From 79b4a49c0fdcbaa9c182172422107dab8979f47c Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 26 Jul 2022 17:41:51 +0100 Subject: [PATCH 1/3] portable: set PrivateTmp=yes in trusted profile too When running on images you don't want to modify the /tmp directory even if it's writable, and often it will just be read-only. Set PrivateTmp=yes. Fixes https://github.com/systemd/systemd/issues/23592 --- src/portable/profile/trusted/service.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/portable/profile/trusted/service.conf b/src/portable/profile/trusted/service.conf index 9a6af70b93989..04deeb2262e16 100644 --- a/src/portable/profile/trusted/service.conf +++ b/src/portable/profile/trusted/service.conf @@ -1,7 +1,8 @@ -# The "trusted" profile for services, i.e. no restrictions are applied +# The "trusted" profile for services, i.e. no restrictions are applied apart from a private /tmp [Service] MountAPIVFS=yes +PrivateTmp=yes BindPaths=/run BindReadOnlyPaths=/etc/machine-id BindReadOnlyPaths=/etc/resolv.conf From 5e6167daceaeb91e3c900471d567a92e19a56916 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 26 Jul 2022 18:01:09 +0100 Subject: [PATCH 2/3] docs: add disabled PR template for code freeze To be enabled on rc1, and disabled again after the final release. Gives contributors a clear warning that new features/APIs will be postponed. --- .github/pull_request_template.md.disabled | 5 +++++ docs/RELEASE.md | 2 ++ 2 files changed, 7 insertions(+) create mode 100644 .github/pull_request_template.md.disabled diff --git a/.github/pull_request_template.md.disabled b/.github/pull_request_template.md.disabled new file mode 100644 index 0000000000000..a1333460afd09 --- /dev/null +++ b/.github/pull_request_template.md.disabled @@ -0,0 +1,5 @@ +# CODE FREEZE NOTICE + +An -rc1 tag has been created and a release is being prepared, so please note that +PRs introducing new features and APIs will be held back until the new version +has been released. diff --git a/docs/RELEASE.md b/docs/RELEASE.md index acbfa8e5bb3e4..0d48047f9a8bd 100644 --- a/docs/RELEASE.md +++ b/docs/RELEASE.md @@ -13,6 +13,8 @@ SPDX-License-Identifier: LGPL-2.1-or-later 4. Update hwdb (`ninja -C build update-hwdb`, `ninja -C build update-hwdb-autosuspend`, commit separately). 5. Update syscall numbers (`ninja -C build update-syscall-tables update-syscall-header`). 6. [RC1] Update version and library numbers in `meson.build` +6. [RC1] Rename `.github/pull_request_template.md.disabled` to `.github/pull_request_template.md` to display the warning about soft-freeze for new features +6. [FINAL] Rename `.github/pull_request_template.md` to `.github/pull_request_template.md.disabled` to hide the warning about soft-freeze for new features 7. Check dbus docs with `ninja -C build update-dbus-docs` 8. Tag the release: `version=vXXX-rcY && git tag -s "${version}" -m "systemd ${version}"` 9. Do `ninja -C build` From 544d4cb65821a88d8d82be423ef23cdf6518f4a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Jul 2022 17:09:07 +0000 Subject: [PATCH 3/3] build(deps): bump meson from 0.62.2 to 0.63.0 in /.github/workflows Bumps [meson](https://github.com/mesonbuild/meson) from 0.62.2 to 0.63.0. - [Release notes](https://github.com/mesonbuild/meson/releases) - [Commits](https://github.com/mesonbuild/meson/compare/0.62.2...0.63.0) --- updated-dependencies: - dependency-name: meson dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/requirements.txt b/.github/workflows/requirements.txt index c97c178a5b497..5bc9cbef8ebb2 100644 --- a/.github/workflows/requirements.txt +++ b/.github/workflows/requirements.txt @@ -1,6 +1,6 @@ -meson==0.62.2 \ - --hash=sha256:a7669e4c4110b06b743d57cc5d6432591a6677ef2402139fe4f3d42ac13380b0 \ - --hash=sha256:c245d2b39e1ce1d1968e0b7067771fd02ca1bade1990adb3cf4088375ba188c9 +meson==0.63.0 \ + --hash=sha256:399f2ca3181ef257fe3adb2deaff46bc19435cb8b1e883f26db831ce32139820 \ + --hash=sha256:3b51d451744c2bc71838524ec8d96cd4f8c4793d5b8d5d0d0a9c8a4f7c94cd6f ninja==1.10.2.3 \ --hash=sha256:0560eea57199e41e86ac2c1af0108b63ae77c3ca4d05a9425a750e908135935a \ --hash=sha256:21a1d84d4c7df5881bfd86c25cce4cf7af44ba2b8b255c57bc1c434ec30a2dfc \