diff options
Diffstat (limited to 'libre')
22 files changed, 1289 insertions, 0 deletions
diff --git a/libre/notsystemd/0001-FSDG-man-Refer-to-the-operating-system-as-GNU-Linux.patch b/libre/notsystemd/0001-FSDG-man-Refer-to-the-operating-system-as-GNU-Linux.patch new file mode 100644 index 000000000..e91d0afd8 --- /dev/null +++ b/libre/notsystemd/0001-FSDG-man-Refer-to-the-operating-system-as-GNU-Linux.patch @@ -0,0 +1,80 @@ +From 64713f35b5a75b441ab300813ff5a48b0bffed92 Mon Sep 17 00:00:00 2001 +From: Luke Shumaker <lukeshu@sbcglobal.net> +Date: Wed, 25 May 2016 12:19:20 -0400 +Subject: [PATCH 1/6] FSDG: man/: Refer to the operating system as GNU/Linux. + +This is not a blind replacement of "Linux" with "GNU/Linux". In some +cases, "Linux" is (correctly) used to refer to just the kernel. In others, +it is in a string for which code must also be adjusted; these instances +are not included in this commit. +--- + man/daemon.xml | 4 ++-- + man/sd-bus-errors.xml | 2 +- + man/sd_bus_error_add_map.xml | 2 +- + man/systemd.xml | 2 +- + 4 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/man/daemon.xml b/man/daemon.xml +index b6125cb..f74fd35 100644 +--- a/man/daemon.xml ++++ b/man/daemon.xml +@@ -168,7 +168,7 @@ + <refsect2> + <title>New-Style Daemons</title> + +- <para>Modern services for Linux should be implemented as ++ <para>Modern services for GNU/Linux should be implemented as + new-style daemons. This makes it easier to supervise and control + them at runtime and simplifies their implementation.</para> + +@@ -311,7 +311,7 @@ + as detailed in the <ulink + url="http://refspecs.linuxbase.org/LSB_3.1.1/LSB-Core-generic/LSB-Core-generic/iniscrptact.html">LSB + Linux Standard Base Core Specification</ulink>. This method of +- activation is supported ubiquitously on Linux init systems, both ++ activation is supported ubiquitously on GNU/Linux init systems, both + old-style and new-style systems. Among other issues, SysV init + scripts have the disadvantage of involving shell scripts in the + boot process. New-style init systems generally employ updated +diff --git a/man/sd-bus-errors.xml b/man/sd-bus-errors.xml +index 055af7a..d2b81f4 100644 +--- a/man/sd-bus-errors.xml ++++ b/man/sd-bus-errors.xml +@@ -126,7 +126,7 @@ + + <para>In addition to this list, in sd-bus, the special error + namespace <literal>System.Error.</literal> is used to map +- arbitrary Linux system errors (as defined by <citerefentry ++ arbitrary GNU/Linux system errors (as defined by <citerefentry + project='man-pages'><refentrytitle>errno</refentrytitle><manvolnum>3</manvolnum></citerefentry>) + to D-Bus errors and back. For example, the error + <constant>EUCLEAN</constant> is mapped to +diff --git a/man/sd_bus_error_add_map.xml b/man/sd_bus_error_add_map.xml +index 139bd77..7dc1ef6 100644 +--- a/man/sd_bus_error_add_map.xml ++++ b/man/sd_bus_error_add_map.xml +@@ -82,7 +82,7 @@ + + <para>The <function>sd_bus_error_add_map()</function> call may be + used to register additional mappings for converting D-Bus errors +- to Linux <varname>errno</varname>-style errors. The mappings ++ to GNU/Linux <varname>errno</varname>-style errors. The mappings + defined with this call are consulted by calls such as + <citerefentry><refentrytitle>sd_bus_error_set</refentrytitle><manvolnum>3</manvolnum></citerefentry> + or +diff --git a/man/systemd.xml b/man/systemd.xml +index b8d91b8..e05a9d6 100644 +--- a/man/systemd.xml ++++ b/man/systemd.xml +@@ -61,7 +61,7 @@ + <refsect1> + <title>Description</title> + +- <para>systemd is a system and service manager for Linux operating ++ <para>systemd is a system and service manager for GNU/Linux operating + systems. When run as first process on boot (as PID 1), it acts as + init system that brings up and maintains userspace + services.</para> +-- +2.8.3 + diff --git a/libre/notsystemd/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch b/libre/notsystemd/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch new file mode 100644 index 000000000..5d47d01a4 --- /dev/null +++ b/libre/notsystemd/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch @@ -0,0 +1,62 @@ +From 481712d9ee88395042f0640f272c1f87142bc0a8 Mon Sep 17 00:00:00 2001 +From: Dave Reisner <dreisner@archlinux.org> +Date: Wed, 9 Nov 2016 11:14:03 -0500 +Subject: [PATCH] Revert "nspawn: try to bind mount resolved's resolv.conf + snippet into the container" + +This reverts commit 3539724c26a1b2b00c4eb3c004b635a4b8647de6. +--- + src/nspawn/nspawn.c | 27 ++++++++------------------- + 1 file changed, 8 insertions(+), 19 deletions(-) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index c8b18bc..93df7c6 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -1309,35 +1309,24 @@ static int setup_resolv_conf(const char *dest) { + /* Fix resolv.conf, if possible */ + where = prefix_roota(dest, "/etc/resolv.conf"); + +- if (access("/usr/lib/systemd/resolv.conf", F_OK) >= 0) { +- /* resolved is enabled on the host. In this, case bind mount its static resolv.conf file into the +- * container, so that the container can use the host's resolver. Given that network namespacing is +- * disabled it's only natural of the container also uses the host's resolver. It also has the big +- * advantage that the container will be able to follow the host's DNS server configuration changes +- * transparently. */ +- +- r = mount_verbose(LOG_WARNING, "/usr/lib/systemd/resolv.conf", where, NULL, MS_BIND, NULL); +- if (r >= 0) +- return mount_verbose(LOG_ERR, NULL, where, NULL, +- MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NOSUID|MS_NODEV, NULL); +- } +- +- /* If that didn't work, let's copy the file */ + r = copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW, 0644, 0); + if (r < 0) { +- /* If the file already exists as symlink, let's suppress the warning, under the assumption that +- * resolved or something similar runs inside and the symlink points there. ++ /* If the file already exists as symlink, let's ++ * suppress the warning, under the assumption that ++ * resolved or something similar runs inside and the ++ * symlink points there. + * +- * If the disk image is read-only, there's also no point in complaining. ++ * If the disk image is read-only, there's also no ++ * point in complaining. + */ + log_full_errno(IN_SET(r, -ELOOP, -EROFS) ? LOG_DEBUG : LOG_WARNING, r, +- "Failed to copy /etc/resolv.conf to %s, ignoring: %m", where); ++ "Failed to copy /etc/resolv.conf to %s: %m", where); + return 0; + } + + r = userns_lchown(where, 0, 0); + if (r < 0) +- log_warning_errno(r, "Failed to chown /etc/resolv.conf, ignoring: %m"); ++ log_warning_errno(r, "Failed to chown /etc/resolv.conf: %m"); + + return 0; + } +-- +2.10.2 + diff --git a/libre/notsystemd/0001-disable-RestrictAddressFamilies-on-i686.patch b/libre/notsystemd/0001-disable-RestrictAddressFamilies-on-i686.patch new file mode 100644 index 000000000..27e6f4fb0 --- /dev/null +++ b/libre/notsystemd/0001-disable-RestrictAddressFamilies-on-i686.patch @@ -0,0 +1,30 @@ +From ff59e06f9423af0532aaeedf931474823f764875 Mon Sep 17 00:00:00 2001 +From: Dave Reisner <dreisner@archlinux.org> +Date: Wed, 9 Nov 2016 08:00:26 -0500 +Subject: [PATCH] disable RestrictAddressFamilies on i686 + +Shit's broke, yo. + +https://github.com/systemd/systemd/issues/4575 +--- + src/core/execute.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/core/execute.c b/src/core/execute.c +index f666f7c..7d09154 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -1254,6 +1254,10 @@ static int apply_address_families(const Unit* u, const ExecContext *c) { + Iterator i; + int r; + ++#if defined(__i386__) ++ return 0; ++#endif ++ + assert(c); + + if (skip_seccomp_unavailable(u, "RestrictAddressFamilies=")) +-- +2.10.2 + diff --git a/libre/notsystemd/0001-nspawn-don-t-hide-bind-tmp-mounts.patch b/libre/notsystemd/0001-nspawn-don-t-hide-bind-tmp-mounts.patch new file mode 100644 index 000000000..a5336ece5 --- /dev/null +++ b/libre/notsystemd/0001-nspawn-don-t-hide-bind-tmp-mounts.patch @@ -0,0 +1,26 @@ +From 7ec42a45410cb27140292d85ebb0e4b6dcea5555 Mon Sep 17 00:00:00 2001 +From: Dave Reisner <dreisner@archlinux.org> +Date: Wed, 7 Dec 2016 13:45:48 -0500 +Subject: [PATCH] nspawn: don't hide --bind=/tmp/* mounts + +This is a v232-applicable version of upstream c9fd987279a462e. +--- + src/nspawn/nspawn-mount.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c +index 115de64..2dabe2a 100644 +--- a/src/nspawn/nspawn-mount.c ++++ b/src/nspawn/nspawn-mount.c +@@ -382,7 +382,7 @@ int mount_all(const char *dest, + { "tmpfs", "/dev", "tmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, true, false, false }, + { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, false, false }, + { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, false, false }, +- { "tmpfs", "/tmp", "tmpfs", "mode=1777", MS_STRICTATIME, true, true, false }, ++ { "tmpfs", "/tmp", "tmpfs", "mode=1777", MS_STRICTATIME, true, false, false }, + #ifdef HAVE_SELINUX + { "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND, false, false, false }, /* Bind mount first */ + { NULL, "/sys/fs/selinux", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT, false, false, false }, /* Then, make it r/o */ +-- +2.10.2 + diff --git a/libre/notsystemd/0002-FSDG-os-release-Default-to-PRETTY_NAME-GNU-Linux-ins.patch b/libre/notsystemd/0002-FSDG-os-release-Default-to-PRETTY_NAME-GNU-Linux-ins.patch new file mode 100644 index 000000000..59ab5bee4 --- /dev/null +++ b/libre/notsystemd/0002-FSDG-os-release-Default-to-PRETTY_NAME-GNU-Linux-ins.patch @@ -0,0 +1,101 @@ +From d6a67e5ff7d99af484a9ebf68d3fe2510bffd099 Mon Sep 17 00:00:00 2001 +From: Luke Shumaker <lukeshu@sbcglobal.net> +Date: Wed, 25 May 2016 12:23:40 -0400 +Subject: [PATCH 2/6] FSDG: os-release: Default to PRETTY_NAME "GNU/Linux" + instead of "Linux". + +--- + man/kernel-install.xml | 2 +- + man/os-release.xml | 2 +- + src/analyze/analyze.c | 2 +- + src/core/main.c | 4 +- + src/firstboot/firstboot.c | 2 +- + src/kernel-install/90-loaderentry.install | 2 +- + 6 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/man/kernel-install.xml b/man/kernel-install.xml +index d7e27de..eb51918 100644 +--- a/man/kernel-install.xml ++++ b/man/kernel-install.xml +@@ -106,7 +106,7 @@ + <replaceable>PRETTY_NAME</replaceable> parameter specified + in <filename>/etc/os-release</filename> or + <filename>/usr/lib/os-release</filename> (if the former is +- missing), or "Linux ++ missing), or "GNU/Linux + <replaceable>KERNEL-VERSION</replaceable>", if unset. If + the file <filename>initrd</filename> is found next to the + <filename>linux</filename> file, the initrd will be added to +diff --git a/man/os-release.xml b/man/os-release.xml +index 4557abc..767a1c7 100644 +--- a/man/os-release.xml ++++ b/man/os-release.xml +@@ -194,7 +194,7 @@ + suitable for presentation to the user. May or may not contain + a release code name or OS version of some kind, as suitable. + If not set, defaults to +- <literal>PRETTY_NAME="Linux"</literal>. Example: ++ <literal>PRETTY_NAME="GNU/Linux"</literal>. Example: + <literal>PRETTY_NAME="Fedora 17 (Beefy + Miracle)"</literal>.</para></listitem> + </varlistentry> +diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c +index d621f66..53c97f9 100644 +--- a/src/analyze/analyze.c ++++ b/src/analyze/analyze.c +@@ -653,7 +653,7 @@ static int analyze_plot(sd_bus *bus) { + svg("<rect class=\"background\" width=\"100%%\" height=\"100%%\" />\n"); + svg("<text x=\"20\" y=\"50\">%s</text>", pretty_times); + svg("<text x=\"20\" y=\"30\">%s %s (%s %s %s) %s %s</text>", +- isempty(host->os_pretty_name) ? "Linux" : host->os_pretty_name, ++ isempty(host->os_pretty_name) ? "GNU/Linux" : host->os_pretty_name, + strempty(host->hostname), + strempty(host->kernel_name), + strempty(host->kernel_release), +diff --git a/src/core/main.c b/src/core/main.c +index 93098da..b9cac92 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1238,11 +1238,11 @@ static int status_welcome(void) { + return status_printf(NULL, false, false, + "\nWelcome to \x1B[%sm%s\x1B[0m!\n", + isempty(ansi_color) ? "1" : ansi_color, +- isempty(pretty_name) ? "Linux" : pretty_name); ++ isempty(pretty_name) ? "GNU/Linux" : pretty_name); + else + return status_printf(NULL, false, false, + "\nWelcome to %s!\n", +- isempty(pretty_name) ? "Linux" : pretty_name); ++ isempty(pretty_name) ? "GNU/Linux" : pretty_name); + } + + static int write_container_id(void) { +diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c +index 3df7246..1e1a592 100644 +--- a/src/firstboot/firstboot.c ++++ b/src/firstboot/firstboot.c +@@ -96,7 +96,7 @@ static void print_welcome(void) { + log_warning_errno(r, "Failed to read os-release file: %m"); + + printf("\nWelcome to your new installation of %s!\nPlease configure a few basic system settings:\n\n", +- isempty(pretty_name) ? "Linux" : pretty_name); ++ isempty(pretty_name) ? "GNU/Linux" : pretty_name); + + press_any_key(); + +diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install +index 4c9b1f0..6e94e12 100644 +--- a/src/kernel-install/90-loaderentry.install ++++ b/src/kernel-install/90-loaderentry.install +@@ -37,7 +37,7 @@ elif [[ -f /usr/lib/os-release ]]; then + fi + + if ! [[ $PRETTY_NAME ]]; then +- PRETTY_NAME="Linux $KERNEL_VERSION" ++ PRETTY_NAME="GNU/Linux $KERNEL_VERSION" + fi + + declare -a BOOT_OPTIONS +-- +2.8.3 + diff --git a/libre/notsystemd/0003-FSDG-os-release-Default-to-NAME-GNU-Linux-instead-of.patch b/libre/notsystemd/0003-FSDG-os-release-Default-to-NAME-GNU-Linux-instead-of.patch new file mode 100644 index 000000000..d6c40587d --- /dev/null +++ b/libre/notsystemd/0003-FSDG-os-release-Default-to-NAME-GNU-Linux-instead-of.patch @@ -0,0 +1,40 @@ +From 20c90fb1a90a1702ce5e7d79dd16ee160640a1ee Mon Sep 17 00:00:00 2001 +From: Luke Shumaker <lukeshu@sbcglobal.net> +Date: Wed, 25 May 2016 12:24:56 -0400 +Subject: [PATCH 3/6] FSDG: os-release: Default to NAME "GNU/Linux" instead of + "Linux". + +--- + man/os-release.xml | 2 +- + src/journal-remote/journal-gatewayd.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/man/os-release.xml b/man/os-release.xml +index 767a1c7..f6787f9 100644 +--- a/man/os-release.xml ++++ b/man/os-release.xml +@@ -121,7 +121,7 @@ + <listitem><para>A string identifying the operating system, + without a version component, and suitable for presentation to + the user. If not set, defaults to +- <literal>NAME=Linux</literal>. Example: ++ <literal>NAME=GNU/Linux</literal>. Example: + <literal>NAME=Fedora</literal> or <literal>NAME="Debian + GNU/Linux"</literal>.</para></listitem> + </varlistentry> +diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c +index 60d8977..3b9adb5 100644 +--- a/src/journal-remote/journal-gatewayd.c ++++ b/src/journal-remote/journal-gatewayd.c +@@ -799,7 +799,7 @@ static int request_handler_machine( + SD_ID128_FORMAT_VAL(mid), + SD_ID128_FORMAT_VAL(bid), + hostname_cleanup(hostname), +- os_name ? os_name : "Linux", ++ os_name ? os_name : "GNU/Linux", + v ? v : "bare", + usage, + cutoff_from, +-- +2.8.3 + diff --git a/libre/notsystemd/0004-FSDG-os-release-Default-ID-to-gnu-linux-instead-of-l.patch b/libre/notsystemd/0004-FSDG-os-release-Default-ID-to-gnu-linux-instead-of-l.patch new file mode 100644 index 000000000..8a130ab78 --- /dev/null +++ b/libre/notsystemd/0004-FSDG-os-release-Default-ID-to-gnu-linux-instead-of-l.patch @@ -0,0 +1,28 @@ +From 6f4e352372876053efb168e6dc9e74a57c8d6c2e Mon Sep 17 00:00:00 2001 +From: Luke Shumaker <lukeshu@sbcglobal.net> +Date: Wed, 25 May 2016 12:28:30 -0400 +Subject: [PATCH 4/6] FSDG: os-release: Default ID to "gnu-linux" instead of + "linux". + +As far as I can tell, no code in this repository actually uses the ID +field, so this is just a man page change. +--- + man/os-release.xml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/man/os-release.xml b/man/os-release.xml +index f6787f9..79eb402 100644 +--- a/man/os-release.xml ++++ b/man/os-release.xml +@@ -145,7 +145,7 @@ + the operating system, excluding any version information and + suitable for processing by scripts or usage in generated + filenames. If not set, defaults to +- <literal>ID=linux</literal>. Example: ++ <literal>ID=gnu-linux</literal>. Example: + <literal>ID=fedora</literal> or + <literal>ID=debian</literal>.</para></listitem> + </varlistentry> +-- +2.8.3 + diff --git a/libre/notsystemd/0005-FSDG-systemd-resolved-Default-to-hostname-gnu-linux-.patch b/libre/notsystemd/0005-FSDG-systemd-resolved-Default-to-hostname-gnu-linux-.patch new file mode 100644 index 000000000..f5e9de8fc --- /dev/null +++ b/libre/notsystemd/0005-FSDG-systemd-resolved-Default-to-hostname-gnu-linux-.patch @@ -0,0 +1,33 @@ +From 71b8c10050db1a16402e0600c9921b012c908b44 Mon Sep 17 00:00:00 2001 +From: Luke Shumaker <lukeshu@sbcglobal.net> +Date: Wed, 25 May 2016 12:31:20 -0400 +Subject: [PATCH 5/6] FSDG: systemd-resolved: Default to hostname "gnu-linux" + instead of "linux" + +--- + src/resolve/resolved-manager.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c +index 7f90734..e82c6ec 100644 +--- a/src/resolve/resolved-manager.c ++++ b/src/resolve/resolved-manager.c +@@ -429,12 +429,12 @@ static int manager_watch_hostname(Manager *m) { + + r = determine_hostname(&m->llmnr_hostname, &m->mdns_hostname); + if (r < 0) { +- log_info("Defaulting to hostname 'linux'."); +- m->llmnr_hostname = strdup("linux"); ++ log_info("Defaulting to hostname 'gnu-linux'."); ++ m->llmnr_hostname = strdup("gnu-linux"); + if (!m->llmnr_hostname) + return log_oom(); + +- m->mdns_hostname = strdup("linux.local"); ++ m->mdns_hostname = strdup("gnu-linux.local"); + if (!m->mdns_hostname) + return log_oom(); + } else +-- +2.8.3 + diff --git a/libre/notsystemd/0006-FSDG-man-Use-FSDG-operating-systems-as-examples.patch b/libre/notsystemd/0006-FSDG-man-Use-FSDG-operating-systems-as-examples.patch new file mode 100644 index 000000000..9a8ce15ea --- /dev/null +++ b/libre/notsystemd/0006-FSDG-man-Use-FSDG-operating-systems-as-examples.patch @@ -0,0 +1,199 @@ +From 566cac15ed36506e2bb766313a5d4e0825bc6499 Mon Sep 17 00:00:00 2001 +From: Luke Shumaker <lukeshu@sbcglobal.net> +Date: Wed, 25 May 2016 12:32:21 -0400 +Subject: [PATCH 6/6] FSDG: man/: Use FSDG operating systems as examples. + +--- + man/os-release.xml | 49 +++++++++++++++++++++++++------------------------ + man/systemd-nspawn.xml | 37 +++++++++++++------------------------ + 2 files changed, 38 insertions(+), 48 deletions(-) + +diff --git a/man/os-release.xml b/man/os-release.xml +index caf60f4..2811f43 100644 +--- a/man/os-release.xml ++++ b/man/os-release.xml +@@ -122,7 +122,7 @@ + without a version component, and suitable for presentation to + the user. If not set, defaults to + <literal>NAME=GNU/Linux</literal>. Example: +- <literal>NAME=Fedora</literal> or <literal>NAME="Debian ++ <literal>NAME=BLAG</literal> or <literal>NAME="gNewSense + GNU/Linux"</literal>.</para></listitem> + </varlistentry> + +@@ -133,8 +133,8 @@ + version, excluding any OS name information, possibly including + a release code name, and suitable for presentation to the + user. This field is optional. Example: +- <literal>VERSION=17</literal> or <literal>VERSION="17 (Beefy +- Miracle)"</literal>.</para></listitem> ++ <literal>VERSION=210k</literal> or <literal>VERSION="210k ++ (Spartakus)"</literal>.</para></listitem> + </varlistentry> + + <varlistentry> +@@ -146,8 +146,8 @@ + suitable for processing by scripts or usage in generated + filenames. If not set, defaults to + <literal>ID=gnu-linux</literal>. Example: +- <literal>ID=fedora</literal> or +- <literal>ID=debian</literal>.</para></listitem> ++ <literal>ID=blag</literal> or ++ <literal>ID=gnewsense</literal>.</para></listitem> + </varlistentry> + + <varlistentry> +@@ -168,9 +168,9 @@ + should be listed in order of how closely the local operating + system relates to the listed ones, starting with the closest. + This field is optional. Example: for an operating system with +- <literal>ID=centos</literal>, an assignment of ++ <literal>ID=blag</literal>, an assignment of + <literal>ID_LIKE="rhel fedora"</literal> would be appropriate. +- For an operating system with <literal>ID=ubuntu</literal>, an ++ For an operating system with <literal>ID=gnewsense</literal>, an + assignment of <literal>ID_LIKE=debian</literal> is + appropriate.</para></listitem> + </varlistentry> +@@ -199,8 +199,8 @@ + identifying the operating system version, excluding any OS + name information or release code name, and suitable for + processing by scripts or usage in generated filenames. This +- field is optional. Example: <literal>VERSION_ID=17</literal> +- or <literal>VERSION_ID=11.04</literal>.</para></listitem> ++ field is optional. Example: <literal>VERSION_ID=210k</literal> ++ or <literal>VERSION_ID=7.0</literal>.</para></listitem> + </varlistentry> + + <varlistentry> +@@ -211,8 +211,8 @@ + a release code name or OS version of some kind, as suitable. + If not set, defaults to + <literal>PRETTY_NAME="GNU/Linux"</literal>. Example: +- <literal>PRETTY_NAME="Fedora 17 (Beefy +- Miracle)"</literal>.</para></listitem> ++ <literal>PRETTY_NAME="BLAG 210k ++ (Spartakus)"</literal>.</para></listitem> + </varlistentry> + + <varlistentry> +@@ -235,7 +235,7 @@ + <ulink url="http://scap.nist.gov/specifications/cpe/">Common + Platform Enumeration Specification</ulink> as proposed by the + NIST. This field is optional. Example: +- <literal>CPE_NAME="cpe:/o:fedoraproject:fedora:17"</literal> ++ <literal>CPE_NAME="cpe:/o:blagblagblag:blag:210k"</literal> + </para></listitem> + </varlistentry> + +@@ -270,8 +270,8 @@ + one URL shall be listed in each setting. If multiple resources + need to be referenced, it is recommended to provide an online + landing page linking all available resources. Examples: +- <literal>HOME_URL="https://fedoraproject.org/"</literal> and +- <literal>BUG_REPORT_URL="https://bugzilla.redhat.com/"</literal></para></listitem> ++ <literal>HOME_URL="https://www.blagblagblag.org/"</literal> and ++ <literal>BUG_REPORT_URL="https://blag.fsf.org/"</literal></para></listitem> + </varlistentry> + + <varlistentry> +@@ -346,21 +346,22 @@ + recommended to prefix new fields with an OS specific + name in order to avoid name clashes. Applications + reading this file must ignore unknown fields. Example: +- <literal>DEBIAN_BTS="debbugs://bugs.debian.org/"</literal></para> ++ <literal>DEBIAN_BTS="debbugs://bugs.gnewsense.org/"</literal></para> + </refsect1> + + <refsect1> + <title>Example</title> + +- <programlisting>NAME=Fedora +-VERSION="17 (Beefy Miracle)" +-ID=fedora +-VERSION_ID=17 +-PRETTY_NAME="Fedora 17 (Beefy Miracle)" +-ANSI_COLOR="0;34" +-CPE_NAME="cpe:/o:fedoraproject:fedora:17" +-HOME_URL="https://fedoraproject.org/" +-BUG_REPORT_URL="https://bugzilla.redhat.com/"</programlisting> ++ <programlisting>NAME=Parabola ++VERSION="rolling-release" ++ID=parabola ++ID_LIKE=arch ++VERSION_ID=rolling-release ++PRETTY_NAME="Parabola GNU/Linux-libre" ++ANSI_COLOR="1;35" ++CPE_NAME="cpe:/o:parabola:parabola:rolling-release" ++HOME_URL="https://www.parabola.nu/" ++BUG_REPORT_URL="https://labs.parabola.nu/"</programlisting> + </refsect1> + + <refsect1> +diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml +index cd0a90d..ab35580 100644 +--- a/man/systemd-nspawn.xml ++++ b/man/systemd-nspawn.xml +@@ -1004,46 +1004,35 @@ + <title>Examples</title> + + <example> +- <title>Download a Fedora image and start a shell in it</title> ++ <title>Build and boot a minimal BLAG distribution in a container</title> + +- <programlisting># machinectl pull-raw --verify=no http://ftp.halifax.rwth-aachen.de/fedora/linux/releases/24/CloudImages/x86_64/images/Fedora-Cloud-Base-24-1.2.x86_64.raw.xz +-# systemd-nspawn -M Fedora-Cloud-Base-24-1.2.x86_64.raw</programlisting> +- +- <para>This downloads an image using +- <citerefentry><refentrytitle>machinectl</refentrytitle><manvolnum>1</manvolnum></citerefentry> +- and opens a shell in it.</para> +- </example> +- +- <example> +- <title>Build and boot a minimal Fedora distribution in a container</title> +- +- <programlisting># dnf -y --releasever=23 --installroot=/srv/mycontainer --disablerepo='*' --enablerepo=fedora --enablerepo=updates install systemd passwd dnf fedora-release vim-minimal ++ <programlisting># dnf -y --releasever=210k --installroot=/srv/mycontainer --disablerepo='*' --enablerepo=blag --enablerepo=updates install systemd passwd dnf blag-release vim-minimal + # systemd-nspawn -bD /srv/mycontainer</programlisting> + +- <para>This installs a minimal Fedora distribution into the ++ <para>This installs a minimal BLAG distribution into the + directory <filename noindex='true'>/srv/mycontainer/</filename> + and then boots an OS in a namespace container in it.</para> + </example> + + <example> +- <title>Spawn a shell in a container of a minimal Debian unstable distribution</title> ++ <title>Spawn a shell in a container of a minimal gNewSense Ucclia distribution</title> + +- <programlisting># debootstrap --arch=amd64 unstable ~/debian-tree/ +-# systemd-nspawn -D ~/debian-tree/</programlisting> ++ <programlisting># debootstrap --arch=amd64 ucclia ~/gnewsense-tree/ ++# systemd-nspawn -D ~/gnewsense-tree/</programlisting> + +- <para>This installs a minimal Debian unstable distribution into +- the directory <filename>~/debian-tree/</filename> and then ++ <para>This installs a minimal gNewSense unstable distribution into ++ the directory <filename>~/gnewsense-tree/</filename> and then + spawns a shell in a namespace container in it.</para> + </example> + + <example> +- <title>Boot a minimal Arch Linux distribution in a container</title> ++ <title>Boot a minimal Parabola distribution in a container</title> + +- <programlisting># pacstrap -c -d ~/arch-tree/ base +-# systemd-nspawn -bD ~/arch-tree/</programlisting> ++ <programlisting># pacstrap -c -d ~/parabola-tree/ base ++# systemd-nspawn -bD ~/parabola-tree/</programlisting> + +- <para>This installs a minimal Arch Linux distribution into the +- directory <filename>~/arch-tree/</filename> and then boots an OS ++ <para>This installs a minimal Parabola distribution into the ++ directory <filename>~/parabola-tree/</filename> and then boots an OS + in a namespace container in it.</para> + </example> + +-- +2.8.3 + diff --git a/libre/notsystemd/PKGBUILD b/libre/notsystemd/PKGBUILD new file mode 100644 index 000000000..9e706152c --- /dev/null +++ b/libre/notsystemd/PKGBUILD @@ -0,0 +1,298 @@ +# Maintainer (Arch): Dave Reisner <dreisner@archlinux.org> +# Maintainer (Arch): Tom Gundersen <teg@jklm.no> +# Maintainer: Luke Shumaker <lukeshu@sbcglobal.net> + +_pkgname=systemd +pkgname=notsystemd +_sdver=232 +_patchver=1 +pkgver=${_sdver}.${_patchver} +pkgrel=8.parabola2 +arch=('i686' 'x86_64' 'armv7h') +url="https://repo.parabola.nu/other/${pkgname}" +license=('GPL2' 'LGPL2.1') +makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gperf>=3.1' 'lz4' 'xz' 'pam' 'libelf' + 'intltool' 'iptables' 'kmod' 'libcap' 'libidn' 'libgcrypt' + 'libmicrohttpd' 'libxslt' 'util-linux' 'linux-libre-api-headers' + 'python-lxml' 'quota-tools' 'shadow' 'git') +makedepends_i686=('gnu-efi-libs') +makedepends_x86_64=('gnu-efi-libs') +options=('strip') +source=("git://github.com/systemd/systemd.git#tag=v$_sdver" + "https://repo.parabola.nu/other/${pkgname}/${pkgname}-${pkgver}.tar.gz"{,.sig} + 'initcpio-hook-udev' + 'initcpio-install-systemd' + 'initcpio-install-udev' + 'parabola.conf' + 'loader.conf' + 'splash-parabola.bmp' + 'systemd-user.pam' + 'systemd-hwdb.hook' + 'systemd-sysusers.hook' + 'systemd-tmpfiles.hook' + 'systemd-update.hook' + '0001-disable-RestrictAddressFamilies-on-i686.patch' + '0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch' + '0001-nspawn-don-t-hide-bind-tmp-mounts.patch' + '0001-FSDG-man-Refer-to-the-operating-system-as-GNU-Linux.patch' + '0002-FSDG-os-release-Default-to-PRETTY_NAME-GNU-Linux-ins.patch' + '0003-FSDG-os-release-Default-to-NAME-GNU-Linux-instead-of.patch' + '0004-FSDG-os-release-Default-ID-to-gnu-linux-instead-of-l.patch' + '0005-FSDG-systemd-resolved-Default-to-hostname-gnu-linux-.patch' + '0006-FSDG-man-Use-FSDG-operating-systems-as-examples.patch') +sha512sums=('SKIP' + '7753651b0bf4103e4effa22eedcb3edab734c6ccedf20cd757ae0b1f8b4a70297043ed1dba35eef077feeb6412323688df4f197701aae32c414ed8f1482fa61b' + 'SKIP' + 'f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73' + '52af734947a768758d5eb3f18e31a1cfec6699eca6fa10e40b90c7f11991509186c0a696e3490af3eaba80064ea4cb93e041579abf05addf072d294300aa4b28' + 'fec639de0d99967ed3e67289eff5ff78fff0c5829d350e73bed536a8391f1daa1d118d72dbdc1f480ffd33fc22b72f4817d0973bd09ec7f182fd26ad87b24355' + '70b3f1d6aaa9cd4b6b34055a587554770c34194100b17b2ef3aaf4f16f68da0865f6b3ae443b3252d395e80efabd412b763259ffb76c902b60e23b6b522e3cc8' + '6c6f579644ea2ebb6b46ee274ab15110718b0de40def8c30173ba8480b045d403f2aedd15b50ad9b96453f4ad56920d1350ff76563755bb9a80b10fa7f64f1d9' + 'a50bc85061a9a16d776235099867bc1a17c17dddb74c1ecf5614c849735a9779c5e34e5ddca8ca6af4b59a40f57c08ecf219b98cab09476ddb0f110e6a35e45c' + 'b90c99d768dc2a4f020ba854edf45ccf1b86a09d2f66e475de21fe589ff7e32c33ef4aa0876d7f1864491488fd7edb2682fc0d68e83a6d4890a0778dc2d6fe19' + '2c1f765e7cefc50f07ad994634ea25d9396e6b9c0de46e58f18377e642a471517a0dbf5eb547070a38c6ecf84ec8e030f650a6cee010871cd7a466a32534adda' + '9d27d97f172a503f5b7044480a0b9ccc0c4ed5dbb2eb3b2b1aa929332c3bcfe38ef0c0310b6566f23b34f9c05b77035221164a7ab7677784c4a54664f12fca22' + '0f4efddd25256e09c42b953caeee4b93eb49ecc6eaebf02e616b4dcbfdac9860c3d8a3d1a106325b2ebc4dbc6e08ac46702abcb67a06737227ccb052aaa2a067' + '10190fba9f39a8f4b620a0829e0ba8ed63bb4dbeca712966011ee7807880d01ab2abff1a80baafeb6674db70526a473fe585db8190e864f318fc4d6068552618' + '89f9b2d3918c679ce4f76c2b10dc7fcb7e04f1925a5f92542f06891de2a123a91df7eb67fd4ce71506a8132f5440b3560b7bb667e1c1813944b115c1dfe35e3f' + 'b993a42c5534582631f7b379d54f6abc37e3aaa56ecf869a6d86ff14ae5a52628f4e447b6a30751bc1c14c30cec63a5c6d0aa268362d235ed477b639cac3a219' + '68478403433aafc91a03fda5d83813d2ed1dfc6ab7416b2927a803314ecf826edcb6c659587e74df65de3ccb1edf958522f56ff9ac461a1f696b6dede1d4dd35' + '50888d94636427ca97bfa5355226163fb6458f2a60303967cf74a8fd085f3c450d276b7c556fea93da387c6bb6f5ecbdb6d9b2a571b6723f27a41c8fb612d27b' + 'fc8b874279db428a342387147ef6a849c0621eb0326ad5c4eb12c2ceb98b46477ed1e07c076a8b0abae6b323d4d7f4c70d45998c3338fb89903f51b3f653458b' + 'fd928f5d10a5f95bdbab7720b465cbea8b47cf1a376e1ba292c4759d3f1473c80bd4444729dc5b6f6d884e342db7d07a5dad093d345ccccf2c5fb22dfcdacbd8' + '723db0e4980727594c88d2fc92ffde10cf7c5cd05fbd88a31dadb813a3c839c3a92b3e5789f936de356b9f5e2d43d67e95fd02627be53ffa46b3d86dfabc4e5b' + '77161e2f57237ca589d576924ec0877f379047c6fd90ca47cb6686e4f22cc9e2171ae4306bd5a9fd8e707e297b826e0f7df52dcdcb04e99df7ebd0eb45ac89eb' + 'caa5eb7e52b83549bc7d00e343bbb204334b49f2d14005ac1fb592c6f17c6c860edafd88abe619fe54cb0086725385c1f48fd437670a31a08abdac8485ed2073') +validpgpkeys=( + '63CDA1E5D3FC22B998D20DD6327F26951A015CC4' # Lennart Poettering + '99195DD3BB6FE10A2F36ED8445698744D4FFBFC9' # Luke Shumaker +) + +_backports=( + '843d5baf6aad6c53fc00ea8d95d83209a4f92de1' # core: don't use the unified hierarchy for the systemd cgroup yet (#4628) + 'abd67ce74858491565cde157c7b08fda43d3279c' # basic/virt: fix userns check on CONFIG_USER_NS=n kernel (#4651) + '4318abe8d26e969ebdb97744a63ab900233a0185' # build-sys: do not install ctrl-alt-del.target symlink twice + 'd112eae7da77899be245ab52aa1747d4675549f1' # device: Avoid calling unit_free(NULL) in device setup logic (#4748) + 'cfed63f60dd7412c199652825ed172c319b02b3c' # nspawn: fix exit code for --help and --version (#4609) + '3099caf2b5bb9498b1d0227c40926435ca81f26f' # journal: make sure to initially populate the space info cache (#4807) + '3d4cf7de48a74726694abbaa09f9804b845ff3ba' # build-sys: check for lz4 in the old and new numbering scheme (#4717) + # Compatibility for new versions of build deps: + 'c9f7b4d356a453a01aa77a6bb74ca7ef49732c08' # (gperf 3.1) build-sys: add check for gperf lookup function signature (#5055) + 'dc66f33a16596c2886a24da12e56ec096214e124' # (linux 4.10) sparse: avoid clash with __bitwise and __force from 4.10 linux/types.h (#5061) + 'ec251fe7d5bc24b5d38b0853bc5969f3a0ba06e2' # (gcc 7) tree-wide: adjust fall through comments so that gcc is happy +) + +_validate_tag() { + local success fingerprint trusted status tag=v$_sdver + + parse_gpg_statusfile /dev/stdin < <(git verify-tag --raw "$tag" 2>&1) + + if (( ! success )); then + error 'failed to validate tag %s\n' "$tag" + return 1 + fi + + if ! in_array "$fingerprint" "${validpgpkeys[@]}" && (( ! trusted )); then + error 'unknown or untrusted public key: %s\n' "$fingerprint" + return 1 + fi + + case $status in + 'expired') + warning 'the signature has expired' + ;; + 'expiredkey') + warning 'the key has expired' + ;; + esac + + return 0 +} + +prepare() { + cd "$_pkgname" + + _validate_tag || return + + if (( ${#_backports[*]} > 0 )); then + git cherry-pick -n "${_backports[@]}" + fi + + # https://github.com/systemd/systemd/issues/4789 + patch -Np1 <../0001-nspawn-don-t-hide-bind-tmp-mounts.patch + + # these patches aren't upstream, but they make v232 more useable. + + # https://github.com/systemd/systemd/issues/4575 + patch -Np1 <../0001-disable-RestrictAddressFamilies-on-i686.patch + + # https://github.com/systemd/systemd/issues/4595 + # https://github.com/systemd/systemd/issues/3826 + patch -Np1 <../0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch + + # apply FSDG patches + local patchfile + for patchfile in "$srcdir"/????-FSDG-*.patch; do + patch -Np1 -i "$patchfile" + done + + # Rename "Linux Boot Manager" -> "Systemd Boot Manager" + sed -i 's|Linux Boot Manager|Systemd Boot Manager|' src/boot/bootctl.c + + # apply notsystemd patches + for patchfile in "$srcdir/$pkgname-$pkgver"/????-*.patch; do + [[ "${patchfile##*/}" != 0000-* ]] || continue + patch -Np1 -i "$patchfile" + done + + ./autogen.sh +} + +build() { + cd "$_pkgname" + + local timeservers=({0..3}.arch.pool.ntp.org) + + if [ "$CARCH" = "armv7h" ]; then + LDFLAGS+=" -Wl,-fuse-ld=bfd" + CFLAGS+=" -fno-lto" + CXXFLAGS+=" -fno-lto" + fi + + local configure_options=( + --libexecdir=/usr/lib + --localstatedir=/var + --sysconfdir=/etc + + --enable-lz4 + --disable-audit + --disable-ima + + --with-sysvinit-path= + --with-sysvrcnd-path= + --with-ntp-servers="${timeservers[*]}" + --with-default-dnssec=no + --with-dbuspolicydir=/usr/share/dbus-1/system.d + --without-kill-user-processes + ) + if [ "$CARCH" != "armv7h" ]; then + configure_options+=(--enable-gnuefi) + fi + + ./configure "${configure_options[@]}" + + make + + # Go ahead and split the package now. It's easier this way, because + # we can use mv instead of awkward, error-prone rm/cp pairs. + rm -rf "$srcdir/dest" + + # Put things in the main systemd package by default + make DESTDIR="$srcdir/dest/systemd" install + + install -dm755 "$srcdir/dest/libsystemd"/usr/{lib/pkgconfig,share/man/man3,include} + mv -T "$srcdir/dest"/{systemd,libsystemd}/usr/include/systemd + mv -T "$srcdir/dest"/{systemd,libsystemd}/usr/lib/pkgconfig/libsystemd.pc + mv "$srcdir/dest"/systemd/usr/lib/libsystemd.so* -t "$srcdir/dest"/libsystemd/usr/lib/ + mv "$srcdir/dest"/systemd/usr/share/man/man3/{SD,sd}* -t "$srcdir/dest"/libsystemd/usr/share/man/man3/ + + install -dm755 "$srcdir/dest/libudev"/usr/{lib/pkgconfig,share/man/man3,include} + mv -T "$srcdir/dest"/{systemd,libudev}/usr/include/libudev.h + mv -T "$srcdir/dest"/{systemd,libudev}/usr/lib/pkgconfig/libudev.pc + mv "$srcdir/dest"/systemd/usr/lib/libudev.so* -t "$srcdir/dest"/libudev/usr/lib/ + mv "$srcdir/dest"/systemd/usr/share/man/man3/*udev* -t "$srcdir/dest"/libudev/usr/share/man/man3/ + + local nssmodule + for nssmodule in myhostname mymachines resolve; do + install -dm755 "$srcdir/dest/nss-$nssmodule"/usr/{lib,share/man/man8} + mv -T "$srcdir/dest"/{systemd,nss-$nssmodule}/usr/share/man/man8/nss-$nssmodule.8 + mv "$srcdir/dest"/systemd/usr/lib/libnss_$nssmodule.so* -t "$srcdir/dest"/nss-$nssmodule/usr/lib/ + done + + install -dm755 "$srcdir/dest/systemd-sysvcompat"/usr/share/man/man8 + mv "$srcdir/dest/systemd"/usr/share/man/man8/{telinit,halt,reboot,poweroff,runlevel,shutdown}.8 \ + -t "$srcdir/dest/systemd-sysvcompat"/usr/share/man/man8 + + rmdir "$srcdir/dest"/systemd/usr/{share/man/man3,lib/pkgconfig,include} +} + +package() { + pkgdesc="system and service manager" + depends=('acl' 'bash' 'dbus' 'iptables' 'kbd' 'kmod' 'hwids' 'libcap' + 'libgcrypt' 'libsystemd' 'libidn' 'lz4' 'pam' 'libelf' 'libseccomp' + 'util-linux' 'xz') + provides=("systemd-tools=$_sdver" "udev=$_sdver") + replaces=('systemd-tools' 'udev') + conflicts=('systemd-tools' 'udev') + optdepends=('cryptsetup: required for encrypted block devices' + 'libmicrohttpd: remote journald capabilities' + 'quota-tools: kernel-level quota management' + 'systemd-sysvcompat: symlink package to provide sysvinit binaries' + 'polkit: allow administration as unprivileged user') + backup=(etc/pam.d/systemd-user + etc/systemd/coredump.conf + etc/systemd/journald.conf + etc/systemd/journal-remote.conf + etc/systemd/journal-upload.conf + etc/systemd/logind.conf + etc/systemd/system.conf + etc/systemd/timesyncd.conf + etc/systemd/resolved.conf + etc/systemd/user.conf + etc/udev/udev.conf) + install="systemd.install" + + pkgdesc+=", modified to work with other init systems" + conflicts+=("$_pkgname") + provides+=("$_pkgname=$_sdver") + + cp -rT -d --no-preserve=ownership,timestamp "$srcdir/dest/$_pkgname" "$pkgdir" + + # don't write units to /etc by default. some of these will be re-enabled on + # post_install. + rm -r "$pkgdir/etc/systemd/system/"*.wants + + # get rid of RPM macros + rm -r "$pkgdir/usr/lib/rpm" + + # add back tmpfiles.d/legacy.conf + install -m644 "$_pkgname/tmpfiles.d/legacy.conf" "$pkgdir/usr/lib/tmpfiles.d" + + # Replace dialout/tape/cdrom group in rules with uucp/storage/optical group + sed -i 's#GROUP="dialout"#GROUP="uucp"#g; + s#GROUP="tape"#GROUP="storage"#g; + s#GROUP="cdrom"#GROUP="optical"#g' "$pkgdir"/usr/lib/udev/rules.d/*.rules + sed -i 's/dialout/uucp/g; + s/tape/storage/g; + s/cdrom/optical/g' "$pkgdir"/usr/lib/sysusers.d/basic.conf + + # add mkinitcpio hooks + install -Dm644 "$srcdir/initcpio-install-systemd" "$pkgdir/usr/lib/initcpio/install/systemd" + install -Dm644 "$srcdir/initcpio-install-udev" "$pkgdir/usr/lib/initcpio/install/udev" + install -Dm644 "$srcdir/initcpio-hook-udev" "$pkgdir/usr/lib/initcpio/hooks/udev" + + # ensure proper permissions for /var/log/journal. This is only to placate + chown root:systemd-journal "$pkgdir/var/log/journal" + chmod 2755 "$pkgdir/var/log/journal" + + # we'll create this on installation + rmdir "$pkgdir/var/log/journal/remote" + + # ship default policy to leave services disabled + echo 'disable *' >"$pkgdir"/usr/lib/systemd/system-preset/99-default.preset + + # add example bootctl configuration + install -Dm644 "$srcdir/parabola.conf" "$pkgdir"/usr/share/systemd/bootctl/parabola.conf + install -Dm644 "$srcdir/loader.conf" "$pkgdir"/usr/share/systemd/bootctl/loader.conf + install -Dm644 "$srcdir/splash-parabola.bmp" "$pkgdir"/usr/share/systemd/bootctl/splash-parabola.bmp + + install -Dm644 "$srcdir/systemd-hwdb.hook" "$pkgdir/usr/share/libalpm/hooks/systemd-hwdb.hook" + install -Dm644 "$srcdir/systemd-sysusers.hook" "$pkgdir/usr/share/libalpm/hooks/systemd-sysusers.hook" + install -Dm644 "$srcdir/systemd-tmpfiles.hook" "$pkgdir/usr/share/libalpm/hooks/systemd-tmpfiles.hook" + install -Dm644 "$srcdir/systemd-update.hook" "$pkgdir/usr/share/libalpm/hooks/systemd-update.hook" + + # overwrite the systemd-user PAM configuration with our own + install -Dm644 systemd-user.pam "$pkgdir/etc/pam.d/systemd-user" +} + +# vim: ft=sh syn=sh et diff --git a/libre/notsystemd/initcpio-hook-udev b/libre/notsystemd/initcpio-hook-udev new file mode 100644 index 000000000..ea9a11f8c --- /dev/null +++ b/libre/notsystemd/initcpio-hook-udev @@ -0,0 +1,22 @@ +#!/usr/bin/ash + +run_earlyhook() { + kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf + systemd-tmpfiles --prefix=/dev --create --boot + /usr/lib/systemd/systemd-udevd --daemon --resolve-names=never + udevd_running=1 +} + +run_hook() { + msg ":: Triggering uevents..." + udevadm trigger --action=add --type=subsystems + udevadm trigger --action=add --type=devices + udevadm settle +} + +run_cleanuphook() { + udevadm control --exit + udevadm info --cleanup-db +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/libre/notsystemd/initcpio-install-systemd b/libre/notsystemd/initcpio-install-systemd new file mode 100644 index 000000000..f6d0afdb8 --- /dev/null +++ b/libre/notsystemd/initcpio-install-systemd @@ -0,0 +1,195 @@ +#!/bin/bash + +strip_quotes() { + local len=${#1} quotes=$'[\'"]' str=${!1} + + if [[ ${str:0:1} = ${str: -1} && ${str:0:1} = $quotes ]]; then + printf -v "$1" %s "${str:1:-1}" + fi +} + +add_udev_rule() { + # Add an udev rules file to the initcpio image. Dependencies on binaries + # will be discovered and added. + # $1: path to rules file (or name of rules file) + + local rules= rule= key= value= binary= + + rules=$(PATH=/usr/lib/udev/rules.d:/lib/udev/rules.d type -P "$1") + if [[ -z $rules ]]; then + # complain about not found rules + return 1 + fi + + add_file "$rules" + + while IFS=, read -ra rule; do + # skip empty lines, comments + [[ -z $rule || $rule = @(+([[:space:]])|#*) ]] && continue + + for pair in "${rule[@]}"; do + IFS=' =' read -r key value <<< "$pair" + case $key in + RUN@({program}|+)|IMPORT{program}|ENV{REMOVE_CMD}) + strip_quotes 'value' + # just take the first word as the binary name + binary=${value%% *} + [[ ${binary:0:1} == '$' ]] && continue + if [[ ${binary:0:1} != '/' ]]; then + binary=$(PATH=/usr/lib/udev:/lib/udev type -P "$binary") + fi + add_binary "$binary" + ;; + esac + done + done <"$rules" +} + +add_systemd_unit() { + # Add a systemd unit file to the initcpio image. Hard dependencies on binaries + # and other unit files will be discovered and added. + # $1: path to rules file (or name of rules file) + + local unit= rule= entry= key= value= binary= dep= + + unit=$(PATH=/usr/lib/systemd/system:/lib/systemd/system type -P "$1") + if [[ -z $unit ]]; then + # complain about not found unit file + return 1 + fi + + add_file "$unit" + + while IFS='=' read -r key values; do + read -ra values <<< "$values" + + case $key in + Requires|OnFailure) + # only add hard dependencies (not Wants) + map add_systemd_unit "${values[@]}" + ;; + Exec*) + # don't add binaries unless they are required + if [[ ${values[0]:0:1} != '-' ]]; then + add_binary "${values[0]}" + fi + ;; + esac + + done <"$unit" + + # preserve reverse soft dependency + for dep in {/usr,}/lib/systemd/system/*.wants/${unit##*/}; do + if [[ -L $dep ]]; then + add_symlink "$dep" + fi + done + + # add hard dependencies + if [[ -d $unit.requires ]]; then + for dep in "$unit".requires/*; do + add_systemd_unit ${dep##*/} + done + fi +} + +add_systemd_drop_in() { + local unit=$1 dropin_name=$2 + + mkdir -p "$BUILDROOT/etc/systemd/system/$unit.d" + cat >"$BUILDROOT/etc/systemd/system/$unit.d/$2.conf" +} + +build() { + local rules unit + + # from base + add_binary /bin/mount + add_binary /usr/bin/kmod /usr/bin/modprobe + add_binary /usr/lib/systemd/systemd /init + add_binary /usr/bin/sulogin + + map add_binary \ + /usr/bin/systemd-tmpfiles \ + /usr/lib/systemd/systemd-hibernate-resume \ + /usr/lib/systemd/system-generators/systemd-fstab-generator \ + /usr/lib/systemd/system-generators/systemd-gpt-auto-generator \ + /usr/lib/systemd/system-generators/systemd-hibernate-resume-generator + + # udev rules and systemd units + map add_udev_rule "$rules" \ + 50-udev-default.rules \ + 60-persistent-storage.rules \ + 64-btrfs.rules \ + 80-drivers.rules \ + 99-systemd.rules + + map add_systemd_unit \ + initrd-cleanup.service \ + initrd-fs.target \ + initrd-parse-etc.service \ + initrd-root-fs.target \ + initrd-root-device.target \ + initrd-switch-root.service \ + initrd-switch-root.target \ + initrd-udevadm-cleanup-db.service \ + initrd.target \ + kmod-static-nodes.service \ + local-fs.target \ + local-fs-pre.target \ + paths.target \ + reboot.target \ + slices.target \ + sockets.target \ + swap.target \ + systemd-fsck@.service \ + systemd-hibernate-resume@.service \ + systemd-journald.service \ + systemd-journald-audit.socket \ + systemd-journald-dev-log.socket \ + systemd-modules-load.service \ + systemd-tmpfiles-setup-dev.service \ + systemd-udev-trigger.service \ + systemd-udevd-control.socket \ + systemd-udevd-kernel.socket \ + systemd-udevd.service \ + timers.target \ + rescue.target \ + emergency.target + + add_symlink "/usr/lib/systemd/system/default.target" "initrd.target" + add_symlink "/usr/lib/systemd/system/ctrl-alt-del.target" "reboot.target" + + # udev wants /etc/group since it doesn't launch with --resolve-names=never + add_file "/etc/nsswitch.conf" + add_binary "$(readlink -f /usr/lib/libnss_files.so)" + + echo "root:x:0:0:root:/:/bin/sh" >"$BUILDROOT/etc/passwd" + echo "root:x:0:root" >"$BUILDROOT/etc/group" + echo "root::::::::" >"$BUILDROOT/etc/shadow" + + add_systemd_drop_in systemd-udevd.service resolve-names <<EOF +[Service] +ExecStart= +ExecStart=/usr/lib/systemd/systemd-udevd --resolve-names=never +EOF + + add_dir "/etc/modules-load.d" + ( + . "$_f_config" + set -f + printf "%s\n" $MODULES >"$BUILDROOT/etc/modules-load.d/MODULES.conf" + ) +} + +help() { + cat <<HELPEOF +This will install a basic systemd setup in your initramfs, and is meant to +replace the 'base', 'usr', 'udev' and 'resume' hooks. Other hooks with runtime +components will need to be ported, and will not work as intended. You also may +wish to still include the 'base' hook (before this hook) to ensure that a +rescue shell exists on your initramfs. +HELPEOF +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/libre/notsystemd/initcpio-install-udev b/libre/notsystemd/initcpio-install-udev new file mode 100644 index 000000000..7f0301a48 --- /dev/null +++ b/libre/notsystemd/initcpio-install-udev @@ -0,0 +1,28 @@ +#!/bin/bash + +build() { + local rules tool + + add_binary /usr/lib/systemd/systemd-udevd + add_binary /usr/bin/udevadm + add_binary /usr/bin/systemd-tmpfiles + + for rules in 50-udev-default.rules 60-persistent-storage.rules 64-btrfs.rules 80-drivers.rules; do + add_file "/usr/lib/udev/rules.d/$rules" + done + for tool in ata_id scsi_id; do + add_file "/usr/lib/udev/$tool" + done + + add_runscript +} + +help() { + cat <<HELPEOF +This hook will use udev to create your root device node and detect the needed +modules for your root device. It is also required for firmware loading in +initramfs. It is recommended to use this hook. +HELPEOF +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/libre/notsystemd/loader.conf b/libre/notsystemd/loader.conf new file mode 100644 index 000000000..a064e3463 --- /dev/null +++ b/libre/notsystemd/loader.conf @@ -0,0 +1 @@ +default parabola diff --git a/libre/notsystemd/parabola.conf b/libre/notsystemd/parabola.conf new file mode 100644 index 000000000..111072ea2 --- /dev/null +++ b/libre/notsystemd/parabola.conf @@ -0,0 +1,7 @@ +## This is just an example config file. +## Please edit the paths and kernel parameters according to your system. + +title Parabola GNU/Linux-libre +linux /vmlinuz-linux-libre +initrd /initramfs-linux-libre.img +options root=PARTUUID=XXXX rootfstype=XXXX add_efi_memmap diff --git a/libre/notsystemd/splash-parabola.bmp b/libre/notsystemd/splash-parabola.bmp Binary files differnew file mode 100644 index 000000000..471ac8ec3 --- /dev/null +++ b/libre/notsystemd/splash-parabola.bmp diff --git a/libre/notsystemd/systemd-hwdb.hook b/libre/notsystemd/systemd-hwdb.hook new file mode 100644 index 000000000..d7c987724 --- /dev/null +++ b/libre/notsystemd/systemd-hwdb.hook @@ -0,0 +1,11 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Operation = Remove +Target = usr/lib/udev/hwdb.d/* + +[Action] +Description = Updating udev hardware database... +When = PostTransaction +Exec = /usr/bin/systemd-hwdb --usr update diff --git a/libre/notsystemd/systemd-sysusers.hook b/libre/notsystemd/systemd-sysusers.hook new file mode 100644 index 000000000..b0888d7cf --- /dev/null +++ b/libre/notsystemd/systemd-sysusers.hook @@ -0,0 +1,11 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Target = usr/lib/sysusers.d/*.conf + +[Action] +Description = Updating system user accounts... +When = PostTransaction +Exec = /bin/sh -c 'while read -r f; do /usr/bin/systemd-sysusers "/$f" ; done' +NeedsTargets diff --git a/libre/notsystemd/systemd-tmpfiles.hook b/libre/notsystemd/systemd-tmpfiles.hook new file mode 100644 index 000000000..a2c5e3ef0 --- /dev/null +++ b/libre/notsystemd/systemd-tmpfiles.hook @@ -0,0 +1,11 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Target = usr/lib/tmpfiles.d/*.conf + +[Action] +Description = Creating temporary files... +When = PostTransaction +Exec = /bin/sh -c 'while read -r f; do /usr/bin/systemd-tmpfiles --create "/$f"; done' +NeedsTargets diff --git a/libre/notsystemd/systemd-update.hook b/libre/notsystemd/systemd-update.hook new file mode 100644 index 000000000..3697fbd70 --- /dev/null +++ b/libre/notsystemd/systemd-update.hook @@ -0,0 +1,11 @@ +[Trigger] +Type = File +Operation = Install +Operation = Upgrade +Operation = Remove +Target = usr/ + +[Action] +Description = Arming ConditionNeedsUpdate... +When = PostTransaction +Exec = /usr/bin/touch -c /usr diff --git a/libre/notsystemd/systemd-user.pam b/libre/notsystemd/systemd-user.pam new file mode 100644 index 000000000..83f762696 --- /dev/null +++ b/libre/notsystemd/systemd-user.pam @@ -0,0 +1,5 @@ +# Used by systemd --user instances. + +account include system-login +session required pam_loginuid.so +session include system-login diff --git a/libre/notsystemd/systemd.install b/libre/notsystemd/systemd.install new file mode 100644 index 000000000..f799c882d --- /dev/null +++ b/libre/notsystemd/systemd.install @@ -0,0 +1,90 @@ +#!/bin/bash + +sd_booted() { + [[ -d run/systemd/system && ! -L run/systemd/system ]] +} + +add_journal_acls() { + # ignore errors, since the filesystem might not support ACLs + setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx var/log/journal/ 2>/dev/null + : +} + +post_common() { + systemd-sysusers + journalctl --update-catalog +} + +_216_2_changes() { + echo ':: Coredumps are handled by systemd by default. Collection behavior can be' + echo ' tuned in /etc/systemd/coredump.conf.' +} + +_219_2_changes() { + if mkdir -m2755 var/log/journal/remote 2>/dev/null; then + chgrp systemd-journal-remote var/log/journal/remote + fi +} + +_219_4_changes() { + if ! systemctl is-enabled -q remote-fs.target; then + systemctl enable -q remote-fs.target + fi +} + +_230_1_changes() { + echo ':: systemd-bootchart is no longer included with systemd' +} + +_232_8_changes() { + # paper over possible effects of CVE-2016-10156 + local stamps=(/var/lib/systemd/timers/*.timer) + + if [[ -f ${stamps[0]} ]]; then + chmod 0644 "${stamps[@]}" + fi +} + +post_install() { + systemd-machine-id-setup + + post_common "$@" + + add_journal_acls + + # enable some services by default, but don't track them + systemctl enable getty@tty1.service remote-fs.target + + echo ":: Append 'init=/usr/lib/systemd/systemd' to your kernel command line in your" + echo " bootloader to replace sysvinit with systemd, or install systemd-sysvcompat" + + # group 'systemd-journal-remote' is created by systemd-sysusers + mkdir -m2755 var/log/journal/remote + chgrp systemd-journal-remote var/log/journal/remote +} + +post_upgrade() { + post_common "$@" + + # don't reexec if the old version is 231-1 or 231-2. + # https://github.com/systemd/systemd/commit/bd64d82c1c + if [[ $1 != 231-[12] ]] && sd_booted; then + systemctl --system daemon-reexec + fi + + local v upgrades=( + 216-2 + 219-2 + 219-4 + 230-1 + 232-8 + ) + + for v in "${upgrades[@]}"; do + if [[ $(vercmp "$v" "$2") -eq 1 ]]; then + "_${v//-/_}_changes" + fi + done +} + +# vim:set ts=2 sw=2 et: |
