systemd/259 package update #76334
+22
−42
Merged
systemd/259 package update #76334
Octo STS / staging-autofix
succeeded
Dec 22, 2025 in 0s
Merge report generated
Merge Report
First Commit SHA: d6951a71ef52dc9f61611d2754c64278c86167e5
Embeddings Stored
Stored 2 embedding(s) in the vector index:
-
Datapoint ID:
53c173d1-a4b6-4843-9f1d-165ebc7271f0
Error: Assertion failed: "r = fw_nftables_add_masquerade(nfnl, true, AF_INET6, &u1, 128)" failed with unexpected error: -2/ENOENT -
Datapoint ID:
f1ab66e8-7c08-495e-a4ac-0fcf91add808
Error: Assertion failed: Expected "unshare(CLONE_NEWUTS)" to succeed, but got errno: 1/EPERM
Patch
From 57c3fb0d425e9004e87d18cdbf0b176cc99dda9d Mon Sep 17 00:00:00 2001
From: Markus Boehme <[email protected]>
Date: Mon, 22 Dec 2025 17:13:46 +0100
Subject: [PATCH 1/3] systemd: skip unit test test-firewall-util temporarily
The unit test test-firewall-util depends on various netfilter NAT
modules being available. Skip the test for now until a new Elastic
Build kernel has been deployed that brings those modules built-in.
Signed-off-by: Markus Boehme <[email protected]>
---
systemd.yaml | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/systemd.yaml b/systemd.yaml
index 03af8e8144e..c8fbe3f0d7c 100644
--- a/systemd.yaml
+++ b/systemd.yaml
@@ -190,6 +190,7 @@ subpackages:
# 2025/03/28 11:52:30 INFO Assertion 'mkdtemp_malloc("/tmp/test-rm-rf.XXXXXXX", &d) >= 0' failed at src/test/test-rm-rf.c:19, function test_rm_rf_chmod_inner(). Aborting.
# 2025/03/28 11:52:30 INFO (setresuid) terminated by signal ABRT.
# 2025/03/28 11:52:30 INFO Assertion 'r >= 0' failed at src/test/test-rm-rf.c:100, function test_rm_rf_chmod(). Aborting.
+ # test-firewall-util - Assertion failed: "r = fw_nftables_add_masquerade(nfnl, true, AF_INET6, &u1, 128)" failed with unexpected error: -2/ENOENT
/usr/lib/systemd/tests/run-unit-tests.py -u \
-s test-sd-device \
-s test-path-util \
@@ -205,7 +206,8 @@ subpackages:
-s test-namespace \
-s test-mount-util \
-s test-bpf-foreign-programs \
- -s test-execute
+ -s test-execute \
+ -s test-firewall-util
- range: standalone-binaries
name: ${{range.key}}-standalone
@@ -810,6 +812,11 @@ test:
- systemd-dev
- libsystemd
pipeline:
+ - runs: |
+ if [ '${{package.version}}-r${{package.epoch}}' != '259-r0' ]; then
+ echo 'Check if unit test test-firewall-util can be enabled now!'
+ exit 1
+ fi
- uses: test/verify-service
with:
skip-files: syslog.socket # intentionally shipped without a corresponding service
From 2a37a34a06c7e2c0113ae11b47b196e3103e3d1f Mon Sep 17 00:00:00 2001
From: Markus Boehme <[email protected]>
Date: Mon, 22 Dec 2025 17:26:25 +0000
Subject: [PATCH 2/3] systemd: add dependency on libarchive
According to the changelog [1], systemd v259 no longer depends on the
tar binary since it completed a rewrite of the functionality using
libarchive. Add an explicit dependency on libarchive since, like other
shared objects in v259, is only used via dlopen and escapes SCA.
[1]: https://github.com/systemd/systemd/releases/tag/v259
Signed-off-by: Markus Boehme <[email protected]>
---
systemd.yaml | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/systemd.yaml b/systemd.yaml
index c8fbe3f0d7c..39b89d6a063 100644
--- a/systemd.yaml
+++ b/systemd.yaml
@@ -13,6 +13,7 @@ package:
- dbus
- kmod
- libacl1
+ - libarchive
- libaudit
- libblkid
- libmount
@@ -406,7 +407,7 @@ subpackages:
description: "systemd container tools"
dependencies:
runtime:
- - gnutar
+ - libarchive
- merged-lib
- merged-sbin
- merged-usrsbin
@@ -462,7 +463,7 @@ subpackages:
# without openssl-provider-legacy import errors referencing CRYPTOGRAPHY_OPENSSL_NO_LEGACY
packages:
- curl
- - gnutar
+ - libarchive
pipeline:
- uses: test/verify-service
- runs: |
From bfb65cfe8121b57161da87018afec7ec4691d2c5 Mon Sep 17 00:00:00 2001
From: Markus Boehme <[email protected]>
Date: Mon, 22 Dec 2025 19:58:00 +0000
Subject: [PATCH 3/3] systemd: skip unit test test-hostname-setup
The unit test test-hostname-setup is trying to set up a new UTS
namespace, which does not work on the Docker Melange runner. Skip it.
Signed-off-by: Markus Boehme <[email protected]>
---
systemd.yaml | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/systemd.yaml b/systemd.yaml
index 39b89d6a063..fc2efdd8a2d 100644
--- a/systemd.yaml
+++ b/systemd.yaml
@@ -192,6 +192,7 @@ subpackages:
# 2025/03/28 11:52:30 INFO (setresuid) terminated by signal ABRT.
# 2025/03/28 11:52:30 INFO Assertion 'r >= 0' failed at src/test/test-rm-rf.c:100, function test_rm_rf_chmod(). Aborting.
# test-firewall-util - Assertion failed: "r = fw_nftables_add_masquerade(nfnl, true, AF_INET6, &u1, 128)" failed with unexpected error: -2/ENOENT
+ # test-hostname-setup - does not work in Docker (Assertion failed: Expected "unshare(CLONE_NEWUTS)" to succeed, but got errno: 1/EPERM)
/usr/lib/systemd/tests/run-unit-tests.py -u \
-s test-sd-device \
-s test-path-util \
@@ -208,7 +209,8 @@ subpackages:
-s test-mount-util \
-s test-bpf-foreign-programs \
-s test-execute \
- -s test-firewall-util
+ -s test-firewall-util \
+ -s test-hostname-setup
- range: standalone-binaries
name: ${{range.key}}-standalone
Loading