;
++
++@@ -201,6 +213,9 @@ static int run(int argc, char *argv[]) {
++                 return disable_binfmt();
++
++         if (argc > optind) {
+++                r = binfmt_mounted_warn();
+++                if (r <= 0)
+++                        return r;
++                 int i;
++
++                 for (i = optind; i < argc; i++) {
++@@ -222,6 +237,10 @@ static int run(int argc, char *argv[]) {
++                         return cat_files(NULL, files, 0);
++                 }
++
+++                r = binfmt_mounted_warn();
+++                if (r <= 0)
+++                        return r;
+++
++                 /* Flush out all rules */
++                 (void) write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", WRITE_STRING_FILE_DISABLE_BUFFER);
++
++diff --git a/src/shared/binfmt-util.c b/src/shared/binfmt-util.c
++index 51fc245..a261754 100644
++--- a/src/shared/binfmt-util.c
+++++ b/src/shared/binfmt-util.c
++@@ -12,7 +12,7 @@
++ #include "missing_magic.h"
++ #include "stat-util.h"
++
++-static int binfmt_mounted(void) {
+++int binfmt_mounted(void) {
++         _cleanup_close_ int fd = -EBADF;
++         int r;
++
++diff --git a/src/shared/binfmt-util.h b/src/shared/binfmt-util.h
++index 2f008d1..13f4548 100644
++--- a/src/shared/binfmt-util.h
+++++ b/src/shared/binfmt-util.h
++@@ -1,4 +1,5 @@
++ /* SPDX-License-Identifier: LGPL-2.1-or-later */
++ #pragma once
++
+++int binfmt_mounted(void);
++ int disable_binfmt(void);
 diff --git a/debian/patches/lp1999275/binfmt-util-also-check-if-binfmt-is-mounted-in-read-write.patch b/debian/patches/lp1999275/binfmt-util-also-check-if-binfmt-is-mounted-in-read-write.patch
 new file mode 100644
 index 0000000..9541dbd
 --- /dev/null
 +++ b/debian/patches/lp1999275/binfmt-util-also-check-if-binfmt-is-mounted-in-read-write.patch
@@ -0,0 +1,41 @@
++From: Yu Watanabe <watanabe.yu+github@gmail.com>
++Date: Sat, 10 Dec 2022 11:32:24 +0900
++Subject: binfmt-util: also check if binfmt is mounted in read-write
++
++Origin: upstream, https://github.com/systemd/systemd/commit/5aaa79ce96997825b4dcdcf5be10d8f955fb3339
++Bug-Ubuntu: https://launchpad.net/bugs/1999275
++
++---
++ src/shared/binfmt-util.c | 5 +++--
++ 1 file changed, 3 insertions(+), 2 deletions(-)
++
++diff --git a/src/shared/binfmt-util.c b/src/shared/binfmt-util.c
++index e813c3e..51fc245 100644
++--- a/src/shared/binfmt-util.c
+++++ b/src/shared/binfmt-util.c
++@@ -8,6 +8,7 @@
++ #include "errno-util.h"
++ #include "fd-util.h"
++ #include "fileio.h"
+++#include "fs-util.h"
++ #include "missing_magic.h"
++ #include "stat-util.h"
++
++@@ -25,7 +26,7 @@ static int binfmt_mounted(void) {
++         if (r <= 0)
++                 return r;
++
++-        return true;
+++        return access_fd(fd, W_OK) >= 0;
++ }
++
++ int disable_binfmt(void) {
++@@ -41,7 +42,7 @@ int disable_binfmt(void) {
++         if (r < 0)
++                 return log_warning_errno(r, "Failed to determine whether binfmt_misc is mounted: %m");
++         if (r == 0) {
++-                log_debug("binfmt_misc is not mounted, not detaching entries.");
+++                log_debug("binfmt_misc is not mounted in read-write mode, not detaching entries.");
++                 return 0;
++         }
++
 diff --git a/debian/patches/lp1999275/binfmt-util-split-out-binfmt_mounted.patch b/debian/patches/lp1999275/binfmt-util-split-out-binfmt_mounted.patch
 new file mode 100644
 index 0000000..74f1d4c
 --- /dev/null
 +++ b/debian/patches/lp1999275/binfmt-util-split-out-binfmt_mounted.patch
@@ -0,0 +1,69 @@
++From: Yu Watanabe <watanabe.yu+github@gmail.com>
++Date: Sat, 10 Dec 2022 11:25:28 +0900
++Subject: binfmt-util: split out binfmt_mounted()
++
++Origin: upstream, https://github.com/systemd/systemd/commit/a51a9684c926af917ad1b8e2f34538aee3c7ce2d
++Bug-Ubuntu: https://launchpad.net/bugs/1999275
++
++No functional changes, just refactoring and preparation for later
++commits.
++
++(modified to apply to v249.11)
++---
++ src/shared/binfmt-util.c | 29 +++++++++++++++++++++++++----
++ 1 file changed, 25 insertions(+), 4 deletions(-)
++
++diff --git a/src/shared/binfmt-util.c b/src/shared/binfmt-util.c
++index 724d7f2..d149382 100644
++--- a/src/shared/binfmt-util.c
+++++ b/src/shared/binfmt-util.c
++@@ -5,10 +5,31 @@
++ #include <sys/vfs.h>
++
++ #include "binfmt-util.h"
+++#include "errno-util.h"
+++#include "fd-util.h"
++ #include "fileio.h"
++ #include "missing_magic.h"
++ #include "stat-util.h"
++
+++static int binfmt_mounted(void) {
+++        _cleanup_close_ int fd = -EBADF;
+++        int r;
+++
+++        fd = open("/proc/sys/fs/binfmt_misc", O_CLOEXEC | O_DIRECTORY | O_PATH);
+++        if (fd < 0)
+++                fd = -errno;
+++        if (fd == -ENOENT)
+++                return false;
+++        if (fd < 0)
+++                return fd;
+++
+++        r = fd_is_fs_type(fd, BINFMTFS_MAGIC);
+++        if (r <= 0)
+++                return r;
+++
+++        return true;
+++}
+++
++ int disable_binfmt(void) {
++         int r;
++
++@@ -18,13 +39,13 @@ int disable_binfmt(void) {
++          * We are a bit careful here, since binfmt_misc might still be an autofs which we don't want to
++          * trigger. */
++
++-        r = path_is_fs_type("/proc/sys/fs/binfmt_misc", BINFMTFS_MAGIC);
++-        if (r == 0 || r == -ENOENT) {
+++        r = binfmt_mounted();
+++        if (r < 0)
+++                return log_warning_errno(r, "Failed to determine whether binfmt_misc is mounted: %m");
+++        if (r == 0) {
++                 log_debug("binfmt_misc is not mounted, not detaching entries.");
++                 return 0;
++         }
++-        if (r < 0)
++-                return log_warning_errno(r, "Failed to determine whether binfmt_misc is mounted: %m");
++
++         r = write_string_file("/proc/sys/fs/binfmt_misc/status", "-1", WRITE_STRING_FILE_DISABLE_BUFFER);
++         if (r < 0)
 diff --git a/debian/patches/lp1999275/unit-check-more-specific-path-to-be-written-by-systemd-bi.patch b/debian/patches/lp1999275/unit-check-more-specific-path-to-be-written-by-systemd-bi.patch
 new file mode 100644
 index 0000000..5f0cfe2
 --- /dev/null
 +++ b/debian/patches/lp1999275/unit-check-more-specific-path-to-be-written-by-systemd-bi.patch
@@ -0,0 +1,26 @@
++From: Yu Watanabe <watanabe.yu+github@gmail.com>
++Date: Sat, 10 Dec 2022 11:46:45 +0900
++Subject: unit: check more specific path to be written by systemd-binfmt
++
++Origin: upstream, https://github.com/systemd/systemd/commit/f74a7cb45c2458f90de6d37c70fa3afc1a3be279
++Bug-Ubuntu: https://launchpad.net/bugs/1999275
++
++Follow-up for 41807efb1594ae8e71e0255e154ea7d17be2251a.
++Replaces #25690.
++---
++ units/systemd-binfmt.service.in | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++diff --git a/units/systemd-binfmt.service.in b/units/systemd-binfmt.service.in
++index 96f595a..5bf3e99 100644
++--- a/units/systemd-binfmt.service.in
+++++ b/units/systemd-binfmt.service.in
++@@ -18,7 +18,7 @@ After=proc-sys-fs-binfmt_misc.automount
++ After=proc-sys-fs-binfmt_misc.mount
++ After=local-fs.target
++ Before=sysinit.target shutdown.target
++-ConditionPathIsReadWrite=/proc/sys/
+++ConditionPathIsMountPoint=/proc/sys/fs/binfmt_misc
++ ConditionDirectoryNotEmpty=|/lib/binfmt.d
++ ConditionDirectoryNotEmpty=|/usr/lib/binfmt.d
++ ConditionDirectoryNotEmpty=|/usr/local/lib/binfmt.d
 diff --git a/debian/patches/lp2009743/network-dhcp4-do-not-ignore-the-gateway-even-if-the-desti.patch b/debian/patches/lp2009743/network-dhcp4-do-not-ignore-the-gateway-even-if-the-desti.patch
 new file mode 100644
 index 0000000..b83201f
 --- /dev/null
 +++ b/debian/patches/lp2009743/network-dhcp4-do-not-ignore-the-gateway-even-if-the-desti.patch
@@ -0,0 +1,59 @@
++From: Yu Watanabe <watanabe.yu+github@gmail.com>
++Date: Fri, 7 Jul 2023 06:31:04 +0900
++Subject: network/dhcp4: do not ignore the gateway even if the destination is
++ in the same network
++
++Origin: upstream, https://github.com/systemd/systemd/commit/77451f654a89d822cd288883edfac315949d1cb6
++Bug-Ubuntu: https://launchpad.net/bugs/2009743
++
++Fixes #28280.
++
++(modified to apply to v249.11)
++---
++ src/network/networkd-dhcp4.c | 12 ++++++++----
++ 1 file changed, 8 insertions(+), 4 deletions(-)
++
++diff --git a/src/network/networkd-dhcp4.c b/src/network/networkd-dhcp4.c
++index 9b06edc..8dc85a4 100644
++--- a/src/network/networkd-dhcp4.c
+++++ b/src/network/networkd-dhcp4.c
++@@ -290,7 +290,8 @@ static int dhcp4_request_route_to_gateway(Link *link, const struct in_addr *gw)
++ static int dhcp4_request_route_auto(
++                 Route *in,
++                 Link *link,
++-                const struct in_addr *gw) {
+++                const struct in_addr *gw,
+++                bool force_use_gw) {
++
++         _cleanup_(route_freep) Route *route = in;
++         struct in_addr address, netmask, prefix;
++@@ -335,7 +336,8 @@ static int dhcp4_request_route_auto(
++                 route->gw = IN_ADDR_NULL;
++                 route->prefsrc.in = address;
++
++-        } else if (route->dst_prefixlen >= prefixlen &&
+++        } else if (!force_use_gw &&
+++                   route->dst_prefixlen >= prefixlen &&
++                    (route->dst.in.s_addr & netmask.s_addr) == prefix.s_addr) {
++                 if (in4_addr_is_set(gw))
++                         log_link_debug(link, "DHCP: requested route destination "IPV4_ADDRESS_FMT_STR"/%u is in the assigned network "
++@@ -450,7 +452,9 @@ static int dhcp4_request_static_routes(Link *link, struct in_addr *ret_default_g
++                     in4_addr_is_null(&default_gw))
++                         default_gw = gw;
++
++-                r = dhcp4_request_route_auto(TAKE_PTR(route), link, &gw);
+++                /* Do not ignore the gateway given by the classless route option even if the destination is
+++                 * in the same network. See issue #28280. */
+++                r = dhcp4_request_route_auto(TAKE_PTR(route), link, &gw, /* force_use_gw = */ classless_route);
++                 if (r < 0)
++                         return r;
++         }
++@@ -575,7 +579,7 @@ static int dhcp4_request_routes_to_servers(
++                 route->table = link_get_dhcp_route_table(link);
++                 route->mtu = link->network->dhcp_route_mtu;
++
++-                r = dhcp4_request_route_auto(TAKE_PTR(route), link, gw);
+++                r = dhcp4_request_route_auto(TAKE_PTR(route), link, gw, /* force_use_gw = */ false);
++                 if (r < 0)
++                         return r;
++         }
 diff --git a/debian/patches/lp2009743/test-network-add-one-more-testcase-for-DHCPv4-classless-r.patch b/debian/patches/lp2009743/test-network-add-one-more-testcase-for-DHCPv4-classless-r.patch
 new file mode 100644
 index 0000000..c19e9f7
 --- /dev/null
 +++ b/debian/patches/lp2009743/test-network-add-one-more-testcase-for-DHCPv4-classless-r.patch
@@ -0,0 +1,33 @@
++From: Yu Watanabe <watanabe.yu+github@gmail.com>
++Date: Fri, 7 Jul 2023 06:57:04 +0900
++Subject: test-network: add one more testcase for DHCPv4 classless route
++
++Origin: upstream, https://github.com/systemd/systemd/commit/86f6760038477e9e27ccea580f1b3b27328a98a7
++Bug-Ubuntu: https://launchpad.net/bugs/2009743
++
++For issue #28280.
++---
++ test/test-network/systemd-networkd-tests.py | 3 ++-
++ 1 file changed, 2 insertions(+), 1 deletion(-)
++
++diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
++index aab7b57..5143381 100755
++--- a/test/test-network/systemd-networkd-tests.py
+++++ b/test/test-network/systemd-networkd-tests.py
++@@ -3999,7 +3999,7 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities):
++         self.wait_online(['veth-peer:carrier'])
++         additional_options = '--dhcp-option=option:dns-server,192.168.5.10,8.8.8.8 --dhcp-option=option:ntp-server,192.168.5.11,9.9.9.9 --dhcp-option=option:static-route,192.168.5.100,192.168.5.2,8.8.8.8,192.168.5.3'
++         if classless:
++-            additional_options += ' --dhcp-option=option:classless-static-route,0.0.0.0/0,192.168.5.4,8.0.0.0/8,192.168.5.5'
+++            additional_options += ' --dhcp-option=option:classless-static-route,0.0.0.0/0,192.168.5.4,8.0.0.0/8,192.168.5.5,192.168.5.64/26,192.168.5.5'
++         start_dnsmasq(additional_options=additional_options, lease_time='2m')
++         self.wait_online(['veth99:routable', 'veth-peer:routable'])
++
++@@ -4011,6 +4011,7 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities):
++             if classless:
++                 self.assertRegex(output, r'default via 192.168.5.4 proto dhcp src 192.168.5.[0-9]* metric 1024')
++                 self.assertRegex(output, r'8.0.0.0/8 via 192.168.5.5 proto dhcp src 192.168.5.[0-9]* metric 1024')
+++                self.assertRegex(output, r'192.168.5.64/26 via 192.168.5.5 proto dhcp src 192.168.5.[0-9]* metric 1024')
++                 self.assertRegex(output, r'192.168.5.4 proto dhcp scope link src 192.168.5.[0-9]* metric 1024')
++                 self.assertRegex(output, r'192.168.5.5 proto dhcp scope link src 192.168.5.[0-9]* metric 1024')
++             else:
 diff --git a/debian/patches/lp2013543-core-reorder-systemd-arguments-on-reexec.patch b/debian/patches/lp2013543-core-reorder-systemd-arguments-on-reexec.patch
 new file mode 100644
 index 0000000..b4bb1ff
 --- /dev/null
 +++ b/debian/patches/lp2013543-core-reorder-systemd-arguments-on-reexec.patch
@@ -0,0 +1,58 @@
++From: Frantisek Sumsal <frantisek@sumsal.cz>
++Date: Thu, 29 Jun 2023 13:31:19 +0200
++Subject: core: reorder systemd arguments on reexec
++
++Origin: upstream, https://github.com/systemd/systemd/commit/163be31d380fbdcb56ec06c09e81774840df90dc
++Bug-Ubuntu: https://launchpad.net/bugs/2013543
++
++When reexecuting system let's put our arguments carrying deserialization
++info first followed by any existing arguments to make sure they get
++parsed in case we get weird stuff from the kernel cmdline (like --).
++
++See: https://github.com/systemd/systemd/issues/28184
++(cherry picked from commit 06afda6b38d5d730fca3c65449096425933272bc)
++(cherry picked from commit 884ab38057dca70b8779c85884f4646057e80921)
++---
++ src/core/main.c            | 6 +++++-
++ test/TEST-01-BASIC/test.sh | 5 +++++
++ 2 files changed, 10 insertions(+), 1 deletion(-)
++
++diff --git a/src/core/main.c b/src/core/main.c
++index 66897c2..1bb3b6b 100644
++--- a/src/core/main.c
+++++ b/src/core/main.c
++@@ -1797,13 +1797,17 @@ static void do_reexecute(
++                 xsprintf(sfd, "%i", fileno(arg_serialization));
++
++                 i = 1;         /* Leave args[0] empty for now. */
++-                filter_args(args, &i, argv, argc);
++
+++                /* Put our stuff first to make sure it always gets parsed in case
+++                 * we get weird stuff from the kernel cmdline (like --) */
++                 if (switch_root_dir)
++                         args[i++] = "--switched-root";
++                 args[i++] = arg_system ? "--system" : "--user";
++                 args[i++] = "--deserialize";
++                 args[i++] = sfd;
+++
+++                filter_args(args, &i, argv, argc);
+++
++                 args[i++] = NULL;
++
++                 assert(i <= args_size);
++diff --git a/test/TEST-01-BASIC/test.sh b/test/TEST-01-BASIC/test.sh
++index d42c0df..dbca6ac 100755
++--- a/test/TEST-01-BASIC/test.sh
+++++ b/test/TEST-01-BASIC/test.sh
++@@ -6,6 +6,11 @@ IMAGE_NAME="basic"
++ RUN_IN_UNPRIVILEGED_CONTAINER=${RUN_IN_UNPRIVILEGED_CONTAINER:-yes}
++ TEST_REQUIRE_INSTALL_TESTS=0
++
+++# Check if we can correctly deserialize if the kernel cmdline contains "weird" stuff
+++# like an invalid argument, "end of arguments" separator, or a sysvinit argument (-z)
+++# See: https://github.com/systemd/systemd/issues/28184
+++KERNEL_APPEND="foo -- -z bar --- baz $KERNEL_APPEND"
+++
++ # shellcheck source=test/test-functions
++ . "${TEST_BASE_DIR:?}/test-functions"
++
 diff --git a/debian/patches/lp2025563-shutdown-get-only-active-md-arrays.patch b/debian/patches/lp2025563-shutdown-get-only-active-md-arrays.patch
 new file mode 100644
 index 0000000..d2cc39f
 --- /dev/null
 +++ b/debian/patches/lp2025563-shutdown-get-only-active-md-arrays.patch
@@ -0,0 +1,67 @@
++From: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
++Date: Tue, 29 Mar 2022 12:49:54 +0200
++Subject: shutdown: get only active md arrays.
++
++Origin: upstream, https://github.com/systemd/systemd/commit/3a3b022d2cc112803ea7b9beea98bbcad110368a
++Bug-Ubuntu: https://launchpad.net/bugs/2025563
++
++Current md_list_get() implementation filters all block devices, started from
++"md*". This is ambiguous because list could contain:
++- partitions created upon md device (mdXpY)
++- external metadata container- specific type of md array.
++
++For partitions there is no issue, because they aren't handle STOP_ARRAY
++ioctl sent later. It generates misleading errors only.
++
++Second case is more problematic because containers are not locked in kernel.
++They are stopped even if container member array is active. For that reason
++reboot or shutdown flow could be blocked because metadata manager cannot be
++restarted after switch root on shutdown.
++
++Add filters to remove partitions and containers from md_list. Partitions
++can be excluded by DEVTYPE. Containers are determined by MD_LEVEL
++property, we are excluding all with "container" value.
++
++Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
++---
++ src/shutdown/umount.c | 18 +++++++++++++++++-
++ 1 file changed, 17 insertions(+), 1 deletion(-)
++
++diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c
++index 1f945b7..9325870 100644
++--- a/src/shutdown/umount.c
+++++ b/src/shutdown/umount.c
++@@ -352,9 +352,14 @@ static int md_list_get(MountPoint **head) {
++         if (r < 0)
++                 return r;
++
+++        /* Filter out partitions. */
+++        r = sd_device_enumerator_add_match_property(e, "DEVTYPE", "disk");
+++        if (r < 0)
+++                return r;
+++
++         FOREACH_DEVICE(e, d) {
++                 _cleanup_free_ char *p = NULL;
++-                const char *dn;
+++                const char *dn, *md_level;
++                 MountPoint *m;
++                 dev_t devnum;
++
++@@ -362,6 +367,17 @@ static int md_list_get(MountPoint **head) {
++                     sd_device_get_devname(d, &dn) < 0)
++                         continue;
++
+++                r = sd_device_get_property_value(d, "MD_LEVEL", &md_level);
+++                if (r < 0) {
+++                        log_warning_errno(r, "Failed to get MD_LEVEL property for %s, ignoring: %m", dn);
+++                        continue;
+++                }
+++
+++                /* MD "containers" are a special type of MD devices, used for external metadata.
+++                 * Since it doesn't provide RAID functionality in itself we don't need to stop it. */
+++                if (streq(md_level, "container"))
+++                        continue;
+++
++                 p = strdup(dn);
++                 if (!p)
++                         return -ENOMEM;
 diff --git a/debian/patches/lp2028180-udev-rules-fix-nvme-symlink-creation-on-namespace-changes.patch b/debian/patches/lp2028180-udev-rules-fix-nvme-symlink-creation-on-namespace-changes.patch
 new file mode 100644
 index 0000000..6f1adfe
 --- /dev/null
 +++ b/debian/patches/lp2028180-udev-rules-fix-nvme-symlink-creation-on-namespace-changes.patch
@@ -0,0 +1,47 @@
++From: Thomas Blume <Thomas.Blume@suse.com>
++Date: Thu, 2 Mar 2023 12:06:13 +0100
++Subject: udev-rules: fix nvme symlink creation on namespace changes
++
++Origin: upstream, https://github.com/systemd/systemd/commit/c5ba7a2a4dd19a2d31b8a9d52d3c4bdde78387f0
++Bug-Ubuntu: https://launchpad.net/bugs/2028180
++
++The nvme by-id symlink changes to the latest namespace when a new namespace gets
++added, for example by connecting multiple NVMe/TCP host controllers via nvme
++connect-all.
++That is incorrect for persistent device links.
++The persistent symbolic device link should continue to point to the same NVMe
++namespace throughout the lifetime of the current boot.
++Therefore the namespace id needs to be added to the link name.
++
++(modified to apply to v249.11)
++---
++ rules.d/60-persistent-storage.rules | 8 ++++++++
++ 1 file changed, 8 insertions(+)
++
++diff --git a/rules.d/60-persistent-storage.rules b/rules.d/60-persistent-storage.rules
++index a2417cd..1e78f04 100644
++--- a/rules.d/60-persistent-storage.rules
+++++ b/rules.d/60-persistent-storage.rules
++@@ -37,14 +37,22 @@ KERNEL=="nvme*[0-9]n*[0-9]", ENV{DEVTYPE}=="disk", ATTRS{serial}=="?*", ENV{ID_S
++ KERNEL=="nvme*[0-9]n*[0-9]", ENV{DEVTYPE}=="disk", ATTRS{wwid}=="?*", ENV{ID_WWN}="$attr{wwid}"
++ KERNEL=="nvme*[0-9]n*[0-9]", ENV{DEVTYPE}=="disk", ATTRS{model}=="?*", ENV{ID_MODEL}="$attr{model}"
++ KERNEL=="nvme*[0-9]n*[0-9]", ENV{DEVTYPE}=="disk", ATTRS{firmware_rev}=="?*", ENV{ID_REVISION}="$attr{firmware_rev}"
+++KERNEL=="nvme*[0-9]n*[0-9]", ENV{DEVTYPE}=="disk", ATTRS{nsid}=="?*", ENV{ID_NSID}="$attr{nsid}"
+++# obsolete symlink that might get overridden on adding a new nvme controller, kept for backward compatibility
++ KERNEL=="nvme*[0-9]n*[0-9]", ENV{DEVTYPE}=="disk", ENV{ID_MODEL}=="?*", ENV{ID_SERIAL_SHORT}=="?*", \
++   OPTIONS="string_escape=replace", ENV{ID_SERIAL}="$env{ID_MODEL}_$env{ID_SERIAL_SHORT}", SYMLINK+="disk/by-id/nvme-$env{ID_SERIAL}"
+++KERNEL=="nvme*[0-9]n*[0-9]", ENV{DEVTYPE}=="disk", ENV{ID_MODEL}=="?*", ENV{ID_SERIAL_SHORT}=="?*", ENV{ID_NSID}=="?*",\
+++  OPTIONS="string_escape=replace", ENV{ID_SERIAL}="$env{ID_MODEL}_$env{ID_SERIAL_SHORT}_$env{ID_NSID}", SYMLINK+="disk/by-id/nvme-$env{ID_SERIAL}"
++
++ KERNEL=="nvme*[0-9]n*[0-9]p*[0-9]", ENV{DEVTYPE}=="partition", ATTRS{serial}=="?*", ENV{ID_SERIAL_SHORT}="$attr{serial}"
++ KERNEL=="nvme*[0-9]n*[0-9]p*[0-9]", ENV{DEVTYPE}=="partition", ATTRS{model}=="?*", ENV{ID_MODEL}="$attr{model}"
++ KERNEL=="nvme*[0-9]n*[0-9]p*[0-9]", ENV{DEVTYPE}=="partition", ATTRS{firmware_rev}=="?*", ENV{ID_REVISION}="$attr{firmware_rev}"
+++KERNEL=="nvme*[0-9]n*[0-9]p*[0-9]", ENV{DEVTYPE}=="partition", ATTRS{nsid}=="?*", ENV{ID_NSID}="$attr{nsid}"
+++# obsolete symlink that might get overridden on adding a new nvme controller, kept for backward compatibility
++ KERNEL=="nvme*[0-9]n*[0-9]p*[0-9]", ENV{DEVTYPE}=="partition", ENV{ID_MODEL}=="?*", ENV{ID_SERIAL_SHORT}=="?*", \
++   OPTIONS="string_escape=replace", ENV{ID_SERIAL}="$env{ID_MODEL}_$env{ID_SERIAL_SHORT}", SYMLINK+="disk/by-id/nvme-$env{ID_SERIAL}-part%n"
+++KERNEL=="nvme*[0-9]n*[0-9]p*[0-9]", ENV{DEVTYPE}=="partition", ENV{ID_MODEL}=="?*", ENV{ID_SERIAL_SHORT}=="?*",  ENV{ID_NSID}=="?*",\
+++  OPTIONS="string_escape=replace", ENV{ID_SERIAL}="$env{ID_MODEL}_$env{ID_SERIAL_SHORT}_$env{ID_NSID}", SYMLINK+="disk/by-id/nvme-$env{ID_SERIAL}-part%n"
++
++ # virtio-blk
++ KERNEL=="vd*[!0-9]", ATTRS{serial}=="?*", ENV{ID_SERIAL}="$attr{serial}", SYMLINK+="disk/by-id/virtio-$env{ID_SERIAL}"
 diff --git a/debian/patches/series b/debian/patches/series
 index c98336a..7730bb0 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -46,7 +46,6 @@ debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch
  debian/Ubuntu-units-set-ConditionVirtualization-private-users-on-j.patch
  debian/UBUNTU-Add-AssumedApparmorLabel-unconfined-to-timedate1-dbus.patch
  debian/UBUNTU-test-test-functions-launch-qemu-with-vga-none.patch
--debian/UBUNTU-wait-online-exit-if-no-links-are-managed.patch
  debian/UBUNTU-journald.service-set-Nice-1-to-dodge-watchdog-on-soft-loc.patch
  debian/UBUNTU-units-block-CAP_SYS_MODULE-units-in-containers-too.patch
  debian/UBUNTU-test-sleep-skip-test_fiemap-upon-inapproriate-ioctl-.patch
@@ -113,3 +112,14 @@ lp2002445/sd-device-make-device_set_syspath-clear-sysname-and-sysnu.patch
  lp2002445/udev-restore-syspath-and-properties-on-failure.patch
  lp2002445/sd-device-introduce-device_get_property_int.patch
  lp2002445/core-device-ignore-failed-uevents.patch
++lp2025563-shutdown-get-only-active-md-arrays.patch
++lp2028180-udev-rules-fix-nvme-symlink-creation-on-namespace-changes.patch
++lp2013543-core-reorder-systemd-arguments-on-reexec.patch
++lp2009743/network-dhcp4-do-not-ignore-the-gateway-even-if-the-desti.patch
++lp2009743/test-network-add-one-more-testcase-for-DHCPv4-classless-r.patch
++lp1977630-fix_machinectl_pull_tar.patch
++lp1991829-add-CAP_LINUX_IMMUTABLE-to-systemd-machined-so-it-ca.patch
++lp1999275/binfmt-util-split-out-binfmt_mounted.patch
++lp1999275/binfmt-util-also-check-if-binfmt-is-mounted-in-read-write.patch
++lp1999275/binfmt-check-if-binfmt-is-mounted-before-applying-rules.patch
++lp1999275/unit-check-more-specific-path-to-be-written-by-systemd-bi.patch
 diff --git a/debian/systemd.postinst b/debian/systemd.postinst
 index d6799d0..73c529c 100644
 --- a/debian/systemd.postinst
 +++ b/debian/systemd.postinst
@@ -87,7 +87,22 @@ fi
  # skip daemon-reexec and try-restarts during shutdown to avoid hitting LP: #1803391
  if [ -n "$2" ] && [ "$(systemctl is-system-running)" != "stopping" ]; then
--    _systemctl daemon-reexec || true
++    # LP: #2013543 - the systemd cmdline can get mangled depending on the
++    # contents of /proc/cmdline, which causes systemd to fail to deserialize
++    # it's previous state on daemon-reexec. This means that for upgrades from
++    # affected versions, we need a reboot and cannot re-exec here, else the
++    # bug could be triggered.
++    if dpkg --compare-versions "$2" lt "249.11-0ubuntu3.10~"; then
++        if ! grep -Fqsx systemd /run/reboot-required.pkgs; then
++            echo systemd >> /run/reboot-required.pkgs || true
++        fi
++
++        # Reload to avoid warnings when restarting services below
++        _systemctl daemon-reload || true
++    else
++        _systemctl daemon-reexec || true
++    fi
++
      # don't restart logind; this can be done again once this gets implemented:
      # https://github.com/systemd/systemd/issues/1163
      if dpkg --compare-versions "$2" lt-nl "246.2-2~"; then
 diff --git a/debian/tests/tests-in-lxd b/debian/tests/tests-in-lxd
 index b442ed1..6d5921b 100644
 --- a/debian/tests/tests-in-lxd
 +++ b/debian/tests/tests-in-lxd
@@ -52,7 +52,7 @@ lxc exec systemd-lxc -- sh -c "echo [Service] > /etc/systemd/system/systemd-sysu
  lxc exec systemd-lxc -- sh -c "echo LoadCredential= >> /etc/systemd/system/systemd-sysusers.service.d/override.conf"
  lxc stop systemd-lxc
--lxc publish systemd-lxc --alias $IMAGE
++lxc publish systemd-lxc --reuse --alias $IMAGE
  for t in unit-tests boot-and-services; do
      autopkgtest -U -B . --test-name=$t -- lxd $IMAGE || [ $? = 2 ] # see Debian's #960267

Ubuntusystemd package

Merge ~enr0n/ubuntu/+source/systemd:ubuntu-jammy-sru into ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-jammy

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
systemd package