core/systemd to 238.0-3.1

core/systemd/0001-seccomp-include-ARM-cacheflush-in-default.patch

@@ -0,0 +1,26 @@
+From 5efc4609bdfb3db976f0e73f9da7148147d28eee Mon Sep 17 00:00:00 2001
+From: Kevin Mihelich <kevin@archlinuxarm.org>
+Date: Wed, 21 Mar 2018 17:26:15 +0000
+Subject: [PATCH] seccomp: include ARM cacheflush in @default
+
+Whitelist the cacheflush system call, so that applications using it
+don't trigger a segfault when run under systemd-nspawn.
+---
+ src/shared/seccomp-util.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c
+index 220658b3a..e244da0e4 100644
+--- a/src/shared/seccomp-util.c
++++ b/src/shared/seccomp-util.c
+@@ -273,6 +273,7 @@ const SyscallFilterSet syscall_filter_sets[_SYSCALL_FILTER_SET_MAX] = {
+                 .name = "@default",
+                 .help = "System calls that are always permitted",
+                 .value =
++                "cacheflush\0"
+                 "clock_getres\0"
+                 "clock_gettime\0"
+                 "clock_nanosleep\0"
+-- 
+2.16.2
+

core/systemd/PKGBUILD

@@ -6,13 +6,15 @@
 # ALARM: Kevin Mihelich <kevin@archlinuxarm.org>
 #  - disable gold/LTO
 #  - removed makedepend on gnu-efi-libs, set -Dgnuefi=false
+#  - patch to whitelist cacheflush syscall
+#  - backport to build against new libgpg-error
 
 pkgbase=systemd
 pkgname=('systemd' 'libsystemd' 'systemd-sysvcompat')
 # Can be from either systemd or systemd-stable
 _commit='738ab7502afb7663d9aacdd73e79025aa7cd0a9b'
 pkgver=238.0
-pkgrel=3
+pkgrel=3.1
 arch=('x86_64')
 url="https://www.github.com/systemd/systemd"
 makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gperf' 'lz4' 'xz' 'pam' 'libelf'
@@ -26,6 +28,7 @@ validpgpkeys=('63CDA1E5D3FC22B998D20DD6327F26951A015CC4'  # Lennart Poettering <
 source=('git+https://github.com/systemd/systemd-stable'
         'git+https://github.com/systemd/systemd'
         '0001-Use-Arch-Linux-device-access-groups.patch'
+        '0001-seccomp-include-ARM-cacheflush-in-default.patch'
         'initcpio-hook-udev'
         'initcpio-install-systemd'
         'initcpio-install-udev'
@@ -46,6 +49,7 @@ source=('git+https://github.com/systemd/systemd-stable'
 sha512sums=('SKIP'
             'SKIP'
             '9348683829190628e25b7b3300fd880c426d555bde330d5fc5150a9a54b3ad9d4d1f2e69ea1dc6d6f086693dacc53c5af30f1fa7ad9b479791fd77bcdafa430e'
+            'df7ec8f840a54b404d1f3ab2708ae2a618820cb411b826128cf10b20ccdab057306446295c6b1c98a05ca0adb1b30d390dfb0156b52ea772978e1f1bf5135e09'
             'f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73'
             '86d7cacd7536b1069c82bbbb08de7ec81e7f0f18a19fc2b06fabe90db4700623eb3540b75121080d325672d92e26912632ae4f93fd3c0bb48eb3e5eedd88352c'
             'a25b28af2e8c516c3a2eec4e64b8c7f70c21f974af4a955a4a9d45fd3e3ff0d2a98b4419fe425d47152d5acae77d64e69d8d014a7209524b75a81b0edb10bf3a'
@@ -67,6 +71,9 @@ sha512sums=('SKIP'
 _backports=(
   # core: do not free heap-allocated strings (#8391) (FS#57741)
   '5cbaad2f6795088db56063d20695c6444595822f'
+
+  # basic/macros: rename noreturn into _noreturn_
+  '848e863acc51ecfb0f3955c498874588201d9130'
 )
 
 _reverts=(
@@ -116,6 +123,9 @@ prepare() {
 
   # Replace cdrom/dialout/tape groups with optical/uucp/storage
   patch -Np1 -i ../0001-Use-Arch-Linux-device-access-groups.patch
+
+  # seccomp: include ARM cacheflush in @default
+  patch -Np1 -i ../0001-seccomp-include-ARM-cacheflush-in-default.patch
 }
 
 pkgver() {