diff -Nru systemd-235/debian/changelog systemd-235/debian/changelog --- systemd-235/debian/changelog 2017-11-21 16:41:15.000000000 +0000 +++ systemd-235/debian/changelog 2017-12-12 13:30:21.000000000 +0000 @@ -1,3 +1,13 @@ +systemd (235-3ubuntu3) bionic; urgency=medium + + * netwokrd: add support for RequiredForOnline stanza. (LP: #1737570) + * resolved.service: set DefaultDependencies=no (LP: #1734167) + * systemd.postinst: enable persistent journal. (LP: #1618188) + * core: add support for non-writable unified cgroup hierarchy for container support. + (LP: #1734410) + + -- Dimitri John Ledkov Tue, 12 Dec 2017 13:25:32 +0000 + systemd (235-3ubuntu2) bionic; urgency=medium * systemd-fsckd: Fix ADT tests to work on s390x too. diff -Nru systemd-235/debian/patches/Add-a-RequiredForOnline-Link-attribute-for-.network-files.patch systemd-235/debian/patches/Add-a-RequiredForOnline-Link-attribute-for-.network-files.patch --- systemd-235/debian/patches/Add-a-RequiredForOnline-Link-attribute-for-.network-files.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-235/debian/patches/Add-a-RequiredForOnline-Link-attribute-for-.network-files.patch 2017-12-12 13:29:31.000000000 +0000 @@ -0,0 +1,189 @@ +From: Mathieu Trudel-Lapierre +Date: Thu, 30 Nov 2017 12:03:50 -0500 +Subject: Add a "RequiredForOnline=" Link attribute for .network files (#7347) + +RequiredForOnline= denotes a link/network that does/does not require being up +for systemd-networkd-wait-online to consider the system online; this makes it +possible to ignore devices without modifying parameters to wait-online. +(cherry picked from commit c1a3890410f043fe09af8b139eb6bfe2832089be) +--- + man/systemd.network.xml | 15 +++++++++++++++ + src/libsystemd/sd-network/sd-network.c | 15 +++++++++++++++ + src/network/networkd-link.c | 3 +++ + src/network/networkd-network-gperf.gperf | 1 + + src/network/networkd-network.c | 1 + + src/network/networkd-network.h | 2 ++ + src/network/wait-online/link.c | 2 ++ + src/network/wait-online/link.h | 2 +- + src/network/wait-online/manager.c | 3 +++ + src/systemd/sd-network.h | 8 ++++++++ + 10 files changed, 51 insertions(+), 1 deletion(-) + +diff --git a/man/systemd.network.xml b/man/systemd.network.xml +index b175967..ba7631c 100644 +--- a/man/systemd.network.xml ++++ b/man/systemd.network.xml +@@ -250,6 +250,21 @@ + controlled by other applications. + + ++ ++ RequiredForOnline= ++ ++ A boolean. When yes, the network is deemed ++ required when determining whether the system is online when running ++ systemd-networkd-wait-online. ++ When no, the network is ignored when checking for ++ online state. Defaults to yes. ++ The network will be brought up normally in all cases, but in ++ the event that there is no address being assigned by DHCP or the ++ cable is not plugged in, the link will simply remain offline and be ++ skipped automatically by systemd-networkd-wait-online ++ if RequiredForOnline=true. ++ ++ + + + +diff --git a/src/libsystemd/sd-network/sd-network.c b/src/libsystemd/sd-network/sd-network.c +index 41b97ca..ca23687 100644 +--- a/src/libsystemd/sd-network/sd-network.c ++++ b/src/libsystemd/sd-network/sd-network.c +@@ -171,6 +171,21 @@ _public_ int sd_network_link_get_operational_state(int ifindex, char **state) { + return network_link_get_string(ifindex, "OPER_STATE", state); + } + ++_public_ int sd_network_link_get_required_for_online(int ifindex) { ++ _cleanup_free_ char *s = NULL; ++ int r; ++ ++ r = network_link_get_string(ifindex, "REQUIRED_FOR_ONLINE", &s); ++ if (r < 0) { ++ /* Handle -ENODATA as RequiredForOnline=yes, for compatibility */ ++ if (r == -ENODATA) ++ return true; ++ return r; ++ } ++ ++ return parse_boolean(s); ++} ++ + _public_ int sd_network_link_get_llmnr(int ifindex, char **llmnr) { + return network_link_get_string(ifindex, "LLMNR", llmnr); + } +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 6b59127..f356d37 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -3372,6 +3372,9 @@ int link_save(Link *link) { + char **dhcp_domains = NULL; + unsigned j; + ++ fprintf(f, "REQUIRED_FOR_ONLINE=%s\n", ++ yes_no(link->network->required_for_online)); ++ + if (link->dhcp6_client) { + r = sd_dhcp6_client_get_lease(link->dhcp6_client, &dhcp6_lease); + if (r < 0 && r != -ENOMSG) +diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf +index af39d77..ee58fb5 100644 +--- a/src/network/networkd-network-gperf.gperf ++++ b/src/network/networkd-network-gperf.gperf +@@ -30,6 +30,7 @@ Link.MACAddress, config_parse_hwaddr, + Link.MTUBytes, config_parse_iec_size, 0, offsetof(Network, mtu) + Link.ARP, config_parse_tristate, 0, offsetof(Network, arp) + Link.Unmanaged, config_parse_bool, 0, offsetof(Network, unmanaged) ++Link.RequiredForOnline, config_parse_bool, 0, offsetof(Network, required_for_online) + Network.Description, config_parse_string, 0, offsetof(Network, description) + Network.Bridge, config_parse_netdev, 0, offsetof(Network, bridge) + Network.Bond, config_parse_netdev, 0, offsetof(Network, bond) +diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c +index 3a7eb2c..1738b5e 100644 +--- a/src/network/networkd-network.c ++++ b/src/network/networkd-network.c +@@ -204,6 +204,7 @@ static int network_load_one(Manager *manager, const char *filename) { + + *d = '\0'; + ++ network->required_for_online = true; + network->dhcp = ADDRESS_FAMILY_NO; + network->dhcp_use_ntp = true; + network->dhcp_use_dns = true; +diff --git a/src/network/networkd-network.h b/src/network/networkd-network.h +index 9fb0eae..aa12e18 100644 +--- a/src/network/networkd-network.h ++++ b/src/network/networkd-network.h +@@ -212,6 +212,8 @@ struct Network { + uint32_t iaid; + DUID duid; + ++ bool required_for_online; /* Is this network required to be considered online? */ ++ + LLDPMode lldp_mode; /* LLDP reception */ + LLDPEmit lldp_emit; /* LLDP transmission */ + +diff --git a/src/network/wait-online/link.c b/src/network/wait-online/link.c +index bd8578c..49975e6 100644 +--- a/src/network/wait-online/link.c ++++ b/src/network/wait-online/link.c +@@ -120,6 +120,8 @@ int link_update_rtnl(Link *l, sd_netlink_message *m) { + int link_update_monitor(Link *l) { + assert(l); + ++ l->required_for_online = sd_network_link_get_required_for_online(l->ifindex) != 0; ++ + l->operational_state = mfree(l->operational_state); + + sd_network_link_get_operational_state(l->ifindex, &l->operational_state); +diff --git a/src/network/wait-online/link.h b/src/network/wait-online/link.h +index c846e60..5933d6d 100644 +--- a/src/network/wait-online/link.h ++++ b/src/network/wait-online/link.h +@@ -32,6 +32,7 @@ struct Link { + char *ifname; + unsigned flags; + ++ bool required_for_online; + char *operational_state; + char *state; + }; +@@ -40,6 +41,5 @@ int link_new(Manager *m, Link **ret, int ifindex, const char *ifname); + Link *link_free(Link *l); + int link_update_rtnl(Link *l, sd_netlink_message *m); + int link_update_monitor(Link *l); +-bool link_relevant(Link *l); + + DEFINE_TRIVIAL_CLEANUP_FUNC(Link*, link_free); +diff --git a/src/network/wait-online/manager.c b/src/network/wait-online/manager.c +index d51b0a5..1f621f6 100644 +--- a/src/network/wait-online/manager.c ++++ b/src/network/wait-online/manager.c +@@ -41,6 +41,9 @@ bool manager_ignore_link(Manager *m, Link *link) { + if (m->interfaces && !strv_contains(m->interfaces, link->ifname)) + return true; + ++ if (!link->required_for_online) ++ return true; ++ + /* ignore interfaces we explicitly are asked to ignore */ + return strv_fnmatch(m->ignore, link->ifname, 0); + } +diff --git a/src/systemd/sd-network.h b/src/systemd/sd-network.h +index 0f13e2b..2a3495a 100644 +--- a/src/systemd/sd-network.h ++++ b/src/systemd/sd-network.h +@@ -94,6 +94,14 @@ int sd_network_link_get_setup_state(int ifindex, char **state); + */ + int sd_network_link_get_operational_state(int ifindex, char **state); + ++/* Indicates whether the network is relevant to being online. ++ * Possible return codes: ++ * 0: the connection is not required ++ * 1: the connection is required to consider the system online ++ * <0: networkd is not aware of the link ++ */ ++int sd_network_link_get_required_for_online(int ifindex); ++ + /* Get path to .network file applied to link */ + int sd_network_link_get_network_file(int ifindex, char **filename); + diff -Nru systemd-235/debian/patches/cgroup-check-whether-unified-hierarchy-is-writable.patch systemd-235/debian/patches/cgroup-check-whether-unified-hierarchy-is-writable.patch --- systemd-235/debian/patches/cgroup-check-whether-unified-hierarchy-is-writable.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-235/debian/patches/cgroup-check-whether-unified-hierarchy-is-writable.patch 2017-12-12 13:29:31.000000000 +0000 @@ -0,0 +1,74 @@ +From: Christian Brauner +Date: Wed, 22 Nov 2017 17:20:35 +0100 +Subject: cgroup: check whether unified hierarchy is writable + +When systemd is running inside a container employing user +namespaces it currently mounts the unified cgroup hierarchy +without being able to write to it. This causes systemd to +freeze during boot. +This patch checks whether the unified cgroup hierarchy +is writable. If it is not it will not mount it. + +This solution is based on a patch by Evgeny Vereshchagin. + +Closes #6408. +Closes https://github.com/lxc/lxc/issues/1678 . + +(cherry picked from commit e07aefbd675b651f8d45b5fb458f2747b04d6e04) +--- + src/core/mount-setup.c | 20 +++++++++++++++----- + 1 file changed, 15 insertions(+), 5 deletions(-) + +diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c +index 3d7831d..48acae4 100644 +--- a/src/core/mount-setup.c ++++ b/src/core/mount-setup.c +@@ -28,6 +28,7 @@ + #include "cgroup-util.h" + #include "dev-setup.h" + #include "efivars.h" ++#include "fileio.h" + #include "fs-util.h" + #include "label.h" + #include "log.h" +@@ -45,9 +46,10 @@ + #include "virt.h" + + typedef enum MountMode { +- MNT_NONE = 0, +- MNT_FATAL = 1 << 0, +- MNT_IN_CONTAINER = 1 << 1, ++ MNT_NONE = 0, ++ MNT_FATAL = 1 << 0, ++ MNT_IN_CONTAINER = 1 << 1, ++ MNT_CHECK_WRITABLE = 1 << 2, + } MountMode; + + typedef struct MountPoint { +@@ -102,9 +104,9 @@ static const MountPoint mount_table[] = { + { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, + cg_is_legacy_wanted, MNT_FATAL|MNT_IN_CONTAINER }, + { "cgroup", "/sys/fs/cgroup/unified", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV, +- cg_is_hybrid_wanted, MNT_IN_CONTAINER }, ++ cg_is_hybrid_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE }, + { "cgroup", "/sys/fs/cgroup/unified", "cgroup2", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, +- cg_is_hybrid_wanted, MNT_IN_CONTAINER }, ++ cg_is_hybrid_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE }, + { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd,xattr", MS_NOSUID|MS_NOEXEC|MS_NODEV, + cg_is_legacy_wanted, MNT_IN_CONTAINER }, + { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, +@@ -201,6 +203,14 @@ static int mount_one(const MountPoint *p, bool relabel) { + if (relabel) + (void) label_fix(p->where, false, false); + ++ if (p->mode & MNT_CHECK_WRITABLE) { ++ r = access(p->where, W_OK); ++ if (r < 0) { ++ (void) umount(p->where); ++ return (p->mode & MNT_FATAL) ? r : 0; ++ } ++ } ++ + return 1; + } + diff -Nru systemd-235/debian/patches/cgroup-test-whether-pure-unified-hierarchy-is-writable.patch systemd-235/debian/patches/cgroup-test-whether-pure-unified-hierarchy-is-writable.patch --- systemd-235/debian/patches/cgroup-test-whether-pure-unified-hierarchy-is-writable.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-235/debian/patches/cgroup-test-whether-pure-unified-hierarchy-is-writable.patch 2017-12-12 13:29:31.000000000 +0000 @@ -0,0 +1,27 @@ +From: Christian Brauner +Date: Wed, 22 Nov 2017 17:27:03 +0100 +Subject: cgroup: test whether pure unified hierarchy is writable + +If it is not writable we should not mount it. + +(cherry picked from commit 2d56b80a1855836abf1d7458394c345ad9d55382) +--- + src/core/mount-setup.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c +index 48acae4..fe1f987 100644 +--- a/src/core/mount-setup.c ++++ b/src/core/mount-setup.c +@@ -98,9 +98,9 @@ static const MountPoint mount_table[] = { + { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "cgroup", "/sys/fs/cgroup", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV, +- cg_is_unified_wanted, MNT_IN_CONTAINER }, ++ cg_is_unified_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE }, + { "cgroup", "/sys/fs/cgroup", "cgroup2", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, +- cg_is_unified_wanted, MNT_IN_CONTAINER }, ++ cg_is_unified_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE }, + { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, + cg_is_legacy_wanted, MNT_FATAL|MNT_IN_CONTAINER }, + { "cgroup", "/sys/fs/cgroup/unified", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV, diff -Nru systemd-235/debian/patches/core-remove-empty-cgroups-7457.patch systemd-235/debian/patches/core-remove-empty-cgroups-7457.patch --- systemd-235/debian/patches/core-remove-empty-cgroups-7457.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-235/debian/patches/core-remove-empty-cgroups-7457.patch 2017-12-12 13:29:31.000000000 +0000 @@ -0,0 +1,22 @@ +From: Christian Brauner +Date: Fri, 24 Nov 2017 21:05:16 +0100 +Subject: core: remove empty cgroups (#7457) + +When we skip an unwritable cgroup also remove the empty mountpoint. +(cherry picked from commit 1ff654e28b7b8e7d0a0be33522a84069ac6b07c0) +--- + src/core/mount-setup.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c +index fe1f987..d930a2f 100644 +--- a/src/core/mount-setup.c ++++ b/src/core/mount-setup.c +@@ -207,6 +207,7 @@ static int mount_one(const MountPoint *p, bool relabel) { + r = access(p->where, W_OK); + if (r < 0) { + (void) umount(p->where); ++ (void) rmdir(p->where); + return (p->mode & MNT_FATAL) ? r : 0; + } + } diff -Nru systemd-235/debian/patches/debian/don-t-try-to-start-autovt-units-when-not-running-wit.patch systemd-235/debian/patches/debian/don-t-try-to-start-autovt-units-when-not-running-wit.patch --- systemd-235/debian/patches/debian/don-t-try-to-start-autovt-units-when-not-running-wit.patch 2017-11-21 09:08:51.000000000 +0000 +++ systemd-235/debian/patches/debian/don-t-try-to-start-autovt-units-when-not-running-wit.patch 2017-12-12 13:29:31.000000000 +0000 @@ -1,7 +1,7 @@ From: Michael Stapelberg Date: Sat, 21 Dec 2013 18:49:10 +0100 -Subject: =?utf-8?q?don=E2=80=99t_try_to_start_autovt_units_when_not_running?= - =?utf-8?q?_with_systemd_as_pid_1?= +Subject: =?utf-8?q?don=E2=80=99t_try_to_start_autovt_units_when_not_runnin?= + =?utf-8?q?g_with_systemd_as_pid_1?= Closes: #726466 --- diff -Nru systemd-235/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch systemd-235/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch --- systemd-235/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch 2017-11-21 09:08:15.000000000 +0000 +++ systemd-235/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch 2017-12-12 13:29:31.000000000 +0000 @@ -16,17 +16,17 @@ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c -index 3d7831d..e24a4b6 100644 +index d930a2f..5dab453 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c -@@ -95,6 +95,8 @@ static const MountPoint mount_table[] = { +@@ -97,6 +97,8 @@ static const MountPoint mount_table[] = { #endif { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "tmpfs", "/run/lock", "tmpfs", "mode=1777,size=5242880", MS_NOSUID|MS_NODEV|MS_NOEXEC, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, { "cgroup", "/sys/fs/cgroup", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV, - cg_is_unified_wanted, MNT_IN_CONTAINER }, + cg_is_unified_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE }, { "cgroup", "/sys/fs/cgroup", "cgroup2", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, diff --git a/tmpfiles.d/legacy.conf b/tmpfiles.d/legacy.conf index 62e2ae0..ea5e735 100644 diff -Nru systemd-235/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch systemd-235/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch --- systemd-235/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch 2017-11-21 09:08:51.000000000 +0000 +++ systemd-235/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch 2017-12-12 13:29:31.000000000 +0000 @@ -1,8 +1,8 @@ From: Martin Pitt Date: Mon, 27 Apr 2015 15:29:13 +0200 Subject: Revert "core: one step back again, - for nspawn we actually can't wait for cgroups running empty since systemd - will get exactly zero notifications about it" + for nspawn we actually can't wait for cgroups running empty since + systemd will get exactly zero notifications about it" This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7. diff -Nru systemd-235/debian/patches/debian/Revert-tests-when-running-a-manager-object-in-a-test-migr.patch systemd-235/debian/patches/debian/Revert-tests-when-running-a-manager-object-in-a-test-migr.patch --- systemd-235/debian/patches/debian/Revert-tests-when-running-a-manager-object-in-a-test-migr.patch 2017-11-21 09:08:51.000000000 +0000 +++ systemd-235/debian/patches/debian/Revert-tests-when-running-a-manager-object-in-a-test-migr.patch 2017-12-12 13:29:31.000000000 +0000 @@ -106,7 +106,7 @@ libshared], [threads, diff --git a/src/test/test-bpf.c b/src/test/test-bpf.c -index 74e9d50..7dcabe2 100644 +index d284583..a2b8c2f 100644 --- a/src/test/test-bpf.c +++ b/src/test/test-bpf.c @@ -27,7 +27,6 @@ diff -Nru systemd-235/debian/patches/debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch systemd-235/debian/patches/debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch --- systemd-235/debian/patches/debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch 2017-11-21 09:08:51.000000000 +0000 +++ systemd-235/debian/patches/debian/Ubuntu-core-in-execute-soft-fail-setting-Nice-priority-when.patch 2017-12-12 13:29:31.000000000 +0000 @@ -11,10 +11,10 @@ 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/core/execute.c b/src/core/execute.c -index c4dfac9..03fff99 100644 +index 36dbc28..749ed32 100644 --- a/src/core/execute.c +++ b/src/core/execute.c -@@ -2901,11 +2901,17 @@ static int exec_child( +@@ -2905,11 +2905,17 @@ static int exec_child( } } diff -Nru systemd-235/debian/patches/debian/UBUNTU-core-unlink-the-invocation-id-key-if-cannot-change-keyrin.patch systemd-235/debian/patches/debian/UBUNTU-core-unlink-the-invocation-id-key-if-cannot-change-keyrin.patch --- systemd-235/debian/patches/debian/UBUNTU-core-unlink-the-invocation-id-key-if-cannot-change-keyrin.patch 2017-11-21 09:08:51.000000000 +0000 +++ systemd-235/debian/patches/debian/UBUNTU-core-unlink-the-invocation-id-key-if-cannot-change-keyrin.patch 2017-12-12 13:29:31.000000000 +0000 @@ -36,7 +36,7 @@ #define KEYCTL_READ 11 #endif diff --git a/src/core/execute.c b/src/core/execute.c -index 03fff99..e6512b9 100644 +index 749ed32..e1b31b9 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -2399,12 +2399,15 @@ static int setup_keyring( diff -Nru systemd-235/debian/patches/debian/Ubuntu-resolved-resolvconf-integration.patch systemd-235/debian/patches/debian/Ubuntu-resolved-resolvconf-integration.patch --- systemd-235/debian/patches/debian/Ubuntu-resolved-resolvconf-integration.patch 2017-11-21 09:08:15.000000000 +0000 +++ systemd-235/debian/patches/debian/Ubuntu-resolved-resolvconf-integration.patch 2017-12-12 13:29:31.000000000 +0000 @@ -151,10 +151,10 @@ +Type=oneshot +ExecStart=+-/bin/sh -c 'cat /run/systemd/resolve/stub-resolv.conf | /sbin/resolvconf -a systemd-resolved' diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in -index cda83ee..b75030a 100644 +index 4b5cc83..f77427d 100644 --- a/units/systemd-resolved.service.in +++ b/units/systemd-resolved.service.in -@@ -14,6 +14,7 @@ Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver +@@ -15,6 +15,7 @@ DefaultDependencies=no After=systemd-networkd.service network.target Before=network-online.target nss-lookup.target Wants=nss-lookup.target diff -Nru systemd-235/debian/patches/debian/Ubuntu-UseDomains-by-default.patch systemd-235/debian/patches/debian/Ubuntu-UseDomains-by-default.patch --- systemd-235/debian/patches/debian/Ubuntu-UseDomains-by-default.patch 2017-11-21 09:08:15.000000000 +0000 +++ systemd-235/debian/patches/debian/Ubuntu-UseDomains-by-default.patch 2017-12-12 13:29:31.000000000 +0000 @@ -23,10 +23,10 @@ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/man/systemd.network.xml b/man/systemd.network.xml -index b175967..2e3f6d7 100644 +index ba7631c..56a925d 100644 --- a/man/systemd.network.xml +++ b/man/systemd.network.xml -@@ -282,7 +282,7 @@ +@@ -297,7 +297,7 @@ IPv6AcceptRA=. Furthermore, note that by default the domain name @@ -35,7 +35,7 @@ See option below. See the [DHCP] section below for further configuration options for the DHCP client -@@ -1117,7 +1117,7 @@ +@@ -1132,7 +1132,7 @@ the setting. If set to route, the domain name received from the DHCP server will be used for routing DNS queries only, but not for searching, similar to the effect of the setting when the argument is prefixed with ~. Defaults to @@ -44,7 +44,7 @@ It is recommended to enable this option only on trusted networks, as setting this affects resolution of all host names, in particular of single-label names. It is generally safer to use the supplied domain -@@ -1266,7 +1266,7 @@ +@@ -1281,7 +1281,7 @@ the effect of the setting. If set to route, the domain name received via IPv6 RA will be used for routing DNS queries only, but not for searching, similar to the effect of the setting when the argument is prefixed with @@ -54,10 +54,10 @@ It is recommended to enable this option only on trusted networks, as setting this affects resolution of all host names, in particular of single-label names. It is generally safer to use the supplied domain diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c -index 3a7eb2c..cab7d02 100644 +index 1738b5e..348a8a2 100644 --- a/src/network/networkd-network.c +++ b/src/network/networkd-network.c -@@ -212,6 +212,7 @@ static int network_load_one(Manager *manager, const char *filename) { +@@ -213,6 +213,7 @@ static int network_load_one(Manager *manager, const char *filename) { network->dhcp_use_routes = true; /* NOTE: this var might be overwriten by network_apply_anonymize_if_set */ network->dhcp_send_hostname = true; @@ -65,7 +65,7 @@ /* To enable/disable RFC7844 Anonymity Profiles */ network->dhcp_anonymize = false; network->dhcp_route_metric = DHCP_ROUTE_METRIC; -@@ -255,6 +256,7 @@ static int network_load_one(Manager *manager, const char *filename) { +@@ -256,6 +257,7 @@ static int network_load_one(Manager *manager, const char *filename) { network->proxy_arp = -1; network->arp = -1; network->ipv6_accept_ra_use_dns = true; diff -Nru systemd-235/debian/patches/resolved.service-set-DefaultDependencies-no.patch systemd-235/debian/patches/resolved.service-set-DefaultDependencies-no.patch --- systemd-235/debian/patches/resolved.service-set-DefaultDependencies-no.patch 1970-01-01 00:00:00.000000000 +0000 +++ systemd-235/debian/patches/resolved.service-set-DefaultDependencies-no.patch 2017-12-12 13:29:31.000000000 +0000 @@ -0,0 +1,30 @@ +From: Dimitri John Ledkov +Date: Mon, 11 Dec 2017 18:27:49 +0000 +Subject: resolved.service: set DefaultDependencies=no + +On systems that only use resolved for name resolution, there are usecases that +require resolved to be started before sysinit target, such that network name +resolution is available before network-online/sysinit targets. For example, +cloud-init for some datasources hooks into the boot process ahead of sysinit +target and may need network name resolution at that point already. + +systemd-resolved already starts pretty early in the process, thus starting it +slightly earlier should not have negative side effects. + +(cherry picked from commit db8b78afec7f52219ef0646c1988431c78dd6d24) +--- + units/systemd-resolved.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in +index cda83ee..4b5cc83 100644 +--- a/units/systemd-resolved.service.in ++++ b/units/systemd-resolved.service.in +@@ -11,6 +11,7 @@ Documentation=man:systemd-resolved.service(8) + Documentation=https://www.freedesktop.org/wiki/Software/systemd/resolved + Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers + Documentation=https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients ++DefaultDependencies=no + After=systemd-networkd.service network.target + Before=network-online.target nss-lookup.target + Wants=nss-lookup.target diff -Nru systemd-235/debian/patches/series systemd-235/debian/patches/series --- systemd-235/debian/patches/series 2017-11-21 09:08:15.000000000 +0000 +++ systemd-235/debian/patches/series 2017-12-12 13:29:31.000000000 +0000 @@ -13,6 +13,11 @@ test-switch-to-using-ext4-instead-of-ext3-as-default-fall.patch test-bpf-use-bin-ping-path-7276.patch test-process-util-fails-to-verify-cmdline-changes-in-unpr.patch +Add-a-RequiredForOnline-Link-attribute-for-.network-files.patch +resolved.service-set-DefaultDependencies-no.patch +cgroup-check-whether-unified-hierarchy-is-writable.patch +cgroup-test-whether-pure-unified-hierarchy-is-writable.patch +core-remove-empty-cgroups-7457.patch debian/Use-Debian-specific-config-files.patch debian/don-t-try-to-start-autovt-units-when-not-running-wit.patch debian/Make-logind-hostnamed-localed-timedated-D-Bus-activa.patch diff -Nru systemd-235/debian/systemd.postinst systemd-235/debian/systemd.postinst --- systemd-235/debian/systemd.postinst 2017-11-21 08:53:15.000000000 +0000 +++ systemd-235/debian/systemd.postinst 2017-12-11 18:48:26.000000000 +0000 @@ -122,6 +122,12 @@ # Setup system users and groups addgroup --quiet --system systemd-journal +# Enable persistent journal, in auto-mode, by default on new installs installs and upgrades +if dpkg --compare-versions "$2" lt "235-3ubuntu3~"; then + mkdir -p /var/log/journal + systemd-tmpfiles --create --prefix /var/log/journal +fi + adduser --quiet --system --group --no-create-home --home /run/systemd \ --gecos "systemd Time Synchronization" systemd-timesync adduser --quiet --system --group --no-create-home --home /run/systemd/netif \