diff options
Diffstat (limited to 'libre-testing/systemd')
20 files changed, 841 insertions, 0 deletions
diff --git a/libre-testing/systemd/0001-Use-Arch-Linux-device-access-groups.patch b/libre-testing/systemd/0001-Use-Arch-Linux-device-access-groups.patch new file mode 100644 index 000000000..c511144de --- /dev/null +++ b/libre-testing/systemd/0001-Use-Arch-Linux-device-access-groups.patch @@ -0,0 +1,75 @@ +From 34e4b4953cb99642e9144d97823edf32b06ffe93 Mon Sep 17 00:00:00 2001 +Message-Id: <34e4b4953cb99642e9144d97823edf32b06ffe93.1520376078.git.jan.steffens@gmail.com> +From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> +Date: Tue, 6 Mar 2018 23:39:47 +0100 +Subject: [PATCH] Use Arch Linux' device access groups +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + cdrom → optical + dialout → uucp + tape → storage +--- + rules/50-udev-default.rules.in | 14 +++++++------- + sysusers.d/basic.conf.in | 6 +++--- + 2 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/rules/50-udev-default.rules.in b/rules/50-udev-default.rules.in +index 191f56f42..f81c4d0fc 100644 +--- a/rules/50-udev-default.rules.in ++++ b/rules/50-udev-default.rules.in +@@ -22,7 +22,7 @@ SUBSYSTEM=="tty", KERNEL=="sclp_line[0-9]*", GROUP="tty", MODE="0620" + SUBSYSTEM=="tty", KERNEL=="ttysclp[0-9]*", GROUP="tty", MODE="0620" + SUBSYSTEM=="tty", KERNEL=="3270/tty[0-9]*", GROUP="tty", MODE="0620" + SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty" +-KERNEL=="tty[A-Z]*[0-9]|ttymxc[0-9]*|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout" ++KERNEL=="tty[A-Z]*[0-9]|ttymxc[0-9]*|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="uucp" + + SUBSYSTEM=="mem", KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640" + +@@ -57,13 +57,13 @@ KERNEL=="irlpt[0-9]*", GROUP="lp" + SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0701??:*", GROUP="lp" + + SUBSYSTEM=="block", GROUP="disk" +-SUBSYSTEM=="block", KERNEL=="sr[0-9]*", GROUP="cdrom" +-SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", GROUP="cdrom" +-KERNEL=="sch[0-9]*", GROUP="cdrom" +-KERNEL=="pktcdvd[0-9]*", GROUP="cdrom" +-KERNEL=="pktcdvd", GROUP="cdrom" ++SUBSYSTEM=="block", KERNEL=="sr[0-9]*", GROUP="optical" ++SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", GROUP="optical" ++KERNEL=="sch[0-9]*", GROUP="optical" ++KERNEL=="pktcdvd[0-9]*", GROUP="optical" ++KERNEL=="pktcdvd", GROUP="optical" + +-SUBSYSTEM=="scsi_generic|scsi_tape", SUBSYSTEMS=="scsi", ATTRS{type}=="1|8", GROUP="tape" ++SUBSYSTEM=="scsi_generic|scsi_tape", SUBSYSTEMS=="scsi", ATTRS{type}=="1|8", GROUP="storage" + SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="0", GROUP="disk" + KERNEL=="qft[0-9]*|nqft[0-9]*|zqft[0-9]*|nzqft[0-9]*|rawqft[0-9]*|nrawqft[0-9]*", GROUP="disk" + KERNEL=="loop-control", GROUP="disk", OPTIONS+="static_node=loop-control" +diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in +index 8e358c02d..33e513a36 100644 +--- a/sysusers.d/basic.conf.in ++++ b/sysusers.d/basic.conf.in +@@ -24,14 +24,14 @@ g utmp - - - + + # Hardware access groups + g audio - - - +-g cdrom - - - +-g dialout - - - + g disk - - - + g input - - - + g kvm - - - + g lp - - - ++g optical - - - + g render - - - +-g tape - - - ++g storage - - - ++g uucp - - - + g video - - - + + # Default group for normal users +-- +2.16.2 + diff --git a/libre-testing/systemd/PKGBUILD b/libre-testing/systemd/PKGBUILD new file mode 100644 index 000000000..d0b46eb12 --- /dev/null +++ b/libre-testing/systemd/PKGBUILD @@ -0,0 +1,274 @@ +# Maintainer: Christian Hesse <mail@eworm.de> +# Maintainer: Dave Reisner <dreisner@archlinux.org> +# Maintainer: Tom Gundersen <teg@jklm.no> + +pkgbase=systemd +pkgname=('systemd' 'libsystemd' 'systemd-resolvconf' 'systemd-sysvcompat') +# Can be from either systemd or systemd-stable +_commit='c38499d476026d999558a7eee9c95ca2fa41e115' +pkgver=239.2 +pkgrel=2 +arch=('x86_64' 'ppc64le') +url='https://www.github.com/systemd/systemd' +makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gperf' 'lz4' 'xz' 'pam' 'libelf' + 'intltool' 'iptables' 'kmod' 'libcap' 'libidn2' 'libgcrypt' + 'libmicrohttpd' 'libxslt' 'util-linux' 'linux-api-headers' + 'python-lxml' 'quota-tools' 'shadow' 'gnu-efi-libs' 'git' + 'meson' 'libseccomp' 'pcre2' 'audit' 'kexec-tools' 'libxkbcommon' + 'bash-completion') +options=('strip') +validpgpkeys=('63CDA1E5D3FC22B998D20DD6327F26951A015CC4' # Lennart Poettering <lennart@poettering.net> + '5C251B5FC54EB2F80F407AAAC54CA336CFEB557E') # Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> +source=(# fragment is latest tag for source verification, final merge in prepare() + "git+https://github.com/systemd/systemd-stable#tag=v${pkgver%.*}?signed" + "git+https://github.com/systemd/systemd#tag=v${pkgver%.*}?signed" + '0001-Use-Arch-Linux-device-access-groups.patch' + 'initcpio-hook-udev' + 'initcpio-install-systemd' + 'initcpio-install-udev' + 'arch.conf' + 'loader.conf' + 'splash-arch.bmp' + 'systemd-user.pam' + 'systemd-hook' + 'systemd-binfmt.hook' + 'systemd-catalog.hook' + 'systemd-daemon-reload.hook' + 'systemd-hwdb.hook' + 'systemd-sysctl.hook' + 'systemd-sysusers.hook' + 'systemd-tmpfiles.hook' + 'systemd-udev-reload.hook' + 'systemd-update.hook') +sha512sums=('SKIP' + 'SKIP' + '9348683829190628e25b7b3300fd880c426d555bde330d5fc5150a9a54b3ad9d4d1f2e69ea1dc6d6f086693dacc53c5af30f1fa7ad9b479791fd77bcdafa430e' + 'f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73' + '01de24951a05d38eca6b615a7645beb3677ca0e0f87638d133649f6dc14dcd2ea82594a60b793c31b14493a286d1d11a0d25617f54dbfa02be237652c8faa691' + 'a25b28af2e8c516c3a2eec4e64b8c7f70c21f974af4a955a4a9d45fd3e3ff0d2a98b4419fe425d47152d5acae77d64e69d8d014a7209524b75a81b0edb10bf3a' + '61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648' + 'c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5' + '5a1d78b5170da5abe3d18fdf9f2c3a4d78f15ba7d1ee9ec2708c4c9c2e28973469bc19386f70b3cf32ffafbe4fcc4303e5ebbd6d5187a1df3314ae0965b25e75' + 'b90c99d768dc2a4f020ba854edf45ccf1b86a09d2f66e475de21fe589ff7e32c33ef4aa0876d7f1864491488fd7edb2682fc0d68e83a6d4890a0778dc2d6fe19' + '6b82386fc20619eefa911cd9cdac8efbd0c7137bba4955e8ae75a0ea378d19dbfccc1f7bde6684f03e5f2badefa4abf20623153d88a170d14499167319586db7' + '5a6b6beef8c31c79018884d948de840f4d3dfb07d9a87081ebf65e2b8fe595bc8c96dbd7742920ccf948c233213ed0026abc913650cefd77ad90c6f8c89bddb8' + '4cff2ebd962e26e2f516d8b4ac45c839dbfa54dd0588b423c224a328b9f7c62306ca7b2f6cb55240c564caf9972d5bcd2e0efaf2de49d64729aeb3bc1560c9eb' + '872de70325e9798f0b5a77e991c85bd2ab6de24d9b9ba4e35002d2dd5df15f8b30739a0042a624776177ffc14a838cde7ee98622016ed41df3efda9a659730b2' + '471342b8d0e05533908cda5d6a906050a51e3181beda1239e91d717029ee40a9eaed714996a445417d87c4e31b7f8522a665de176077fe0536d538369594996d' + 'da783e3bfc6469b92dee4064a13e2b427520d3d96b57c95a4e07aaca3e844d95210a8b16122b022080f5452d65096f274dd1c1467725bbdb2e40ef304b78774a' + '08a590d08043a21f30f04252164b94df972b1ff1022a0469d6aef713e14484a3a037cce290a2a582851e6fac3e64add69d6cc8fc130bbeeaea08626ebf3e1763' + '577e33a1c50b4b41157a67f64162b035dd0c4a541e19cee55a100048bdb50cb2c82852741b1372989a0fe4c4782ba477522747fcc81d72aed99b3db512a86447' + 'e4a9d7607fe93daf1d45270971c8d8455c4bfc2c0bea8bcad05aeb89847edee23cd1a41073a72042622acf417018fe254f5bfc137604fe2c71292680bf67a1c2' + '209b01b044877cc986757fa4009a92ea98f480306c2530075d153203c3cd2b3afccab6aacc1453dee8857991e04270572f1700310705d7a0f4d5bed27fab8c67') + +_backports=( + # statx fixes + '75720bff62a84896e9a0654afc7cf9408cf89a38' + '9c869d08d82c73f62ab3527567858ce4b0cf1257' +) + +_reverts=( +) + +prepare() { + cd "$pkgbase-stable" + + # add upstream repository for cherry-picking + git remote add -f upstream ../systemd + # merge the latest stable commit (fast-foward only to make sure + # the verified tag is in) + git merge --ff-only "${_commit}" + + local _c + for _c in "${_backports[@]}"; do + git cherry-pick -n "${_c}" + done + for _c in "${_reverts[@]}"; do + git revert -n "${_c}" + done + + # Replace cdrom/dialout/tape groups with optical/uucp/storage + patch -Np1 -i ../0001-Use-Arch-Linux-device-access-groups.patch +} + +pkgver() { + cd "$pkgbase-stable" + + local _version _count + _version="$(git describe --abbrev=0 --tags)" + _count="$(git rev-list --count ${_version}..)" + printf '%s.%s' "${_version#v}" "${_count}" +} + +build() { + local _timeservers=({0..3}.arch.pool.ntp.org) + local _nameservers=( + # We use these public name services, ordered by their + # privacy policy (hopefully): + # * Cloudflare (https://1.1.1.1/) + # * Quad9 without filtering (https://www.quad9.net/) + # * Google (https://developers.google.com/speed/public-dns/) + 1.1.1.1 + 9.9.9.10 + 8.8.8.8 + 2606:4700:4700::1111 + 2620:fe::10 + 2001:4860:4860::8888 + ) + + local _meson_options=( + -Dgnu-efi=true + -Dima=false + -Dlibidn2=true + -Dlz4=true + + -Ddbuspolicydir=/usr/share/dbus-1/system.d + # TODO(dreisner): consider changing this to unified + -Ddefault-hierarchy=hybrid + -Ddefault-kill-user-processes=false + -Dfallback-hostname='archlinux' + -Dntp-servers="${_timeservers[*]}" + -Ddns-servers="${_nameservers[*]}" + -Drpmmacrosdir=no + -Dsysvinit-path= + -Dsysvrcnd-path= + ) + + arch-meson "$pkgbase-stable" build "${_meson_options[@]}" + + ninja -C build +} + +check() { + meson test -C build +} + +package_systemd() { + pkgdesc='system and service manager' + license=('GPL2' 'LGPL2.1') + groups=('base-devel') + depends=('acl' 'bash' 'cryptsetup' 'dbus' 'iptables' 'kbd' 'kmod' 'hwids' 'libcap' + 'libgcrypt' 'libsystemd' 'libidn2' 'lz4' 'pam' 'libelf' 'libseccomp' + 'util-linux' 'xz' 'pcre2' 'audit') + provides=('nss-myhostname' "systemd-tools=$pkgver" "udev=$pkgver") + replaces=('nss-myhostname' 'systemd-tools' 'udev') + conflicts=('nss-myhostname' 'systemd-tools' 'udev') + optdepends=('libmicrohttpd: remote journald capabilities' + 'quota-tools: kernel-level quota management' + 'systemd-sysvcompat: symlink package to provide sysvinit binaries' + 'polkit: allow administration as unprivileged user' + 'curl: machinectl pull-tar and pull-raw') + backup=(etc/pam.d/systemd-user + etc/systemd/coredump.conf + etc/systemd/journald.conf + etc/systemd/journal-remote.conf + etc/systemd/journal-upload.conf + etc/systemd/logind.conf + etc/systemd/system.conf + etc/systemd/timesyncd.conf + etc/systemd/resolved.conf + etc/systemd/user.conf + etc/udev/udev.conf) + install=systemd.install + + DESTDIR="$pkgdir" meson install -C build + + # don't write units to /etc by default. some of these will be re-enabled on + # post_install. + rm -rv "$pkgdir"/etc/systemd/system/* + + # we'll create this on installation + rmdir "$pkgdir"/var/log/journal/remote + + # runtime libraries shipped with libsystemd + install -d -m0755 libsystemd + mv "$pkgdir"/usr/lib/lib{nss,systemd,udev}*.so* libsystemd + + # manpages shipped with systemd-sysvcompat + rm "$pkgdir"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 + + # executable (symlinks) shipped with systemd-sysvcompat + rm "$pkgdir"/usr/bin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} + + # files shipped with systemd-resolvconf + rm "$pkgdir"/usr/{bin/resolvconf,share/man/man1/resolvconf.1} + + # avoid a potential conflict with [core]/filesystem + rm "$pkgdir"/usr/share/factory/etc/nsswitch.conf + sed -i '/^C \/etc\/nsswitch\.conf/d' "$pkgdir"/usr/lib/tmpfiles.d/etc.conf + + # add back tmpfiles.d/legacy.conf, normally omitted without sysv-compat + install -m0644 $pkgbase-stable/tmpfiles.d/legacy.conf "$pkgdir"/usr/lib/tmpfiles.d + + # ship default policy to leave services disabled + echo 'disable *' >"$pkgdir"/usr/lib/systemd/system-preset/99-default.preset + + # add mkinitcpio hooks + install -D -m0644 initcpio-install-systemd "$pkgdir"/usr/lib/initcpio/install/systemd + install -D -m0644 initcpio-install-udev "$pkgdir"/usr/lib/initcpio/install/udev + install -D -m0644 initcpio-hook-udev "$pkgdir"/usr/lib/initcpio/hooks/udev + + # ensure proper permissions for /var/log/journal + # The permissions are stored with named group by tar, so this works with + # users and groups populated by systemd-sysusers. This is only to prevent a + # warning from pacman as permissions are set by systemd-tmpfiles anyway. + install -d -o root -g systemd-journal -m 2755 "$pkgdir"/var/log/journal + + # match directory owner/group and mode from [extra]/polkit + install -d -o root -g 102 -m 0750 "$pkgdir"/usr/share/polkit-1/rules.d + + # add example bootctl configuration + install -D -m0644 arch.conf "$pkgdir"/usr/share/systemd/bootctl/arch.conf + install -D -m0644 loader.conf "$pkgdir"/usr/share/systemd/bootctl/loader.conf + install -D -m0644 splash-arch.bmp "$pkgdir"/usr/share/systemd/bootctl/splash-arch.bmp + + # pacman hooks + install -D -m0755 systemd-hook "$pkgdir"/usr/share/libalpm/scripts/systemd-hook + install -D -m0644 -t "$pkgdir"/usr/share/libalpm/hooks *.hook + + # overwrite the systemd-user PAM configuration with our own + install -D -m0644 systemd-user.pam "$pkgdir"/etc/pam.d/systemd-user +} + +package_libsystemd() { + pkgdesc='systemd client libraries' + depends=('glibc' 'libcap' 'libgcrypt' 'lz4' 'xz') + license=('GPL2') + provides=('libsystemd.so' 'libudev.so') + + install -d -m0755 "$pkgdir"/usr + mv libsystemd "$pkgdir"/usr/lib +} + +package_systemd-resolvconf() { + pkgdesc='systemd resolvconf replacement' + license=('GPL2') + depends=('systemd') + provides=('openresolv' 'resolvconf') + conflicts=('openresolv') + + install -d -m0755 "$pkgdir"/usr/bin + ln -s resolvectl "$pkgdir"/usr/bin/resolvconf + + install -d -m0755 "$pkgdir"/usr/share/man/man1 + ln -s resolvectl.1.gz "$pkgdir"/usr/share/man/man1/resolvconf.1.gz +} + +package_systemd-sysvcompat() { + pkgdesc='sysvinit compat for systemd' + license=('GPL2') + groups=('base') + conflicts=('sysvinit') + depends=('systemd') + + install -D -m0644 -t "$pkgdir"/usr/share/man/man8 \ + build/man/{telinit,halt,reboot,poweroff,runlevel,shutdown}.8 + + install -d -m0755 "$pkgdir"/usr/bin + ln -s ../lib/systemd/systemd "$pkgdir"/usr/bin/init + for tool in runlevel reboot shutdown poweroff halt telinit; do + ln -s systemctl "$pkgdir"/usr/bin/$tool + done +} + +# vim:ft=sh syn=sh et sw=2: diff --git a/libre-testing/systemd/arch.conf b/libre-testing/systemd/arch.conf new file mode 100644 index 000000000..250b7785e --- /dev/null +++ b/libre-testing/systemd/arch.conf @@ -0,0 +1,7 @@ +## This is just an example config file. +## Please edit the paths and kernel parameters according to your system. + +title Arch Linux +linux /vmlinuz-linux +initrd /initramfs-linux.img +options root=PARTUUID=XXXX rootfstype=XXXX add_efi_memmap diff --git a/libre-testing/systemd/initcpio-hook-udev b/libre-testing/systemd/initcpio-hook-udev new file mode 100644 index 000000000..ea9a11f8c --- /dev/null +++ b/libre-testing/systemd/initcpio-hook-udev @@ -0,0 +1,22 @@ +#!/usr/bin/ash + +run_earlyhook() { + kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf + systemd-tmpfiles --prefix=/dev --create --boot + /usr/lib/systemd/systemd-udevd --daemon --resolve-names=never + udevd_running=1 +} + +run_hook() { + msg ":: Triggering uevents..." + udevadm trigger --action=add --type=subsystems + udevadm trigger --action=add --type=devices + udevadm settle +} + +run_cleanuphook() { + udevadm control --exit + udevadm info --cleanup-db +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/libre-testing/systemd/initcpio-install-systemd b/libre-testing/systemd/initcpio-install-systemd new file mode 100644 index 000000000..8fb4441f7 --- /dev/null +++ b/libre-testing/systemd/initcpio-install-systemd @@ -0,0 +1,202 @@ +#!/bin/bash + +strip_quotes() { + local len=${#1} quotes=$'[\'"]' str=${!1} + + if [[ ${str:0:1} = ${str: -1} && ${str:0:1} = $quotes ]]; then + printf -v "$1" %s "${str:1:-1}" + fi +} + +add_udev_rule() { + # Add an udev rules file to the initcpio image. Dependencies on binaries + # will be discovered and added. + # $1: path to rules file (or name of rules file) + + local rules= rule= key= value= binary= + + rules=$(PATH=/usr/lib/udev/rules.d:/lib/udev/rules.d type -P "$1") + if [[ -z $rules ]]; then + # complain about not found rules + return 1 + fi + + add_file "$rules" + + while IFS=, read -ra rule; do + # skip empty lines, comments + [[ -z $rule || $rule = @(+([[:space:]])|#*) ]] && continue + + for pair in "${rule[@]}"; do + IFS=' =' read -r key value <<< "$pair" + case $key in + RUN@({program}|+)|IMPORT{program}|ENV{REMOVE_CMD}) + strip_quotes 'value' + # just take the first word as the binary name + binary=${value%% *} + [[ ${binary:0:1} == '$' ]] && continue + if [[ ${binary:0:1} != '/' ]]; then + binary=$(PATH=/usr/lib/udev:/lib/udev type -P "$binary") + fi + add_binary "$binary" + ;; + esac + done + done <"$rules" +} + +add_systemd_unit() { + # Add a systemd unit file to the initcpio image. Hard dependencies on binaries + # and other unit files will be discovered and added. + # $1: path to rules file (or name of rules file) + + local unit= rule= entry= key= value= binary= dep= + + unit=$(PATH=/usr/lib/systemd/system:/lib/systemd/system type -P "$1") + if [[ -z $unit ]]; then + # complain about not found unit file + return 1 + fi + + add_file "$unit" + + while IFS='=' read -r key values; do + read -ra values <<< "$values" + + case $key in + Requires|OnFailure) + # only add hard dependencies (not Wants) + map add_systemd_unit "${values[@]}" + ;; + Exec*) + # don't add binaries unless they are required + if [[ ${values[0]:0:1} != '-' ]]; then + add_binary "${values[0]}" + fi + ;; + esac + + done <"$unit" + + # preserve reverse soft dependency + for dep in {/usr,}/lib/systemd/system/*.wants/${unit##*/}; do + if [[ -L $dep ]]; then + add_symlink "$dep" + fi + done + + # add hard dependencies + if [[ -d $unit.requires ]]; then + for dep in "$unit".requires/*; do + add_systemd_unit ${dep##*/} + done + fi +} + +add_systemd_drop_in() { + local unit=$1 dropin_name=$2 + + mkdir -p "$BUILDROOT/etc/systemd/system/$unit.d" + cat >"$BUILDROOT/etc/systemd/system/$unit.d/$2.conf" +} + +build() { + local rules unit + + # from base + add_binary /bin/mount + add_binary /usr/bin/kmod /usr/bin/modprobe + add_binary /usr/lib/systemd/systemd /init + add_binary /usr/bin/sulogin + + map add_binary \ + /usr/bin/systemd-tmpfiles \ + /usr/lib/systemd/systemd-hibernate-resume \ + /usr/lib/systemd/systemd-shutdown \ + /usr/lib/systemd/systemd-sulogin-shell \ + /usr/lib/systemd/system-generators/systemd-fstab-generator \ + /usr/lib/systemd/system-generators/systemd-gpt-auto-generator \ + /usr/lib/systemd/system-generators/systemd-hibernate-resume-generator + + # for journalctl in emergency shell + add_binary journalctl + + # udev rules and systemd units + map add_udev_rule "$rules" \ + 50-udev-default.rules \ + 60-persistent-storage.rules \ + 64-btrfs.rules \ + 80-drivers.rules \ + 99-systemd.rules + + map add_systemd_unit \ + initrd-cleanup.service \ + initrd-fs.target \ + initrd-parse-etc.service \ + initrd-root-fs.target \ + initrd-root-device.target \ + initrd-switch-root.service \ + initrd-switch-root.target \ + initrd-udevadm-cleanup-db.service \ + initrd.target \ + kmod-static-nodes.service \ + local-fs.target \ + local-fs-pre.target \ + paths.target \ + reboot.target \ + slices.target \ + sockets.target \ + swap.target \ + systemd-fsck@.service \ + systemd-hibernate-resume@.service \ + systemd-journald.service \ + systemd-journald-audit.socket \ + systemd-journald-dev-log.socket \ + systemd-modules-load.service \ + systemd-tmpfiles-setup-dev.service \ + systemd-udev-trigger.service \ + systemd-udevd-control.socket \ + systemd-udevd-kernel.socket \ + systemd-udevd.service \ + timers.target \ + rescue.target \ + emergency.target + + add_symlink "/usr/lib/systemd/system/default.target" "initrd.target" + add_symlink "/usr/lib/systemd/system/ctrl-alt-del.target" "reboot.target" + + add_binary "$(readlink -f /usr/lib/libnss_files.so)" + printf '%s\n' >"$BUILDROOT/etc/nsswitch.conf" \ + 'passwd: files' \ + 'group: files' \ + 'shadow: files' + + echo "root:x:0:0:root:/:/bin/sh" >"$BUILDROOT/etc/passwd" + echo "root:x:0:root" >"$BUILDROOT/etc/group" + echo "root::::::::" >"$BUILDROOT/etc/shadow" + + add_systemd_drop_in systemd-udevd.service resolve-names <<EOF +[Service] +ExecStart= +ExecStart=/usr/lib/systemd/systemd-udevd --resolve-names=never +EOF + + add_dir "/etc/modules-load.d" + ( + . "$_f_config" + set -f + printf '%s\n' ${MODULES[@]} >"$BUILDROOT/etc/modules-load.d/MODULES.conf" + ) +} + +help() { + cat <<HELPEOF +This will install a basic systemd setup in your initramfs, and is meant to +replace the 'base', 'usr', 'udev' and 'resume' hooks. Other hooks with runtime +components will need to be ported, and will not work as intended. You also may +wish to still include the 'base' hook (before this hook) to ensure that a +rescue shell exists on your initramfs. +HELPEOF +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/libre-testing/systemd/initcpio-install-udev b/libre-testing/systemd/initcpio-install-udev new file mode 100644 index 000000000..31d982712 --- /dev/null +++ b/libre-testing/systemd/initcpio-install-udev @@ -0,0 +1,29 @@ +#!/bin/bash + +build() { + local rules tool + + add_binary /usr/lib/systemd/systemd-udevd + add_binary /usr/bin/udevadm + add_binary /usr/bin/systemd-tmpfiles + + for rules in 50-udev-default.rules 60-persistent-storage.rules 64-btrfs.rules 80-drivers.rules; do + add_file "/usr/lib/udev/rules.d/$rules" + done + for tool in ata_id scsi_id; do + add_file "/usr/lib/udev/$tool" + done + + add_runscript +} + +help() { + cat <<HELPEOF +This hook adds the udev daemon to the initramfs, allowing for dynamic loading +of modules and reliable detection of the root device via tags (e.g. UUID or +LABEL). Do not remove this hook unless you are using the systemd hook, or you +know what you're doing. +HELPEOF +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/libre-testing/systemd/loader.conf b/libre-testing/systemd/loader.conf new file mode 100644 index 000000000..1f7cd7ef4 --- /dev/null +++ b/libre-testing/systemd/loader.conf @@ -0,0 +1 @@ +default arch diff --git a/libre-testing/systemd/splash-arch.bmp b/libre-testing/systemd/splash-arch.bmp Binary files differnew file mode 100644 index 000000000..f083d4bbf --- /dev/null +++ b/libre-testing/systemd/splash-arch.bmp diff --git a/libre-testing/systemd/systemd-binfmt.hook b/libre-testing/systemd/systemd-binfmt.hook new file mode 100644 index 000000000..9c31a4b16 --- /dev/null +++ b/libre-testing/systemd/systemd-binfmt.hook @@ -0,0 +1,10 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Target = usr/lib/binfmt.d/*.conf + +[Action] +Description = Registering binary formats... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/systemd-hook binfmt diff --git a/libre-testing/systemd/systemd-catalog.hook b/libre-testing/systemd/systemd-catalog.hook new file mode 100644 index 000000000..d28bddc4b --- /dev/null +++ b/libre-testing/systemd/systemd-catalog.hook @@ -0,0 +1,11 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Operation = Remove +Target = usr/lib/systemd/catalog/* + +[Action] +Description = Updating journal message catalog... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/systemd-hook catalog diff --git a/libre-testing/systemd/systemd-daemon-reload.hook b/libre-testing/systemd/systemd-daemon-reload.hook new file mode 100644 index 000000000..87923e862 --- /dev/null +++ b/libre-testing/systemd/systemd-daemon-reload.hook @@ -0,0 +1,11 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Operation = Remove +Target = usr/lib/systemd/system/* + +[Action] +Description = Reloading system manager configuration... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/systemd-hook daemon-reload diff --git a/libre-testing/systemd/systemd-hook b/libre-testing/systemd/systemd-hook new file mode 100644 index 000000000..0a664f2c5 --- /dev/null +++ b/libre-testing/systemd/systemd-hook @@ -0,0 +1,32 @@ +#!/bin/sh -e + +systemd_live() { + if [ ! -d /run/systemd/system ]; then + echo >&2 " Skipped: Current root is not booted." + exit 0 + fi +} + +udevd_live() { + if [ ! -d /run/udev ]; then + echo >&2 " Skipped: Device manager is not running." + exit 0 + fi +} + +case $1 in + catalog) /usr/bin/journalctl --update-catalog ;; + hwdb) /usr/bin/systemd-hwdb --usr update ;; + update) touch -c /usr ;; + sysusers) /usr/bin/systemd-sysusers ;; + tmpfiles) /usr/bin/systemd-tmpfiles --create ;; + + daemon-reload) systemd_live; /usr/bin/systemctl daemon-reload ;; + udev-reload) udevd_live; /usr/bin/udevadm control --reload ;; + binfmt) systemd_live; /usr/lib/systemd/systemd-binfmt ;; + sysctl) systemd_live; /usr/lib/systemd/systemd-sysctl ;; + + *) echo >&2 " Invalid operation '$1'"; exit 1 ;; +esac + +exit 0 diff --git a/libre-testing/systemd/systemd-hwdb.hook b/libre-testing/systemd/systemd-hwdb.hook new file mode 100644 index 000000000..f0440b0a6 --- /dev/null +++ b/libre-testing/systemd/systemd-hwdb.hook @@ -0,0 +1,11 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Operation = Remove +Target = usr/lib/udev/hwdb.d/* + +[Action] +Description = Updating udev hardware database... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/systemd-hook hwdb diff --git a/libre-testing/systemd/systemd-sysctl.hook b/libre-testing/systemd/systemd-sysctl.hook new file mode 100644 index 000000000..aec5ac1b0 --- /dev/null +++ b/libre-testing/systemd/systemd-sysctl.hook @@ -0,0 +1,10 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Target = usr/lib/sysctl.d/*.conf + +[Action] +Description = Applying kernel sysctl settings... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/systemd-hook sysctl diff --git a/libre-testing/systemd/systemd-sysusers.hook b/libre-testing/systemd/systemd-sysusers.hook new file mode 100644 index 000000000..9873dd402 --- /dev/null +++ b/libre-testing/systemd/systemd-sysusers.hook @@ -0,0 +1,10 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Target = usr/lib/sysusers.d/*.conf + +[Action] +Description = Creating system user accounts... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/systemd-hook sysusers diff --git a/libre-testing/systemd/systemd-tmpfiles.hook b/libre-testing/systemd/systemd-tmpfiles.hook new file mode 100644 index 000000000..df60d8275 --- /dev/null +++ b/libre-testing/systemd/systemd-tmpfiles.hook @@ -0,0 +1,10 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Target = usr/lib/tmpfiles.d/*.conf + +[Action] +Description = Creating temporary files... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/systemd-hook tmpfiles diff --git a/libre-testing/systemd/systemd-udev-reload.hook b/libre-testing/systemd/systemd-udev-reload.hook new file mode 100644 index 000000000..04238bd58 --- /dev/null +++ b/libre-testing/systemd/systemd-udev-reload.hook @@ -0,0 +1,11 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Operation = Remove +Target = usr/lib/udev/rules.d/* + +[Action] +Description = Reloading device manager configuration... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/systemd-hook udev-reload diff --git a/libre-testing/systemd/systemd-update.hook b/libre-testing/systemd/systemd-update.hook new file mode 100644 index 000000000..7084a0c16 --- /dev/null +++ b/libre-testing/systemd/systemd-update.hook @@ -0,0 +1,11 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Operation = Remove +Target = usr/ + +[Action] +Description = Arming ConditionNeedsUpdate... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/systemd-hook update diff --git a/libre-testing/systemd/systemd-user.pam b/libre-testing/systemd/systemd-user.pam new file mode 100644 index 000000000..83f762696 --- /dev/null +++ b/libre-testing/systemd/systemd-user.pam @@ -0,0 +1,5 @@ +# Used by systemd --user instances. + +account include system-login +session required pam_loginuid.so +session include system-login diff --git a/libre-testing/systemd/systemd.install b/libre-testing/systemd/systemd.install new file mode 100644 index 000000000..fedc747ea --- /dev/null +++ b/libre-testing/systemd/systemd.install @@ -0,0 +1,99 @@ +#!/bin/bash + +sd_booted() { + [[ -d run/systemd/system && ! -L run/systemd/system ]] +} + +add_journal_acls() { + # ignore errors, since the filesystem might not support ACLs + setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx var/log/journal/ 2>/dev/null + : +} + +post_common() { + systemd-sysusers + journalctl --update-catalog +} + +_216_2_changes() { + echo ':: Coredumps are handled by systemd by default. Collection behavior can be' + echo ' tuned in /etc/systemd/coredump.conf.' +} + +_219_2_changes() { + if mkdir -m2755 var/log/journal/remote 2>/dev/null; then + chgrp systemd-journal-remote var/log/journal/remote + fi +} + +_219_4_changes() { + if ! systemctl is-enabled -q remote-fs.target; then + systemctl enable -q remote-fs.target + fi +} + +_230_1_changes() { + echo ':: systemd-bootchart is no longer included with systemd' +} + +_232_8_changes() { + # paper over possible effects of CVE-2016-10156 + local stamps=(/var/lib/systemd/timers/*.timer) + + if [[ -f ${stamps[0]} ]]; then + chmod 0644 "${stamps[@]}" + fi +} + +_233_75_3_changes() { + # upstream installs services to /etc, which we remove + # to keep bus activation we re-enable systemd-resolved + if systemctl is-enabled -q systemd-resolved.service; then + systemctl reenable systemd-resolved.service 2>/dev/null + fi +} + +post_install() { + systemd-machine-id-setup + + post_common "$@" + + add_journal_acls + + # enable some services by default, but don't track them + systemctl enable getty@tty1.service remote-fs.target + + echo ":: Append 'init=/usr/lib/systemd/systemd' to your kernel command line in your" + echo " bootloader to replace sysvinit with systemd, or install systemd-sysvcompat" + + # group 'systemd-journal-remote' is created by systemd-sysusers + mkdir -m2755 var/log/journal/remote + chgrp systemd-journal-remote var/log/journal/remote +} + +post_upgrade() { + post_common "$@" + + # don't reexec if the old version is 231-1 or 231-2. + # https://github.com/systemd/systemd/commit/bd64d82c1c + if [[ $1 != 231-[12] ]] && sd_booted; then + systemctl --system daemon-reexec + fi + + local v upgrades=( + 216-2 + 219-2 + 219-4 + 230-1 + 232-8 + 233.75-3 + ) + + for v in "${upgrades[@]}"; do + if [[ $(vercmp "$v" "$2") -eq 1 ]]; then + "_${v//[.-]/_}_changes" + fi + done +} + +# vim:set ts=2 sw=2 et: |