From patchwork Thu Jun 25 13:41:30 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Turull X-Patchwork-Id: 90991 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 44DA5CDB479 for ; Thu, 25 Jun 2026 13:42:44 +0000 (UTC) Received: from AS8PR04CU009.outbound.protection.outlook.com (AS8PR04CU009.outbound.protection.outlook.com [52.101.70.51]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.11811.1782394960146427546 for ; Thu, 25 Jun 2026 06:42:40 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@ericsson.com header.s=selector2 header.b=DOpog+Bn; spf=pass (domain: ericsson.com, ip: 52.101.70.51, mailfrom: edaturu@ericsson.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=W3NfSlhGn93Yflo8ifmmge6EEExTFJ/Fnk3LL6oq/mj9rNWSp0jBBNufaxs7vL/vq3HQGbigHVIzfALbz8dINEsqtGJDs11N/XY0SH9R17193eba2XXU1sgAuaSrFNewgF/D2EqO9/jK/BVW1BySbTmisMdjDv9RTgVFZdS815e/UwJd/ttJqBPXv/I5kBXm0oLd+ao3qDL0OuEd73mi9Kf1fSL22OyrBb1kpYSSlEu5V6TKwbB34E7tsdJ1kW5SmWtpCuOq8TJgotgRRvd8+EIimZvqIdV021IAjSC/OcHR+3dlVNfuRLTfIGn9Nvpkx0LWSkRM7JqFB3kzS8LbLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zdM3n1/K8I8qoDt4PrFuWEjfbR1KN3NuBO3FB+aYVO8=; b=To5JEHlc7Cl6PWtjZcn0FPo0RVCJbqE+19EYtAmZZCgQhykssY6YdqSJK1AlKD+lFncoB3lRky61LA9jxiTRq+ghddB1ikBt7kcYiSU5bYNFEv+fPWh6CqLy4vxfZ7nf1j8EV6CKRyXpngXEU40Ab/8EhoLQUgE9IxzMf990MRWuuCBLnWYKKjSBoLrv5rQQDYgkg14Kev8yRub9/vzZSfvjmApAAr4ebS3evNYKcLxJt/MEd9RCAbVwMQe92ynaiBas5RS952Q4tbbPUP9X6T3l1SfNRaOI7c30DpFdhW7lcy8aaJi8L5Rsouak/4aQytNoR1Cw+Alv3+HtdF1y/g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 192.176.1.74) smtp.rcpttodomain=est.tech smtp.mailfrom=ericsson.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=ericsson.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zdM3n1/K8I8qoDt4PrFuWEjfbR1KN3NuBO3FB+aYVO8=; b=DOpog+BnsRIQTtYbOgVTVd+FAv8jOd+nwyyUvy3ughhVRHGFYf388vB2cFiKQn/N/fNeVbB0c2SjXiKHGRoOC+1VDSdoerlPI0XrEoA5a6bELCnxCIWaZiA8RlbgDfvmrkpiWvNn1mpwBgPrNtxIwEMN/L6HpxB26fwdX2cQEZb9hslzaK3rvHypTv0Qn8pGrE9WCT+fb38yF0iHAe6tZAP9chj5i3YHXUjPMBeKGouoa4D5P+YP8ajZM4K3hFm3hXk6ThBJ3LTQvjpUhfB6muWLcT+c2qPn8QiUuV4DeKOsdPB78rsIpTJe4TfXDNXG2gQPKGyZkWyB6vfafryxoA== Received: from DUZPR01CA0277.eurprd01.prod.exchangelabs.com (2603:10a6:10:4b9::21) by AS8PR07MB7173.eurprd07.prod.outlook.com (2603:10a6:20b:257::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.16; Thu, 25 Jun 2026 13:42:34 +0000 Received: from DB1PEPF0003922E.eurprd03.prod.outlook.com (2603:10a6:10:4b9:cafe::1f) by DUZPR01CA0277.outlook.office365.com (2603:10a6:10:4b9::21) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.159.16 via Frontend Transport; Thu, 25 Jun 2026 13:42:34 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 192.176.1.74) smtp.mailfrom=ericsson.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=ericsson.com; Received-SPF: Pass (protection.outlook.com: domain of ericsson.com designates 192.176.1.74 as permitted sender) receiver=protection.outlook.com; client-ip=192.176.1.74; helo=oa.msg.ericsson.com; pr=C Received: from oa.msg.ericsson.com (192.176.1.74) by DB1PEPF0003922E.mail.protection.outlook.com (10.167.8.101) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.181.6 via Frontend Transport; Thu, 25 Jun 2026 13:42:33 +0000 Received: from seroius18815.sero.gic.ericsson.se (153.88.142.248) by smtp-central.internal.ericsson.com (100.87.178.63) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Thu, 25 Jun 2026 15:42:29 +0200 Received: from seroius08462.sero.gic.ericsson.se (seroius08462.sero.gic.ericsson.se [10.63.237.245]) by seroius18815.sero.gic.ericsson.se (Postfix) with ESMTP id 00ADF4020B42; Thu, 25 Jun 2026 15:42:27 +0200 (CEST) Received: by seroius08462.sero.gic.ericsson.se (Postfix, from userid 160155) id BBFED700DBB0; Thu, 25 Jun 2026 15:42:27 +0200 (CEST) From: To: CC: , , , , Daniel Turull Subject: [PATCH 1/3] dlopen-deps.inc: treat soname list as ordered alternatives Date: Thu, 25 Jun 2026 15:41:30 +0200 Message-ID: <20260625134210.4046622-2-daniel.turull@ericsson.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625134210.4046622-1-daniel.turull@ericsson.com> References: <20260625134210.4046622-1-daniel.turull@ericsson.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB1PEPF0003922E:EE_|AS8PR07MB7173:EE_ X-MS-Office365-Filtering-Correlation-Id: 3c49ea2f-d87f-4f58-d96c-08ded2bf9c8d X-SMTP-Server: smtp-central.internal.ericsson.com X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700016|23010399003|376014|82310400026|1800799024|18002099003|22082099003|11063799006|56012099006; X-Microsoft-Antispam-Message-Info: Lm6xn0BYFpQISEU+f2rgBnmz8N0OJzp4mNkzvZxMa7jdqgs0NWKZY8b99/qURR88VWI9zLKcGt7yTXjyjHxeBynvOPA+f6jwWpB/3qr515GRgqllioHvgCN2p+m9qXrXsawzH5l2NYL8KbehpqZ0kUbwbxBtFedRtdSuDkzBYFdflWSK64F5QOxQL4dUDUQW6ueFGJojUjKvmAfDYSeQFVXPtNdHcrlHYQU5wM4/PAtXarBylo+nalHAZNByExW1u/S4E8Ah6O4k0QY5PSUfTqm11OlOSgdfsAzuBlxB3LJckXEy6pAoyPt+F/oiRtTo4xsj1HBsF20kpWoF/V+X2HfCc1y8KGCcVhU/I+M7wHL6onZi7fNcBSY5AXJBYwEcTH9K9ePUbkhzaL99NUhWnWTt4DFVBU0Rh9YARyeTJFg0HSIAP77m2thyv3huFa+snq9dKtCu+bRtK8fnGwIcQ9FKR28stQmBnlHiKwx0E/02jrk5E/cjBBJpDJIpsGWkW/LTBNyJmIJ+MoxbgINqU2jON347+WDhVFUUBpZUVbkMo9wJYQlx4Lp3RH+8jIYXWcFrf6oyozcyfETi42KxeMfIPSekKVPl99eoPxtX/fPR9d8wjEeBo037t3qoCyewKSQqwNPjYdBTqyl/4pyle4260AaOQ4pCjMYyR3nCbstjleDnPVfaIUDfgHG2d3VJvdd4n8vt7Ctnhogx5c0pQA== X-Forefront-Antispam-Report: CIP:192.176.1.74;CTRY:SE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:oa.msg.ericsson.com;PTR:office365.se.ericsson.net;CAT:NONE;SFS:(13230040)(36860700016)(23010399003)(376014)(82310400026)(1800799024)(18002099003)(22082099003)(11063799006)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: BhI05rY6dd/SKOlAzBtlgFNO2C5PDm3e382mrwmzkt9Olzn8qHo39M8vKCnDzI85xdkWAs2ES/Hw/tk/x1O9zv7W7J92+5wKN5H5p953GGcHA/cIrJNl/h9CM9eWi1gTNwmB2/xX8uH996Z67kyb9BUI3S070H845VpCCyjfMylHhr/XXwfWAXF4dSx5eCRJqOGS5swOIhJwqVfc+87ZsCYu8d/R+bYDIPsybkQN3UdJ30ZNIALKM/g/SB9cJupYGFuA24CUWupgfNo17IctnsR/epBS0j79TwqsaAhICWn/jHdoDO5p9EAjS8ZyYsC+oSTFVyHS9nC1aYMuhSI5kQZEr091EJdQpCi1t5vqYyoasnajrnvMxbO5lJD5s0XuGkLeJdB/af24tD1OCOqFrOuZMTZP3oPjQBw4d/gDOeryHg+Us+PizECREu3gSXW2 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 13:42:33.9516 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3c49ea2f-d87f-4f58-d96c-08ded2bf9c8d X-MS-Exchange-CrossTenant-Id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=92e84ceb-fbfd-47ab-be52-080c6b87953f;Ip=[192.176.1.74];Helo=[oa.msg.ericsson.com] X-MS-Exchange-CrossTenant-AuthSource: DB1PEPF0003922E.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR07MB7173 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jun 2026 13:42:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239569 From: Daniel Turull The .note.dlopen format defines the soname array as a list of alternatives (e.g. ["libcrypt.so.2", "libcrypt.so.1"]). The previous code warned for every soname that was not found, even when an earlier entry in the list already satisfied the dependency. Select the first available provider and only warn when no alternative can be resolved. AI-Generated: Claude-opus-4.6 Signed-off-by: Daniel Turull --- meta/recipes-core/systemd/dlopen-deps.inc | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/meta/recipes-core/systemd/dlopen-deps.inc b/meta/recipes-core/systemd/dlopen-deps.inc index e0b333398c..82a2ccd389 100644 --- a/meta/recipes-core/systemd/dlopen-deps.inc +++ b/meta/recipes-core/systemd/dlopen-deps.inc @@ -66,15 +66,18 @@ python package_generate_dlopen_deps() { elf = oe.qa.ELFFile(f) elf.open() for dep in parse(extract_segment(f, ".note.dlopen"), elf.isLittleEndian()): + # soname list contains alternatives; find the first available provider + found = False for soname in dep["soname"]: if soname in shlibs: - # TODO assumes the first match is good package, version = list(shlibs[soname].values())[0] dependency = dep_map[dep["priority"]] bb.note(f"{pkg}: adding {dependency} on {package} via .note.dlopen") d.appendVar(f"{dependency}:{pkg}", f" {package} (>= {version})") - else: - bb.warn(f"cannot find {soname}") + found = True + break + if not found: + bb.warn(f"cannot find any provider for dlopen dependency: {dep['soname']}") except oe.qa.NotELFFileError as e: bb.note(f"Cannot extract ELF notes: {e}") pass From patchwork Thu Jun 25 13:41:31 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Turull X-Patchwork-Id: 90989 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 27F9DCDE000 for ; Thu, 25 Jun 2026 13:42:44 +0000 (UTC) Received: from AS8PR04CU009.outbound.protection.outlook.com (AS8PR04CU009.outbound.protection.outlook.com [52.101.70.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.11583.1782394958084679303 for ; Thu, 25 Jun 2026 06:42:38 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@ericsson.com header.s=selector2 header.b=SSTUAKa7; spf=pass (domain: ericsson.com, ip: 52.101.70.53, mailfrom: edaturu@ericsson.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=d0YKoZ5/QbVx7FOMYwm+RXKewxU5083ETbMPdt99RQoZnaXZImxFC82CyyZsiZZsS29ZBTx9d9766odfQ7BZLbrwfI2fyi0FYHf/uZMSArPZsMaJzp/PdRJoQPubbRjXkXDcebyasZjxqYaKkv5yMDW8MPEWl0mjG5GjiM9KCN59T0C6fKHiYA1mxMyALs67ZCbtzpNieIady1+zkstnzCqGMUt8TsU8NdzfkNJ8bafSdpVpf5q2VvHK7e0F3gh0dqiRUSDQrHx7BRMbNF8b2+lMF3PPuJAb/YBXxUytXhvtkc9j4FEtwUfPZ0J8YwZYAaDZ7ZN3zNaYOc1JMvAcqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=EnO5QPgnCwTNUBDfZJnbjhM92/QOOwBmfHFxRsHkKMA=; b=s+rj+5mjFIEWo1PkUhNF8DdDch1TfNW3AzbbsLO3mnUtl/T7Qjxd0mXUttuNTshUEVDrbrOpYU1lf37oUlANIgjxbOpXzO1qlLBKbHcYaqlLyuTb8g5zifFZLfx27YMhXxensrA39QX6wFo4wxjZfIREJSpwyHeoal7AABMJOdreYhBtbwHb7FXfjQ5G57Lp96G1PgZOy/ow4V2pKbt/VLHCQnkvw7TbbOQtNNzGA9Ynaj9HvWykD2WWGjONZn9hHgUxyVY1yUQP8/96J410ANAN4vSN7nEx/woxBqAPRHcvJH3wAxvn6shVXq/k3ahfu1ifW0t6nu0aBe92jEB0Cg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 192.176.1.74) smtp.rcpttodomain=est.tech smtp.mailfrom=ericsson.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=ericsson.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=EnO5QPgnCwTNUBDfZJnbjhM92/QOOwBmfHFxRsHkKMA=; b=SSTUAKa7Xt9z/abaZUJpqG+/QheBYbxhqRilGiXPPsCOWPsrn05YNc7uCc/OO7wL6+vfWzBPCDVnmo8gdBaAVHSwD2lXd9bY+USpcpI9i93betBfUVU+BN3Rfc8ULFGCGrHl3ten3iR7VC8i8JQlmXd0vdfyzxXq7TiGCraNH0prTFfaQhRRshdww58yNXdeOAjYdaOd1IVL+tA5GS83nbY8nC/2AIi3P6iu4YowLnNc2WbJ1B7g/oq1cv0I47PnFLQxtAx4Z6tJZ4dZzbC74D4ixCs6khEYV3m53z45K1CNbMuBEtCMWw0Q3PR/+xd9vpvkYZGqQPYzqJMYR5iV/A== Received: from AM0P190CA0001.EURP190.PROD.OUTLOOK.COM (2603:10a6:208:190::11) by PR3PR07MB8274.eurprd07.prod.outlook.com (2603:10a6:102:179::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.16; Thu, 25 Jun 2026 13:42:29 +0000 Received: from AM4PEPF00027A6B.eurprd04.prod.outlook.com (2603:10a6:208:190:cafe::23) by AM0P190CA0001.outlook.office365.com (2603:10a6:208:190::11) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.159.15 via Frontend Transport; Thu, 25 Jun 2026 13:42:29 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 192.176.1.74) smtp.mailfrom=ericsson.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=ericsson.com; Received-SPF: Pass (protection.outlook.com: domain of ericsson.com designates 192.176.1.74 as permitted sender) receiver=protection.outlook.com; client-ip=192.176.1.74; helo=oa.msg.ericsson.com; pr=C Received: from oa.msg.ericsson.com (192.176.1.74) by AM4PEPF00027A6B.mail.protection.outlook.com (10.167.16.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.181.6 via Frontend Transport; Thu, 25 Jun 2026 13:42:29 +0000 Received: from seroius18813.sero.gic.ericsson.se (153.88.142.248) by smtp-central.internal.ericsson.com (100.87.178.69) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Thu, 25 Jun 2026 15:42:28 +0200 Received: from seroius08462.sero.gic.ericsson.se (seroius08462.sero.gic.ericsson.se [10.63.237.245]) by seroius18813.sero.gic.ericsson.se (Postfix) with ESMTP id F337F95802; Thu, 25 Jun 2026 15:42:27 +0200 (CEST) Received: by seroius08462.sero.gic.ericsson.se (Postfix, from userid 160155) id C13D6700DF49; Thu, 25 Jun 2026 15:42:27 +0200 (CEST) From: To: CC: , , , , Daniel Turull Subject: [PATCH 2/3] systemd: upgrade to 261 Date: Thu, 25 Jun 2026 15:41:31 +0200 Message-ID: <20260625134210.4046622-3-daniel.turull@ericsson.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625134210.4046622-1-daniel.turull@ericsson.com> References: <20260625134210.4046622-1-daniel.turull@ericsson.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AM4PEPF00027A6B:EE_|PR3PR07MB8274:EE_ X-MS-Office365-Filtering-Correlation-Id: 380123a8-e43a-4f7e-bd9b-08ded2bf99bc X-SMTP-Server: smtp-central.internal.ericsson.com X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|23010399003|1800799024|376014|82310400026|36860700016|3023799007|6133799003|18002099003|22082099003|56012099006|11063799006; X-Microsoft-Antispam-Message-Info: xN9fa78SeApbVXQ+id9OYcnau46y9m1hQGv/bH+wkVA+Jn5dvDHT8iWNvlAeoGvG3Us21bwRBAYkPV6fRa8p98A7raA77Er/5JHI/IkldYcGcjdD+QCS/e4sADIKwZPo+V6d74+BX2rUww+UBReSKd9Rn7p5uJfqwWh/uenEwPQFbQD74/S5FcFxLVmW+wHI17xcOzPiyoWSCoPZggNcDioioFBnu9pLVNYNfkUGrsGz9tW9NB2QWewc1/b4+d7PVRxRXu2CUo1oCFhsiX6tC7zO7M0BwM9ejhj95B2ie9DIwiFEY1O74jH6hPWRVntAoefe/LIj+EbqaLrpKu3W3SAzYKzL8YPvToXU7KiX6ehVCH0yWweHKQnQAG3O/AJggsrNgJQmlhLQvgkUKGwrrMxNpQJVLeB6x6ydxrg/Dts+lAFbPRDOR3/n0gSuoOccm1b6PVFfXWhpmsAZ6LsXwuYjGbsM4ywolwnhcOf4RmsvOoN/WM4a1kHQ1lzRYYNJ55VgTxDeyiVjUiljXGxzIOsXKYKDem1LiUteItLNdkakhKoKgBMfBkLCSR631bJGbO2Db2+6gwY1Bu5gz562ezhJc6aJ4x0mqZiWNQK9cEyWoQZlLh39oC9SukPeC8G0R3TwXYcyNvev8Ux6/Zkk3iJ4YbdiBVjw9DByL5q8RL+Xyx1/W+PC2aQEv/L/FFNjDTZN7r43kECN2AIdRBDl8w== X-Forefront-Antispam-Report: CIP:192.176.1.74;CTRY:SE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:oa.msg.ericsson.com;PTR:office365.se.ericsson.net;CAT:NONE;SFS:(13230040)(23010399003)(1800799024)(376014)(82310400026)(36860700016)(3023799007)(6133799003)(18002099003)(22082099003)(56012099006)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: ceoFK/nv3dFEMQGQbCwvs57YuIVmyu62LRWaB40Ibu06Ll5VksLBXnkzawhdWF6mpJivNN0blgOAZfM+IE8XgTqXPnNx8OYvRfE8R2ARX2Y5xKvTcQlAQnY84KzLnDePIR8DVeghUflzuGPJb5BkZA5aRe5bRO13AJvhhNLCEBoNNNioW7+D2vMQSElSY8wxwBAALy9aD27chfOyYep58LkdT6OGmh9gWXtUep08qXjXn3tgQv82joBo0BrT+nEBM0IXRy9YajFoW6RxL3DqPfAn+yAE5O1RrHjSp5YAFLtsFmDgZ2sYc5er9o4hnwYp5Cce8s2+LfJNmvjb4BykctYUJg1ItaU/iKJNVhYWFSzLzlbMILR1O3lF67PaxvaOjAztraAaM1rtWGVUEokD+S2uJwOaM/TMBWYYGpClFoEXO8oLX9x1/HhdRfRpvVV2 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 13:42:29.2403 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 380123a8-e43a-4f7e-bd9b-08ded2bf99bc X-MS-Exchange-CrossTenant-Id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=92e84ceb-fbfd-47ab-be52-080c6b87953f;Ip=[192.176.1.74];Helo=[oa.msg.ericsson.com] X-MS-Exchange-CrossTenant-AuthSource: AM4PEPF00027A6B.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR07MB8274 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jun 2026 13:42:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239568 From: Daniel Turull Changes: https://github.com/systemd/systemd/compare/v259.5...v261-stable - Drop backported patches no longer needed (libfido2_cflags, tpm2-util PCR bank, fdset_new debug) - Drop redundant tag= from SRC_URI (SRCREV already pins the commit) - Remove sysvinit-path/sysvrcnd-path meson options and systemd-sysv-install skeleton (removed upstream in 260) - Add explicit meson disables for auto-detected features in systemd-systemctl-native to prevent host sysroot contamination - Refresh 0003-Do-not-create-var-log-README.patch Tested on qemu target with testsuite systemd AI-Generated: Claude-opus-4.6 Signed-off-by: Daniel Turull --- ...ve_259.5.bb => systemd-boot-native_261.bb} | 0 ...temd-boot_259.5.bb => systemd-boot_261.bb} | 0 ...9.5.bb => systemd-systemctl-native_261.bb} | 17 ++-- meta/recipes-core/systemd/systemd.inc | 10 +- ...meson-use-libfido2_cflags-dependency.patch | 54 ----------- .../0003-Do-not-create-var-log-README.patch | 10 +- ...il-fix-PCR-bank-guessing-without-EFI.patch | 62 ------------ ...-detailed-debug-logging-to-fdset_new.patch | 97 ------------------- .../{systemd_259.5.bb => systemd_261.bb} | 12 +-- 9 files changed, 19 insertions(+), 243 deletions(-) rename meta/recipes-core/systemd/{systemd-boot-native_259.5.bb => systemd-boot-native_261.bb} (100%) rename meta/recipes-core/systemd/{systemd-boot_259.5.bb => systemd-boot_261.bb} (100%) rename meta/recipes-core/systemd/{systemd-systemctl-native_259.5.bb => systemd-systemctl-native_261.bb} (54%) delete mode 100644 meta/recipes-core/systemd/systemd/0001-meson-use-libfido2_cflags-dependency.patch delete mode 100644 meta/recipes-core/systemd/systemd/0004-tpm2-util-fix-PCR-bank-guessing-without-EFI.patch delete mode 100644 meta/recipes-core/systemd/systemd/0018-shared-fdset-add-detailed-debug-logging-to-fdset_new.patch rename meta/recipes-core/systemd/{systemd_259.5.bb => systemd_261.bb} (99%) diff --git a/meta/recipes-core/systemd/systemd-boot-native_259.5.bb b/meta/recipes-core/systemd/systemd-boot-native_261.bb similarity index 100% rename from meta/recipes-core/systemd/systemd-boot-native_259.5.bb rename to meta/recipes-core/systemd/systemd-boot-native_261.bb diff --git a/meta/recipes-core/systemd/systemd-boot_259.5.bb b/meta/recipes-core/systemd/systemd-boot_261.bb similarity index 100% rename from meta/recipes-core/systemd/systemd-boot_259.5.bb rename to meta/recipes-core/systemd/systemd-boot_261.bb diff --git a/meta/recipes-core/systemd/systemd-systemctl-native_259.5.bb b/meta/recipes-core/systemd/systemd-systemctl-native_261.bb similarity index 54% rename from meta/recipes-core/systemd/systemd-systemctl-native_259.5.bb rename to meta/recipes-core/systemd/systemd-systemctl-native_261.bb index 3d01d60e9c..686448cf1e 100644 --- a/meta/recipes-core/systemd/systemd-systemctl-native_259.5.bb +++ b/meta/recipes-core/systemd/systemd-systemctl-native_261.bb @@ -10,19 +10,16 @@ inherit pkgconfig meson native MESON_TARGET = "systemctl:executable" MESON_INSTALL_TAGS = "systemctl" +# Explicitly disable features that meson auto-detects from the native sysroot. +# Only systemctl is built here; these prevent spurious dependencies and ensure +# reproducible builds regardless of what is installed on the build host. EXTRA_OEMESON += "-Dlink-systemctl-shared=false" -EXTRA_OEMESON += "-Dsysvinit-path= -Dsysvrcnd-path=" +EXTRA_OEMESON += "-Dpam=disabled -Daudit=disabled -Dselinux=disabled" +EXTRA_OEMESON += "-Dacl=disabled -Dapparmor=disabled -Dseccomp=disabled" +EXTRA_OEMESON += "-Dlibcryptsetup=disabled -Dlibcurl=disabled -Dlibfido2=disabled" +EXTRA_OEMESON += "-Dpcre2=disabled -Dp11kit=disabled -Dopenssl=disabled" # Systemctl is supposed to operate on target, but the target sysroot is not # determined at run-time, but rather set during configure # More details are here https://github.com/systemd/systemd/issues/35897#issuecomment-2665405887 EXTRA_OEMESON += "--sysconfdir ${sysconfdir_native}" - -do_install:append() { - # Install systemd-sysv-install in /usr/bin rather than /usr/lib/systemd - # (where it is normally installed) so systemctl can find it in $PATH. - # It is expected that the use of systemd-sysv-install will be removed - # with version 259 of systemd and then this, and everything that was - # added along with it, should be reverted. - install -Dm 0755 ${S}/src/systemctl/systemd-sysv-install.SKELETON ${D}${bindir}/systemd-sysv-install -} diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc index f107c4c5da..fb696d5841 100644 --- a/meta/recipes-core/systemd/systemd.inc +++ b/meta/recipes-core/systemd/systemd.inc @@ -15,14 +15,10 @@ LICENSE:libsystemd = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=c09786363500a9acc29b147e6e72d2c6 \ file://LICENSE.LGPL2.1;md5=be0aaf4a380f73f7e00b420a007368f2" -SRCREV = "b3d8fc43e9cb531d958c17ef2cd93b374bc14e8a" -SRCBRANCH = "v259-stable" -SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH};tag=v${PV}" +SRCREV = "de9dbc37ad4aa637e200ac02a0545095997055df" +SRCBRANCH = "v261-stable" +SRC_URI = "git://github.com/systemd/systemd.git;protocol=https;branch=${SRCBRANCH}" CVE_PRODUCT = "systemd" CVE_STATUS[CVE-2019-3815] = "not-applicable-platform: only applied to RHEL" -CVE_STATUS[CVE-2026-40223] = "fixed-version: fixed in 259.2" -CVE_STATUS[CVE-2026-40224] = "fixed-version: fixed in 259.3" -CVE_STATUS[CVE-2026-40225] = "fixed-version: fixed in 259.5" -CVE_STATUS[CVE-2026-40226] = "fixed-version: fixed in 259.4" diff --git a/meta/recipes-core/systemd/systemd/0001-meson-use-libfido2_cflags-dependency.patch b/meta/recipes-core/systemd/systemd/0001-meson-use-libfido2_cflags-dependency.patch deleted file mode 100644 index 4bc1e10ee7..0000000000 --- a/meta/recipes-core/systemd/systemd/0001-meson-use-libfido2_cflags-dependency.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 97142fd1db4124de5d5bdd3f49cc5a390286e522 Mon Sep 17 00:00:00 2001 -From: Dan McGregor -Date: Wed, 11 Mar 2026 18:26:05 -0600 -Subject: [PATCH] meson: use libfido2_cflags dependency - -Add the libfido2 dependency to cryptenroll and cryptsetup's -meson files. If libfido2's not installed in the default path -the build wasn't finding its headers correctly. - -Signed-off-by: Dan McGregor -Upstream-Status: Backport [https://github.com/systemd/systemd/commit/9ce905e35f690e7a10cd286be2b50594d0857f5e] ---- - src/cryptenroll/meson.build | 1 + - src/cryptsetup/cryptsetup-tokens/meson.build | 2 +- - src/cryptsetup/meson.build | 1 + - 3 files changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/cryptenroll/meson.build b/src/cryptenroll/meson.build -index 488ceea14d..11265c8b41 100644 ---- a/src/cryptenroll/meson.build -+++ b/src/cryptenroll/meson.build -@@ -23,6 +23,7 @@ executables += [ - 'dependencies' : [ - libcryptsetup, - libdl, -+ libfido2_cflags, - libopenssl, - libp11kit_cflags, - ], -diff --git a/src/cryptsetup/cryptsetup-tokens/meson.build b/src/cryptsetup/cryptsetup-tokens/meson.build -index 804e18bc67..0fd6309201 100644 ---- a/src/cryptsetup/cryptsetup-tokens/meson.build -+++ b/src/cryptsetup/cryptsetup-tokens/meson.build -@@ -58,7 +58,7 @@ modules += [ - 'sources' : cryptsetup_token_systemd_fido2_sources, - 'dependencies' : [ - libcryptsetup, -- libfido2, -+ libfido2_cflags, - ], - }, - template + { -diff --git a/src/cryptsetup/meson.build b/src/cryptsetup/meson.build -index d9778259c2..b36354fb0a 100644 ---- a/src/cryptsetup/meson.build -+++ b/src/cryptsetup/meson.build -@@ -19,6 +19,7 @@ executables += [ - 'sources' : systemd_cryptsetup_sources, - 'dependencies' : [ - libcryptsetup, -+ libfido2_cflags, - libmount_cflags, - libopenssl, - libp11kit_cflags, diff --git a/meta/recipes-core/systemd/systemd/0003-Do-not-create-var-log-README.patch b/meta/recipes-core/systemd/systemd/0003-Do-not-create-var-log-README.patch index 1d3c4f83c0..0128c83d9f 100644 --- a/meta/recipes-core/systemd/systemd/0003-Do-not-create-var-log-README.patch +++ b/meta/recipes-core/systemd/systemd/0003-Do-not-create-var-log-README.patch @@ -1,7 +1,7 @@ From a7f6a296707642d05463aec22ea3dfce7d06c989 Mon Sep 17 00:00:00 2001 From: Peter Kjellerstedt Date: Tue, 21 Jan 2025 05:02:00 +0100 -Subject: [PATCH 03/16] Do not create /var/log/README +Subject: [PATCH] Do not create /var/log/README /var/log/README is a link to /usr/share/doc/systemd/README.logs. The latter is packaged in systemd-doc and likely not installed, which leaves @@ -15,19 +15,15 @@ Signed-off-by: Peter Kjellerstedt 1 file changed, 3 deletions(-) diff --git a/tmpfiles.d/legacy.conf.in b/tmpfiles.d/legacy.conf.in -index cdef21fa9b..03798c953e 100644 +index cdef21fa9b..7890abcdef 100644 --- a/tmpfiles.d/legacy.conf.in +++ b/tmpfiles.d/legacy.conf.in -@@ -13,9 +13,6 @@ +@@ -13,6 +13,3 @@ d /run/lock 0755 root root - L /var/lock - - - - ../run/lock -{% if CREATE_LOG_DIRS %} -L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs -{% endif %} - - {% if HAVE_SYSV_COMPAT %} - # /run/lock/subsys is used for serializing SysV service execution, and -- 2.34.1 - diff --git a/meta/recipes-core/systemd/systemd/0004-tpm2-util-fix-PCR-bank-guessing-without-EFI.patch b/meta/recipes-core/systemd/systemd/0004-tpm2-util-fix-PCR-bank-guessing-without-EFI.patch deleted file mode 100644 index c590b01cd3..0000000000 --- a/meta/recipes-core/systemd/systemd/0004-tpm2-util-fix-PCR-bank-guessing-without-EFI.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 3cef11c710e95bb5f891181e9b2a6d8f174712c3 Mon Sep 17 00:00:00 2001 -From: Patrick Wicki -Date: Fri, 20 Mar 2026 15:56:56 +0100 -Subject: [PATCH] tpm2-util: fix PCR bank guessing without EFI - -Since 7643e4a89 efi_get_active_pcr_banks() is used to determine the -active PCR banks. Without EFI support, this returns -EOPNOTSUPP. This in -turns leads to cryptenroll and cryptsetup attach failures unless the PCR -bank is explicitly set, i.e. - -$ systemd-cryptenroll $LUKS_PART --tpm2-device=auto --tpm2-pcrs='7' -[...] -Could not read pcr values: Operation not supported - -But it works fine with --tpm2-pcrs='7:sha256'. - -Similarly, unsealing during cryptsetup attach also fails if the bank -needs to be determined: - -Failed to unseal secret using TPM2: Operation not supported - -Catch the -EOPNOTSUPP and fallback to the guessing strategy. - -Upstream-Status: Backport [https://github.com/systemd/systemd/pull/41231] - -Signed-off-by: Patrick Wicki ---- - src/shared/tpm2-util.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c -index cf11b50695..c0590fe575 100644 ---- a/src/shared/tpm2-util.c -+++ b/src/shared/tpm2-util.c -@@ -2702,11 +2702,11 @@ int tpm2_get_best_pcr_bank( - uint32_t efi_banks; - r = efi_get_active_pcr_banks(&efi_banks); - if (r < 0) { -- if (r != -ENOENT) -+ if (!IN_SET(r, -ENOENT, -EOPNOTSUPP)) - return r; - - /* If variable is not set use guesswork below */ -- log_debug("Boot loader didn't set the LoaderTpm2ActivePcrBanks EFI variable, we have to guess the used PCR banks."); -+ log_debug("Boot loader didn't set the LoaderTpm2ActivePcrBanks EFI variable or EFI support is unavailable, we have to guess the used PCR banks."); - } else if (efi_banks == UINT32_MAX) - log_debug("Boot loader set the LoaderTpm2ActivePcrBanks EFI variable to indicate that the GetActivePcrBanks() API is not available in the firmware. We have to guess the used PCR banks."); - else { -@@ -2811,11 +2811,11 @@ int tpm2_get_good_pcr_banks( - uint32_t efi_banks; - r = efi_get_active_pcr_banks(&efi_banks); - if (r < 0) { -- if (r != -ENOENT) -+ if (!IN_SET(r, -ENOENT, -EOPNOTSUPP)) - return r; - - /* If the variable is not set we have to guess via the code below */ -- log_debug("Boot loader didn't set the LoaderTpm2ActivePcrBanks EFI variable, we have to guess the used PCR banks."); -+ log_debug("Boot loader didn't set the LoaderTpm2ActivePcrBanks EFI variable or EFI support is unavailable, we have to guess the used PCR banks."); - } else if (efi_banks == UINT32_MAX) - log_debug("Boot loader set the LoaderTpm2ActivePcrBanks EFI variable to indicate that the GetActivePcrBanks() API is not available in the firmware. We have to guess the used PCR banks."); - else { diff --git a/meta/recipes-core/systemd/systemd/0018-shared-fdset-add-detailed-debug-logging-to-fdset_new.patch b/meta/recipes-core/systemd/systemd/0018-shared-fdset-add-detailed-debug-logging-to-fdset_new.patch deleted file mode 100644 index 63fa7fefec..0000000000 --- a/meta/recipes-core/systemd/systemd/0018-shared-fdset-add-detailed-debug-logging-to-fdset_new.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 0565f9f27323a8f9e62d85f2add542af99cea06a Mon Sep 17 00:00:00 2001 -From: AshishKumar Mishra -Date: Wed, 21 Jan 2026 14:13:29 +0530 -Subject: [PATCH] systemd: Add detailed debug logging to fdset_new_fill() - -Currently, when fdset_new_fill() fails to open /proc/self/fd or -encounters an error while processing individual file descriptors -(such as fcntl or fstat failures), it returns a silent error code. - -For debugging rarely reproducible failures it becomes difficult to -know the exact cause of failure -This commit updates the function to use log_debug_errno() for all -error paths and hence provides better visibility into why FD collection -failed, including the path of the problematic FD (via fd_get_path) -and its inode type. - -Upstream-Status: Backport [https://github.com/systemd/systemd/pull/40385] - -Signed-off-by: AshishKumar Mishra ---- - src/shared/fdset.c | 35 ++++++++++++++++++++++++++--------- - 1 file changed, 26 insertions(+), 9 deletions(-) - -diff --git a/src/shared/fdset.c b/src/shared/fdset.c -index 832e7fda60..f340f41b0e 100644 ---- a/src/shared/fdset.c -+++ b/src/shared/fdset.c -@@ -8,6 +8,7 @@ - #include "alloc-util.h" - #include "async.h" - #include "dirent-util.h" -+#include "errno-util.h" - #include "fd-util.h" - #include "fdset.h" - #include "log.h" -@@ -179,9 +180,10 @@ int fdset_new_fill( - d = opendir("/proc/self/fd"); - if (!d) { - if (errno == ENOENT && proc_mounted() == 0) -- return -ENOSYS; -+ return log_debug_errno(SYNTHETIC_ERRNO(ENOSYS), -+ "Failed to open /proc/self/fd/, /proc/ is not mounted."); - -- return -errno; -+ return log_debug_errno(errno, "Failed to open /proc/self/fd/: %m "); - } - - s = fdset_new(); -@@ -210,9 +212,14 @@ int fdset_new_fill( - * been passed in can be collected and fds which have been created locally can be - * ignored, under the assumption that only the latter have O_CLOEXEC set. */ - -- fl = fcntl(fd, F_GETFD); -- if (fl < 0) -- return -errno; -+ fl = RET_NERRNO(fcntl(fd, F_GETFD)); -+ if (fl < 0) { -+ _cleanup_free_ char *path = NULL; -+ (void) fd_get_path(fd, &path); -+ return log_debug_errno(fl, -+ "Failed to get flag of fd=%d (%s): %m ", -+ fd, strna(path)); -+ } - - if (FLAGS_SET(fl, FD_CLOEXEC) != !!filter_cloexec) - continue; -@@ -221,13 +228,23 @@ int fdset_new_fill( - /* We need to set CLOEXEC manually only if we're collecting non-CLOEXEC fds. */ - if (filter_cloexec <= 0) { - r = fd_cloexec(fd, true); -- if (r < 0) -- return r; -+ if (r < 0) { -+ _cleanup_free_ char *path = NULL; -+ (void) fd_get_path(fd, &path); -+ return log_debug_errno(r, -+ "Failed to set CLOEXEC flag fd=%d (%s): %m ", -+ fd, strna(path)); -+ } - } - - r = fdset_put(s, fd); -- if (r < 0) -- return r; -+ if (r < 0) { -+ _cleanup_free_ char *path = NULL; -+ (void) fd_get_path(fd, &path); -+ return log_debug_errno(r, -+ "Failed to put fd=%d (%s) into fdset: %m ", -+ fd, strna(path)); -+ } - } - - *ret = TAKE_PTR(s); --- -2.34.1 - diff --git a/meta/recipes-core/systemd/systemd_259.5.bb b/meta/recipes-core/systemd/systemd_261.bb similarity index 99% rename from meta/recipes-core/systemd/systemd_259.5.bb rename to meta/recipes-core/systemd/systemd_261.bb index f3ec0edae7..eedce348c3 100644 --- a/meta/recipes-core/systemd/systemd_259.5.bb +++ b/meta/recipes-core/systemd/systemd_261.bb @@ -32,9 +32,6 @@ SRC_URI += " \ file://systemd-pager.sh \ file://0001-binfmt-Don-t-install-dependency-links-at-install-tim.patch \ file://0003-Do-not-create-var-log-README.patch \ - file://0001-meson-use-libfido2_cflags-dependency.patch \ - file://0018-shared-fdset-add-detailed-debug-logging-to-fdset_new.patch \ - file://0004-tpm2-util-fix-PCR-bank-guessing-without-EFI.patch \ " PAM_PLUGINS = " \ @@ -226,9 +223,6 @@ EXTRA_OEMESON += "-Dnobody-user=nobody \ -Ddbus=disabled \ -Dtests=false \ -Dlibc=${TCLIBC} \ - -Drc-local='' \ - -Dsysvinit-path='' \ - -Dsysvrcnd-path='' \ " # Hardcode target binary paths to avoid using paths from sysroot or worse @@ -582,6 +576,8 @@ FILES:${PN}-extra-utils = "\ ${bindir}/systemd-cgtop \ ${bindir}/systemd-stdio-bridge \ ${base_sbindir}/mount.ddi \ + ${base_sbindir}/mount.mstack \ + ${base_sbindir}/mount.storage \ ${systemd_system_unitdir}/initrd.target.wants/systemd-pcrphase-initrd.path \ ${systemd_system_unitdir}/sysinit.target.wants/systemd-pcrphase.path \ ${systemd_system_unitdir}/sysinit.target.wants/systemd-pcrphase-sysinit.path \ @@ -678,6 +674,7 @@ FILES:${PN} = " ${base_bindir}/* \ ${datadir}/polkit-1 \ ${datadir}/${BPN} \ ${datadir}/factory \ + ${datadir}/user-tmpfiles.d \ ${sysconfdir}/credstore/ \ ${sysconfdir}/credstore.encrypted/ \ ${sysconfdir}/dbus-1/ \ @@ -687,6 +684,7 @@ FILES:${PN} = " ${base_bindir}/* \ ${sysconfdir}/sysctl.d/ \ ${sysconfdir}/systemd/ \ ${sysconfdir}/tmpfiles.d/ \ + ${sysconfdir}/user-tmpfiles.d/ \ ${sysconfdir}/xdg/ \ ${sysconfdir}/init.d/README \ ${sysconfdir}/resolv-conf.systemd \ @@ -797,11 +795,13 @@ FILES:udev += "${base_sbindir}/udevd \ ${nonarch_libdir}/udev/rules.d/60-persistent-storage.rules \ ${nonarch_libdir}/udev/rules.d/60-persistent-storage-mtd.rules \ ${nonarch_libdir}/udev/rules.d/60-persistent-storage-tape.rules \ + ${nonarch_libdir}/udev/rules.d/60-tpm2-id.rules \ ${nonarch_libdir}/udev/rules.d/60-persistent-v4l.rules \ ${nonarch_libdir}/udev/rules.d/60-sensor.rules \ ${nonarch_libdir}/udev/rules.d/60-serial.rules \ ${nonarch_libdir}/udev/rules.d/61-autosuspend-manual.rules \ ${nonarch_libdir}/udev/rules.d/64-btrfs.rules \ + ${nonarch_libdir}/udev/rules.d/65-integration.rules \ ${nonarch_libdir}/udev/rules.d/70-camera.rules \ ${nonarch_libdir}/udev/rules.d/70-joystick.rules \ ${nonarch_libdir}/udev/rules.d/70-memory.rules \ From patchwork Thu Jun 25 13:41:32 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Daniel Turull X-Patchwork-Id: 90990 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2DA8ACDE001 for ; Thu, 25 Jun 2026 13:42:44 +0000 (UTC) Received: from GVXPR05CU001.outbound.protection.outlook.com (GVXPR05CU001.outbound.protection.outlook.com [52.101.83.26]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.11585.1782394961589559944 for ; Thu, 25 Jun 2026 06:42:42 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@ericsson.com header.s=selector2 header.b=HyKUEd5t; spf=pass (domain: ericsson.com, ip: 52.101.83.26, mailfrom: edaturu@ericsson.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nNiYu4y+Mi1EeQIlVWkpcLfEJWX9pQNaSBdzp/BAnskkAGDPvl2ZJugzNuopU3aZoaUeUmklzEyi0iXxUoWVsvTI0bDjetldrx3XnAZxAc6qMykZLBBK8YZRew5YnNkGbj4W5wyTzGGKThSitT4+bJDKUcurNVMDyeI5L/wv9RC+uPqdaKQVlE/NQpFCQL80pYxXRAKBmQp4HkwYdou4lELsBxAKoiTptoYE+c/26dmc9qqcourV3BA46wZjHACFZCyGEtHlRPVOjluBM8ajZfvYX3zFi74Ur/5+sNmoLhnaXJkSgtemkGRf8H+5JC/soABceVeH40bXzL22ehrmDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5qJ7Qh6UM8MVcKePdsuXNdhj0injO+85fG/IMhkJT2A=; b=NACAM8cnGh7G+/CZ3mW5ePURKbgxhuSylDi5zpCW3m1rWggHZmnamVXxpPfx70czOk+SrieEA6uyASx4EMAtNSQHN35n2jSzwi6rzMidZXNKjjV1dIWkPn7QMy9C1X7md6/lLJ/tze9T5XCU6BrTNBVQEPYLztKA8bd3OFnKxUrVmtG0gZgEElnlY6hGGaTjKxEecvaevHp2OC8ogy5p4RrIb9A640dtkWBpB9skg8+eqKtBXFjBPqA4K/K3hHdAdrrGhxt+uvHE5FtGwZCwrK1Smlsx/ayzjJRYrwUzTAxU6S2IU3IX3Jtpe+kOmzW2M9pCmNMqmVHice2yghCU0g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 192.176.1.74) smtp.rcpttodomain=est.tech smtp.mailfrom=ericsson.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=ericsson.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5qJ7Qh6UM8MVcKePdsuXNdhj0injO+85fG/IMhkJT2A=; b=HyKUEd5tRmol7YRiSr4PHuEcIDrpmnM/P6skfjvBev/+i6yHByF8x4BykVwem18lay9+D/Jdm62HvPR72IUHip/x1WwG/3q8XaW+yH1+knFfRw9mF2P5UtSjDGw4pVL3wN0D1s4Yb+TGUBTufqeMui76TIPRePRL8mMLSz2KluAEtWYKmno0FVZG/RoSX54EIcD/yys48Fz1rLkXqoeTIyNcRyx/wBd3cKNvW6Z5oMyOS6QUXapG2J6h6Et/BWIYtrIrEk6roG1mMxJ2JaGGV8/wesLV1CE+mvZrA+fkuU0SdgybA7Y5wq13d796Ko6Tl876yhongNb1lV9slp8Njg== Received: from DUZPR01CA0272.eurprd01.prod.exchangelabs.com (2603:10a6:10:4b9::12) by DU0PR07MB9637.eurprd07.prod.outlook.com (2603:10a6:10:316::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.14; Thu, 25 Jun 2026 13:42:34 +0000 Received: from DB1PEPF0003922E.eurprd03.prod.outlook.com (2603:10a6:10:4b9:cafe::11) by DUZPR01CA0272.outlook.office365.com (2603:10a6:10:4b9::12) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.21.159.16 via Frontend Transport; Thu, 25 Jun 2026 13:42:34 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 192.176.1.74) smtp.mailfrom=ericsson.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=ericsson.com; Received-SPF: Pass (protection.outlook.com: domain of ericsson.com designates 192.176.1.74 as permitted sender) receiver=protection.outlook.com; client-ip=192.176.1.74; helo=oa.msg.ericsson.com; pr=C Received: from oa.msg.ericsson.com (192.176.1.74) by DB1PEPF0003922E.mail.protection.outlook.com (10.167.8.101) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.181.6 via Frontend Transport; Thu, 25 Jun 2026 13:42:34 +0000 Received: from seroius18815.sero.gic.ericsson.se (153.88.142.248) by smtp-central.internal.ericsson.com (100.87.178.63) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.37; Thu, 25 Jun 2026 15:42:29 +0200 Received: from seroius08462.sero.gic.ericsson.se (seroius08462.sero.gic.ericsson.se [10.63.237.245]) by seroius18815.sero.gic.ericsson.se (Postfix) with ESMTP id 0A4FD4020B43; Thu, 25 Jun 2026 15:42:27 +0200 (CEST) Received: by seroius08462.sero.gic.ericsson.se (Postfix, from userid 160155) id C6280700DF4B; Thu, 25 Jun 2026 15:42:27 +0200 (CEST) From: To: CC: , , , , Daniel Turull Subject: [PATCH 3/3] systemd: add native hwdb generator for hosts without STATX_MNT_ID Date: Thu, 25 Jun 2026 15:41:32 +0200 Message-ID: <20260625134210.4046622-4-daniel.turull@ericsson.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260625134210.4046622-1-daniel.turull@ericsson.com> References: <20260625134210.4046622-1-daniel.turull@ericsson.com> MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB1PEPF0003922E:EE_|DU0PR07MB9637:EE_ X-MS-Office365-Filtering-Correlation-Id: b5aa598e-6dc3-478d-5447-08ded2bf9cfb X-SMTP-Server: smtp-central.internal.ericsson.com X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|23010399003|1800799024|36860700016|82310400026|56012099006|11063799006|6133799003|18002099003|22082099003|3023799007; X-Microsoft-Antispam-Message-Info: eJgn3uikhHIkEZROdyfPjvO+7ygo7mCRBfiSsUQ8HFRugURJHW0UtDz7qa5uQ3IlQ9xIp6c3XOsOnw7fEA0G+pfOVGG7i5xMb32P7Zj6rCpBND7C5I9EC0DkFV2cmsBOAL3Hs+ZR2dF6uBEi+N13XxPAMiYIIKczaNjrqU8orTE5zSAcK87OoQc1i9F+JtYBniuT635E8rIZJEt3FK6fio7gE2dMbou9fZKBUuLMWQG1tYyIl+B5ZTHZV0/2J4ZLmB6hVqXXJK8Bd6dDI/x0zP8/NFqjjaofOptOsrXj7SsxvgqaI5hDyGk5LWiCr4B177Qa5wgTrOcLFS6nuwwHH9npzyPVwTd0O1GvxPF0F8vfVPYy/IVMYbXlKHJK2PduZKI07OHkjueFdhNat5pJEWmSrM2xTJAfz3IZEkKzHR0zsqZZqFQkgN/JQ2VSSq9sO2o6jw8WxM4l2nivXYYSWOaaqGtxTs7LqHcn1dtuxngwG09lEoFTUnQMZsgjUCiY3necGTY3pMeVnJDvgGwQMvuXppsTaqv8N4xMCGATLVxUYF0vBGRheUvV23f2YEbjmRriDvL8tufHxh5zkDmyhEjZOGFMNPlE4WwPTwC0yzAUq8EwCrbeFqF7gDuOaDt7ODPNgMUFg7jBXxdASQltdnfqF/KEouKfn7A1kWNuptIo4Rb4NX5g+eiYtaP6rb35jFa7aDrIGwcBjnrWw5r5YQ== X-Forefront-Antispam-Report: CIP:192.176.1.74;CTRY:SE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:oa.msg.ericsson.com;PTR:office365.se.ericsson.net;CAT:NONE;SFS:(13230040)(376014)(23010399003)(1800799024)(36860700016)(82310400026)(56012099006)(11063799006)(6133799003)(18002099003)(22082099003)(3023799007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: cuXwC0/nAZF8i68SBx1UmDTms2YpoxNwYsxz3x99sGGsIeCSaOyrhk0nyQiUuD8PFPN1fJPu4YLnJqdr8+JDkeuXn0vKvwwkDwbUJxTeK+Zvt3kzXy0b0a95v9q0eQwYThCJ4lzGwrDNi/9XOt6Q5JzsYyFGVAMTJXATZ5O7DB/WgnMOuW7cJlami+MIJuHwFjkDk+UVssxDQ6q63OsWbcmLVBxVELH9y0j3KyHCRYtIsDS6JBude45n10augRw6Xq/mSzGfNTUSJHMIIL44ya7qu4Js0zTHuef2EFnpJ+AqtYmEF6K/hdi2hReQfUZpkQfzv7FMdcjuVZ/MOuZkoRuuvHzJIkZw0879w/KH3V1bxyWZ3sxvvvTnKPdsGPsFDkJoJgHW+Fd28n9ayXFwFIvRs/e6hQAsnqeStuDL8FGP52RZZEnuJvZxWS8jdnx4 X-OriginatorOrg: ericsson.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Jun 2026 13:42:34.6641 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b5aa598e-6dc3-478d-5447-08ded2bf9cfb X-MS-Exchange-CrossTenant-Id: 92e84ceb-fbfd-47ab-be52-080c6b87953f X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=92e84ceb-fbfd-47ab-be52-080c6b87953f;Ip=[192.176.1.74];Helo=[oa.msg.ericsson.com] X-MS-Exchange-CrossTenant-AuthSource: DB1PEPF0003922E.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR07MB9637 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 25 Jun 2026 13:42:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/239570 From: Daniel Turull systemd 261 requires STATX_MNT_ID (kernel >= 5.8) for path resolution. On older hosts (e.g. RHEL 8 with kernel 4.18), the QEMU-emulated udevadm hwdb fails during image construction. Add systemd-hwdb-native recipe that builds systemd-hwdb natively with: - A patch restoring /proc/self/fdinfo mount-ID fallback for kernels lacking STATX_MNT_ID (applied only to native recipes) - A patch forcing compat mode in hwdb generation to avoid embedding build-host paths in hwdb.bin (reproducibility) Update the update_udev_hwdb intercept to prefer the native systemd-hwdb over QEMU emulation, with a test -s check to catch silent failures from either path. Tested on RHEL 8.10 and Ubuntu 22.04.5 AI-Generated: Claude-opus-4.6 Signed-off-by: Daniel Turull --- I'm not sure who should be the maitainer of the new native recipe. is it Qi Chen, who is the maintainer for the rest of systemd recipes, unassigned or me? The question I'm asking is because all need to be updated at the same time. --- meta/conf/distro/include/maintainers.inc | 1 + .../systemd/systemd-hwdb-native_261.bb | 32 ++++ .../systemd/systemd-systemctl-native_261.bb | 3 + ...idfd_open-and-STATX_MNT_ID-on-older-.patch | 176 ++++++++++++++++++ ...t-mode-for-reproducible-cross-builds.patch | 36 ++++ meta/recipes-core/systemd/systemd_261.bb | 2 +- scripts/postinst-intercepts/update_udev_hwdb | 24 ++- 7 files changed, 269 insertions(+), 5 deletions(-) create mode 100644 meta/recipes-core/systemd/systemd-hwdb-native_261.bb create mode 100644 meta/recipes-core/systemd/systemd/Handle-missing-pidfd_open-and-STATX_MNT_ID-on-older-.patch create mode 100644 meta/recipes-core/systemd/systemd/hwdb-use-compat-mode-for-reproducible-cross-builds.patch diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index f757fafdcb..86bf4d14ee 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -831,6 +831,7 @@ RECIPE_MAINTAINER:pn-systemd-boot-native = "Viswanath Kraleti = 5.8 (RHEL 8 EOL: 2029) +SRC_URI += "file://Handle-missing-pidfd_open-and-STATX_MNT_ID-on-older-.patch \ + file://hwdb-use-compat-mode-for-reproducible-cross-builds.patch \ + " + +inherit pkgconfig meson native + +MESON_TARGET = "systemd-hwdb:executable" + +# Override prefix so compiled-in UDEVLIBEXECDIR (/usr/lib/udev) matches the +# target rootfs layout. This allows --root $D --usr to find hwdb.d source +# files and write hwdb.bin to the correct location. +EXTRA_OEMESON += "--prefix /usr" +EXTRA_OEMESON += "-Dhwdb=true -Dlink-udev-shared=false" +EXTRA_OEMESON += "-Dpam=disabled -Daudit=disabled -Dselinux=disabled" +EXTRA_OEMESON += "-Dacl=disabled -Dapparmor=disabled -Dseccomp=disabled" +EXTRA_OEMESON += "-Dlibcryptsetup=disabled -Dlibcurl=disabled -Dlibfido2=disabled" +EXTRA_OEMESON += "-Dpcre2=disabled -Dp11kit=disabled -Dopenssl=disabled" + +do_install() { + install -d ${D}${bindir} + install -m 0755 ${B}/systemd-hwdb ${D}${bindir}/systemd-hwdb +} diff --git a/meta/recipes-core/systemd/systemd-systemctl-native_261.bb b/meta/recipes-core/systemd/systemd-systemctl-native_261.bb index 686448cf1e..a6ad6901e0 100644 --- a/meta/recipes-core/systemd/systemd-systemctl-native_261.bb +++ b/meta/recipes-core/systemd/systemd-systemctl-native_261.bb @@ -6,6 +6,9 @@ require systemd.inc DEPENDS = "gperf-native libcap-native util-linux-native python3-jinja2-native" +# TODO: Remove STATX_MNT_ID patch once minimum supported build host kernel is >= 5.8 (RHEL 8 EOL: 2029) +SRC_URI += "file://Handle-missing-pidfd_open-and-STATX_MNT_ID-on-older-.patch" + inherit pkgconfig meson native MESON_TARGET = "systemctl:executable" diff --git a/meta/recipes-core/systemd/systemd/Handle-missing-pidfd_open-and-STATX_MNT_ID-on-older-.patch b/meta/recipes-core/systemd/systemd/Handle-missing-pidfd_open-and-STATX_MNT_ID-on-older-.patch new file mode 100644 index 0000000000..c63423cc96 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/Handle-missing-pidfd_open-and-STATX_MNT_ID-on-older-.patch @@ -0,0 +1,176 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Turull +Date: Mon, 23 Jun 2026 12:00:00 +0200 +Subject: [PATCH] Handle missing pidfd_open and STATX_MNT_ID on older kernels + +On hosts lacking pidfd_open (kernel < 5.3) or STATX_MNT_ID (kernel < 5.8, +e.g. RHEL 8), native tools (systemctl --root, systemd-hwdb --root) fail +during path resolution. Fix by: + +- Treating ENOSYS/EOPNOTSUPP from pidfd_open as graceful fallback. +- Adding fd_get_mount_id() to read mnt_id from /proc/self/fdinfo (available + since kernel 3.15) and using it as fallback when statx returns -EUNATCH in + fds_inode_and_mount_same() and chase_statx(). + +This restores the /proc/self/fdinfo fallback that existed in systemd 259 +(fd_fdinfo_mnt_id in mountpoint-util.c) but was removed upstream in 260+. + +This patch is only applied to native recipes (systemd-systemctl-native, +systemd-hwdb-native) where /proc/self/fdinfo is guaranteed available. +Do NOT apply to the target systemd recipe. + +Upstream-Status: Inappropriate [oe specific] + +Assisted-by: kiro:claude-opus-4.6 +Signed-off-by: Daniel Turull +--- + src/basic/chase.c | 20 ++++++++++++++- + src/basic/fd-util.c | 63 +++++++++++++++++++++++++++++++++++++++++++-- + src/basic/fd-util.h | 1 + + src/basic/pidref.c | 4 +-- + 4 files changed, 83 insertions(+), 5 deletions(-) + +--- a/src/basic/pidref.c 2026-06-25 14:01:12.007875484 +0200 ++++ b/src/basic/pidref.c 2026-06-25 14:01:55.098770206 +0200 +@@ -106,8 +106,8 @@ int pidref_set_pid(PidRef *pidref, pid_t + + fd = pidfd_open(pid, 0); + if (fd < 0) { +- /* Graceful fallback in case the kernel is out of fds */ +- if (!ERRNO_IS_RESOURCE(errno)) ++ /* Graceful fallback in case the kernel is out of fds or lacks pidfd support */ ++ if (!ERRNO_IS_RESOURCE(errno) && !ERRNO_IS_NOT_SUPPORTED(errno)) + return log_debug_errno(errno, "Failed to open pidfd for pid " PID_FMT ": %m", pid); + + fd = -EBADF; +--- a/src/basic/fd-util.h 2026-06-25 14:01:12.009875526 +0200 ++++ b/src/basic/fd-util.h 2026-06-25 14:01:20.909060415 +0200 +@@ -188,6 +188,7 @@ static inline int dir_fd_is_root_or_cwd( + } + + int fds_inode_and_mount_same(int fd1, int fd2); ++int fd_get_mount_id(int fd, uint64_t *ret); + + int resolve_xat_fdroot(int *fd, const char **path, char **ret_buffer); + +--- a/src/basic/fd-util.c 2026-06-25 14:01:12.011875567 +0200 ++++ b/src/basic/fd-util.c 2026-06-25 14:01:40.007456905 +0200 +@@ -1082,6 +1082,38 @@ int path_is_root_at(int dir_fd, const ch + return fds_inode_and_mount_same(dir_fd, XAT_FDROOT); + } + ++int fd_get_mount_id(int fd, uint64_t *ret) { ++ char path[STRLEN("/proc/self/fdinfo/") + DECIMAL_STR_MAX(int)]; ++ _cleanup_close_ int real_fd = -EBADF; ++ _cleanup_free_ char *p = NULL; ++ uint64_t mnt_id; ++ int r; ++ ++ assert(ret); ++ ++ /* /proc/self/fdinfo/ requires a real fd; resolve AT_FDCWD/XAT_FDROOT via O_PATH. */ ++ if (fd == AT_FDCWD || fd == XAT_FDROOT) { ++ real_fd = open(fd == XAT_FDROOT ? "/" : ".", O_PATH|O_CLOEXEC); ++ if (real_fd < 0) ++ return -errno; ++ fd = real_fd; ++ } ++ ++ assert(fd >= 0); ++ xsprintf(path, "/proc/self/fdinfo/%i", fd); ++ ++ r = get_proc_field(path, "mnt_id", &p); ++ if (r < 0) ++ return r; ++ ++ r = safe_atou64(p, &mnt_id); ++ if (r < 0) ++ return r; ++ ++ *ret = mnt_id; ++ return 0; ++} ++ + int fds_inode_and_mount_same(int fd1, int fd2) { + struct statx sx1, sx2; + int r; +@@ -1092,7 +1124,20 @@ int fds_inode_and_mount_same(int fd1, in + r = xstatx(fd1, /* path = */ NULL, AT_EMPTY_PATH, + STATX_TYPE|STATX_INO|STATX_MNT_ID, + &sx1); +- if (r < 0) ++ if (r == -EUNATCH) { ++ uint64_t mnt_id; ++ ++ /* Kernel lacks STATX_MNT_ID; fall back to /proc/self/fdinfo. */ ++ r = xstatx(fd1, /* path = */ NULL, AT_EMPTY_PATH, ++ STATX_TYPE|STATX_INO, &sx1); ++ if (r < 0) ++ return r; ++ r = fd_get_mount_id(fd1, &mnt_id); ++ if (r < 0) ++ return r; ++ sx1.stx_mnt_id = mnt_id; ++ sx1.stx_mask |= STATX_MNT_ID; ++ } else if (r < 0) + return r; + + if (fd1 == fd2) /* Shortcut things if fds are the same (only after validating the fd) */ +@@ -1101,7 +1146,19 @@ int fds_inode_and_mount_same(int fd1, in + r = xstatx(fd2, /* path = */ NULL, AT_EMPTY_PATH, + STATX_TYPE|STATX_INO|STATX_MNT_ID, + &sx2); +- if (r < 0) ++ if (r == -EUNATCH) { ++ uint64_t mnt_id; ++ ++ r = xstatx(fd2, /* path = */ NULL, AT_EMPTY_PATH, ++ STATX_TYPE|STATX_INO, &sx2); ++ if (r < 0) ++ return r; ++ r = fd_get_mount_id(fd2, &mnt_id); ++ if (r < 0) ++ return r; ++ sx2.stx_mnt_id = mnt_id; ++ sx2.stx_mask |= STATX_MNT_ID; ++ } else if (r < 0) + return r; + + r = statx_mount_same(&sx1, &sx2); +--- a/src/basic/chase.c 2026-06-25 14:01:12.013875609 +0200 ++++ b/src/basic/chase.c 2026-06-25 14:01:47.117604514 +0200 +@@ -40,7 +40,9 @@ + (CHASE_MUST_BE_DIRECTORY|CHASE_MUST_BE_REGULAR|CHASE_MUST_BE_SOCKET) + + static int chase_statx(int fd, struct statx *ret) { +- return xstatx_full(fd, ++ int r; ++ ++ r = xstatx_full(fd, + /* path= */ NULL, + /* statx_flags= */ 0, + XSTATX_MNT_ID_BEST, +@@ -48,6 +50,23 @@ static int chase_statx(int fd, struct st + /* optional_mask= */ 0, + /* mandatory_attributes= */ 0, + ret); ++ if (r == -EUNATCH) { ++ uint64_t mnt_id; ++ ++ /* Kernel lacks STATX_MNT_ID; fall back to /proc/self/fdinfo. */ ++ r = xstatx(fd, /* path= */ NULL, /* statx_flags= */ 0, ++ STATX_TYPE|STATX_UID|STATX_INO, ++ ret); ++ if (r < 0) ++ return r; ++ r = fd_get_mount_id(fd, &mnt_id); ++ if (r < 0) ++ return r; ++ ret->stx_mnt_id = mnt_id; ++ ret->stx_mask |= STATX_MNT_ID; ++ } ++ ++ return r; + } + + static int chase_openat2(int root_fd, int dir_fd, const char *path, ChaseFlags chase_flags) { diff --git a/meta/recipes-core/systemd/systemd/hwdb-use-compat-mode-for-reproducible-cross-builds.patch b/meta/recipes-core/systemd/systemd/hwdb-use-compat-mode-for-reproducible-cross-builds.patch new file mode 100644 index 0000000000..bb90105cbd --- /dev/null +++ b/meta/recipes-core/systemd/systemd/hwdb-use-compat-mode-for-reproducible-cross-builds.patch @@ -0,0 +1,36 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Daniel Turull +Date: Wed, 25 Jun 2026 10:00:00 +0200 +Subject: [PATCH] hwdb: use compat mode to avoid embedding source paths + +Use compat=true in systemd-hwdb's verb_update() so that source +filenames, line numbers, and priorities are not embedded in hwdb.bin. + +Without this, when --root $D is used during cross-compilation, the +absolute build paths (e.g. /tmp/work/.../rootfs/usr/lib/udev/hwdb.d/...) +are written into the database, causing: +- Non-reproducible builds (different TMPDIR → different hwdb.bin) +- Build directory path leakage into the target image + +The compat format matches what udevadm hwdb (the deprecated path) +has always produced, and is the expected format for cross-built images. + +Upstream-Status: Inappropriate [oe specific] + +AI-Generated: Claude Opus 4.6 +Signed-off-by: Daniel Turull +--- + src/hwdb/hwdb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/src/hwdb/hwdb.c ++++ b/src/hwdb/hwdb.c +@@ -27,7 +27,7 @@ static int verb_update(int argc, char *argv[], uintptr_t _data, void *userdata) + if (hwdb_bypass()) + return 0; + +- return hwdb_update(arg_root, arg_hwdb_bin_dir, arg_strict, false); ++ return hwdb_update(arg_root, arg_hwdb_bin_dir, arg_strict, true); + } + + static int help(void) { diff --git a/meta/recipes-core/systemd/systemd_261.bb b/meta/recipes-core/systemd/systemd_261.bb index eedce348c3..22bd4ca5fc 100644 --- a/meta/recipes-core/systemd/systemd_261.bb +++ b/meta/recipes-core/systemd/systemd_261.bb @@ -910,7 +910,7 @@ pkg_prerm:${PN}:libc-glibc () { fi } -PACKAGE_WRITE_DEPS += "qemuwrapper-cross" +PACKAGE_WRITE_DEPS += "qemuwrapper-cross systemd-hwdb-native" pkg_postinst:udev-hwdb () { if test -n "$D"; then diff --git a/scripts/postinst-intercepts/update_udev_hwdb b/scripts/postinst-intercepts/update_udev_hwdb index 8b3f5de791..d7a4ffc294 100644 --- a/scripts/postinst-intercepts/update_udev_hwdb +++ b/scripts/postinst-intercepts/update_udev_hwdb @@ -19,7 +19,23 @@ case "${PREFERRED_PROVIDER_udev}" in ;; esac -rm -f $D${UDEVLIBDIR}/udev/hwdb.bin -PSEUDO_UNLOAD=1 ${binprefix}qemuwrapper -L $D $D${UDEVADM} hwdb --update --root $D ${UDEV_EXTRA_ARGS} || - PSEUDO_UNLOAD=1 qemuwrapper -L $D $D${UDEVADM} hwdb --update --root $D ${UDEV_EXTRA_ARGS} -chown root:root $D${UDEVLIBDIR}/udev/hwdb.bin +hwdb_bin="$D${UDEVLIBDIR}/udev/hwdb.bin" +rm -f "$hwdb_bin" + +# Use native systemd-hwdb to generate hwdb.bin at build time. +# This avoids QEMU user-mode emulation and works on host kernels < 5.8 +# (e.g. RHEL 8) where systemd 261+ would fail due to missing STATX_MNT_ID. +NATIVE_HWDB="${STAGING_DIR_NATIVE}/usr/bin/systemd-hwdb" +if test -x "$NATIVE_HWDB" && test "${PREFERRED_PROVIDER_udev}" = "systemd"; then + PSEUDO_UNLOAD=1 $NATIVE_HWDB update --root $D ${UDEV_EXTRA_ARGS} +else + PSEUDO_UNLOAD=1 ${binprefix}qemuwrapper -L $D $D${UDEVADM} hwdb --update --root $D ${UDEV_EXTRA_ARGS} || + PSEUDO_UNLOAD=1 qemuwrapper -L $D $D${UDEVADM} hwdb --update --root $D ${UDEV_EXTRA_ARGS} +fi + +if ! test -s "$hwdb_bin"; then + echo "ERROR: hwdb.bin was not created at $hwdb_bin" >&2 + echo "The hwdb generation command exited successfully but produced no output." >&2 + exit 1 +fi +chown root:root "$hwdb_bin"