From 79b4a49c0fdcbaa9c182172422107dab8979f47c Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 26 Jul 2022 17:41:51 +0100 Subject: [PATCH 1/3] portable: set PrivateTmp=yes in trusted profile too When running on images you don't want to modify the /tmp directory even if it's writable, and often it will just be read-only. Set PrivateTmp=yes. Fixes https://github.com/systemd/systemd/issues/23592 --- src/portable/profile/trusted/service.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/portable/profile/trusted/service.conf b/src/portable/profile/trusted/service.conf index 9a6af70b93989..04deeb2262e16 100644 --- a/src/portable/profile/trusted/service.conf +++ b/src/portable/profile/trusted/service.conf @@ -1,7 +1,8 @@ -# The "trusted" profile for services, i.e. no restrictions are applied +# The "trusted" profile for services, i.e. no restrictions are applied apart from a private /tmp [Service] MountAPIVFS=yes +PrivateTmp=yes BindPaths=/run BindReadOnlyPaths=/etc/machine-id BindReadOnlyPaths=/etc/resolv.conf From 5e6167daceaeb91e3c900471d567a92e19a56916 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 26 Jul 2022 18:01:09 +0100 Subject: [PATCH 2/3] docs: add disabled PR template for code freeze To be enabled on rc1, and disabled again after the final release. Gives contributors a clear warning that new features/APIs will be postponed. --- .github/pull_request_template.md.disabled | 5 +++++ docs/RELEASE.md | 2 ++ 2 files changed, 7 insertions(+) create mode 100644 .github/pull_request_template.md.disabled diff --git a/.github/pull_request_template.md.disabled b/.github/pull_request_template.md.disabled new file mode 100644 index 0000000000000..a1333460afd09 --- /dev/null +++ b/.github/pull_request_template.md.disabled @@ -0,0 +1,5 @@ +# CODE FREEZE NOTICE + +An -rc1 tag has been created and a release is being prepared, so please note that +PRs introducing new features and APIs will be held back until the new version +has been released. diff --git a/docs/RELEASE.md b/docs/RELEASE.md index acbfa8e5bb3e4..0d48047f9a8bd 100644 --- a/docs/RELEASE.md +++ b/docs/RELEASE.md @@ -13,6 +13,8 @@ SPDX-License-Identifier: LGPL-2.1-or-later 4. Update hwdb (`ninja -C build update-hwdb`, `ninja -C build update-hwdb-autosuspend`, commit separately). 5. Update syscall numbers (`ninja -C build update-syscall-tables update-syscall-header`). 6. [RC1] Update version and library numbers in `meson.build` +6. [RC1] Rename `.github/pull_request_template.md.disabled` to `.github/pull_request_template.md` to display the warning about soft-freeze for new features +6. [FINAL] Rename `.github/pull_request_template.md` to `.github/pull_request_template.md.disabled` to hide the warning about soft-freeze for new features 7. Check dbus docs with `ninja -C build update-dbus-docs` 8. Tag the release: `version=vXXX-rcY && git tag -s "${version}" -m "systemd ${version}"` 9. Do `ninja -C build` From c07ee08469054cd5b6ba671d138441f316b3fda8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Jul 2022 17:09:04 +0000 Subject: [PATCH 3/3] build(deps): bump actions/setup-node from 3.3.0 to 3.4.1 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.3.0 to 3.4.1. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/eeb10cff27034e7acf239c5d29f62154018672fd...2fddd8803e2f5c9604345a0b591c3020ee971a93) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/issue_labeler.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/issue_labeler.yml b/.github/workflows/issue_labeler.yml index 64774e67cc30f..094f72c4b97ce 100644 --- a/.github/workflows/issue_labeler.yml +++ b/.github/workflows/issue_labeler.yml @@ -22,7 +22,7 @@ jobs: steps: - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b - - uses: actions/setup-node@eeb10cff27034e7acf239c5d29f62154018672fd + - uses: actions/setup-node@2fddd8803e2f5c9604345a0b591c3020ee971a93 with: node-version: '16'