mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-11-08 04:02:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

overlay sys-apps/systemd: Move patches to user-patches

Browse Source 
Add two more patches that replace some modifications we did inside the
ebuild.

Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
This commit is contained in:
Krzesimir Nowak 2025-10-24 11:17:08 +02:00
parent 2596960fa2
commit 9e772529b4
11 changed files with 101 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0001-wait-online-set-any-by-default.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0001-wait-online-set-any-by-default.patch vendored
View File

@ -1,7 +1,7 @@
From e228bd8a939e77f4ebc37aa029f8a89e8b9d4807 Mon Sep 17 00:00:00 2001 From e228bd8a939e77f4ebc37aa029f8a89e8b9d4807 Mon Sep 17 00:00:00 2001
From: David Michael <dm0@redhat.com> From: David Michael <dm0@redhat.com>
Date: Tue, 16 Apr 2019 02:44:51 +0000 Date: Tue, 16 Apr 2019 02:44:51 +0000
Subject: [PATCH 1/7] wait-online: set --any by default Subject: [PATCH 1/9] wait-online: set --any by default
The systemd-networkd-wait-online command would normally continue The systemd-networkd-wait-online command would normally continue
waiting after a network interface is usable if other interfaces are waiting after a network interface is usable if other interfaces are

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0002-needs-update-don-t-require-strictly-newer-usr.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0002-needs-update-don-t-require-strictly-newer-usr.patch vendored
View File

@ -1,7 +1,7 @@
From b8139561768e6745405461e1a765b262ece8f959 Mon Sep 17 00:00:00 2001 From b8139561768e6745405461e1a765b262ece8f959 Mon Sep 17 00:00:00 2001
From: Alex Crawford <alex.crawford@coreos.com> From: Alex Crawford <alex.crawford@coreos.com>
Date: Wed, 2 Mar 2016 10:46:33 -0800 Date: Wed, 2 Mar 2016 10:46:33 -0800
Subject: [PATCH 2/7] needs-update: don't require strictly newer usr Subject: [PATCH 2/9] needs-update: don't require strictly newer usr
Updates should be triggered whenever usr changes, not only when it is newer. Updates should be triggered whenever usr changes, not only when it is newer.
--- ---

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0003-core-use-max-for-DefaultTasksMax.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0003-core-use-max-for-DefaultTasksMax.patch vendored
View File

@ -1,7 +1,7 @@
From f5635c6b5153d894cf1bf6dca92219150d4252d5 Mon Sep 17 00:00:00 2001 From f5635c6b5153d894cf1bf6dca92219150d4252d5 Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com> From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Fri, 16 Feb 2024 11:22:08 +0000 Date: Fri, 16 Feb 2024 11:22:08 +0000
Subject: [PATCH 3/7] core: use max for DefaultTasksMax Subject: [PATCH 3/9] core: use max for DefaultTasksMax
Since systemd v228, systemd has a DefaultTasksMax which defaulted Since systemd v228, systemd has a DefaultTasksMax which defaulted
to 512, later 15% of the system's maximum number of PIDs. This to 512, later 15% of the system's maximum number of PIDs. This

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0004-systemd-Disable-SELinux-permissions-checks.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0004-systemd-Disable-SELinux-permissions-checks.patch vendored
View File

@ -1,7 +1,7 @@
From f55e6415307ce77b3376a2bf9cc96b924c6ec52e Mon Sep 17 00:00:00 2001 From f55e6415307ce77b3376a2bf9cc96b924c6ec52e Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@coreos.com> From: Matthew Garrett <mjg59@coreos.com>
Date: Tue, 20 Dec 2016 16:43:22 +0000 Date: Tue, 20 Dec 2016 16:43:22 +0000
Subject: [PATCH 4/7] systemd: Disable SELinux permissions checks Subject: [PATCH 4/9] systemd: Disable SELinux permissions checks
We don't care about the interaction between systemd and SELinux policy, so We don't care about the interaction between systemd and SELinux policy, so
let's just disable these checks rather than having to incorporate policy let's just disable these checks rather than having to incorporate policy

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0005-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0005-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch vendored
View File

@ -1,7 +1,7 @@
From cf500f14557926259b58ee641fffb38b707494d6 Mon Sep 17 00:00:00 2001 From cf500f14557926259b58ee641fffb38b707494d6 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com> From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Fri, 16 Dec 2022 16:28:26 +0530 Date: Fri, 16 Dec 2022 16:28:26 +0530
Subject: [PATCH 5/7] Revert "getty: Pass tty to use by agetty via stdin" Subject: [PATCH 5/9] Revert "getty: Pass tty to use by agetty via stdin"
This reverts commit b4bf9007cbee7dc0b1356897344ae2a7890df84c. This reverts commit b4bf9007cbee7dc0b1356897344ae2a7890df84c.

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0006-units-Keep-using-old-journal-file-format.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0006-units-Keep-using-old-journal-file-format.patch vendored
View File

@ -1,7 +1,7 @@
From 1bf0301376df8e82593efccb80cd4e43638666c0 Mon Sep 17 00:00:00 2001 From 1bf0301376df8e82593efccb80cd4e43638666c0 Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com> From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Fri, 16 Feb 2024 11:29:04 +0000 Date: Fri, 16 Feb 2024 11:29:04 +0000
Subject: [PATCH 6/7] units: Keep using old journal file format Subject: [PATCH 6/9] units: Keep using old journal file format
Systemd 252 made an incompatible change in journal file format. Temporarily Systemd 252 made an incompatible change in journal file format. Temporarily
force journald to use the old journal format to give logging containers more force journald to use the old journal format to give logging containers more

2
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/files/0007-Revert-Revert-initrd-parse-etc-override-argv-0-to-av.patch → sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0007-Revert-Revert-initrd-parse-etc-override-argv-0-to-av.patch vendored
View File

@ -1,7 +1,7 @@
From 93775241c5f873a5862c2e7b06532bd3969341a0 Mon Sep 17 00:00:00 2001 From 93775241c5f873a5862c2e7b06532bd3969341a0 Mon Sep 17 00:00:00 2001
From: Adrian Vladu <avladu@cloudbasesolutions.com> From: Adrian Vladu <avladu@cloudbasesolutions.com>
Date: Wed, 25 Sep 2024 15:51:02 +0000 Date: Wed, 25 Sep 2024 15:51:02 +0000
Subject: [PATCH 7/7] Revert "Revert "initrd-parse-etc: override argv[0] to Subject: [PATCH 7/9] Revert "Revert "initrd-parse-etc: override argv[0] to
avoid dracut issue"" avoid dracut issue""
This reverts commit 1c585a4ccda3258088d7bc27b27a314e7ed8be80. This reverts commit 1c585a4ccda3258088d7bc27b27a314e7ed8be80.

36
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0008-tmpfiles.d-Fix-DNS-issues-with-default-k8s-configura.patch vendored Normal file
View File

@ -0,0 +1,36 @@
From 3938b8d561e747ef1dea83afc9f254d594291dc1 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Wed, 22 Oct 2025 10:39:42 +0200
Subject: [PATCH 8/9] tmpfiles.d: Fix DNS issues with default k8s configuration
The Kubelet takes /etc/resolv.conf for, e.g., CoreDNS which has dnsPolicy
"default", but unless the kubelet `--resolv-conf` flag is set to point to
`/run/systemd/resolve/resolv.conf` this won't work with `/etc/resolv.conf`
pointing to `/run/systemd/resolve/stub-resolv.conf` which configures
`127.0.0.53`. See:
https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues
This means that users who need split DNS to work should point
`/etc/resolv.conf` back to `/run/systemd/resolve/stub-resolv.conf` (and if
using K8s configure the kubelet `resolvConf` variable/`--resolv-conf` flag to
`/run/systemd/resolve/resolv.conf`).
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
---
tmpfiles.d/systemd-resolve.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf
index be5edc98e0..bea686682a 100644
--- a/tmpfiles.d/systemd-resolve.conf
+++ b/tmpfiles.d/systemd-resolve.conf
@@ -7,4 +7,4 @@
# See tmpfiles.d(5) for details.
-L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
+L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf
--
2.51.0

35
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/0009-units-Make-multi-user.target-the-default-target.patch vendored Normal file
View File

@ -0,0 +1,35 @@
From 946db05da46d3c453b129c6413d1fd0b3794d038 Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Fri, 24 Oct 2025 11:06:57 +0200
Subject: [PATCH 9/9] units: Make multi-user.target the default target
Signed-off-by: Krzesimir Nowak <knowak@microsoft.com>
---
units/meson.build | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/units/meson.build b/units/meson.build
index 96f4852741..4b1efbc4b1 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -46,7 +46,7 @@ units = [
},
{
'file' : 'graphical.target',
- 'symlinks' : ['default.target'] + (with_runlevels ? ['runlevel5.target'] : []),
+ 'symlinks' : with_runlevels ? ['runlevel5.target'] : [],
},
{ 'file' : 'halt.target' },
{
@@ -140,7 +140,7 @@ units = [
{ 'file' : 'modprobe@.service' },
{
'file' : 'multi-user.target',
- 'symlinks' : with_runlevels ? ['runlevel2.target', 'runlevel3.target', 'runlevel4.target'] : [],
+ 'symlinks' : ['default.target'] + (with_runlevels ? ['runlevel2.target', 'runlevel3.target', 'runlevel4.target'] : []),
},
{ 'file' : 'network-online.target' },
{ 'file' : 'network-pre.target' },
--
2.51.0

23
sdk_container/src/third_party/coreos-overlay/coreos/user-patches/sys-apps/systemd/README.md vendored Normal file
View File

@ -0,0 +1,23 @@
Most of these patches are not really upstreamable.
- `0001-wait-online-set-any-by-default.patch`
- backward compat stuff
- `0002-needs-update-don-t-require-strictly-newer-usr.patch`
- trigger updates only when /usr changes
- `0003-core-use-max-for-DefaultTasksMax.patch`
- increase the too-low limits
- `0004-systemd-Disable-SELinux-permissions-checks.patch`
- disable interactions between systemd and SELinux policies
- this will be dropped when we increase SELinux coverage also to a host system
- `0005-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch`
- SELinux denial workaround
- this will be dropped when we increase SELinux coverage also to a host system
- `0006-units-Keep-using-old-journal-file-format.patch`
- backward compat stuff
- `0007-Revert-Revert-initrd-parse-etc-override-argv-0-to-av.patch`
- dracut issue workaround
- should be dropped when we update dracut to a version without the issue
- `0008-tmpfiles.d-Fix-DNS-issues-with-default-k8s-configura.patch`
- workaround for issues with default k8s coredns config
- `0009-units-Make-multi-user.target-the-default-target.patch`
- change default.target to a suitable symlink for Flatcar

26
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-257.7-r1.ebuild vendored
View File

@ -282,14 +282,6 @@ src_unpack() {
src_prepare() { src_prepare() {
local PATCHES=( local PATCHES=(
"${FILESDIR}"/systemd-257-cred-util-tpm2.patch "${FILESDIR}"/systemd-257-cred-util-tpm2.patch
# Flatcar: Adding our own patches here.
"${FILESDIR}/0001-wait-online-set-any-by-default.patch"
"${FILESDIR}/0002-needs-update-don-t-require-strictly-newer-usr.patch"
"${FILESDIR}/0003-core-use-max-for-DefaultTasksMax.patch"
"${FILESDIR}/0004-systemd-Disable-SELinux-permissions-checks.patch"
"${FILESDIR}/0005-Revert-getty-Pass-tty-to-use-by-agetty-via-stdin.patch"
"${FILESDIR}/0006-units-Keep-using-old-journal-file-format.patch"
"${FILESDIR}/0007-Revert-Revert-initrd-parse-etc-override-argv-0-to-av.patch"
) )
if ! use vanilla; then if ! use vanilla; then
@ -298,20 +290,6 @@ src_prepare() {
) )
fi fi
# Flatcar: The Kubelet takes /etc/resolv.conf for, e.g.,
# CoreDNS which has dnsPolicy "default", but unless the
# kubelet --resolv-conf flag is set to point to
# /run/systemd/resolve/resolv.conf this won't work with
# /etc/resolv.conf pointing to
# /run/systemd/resolve/stub-resolv.conf which configures
# 127.0.0.53. See
# https://kubernetes.io/docs/tasks/administer-cluster/dns-debugging-resolution/#known-issues
# This means that users who need split DNS to work should
# point /etc/resolv.conf back to
# /run/systemd/resolve/stub-resolv.conf (and if using K8s
# configure the kubelet resolvConf variable/--resolv-conf flag
# to /run/systemd/resolve/resolv.conf).
sed -i -e 's,/run/systemd/resolve/stub-resolv.conf,/run/systemd/resolve/resolv.conf,' tmpfiles.d/systemd-resolve.conf || die
default default
} }
@ -538,10 +516,6 @@ multilib_src_install_all() {
# baselayout now. # baselayout now.
dotmpfiles "${FILESDIR}"/systemd-resolv.conf dotmpfiles "${FILESDIR}"/systemd-resolv.conf
# Flatcar: Don't default to graphical.target.
local unitdir=$(builddir_systemd_get_systemunitdir)
dosym multi-user.target "${unitdir}"/default.target
# Flatcar: Don't set any extra environment variables by default. # Flatcar: Don't set any extra environment variables by default.
rm "${ED}/usr/lib/environment.d/99-environment.conf" || die rm "${ED}/usr/lib/environment.d/99-environment.conf" || die