diff options
Diffstat (limited to 'libre/systemd')
-rw-r--r-- | libre/systemd/PKGBUILD | 62 | ||||
-rw-r--r-- | libre/systemd/initcpio-install-systemd | 27 |
2 files changed, 37 insertions, 52 deletions
diff --git a/libre/systemd/PKGBUILD b/libre/systemd/PKGBUILD index 07f9c6b8c..8904d6cd0 100644 --- a/libre/systemd/PKGBUILD +++ b/libre/systemd/PKGBUILD @@ -11,9 +11,9 @@ pkgname+=('systemd-common' 'systemd-udev') # We split Arch's systemd-libs into systemd-$X, for the following $X: _systemd_libs=('libsystemd' 'libudev' 'nss-systemd' 'nss-myhostname' 'nss-mymachines' 'nss-resolve') pkgname+=("${_systemd_libs[@]/#/systemd-}") -_tag='a520e63382396661d79f630b2babe717a85b1209' # git rev-parse v${pkgver} -pkgver=245.5 -pkgrel=2 +_tag='8a8b000d682a7108463c5c74bc876c5658d9de4a' # git rev-parse v${pkgver} +pkgver=245.7 +pkgrel=1 pkgrel+=.parabola1 arch=('x86_64') arch+=('i686' 'armv7h' 'ppc64le') @@ -23,7 +23,7 @@ makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gperf' 'lz4' 'xz' 'pam' 'libelf' 'libmicrohttpd' 'libxslt' 'util-linux' 'linux-api-headers' 'python-lxml' 'quota-tools' 'shadow' 'git' 'meson' 'libseccomp' 'pcre2' 'audit' 'kexec-tools' 'libxkbcommon' - 'bash-completion' 'p11-kit') + 'bash-completion' 'p11-kit' 'systemd') makedepends_i686=('gnu-efi-libs' 'pkgconf') makedepends_x86_64=('gnu-efi-libs') options=('strip') @@ -63,7 +63,7 @@ sha512sums=('SKIP' 'e38c7c422c82953f9c2476a5ab8009d614cbec839e4088bff5db7698ddc84e3d8ed64f32ed323f57b1913c5c9703546f794996cb415ed7cdda930b627962a3c4' '85d11bbbb5c10016e4a67eec051315e2e292939844f260bf698018c5bd1c516c28444f635eb15832a23e26891c4beda14bacfa57fdeda45c00f1b653abe3b123' 'f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73' - '01de24951a05d38eca6b615a7645beb3677ca0e0f87638d133649f6dc14dcd2ea82594a60b793c31b14493a286d1d11a0d25617f54dbfa02be237652c8faa691' + 'f1f0bc599eb73b96f81e5413a55617ab82978d057dc0cabf226d225bb836a967fe13b84c4f24f64c074b6568026ab81d457512ff20a5918892c47a3a603eaa6e' 'a25b28af2e8c516c3a2eec4e64b8c7f70c21f974af4a955a4a9d45fd3e3ff0d2a98b4419fe425d47152d5acae77d64e69d8d014a7209524b75a81b0edb10bf3a' '70b3f1d6aaa9cd4b6b34055a587554770c34194100b17b2ef3aaf4f16f68da0865f6b3ae443b3252d395e80efabd412b763259ffb76c902b60e23b6b522e3cc8' '6c6f579644ea2ebb6b46ee274ab15110718b0de40def8c30173ba8480b045d403f2aedd15b50ad9b96453f4ad56920d1350ff76563755bb9a80b10fa7f64f1d9' @@ -91,18 +91,6 @@ sha512sums=('SKIP' _backports=( # systemd-resolved: use hostname for certificate validation in DoT 'eec394f10bbfcc3d2fc8504ad8ff5be44231abd5' - - # unregister binary formats during shutdown #15566 - # shared: add common helper for unregistering all binfmt entries - '965cc99416a3b5a2a71127e9e6d2e4a95ab3c432' - # shutdown: unregister all binfmt_misc entries before entering shutdown loop - '0282c0285a3e3c2e409305ce28555a6ad0489539' - # binfmt: modernize code a bit - 'f3670df13e144c2f81bf6f9a0bea581e6d555bdd' - # binfmt: also unregister binfmt entries from unit - '846acb6798a63f35162f58e1146d1a1f40849e86' - # man: document binfmt's new --unregister switch - 'cd9aa8f0f91b113acb079e79750c146c0529c2d7' ) _reverts=( @@ -167,10 +155,15 @@ build() { -Dlz4=true -Dman=true + # We disable DNSSEC by default, it still causes trouble: + # https://github.com/systemd/systemd/issues/10579 + -Ddbuspolicydir=/usr/share/dbus-1/system.d + -Ddefault-dnssec=no -Ddefault-hierarchy=hybrid -Ddefault-kill-user-processes=false -Ddefault-locale=C + -Ddns-over-tls=openssl -Dfallback-hostname='parabola' -Dnologin-path=/usr/bin/nologin -Dntp-servers="${_timeservers[*]}" @@ -240,8 +233,7 @@ check() { package_systemd() { pkgdesc='system and service manager' license=('LGPL2.1') - groups=('base-devel') - depends=('bash' 'dbus' 'kbd' 'kmod' + depends=('bash' 'dbus' 'kbd' 'kmod' 'libkmod.so' 'systemd-libs' 'pam' 'libelf' 'util-linux' 'pcre2') depends+=("systemd-common=$pkgver-$pkgrel" 'udev') @@ -292,11 +284,10 @@ package_systemd() { # add mkinitcpio hooks install -D -m0644 initcpio-install-systemd "$pkgdir"/usr/lib/initcpio/install/systemd - # ensure proper permissions for /var/log/journal - # The permissions are stored with named group by tar, so this works with - # users and groups populated by systemd-sysusers. This is only to prevent a - # warning from pacman as permissions are set by systemd-tmpfiles anyway. - install -d -o root -g systemd-journal -m 2755 "$pkgdir"/var/log/journal + # The group 'systemd-journal' is allocated dynamically and may have varying + # gid on different systems. Let's install with gid 0 (root), systemd-tmpfiles + # will fix the permissions for us. (see /usr/lib/tmpfiles.d/systemd.conf) + install -d -o root -g root -m 2755 "$pkgdir"/var/log/journal # match directory owner/group and mode from [extra]/polkit install -d -o root -g 102 -m 0750 "$pkgdir"/usr/share/polkit-1/rules.d @@ -318,10 +309,11 @@ package_systemd() { package_systemd-common() { pkgdesc='systemd files shared between split packages' license=('LGPL2.1') - depends=('acl' 'cryptsetup' 'libdbus' 'glibc' 'iptables' 'libcap' - 'libgcrypt' 'libidn2' 'libidn2.so' 'libseccomp' 'libsystemd.so' + depends=('acl' 'libacl.so' 'cryptsetup' 'libcryptsetup.so' 'libdbus' + 'glibc' 'iptables' 'libcap' 'libcap.so' + 'libgcrypt' 'libidn2' 'libidn2.so' 'libseccomp' 'libseccomp.so' 'libsystemd.so' 'libudev.so' 'libblkid.so' 'libmount.so' 'libuuid.so' 'lz4' - 'xz' 'audit' 'libp11-kit') + 'xz' 'audit' 'libaudit.so' 'libp11-kit' 'libp11-kit.so' 'openssl') cp -rT -d --no-preserve=ownership,timestamp "$srcdir/dest/${pkgname#systemd-}" "$pkgdir" } @@ -329,9 +321,8 @@ package_systemd-common() { package_systemd-udev() { pkgdesc='Userspace device file manager' license=('GPL2') # NB: different than the rest - groups=('base-devel') depends=("systemd-common=$pkgver-$pkgrel" 'systemd-libudev' - 'hwids' 'kmod' 'util-linux' 'zlib') + 'hwids' 'kmod' 'libkmod.so' 'util-linux' 'zlib') backup=(etc/udev/udev.conf) provides+=("${pkgname#systemd-}=$pkgver") @@ -360,7 +351,7 @@ package_systemd-libs() { package_systemd-libsystemd() { pkgdesc='systemd client library' - depends=('glibc' 'libcap' 'libgcrypt' 'lz4' 'xz') + depends=('glibc' 'libcap' 'libcap.so' 'libgcrypt' 'lz4' 'xz') license=('LGPL2.1') provides=('libsystemd.so') @@ -373,8 +364,7 @@ package_systemd-libsystemd() { package_systemd-libudev() { pkgdesc='systemd library for enumerating and introspecting local devices' - groups=('base-devel') # match systemd-udev - depends=('glibc' 'libcap') + depends=('glibc' 'libcap' 'libcap.so') license=('LGPL2.1') provides=('libudev.so') @@ -387,7 +377,7 @@ package_systemd-libudev() { package_systemd-nss-systemd() { pkgdesc='NSS module providing user and group resolution for dynamic users and groups' - depends=('glibc' 'libcap') + depends=('glibc' 'libcap' 'libcap.so') license=('LGPL2.1') provides+=("${pkgname#systemd-}=$pkgver") @@ -399,7 +389,7 @@ package_systemd-nss-systemd() { package_systemd-nss-myhostname() { pkgdesc='NSS module providing hostname resolution for the locally configured system hostname' - depends=('glibc' 'libcap') + depends=('glibc' 'libcap' 'libcap.so') license=('LGPL2.1') provides+=("${pkgname#systemd-}=$pkgver") @@ -411,7 +401,7 @@ package_systemd-nss-myhostname() { package_systemd-nss-mymachines() { pkgdesc='NSS module providing hostname resolution for local systemd-machined container instances' - depends=('glibc' 'libcap') + depends=('glibc' 'libcap' 'libcap.so') license=('LGPL2.1') provides+=("${pkgname#systemd-}=$pkgver") @@ -423,7 +413,7 @@ package_systemd-nss-mymachines() { package_systemd-nss-resolve() { pkgdesc='NSS module providing hostname resolution via systemd-resolved' - depends=('glibc' 'libcap') + depends=('glibc' 'libcap' 'libcap.so') license=('LGPL2.1') provides+=("${pkgname#systemd-}=$pkgver") diff --git a/libre/systemd/initcpio-install-systemd b/libre/systemd/initcpio-install-systemd index 8fb4441f7..9e23070dd 100644 --- a/libre/systemd/initcpio-install-systemd +++ b/libre/systemd/initcpio-install-systemd @@ -69,10 +69,13 @@ add_systemd_unit() { map add_systemd_unit "${values[@]}" ;; Exec*) - # don't add binaries unless they are required - if [[ ${values[0]:0:1} != '-' ]]; then - add_binary "${values[0]}" - fi + # do not add binaries unless they are required, + # strip special executable prefixes + case ${values[0]} in + -*) ;; + !!*) add_binary "${values[0]#!!}" ;; + *) add_binary "${values[0]#[@!:+]}" ;; + esac ;; esac @@ -110,6 +113,7 @@ build() { add_binary /usr/bin/sulogin map add_binary \ + /usr/bin/journalctl \ /usr/bin/systemd-tmpfiles \ /usr/lib/systemd/systemd-hibernate-resume \ /usr/lib/systemd/systemd-shutdown \ @@ -118,9 +122,6 @@ build() { /usr/lib/systemd/system-generators/systemd-gpt-auto-generator \ /usr/lib/systemd/system-generators/systemd-hibernate-resume-generator - # for journalctl in emergency shell - add_binary journalctl - # udev rules and systemd units map add_udev_rule "$rules" \ 50-udev-default.rules \ @@ -171,15 +172,9 @@ build() { 'group: files' \ 'shadow: files' - echo "root:x:0:0:root:/:/bin/sh" >"$BUILDROOT/etc/passwd" - echo "root:x:0:root" >"$BUILDROOT/etc/group" - echo "root::::::::" >"$BUILDROOT/etc/shadow" - - add_systemd_drop_in systemd-udevd.service resolve-names <<EOF -[Service] -ExecStart= -ExecStart=/usr/lib/systemd/systemd-udevd --resolve-names=never -EOF + echo "root:x:0:0:root:/root:/bin/sh" >"$BUILDROOT/etc/passwd" + echo 'root:*:::::::' >"$BUILDROOT/etc/shadow" + getent group root audio disk input kmem kvm lp optical render storage tty uucp video | awk -F: ' { print $1 ":x:" $3 ":" }' >"$BUILDROOT/etc/group" add_dir "/etc/modules-load.d" ( |