summaryrefslogtreecommitdiff
path: root/pcr/systemd-knock
diff options
context:
space:
mode:
Diffstat (limited to 'pcr/systemd-knock')
-rw-r--r--pcr/systemd-knock/0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch33
-rw-r--r--pcr/systemd-knock/0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch25
-rw-r--r--pcr/systemd-knock/0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch31
-rw-r--r--pcr/systemd-knock/0001-shared-install-avoid-prematurely-rejecting-missing-u.patch39
-rw-r--r--pcr/systemd-knock/0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch68
-rw-r--r--pcr/systemd-knock/0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch32
-rw-r--r--pcr/systemd-knock/0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch31
-rw-r--r--pcr/systemd-knock/0001-units-make-systemd-journald.service-Type-notify.patch35
-rw-r--r--pcr/systemd-knock/0001-units-order-sd-journal-flush-after-sd-remount-fs.patch29
-rw-r--r--pcr/systemd-knock/PKGBUILD186
-rw-r--r--pcr/systemd-knock/initcpio-hook-udev22
-rw-r--r--pcr/systemd-knock/initcpio-install-systemd168
-rw-r--r--pcr/systemd-knock/initcpio-install-udev29
-rw-r--r--pcr/systemd-knock/systemd.install191
14 files changed, 919 insertions, 0 deletions
diff --git a/pcr/systemd-knock/0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch b/pcr/systemd-knock/0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch
new file mode 100644
index 000000000..86817596b
--- /dev/null
+++ b/pcr/systemd-knock/0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch
@@ -0,0 +1,33 @@
+From 1ab19cb167b32967556eefd8f6d3df0e3de7d67d Mon Sep 17 00:00:00 2001
+From: Dave Reisner <dreisner@archlinux.org>
+Date: Wed, 29 Oct 2014 13:32:43 -0400
+Subject: [PATCH] nspawn: ignore EEXIST when creating mount point
+
+A combination of commits f3c80515c and 79d80fc14 cause nspawn to
+silently fail with a commandline such as:
+
+ # systemd-nspawn -D /build/extra-x86_64 --bind=/usr
+
+strace shows the culprit:
+
+ [pid 27868] writev(2, [{"Failed to create mount point /build/extra-x86_64/usr: File exists", 82}, {"\n", 1}], 2) = 83
+---
+ src/nspawn/nspawn.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index b6d9bc6..d88987a 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -758,7 +758,7 @@ static int mount_binds(const char *dest, char **l, bool ro) {
+ * and char devices. */
+ if (S_ISDIR(source_st.st_mode)) {
+ r = mkdir_label(where, 0755);
+- if (r < 0) {
++ if (r < 0 && errno != EEXIST) {
+ log_error("Failed to create mount point %s: %s", where, strerror(-r));
+
+ return r;
+--
+2.1.2
+
diff --git a/pcr/systemd-knock/0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch b/pcr/systemd-knock/0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch
new file mode 100644
index 000000000..fc8f16a79
--- /dev/null
+++ b/pcr/systemd-knock/0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch
@@ -0,0 +1,25 @@
+From ef7b6c0190fefaacf6d8f8e1a6dda4ba8b98091b Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 29 Oct 2014 17:58:43 +0100
+Subject: [PATCH] sd-bus: properly handle removals of non-existing matches
+
+---
+ src/libsystemd/sd-bus/bus-match.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libsystemd/sd-bus/bus-match.c b/src/libsystemd/sd-bus/bus-match.c
+index 18afe0f..5658c61 100644
+--- a/src/libsystemd/sd-bus/bus-match.c
++++ b/src/libsystemd/sd-bus/bus-match.c
+@@ -537,7 +537,7 @@ static int bus_match_find_compare_value(
+ else if (BUS_MATCH_CAN_HASH(t))
+ n = hashmap_get(c->compare.children, value_str);
+ else {
+- for (n = c->child; !value_node_same(n, t, value_u8, value_str); n = n->next)
++ for (n = c->child; n && !value_node_same(n, t, value_u8, value_str); n = n->next)
+ ;
+ }
+
+--
+2.1.3
+
diff --git a/pcr/systemd-knock/0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch b/pcr/systemd-knock/0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch
new file mode 100644
index 000000000..3d72b5df2
--- /dev/null
+++ b/pcr/systemd-knock/0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch
@@ -0,0 +1,31 @@
+From d5a248dbe933c5cbe3ba3d0c5eb8a035018ba6af Mon Sep 17 00:00:00 2001
+From: Dan Williams <dcbw@redhat.com>
+Date: Thu, 30 Oct 2014 14:23:00 -0500
+Subject: [PATCH] sd-dhcp-client: clean up raw socket sd_event_source when
+ creating new UDP socket
+
+The raw socket sd_event_source used for DHCP server solicitations
+was simply dropped on the floor when creating the new UDP socket
+after a lease has been acquired. Clean it up properly so we're
+not still listening and responding to events on it.
+---
+ src/libsystemd-network/sd-dhcp-client.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c
+index 0eba4c3..1f7f238 100644
+--- a/src/libsystemd-network/sd-dhcp-client.c
++++ b/src/libsystemd-network/sd-dhcp-client.c
+@@ -1269,6 +1269,9 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message,
+ if (r >= 0) {
+ client->timeout_resend =
+ sd_event_source_unref(client->timeout_resend);
++ client->receive_message =
++ sd_event_source_unref(client->receive_message);
++ client->fd = asynchronous_close(client->fd);
+
+ if (IN_SET(client->state, DHCP_STATE_REQUESTING,
+ DHCP_STATE_REBOOTING))
+--
+2.1.3
+
diff --git a/pcr/systemd-knock/0001-shared-install-avoid-prematurely-rejecting-missing-u.patch b/pcr/systemd-knock/0001-shared-install-avoid-prematurely-rejecting-missing-u.patch
new file mode 100644
index 000000000..6ea9c7cca
--- /dev/null
+++ b/pcr/systemd-knock/0001-shared-install-avoid-prematurely-rejecting-missing-u.patch
@@ -0,0 +1,39 @@
+From 0ffce503cd6e5a5ff5ba5cd1cc23684cfb8bb9e3 Mon Sep 17 00:00:00 2001
+From: Dave Reisner <dreisner@archlinux.org>
+Date: Thu, 30 Oct 2014 20:12:05 -0400
+Subject: [PATCH] shared/install: avoid prematurely rejecting "missing" units
+
+f7101b7368df copied some logic to prevent enabling masked units, but
+also added a check which causes attempts to enable templated units to
+fail. Since we know the logic beyond this check will properly handle
+units which truly do not exist, we can rely on the unit file state
+comparison to suffice for expressing the intent of f7101b7368df.
+
+ref: https://bugs.archlinux.org/task/42616
+---
+ src/shared/install.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/src/shared/install.c b/src/shared/install.c
+index 035b44c..cab93e8 100644
+--- a/src/shared/install.c
++++ b/src/shared/install.c
+@@ -1620,12 +1620,10 @@ int unit_file_enable(
+ STRV_FOREACH(i, files) {
+ UnitFileState state;
+
++ /* We only want to know if this unit is masked, so we ignore
++ * errors from unit_file_get_state, deferring other checks.
++ * This allows templated units to be enabled on the fly. */
+ state = unit_file_get_state(scope, root_dir, *i);
+- if (state < 0) {
+- log_error("Failed to get unit file state for %s: %s", *i, strerror(-state));
+- return state;
+- }
+-
+ if (state == UNIT_FILE_MASKED || state == UNIT_FILE_MASKED_RUNTIME) {
+ log_error("Failed to enable unit: Unit %s is masked", *i);
+ return -ENOTSUP;
+--
+2.1.3
+
diff --git a/pcr/systemd-knock/0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch b/pcr/systemd-knock/0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch
new file mode 100644
index 000000000..5d48d17bc
--- /dev/null
+++ b/pcr/systemd-knock/0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch
@@ -0,0 +1,68 @@
+From 4b5d8d0f22ae61ceb45a25391354ba53b43ee992 Mon Sep 17 00:00:00 2001
+From: Michal Schmidt <mschmidt@redhat.com>
+Date: Thu, 6 Nov 2014 22:24:13 +0100
+Subject: [PATCH] shutdown: fix arguments to /run/initramfs/shutdown
+
+Our initrd interface specifies that the verb is in argv[1].
+This is where systemd passes it to systemd-shutdown, but getopt
+permutes argv[]. This confuses dracut's shutdown script:
+ Shutdown called with argument '--log-level'. Rebooting!
+
+getopt can be convinced to not permute argv[] by having '-' as the first
+character of optstring. Let's use it. This requires changing the way
+non-option arguments (in our case, the verb) are processed.
+
+This fixes a bug where the system would reboot instead of powering off.
+---
+ src/core/shutdown.c | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/src/core/shutdown.c b/src/core/shutdown.c
+index dd11ae3..48ed7fa 100644
+--- a/src/core/shutdown.c
++++ b/src/core/shutdown.c
+@@ -75,7 +75,9 @@ static int parse_argv(int argc, char *argv[]) {
+ assert(argc >= 1);
+ assert(argv);
+
+- while ((c = getopt_long(argc, argv, "", options, NULL)) >= 0)
++ /* "-" prevents getopt from permuting argv[] and moving the verb away
++ * from argv[1]. Our interface to initrd promises it'll be there. */
++ while ((c = getopt_long(argc, argv, "-", options, NULL)) >= 0)
+ switch (c) {
+
+ case ARG_LOG_LEVEL:
+@@ -113,6 +115,13 @@ static int parse_argv(int argc, char *argv[]) {
+
+ break;
+
++ case '\001':
++ if (!arg_verb)
++ arg_verb = optarg;
++ else
++ log_error("Excess arguments, ignoring");
++ break;
++
+ case '?':
+ return -EINVAL;
+
+@@ -120,15 +129,11 @@ static int parse_argv(int argc, char *argv[]) {
+ assert_not_reached("Unhandled option code.");
+ }
+
+- if (optind >= argc) {
++ if (!arg_verb) {
+ log_error("Verb argument missing.");
+ return -EINVAL;
+ }
+
+- arg_verb = argv[optind];
+-
+- if (optind + 1 < argc)
+- log_error("Excess arguments, ignoring");
+ return 0;
+ }
+
+--
+2.1.3
+
diff --git a/pcr/systemd-knock/0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch b/pcr/systemd-knock/0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch
new file mode 100644
index 000000000..1a2ac1edf
--- /dev/null
+++ b/pcr/systemd-knock/0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch
@@ -0,0 +1,32 @@
+From 8232e39e7cf32071e11b3b04839e6c98fbc81d0f Mon Sep 17 00:00:00 2001
+From: Colin Guthrie <colin@mageia.org>
+Date: Wed, 5 Nov 2014 15:29:41 +0000
+Subject: [PATCH] udev hwdb: Change error message regarding missing hwdb.bin
+ back to debug.
+
+When used in an initramfs, it's expected that the hwdb.bin file is
+not present (it makes for a very large initramfs otherwise).
+
+While it's nice to tell the user about this, as it's not strictly
+speaking an error we really shouldn't be so forceful in our
+reporting.
+---
+ src/libudev/libudev-hwdb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libudev/libudev-hwdb.c b/src/libudev/libudev-hwdb.c
+index a1cfc0b..0716072 100644
+--- a/src/libudev/libudev-hwdb.c
++++ b/src/libudev/libudev-hwdb.c
+@@ -296,7 +296,7 @@ _public_ struct udev_hwdb *udev_hwdb_new(struct udev *udev) {
+ }
+
+ if (!hwdb->f) {
+- udev_err(udev, "hwdb.bin does not exist, please run udevadm hwdb --update");
++ udev_dbg(udev, "hwdb.bin does not exist, please run udevadm hwdb --update");
+ udev_hwdb_unref(hwdb);
+ return NULL;
+ }
+--
+2.1.3
+
diff --git a/pcr/systemd-knock/0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch b/pcr/systemd-knock/0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch
new file mode 100644
index 000000000..0be955ec7
--- /dev/null
+++ b/pcr/systemd-knock/0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch
@@ -0,0 +1,31 @@
+From 919699ec301ea507edce4a619141ed22e789ac0d Mon Sep 17 00:00:00 2001
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 31 Oct 2014 16:22:36 +0100
+Subject: [PATCH] units: don't order journal flushing afte remote-fs.target
+
+Instead, only depend on the actual file systems we need.
+
+This should solve dep loops on setups where remote-fs.target is moved
+into late boot.
+---
+ units/systemd-journal-flush.service.in | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/units/systemd-journal-flush.service.in b/units/systemd-journal-flush.service.in
+index 699670b..2612220 100644
+--- a/units/systemd-journal-flush.service.in
++++ b/units/systemd-journal-flush.service.in
+@@ -10,8 +10,9 @@ Description=Trigger Flushing of Journal to Persistent Storage
+ Documentation=man:systemd-journald.service(8) man:journald.conf(5)
+ DefaultDependencies=no
+ Requires=systemd-journald.service
+-After=systemd-journald.service local-fs.target remote-fs.target
++After=systemd-journald.service
+ Before=systemd-user-sessions.service systemd-tmpfiles-setup.service
++RequiresMountsFor=/var/log/journal
+
+ [Service]
+ ExecStart=@rootbindir@/journalctl --flush
+--
+2.1.3
+
diff --git a/pcr/systemd-knock/0001-units-make-systemd-journald.service-Type-notify.patch b/pcr/systemd-knock/0001-units-make-systemd-journald.service-Type-notify.patch
new file mode 100644
index 000000000..820b23fbf
--- /dev/null
+++ b/pcr/systemd-knock/0001-units-make-systemd-journald.service-Type-notify.patch
@@ -0,0 +1,35 @@
+From a87a38c20196a4aeb56b6ba71d688eefd0b21c30 Mon Sep 17 00:00:00 2001
+From: Michal Schmidt <mschmidt@redhat.com>
+Date: Tue, 4 Nov 2014 20:28:08 +0100
+Subject: [PATCH] units: make systemd-journald.service Type=notify
+
+It already calls sd_notify(), so it looks like an oversight.
+
+Without it, its ordering to systemd-journal-flush.service is
+non-deterministic and the SIGUSR1 from flushing may kill journald before
+it has its signal handlers set up.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=85871
+https://bugzilla.redhat.com/show_bug.cgi?id=1159641
+---
+(foutrelis: dropped systemd-journald-audit.socket from Sockets= in order to
+ apply to systemd 217)
+
+ units/systemd-journald.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
+index 7ee67fd..8d380c8 100644
+--- a/units/systemd-journald.service.in
++++ b/units/systemd-journald.service.in
+@@ -14,6 +14,7 @@ After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-a
+ Before=sysinit.target
+
+ [Service]
++Type=notify
+ Sockets=systemd-journald.socket systemd-journald-dev-log.socket
+ ExecStart=@rootlibexecdir@/systemd-journald
+ Restart=always
+--
+2.1.3
+
diff --git a/pcr/systemd-knock/0001-units-order-sd-journal-flush-after-sd-remount-fs.patch b/pcr/systemd-knock/0001-units-order-sd-journal-flush-after-sd-remount-fs.patch
new file mode 100644
index 000000000..b288b5765
--- /dev/null
+++ b/pcr/systemd-knock/0001-units-order-sd-journal-flush-after-sd-remount-fs.patch
@@ -0,0 +1,29 @@
+From 1f1926aa5e836caa3bd6df43704aecd606135103 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 2 Nov 2014 21:45:42 -0500
+Subject: [PATCH] units: order sd-journal-flush after sd-remount-fs
+
+Otherwise we could attempt to flush the journal while /var/log/ was
+still ro, and silently skip journal flushing.
+
+The way that errors in flushing are handled should still be changed to
+be more transparent and robust.
+---
+ units/systemd-journal-flush.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/units/systemd-journal-flush.service.in b/units/systemd-journal-flush.service.in
+index fa29089..98c91b4 100644
+--- a/units/systemd-journal-flush.service.in
++++ b/units/systemd-journal-flush.service.in
+@@ -11,6 +11,7 @@ Documentation=man:systemd-journald.service(8) man:journald.conf(5)
+ DefaultDependencies=no
+ Requires=systemd-journald.service
+ After=systemd-journald.service
++After=systemd-remount-fs.service
+ Before=systemd-user-sessions.service systemd-tmpfiles-setup.service
+ RequiresMountsFor=/var/log/journal
+
+--
+2.1.3
+
diff --git a/pcr/systemd-knock/PKGBUILD b/pcr/systemd-knock/PKGBUILD
new file mode 100644
index 000000000..296e2a47c
--- /dev/null
+++ b/pcr/systemd-knock/PKGBUILD
@@ -0,0 +1,186 @@
+# Maintainer (Arch): Dave Reisner <dreisner@archlinux.org>
+# Maintainer (Arch): Tom Gundersen <teg@jklm.no>
+# Maintainer: Márcio Silva <coadde@parabola.nu>
+
+pkgbase=systemd
+pkgname=('systemd-knock' 'libsystemd-knock')
+pkgver=217
+pkgrel=7
+arch=('i686' 'x86_64')
+url="http://www.freedesktop.org/wiki/Software/systemd"
+makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gobject-introspection' 'gperf'
+ 'gtk-doc' 'intltool' 'kmod' 'libcap' 'libidn' 'libgcrypt' 'libmicrohttpd'
+ 'libxslt' 'util-linux' 'linux-api-headers' 'lz4' 'pam' 'python'
+ 'python-lxml' 'quota-tools' 'shadow' 'xz')
+options=('strip' 'debug')
+source=("http://www.freedesktop.org/software/$pkgbase/$pkgbase-$pkgver.tar.xz"
+ '0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch'
+ '0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch'
+ '0001-shared-install-avoid-prematurely-rejecting-missing-u.patch'
+ '0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch'
+ '0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch'
+ '0001-units-order-sd-journal-flush-after-sd-remount-fs.patch'
+ '0001-units-make-systemd-journald.service-Type-notify.patch'
+ '0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch'
+ '0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch'
+ '0001-adds-TCP-Stealth-support-to-systemd.patch::https://gnunet.org/sites/default/files/systemd-knock-patch.diff'
+ 'initcpio-hook-udev'
+ 'initcpio-install-systemd'
+ 'initcpio-install-udev')
+md5sums=('e68dbff3cc19f66e341572d9fb2ffa89'
+ 'ca9e33118fd8d456563854d95512a577'
+ 'ade8c1b5b2c85d0a83b7bcf5aa6d131a'
+ '7aaf44ce842deb449fca0f2595bbc1e4'
+ '4adc3ddce027693bafa53089322e859b'
+ '42ff9d59bb057637355b202157d59991'
+ '92497d06e0af615be4b368fe615109c0'
+ 'a321d62d6ffada9e6976bdd339fa3219'
+ 'f72e8d086172177c224f0ce48ef54222'
+ '6326988822e9d18217525b2cb25cec1d'
+ '460945a02c8972bbc6616a5d8136a3ad'
+ '90ea67a7bb237502094914622a39e281'
+ '107c489f27c667be4101aecd3369b355'
+ 'bde43090d4ac0ef048e3eaee8202a407')
+
+prepare() {
+ cd "$pkgbase-$pkgver"
+
+ patch -Np1 <../0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch
+ patch -Np1 <../0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch
+ patch -Np1 <../0001-shared-install-avoid-prematurely-rejecting-missing-u.patch
+ patch -Np1 <../0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch
+ patch -Np1 <../0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch
+ patch -Np1 <../0001-units-order-sd-journal-flush-after-sd-remount-fs.patch
+ patch -Np1 <../0001-units-make-systemd-journald.service-Type-notify.patch
+ patch -Np1 <../0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch
+ patch -Np1 <../0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch
+ patch -Np1 <../0001-adds-TCP-Stealth-support-to-systemd.patch
+}
+
+build() {
+ cd "$pkgbase-$pkgver"
+
+ local timeservers=({0..3}.arch.pool.ntp.org)
+
+ autoreconf --force --install -I config -I m4
+ ./configure \
+ --libexecdir=/usr/lib \
+ --localstatedir=/var \
+ --sysconfdir=/etc \
+ --enable-introspection \
+ --enable-gtk-doc \
+ --enable-lz4 \
+ --enable-compat-libs \
+ --enable-tcp-stealth \
+ --disable-audit \
+ --disable-ima \
+ --disable-kdbus \
+ --with-sysvinit-path= \
+ --with-sysvrcnd-path= \
+ --with-ntp-servers="${timeservers[*]}"
+
+ make
+}
+
+package_systemd-knock() {
+ pkgdesc="system and service manager with support for stealth TCP sockets"
+ license=('GPL2' 'LGPL2.1' 'MIT')
+ depends=('acl' 'bash' 'dbus' 'glib2' 'kbd' 'kmod' 'hwids' 'libcap' 'libgcrypt'
+ 'libsystemd-knock' 'libidn' 'lz4' 'pam' 'libseccomp' 'util-linux' 'xz')
+ provides=('nss-myhostname' "systemd-tools=$pkgver" "udev=$pkgver" "systemd=$pkgver")
+ replaces=('nss-myhostname' 'systemd-tools' 'udev')
+ conflicts=('nss-myhostname' 'systemd-tools' 'udev' 'systemd')
+ optdepends=('python: systemd library bindings'
+ 'cryptsetup: required for encrypted block devices'
+ 'libmicrohttpd: remote journald capabilities'
+ 'quota-tools: kernel-level quota management'
+ 'systemd-sysvcompat: symlink package to provide sysvinit binaries'
+ 'polkit: allow administration as unprivileged user')
+ backup=(etc/dbus-1/system.d/org.freedesktop.systemd1.conf
+ etc/dbus-1/system.d/org.freedesktop.hostname1.conf
+ etc/dbus-1/system.d/org.freedesktop.login1.conf
+ etc/dbus-1/system.d/org.freedesktop.locale1.conf
+ etc/dbus-1/system.d/org.freedesktop.machine1.conf
+ etc/dbus-1/system.d/org.freedesktop.timedate1.conf
+ etc/pam.d/systemd-user
+ etc/systemd/bootchart.conf
+ etc/systemd/coredump.conf
+ etc/systemd/journald.conf
+ etc/systemd/logind.conf
+ etc/systemd/system.conf
+ etc/systemd/timesyncd.conf
+ etc/systemd/resolved.conf
+ etc/systemd/user.conf
+ etc/udev/udev.conf)
+ install="systemd.install"
+
+ make -C "$pkgbase-$pkgver" DESTDIR="$pkgdir" install
+
+ # don't write units to /etc by default. some of these will be re-enabled on
+ # post_install.
+ rm "$pkgdir/etc/systemd/system/getty.target.wants/getty@tty1.service" \
+ "$pkgdir/etc/systemd/system/multi-user.target.wants/systemd-networkd.service" \
+ "$pkgdir/etc/systemd/system/multi-user.target.wants/systemd-resolved.service" \
+ "$pkgdir/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service" \
+ "$pkgdir/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service"
+ rmdir "$pkgdir/etc/systemd/system/getty.target.wants" \
+ "$pkgdir/etc/systemd/system/network-online.target.wants"
+
+ # get rid of RPM macros
+ rm -r "$pkgdir/usr/lib/rpm"
+
+ # add back tmpfiles.d/legacy.conf
+ install -m644 "systemd-$pkgver/tmpfiles.d/legacy.conf" "$pkgdir/usr/lib/tmpfiles.d"
+
+ # Replace dialout/tape/cdrom group in rules with uucp/storage/optical group
+ sed -i 's#GROUP="dialout"#GROUP="uucp"#g;
+ s#GROUP="tape"#GROUP="storage"#g;
+ s#GROUP="cdrom"#GROUP="optical"#g' "$pkgdir"/usr/lib/udev/rules.d/*.rules
+ sed -i 's/dialout/uucp/g;
+ s/tape/storage/g;
+ s/cdrom/optical/g' "$pkgdir"/usr/lib/sysusers.d/basic.conf
+
+ # add mkinitcpio hooks
+ install -Dm644 "$srcdir/initcpio-install-systemd" "$pkgdir/usr/lib/initcpio/install/systemd"
+ install -Dm644 "$srcdir/initcpio-install-udev" "$pkgdir/usr/lib/initcpio/install/udev"
+ install -Dm644 "$srcdir/initcpio-hook-udev" "$pkgdir/usr/lib/initcpio/hooks/udev"
+
+ # ensure proper permissions for /var/log/journal. This is only to placate
+ chown root:systemd-journal "$pkgdir/var/log/journal"
+ chmod 2755 "$pkgdir/var/log/journal"{,/remote}
+
+ # fix pam file
+ sed 's|system-auth|system-login|g' -i "$pkgdir/etc/pam.d/systemd-user"
+
+ # ship default policy to leave services disabled
+ echo 'disable *' >"$pkgdir"/usr/lib/systemd/system-preset/99-default.preset
+
+ ### split out manpages for sysvcompat
+ rm -rf "$srcdir/_sysvcompat"
+ install -dm755 "$srcdir"/_sysvcompat/usr/share/man/man8/
+ mv "$pkgdir"/usr/share/man/man8/{telinit,halt,reboot,poweroff,runlevel,shutdown}.8 \
+ "$srcdir"/_sysvcompat/usr/share/man/man8
+
+ ### split off runtime libraries
+ rm -rf "$srcdir/_libsystemd"
+ install -dm755 "$srcdir"/_libsystemd/usr/lib
+ cd "$srcdir"/_libsystemd
+ mv "$pkgdir"/usr/lib/lib{systemd,{g,}udev}*.so* usr/lib
+
+ # include MIT license, since it's technically custom
+ install -Dm644 "$srcdir/$pkgbase-$pkgver/LICENSE.MIT" \
+ "$pkgdir/usr/share/licenses/systemd/LICENSE.MIT"
+}
+
+package_libsystemd-knock() {
+ pkgdesc="systemd client libraries with support for stealth TCP sockets"
+ depends=('glib2' 'glibc' 'libgcrypt' 'xz')
+ license=('GPL2')
+ provides=('libgudev-1.0.so' 'libsystemd.so' 'libsystemd-daemon.so' 'libsystemd-id128.so'
+ 'libsystemd-journal.so' 'libsystemd-login.so' 'libudev.so' "libsystemd=$pkgver")
+ conflicts=('libsystemd')
+
+ mv "$srcdir/_libsystemd"/* "$pkgdir"
+}
+
+# vim: ft=sh syn=sh et
diff --git a/pcr/systemd-knock/initcpio-hook-udev b/pcr/systemd-knock/initcpio-hook-udev
new file mode 100644
index 000000000..ea9a11f8c
--- /dev/null
+++ b/pcr/systemd-knock/initcpio-hook-udev
@@ -0,0 +1,22 @@
+#!/usr/bin/ash
+
+run_earlyhook() {
+ kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf
+ systemd-tmpfiles --prefix=/dev --create --boot
+ /usr/lib/systemd/systemd-udevd --daemon --resolve-names=never
+ udevd_running=1
+}
+
+run_hook() {
+ msg ":: Triggering uevents..."
+ udevadm trigger --action=add --type=subsystems
+ udevadm trigger --action=add --type=devices
+ udevadm settle
+}
+
+run_cleanuphook() {
+ udevadm control --exit
+ udevadm info --cleanup-db
+}
+
+# vim: set ft=sh ts=4 sw=4 et:
diff --git a/pcr/systemd-knock/initcpio-install-systemd b/pcr/systemd-knock/initcpio-install-systemd
new file mode 100644
index 000000000..1ebca01a8
--- /dev/null
+++ b/pcr/systemd-knock/initcpio-install-systemd
@@ -0,0 +1,168 @@
+#!/bin/bash
+
+strip_quotes() {
+ local len=${#1} quotes=$'[\'"]' str=${!1}
+
+ if [[ ${str:0:1} = ${str: -1} && ${str:0:1} = $quotes ]]; then
+ printf -v "$1" %s "${str:1:-1}"
+ fi
+}
+
+add_udev_rule() {
+ # Add an udev rules file to the initcpio image. Dependencies on binaries
+ # will be discovered and added.
+ # $1: path to rules file (or name of rules file)
+
+ local rules= rule= key= value= binary=
+
+ rules=$(PATH=/usr/lib/udev/rules.d:/lib/udev/rules.d type -P "$1")
+ if [[ -z $rules ]]; then
+ # complain about not found rules
+ return 1
+ fi
+
+ add_file "$rules"
+
+ while IFS=, read -ra rule; do
+ # skip empty lines, comments
+ [[ -z $rule || $rule = @(+([[:space:]])|#*) ]] && continue
+
+ for pair in "${rule[@]}"; do
+ IFS=' =' read -r key value <<< "$pair"
+ case $key in
+ RUN@({program}|+)|IMPORT{program}|ENV{REMOVE_CMD})
+ strip_quotes 'value'
+ # just take the first word as the binary name
+ binary=${value%% *}
+ if [[ ${binary:0:1} != '/' ]]; then
+ binary=$(PATH=/usr/lib/udev:/lib/udev type -P "$binary")
+ fi
+ add_binary "$binary"
+ ;;
+ esac
+ done
+ done <"$rules"
+}
+
+add_systemd_unit() {
+ # Add a systemd unit file to the initcpio image. Hard dependencies on binaries
+ # and other unit files will be discovered and added.
+ # $1: path to rules file (or name of rules file)
+
+ local unit= rule= entry= key= value= binary= dep=
+
+ unit=$(PATH=/usr/lib/systemd/system:/lib/systemd/system type -P "$1")
+ if [[ -z $unit ]]; then
+ # complain about not found unit file
+ return 1
+ fi
+
+ add_file "$unit"
+
+ while IFS='=' read -r key values; do
+ read -ra values <<< "$values"
+
+ case $key in
+ Requires|OnFailure)
+ # only add hard dependencies (not Wants)
+ map add_systemd_unit "${values[@]}"
+ ;;
+ Exec*)
+ # don't add binaries unless they are required
+ if [[ ${values[0]:0:1} != '-' ]]; then
+ add_binary "${values[0]}"
+ fi
+ ;;
+ esac
+
+ done <"$unit"
+
+ # preserve reverse soft dependency
+ for dep in {/usr,}/lib/systemd/system/*.wants/${unit##*/}; do
+ if [[ -L $dep ]]; then
+ add_symlink "$dep"
+ fi
+ done
+
+ # add hard dependencies
+ if [[ -d $unit.requires ]]; then
+ for dep in "$unit".requires/*; do
+ add_systemd_unit ${dep##*/}
+ done
+ fi
+}
+
+build() {
+ local rules unit
+
+ # from base
+ add_binary /bin/mount
+ add_binary /usr/bin/kmod /usr/bin/modprobe
+ add_binary /usr/lib/systemd/systemd /init
+
+ map add_binary \
+ /usr/lib/systemd/systemd-hibernate-resume \
+ /usr/lib/systemd/system-generators/systemd-hibernate-resume-generator \
+ /usr/bin/systemd-tmpfiles
+
+ # generators
+ map add_file \
+ /usr/lib/systemd/system-generators/systemd-fstab-generator \
+ /usr/lib/systemd/system-generators/systemd-gpt-auto-generator
+
+ # udev rules and systemd units
+ map add_udev_rule "$rules" \
+ 50-udev-default.rules \
+ 60-persistent-storage.rules \
+ 64-btrfs.rules \
+ 80-drivers.rules \
+ 99-systemd.rules
+
+ map add_systemd_unit \
+ initrd-cleanup.service \
+ initrd-fs.target \
+ initrd-parse-etc.service \
+ initrd-root-fs.target \
+ initrd-switch-root.service \
+ initrd-switch-root.target \
+ initrd-udevadm-cleanup-db.service \
+ initrd.target \
+ kmod-static-nodes.service \
+ local-fs.target \
+ local-fs-pre.target \
+ paths.target \
+ slices.target \
+ sockets.target \
+ swap.target \
+ systemd-fsck@.service \
+ systemd-hibernate-resume@.service \
+ systemd-journald.service \
+ systemd-journald-dev-log.socket \
+ systemd-tmpfiles-setup-dev.service \
+ systemd-udev-trigger.service \
+ systemd-udevd-control.socket \
+ systemd-udevd-kernel.socket \
+ systemd-udevd.service \
+ timers.target
+
+ add_symlink "/usr/lib/systemd/system/default.target" "initrd.target"
+ add_symlink "/usr/lib/systemd/system/ctrl-alt-del.target" "reboot.target"
+
+ # udev wants /etc/group since it doesn't launch with --resolve-names=never
+ add_file "/etc/nsswitch.conf"
+ add_binary "$(readlink -f /usr/lib/libnss_files.so)"
+ add_file "/etc/passwd"
+ add_file "/etc/group"
+}
+
+help() {
+ cat <<HELPEOF
+This will install a basic systemd setup in your initramfs, and is meant to
+replace the 'base', 'usr', 'udev' and 'timestamp' hooks. Other hooks with runtime
+components will need to be ported, and will not work as intended. You also may
+wish to still include the 'base' hook (before this hook) to ensure that a
+rescue shell exists on your initramfs.
+HELPEOF
+}
+
+# vim: set ft=sh ts=4 sw=4 et:
diff --git a/pcr/systemd-knock/initcpio-install-udev b/pcr/systemd-knock/initcpio-install-udev
new file mode 100644
index 000000000..419c19e58
--- /dev/null
+++ b/pcr/systemd-knock/initcpio-install-udev
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+build() {
+ local rules tool
+
+ add_file "/etc/udev/udev.conf"
+ add_binary /usr/lib/systemd/systemd-udevd
+ add_binary /usr/bin/udevadm
+ add_binary /usr/bin/systemd-tmpfiles
+
+ for rules in 50-udev-default.rules 60-persistent-storage.rules 64-btrfs.rules 80-drivers.rules; do
+ add_file "/usr/lib/udev/rules.d/$rules"
+ done
+ for tool in ata_id scsi_id; do
+ add_file "/usr/lib/udev/$tool"
+ done
+
+ add_runscript
+}
+
+help() {
+ cat <<HELPEOF
+This hook will use udev to create your root device node and detect the needed
+modules for your root device. It is also required for firmware loading in
+initramfs. It is recommended to use this hook.
+HELPEOF
+}
+
+# vim: set ft=sh ts=4 sw=4 et:
diff --git a/pcr/systemd-knock/systemd.install b/pcr/systemd-knock/systemd.install
new file mode 100644
index 000000000..8957a3336
--- /dev/null
+++ b/pcr/systemd-knock/systemd.install
@@ -0,0 +1,191 @@
+#!/bin/bash
+
+sd_booted() {
+ [[ -d run/systemd/system && ! -L run/systemd/system ]]
+}
+
+add_privs() {
+ if ! setcap "$2" "$1" 2>/dev/null; then
+ echo "==> Warning: setcap failed, falling back to setuid root on /$1"
+ chmod u+s "$1"
+ fi
+}
+
+add_journal_acls() {
+ # ignore errors, since the filesystem might not support ACLs
+ setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx var/log/journal/ 2>/dev/null
+ :
+}
+
+maybe_reexec() {
+ # don't reexec on 209-1 upgrade due to large infrastructural changes.
+ if [[ $(vercmp 209-1 "$2") -eq 1 ]]; then
+ echo ':: systemd has not been reexecuted. It is recommended that you'
+ echo ' reboot at your earliest convenience.'
+ return
+ fi
+
+ if sd_booted; then
+ systemctl --system daemon-reexec
+ fi
+}
+
+_dir_empty() {
+ set -- "$1"/*
+ [[ ! -e $1 && ! -L $1 ]]
+}
+
+post_common() {
+ systemd-sysusers
+ udevadm hwdb --update
+ journalctl --update-catalog
+}
+
+_204_1_changes() {
+ printf '==> The /bin/systemd symlink has been removed. Any references in your\n'
+ printf ' bootloader (or elsewhere) must be updated to /usr/lib/systemd/systemd.\n'
+}
+
+_205_1_changes() {
+ printf '==> systemd 205 restructures the cgroup hierarchy and changes internal\n'
+ printf ' protocols. You should reboot at your earliest convenience.\n'
+}
+
+_206_1_changes() {
+ printf '==> The "timestamp" hook for mkinitcpio no longer exists. If you used\n'
+ printf ' this hook, you must remove it from /etc/mkinitcpio.conf. A "systemd"\n'
+ printf ' hook has been added which provides this functionality, and more.\n'
+}
+
+_208_1_changes() {
+ if [[ -e var/lib/backlight && ! -e var/lib/systemd/backlight ]]; then
+ mv -T var/lib/backlight var/lib/systemd/backlight
+ fi
+
+ if [[ -e var/lib/random-seed && ! -e var/lib/systemd/random-seed ]]; then
+ mv -T var/lib/random-seed var/lib/systemd/random-seed
+ fi
+}
+
+_208_8_changes() {
+ add_journal_acls
+}
+
+_209_1_changes() {
+ # attempt to preserve existing behavior
+
+ local old_rule=etc/udev/rules.d/80-net-name-slot.rules
+ local new_rule=etc/udev/rules.d/80-net-setup-link.rules
+
+ echo ":: Network device naming is now controlled by udev's net_setup_link"
+ echo " builtin. Refer to the systemd.link manpage for a full description."
+
+ # not clear what action we can take here, so don't do anything
+ [[ -e $new_rule ]] && return 0
+
+ # rename the old rule to the new one so that we preserve the user's
+ # existing option.
+ if [[ -e $old_rule ]]; then
+ printf ':: Renaming %s to %s in order\n' "${old_rule##*/}" "${new_rule##*/}"
+ printf ' to preserve existing network naming behavior.\n'
+ mv -v "$old_rule" "$new_rule"
+ else
+ echo ':: No changes have been made to your network naming configuration.'
+ echo ' Interfaces should continue to maintain the same names.'
+ fi
+}
+
+_210_1_changes() {
+ if sd_booted; then
+ # If /etc/systemd/network is non-empty, then this is a 209 user who used
+ # networkd. Re-enable it for them.
+ if ! _dir_empty etc/systemd/network; then
+ systemctl enable systemd-networkd
+ fi
+ fi
+}
+
+_213_4_changes() {
+ if sd_booted; then
+ # if /etc/resolv.conf is a symlink, just assume that it was being managed
+ # by systemd-networkd, and re-enable systemd-resolved.
+ if [[ -L etc/resolv.conf ]]; then
+ systemctl enable systemd-resolved
+ fi
+ fi
+}
+
+_214_2_changes() {
+ # /run/systemd/network/resolv.conf -> /run/systemd/resolve/resolv.conf
+ if [[ etc/resolv.conf -ef run/systemd/network/resolv.conf ]]; then
+ ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
+
+ if sd_booted; then
+ if [[ ! -d run/systemd/resolve ]]; then
+ mkdir run/systemd/resolve
+ fi
+
+ if [[ -f run/systemd/network/resolv.conf ]]; then
+ mv run/systemd/{network,resolve}/resolv.conf
+ fi
+ fi
+ fi
+
+ echo ':: coredumps are no longer sent to the journal by default. To re-enable:'
+ echo ' echo >/etc/sysctl.d/50-coredump.conf \'
+ echo ' "kernel.core_pattern=|/usr/lib/systemd/systemd-coredump %p %u %g %s %t %e"'
+}
+
+_215_2_changes() {
+ # create at least the symlink from /etc/os-release to /usr/lib/os-release
+ systemd-tmpfiles --create etc.conf
+}
+
+_216_2_changes() {
+ echo ':: Coredumps are handled by systemd by default. Collection behavior can be'
+ echo ' tuned in /etc/systemd/coredump.conf.'
+}
+
+post_install() {
+ # because systemd can't sanely manage this meanial task...
+ uuidgen | {
+ read
+ echo "${REPLY//-}">etc/machine-id
+ }
+
+ post_common "$@"
+
+ add_journal_acls
+
+ # enable getty@tty1 by default, but don't track the file
+ systemctl enable getty@tty1.service
+
+ echo ":: Append 'init=/usr/lib/systemd/systemd' to your kernel command line in your"
+ echo " bootloader to replace sysvinit with systemd, or install systemd-sysvcompat"
+}
+
+post_upgrade() {
+ post_common "$@"
+
+ maybe_reexec "$@"
+
+ local v upgrades=(204-1
+ 205-1
+ 206-1
+ 208-1
+ 208-8
+ 209-1
+ 210-1
+ 213-4
+ 214-2
+ 215-2
+ 216-2)
+
+ for v in "${upgrades[@]}"; do
+ if [[ $(vercmp "$v" "$2") -eq 1 ]]; then
+ "_${v//-/_}_changes"
+ fi
+ done
+}
+
+# vim:set ts=2 sw=2 et: