archlinuxarm/PKGBUILDs
1
0
Fork 0
mirror of https://github.com/archlinuxarm/PKGBUILDs.git synced 2025-02-16 23:57:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

core/systemd to 233-6

Browse source
This commit is contained in:
Kevin Mihelich 2017-07-02 21:41:10 +00:00
parent a0ec5d6788
commit bfa844bfb1
6 changed files with 51 additions and 164 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
core/systemd/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch
View file

@ -1,62 +0,0 @@
From 481712d9ee88395042f0640f272c1f87142bc0a8 Mon Sep 17 00:00:00 2001
From: Dave Reisner <dreisner@archlinux.org>
Date: Wed, 9 Nov 2016 11:14:03 -0500
Subject: [PATCH] Revert "nspawn: try to bind mount resolved's resolv.conf
snippet into the container"
This reverts commit 3539724c26a1b2b00c4eb3c004b635a4b8647de6.
---
src/nspawn/nspawn.c | 27 ++++++++-------------------
1 file changed, 8 insertions(+), 19 deletions(-)
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index c8b18bc..93df7c6 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -1309,35 +1309,24 @@ static int setup_resolv_conf(const char *dest) {
/* Fix resolv.conf, if possible */
where = prefix_roota(dest, "/etc/resolv.conf");
- if (access("/usr/lib/systemd/resolv.conf", F_OK) >= 0) {
- /* resolved is enabled on the host. In this, case bind mount its static resolv.conf file into the
- * container, so that the container can use the host's resolver. Given that network namespacing is
- * disabled it's only natural of the container also uses the host's resolver. It also has the big
- * advantage that the container will be able to follow the host's DNS server configuration changes
- * transparently. */
-
- r = mount_verbose(LOG_WARNING, "/usr/lib/systemd/resolv.conf", where, NULL, MS_BIND, NULL);
- if (r >= 0)
- return mount_verbose(LOG_ERR, NULL, where, NULL,
- MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NOSUID|MS_NODEV, NULL);
- }
-
- /* If that didn't work, let's copy the file */
r = copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW, 0644, 0);
if (r < 0) {
- /* If the file already exists as symlink, let's suppress the warning, under the assumption that
- * resolved or something similar runs inside and the symlink points there.
+ /* If the file already exists as symlink, let's
+ * suppress the warning, under the assumption that
+ * resolved or something similar runs inside and the
+ * symlink points there.
*
- * If the disk image is read-only, there's also no point in complaining.
+ * If the disk image is read-only, there's also no
+ * point in complaining.
*/
log_full_errno(IN_SET(r, -ELOOP, -EROFS) ? LOG_DEBUG : LOG_WARNING, r,
- "Failed to copy /etc/resolv.conf to %s, ignoring: %m", where);
+ "Failed to copy /etc/resolv.conf to %s: %m", where);
return 0;
}
r = userns_lchown(where, 0, 0);
if (r < 0)
- log_warning_errno(r, "Failed to chown /etc/resolv.conf, ignoring: %m");
+ log_warning_errno(r, "Failed to chown /etc/resolv.conf: %m");
return 0;
}
--
2.10.2

30
core/systemd/0001-disable-RestrictAddressFamilies-on-i686.patch
View file

@ -1,30 +0,0 @@
From ff59e06f9423af0532aaeedf931474823f764875 Mon Sep 17 00:00:00 2001
From: Dave Reisner <dreisner@archlinux.org>
Date: Wed, 9 Nov 2016 08:00:26 -0500
Subject: [PATCH] disable RestrictAddressFamilies on i686
Shit's broke, yo.
https://github.com/systemd/systemd/issues/4575
---
src/core/execute.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/core/execute.c b/src/core/execute.c
index f666f7c..7d09154 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1254,6 +1254,10 @@ static int apply_address_families(const Unit* u, const ExecContext *c) {
Iterator i;
int r;
+#if defined(__i386__)
+ return 0;
+#endif
+
assert(c);
if (skip_seccomp_unavailable(u, "RestrictAddressFamilies="))
--
2.10.2

26
core/systemd/0001-nspawn-don-t-hide-bind-tmp-mounts.patch
View file

@ -1,26 +0,0 @@
From 7ec42a45410cb27140292d85ebb0e4b6dcea5555 Mon Sep 17 00:00:00 2001
From: Dave Reisner <dreisner@archlinux.org>
Date: Wed, 7 Dec 2016 13:45:48 -0500
Subject: [PATCH] nspawn: don't hide --bind=/tmp/* mounts
This is a v232-applicable version of upstream c9fd987279a462e.
---
src/nspawn/nspawn-mount.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c
index 115de64..2dabe2a 100644
--- a/src/nspawn/nspawn-mount.c
+++ b/src/nspawn/nspawn-mount.c
@@ -382,7 +382,7 @@ int mount_all(const char *dest,
{ "tmpfs", "/dev", "tmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, true, false, false },
{ "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, false, false },
{ "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, false, false },
- { "tmpfs", "/tmp", "tmpfs", "mode=1777", MS_STRICTATIME, true, true, false },
+ { "tmpfs", "/tmp", "tmpfs", "mode=1777", MS_STRICTATIME, true, false, false },
#ifdef HAVE_SELINUX
{ "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND, false, false, false }, /* Bind mount first */
{ NULL, "/sys/fs/selinux", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, false, false, false }, /* Then, make it r/o */
--
2.10.2

84
core/systemd/PKGBUILD
View file

@ -7,8 +7,8 @@
pkgbase=systemd
pkgname=('systemd' 'libsystemd' 'systemd-sysvcompat')
pkgver=232
pkgrel=8
pkgver=233
pkgrel=6
arch=('i686' 'x86_64')
url="https://www.github.com/systemd/systemd"
makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gperf' 'lz4' 'xz' 'pam' 'libelf'
@ -27,14 +27,11 @@ source=("git://github.com/systemd/systemd.git#tag=v$pkgver"
'systemd-hwdb.hook'
'systemd-sysusers.hook'
'systemd-tmpfiles.hook'
'systemd-update.hook'
'0001-disable-RestrictAddressFamilies-on-i686.patch'
'0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch'
'0001-nspawn-don-t-hide-bind-tmp-mounts.patch')
'systemd-update.hook')
sha512sums=('SKIP'
'f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73'
'52af734947a768758d5eb3f18e31a1cfec6699eca6fa10e40b90c7f11991509186c0a696e3490af3eaba80064ea4cb93e041579abf05addf072d294300aa4b28'
'fec639de0d99967ed3e67289eff5ff78fff0c5829d350e73bed536a8391f1daa1d118d72dbdc1f480ffd33fc22b72f4817d0973bd09ec7f182fd26ad87b24355'
'691acebb243b9cd7fb63272662f34bdb9aead710c69aee9361ab2322f9f108600ad5b0214fc00b7cb2d9c95db8abd748030625d60d6567efd98663c56ba28c65'
'a25b28af2e8c516c3a2eec4e64b8c7f70c21f974af4a955a4a9d45fd3e3ff0d2a98b4419fe425d47152d5acae77d64e69d8d014a7209524b75a81b0edb10bf3a'
'61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648'
'c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5'
'5a1d78b5170da5abe3d18fdf9f2c3a4d78f15ba7d1ee9ec2708c4c9c2e28973469bc19386f70b3cf32ffafbe4fcc4303e5ebbd6d5187a1df3314ae0965b25e75'
@ -42,22 +39,20 @@ sha512sums=('SKIP'
'2c1f765e7cefc50f07ad994634ea25d9396e6b9c0de46e58f18377e642a471517a0dbf5eb547070a38c6ecf84ec8e030f650a6cee010871cd7a466a32534adda'
'9d27d97f172a503f5b7044480a0b9ccc0c4ed5dbb2eb3b2b1aa929332c3bcfe38ef0c0310b6566f23b34f9c05b77035221164a7ab7677784c4a54664f12fca22'
'0f4efddd25256e09c42b953caeee4b93eb49ecc6eaebf02e616b4dcbfdac9860c3d8a3d1a106325b2ebc4dbc6e08ac46702abcb67a06737227ccb052aaa2a067'
'10190fba9f39a8f4b620a0829e0ba8ed63bb4dbeca712966011ee7807880d01ab2abff1a80baafeb6674db70526a473fe585db8190e864f318fc4d6068552618'
'89f9b2d3918c679ce4f76c2b10dc7fcb7e04f1925a5f92542f06891de2a123a91df7eb67fd4ce71506a8132f5440b3560b7bb667e1c1813944b115c1dfe35e3f'
'b993a42c5534582631f7b379d54f6abc37e3aaa56ecf869a6d86ff14ae5a52628f4e447b6a30751bc1c14c30cec63a5c6d0aa268362d235ed477b639cac3a219'
'68478403433aafc91a03fda5d83813d2ed1dfc6ab7416b2927a803314ecf826edcb6c659587e74df65de3ccb1edf958522f56ff9ac461a1f696b6dede1d4dd35')
'10190fba9f39a8f4b620a0829e0ba8ed63bb4dbeca712966011ee7807880d01ab2abff1a80baafeb6674db70526a473fe585db8190e864f318fc4d6068552618')
validpgpkeys=(
'63CDA1E5D3FC22B998D20DD6327F26951A015CC4' # Lennart Poettering
)
_backports=(
'843d5baf6aad6c53fc00ea8d95d83209a4f92de1' # core: don't use the unified hierarchy for the systemd cgroup yet (#4628)
'abd67ce74858491565cde157c7b08fda43d3279c' # basic/virt: fix userns check on CONFIG_USER_NS=n kernel (#4651)
'4318abe8d26e969ebdb97744a63ab900233a0185' # build-sys: do not install ctrl-alt-del.target symlink twice
'd112eae7da77899be245ab52aa1747d4675549f1' # device: Avoid calling unit_free(NULL) in device setup logic (#4748)
'cfed63f60dd7412c199652825ed172c319b02b3c' # nspawn: fix exit code for --help and --version (#4609)
'3099caf2b5bb9498b1d0227c40926435ca81f26f' # journal: make sure to initially populate the space info cache (#4807)
'3d4cf7de48a74726694abbaa09f9804b845ff3ba' # build-sys: check for lz4 in the old and new numbering scheme (#4717)
# build-sys: make RPM macros installation path configurable
'ff2e33db54719bfe8feea833571652318c6d197c'
# resolved: do not start LLMNR or mDNS stack when no network enables them
'2c7ef56459bf6fe7761595585aa4eed5cd183f27^..2c7ef56459bf6fe7761595585aa4eed5cd183f27^2'
# networkd: RFC compliant autonomous prefix handling (#5636)
'6554550f35a7976f9110aff94743d3576d5f02dd'
# shared: fix keyring handling in ask-password-api
'2c390a919055af01b3ab6cce6dd0f97fb4784460'
)
_validate_tag() {
@ -92,21 +87,21 @@ prepare() {
_validate_tag || return
if (( ${#_backports[*]} > 0 )); then
git cherry-pick -n "${_backports[@]}"
fi
local _commit
for _commit in "${_backports[@]}"; do
git cherry-pick -n "$_commit"
done
# https://github.com/systemd/systemd/issues/4789
patch -Np1 <../0001-nspawn-don-t-hide-bind-tmp-mounts.patch
# these patches aren't upstream, but they make v232 more useable.
# https://github.com/systemd/systemd/issues/4575
patch -Np1 <../0001-disable-RestrictAddressFamilies-on-i686.patch
# https://github.com/systemd/systemd/issues/4595
# https://github.com/systemd/systemd/issues/3826
patch -Np1 <../0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch
# nss-resolve: drop the internal fallback to libnss_dns
git show 5486a31d287f26bcd7c0a4eb2abfa4c074b985f1 -- \
Makefile.am src/nss-resolve/nss-resolve.c | git apply --index
# Resolved packet size (#6214) (FS#54619, CVE-2017-9445)
git show '751ca3f1de316ca79b60001334dbdf54077e1d01' \
'db848813bae4d28c524b3b6a7dad135e426659ce' \
'88795538726a5bbfd9efc13d441cb05e1d7fc139' \
'64a21fdaca7c93f1c30b21f6fdbd2261798b161a' \
-- . ':!src/resolve/meson.build' | git apply --index
./autogen.sh
}
@ -135,6 +130,9 @@ build() {
--with-default-dnssec=no
--with-dbuspolicydir=/usr/share/dbus-1/system.d
--without-kill-user-processes
--with-rpmmacrosdir=no
# TODO(dreisner): consider changing this to unified
--with-default-hierarchy=hybrid
)
./configure "${configure_options[@]}"
@ -145,14 +143,13 @@ build() {
package_systemd() {
pkgdesc="system and service manager"
license=('GPL2' 'LGPL2.1')
depends=('acl' 'bash' 'dbus' 'iptables' 'kbd' 'kmod' 'hwids' 'libcap'
depends=('acl' 'bash' 'cryptsetup' 'dbus' 'iptables' 'kbd' 'kmod' 'hwids' 'libcap'
'libgcrypt' 'libsystemd' 'libidn' 'lz4' 'pam' 'libelf' 'libseccomp'
'util-linux' 'xz')
provides=('nss-myhostname' "systemd-tools=$pkgver" "udev=$pkgver")
replaces=('nss-myhostname' 'systemd-tools' 'udev')
conflicts=('nss-myhostname' 'systemd-tools' 'udev')
optdepends=('cryptsetup: required for encrypted block devices'
'libmicrohttpd: remote journald capabilities'
optdepends=('libmicrohttpd: remote journald capabilities'
'quota-tools: kernel-level quota management'
'systemd-sysvcompat: symlink package to provide sysvinit binaries'
'polkit: allow administration as unprivileged user')
@ -175,9 +172,6 @@ package_systemd() {
# post_install.
rm -r "$pkgdir/etc/systemd/system/"*.wants
# get rid of RPM macros
rm -r "$pkgdir/usr/lib/rpm"
# add back tmpfiles.d/legacy.conf
install -m644 "$pkgbase/tmpfiles.d/legacy.conf" "$pkgdir/usr/lib/tmpfiles.d"
@ -198,18 +192,26 @@ package_systemd() {
chown root:systemd-journal "$pkgdir/var/log/journal"
chmod 2755 "$pkgdir/var/log/journal"
# match directory owner/group and mode from extra/polkit
chown root:102 "$pkgdir"/usr/share/polkit-1/rules.d
chmod 0750 "$pkgdir"/usr/share/polkit-1/rules.d
# we'll create this on installation
rmdir "$pkgdir/var/log/journal/remote"
# ship default policy to leave services disabled
echo 'disable *' >"$pkgdir"/usr/lib/systemd/system-preset/99-default.preset
### manpages shipped with systemd-sysvcompat
# manpages shipped with systemd-sysvcompat
rm "$pkgdir"/usr/share/man/man8/{telinit,halt,reboot,poweroff,runlevel,shutdown}.8
### runtime libraries shipped with libsystemd
# runtime libraries shipped with libsystemd
rm "$pkgdir"/usr/lib/lib{nss,systemd,udev}*.so*
# allow core/filesystem to pristine nsswitch.conf
rm "$pkgdir/usr/share/factory/etc/nsswitch.conf"
sed -i '/^C \/etc\/nsswitch\.conf/d' "$pkgdir/usr/lib/tmpfiles.d/etc.conf"
# add example bootctl configuration
install -Dm644 "$srcdir/arch.conf" "$pkgdir"/usr/share/systemd/bootctl/arch.conf
install -Dm644 "$srcdir/loader.conf" "$pkgdir"/usr/share/systemd/bootctl/loader.conf

6
core/systemd/initcpio-install-systemd
View file

@ -160,9 +160,11 @@ build() {
add_symlink "/usr/lib/systemd/system/default.target" "initrd.target"
add_symlink "/usr/lib/systemd/system/ctrl-alt-del.target" "reboot.target"
# udev wants /etc/group since it doesn't launch with --resolve-names=never
add_file "/etc/nsswitch.conf"
add_binary "$(readlink -f /usr/lib/libnss_files.so)"
printf '%s\n' >"$BUILDROOT/etc/nsswitch.conf" \
'passwd: files' \
'group: files' \
'shadow: files'
echo "root:x:0:0:root:/:/bin/sh" >"$BUILDROOT/etc/passwd"
echo "root:x:0:root" >"$BUILDROOT/etc/group"

7
core/systemd/initcpio-install-udev
View file

@ -19,9 +19,10 @@ build() {
help() {
cat <<HELPEOF
This hook will use udev to create your root device node and detect the needed
modules for your root device. It is also required for firmware loading in
initramfs. It is recommended to use this hook.
This hook adds the udev daemon to the initramfs, allowing for dynamic loading
of modules and reliable detection of the root device via tags (e.g. UUID or
LABEL). Do not remove this hook unless you are using the systemd hook, or you
know what you're doing.
HELPEOF
}