ZhuningOS/util-linux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Initialize for util-linux

Browse source
This commit is contained in:
zyppe 2024-02-09 18:07:47 +08:00
commit 988c48f54d
38 changed files with 6892 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
util-linux-2.37.4.tar.sign
util-linux-2.37.4.tar.xz

2
.util-linux.metadata Normal file
View file

@ -0,0 +1,2 @@
a8bb6d3f4061c570cd55e7ec471883243acaaff75bac5ff89a84eeea58e59ccf util-linux-2.37.4.tar.sign
391928b7813d6a019a8a10ba5074ccd023addd188fbe28ba3ed717dbad3aa734 util-linux-2.37.4.tar.xz

54
Add-documentation-on-blacklisted-modules-to-mount-8-.patch Normal file
View file

@ -0,0 +1,54 @@
From 1ade50a36f23fc35abb465aa5b7cfc73b2476328 Mon Sep 17 00:00:00 2001
From: Martin Wilck <mwilck@suse.com>
Date: Fri, 1 Feb 2019 12:09:11 +0100
Subject: [PATCH] Add documentation on blacklisted modules to mount(8) man page
Signed-off-by: Martin Wilck <mwilck@suse.com>
---
sys-utils/mount.8 | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
Index: util-linux-2.37.2/sys-utils/mount.8
===================================================================
--- util-linux-2.37.2.orig/sys-utils/mount.8
+++ util-linux-2.37.2/sys-utils/mount.8
@@ -203,6 +203,32 @@ Note that \fBmount\fP is very strict abo
Since util\-linux 2.35, \fBmount\fP does not exit when user permissions are inadequate according to libmount\(cqs internal security rules. Instead, it drops suid permissions and continues as regular non\-root user. This behavior supports use\-cases where root permissions are not necessary (e.g., fuse filesystems, user namespaces, etc).
.sp
For more details, see \fBfstab\fP(5). Only the user that mounted a filesystem can unmount it again. If any user should be able to unmount it, then use \fBusers\fP instead of \fBuser\fP in the \fIfstab\fP line. The \fBowner\fP option is similar to the \fBuser\fP option, with the restriction that the user must be the owner of the special file. This may be useful e.g. for \fI/dev/fd\fP if a login script makes the console user owner of this device. The \fBgroup\fP option is similar, with the restriction that the user must be a member of the group of the special file.
+.SS Blacklisted file systems
+In the Linux kernel, file system types are implemented as kernel
+modules. While many of these file systems are well maintained,
+some of the older and less frequently used ones are not. This
+poses a security risk, because maliciously crafted file system
+images might open security holes when mounted either automatically
+or by an inadvertent user. The
+.B mount
+command prints "unsupported file system type 'somefs'" in this case,
+because it can't distinguish between a really unsupported file system
+(kernel module non-existent) and a blacklisted file system.
+
+Users who need the blacklisted file systems and therefore want
+to override the blacklisting can either load the blacklisted module
+directly:
+.RS
+
+.br
+.BI "modprobe -v" " somefs"
+.br
+
+.RE
+or override the blacklist configuration by editing files under the
+.I /etc/modprobe.d
+directory.
+
.SS "Bind mount operation"
.sp
Remount part of the file hierarchy somewhere else. The call is:
@@ -2396,4 +2422,4 @@ For bug reports, use the issue tracker a
.SH "AVAILABILITY"
.sp
The \fBmount\fP command is part of the util\-linux package which can be downloaded from \c
-.URL "https://www.kernel.org/pub/linux/utils/util\-linux/" "Linux Kernel Archive" "."
\ No newline at end of file
+.URL "https://www.kernel.org/pub/linux/utils/util\-linux/" "Linux Kernel Archive" "."

20
baselibs.conf Normal file
View file

@ -0,0 +1,20 @@
libblkid1
libblkid-devel
requires -libblkid-<targettype>
requires "libblkid1-<targettype> = <version>"
libfdisk1
libfdisk-devel
requires -libfdisk-<targettype>
requires "libfdisk1-<targettype> = <version>"
libmount1
libmount-devel
requires -libmount-<targettype>
requires "libmount1-<targettype> = <version>"
libsmartcols1
libsmartcols-devel
requires -libsmartcols-<targettype>
requires "libsmartcols1-<targettype> = <version>"
libuuid1
libuuid-devel
requires -libuuid-<targettype>
requires "libuuid1-<targettype> = <version>"

5
blkid.conf Normal file
View file

@ -0,0 +1,5 @@
# do not keep cache file across reboots
CACHE_FILE=/dev/.blkid.tab
# never try to sequentially scan all devices in /dev
EVALUATE=udev

31
blockdev-remove-nbsp.patch Normal file
View file

@ -0,0 +1,31 @@
From c4a543ff6c9c81209047a78bac47f5aec2e541ef Mon Sep 17 00:00:00 2001
From: Chris Hofstaedtler <zeha@debian.org>
Date: Mon, 18 Oct 2021 07:40:01 +0000
Subject: [PATCH] blockdev: remove accidental non-breaking spaces
commit 9147d2ad8abb73cea5799323fc73ccdaf675826f introduced these
C2A0 spaces, but without saying anything. Likely this was an
accident.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=996751
Signed-off-by: Chris Hofstaedtler <zeha@debian.org>
---
disk-utils/blockdev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/disk-utils/blockdev.c b/disk-utils/blockdev.c
index c16cb1095..6721560f6 100644
--- a/disk-utils/blockdev.c
+++ b/disk-utils/blockdev.c
@@ -491,7 +491,7 @@ static void report_device(char *device, int quiet)
ioctl(fd, BLKSSZGET, &ssz) == 0 &&
ioctl(fd, BLKBSZGET, &bsz) == 0 &&
blkdev_get_size(fd, &bytes) == 0) {
- printf("%s %5ld %5d %5d %s %15lld   %s\n",
+ printf("%s %5ld %5d %5d %s %15lld %s\n",
ro ? "ro" : "rw", ra, ssz, bsz, start_str, bytes, device);
} else {
if (!quiet)
--
2.34.1

5
etc_filesystems Normal file
View file

@ -0,0 +1,5 @@
vfat
hfs
minix
reiserfs
*

78
libmount-print-a-blacklist-hint-for-unknown-filesyst.patch Normal file
View file

@ -0,0 +1,78 @@
From 199ae08b4df09ec4ce9d82584664e61bcb7ab91a Mon Sep 17 00:00:00 2001
From: Martin Wilck <mwilck@suse.com>
Date: Fri, 1 Feb 2019 11:36:42 +0100
Subject: [PATCH 1/2] libmount: print a blacklist hint for "unknown filesystem
type"
SUSE blacklists kernel modules for some old, poorly maintained
file systems by default for security reasons. Provide a hopefully
helpful message to users if mounting a possibly blacklisted file
system fails.
Signed-off-by: Martin Wilck <mwilck@suse.com>
---
libmount/src/context_mount.c | 41 ++++++++++++++++++++++++++++++++----
1 file changed, 37 insertions(+), 4 deletions(-)
diff --git a/libmount/src/context_mount.c b/libmount/src/context_mount.c
index f914c9b..a48483f 100644
--- a/libmount/src/context_mount.c
+++ b/libmount/src/context_mount.c
@@ -1423,6 +1423,32 @@ done:
return rc;
}
+/*
+ * SUSE blacklists kernel modules for some old, poorly maintained
+ * file systems by default for security reasons.
+ * A set of blacklist files is maintained under /etc/modprobe.d,
+ * in the suse-module-tools package.
+ * Blacklisted file system modules will cause mount(2) to fail
+ * with -ENODEV.
+ * If this happens for one of the blacklisted file systems, provide
+ * a hint to the user where to look.
+ */
+static int is_maybe_blacklisted(const char *fstype)
+{
+ static const char *const fs_blacklist[] = {
+ "adfs", "affs", "bfs", "befs", "cramfs", "efs", "erofs",
+ "exofs", "freevxfs", "f2fs", "hfs", "hpfs",
+ "jfs", "minix", "nilfs2", "ntfs", "omfs", "qnx4", "qnx6",
+ "sysv", "ufs"
+ };
+ size_t i;
+
+ for (i = 0; i < sizeof(fs_blacklist)/sizeof(*fs_blacklist); i++)
+ if (!strcmp(fs_blacklist[i], fstype))
+ return 1;
+ return 0;
+}
+
int mnt_context_get_mount_excode(
struct libmnt_context *cxt,
int rc,
@@ -1670,10 +1696,17 @@ int mnt_context_get_mount_excode(
case ENODEV:
if (!buf)
break;
- if (mnt_context_get_fstype(cxt))
- snprintf(buf, bufsz, _("unknown filesystem type '%s'"),
- mnt_context_get_fstype(cxt));
- else
+ if (mnt_context_get_fstype(cxt)) {
+ size_t n;
+
+ n = snprintf(buf, bufsz,
+ _("unknown filesystem type '%s'"),
+ mnt_context_get_fstype(cxt));
+ if (n < bufsz &&
+ is_maybe_blacklisted(mnt_context_get_fstype(cxt)))
+ snprintf(buf + n, bufsz - n,
+ " (hint: possibly blacklisted, see mount(8))");
+ } else
snprintf(buf, bufsz, _("unknown filesystem type"));
break;
--
2.19.2

54
linux-fs.patch Normal file
View file

@ -0,0 +1,54 @@
From 89c7c6ea6ef12722eac31c18b8fa6fbcf429525b Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 20 Jul 2022 16:55:02 +0200
Subject: [PATCH] sulogin: fix includes
* support --enable-sulogin-emergency-mount on Linux only
* don't include unnecessary linux/magic.h
* don't include linux/fs.h, sys/mount.h should be enough, otherwise
define a fallback for MS_RELATIME
Reported-by: Andreas Schwab <schwab@suse.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
configure.ac | 2 ++
login-utils/sulogin-consoles.c | 7 ++++---
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index 824e8bbd2..51deeecd4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2615,6 +2615,8 @@ AC_ARG_ENABLE([sulogin-emergency-mount],
)
AS_IF([test "x$enable_sulogin_emergency_mount" = xyes], [
+ AS_IF([test "x$linux_os" = xyes], [ ],
+ [AC_MSG_ERROR([--enable-sulogin-emergency-mount selected for non-linux system])])
AC_DEFINE([USE_SULOGIN_EMERGENCY_MOUNT], [1],
[Should sulogin use an emergency mount of /dev and /proc?])
])
diff --git a/login-utils/sulogin-consoles.c b/login-utils/sulogin-consoles.c
index 9ae4b2eba..9ae525556 100644
--- a/login-utils/sulogin-consoles.c
+++ b/login-utils/sulogin-consoles.c
@@ -41,10 +41,11 @@
#include <fcntl.h>
#include <unistd.h>
-#ifdef USE_SULOGIN_EMERGENCY_MOUNT
+#if defined(USE_SULOGIN_EMERGENCY_MOUNT)
# include <sys/mount.h>
-# include <linux/fs.h>
-# include <linux/magic.h>
+# ifndef MS_RELATIME
+# define MS_RELATIME (1<<21)
+# endif
# ifndef MNT_DETACH
# define MNT_DETACH 2
# endif
--
2.37.1

10
login.pamd Normal file
View file

@ -0,0 +1,10 @@
#%PAM-1.0
auth requisite pam_nologin.so
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session include common-session
#session optional pam_lastlog.so nowtmp showfailed
session optional pam_mail.so standard

145
make-sure-sbin-resp-usr-sbin-are-in-PATH.diff Normal file
View file

@ -0,0 +1,145 @@
Index: util-linux-2.31/login-utils/su-common.c
===================================================================
--- util-linux-2.31.orig/login-utils/su-common.c
+++ util-linux-2.31/login-utils/su-common.c
@@ -944,6 +944,117 @@ static void setenv_path(const struct pas
err(EXIT_FAILURE, _("failed to set the PATH environment variable"));
}
+/* Add or clear /sbin and /usr/sbin for the su command
+ used without `-'. */
+
+/* Set if /sbin is found in path. */
+#define SBIN_MASK 0x01
+/* Set if /usr/sbin is found in path. */
+#define USBIN_MASK 0x02
+
+static char *
+addsbin (const char *const path)
+{
+ unsigned char smask = 0;
+ char *ptr, *tmp, *cur, *ret = NULL;
+ size_t len;
+
+ if (!path || *path == 0)
+ return NULL;
+
+ tmp = xstrdup (path);
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr != NULL; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "/sbin"))
+ smask |= SBIN_MASK;
+ if (!strcmp (ptr, "/usr/sbin"))
+ smask |= USBIN_MASK;
+ }
+
+ if ((smask & (USBIN_MASK|SBIN_MASK)) == (USBIN_MASK|SBIN_MASK))
+ {
+ free (tmp);
+ return NULL;
+ }
+
+ len = strlen (path);
+ if (!(smask & USBIN_MASK))
+ len += strlen ("/usr/sbin:");
+
+ if (!(smask & SBIN_MASK))
+ len += strlen (":/sbin");
+
+ ret = xmalloc (len + 1);
+ strcpy (tmp, path);
+
+ *ret = 0;
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "."))
+ continue;
+ if (*ret)
+ strcat (ret, ":");
+ if (!(smask & USBIN_MASK) && !strcmp (ptr, "/bin"))
+ {
+ strcat (ret, "/usr/sbin:");
+ strcat (ret, ptr);
+ smask |= USBIN_MASK;
+ continue;
+ }
+ if (!(smask & SBIN_MASK) && !strcmp (ptr, "/usr/bin"))
+ {
+ strcat (ret, ptr);
+ strcat (ret, ":/sbin");
+ smask |= SBIN_MASK;
+ continue;
+ }
+ strcat (ret, ptr);
+ }
+ free (tmp);
+
+ if (!(smask & USBIN_MASK))
+ strcat (ret, ":/usr/sbin");
+
+ if (!(smask & SBIN_MASK))
+ strcat (ret, ":/sbin");
+
+ return ret;
+}
+
+static char *
+clearsbin (const char *const path)
+{
+ char *ptr, *tmp, *cur, *ret = NULL;
+
+ if (!path || *path == 0)
+ return NULL;
+
+ tmp = strdup (path);
+ if (!tmp)
+ return NULL;
+
+ ret = xmalloc (strlen (path) + 1);
+ *ret = 0;
+ cur = tmp;
+ for (ptr = strsep (&cur, ":"); ptr; ptr = strsep (&cur, ":"))
+ {
+ if (!strcmp (ptr, "/sbin"))
+ continue;
+ if (!strcmp (ptr, "/usr/sbin"))
+ continue;
+ if (!strcmp (ptr, "/usr/local/sbin"))
+ continue;
+ if (*ret)
+ strcat (ret, ":");
+ strcat (ret, ptr);
+ }
+ free (tmp);
+
+ return ret;
+}
+
static void modify_environment(struct su_context *su, const char *shell)
{
const struct passwd *pw = su->pwd;
@@ -982,6 +1093,22 @@ static void modify_environment(struct su
if (getlogindefs_bool("ALWAYS_SET_PATH", 0))
setenv_path(pw);
+ else
+ {
+ char const *path = getenv ("PATH");
+ char *new = NULL;
+
+ if (pw->pw_uid)
+ new = clearsbin (path);
+ else
+ new = addsbin (path);
+
+ if (new)
+ {
+ xsetenv ("PATH", new, 1);
+ free (new);
+ }
+ }
if (pw->pw_uid) {
xsetenv("USER", pw->pw_name, 1);

13
remote.pamd Normal file
View file

@ -0,0 +1,13 @@
#%PAM-1.0
# This file is used by /bin/login in case of remote logins (means where
# the -h option is used).
auth requisite pam_nologin.so
auth [user_unknown=ignore success=ok ignore=ignore auth_err=die default=bad] pam_securetty.so
auth include common-auth
account include common-account
password include common-password
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
session include common-session
session optional pam_lastlog.so nowtmp showfailed
session optional pam_mail.so standard

7
runuser-l.pamd Normal file
View file

@ -0,0 +1,7 @@
#%PAM-1.0
# Note that runuser requires only "session" setting (and for example
# "auth sufficient pam_rootok.so" dummy line).
auth sufficient pam_rootok.so
session optional pam_keyinit.so force revoke
session include common-session
session optional pam_xauth.so

7
runuser.pamd Normal file
View file

@ -0,0 +1,7 @@
#%PAM-1.0
# Note that runuser requires only "session" setting (and for example
# "auth sufficient pam_rootok.so" dummy line).
auth sufficient pam_rootok.so
session optional pam_keyinit.so revoke
session include common-session
session optional pam_xauth.so

9
su-l.pamd Normal file
View file

@ -0,0 +1,9 @@
#%PAM-1.0
auth sufficient pam_rootok.so
auth include common-auth
account sufficient pam_rootok.so
account include common-account
password include common-password
session optional pam_keyinit.so force revoke
session include common-session
session optional pam_xauth.so

6
su.default Normal file
View file

@ -0,0 +1,6 @@
# /etc/default/su is an override of /etc/login.defs for su.
# See /etc/login.defs and su(1) for more.
#
# List of supported variables:
# ALWAYS_SET_PATH, ENV_PATH, ENV_ROOTPATH, ENV_SUPATH, FAIL_DELAY
#

8
su.pamd Normal file
View file

@ -0,0 +1,8 @@
#%PAM-1.0
auth sufficient pam_rootok.so
auth include common-auth
account sufficient pam_rootok.so
account include common-account
password include common-password
session include common-session
session optional pam_xauth.so

104
util-linux-agetty-resolve-tty-if-stdin-is-specified.patch Normal file
View file

@ -0,0 +1,104 @@
From 47831cc02ac0d71c335caecef1753f4c8861277c Mon Sep 17 00:00:00 2001
From: tamz <totemz@protonmail.com>
Date: Thu, 6 Jan 2022 11:56:58 +0100
Subject: [PATCH] agetty: resolve tty name even if stdin is specified
[kzak@redhat.com: - use "const" for options->tty (and friends)
as expected by get_terminal_name()]
Addresses: https://github.com/util-linux/util-linux/issues/1546
Signed-off-by: tamz <totemz@protonmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
term-utils/agetty.c | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/term-utils/agetty.c b/term-utils/agetty.c
index 55d373461..22850786d 100644
--- a/term-utils/agetty.c
+++ b/term-utils/agetty.c
@@ -190,8 +190,8 @@ struct options {
char *chroot; /* Chroot before the login */
char *login; /* login program */
char *logopt; /* options for login program */
- char *tty; /* name of tty */
- char *vcline; /* line of virtual console */
+ const char *tty; /* name of tty */
+ const char *vcline; /* line of virtual console */
char *term; /* terminal type */
char *initstring; /* modem init string */
char *issue; /* alternative issue file or directory */
@@ -203,6 +203,7 @@ struct options {
int numspeed; /* number of baud rates to try */
int clocal; /* CLOCAL_MODE_* */
int kbmode; /* Keyboard mode if virtual console */
+ int tty_is_stdin; /* is the tty the standard input stream */
speed_t speeds[MAX_SPEED]; /* baud rates to be tried */
};
@@ -319,7 +320,7 @@ static void init_special_char(char* arg, struct options *op);
static void parse_args(int argc, char **argv, struct options *op);
static void parse_speeds(struct options *op, char *arg);
static void update_utmp(struct options *op);
-static void open_tty(char *tty, struct termios *tp, struct options *op);
+static void open_tty(const char *tty, struct termios *tp, struct options *op);
static void termio_init(struct options *op, struct termios *tp);
static void reset_vc(const struct options *op, struct termios *tp, int canon);
static void auto_baud(struct termios *tp);
@@ -922,6 +923,15 @@ static void parse_args(int argc, char **argv, struct options *op)
}
}
+ /* resolve the tty path in case it was provided as stdin */
+ if (strcmp(op->tty, "-") == 0) {
+ op->tty_is_stdin = 1;
+ int fd = get_terminal_name(NULL, &op->tty, NULL);
+ if (fd < 0) {
+ log_warn(_("could not get terminal name: %d"), fd);
+ }
+ }
+
/* On virtual console remember the line which is used for */
if (strncmp(op->tty, "tty", 3) == 0 &&
strspn(op->tty + 3, "0123456789") == strlen(op->tty+3))
@@ -962,8 +972,8 @@ static void update_utmp(struct options *op)
time_t t;
pid_t pid = getpid();
pid_t sid = getsid(0);
- char *vcline = op->vcline;
- char *line = op->tty;
+ const char *vcline = op->vcline;
+ const char *line = op->tty;
struct utmpx *utp;
/*
@@ -1002,7 +1012,7 @@ static void update_utmp(struct options *op)
str2memcpy(ut.ut_id, vcline, sizeof(ut.ut_id));
else {
size_t len = strlen(line);
- char * ptr;
+ const char * ptr;
if (len >= sizeof(ut.ut_id))
ptr = line + len - sizeof(ut.ut_id);
else
@@ -1030,7 +1040,7 @@ static void update_utmp(struct options *op)
#endif /* SYSV_STYLE */
/* Set up tty as stdin, stdout & stderr. */
-static void open_tty(char *tty, struct termios *tp, struct options *op)
+static void open_tty(const char *tty, struct termios *tp, struct options *op)
{
const pid_t pid = getpid();
int closed = 0;
@@ -1040,7 +1050,7 @@ static void open_tty(char *tty, struct termios *tp, struct options *op)
/* Set up new standard input, unless we are given an already opened port. */
- if (strcmp(tty, "-") != 0) {
+ if (!op->tty_is_stdin) {
char buf[PATH_MAX+1];
struct group *gr = NULL;
struct stat st;
--
2.35.1

16
util-linux-bash-completion-su-chsh-l.patch Normal file
View file

@ -0,0 +1,16 @@
su -s <TAB> completion depends on "chsh -l" present in the
util-linux implementation of chsh. But SUSE uses chsh from shadow
package that does not include this feature. Use /etc/shells
instead.
--- util-linux/bash-completion/su
+++ util-linux/bash-completion/su
@@ -14,7 +14,7 @@ _su_module()
return 0
;;
'-s'|'--shell')
- COMPREPLY=( $(compgen -W "$(chsh -l)" -- $cur) )
+ COMPREPLY=( $(compgen -W "$(</etc/shells)" -- $cur) )
return 0
;;
'-h'|'--help'|'-V'|'--version')

47
util-linux-fix-tests-when-at-symbol-in-path.patch Normal file
View file

@ -0,0 +1,47 @@
From 057579455a40d0cc7612938aa3d11a02b279e89c Mon Sep 17 00:00:00 2001
From: David Anes <david.anes@suse.com>
Date: Fri, 9 Dec 2022 18:09:31 +0100
Subject: [PATCH] tests: allow paths in tests to contain '@' char
Tests fail when the build directory contains
'@' in its path, as its sent to 'sed' unescaped.
This patch allows to build in such environments,
which typically happen on automated systems (for
example, when building concurrently with Jenkins).
---
tests/functions.sh | 4 +++-
tests/ts/minix/fsck | 5 ++++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/tests/functions.sh b/tests/functions.sh
index 22bfc24c93..6975930e33 100644
--- a/tests/functions.sh
+++ b/tests/functions.sh
@@ -853,7 +853,9 @@ function ts_fdisk_clean {
# remove non comparable parts of fdisk output
if [ -n "${DEVNAME}" ]; then
- sed -i -e "s@${DEVNAME}@<removed>@;" $TS_OUTPUT $TS_ERRLOG
+ # escape "@" with "@@" in $img. This way sed correctly
+ # replaces paths containing "@" characters
+ sed -i -e "s@${DEVNAME//\@/\\\@}@<removed>@;" $TS_OUTPUT $TS_ERRLOG
fi
sed -i \
diff --git a/tests/ts/minix/fsck b/tests/ts/minix/fsck
index 335f180dcc..f246a87a76 100755
--- a/tests/ts/minix/fsck
+++ b/tests/ts/minix/fsck
@@ -50,7 +50,10 @@ done
rm -f $img
-sed -i "s@$img@image@g" $TS_OUTPUT
+# escape "@" with "@@" in $img. This way sed correctly
+# replaces paths containing "@" characters
+sed -i "s@${img//\@/\\\@}@image@g" $TS_OUTPUT
+
ts_finalize

49
util-linux-flock-limitations.patch Normal file
View file

@ -0,0 +1,49 @@
From f4d9018183ff9a6cd6a77bf33461b60570ec7622 Mon Sep 17 00:00:00 2001
From: Stanislav Brabec <sbrabec@suse.cz>
Date: Fri, 25 Mar 2022 09:26:48 +0100
Subject: flock: Decribe limitations of flock: deadlock, NFS, CIFS
The flock(1) does not refer to limitations of flock(2). Provide an
documentation entry point for solving of problems with flock on NFS
and CIFS and mention risk of deadlock.
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
sys-utils/flock.1.adoc | 6 ++++++
1 file changed, 6 insertions(+)
Index: util-linux-2.37.4/sys-utils/flock.1.adoc
===================================================================
--- util-linux-2.37.4.orig/sys-utils/flock.1.adoc
+++ util-linux-2.37.4/sys-utils/flock.1.adoc
@@ -95,6 +95,12 @@ The command uses <sysexits.h> exit statu
When using the _command_ variant, and executing the child worked, then the exit status is that of the child command.
+== NOTES
+
+*flock* does not detect deadlock. See *flock*(2) for details.
+
+Some file systems (e. g. NFS and CIFS) have a limited implementation of *flock*(2) and flock may always fail. For details see *flock*(2), *nfs*(5) and *mount.cifs*(8). Depending on mount options, flock can always fail there.
+
== EXAMPLES
Note that "shell> " in examples is a command line prompt.
Index: util-linux-2.37.4/sys-utils/flock.1
===================================================================
--- util-linux-2.37.4.orig/sys-utils/flock.1
+++ util-linux-2.37.4/sys-utils/flock.1
@@ -109,6 +109,11 @@ Display help text and exit.
The command uses <sysexits.h> exit status values for everything, except when using either of the options \fB\-n\fP or \fB\-w\fP which report a failure to acquire the lock with an exit status given by the \fB\-E\fP option, or 1 by default. The exit status given by \fB\-E\fP has to be in the range of 0 to 255.
.sp
When using the \fIcommand\fP variant, and executing the child worked, then the exit status is that of the child command.
+.SH "NOTES"
+.sp
+\fBflock\fP does not detect deadlock. See \fBflock\fP(2) for details.
+.sp
+Some file systems (e. g. NFS and CIFS) have a limited implementation of \fBflock\fP(2) and flock may always fail. For details see \fBflock\fP(2), \fBnfs\fP(5) and \fBmount.cifs\fP(8). Depending on mount options, flock can always fail there.
.SH "EXAMPLES"
.sp
Note that "shell> " in examples is a command line prompt.

58
util-linux-fstrim-implement-X-fstrim.notrim.patch Normal file
View file

@ -0,0 +1,58 @@
Backport with adoc fix.
From 582eb71d737b6c23dd5ec19db0e9aa1d4d7abee9 Mon Sep 17 00:00:00 2001
From: Stanislav Brabec <sbrabec@suse.cz>
Date: Mon, 31 Jan 2022 10:53:20 +0100
Subject: [PATCH] fstrim: Add fstab option X-fstrim.notrim
Sometimes it makes sense to skip fstrim for selected file mounts, but
still be able to use fstrim.service.
Add a possibility to specify "X-fstrim.notrim" in fstab.
Do not use "notrim", as it collides with the kernel rbd driver.
[kzak@redhat.com: - rename x-fstrim to X-fstrim]
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
sys-utils/fstrim.8.adoc | 2 +-
sys-utils/fstrim.c | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
Index: util-linux-2.37.2/sys-utils/fstrim.8.adoc
===================================================================
--- util-linux-2.37.2.orig/sys-utils/fstrim.8.adoc
+++ util-linux-2.37.2/sys-utils/fstrim.8.adoc
@@ -29,7 +29,7 @@ Running *fstrim* frequently, or even usi
The _offset_, _length_, and _minimum-size_ arguments may be followed by the multiplicative suffixes KiB (=1024), MiB (=1024*1024), and so on for GiB, TiB, PiB, EiB, ZiB and YiB (the "iB" is optional, e.g., "K" has the same meaning as "KiB") or the suffixes KB (=1000), MB (=1000*1000), and so on for GB, TB, PB, EB, ZB and YB.
*-A, --fstab*::
-Trim all mounted filesystems mentioned in _/etc/fstab_ on devices that support the discard operation. The root filesystem is determined from kernel command line if missing in the file. The other supplied options, like *--offset*, *--length* and *--minimum*, are applied to all these devices. Errors from filesystems that do not support the discard operation, read-only devices and read-only filesystems are silently ignored.
+Trim all mounted filesystems mentioned in _/etc/fstab_ on devices that support the discard operation. The root filesystem is determined from kernel command line if missing in the file. The other supplied options, like *--offset*, *--length* and *--minimum*, are applied to all these devices. Errors from filesystems that do not support the discard operation, read-only devices and read-only filesystems are silently ignored. Filesystems with "X-fstrim.notrim" mount option are skipped.
*-a, --all*::
Trim all mounted filesystems on devices that support the discard operation. The other supplied options, like *--offset*, *--length* and *--minimum*, are applied to all these devices. Errors from filesystems that do not support the discard operation, read-only devices and read-only filesystems are silently ignored.
@@ -47,6 +47,8 @@ The number of bytes (after the starting
Specifies a colon-separated list of files in fstab or kernel mountinfo format. All missing or empty files are silently ignored. The evaluation of the _list_ stops after first non-empty file. For example:
+
*--listed-in /etc/fstab:/proc/self/mountinfo*.
++
+Filesystems with "X-fstrim.notrim" mount option are skipped.
*-m, --minimum* _minimum-size_::
Minimum contiguous free range to discard, in bytes. (This value is internally rounded up to a multiple of the filesystem block size.) Free ranges smaller than this will be ignored and fstrim will adjust the minimum if it's smaller than the device's minimum, and report that (fstrim_range.minlen) back to userspace. By increasing this value, the fstrim operation will complete more quickly for filesystems with badly fragmented freespace, although not all blocks will be discarded. The default value is zero, discarding every free block.
Index: util-linux-2.37.2/sys-utils/fstrim.c
===================================================================
--- util-linux-2.37.2.orig/sys-utils/fstrim.c
+++ util-linux-2.37.2/sys-utils/fstrim.c
@@ -292,7 +292,8 @@ static int fstrim_all_from_file(struct f
const char *src = mnt_fs_get_srcpath(fs),
*tgt = mnt_fs_get_target(fs);
- if (!tgt || mnt_fs_is_pseudofs(fs) || mnt_fs_is_netfs(fs)) {
+ if (!tgt || mnt_fs_is_pseudofs(fs) || mnt_fs_is_netfs(fs) ||
+ mnt_fs_match_options(fs, "+X-fstrim.notrim")) {
mnt_table_remove_fs(tab, fs);
continue;
}

95
util-linux-libmount-fix-and-improve-utab-on-ms_move.patch Normal file
View file

@ -0,0 +1,95 @@
From 1ec32f426c0f4705ea4e6e33b812b3b4c2c47faa Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 4 May 2022 12:13:08 +0200
Subject: [PATCH 2/2] libmount: fix and improve utab update on MS_MOVE
* avoid double '//'
* don't update /fooxxx when /foo update requested (make sure that
startswith() returns path terminated by '/')
* canonicalize only once the new path -- all in utab/mtab is already
canonicalized, so after MS_MOVE we need to care about the new path
only
* use asprintf() rather than strcpy() and strcat(), don't compose a
new path from prefix and subdir when replace entire path
Addresses: https://github.com/util-linux/util-linux/pull/1660
Signed-off-by: Karel Zak <kzak@redhat.com>
---
libmount/src/tab_update.c | 41 +++++++++++++++++++++------------------
1 file changed, 22 insertions(+), 19 deletions(-)
diff --git a/libmount/src/tab_update.c b/libmount/src/tab_update.c
index 51f2fae26..3a22e7188 100644
--- a/libmount/src/tab_update.c
+++ b/libmount/src/tab_update.c
@@ -767,33 +767,34 @@ static int update_modify_target(struct libmnt_update *upd, struct libmnt_lock *l
const char *upd_target = mnt_fs_get_target(upd->fs);
struct libmnt_iter itr;
struct libmnt_fs *fs;
+ char *cn_target = mnt_resolve_path(upd_target, NULL);
+
+ if (!cn_target) {
+ rc = -ENOMEM;
+ goto done;
+ }
mnt_reset_iter(&itr, MNT_ITER_BACKWARD);
- while(mnt_table_next_fs(tb, &itr, &fs) == 0) {
- char *p, *e;
- size_t len;
+ while (mnt_table_next_fs(tb, &itr, &fs) == 0) {
+ char *p;
+ const char *e;
e = startswith(mnt_fs_get_target(fs), upd_source);
- if (!e)
+ if (!e || (*e && *e != '/'))
continue;
+ if (*e == '/')
+ e++; /* remove extra '/' */
- len = strlen(upd_target) + strlen(e) + 2;
- p = malloc(len);
- if (!p)
- rc = -ENOMEM;
- else {
- char *cn;
-
- strcpy(p, upd_target);
- strcat(p, "/");
- strcat(p, e);
-
- cn = mnt_resolve_path(p, NULL);
- rc = mnt_fs_set_target(fs, cn);
+ /* no subdirectory, replace entire path */
+ if (!*e)
+ rc = mnt_fs_set_target(fs, cn_target);
- free(cn);
+ /* update start of the path, keep subdirectory */
+ else if (asprintf(&p, "%s/%s", cn_target, e) > 0) {
+ rc = mnt_fs_set_target(fs, p);
free(p);
- }
+ } else
+ rc = -ENOMEM;
if (rc < 0)
break;
@@ -801,8 +802,10 @@ static int update_modify_target(struct libmnt_update *upd, struct libmnt_lock *l
if (!rc)
rc = update_table(upd, tb);
+ free(cn_target);
}
+done:
if (lc)
mnt_unlock_file(lc);
--
2.35.1

89
util-linux-libmount-moving-mount-point-sub-mounts.patch Normal file
View file

@ -0,0 +1,89 @@
From a04149fbb7c1952da1194d1514e298ff07dbc7ca Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 22 Apr 2022 11:30:09 +0200
Subject: [PATCH 1/2] libmount: when moving a mount point, all sub mount entries in
utab should also be updated
Given that /run/mount/utab stores paths, this file needs to be adjusted when a
mount tree is moved.
However the moved tree may contains sub mount points in which case their utab
entries (if any) need to also be translated.
This patch takes care of that.
As suggested in https://github.com/systemd/systemd/issues/15266, a better
approach might be to store mount IDs instead of paths since mount IDs remain
unchanged when mount trees are moved.
Fixes: #1659
---
libmount/src/tab_update.c | 44 +++++++++++++++++++++++++++++++++------
1 file changed, 38 insertions(+), 6 deletions(-)
diff --git a/libmount/src/tab_update.c b/libmount/src/tab_update.c
index b68553515..51f2fae26 100644
--- a/libmount/src/tab_update.c
+++ b/libmount/src/tab_update.c
@@ -30,6 +30,7 @@
#include "mountP.h"
#include "mangle.h"
#include "pathnames.h"
+#include "strutils.h"
struct libmnt_update {
char *target;
@@ -762,13 +763,44 @@ static int update_modify_target(struct libmnt_update *upd, struct libmnt_lock *l
tb = __mnt_new_table_from_file(upd->filename,
upd->userspace_only ? MNT_FMT_UTAB : MNT_FMT_MTAB, 1);
if (tb) {
- struct libmnt_fs *cur = mnt_table_find_target(tb,
- mnt_fs_get_srcpath(upd->fs), MNT_ITER_BACKWARD);
- if (cur) {
- rc = mnt_fs_set_target(cur, mnt_fs_get_target(upd->fs));
- if (!rc)
- rc = update_table(upd, tb);
+ const char *upd_source = mnt_fs_get_srcpath(upd->fs);
+ const char *upd_target = mnt_fs_get_target(upd->fs);
+ struct libmnt_iter itr;
+ struct libmnt_fs *fs;
+
+ mnt_reset_iter(&itr, MNT_ITER_BACKWARD);
+ while(mnt_table_next_fs(tb, &itr, &fs) == 0) {
+ char *p, *e;
+ size_t len;
+
+ e = startswith(mnt_fs_get_target(fs), upd_source);
+ if (!e)
+ continue;
+
+ len = strlen(upd_target) + strlen(e) + 2;
+ p = malloc(len);
+ if (!p)
+ rc = -ENOMEM;
+ else {
+ char *cn;
+
+ strcpy(p, upd_target);
+ strcat(p, "/");
+ strcat(p, e);
+
+ cn = mnt_resolve_path(p, NULL);
+ rc = mnt_fs_set_target(fs, cn);
+
+ free(cn);
+ free(p);
+ }
+
+ if (rc < 0)
+ break;
}
+
+ if (!rc)
+ rc = update_table(upd, tb);
}
if (lc)
--
2.35.1

62
util-linux-libuuid-avoid-truncate-clocks.txt-to-improve-perform.patch Normal file
View file

@ -0,0 +1,62 @@
From 1d98827edde4b88068d295bbd20c31333b2ad5d4 Mon Sep 17 00:00:00 2001
From: Goldwyn Rodrigues <rgoldwyn@suse.de>
Date: Tue, 10 Oct 2023 18:08:59 -0500
Subject: [PATCH] libuuid: avoid truncate clocks.txt to improve performance
Git-commit: 1d98827edde4b88068d295bbd20c31333b2ad5d4
Patch-mainline: v2.39.4
References: bsc#1207987
Instead of explicitly truncating clocks.txt file, pad with
whitespaces in the end of file.
This is done to improve performance of libuuid on xfs
filesystems. Instead of truncating the file, pad it with whitespaces.
This is anyways used as a failsafe method in case truncate fails.
The reason why this regression was introduced was because of:
869ae85dae64 ("xfs: flush new eof page on truncate to avoid post-eof corruption")
An attempt to move the clocks.txt to /run (tmpfs) has been attempted before
[1] and with commit ab2e7dd17 ("libuuid: move clock state file from
/var/lib to /var/run"). The latter was reverted.
[1] https://www.spinics.net/lists/util-linux-ng/msg17331.html
Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Acked-by: Anthony Iliopoulos <ailiop@suse.com>
---
libuuid/src/gen_uuid.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/libuuid/src/gen_uuid.c b/libuuid/src/gen_uuid.c
index db793c374a34..826cd2245679 100644
--- a/libuuid/src/gen_uuid.c
+++ b/libuuid/src/gen_uuid.c
@@ -229,7 +229,6 @@ static int get_clock(uint32_t *clock_high, uint32_t *clock_low,
struct timeval tv;
uint64_t clock_reg;
mode_t save_umask;
- int len;
int ret = 0;
if (state_fd == -1)
@@ -324,14 +323,10 @@ try_again:
if (state_fd >= 0) {
rewind(state_f);
- len = fprintf(state_f,
- "clock: %04x tv: %016ld %08ld adj: %08d\n",
+ fprintf(state_f,
+ "clock: %04x tv: %016ld %08ld adj: %08d \n",
clock_seq, (long)last.tv_sec, (long)last.tv_usec, adjustment);
fflush(state_f);
- if (ftruncate(state_fd, len) < 0) {
- fprintf(state_f, " \n");
- fflush(state_f);
- }
rewind(state_f);
flock(state_fd, LOCK_UN);
}
--
2.43.0

33
util-linux-libuuid-check-clock-value.patch Normal file
View file

@ -0,0 +1,33 @@
From 5d1424d85ac9e2a1369ee920038825c154ee5443 Mon Sep 17 00:00:00 2001
From: Michael Trapp <michael.trapp@sap.com>
Date: Tue, 2 Aug 2022 14:16:43 +0200
Subject: [PATCH 4/4] libuuid: check clock value from LIBUUID_CLOCK_FILE
The clock value from the LIBUUID_CLOCK_FILE must be checked in
case of an update of libuuid. If clock==CLOCK_SEQ_CONT it must
be set to a new value.
Signed-off-by: Karel Zak <kzak@redhat.com>
---
libuuid/src/gen_uuid.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libuuid/src/gen_uuid.c b/libuuid/src/gen_uuid.c
index 807dcd115..e1ba3c3d0 100644
--- a/libuuid/src/gen_uuid.c
+++ b/libuuid/src/gen_uuid.c
@@ -274,6 +274,11 @@ static int get_clock(uint32_t *clock_high, uint32_t *clock_low,
last.tv_usec = tv2;
adjustment = a;
}
+ // reset in case of reserved CLOCK_SEQ_CONT
+ if (clock_seq == CLOCK_SEQ_CONT) {
+ last.tv_sec = 0;
+ last.tv_usec = 0;
+ }
}
if ((last.tv_sec == 0) && (last.tv_usec == 0)) {
--
2.37.3

333
util-linux-libuuid-continuous-clock-handling.patch Normal file
View file

@ -0,0 +1,333 @@
From 3cfba7d39b66eff4307218fefd8bb34bb1621f83 Mon Sep 17 00:00:00 2001
From: Michael Trapp <michael.trapp@sap.com>
Date: Mon, 20 Jun 2022 17:10:36 +0200
Subject: [PATCH 3/4] libuuid: Implement continuous clock handling for time based
UUIDs
In a uuidd setup, the daemon is a singleton and can maintain it's own
resources for time based UUID generation. This requires a dedicated
'clock sequence range' but does not need any further lock/update of
the LIBUUID_CLOCK_FILE from uuidd. The range of available clock values
is extended by a continuous handling of the clock updates - instead of
updating the value to the current timestamp, it is incremented by
the number of requested UUIDs.
---
libuuid/src/gen_uuid.c | 91 ++++++++++++++++++++++++++++++++++++++---
libuuid/src/libuuid.sym | 1 +
libuuid/src/uuidd.h | 1 +
misc-utils/uuidd.8.adoc | 3 ++
misc-utils/uuidd.c | 54 +++++++++++++++++++++---
5 files changed, 140 insertions(+), 10 deletions(-)
Index: util-linux-2.37.4/libuuid/src/gen_uuid.c
===================================================================
--- util-linux-2.37.4.orig/libuuid/src/gen_uuid.c
+++ util-linux-2.37.4/libuuid/src/gen_uuid.c
@@ -209,6 +209,8 @@ static int get_node_id(unsigned char *no
/* Assume that the gettimeofday() has microsecond granularity */
#define MAX_ADJUSTMENT 10
+/* Reserve a clock_seq value for the 'continuous clock' implementation */
+#define CLOCK_SEQ_CONT 0
/*
* Get clock from global sequence clock counter.
@@ -275,8 +277,10 @@ static int get_clock(uint32_t *clock_hig
}
if ((last.tv_sec == 0) && (last.tv_usec == 0)) {
- ul_random_get_bytes(&clock_seq, sizeof(clock_seq));
- clock_seq &= 0x3FFF;
+ do {
+ ul_random_get_bytes(&clock_seq, sizeof(clock_seq));
+ clock_seq &= 0x3FFF;
+ } while (clock_seq == CLOCK_SEQ_CONT);
gettimeofday(&last, NULL);
last.tv_sec--;
}
@@ -286,7 +290,9 @@ try_again:
if ((tv.tv_sec < last.tv_sec) ||
((tv.tv_sec == last.tv_sec) &&
(tv.tv_usec < last.tv_usec))) {
- clock_seq = (clock_seq+1) & 0x3FFF;
+ do {
+ clock_seq = (clock_seq+1) & 0x3FFF;
+ } while (clock_seq == CLOCK_SEQ_CONT);
adjustment = 0;
last = tv;
} else if ((tv.tv_sec == last.tv_sec) &&
@@ -331,6 +337,64 @@ try_again:
return ret;
}
+/*
+ * Get current time in 100ns ticks.
+ */
+static uint64_t get_clock_counter(void)
+{
+ struct timeval tv;
+ uint64_t clock_reg;
+
+ gettimeofday(&tv, NULL);
+ clock_reg = tv.tv_usec*10;
+ clock_reg += ((uint64_t) tv.tv_sec) * 10000000ULL;
+
+ return clock_reg;
+}
+
+/*
+ * Get continuous clock value.
+ *
+ * Return -1 if there is no further clock counter available,
+ * otherwise return 0.
+ *
+ * This implementation doesn't deliver clock counters based on
+ * the current time because last_clock_reg is only incremented
+ * by the number of requested UUIDs.
+ * max_clock_offset is used to limit the offset of last_clock_reg.
+ */
+static int get_clock_cont(uint32_t *clock_high,
+ uint32_t *clock_low,
+ int num,
+ uint32_t max_clock_offset)
+{
+ /* 100ns based time offset according to RFC 4122. 4.1.4. */
+ const uint64_t reg_offset = (((uint64_t) 0x01B21DD2) << 32) + 0x13814000;
+ static uint64_t last_clock_reg = 0;
+ uint64_t clock_reg;
+
+ if (last_clock_reg == 0)
+ last_clock_reg = get_clock_counter();
+
+ clock_reg = get_clock_counter();
+ if (max_clock_offset) {
+ uint64_t clock_offset = max_clock_offset * 10000000ULL;
+ if (last_clock_reg < (clock_reg - clock_offset))
+ last_clock_reg = clock_reg - clock_offset;
+ }
+
+ clock_reg += MAX_ADJUSTMENT;
+
+ if ((last_clock_reg + num) >= clock_reg)
+ return -1;
+
+ *clock_high = (last_clock_reg + reg_offset) >> 32;
+ *clock_low = last_clock_reg + reg_offset;
+ last_clock_reg += num;
+
+ return 0;
+}
+
#if defined(HAVE_UUIDD) && defined(HAVE_SYS_UN_H)
/*
@@ -403,7 +467,7 @@ static int get_uuid_via_daemon(int op __
}
#endif
-int __uuid_generate_time(uuid_t out, int *num)
+static int __uuid_generate_time_internal(uuid_t out, int *num, uint32_t cont_offset)
{
static unsigned char node_id[6];
static int has_init = 0;
@@ -423,7 +487,14 @@ int __uuid_generate_time(uuid_t out, int
}
has_init = 1;
}
- ret = get_clock(&clock_mid, &uu.time_low, &uu.clock_seq, num);
+ if (cont_offset) {
+ ret = get_clock_cont(&clock_mid, &uu.time_low, *num, cont_offset);
+ uu.clock_seq = CLOCK_SEQ_CONT;
+ if (ret != 0) /* fallback to previous implpementation */
+ ret = get_clock(&clock_mid, &uu.time_low, &uu.clock_seq, num);
+ } else {
+ ret = get_clock(&clock_mid, &uu.time_low, &uu.clock_seq, num);
+ }
uu.clock_seq |= 0x8000;
uu.time_mid = (uint16_t) clock_mid;
uu.time_hi_and_version = ((clock_mid >> 16) & 0x0FFF) | 0x1000;
@@ -432,6 +503,16 @@ int __uuid_generate_time(uuid_t out, int
return ret;
}
+int __uuid_generate_time(uuid_t out, int *num)
+{
+ return __uuid_generate_time_internal(out, num, 0);
+}
+
+int __uuid_generate_time_cont(uuid_t out, int *num, uint32_t cont_offset)
+{
+ return __uuid_generate_time_internal(out, num, cont_offset);
+}
+
/*
* Generate time-based UUID and store it to @out
*
Index: util-linux-2.37.4/libuuid/src/libuuid.sym
===================================================================
--- util-linux-2.37.4.orig/libuuid/src/libuuid.sym
+++ util-linux-2.37.4/libuuid/src/libuuid.sym
@@ -60,6 +60,7 @@ global:
UUIDD_PRIVATE {
global:
__uuid_generate_time;
+ __uuid_generate_time_cont;
__uuid_generate_random;
local:
*;
Index: util-linux-2.37.4/libuuid/src/uuidd.h
===================================================================
--- util-linux-2.37.4.orig/libuuid/src/uuidd.h
+++ util-linux-2.37.4/libuuid/src/uuidd.h
@@ -49,6 +49,7 @@
#define UUIDD_MAX_OP UUIDD_OP_BULK_RANDOM_UUID
extern int __uuid_generate_time(uuid_t out, int *num);
+extern int __uuid_generate_time_cont(uuid_t out, int *num, uint32_t cont);
extern int __uuid_generate_random(uuid_t out, int *num);
#endif /* _UUID_UUID_H */
Index: util-linux-2.37.4/misc-utils/uuidd.8.adoc
===================================================================
--- util-linux-2.37.4.orig/misc-utils/uuidd.8.adoc
+++ util-linux-2.37.4/misc-utils/uuidd.8.adoc
@@ -24,6 +24,9 @@ The *uuidd* daemon is used by the UUID l
== OPTIONS
+*-C*, *--cont-clock* _opt_arg_::
+Activate continuous clock handling for time based UUIDs. *uuidd* could use all possible clock values, beginning with the daemon's start time. The optional argument can be used to set a value for the max_clock_offset. This gurantees, that a clock value of a UUID will always be within the range of the max_clock_offset. '-C' or '--cont-clock' enables the feature with a default max_clock_offset of 2 hours. '-C<NUM>[hd]' or '--cont-clock=<NUM>[hd]' enables the feature with a max_clock_offset of NUM seconds. In case of an appended h or d, the NUM value is read in hours or days. The minimum value is 60 seconds, the maximum value is 365 days.
+
*-d*, *--debug*::
Run uuidd in debugging mode. This prevents uuidd from running as a daemon.
Index: util-linux-2.37.4/misc-utils/uuidd.c
===================================================================
--- util-linux-2.37.4.orig/misc-utils/uuidd.c
+++ util-linux-2.37.4/misc-utils/uuidd.c
@@ -72,6 +72,8 @@ struct uuidd_cxt_t {
const char *cleanup_pidfile;
const char *cleanup_socket;
uint32_t timeout;
+ uint32_t cont_clock_offset;
+
unsigned int debug: 1,
quiet: 1,
no_fork: 1,
@@ -106,6 +108,8 @@ static void __attribute__((__noreturn__)
fputs(_(" -P, --no-pid do not create pid file\n"), out);
fputs(_(" -F, --no-fork do not daemonize using double-fork\n"), out);
fputs(_(" -S, --socket-activation do not create listening socket\n"), out);
+ fputs(_(" -C, --cont-clock[=<NUM>[hd]]\n"), out);
+ fputs(_(" activate continuous clock handling\n"), out);
fputs(_(" -d, --debug run in debugging mode\n"), out);
fputs(_(" -q, --quiet turn on quiet mode\n"), out);
fputs(USAGE_SEPARATOR, out);
@@ -438,6 +442,15 @@ static void server_loop(const char *sock
pfd[POLLFD_SOCKET].fd = s;
pfd[POLLFD_SIGNAL].events = pfd[POLLFD_SOCKET].events = POLLIN | POLLERR | POLLHUP;
+ num = 1;
+ if (uuidd_cxt->cont_clock_offset) {
+ /* trigger initialization */
+ (void) __uuid_generate_time_cont(uu, &num, uuidd_cxt->cont_clock_offset);
+ if (uuidd_cxt->debug)
+ fprintf(stderr, _("max_clock_offset = %u sec\n"),
+ uuidd_cxt->cont_clock_offset);
+ }
+
while (1) {
ret = poll(pfd, ARRAY_SIZE(pfd),
uuidd_cxt->timeout ?
@@ -494,7 +507,8 @@ static void server_loop(const char *sock
break;
case UUIDD_OP_TIME_UUID:
num = 1;
- if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
+ ret = __uuid_generate_time_cont(uu, &num, uuidd_cxt->cont_clock_offset);
+ if (ret < 0 && !uuidd_cxt->quiet)
warnx(_("failed to open/lock clock counter"));
if (uuidd_cxt->debug) {
uuid_unparse(uu, str);
@@ -505,7 +519,8 @@ static void server_loop(const char *sock
break;
case UUIDD_OP_RANDOM_UUID:
num = 1;
- if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
+ ret = __uuid_generate_time_cont(uu, &num, uuidd_cxt->cont_clock_offset);
+ if (ret < 0 && !uuidd_cxt->quiet)
warnx(_("failed to open/lock clock counter"));
if (uuidd_cxt->debug) {
uuid_unparse(uu, str);
@@ -515,7 +530,8 @@ static void server_loop(const char *sock
reply_len = sizeof(uu);
break;
case UUIDD_OP_BULK_TIME_UUID:
- if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
+ ret = __uuid_generate_time_cont(uu, &num, uuidd_cxt->cont_clock_offset);
+ if (ret < 0 && !uuidd_cxt->quiet)
warnx(_("failed to open/lock clock counter"));
if (uuidd_cxt->debug) {
uuid_unparse(uu, str);
@@ -567,6 +583,27 @@ static void __attribute__ ((__noreturn__
errx(EXIT_FAILURE, _("Unexpected reply length from server %d"), size);
}
+static uint32_t parse_cont_clock(char *arg)
+{
+ uint32_t min_val = 60,
+ max_val = (3600 * 24 * 365),
+ factor = 1;
+ char *p = &arg[strlen(arg)-1];
+
+ if ('h' == *p) {
+ *p = '\0';
+ factor = 3600;
+ min_val = 1;
+ }
+ if ('d' == *p) {
+ *p = '\0';
+ factor = 24 * 3600;
+ min_val = 1;
+ }
+ return factor * str2num_or_err(optarg, 10, _("failed to parse --cont-clock/-C"),
+ min_val, max_val / factor);
+}
+
static void parse_options(int argc, char **argv, struct uuidd_cxt_t *uuidd_cxt,
struct uuidd_options_t *uuidd_opts)
{
@@ -581,6 +618,7 @@ static void parse_options(int argc, char
{"no-pid", no_argument, NULL, 'P'},
{"no-fork", no_argument, NULL, 'F'},
{"socket-activation", no_argument, NULL, 'S'},
+ {"cont-clock", optional_argument, NULL, 'C'},
{"debug", no_argument, NULL, 'd'},
{"quiet", no_argument, NULL, 'q'},
{"version", no_argument, NULL, 'V'},
@@ -596,9 +634,15 @@ static void parse_options(int argc, char
int excl_st[ARRAY_SIZE(excl)] = UL_EXCL_STATUS_INIT;
int c;
- while ((c = getopt_long(argc, argv, "p:s:T:krtn:PFSdqVh", longopts, NULL)) != -1) {
+ while ((c = getopt_long(argc, argv, "p:s:T:krtn:PFSC::dqVh", longopts, NULL)) != -1) {
err_exclusive_options(c, longopts, excl, excl_st);
switch (c) {
+ case 'C':
+ if (optarg != NULL)
+ uuidd_cxt->cont_clock_offset = parse_cont_clock(optarg);
+ else
+ uuidd_cxt->cont_clock_offset = 7200; /* default 2h */
+ break;
case 'd':
uuidd_cxt->debug = 1;
break;
@@ -673,7 +717,7 @@ int main(int argc, char **argv)
char *cp;
int ret;
- struct uuidd_cxt_t uuidd_cxt = { .timeout = 0 };
+ struct uuidd_cxt_t uuidd_cxt = { .timeout = 0, .cont_clock_offset = 0 };
struct uuidd_options_t uuidd_opts = { .socket_path = UUIDD_SOCKET_PATH };
setlocale(LC_ALL, "");

56
util-linux-libuuid-extend-cache.patch Normal file
View file

@ -0,0 +1,56 @@
From 0f8de4902fe3f3512ee5043c5277d002a488a804 Mon Sep 17 00:00:00 2001
From: Michael Trapp <michael.trapp@sap.com>
Date: Thu, 10 Mar 2022 13:18:52 +0100
Subject: [PATCH] libuuid: extend cache in uuid_generate_time_generic()
Improve throughput and reduce clock sequence increments
for high load situation with time based version 1 uuids.
In a high load scenario, where an application continiously reads time
based version 1 uuids from uuidd, we have noticed the following
behaviour.
The application reads more uuids as there are available in the
corresponding timeframe and each bulk request results in an increment of
the clock sequence because of the 'step back' in time. Due to the
14bit size of the clock sequence this also results in overflows of
the clock sequence.
As uuidd calls
uuid_generate_time_safe()
uuid_generate_time_generic()
the default value for the bulk request in the '#ifdef HAVE_TLS' section
of uuid_generate_time_generic() is set to 1000.
Extending the 'cache' of uuid_generate_time_generic() by increasing
the default of num to 1000000 doesn't solve the issue, but reduces
the clock sequence increments by factor 1000 and it also improves
the uuid throughput in our setup by factor 3-4.
It might be possible to implement a cache for
UUIDD_OP_BULK_TIME_UUID
UUIDD_OP_TIME_UUID
in the uuidd request handling, but it would not be as simple as this fix
in uuid_generate_time_generic().
Signed-off-by: Karel Zak <kzak@redhat.com>
---
libuuid/src/gen_uuid.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libuuid/src/gen_uuid.c b/libuuid/src/gen_uuid.c
index d353fa1a0..76d5371ea 100644
--- a/libuuid/src/gen_uuid.c
+++ b/libuuid/src/gen_uuid.c
@@ -453,7 +453,7 @@ static int uuid_generate_time_generic(uuid_t out) {
num = 0;
}
if (num <= 0) {
- num = 1000;
+ num = 1000000;
if (get_uuid_via_daemon(UUIDD_OP_BULK_TIME_UUID,
out, &num) == 0) {
last_time = time(NULL);
--
2.35.1

43
util-linux-libuuid-improve-cache-handling.patch Normal file
View file

@ -0,0 +1,43 @@
From 104dc2e092058489a4be17d5b15902e58ca56804 Mon Sep 17 00:00:00 2001
From: d032747 <michael.trapp@sap.com>
Date: Fri, 22 Apr 2022 10:07:46 +0200
Subject: [PATCH 2/4] libuuid: improve cache handling
Short running applications with a few UUID request don't need
a large cache. Therefore increment the cache size over runtime.
---
libuuid/src/gen_uuid.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/libuuid/src/gen_uuid.c b/libuuid/src/gen_uuid.c
index 76d5371ea..805b40d90 100644
--- a/libuuid/src/gen_uuid.c
+++ b/libuuid/src/gen_uuid.c
@@ -443,6 +443,7 @@ int __uuid_generate_time(uuid_t out, int *num)
static int uuid_generate_time_generic(uuid_t out) {
#ifdef HAVE_TLS
THREAD_LOCAL int num = 0;
+ THREAD_LOCAL int cache_size = 1;
THREAD_LOCAL struct uuid uu;
THREAD_LOCAL time_t last_time = 0;
time_t now;
@@ -453,7 +454,15 @@ static int uuid_generate_time_generic(uuid_t out) {
num = 0;
}
if (num <= 0) {
- num = 1000000;
+ /*
+ * num + OP_BULK provides a local cache in each application.
+ * Start with a small cache size to cover short running applications
+ * and increment the cache size over the runntime.
+ */
+ if (cache_size < 1000000)
+ cache_size *= 10;
+ num = cache_size;
+
if (get_uuid_via_daemon(UUIDD_OP_BULK_TIME_UUID,
out, &num) == 0) {
last_time = time(NULL);
--
2.37.1

40
util-linux-libuuid-uuid_parse-overrun.patch Normal file
View file

@ -0,0 +1,40 @@
From 8596101d21a9bdc85388486ec9c431c114a443e3 Mon Sep 17 00:00:00 2001
From: Zane van Iperen <zane@zanevaniperen.com>
Date: Wed, 16 Feb 2022 00:57:17 +1000
Subject: [PATCH 1/4] libuuid: fix buffer overrun in uuid_parse_range()
It attempts to access in_start[36], despite 35 being the maximum
allowed index.
Reported-by: Pierre-Anthony Lemieux <pal@palemieux.com>
Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
---
libuuid/src/parse.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/libuuid/src/parse.c b/libuuid/src/parse.c
index d0c69b0e6..c3e228112 100644
--- a/libuuid/src/parse.c
+++ b/libuuid/src/parse.c
@@ -58,16 +58,14 @@ int uuid_parse_range(const char *in_start, const char *in_end, uuid_t uu)
if ((in_end - in_start) != 36)
return -1;
- for (i=0, cp = in_start; i <= 36; i++,cp++) {
+ for (i=0, cp = in_start; i < 36; i++,cp++) {
if ((i == 8) || (i == 13) || (i == 18) ||
(i == 23)) {
if (*cp == '-')
continue;
return -1;
}
- if (i== 36)
- if (*cp == 0)
- continue;
+
if (!isxdigit(*cp))
return -1;
}
--
2.37.1

58
util-linux-login_defs-check.sh Normal file
View file

@ -0,0 +1,58 @@
#!/bin/bash
# Extract list of variables supported by su/runuser.
#
# If you edit this file, you will probably need to edit
# shadow-login_defs-check.sh from shadow sources in a similar way.
set -o errexit
echo -n "Checking login.defs variables in util-linux... " >&2
(
grep -rh getlogindefs . |
sed -n 's/^.*getlogindefs[a-z_]*("\([A-Z0-9_]*\)".*$/\1/p'
grep -rh logindefs_setenv . |
sed -n 's/^.*logindefs_setenv*("[A-Z0-9_]*", "\([A-Z0-9_]*\)".*$/\1/p'
) | LC_ALL=C sort -u >util-linux-login_defs-vars.lst
if test $(sha1sum util-linux-login_defs-vars.lst | sed 's/ .*$//') != 8516ca34e059b2dee1d4421a3ab07e88331b1674 ; then
echo "does not match!" >&2
echo "Checksum is: $(sha1sum util-linux-login_defs-vars.lst | sed 's/ .*$//')" >&2
cat >&2 <<EOF
You have to perform following steps:
Check whether the error is false positive (script failed to extract
variables) or true positive (variable list changed).
If it is false positive:
- Fix this script.
- The same fix is needed in shadow package in shadow-login_defs-check.sh.
If it is true positive:
- Check-out shadow package and call shadow-login_defs-check.sh.
- Compare its output shadow-login_defs-check-util-linux.lst with
util-linux-login_defs-vars.lst in the util-linux build directory.
- Update shadow shadow-login_defs-util-linux.patch, if needed.
- If shadow-login_defs-util-linux.patch was updated, update
login_defs-support-for-util-linux symbol version in both shadow and
util-linux spec files accordingly.
- Update checksum in this script.
- Possibly update su.default with these new list of su/runuser specific
variables:
EOF
echo -n " " >&2
(
grep -rh getlogindefs login-utils/su-common.c |
sed -n 's/^.*getlogindefs[a-z_]*("\([A-Z0-9_]*\)".*$/\1/p'
grep -rh logindefs_setenv login-utils/su-common.c |
sed -n 's/^.*logindefs_setenv*("[A-Z0-9_]*", "\([A-Z0-9_]*\)".*$/\1/p'
) | LC_ALL=C sort -u | tr '\n' ' ' | sed 's/ /, /g;s/, $//' >&2
echo -e '\n' >&2
exit 1
else
echo "OK" >&2
fi

14
util-linux-rpmlintrc Normal file
View file

@ -0,0 +1,14 @@
addFilter("init-script-without-%stop_on_removal-preun /etc/init.d/raw")
addFilter("init-script-without-%restart_on_update-postun /etc/init.d/raw")
addFilter("incoherent-init-script-name raw")
addFilter("no-reload-entry /etc/init.d/raw")
# There is no egrep(1) used -> False positive
addFilter("deprecated-grep")
# Both pam configs for su and su-l are marked as noreplace
addFilter(".*W:.*files-duplicate.*/pam/su.*/pam.d/su-l.*")
# Useless warning as the /usr/bin variants are known
addFilter(".*W:.*permissions-symlink.*/bin/su.*")
addFilter(".*W:.*permissions-symlink.*/bin/umount.*")
addFilter(".*W:.*permissions-symlink.*/bin/mount.*")
# UGLY HACK: rpmlint falsely declares problems with files-attr-not-set
addFilter("W: files-attr-not-set")

223
util-linux-sulogin4bsc1175514.patch Normal file
View file

@ -0,0 +1,223 @@
From: Werner Fink <werner@suse.de>
Date: Fri, 30 Oct 2020 14:54:59 +0100
Subject: [PATCH] sulogin: ignore not existing console devices
and also not functional console devices. Redirect the error
messages to the appropiate console device.
---
login-utils/sulogin-consoles.h | 1 +
login-utils/sulogin.c | 97 +++++++++++++++++++++++++++++++++++-------
2 files changed, 82 insertions(+), 16 deletions(-)
Index: util-linux-2.37.2/login-utils/sulogin-consoles.h
===================================================================
--- util-linux-2.37.2.orig/login-utils/sulogin-consoles.h
+++ util-linux-2.37.2/login-utils/sulogin-consoles.h
@@ -40,6 +40,7 @@ struct console {
int fd, id;
#define CON_SERIAL 0x0001
#define CON_NOTTY 0x0002
+#define CON_EIO 0x0004
pid_t pid;
struct chardata cp;
struct termios tio;
Index: util-linux-2.37.2/login-utils/sulogin.c
===================================================================
--- util-linux-2.37.2.orig/login-utils/sulogin.c
+++ util-linux-2.37.2/login-utils/sulogin.c
@@ -52,6 +52,7 @@
#ifdef __linux__
# include <sys/kd.h>
# include <sys/param.h>
+# include <linux/serial.h>
#endif
#include "c.h"
@@ -106,6 +107,9 @@ static void tcinit(struct console *con)
int flags = 0, mode = 0;
struct termios *tio = &con->tio;
const int fd = con->fd;
+#if defined(TIOCGSERIAL)
+ struct serial_struct serinfo;
+#endif
#ifdef USE_PLYMOUTH_SUPPORT
struct termios lock;
int i = (plymouth_command(MAGIC_PING)) ? PLYMOUTH_TERMIOS_FLAGS_DELAY : 0;
@@ -125,27 +129,72 @@ static void tcinit(struct console *con)
}
memset(&lock, 0, sizeof(struct termios));
ioctl(fd, TIOCSLCKTRMIOS, &lock);
+ errno = 0;
#endif
+
+#if defined(TIOCGSERIAL)
+ if (ioctl(fd, TIOCGSERIAL, &serinfo) >= 0)
+ con->flags |= CON_SERIAL;
+ errno = 0;
+#else
+# if defined(KDGKBMODE)
+ if (ioctl(fd, KDGKBMODE, &mode) < 0)
+ con->flags |= CON_SERIAL;
errno = 0;
+# endif
+#endif
if (tcgetattr(fd, tio) < 0) {
- warn(_("tcgetattr failed"));
- con->flags |= CON_NOTTY;
- return;
+ int saveno = errno;
+#if defined(KDGKBMODE) || defined(TIOCGSERIAL)
+ if (con->flags & CON_SERIAL) { /* Try to recover this */
+
+# if defined(TIOCGSERIAL)
+ serinfo.flags |= ASYNC_SKIP_TEST; /* Skip test of UART */
+
+ if (ioctl(fd, TIOCSSERIAL, &serinfo) < 0)
+ goto tcgeterr;
+ if (ioctl(fd, TIOCSERCONFIG) < 0) /* Try to autoconfigure */
+ goto tcgeterr;
+ if (ioctl(fd, TIOCGSERIAL, &serinfo) < 0)
+ goto tcgeterr; /* Ouch */
+# endif
+ if (tcgetattr(fd, tio) < 0) /* Retry to get tty attributes */
+ saveno = errno;
+ }
+# if defined(TIOCGSERIAL)
+ tcgeterr:
+# endif
+ if (saveno)
+#endif
+ {
+ FILE *fcerr = fdopen(fd, "w");
+ if (fcerr) {
+ fprintf(fcerr, _("tcgetattr failed"));
+ fclose(fcerr);
+ }
+ warn(_("tcgetattr failed"));
+
+ con->flags &= ~CON_SERIAL;
+ if (saveno != EIO)
+ con->flags |= CON_NOTTY;
+ else
+ con->flags |= CON_EIO;
+
+ errno = 0;
+ return;
+ }
}
/* Handle lines other than virtual consoles here */
-#if defined(KDGKBMODE)
- if (ioctl(fd, KDGKBMODE, &mode) < 0)
+#if defined(KDGKBMODE) || defined(TIOCGSERIAL)
+ if (con->flags & CON_SERIAL)
#endif
{
speed_t ispeed, ospeed;
struct winsize ws;
errno = 0;
- /* this is a modem line */
- con->flags |= CON_SERIAL;
-
/* Flush input and output queues on modem lines */
tcflush(fd, TCIOFLUSH);
@@ -222,6 +271,8 @@ static void tcfinal(struct console *con)
struct termios *tio = &con->tio;
const int fd = con->fd;
+ if (con->flags & CON_EIO)
+ return;
if ((con->flags & CON_SERIAL) == 0) {
xsetenv("TERM", "linux", 1);
return;
@@ -559,12 +610,16 @@ err:
static void setup(struct console *con)
{
int fd = con->fd;
- const pid_t pid = getpid(), pgrp = getpgid(0), ppgrp =
- getpgid(getppid()), ttypgrp = tcgetpgrp(fd);
+ const pid_t pid = getpid(), pgrp = getpgid(0), ppgrp = getpgid(getppid());
+ pid_t ttypgrp;
if (con->flags & CON_NOTTY)
+ goto notty;
+ if (con->flags & CON_EIO)
return;
+ ttypgrp = tcgetpgrp(fd);
+
/*
* Only go through this trouble if the new
* tty doesn't fall in this process group.
@@ -587,6 +642,7 @@ static void setup(struct console *con)
ioctl(fd, TIOCSCTTY, (char *)1);
tcsetpgrp(fd, ppgrp);
}
+notty:
dup2(fd, STDIN_FILENO);
dup2(fd, STDOUT_FILENO);
dup2(fd, STDERR_FILENO);
@@ -616,15 +672,20 @@ static char *getpasswd(struct console *c
int eightbit;
const int fd = con->fd;
- if (con->flags & CON_NOTTY)
+ if (con->flags & CON_EIO)
goto out;
cp = &con->cp;
tty = con->tio;
+ tc = 0;
+ ret = pass;
+
ret = pass;
tty.c_iflag &= ~(IUCLC|IXON|IXOFF|IXANY);
tty.c_lflag &= ~(ECHO|ECHOE|ECHOK|ECHONL|TOSTOP|ISIG);
- tc = (tcsetattr(fd, TCSAFLUSH, &tty) == 0);
+
+ if ((con->flags & CON_NOTTY) == 0)
+ tc = (tcsetattr(fd, TCSAFLUSH, &tty) == 0);
sigemptyset(&sa.sa_mask);
sa.sa_handler = alrm_handler;
@@ -650,11 +711,12 @@ static char *getpasswd(struct console *c
}
ret = NULL;
switch (errno) {
- case 0:
case EIO:
+ con->flags |= CON_EIO;
case ESRCH:
case EINVAL:
case ENOENT:
+ case 0:
break;
default:
warn(_("cannot read %s"), con->tty);
@@ -976,10 +1038,13 @@ int main(int argc, char **argv)
con = list_entry(ptr, struct console, entry);
if (con->id >= CONMAX)
break;
+ if (con->flags & CON_EIO)
+ goto next;
switch ((con->pid = fork())) {
case 0:
mask_signal(SIGCHLD, SIG_DFL, NULL);
+ dup2(con->fd, STDERR_FILENO);
nofork:
setup(con);
while (1) {
@@ -1040,7 +1105,7 @@ int main(int argc, char **argv)
default:
break;
}
-
+ next:
ptr = ptr->next;
} while (ptr != &consoles);

86
util-linux-uuidd-fix-lock-state.patch Normal file
View file

@ -0,0 +1,86 @@
From f27876f9c1056bf41fd940d5c4990b4277e0024f Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Mon, 24 Jan 2022 14:08:08 +0100
Subject: [PATCH] uuidd: fix open/lock state issue
* warn on open/lock state issue
* remove ProtectSystem=strict from systemd service setting, because it
makes clock state file read-only
openat(AT_FDCWD, "/var/lib/libuuid/clock.txt",
O_RDWR|O_CREAT|O_CLOEXEC, 0660) = -1 EROFS (Read-only file system)
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2040366
Signed-off-by: Karel Zak <kzak@redhat.com>
---
misc-utils/uuidd.c | 9 ++++++---
misc-utils/uuidd.service.in | 1 -
2 files changed, 6 insertions(+), 4 deletions(-)
From 417982d0236a12756923d88e627f5e4facf8951c Mon Sep 17 00:00:00 2001
From: Stanislav Brabec <sbrabec@suse.cz>
Date: Tue, 25 Jan 2022 11:50:21 +0100
Subject: [PATCH] uuidd: Whitelist libuuid clock file
Return back ProtectSystem to strict, and enable access to
/var/lib/libuuid only.
Note: As LIBUUID_CLOCK_FILE does not use @localstatedir@, we use
/var here as well.
Signed-off-by: Ali Abdallah <ali.abdallah@suse.com>
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
misc-utils/uuidd.service.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/misc-utils/uuidd.c b/misc-utils/uuidd.c
index f8b595ea7..dfcd1487b 100644
--- a/misc-utils/uuidd.c
+++ b/misc-utils/uuidd.c
@@ -494,7 +494,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path,
break;
case UUIDD_OP_TIME_UUID:
num = 1;
- __uuid_generate_time(uu, &num);
+ if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
+ warnx(_("failed to open/lock clock counter"));
if (uuidd_cxt->debug) {
uuid_unparse(uu, str);
fprintf(stderr, _("Generated time UUID: %s\n"), str);
@@ -504,7 +505,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path,
break;
case UUIDD_OP_RANDOM_UUID:
num = 1;
- __uuid_generate_random(uu, &num);
+ if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
+ warnx(_("failed to open/lock clock counter"));
if (uuidd_cxt->debug) {
uuid_unparse(uu, str);
fprintf(stderr, _("Generated random UUID: %s\n"), str);
@@ -513,7 +515,8 @@ static void server_loop(const char *socket_path, const char *pidfile_path,
reply_len = sizeof(uu);
break;
case UUIDD_OP_BULK_TIME_UUID:
- __uuid_generate_time(uu, &num);
+ if (__uuid_generate_time(uu, &num) < 0 && !uuidd_cxt->quiet)
+ warnx(_("failed to open/lock clock counter"));
if (uuidd_cxt->debug) {
uuid_unparse(uu, str);
fprintf(stderr, P_("Generated time UUID %s "
diff --git a/misc-utils/uuidd.service.in b/misc-utils/uuidd.service.in
index b4c9c4635..e64ca59b5 100644
--- a/misc-utils/uuidd.service.in
+++ b/misc-utils/uuidd.service.in
@@ -18,6 +18,7 @@ ProtectKernelModules=yes
ProtectControlGroups=yes
RestrictAddressFamilies=AF_UNIX
MemoryDenyWriteExecute=yes
+ReadWritePaths=/var/lib/libuuid/
SystemCallFilter=@default @file-system @basic-io @system-service @signal @io-event @network-io
[Install]
--
2.35.1

57
util-linux-uuidd-prevent-root-owning.patch Normal file
View file

@ -0,0 +1,57 @@
Prevent root owning of /var/lib/libuuid/clock.txt
Just after the installation, calling uuid_generate_time() or
uuid_generate_time_safe() as root may create root owned
/var/lib/libuuid/clock.txt, which makes it unusable for uuidd.
To reproduce:
zypper rm uuidd
zypper in uuidd
uuidgen --time
ls -l /var/lib/libuuid/clock.txt
rcuuidd start
ls -l /var/lib/libuuid/clock.txt
Before:
-rw-rw---- 1 root root 56 Mar 4 17:24 /var/lib/libuuid/clock.txt
After (with the patch):
-rw-rw---- 1 uuidd uuidd 56 Mar 4 17:30 /var/lib/libuuid/clock.txt
Index: util-linux-2.37.2/misc-utils/uuidd.service.in
===================================================================
--- util-linux-2.37.2.orig/misc-utils/uuidd.service.in
+++ util-linux-2.37.2/misc-utils/uuidd.service.in
@@ -4,6 +4,7 @@ Documentation=man:uuidd(8)
Requires=uuidd.socket
[Service]
+ExecStartPre=+-@CHOWN@ --quiet uuidd:uuidd /var/lib/libuuid/clock.txt
ExecStart=@usrsbin_execdir@/uuidd --socket-activation
Restart=no
User=uuidd
Index: util-linux-2.37.2/configure.ac
===================================================================
--- util-linux-2.37.2.orig/configure.ac
+++ util-linux-2.37.2/configure.ac
@@ -233,6 +233,8 @@ PKG_INSTALLDIR(['${usrlib_execdir}/pkgco
GTK_DOC_CHECK([1.10])
AC_PATH_PROG([XSLTPROC], [xsltproc])
+AC_PATH_PROG([CHOWN], [chown])
+
linux_os=no
bsd_os=no
Index: util-linux-2.37.2/Makefile.am
===================================================================
--- util-linux-2.37.2.orig/Makefile.am
+++ util-linux-2.37.2/Makefile.am
@@ -145,6 +145,7 @@ edit_cmd = sed \
-e 's|@usrsbin_execdir[@]|$(usrsbin_execdir)|g' \
-e 's|@VERSION[@]|$(VERSION)|g' \
-e 's|@ADJTIME_PATH[@]|$(ADJTIME_PATH)|g' \
+ -e 's|@CHOWN[@]|$(CHOWN)|g' \
-e 's|@LIBUUID_VERSION[@]|$(LIBUUID_VERSION)|g' \
-e 's|@LIBMOUNT_VERSION[@]|$(LIBMOUNT_VERSION)|g' \
-e 's|@LIBMOUNT_MAJOR_VERSION[@]|$(LIBMOUNT_MAJOR_VERSION)|g' \

3523
util-linux.changes Normal file
View file

File diff suppressed because it is too large Load diff

56
util-linux.keyring Normal file
View file

@ -0,0 +1,56 @@
pub 4096R/EC39C284 2011-10-10 [expires: 2016-10-08]
uid Karel Zak <kzak@redhat.com>
sub 4096R/7BA16CAC 2011-10-10 [expires: 2016-10-08]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.20 (GNU/Linux)
mQINBE6StA4BEACp9++Y+DgbBloJEuVhsDjDIvAR1n/aHPDyPQQzg/DkKtR3BXHn
dGfTL9/DR8y9YzLNwUf2lWsEAvwHZ2XfUTp5S5nVbgpAB0/Q2ebP0TnkNYaRkxq7
VJF+kvUcA6hxYKYcIos2kJyfVytPE6FpFBqlgTmjcCTx4HHwePkVTVRyotOoA2V/
UUwixgkyG7aVfy4QBKHAkATpTPC4l+ISaOHKUiajxRoa99rpmBPl4FhIw3b5rPYA
26q9Pz8q1AwbXA1PXxzwKVqqfwEkl6sxUVKiM8rUuhic2lnDMIXexNMvqznpFqtB
v7n+z/5N8RbB1DQjWpy/Z7OW6yyYXW9e33c6IgU5n46rIyTPYyzq3mDfOsJdvoG/
nhF7VUkGDPYWfmx9ejvpKdoNCQ2q+MVp20msntcETcOq1r9SJwNXcsx+I/3ptbtX
Q+MQyA1L5FifkpA7+akITF5luOqUb2TToEBLiF/nn8y0sIUa/HGgcUrK2N9E1VNJ
tcIt/z0sZJUHYC+EBh/G0UNt9tRwPdnUks5sua1sCquXnkd9IS0Kr3Kq/C6JOKzz
UDGdFKVc6wExf70hX5h0g1kkypyjNwipGSdk+qVXO0IF/tKMToa8WZqoK3enzryI
Kmdq7IQ0ThdTTTC1ctVk4367/30prpNHF4/642G0OOiQCzWBrb0V217HvQARAQAB
tBtLYXJlbCBaYWsgPGt6YWtAcmVkaGF0LmNvbT6JAj4EEwECACgFAk6StA4CGwMF
CQlmAYAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOS3HV7sOcKETI8QAI0U
StG6dv1l9kqkmFpXPZJ75hf5SJA69+upcKeTg9BXKrEqjZLeyEn1OVPmfVGwWpz8
SRbiYcHh8AhJaggAxKcIgQ/sAUBkmrTP6RyYEQUV6vFW5qv7dcEOs46d+LE/Wkxs
ymC2FSXxYOFiw7z27gkXQYq/IkdwfhRLFD6aD5egxcBVl91ZlRyklvPPW7qo046B
MWh2LaCVowYg+33GjS4A4JcF+tGkWZc0yqANwov93uhY0VXEdDsT4YWrTVdNDI3/
lZ5u5k9sEUGR03oV336M/j0qNtMfAG5iDt2PFrzhJZcGcQPiGd/DeYuJeLVCd8Nl
jAwsnfGqu9VITgaDOreLbpSTNSj8egPqOoUBAGncMSfdiQ2ZEhluPyCTwspDy5Pa
dESyk0q2Z6tKG9ae01g/RzfTGCVN4GxkORPxcEHloa4XM3C9FBohM1LTWmsvnNXe
cPdbPyCoiFKio/yFZDt1CYDkols4uf/0ztCSH6pI874sCmYJVkYev2W9RCxE4aYK
KMb8XCUPec8L4C1mpmBiej0NT/d9GHQUnJUpRD4EG7UBxMwNWflhO4P4Q81uM0Kr
RMht0lS0EylZXuQPPG5C1nMsa1+eN0wjSTpy7232PTCxu+bhxA1HzvWXYuueUmp2
QuV8PyA1lsfYI7PEgk2skfAvbP5vJszorklo2hVGuQINBE6StA4BEADG5Hind61Y
qoXXHotraJO2ejsPiy3BxSZTQet+IJO5tyURSXVIv+ZuV/MBRS/88fkBL2nHpK5b
BtJT11D2ZESmziZWGgMtZRV4va3fh3GaMeVdi5pXpmPZp4fBc60F3iCKfd1V8/1a
zwicZtdhTphkc6O7ETCr240OrJoOgvilbpv8WuVwhjfEOL2DwKITK6tzba1VScXi
ehDhhTssP14RQiH/OcMFuiHCHJeHQOH9ku4fzqT2/lxxSo4kMWKR2VslW17f3Zr3
Zvrbi/b8UE/3T/RsoaQn2ml9BfDiMgNwT4l2ILlE7HpZMfD2WAP6itGHolcdbhNa
jxAMHdP5t64zSdwKmB8AbuIo7nbMKuJMiPdkOS/8x3YHRle4WEEeRWTEcqyzqkMq
MCqKLxc4SCuSMv+ingDrHr+d5usuMlQjT8c71PIipl9OpM8Jkl8CI2ToVF20wijY
Oof4T/jjObYiZk1KcqqKhQzMXEhKCt9hK5AaKMq5BiublS/Q5EXpzcRgVmG+SMHd
hUNLN7gilFx5939Ev+36TNE/f66r9aiF+WbiI1V1JGs0LYVyFzwmFMCgQUsnyqyA
RNREnLysdLE98PDSO2ESxu9BO7kTvlP0q5p+MKQiYj/s5wSqXw8EDCSBH9u0/FQi
gyV0a+J70WZZNpdi5wq+qVZ16LENQdxtKwARAQABiQIlBBgBAgAPBQJOkrQOAhsM
BQkJZgGAAAoJEOS3HV7sOcKEtCYP/3ji7Kt4+M0N6IOkh7wHfWk3HLqBa1XOD1Oz
X+rp79L1cDK8J1XUHoW/84bsS8Y3NsXlIej1wLOcaH0HOpEsPzqoqP1JxGilRkAu
Yazt3WhqdM2FcOQNEnuk66F8HnN/mD4vLzxdxuPlRtlCruUcDZlZlyzpywk6B7Gi
cVfh1CvUJsDA++aOlgYIHB4Z6nSJWYp64z+5QAVToBHzI7ywVyWTJbjO1RCR5QsV
fPD07p1deSW96QhqLSb2wQfk93I4YGshaVPwG01ZamxPEbspKqrEIG+5S6E4q/B+
VF0zj5GU7jt/6M4qFzKbaY+vxsaqjgCOCPL5bCz5RFTHdtEmC/cmsvVbYuBD/5UY
D3JbyXt7KSG/a5Oel4ynK1pRQbnS6eNcGQqZPUop4PBouRKnUqv8uzljaiL9Wm3G
Hv9tn1L6ly86VcLt1ALTVuqwm5ci1fDVbddSliPv5atWNJ+So2MfEg3qbCzEC8Is
JNsVd4N6fSctYfFvBxsPjy7fw1iEqKq7SzTlHMO5hiKpS+8HSRVv6djHlj3aWtgy
u+BTXT/tRQ6c3TlZadqoyumX1U+Tflb6qMyJaZPsqv3bsOpXwjLAVfT4nPRXqbN6
WWUhdompzuZufyCCL9Tc6lPDgVmuWyycHk4gbdfERodk4SEYJ0cEwFbl+GjL9XFZ
VeljfCzq
=8wc5
-----END PGP PUBLIC KEY BLOCK-----

1394
util-linux.spec Normal file
View file

File diff suppressed because it is too large Load diff