diff --git a/SOURCES/50-redhat.conf b/SOURCES/50-redhat.conf new file mode 100644 index 0000000..a975a13 --- /dev/null +++ b/SOURCES/50-redhat.conf @@ -0,0 +1,7 @@ +# https://bugzilla.redhat.com/show_bug.cgi?id=1689346 +kernel.kptr_restrict = 1 + +# Source route verification +net.ipv4.conf.default.rp_filter = 1 +net.ipv4.conf.*.rp_filter = 1 +-net.ipv4.conf.all.rp_filter diff --git a/SOURCES/85-display-manager.preset b/SOURCES/85-display-manager.preset index c1d3069..08d5060 100644 --- a/SOURCES/85-display-manager.preset +++ b/SOURCES/85-display-manager.preset @@ -6,5 +6,6 @@ enable gdm.service enable lightdm.service enable slim.service enable lxdm.service +enable sddm.service enable kdm.service enable xdm.service diff --git a/SOURCES/90-default-user.preset b/SOURCES/90-default-user.preset new file mode 100644 index 0000000..8a37f2b --- /dev/null +++ b/SOURCES/90-default-user.preset @@ -0,0 +1,19 @@ +# Enable the D-Bus service (including its socket for socket activation) +# unconditionally. It is used throughout Fedora and required on all machines. +# https://src.fedoraproject.org/rpms/fedora-release/pull-request/4 +# https://fedoraproject.org/w/index.php?title=Starting_services_by_default&oldid=377748 +enable dbus.socket +enable dbus-broker.service + +# Socket-activated pipewire service for individual user sessions +# https://bugzilla.redhat.com/show_bug.cgi?id=1592434 +enable pipewire.socket + +# Enable the PipeWire PulseAudio compatibility socket interface +# https://bugzilla.redhat.com/show_bug.cgi?id=1904239 +# https://bugzilla.redhat.com/show_bug.cgi?id=1907906 +# https://fedoraproject.org/wiki/Changes/DefaultPipeWire +enable pipewire-pulse.socket + +# https://bugzilla.redhat.com/show_bug.cgi?id=1976006 +enable pipewire-media-session.service diff --git a/SOURCES/90-default.preset b/SOURCES/90-default.preset index ec83002..fd37daf 100644 --- a/SOURCES/90-default.preset +++ b/SOURCES/90-default.preset @@ -30,10 +30,25 @@ enable sysklogd.* # Network facing enable firewalld.service -enable libvirtd.service enable xinetd.service enable ladvd.service +# Virtualization driver specific daemons. Start by defalt at boot for VM +# autostart, but shutdown after 2 mins and socket activated thereafter +enable virtqemud.service + +# Compatibility with libvirtd sockets for old clients and expose TCP sockets +enable virtproxyd.socket + +# Secondary drivers providing supporting functionality to main virtualization +# drivers, socket activated only when required +enable virtinterfaced.socket +enable virtnetworkd.socket +enable virtnodedevd.socket +enable virtnwfilterd.socket +enable virtsecretd.socket +enable virtstoraged.socket + # Storage enable multipathd.service enable libstoragemgmt.service @@ -93,7 +108,7 @@ enable rngd.service # Other stuff enable abrtd.service -enable abrt-ccpp.service +enable abrt-journal-core.service enable abrt-oops.service enable abrt-xorg.service enable abrt-vmcore.service @@ -114,7 +129,6 @@ enable accounts-daemon.service enable rtkit-daemon.service enable upower.service enable udisks2.service -enable polkit.service enable packagekit-offline-update.service enable PackageKit.service @@ -158,3 +172,27 @@ enable device_cio_free.service # Enable the stratis daemon for managing stratis storage # https://bugzilla.redhat.com/show_bug.cgi?id=1632510 enable stratisd.service + +# https://bugzilla.redhat.com/show_bug.cgi?id=1817591 +enable mlocate-updatedb.timer + +# nvme auto connect +# https://bugzilla.redhat.com/show_bug.cgi?id=1805466 +enable nvmefc-boot-connections.service + +# OSTree based systems need to remount /sysroot and +# /var as rw via ostree-remount.service +# ignored by non-OSTree based systems +# https://bugzilla.redhat.com/show_bug.cgi?id=1848453 +enable ostree-remount.service + +# DBus needed by Anaconda +enable dbus.socket +enable dbus-broker.service + +# Enable iscsi service files +# https://bugzilla.redhat.com/show_bug.cgi?id=1930458 +enable iscsi.service +enable iscsid.socket +enable iscsiuio.socket +enable iscsi-onboot.service diff --git a/SOURCES/Contributors b/SOURCES/Contributors index e4ba502..6a7af0a 100644 --- a/SOURCES/Contributors +++ b/SOURCES/Contributors @@ -10,82 +10,3 @@ examples of this. The outpouring support from the community and the amount of people who to together to support us, we want to thank you for believing in us and giving us a chance. Thank you. - -# Special Recognition # - -Contributors, in no particular order: - Mustafa Gezen - Skip Grube - Sherif Nagy - Pablo Greco - Louis Abel - Neil Hanlon - Taylor Goodwill - R. Leigh Hennig - Hayden Young - @jkwong - Michael Young - Rich Alloway - Rob Felsburg - Benjamin Agner - Gregory Kurtzer - Daniel Tharp - Chris Cowley - Brian Clemens - @darkbat91 - @rkm - @raven_kg - Jordan Pisaniello - Trevor Cooper - Chris Stackpole - Steven Spencer - Jessica Jonutz - Wale Soyinka - Ezequiel Bruni - Calder Sheagren - Chris Heath - -# Rocky Linux Teams and Operations # - -Leadership: - Gregory Kurtzer - R. Leigh Hennig - Brian Clemens - -Infrastructure and Operations: - R. Leigh Hennig - Taylor Goodwill - Neil Hanlon - Louis Abel - Randolph (@meltro) - Patrick Roberts - Chris Cowley - Mustafa Gezen - -Release Engineering: - Louis Abel - Mustafa Gezen - Skip Grube - Sherif Nagy - Pablo Greco - -Security: - Rob Felsburg - Benjamin Agner - -Documentation: - Wale Soyinka - -Web: - Hayden Young - Michael Kinder - -Design: - Hayden Young - -Community and Outreach: - Jordan Pisaniello - -Testing: - Trevor Cooper - Chris Stackpole diff --git a/SOURCES/RPM-GPG-KEY-rockyofficial b/SOURCES/RPM-GPG-KEY-rockyofficial deleted file mode 100644 index 28ce769..0000000 --- a/SOURCES/RPM-GPG-KEY-rockyofficial +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBGAofzYBEAC6yS1azw6f3wmaVd//3aSy6O2c9+jeetulRQvg2LvhRRS1eNqp -/x9tbBhfohu/tlDkGpYHV7diePgMml9SZDy1sKlI3tDhx6GZ3xwF0fd1vWBZpmNk -D9gRkUmYBeLotmcXQZ8ZpWLicosFtDpJEYpLUhuIgTKwt4gxJrHvkWsGQiBkJxKD -u3/RlL4IYA3Ot9iuCBflc91EyAw1Yj0gKcDzbOqjvlGtS3ASXgxPqSfU0uLC9USF -uKDnP2tcnlKKGfj0u6VkqISliSuRAzjlKho9Meond+mMIFOTT6qp4xyu+9Dj3IjZ -IC6rBXRU3xi8z0qYptoFZ6hx70NV5u+0XUzDMXdjQ5S859RYJKijiwmfMC7gZQAf -OkdOcicNzen/TwD/slhiCDssHBNEe86Wwu5kmDoCri7GJlYOlWU42Xi0o1JkVltN -D8ZId+EBDIms7ugSwGOVSxyZs43q2IAfFYCRtyKHFlgHBRe9/KTWPUrnsfKxGJgC -Do3Yb63/IYTvfTJptVfhQtL1AhEAeF1I+buVoJRmBEyYKD9BdU4xQN39VrZKziO3 -hDIGng/eK6PaPhUdq6XqvmnsZ2h+KVbyoj4cTo2gKCB2XA7O2HLQsuGduHzYKNjf -QR9j0djjwTrsvGvzfEzchP19723vYf7GdcLvqtPqzpxSX2FNARpCGXBw9wARAQAB -tDNSZWxlYXNlIEVuZ2luZWVyaW5nIDxpbmZyYXN0cnVjdHVyZUByb2NreWxpbnV4 -Lm9yZz6JAk4EEwEIADgWIQRwUcRwqSn0VM6+N7cVr12sbXRaYAUCYCh/NgIbDwUL -CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAVr12sbXRaYLFmEACSMvoO1FDdyAbu -1m6xEzDhs7FgnZeQNzLZECv2j+ggFSJXezlNVOZ5I1I8umBan2ywfKQD8M+IjmrW -k9/7h9i54t8RS/RN7KNo7ECGnKXqXDPzBBTs1Gwo1WzltAoaDKUfXqQ4oJ4aCP/q -/XPVWEzgpJO1XEezvCq8VXisutyDiXEjjMIeBczxb1hbamQX+jLTIQ1MDJ4Zo1YP -zlUqrHW434XC2b1/WbSaylq8Wk9cksca5J+g3FqTlgiWozyy0uxygIRjb6iTzKXk -V7SYxeXp3hNTuoUgiFkjh5/0yKWCwx7aQqlHar9GjpxmBDAO0kzOlgtTw//EqTwR -KnYZLig9FW0PhwvZJUigr0cvs/XXTTb77z/i/dfHkrjVTTYenNyXogPtTtSyxqca -61fbPf0B/S3N43PW8URXBRS0sykpX4SxKu+PwKCqf+OJ7hMEVAapqzTt1q9T7zyB -QwvCVx8s7WWvXbs2d6ZUrArklgjHoHQcdxJKdhuRmD34AuXWCLW+gH8rJWZpuNl3 -+WsPZX4PvjKDgMw6YMcV7zhWX6c0SevKtzt7WP3XoKDuPhK1PMGJQqQ7spegGB+5 -DZvsJS48Ip0S45Qfmj82ibXaCBJHTNZE8Zs+rdTjQ9DS5qvzRA1sRA1dBb/7OLYE -JmeWf4VZyebm+gc50szsg6Ut2yT8hw== -=AiP8 ------END PGP PUBLIC KEY BLOCK----- diff --git a/SOURCES/RPM-GPG-KEY-rockyrepo b/SOURCES/RPM-GPG-KEY-rockyrepo deleted file mode 100644 index 8f51f16..0000000 --- a/SOURCES/RPM-GPG-KEY-rockyrepo +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBGDpK8sBEAC4T6mJcCMktBymcPLD/z+7JrNOg8BqqL4z3zvPTrjl2H1aqDZe -lqLjPeok5ja8LiuEVjwgilgjZ2a7luaChMUzuHOIrERjvNUo4riunmumjZQVUhkg -H1tlSnAxbtRF8qx61ruwPTHj0xH8pnuN0GnktYsZ1mB66pDRBBSG0RQw3zZ5+ZHk -fwefV5YCjjnYOwFyBOhI0p1o+fZCOfgdsh/+sYwCFHBiNzYFcwVdc+RAuYDiIJqT -X5hfDBKPIjAe71lyEoPcIQG9q2FudsNYFlitglpy0ZBA5axEYtdcjXB/GQnFsOPa -GmSXYJJWrWUF1c2bhP2fGJnuyoTcnIfR69B1xuzS19vWuKyBa2a7T8e/iLulNkfJ -SSFdiJIO5pF/zmDZ80aLkRDPKE41mA0zCakncA5WsprCLb1t8G19tBWmT4ZBs/60 -Qj0g8Lcy/tTDICouxaCek61Vas5XRGbbxPuXxbcwcFBwRBhDHBZgd6928mZcHucO -rGfyde21sisRBIfoNN+uqosEerEm0Iz/9VUBXZ2KCOm4a7YaQRb6pnUkHjN8gM1c -89LSpvsfAWJXa2lc+kxMl6+PZCMVlZKPj9wP8eS1+d0xBOWiVhHO17DrCcLSLxKh -9uj55NkaVdsW4BcOfugcI24h+s8vvvs711pphT1LAmfkQARgRZ8eHsye4QARAQAB -tExSZWxlYXNlIEVuZ2luZWVyaW5nIChSb2NreSBMaW51eCBSZXBvc2l0b3J5IFNp -Z25pbmcpIDxyZWxlbmdAcm9ja3lsaW51eC5vcmc+iQJOBBMBCAA4FiEE3v4+dChx -KSUgq33zt5E4hSjgP2UFAmDpK8sCGw8FCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA -CgkQt5E4hSjgP2UDOg/+OozSib1DMLzlwlxPG5LVDnFStz0KdIdR2gRNY6BHNZ3G -sWKjBhJ7fDY1YpuzKJythyhbOamNe76qQQ99oOKLj+kmN3HfH6IOV4F6UU8ZZKH+ -bD6Y3VcwLYMwRG/+L+RIm0/vJq7QCc1uMn8mP8dBP6ZJBqfXsOT8XS0KpGDnqdtl -k1T74+4Actkq72BzZ3AzTLt59FYND5I+1/4MYEE1Qb0sznJdF8VxcXDKhvFG9IXt -5RvBdCN+Pbe8eiYvCCIt7PSctRo3QBikcIYOL1UgHZOb0/HqEr1Ilns5iCNYYSYM -2gw0q9NSqrbiNSrQVsMP6DLw9RTea6Uec3RlaMSKvD9oH3Ur3N1/D5LHjaWnzCU/ -w83Z6PfgVrJPfqLowrkt+LLabyCiRPbaN/pPe97BVAd1J5uP4LeWSfD2FX7XMtMP -UqfYu9piGa45EQF50hMEYMnHO8gl+ezAZ6MtnnjG15yPmWVV2YQFviMyOvgvmga8 -50cRx8LSFrHe8rLNC6B0zfnBM19Ogd9zMHEVmRSOVGGEBRFBemc5AOXarBZKbEn0 -W2Ps9AIlic0cur+oomi3bS6ZduM3hqL2teKIFjxOPoZ3jIBtiI7K2ZwPc8kd2KX8 -d60ca1iROQxvlK4HL69fMhopGUtfgra3qHsPvBA9UE4m9M6cmEiWI9foNd1b4e0= -=Vcm+ ------END PGP PUBLIC KEY BLOCK----- diff --git a/SOURCES/rocky.1.gz b/SOURCES/rocky.1.gz index 0132146..0b11f4c 100644 Binary files a/SOURCES/rocky.1.gz and b/SOURCES/rocky.1.gz differ diff --git a/SPECS/rocky-release.spec b/SPECS/rocky-release.spec index 17b936f..1d890bb 100644 --- a/SPECS/rocky-release.spec +++ b/SPECS/rocky-release.spec @@ -8,9 +8,9 @@ # Distribution Name and Version %define distro_name Rocky Linux %define distro_code Green Obsidian -%define major 8 -%define minor 4 -%define rocky_rel 35 +%define major 9 +%define minor 0 +%define rocky_rel 1 %define upstream_rel %{major}.%{minor} %define rpm_license BSD-3-Clause @@ -27,7 +27,7 @@ Name: rocky-release Version: %{major}.%{minor} -Release: %{rocky_rel}.el8 +Release: %{rocky_rel}.el%{major} Summary: %{distro_name} release files License: %{rpm_license} URL: https://rockylinux.org @@ -54,7 +54,7 @@ Provides: centos-release-eula Requires: rocky-repos(%{major}) # GPG Keys -Source101: RPM-GPG-KEY-rockyofficial +#Source101: RPM-GPG-KEY-rockyofficial Source102: RPM-GPG-KEY-rockytesting # Release Sources @@ -64,7 +64,9 @@ Source202: Contributors Source203: COMMUNITY-CHARTER Source300: 85-display-manager.preset Source301: 90-default.preset -Source302: 99-default-disable.preset +Source302: 90-default-user.preset +Source303: 99-default-disable.preset +Source304: 50-redhat.conf # Repo Sources Source1200: Rocky-BaseOS.repo @@ -178,17 +180,25 @@ install -p -m 0644 %{SOURCE200} %{buildroot}%{_datadir}/rocky-release/ # systemd presets install -d -m 0755 %{buildroot}%{_prefix}/lib/systemd/system-preset/ +install -d -m 0755 %{buildroot}%{_prefix}/lib/systemd/user-preset/ install -m 0644 %{SOURCE300} %{buildroot}/%{_prefix}/lib/systemd/system-preset/ install -m 0644 %{SOURCE301} %{buildroot}/%{_prefix}/lib/systemd/system-preset/ install -m 0644 %{SOURCE302} %{buildroot}/%{_prefix}/lib/systemd/system-preset/ +install -m 0644 %{SOURCE303} %{buildroot}/%{_prefix}/lib/systemd/user-preset/ +install -m 0644 %{SOURCE303} %{buildroot}/%{_prefix}/lib/systemd/user-preset/ + +# sysctl presets +install -d -m 0755 %{buildroot}%{_prefix}/lib/sysctl.d/ +install -m 0644 %{SOURCE304} %{buildroot}/%{_prefix}/lib/sysctl.d/ + # dnf stuff install -d -m 0755 %{buildroot}%{_sysconfdir}/dnf/vars echo "pub/rocky" > %{buildroot}%{_sysconfdir}/dnf/vars/contentdir # Copy out GPG keys install -d -m 0755 %{buildroot}%{_sysconfdir}/pki/rpm-gpg -install -p -m 0644 %{SOURCE101} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ +#install -p -m 0644 %{SOURCE101} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ install -p -m 0644 %{SOURCE102} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ # Copy our yum repos @@ -224,6 +234,7 @@ install -p -m 0644 %{SOURCE1226} %{buildroot}%{_sysconfdir}/yum.repos.d/ %{_datadir}/rocky-release %{_prefix}/lib/os-release %{_prefix}/lib/systemd/system-preset/* +%{_prefix}/lib/systemd/user-preset/* %{_mandir}/man1/rocky.1.gz %files -n rocky-repos @@ -235,76 +246,5 @@ install -p -m 0644 %{SOURCE1226} %{buildroot}%{_sysconfdir}/yum.repos.d/ %{_sysconfdir}/pki/rpm-gpg/ %changelog -* Mon Sep 13 2021 Louis Abel - 8.4-35 -- Add missing CentOS provides and symlinks -- Add centos macros for some builds to complete successfully without relying - on random patching - -* Thu Sep 09 2021 Louis Abel - 8.4-33 -- Add centos as an id_like to allow current and future SIGs that rely on CentOS - to work properly. - -* Wed Jul 07 2021 Louis Abel - 8.4-32 -- Fix URLs for Plus and NFV -- Use a macro for the license across sub packages -- Fix bogus date in changelog - -* Mon Jul 05 2021 Louis Abel - 8.4-30 -- Fix URLs for debuginfo - -* Tue Jun 29 2021 Louis Abel - 8.4-29 -- Fix URLs -- Added debuginfo -- Added NFV (future state) - -* Wed Jun 16 2021 Louis Abel - 8.4-25 -- Fix up outstanding issues - -* Sat Jun 05 2021 Louis Abel - 8.4-24 -- Change all mirrorlist urls to https - -* Tue May 25 2021 Louis Abel - 8.4-23 -- Add a version codename to satisfy vendors -- Change license -- Fix up /etc/os-release and CPE -- Remove unused infra var -- Change base_release_version to major - -* Wed May 19 2021 Louis Abel - 8.4-16 -- Remove annoying /etc/issue banner - -* Sat May 08 2021 Louis Abel - 8.4-15 -- Release for 8.4 - -* Wed May 05 2021 Louis Abel - 8.3-14 -- Add RT, Plus, and NFV repo files - -* Mon May 03 2021 Louis Abel - 8.3-13 -- Add minor version to /etc/os-release to resolve issues - with products that provide the "full version" - -* Sat May 01 2021 Louis Abel - 8.3-12 -- Add resilient storage varient -- Fix vars - -* Wed Apr 28 2021 Louis Abel - 8.3-11 -- Fix repo URL's where needed -- Change contentdir var - -* Sun Apr 25 2021 Louis Abel - 8.3-9 -- Remove and add os-release references - -* Sun Apr 18 2021 Louis Abel - 8.3-8 -- Emphasize that this is not a production ready release -- rpmlint - -* Wed Apr 14 2021 Louis Abel - 8.3-7 -- Fix mantis links - -* Thu Apr 08 2021 Louis Abel - 8.3-5 -- Combine release, repos, and keys together to simplify - -* Mon Feb 01 2021 Louis Abel - 8.3-4 -- Initial Rocky Release 8.3 based on CentOS 8.3 -- Keep centos rpm macro to reduce package modification burden -- Update /etc/issue +* Tue Oct 05 2021 Louis Abel - 9.0-1 +- Init for Rocky Linux 9 (Blue Onyx) diff --git a/id_verify b/id_verify index adc40d4..549aab4 100644 --- a/id_verify +++ b/id_verify @@ -1,2 +1,2 @@ -Signing: 6d745a60 +Signing: None Testing: bbe2c108