diff options
Diffstat (limited to 'pcr/systemd-knock')
14 files changed, 919 insertions, 0 deletions
diff --git a/pcr/systemd-knock/0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch b/pcr/systemd-knock/0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch new file mode 100644 index 000000000..86817596b --- /dev/null +++ b/pcr/systemd-knock/0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch @@ -0,0 +1,33 @@ +From 1ab19cb167b32967556eefd8f6d3df0e3de7d67d Mon Sep 17 00:00:00 2001 +From: Dave Reisner <dreisner@archlinux.org> +Date: Wed, 29 Oct 2014 13:32:43 -0400 +Subject: [PATCH] nspawn: ignore EEXIST when creating mount point + +A combination of commits f3c80515c and 79d80fc14 cause nspawn to +silently fail with a commandline such as: + + # systemd-nspawn -D /build/extra-x86_64 --bind=/usr + +strace shows the culprit: + + [pid 27868] writev(2, [{"Failed to create mount point /build/extra-x86_64/usr: File exists", 82}, {"\n", 1}], 2) = 83 +--- + src/nspawn/nspawn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index b6d9bc6..d88987a 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -758,7 +758,7 @@ static int mount_binds(const char *dest, char **l, bool ro) { + * and char devices. */ + if (S_ISDIR(source_st.st_mode)) { + r = mkdir_label(where, 0755); +- if (r < 0) { ++ if (r < 0 && errno != EEXIST) { + log_error("Failed to create mount point %s: %s", where, strerror(-r)); + + return r; +-- +2.1.2 + diff --git a/pcr/systemd-knock/0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch b/pcr/systemd-knock/0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch new file mode 100644 index 000000000..fc8f16a79 --- /dev/null +++ b/pcr/systemd-knock/0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch @@ -0,0 +1,25 @@ +From ef7b6c0190fefaacf6d8f8e1a6dda4ba8b98091b Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 29 Oct 2014 17:58:43 +0100 +Subject: [PATCH] sd-bus: properly handle removals of non-existing matches + +--- + src/libsystemd/sd-bus/bus-match.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-bus/bus-match.c b/src/libsystemd/sd-bus/bus-match.c +index 18afe0f..5658c61 100644 +--- a/src/libsystemd/sd-bus/bus-match.c ++++ b/src/libsystemd/sd-bus/bus-match.c +@@ -537,7 +537,7 @@ static int bus_match_find_compare_value( + else if (BUS_MATCH_CAN_HASH(t)) + n = hashmap_get(c->compare.children, value_str); + else { +- for (n = c->child; !value_node_same(n, t, value_u8, value_str); n = n->next) ++ for (n = c->child; n && !value_node_same(n, t, value_u8, value_str); n = n->next) + ; + } + +-- +2.1.3 + diff --git a/pcr/systemd-knock/0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch b/pcr/systemd-knock/0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch new file mode 100644 index 000000000..3d72b5df2 --- /dev/null +++ b/pcr/systemd-knock/0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch @@ -0,0 +1,31 @@ +From d5a248dbe933c5cbe3ba3d0c5eb8a035018ba6af Mon Sep 17 00:00:00 2001 +From: Dan Williams <dcbw@redhat.com> +Date: Thu, 30 Oct 2014 14:23:00 -0500 +Subject: [PATCH] sd-dhcp-client: clean up raw socket sd_event_source when + creating new UDP socket + +The raw socket sd_event_source used for DHCP server solicitations +was simply dropped on the floor when creating the new UDP socket +after a lease has been acquired. Clean it up properly so we're +not still listening and responding to events on it. +--- + src/libsystemd-network/sd-dhcp-client.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c +index 0eba4c3..1f7f238 100644 +--- a/src/libsystemd-network/sd-dhcp-client.c ++++ b/src/libsystemd-network/sd-dhcp-client.c +@@ -1269,6 +1269,9 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, + if (r >= 0) { + client->timeout_resend = + sd_event_source_unref(client->timeout_resend); ++ client->receive_message = ++ sd_event_source_unref(client->receive_message); ++ client->fd = asynchronous_close(client->fd); + + if (IN_SET(client->state, DHCP_STATE_REQUESTING, + DHCP_STATE_REBOOTING)) +-- +2.1.3 + diff --git a/pcr/systemd-knock/0001-shared-install-avoid-prematurely-rejecting-missing-u.patch b/pcr/systemd-knock/0001-shared-install-avoid-prematurely-rejecting-missing-u.patch new file mode 100644 index 000000000..6ea9c7cca --- /dev/null +++ b/pcr/systemd-knock/0001-shared-install-avoid-prematurely-rejecting-missing-u.patch @@ -0,0 +1,39 @@ +From 0ffce503cd6e5a5ff5ba5cd1cc23684cfb8bb9e3 Mon Sep 17 00:00:00 2001 +From: Dave Reisner <dreisner@archlinux.org> +Date: Thu, 30 Oct 2014 20:12:05 -0400 +Subject: [PATCH] shared/install: avoid prematurely rejecting "missing" units + +f7101b7368df copied some logic to prevent enabling masked units, but +also added a check which causes attempts to enable templated units to +fail. Since we know the logic beyond this check will properly handle +units which truly do not exist, we can rely on the unit file state +comparison to suffice for expressing the intent of f7101b7368df. + +ref: https://bugs.archlinux.org/task/42616 +--- + src/shared/install.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/src/shared/install.c b/src/shared/install.c +index 035b44c..cab93e8 100644 +--- a/src/shared/install.c ++++ b/src/shared/install.c +@@ -1620,12 +1620,10 @@ int unit_file_enable( + STRV_FOREACH(i, files) { + UnitFileState state; + ++ /* We only want to know if this unit is masked, so we ignore ++ * errors from unit_file_get_state, deferring other checks. ++ * This allows templated units to be enabled on the fly. */ + state = unit_file_get_state(scope, root_dir, *i); +- if (state < 0) { +- log_error("Failed to get unit file state for %s: %s", *i, strerror(-state)); +- return state; +- } +- + if (state == UNIT_FILE_MASKED || state == UNIT_FILE_MASKED_RUNTIME) { + log_error("Failed to enable unit: Unit %s is masked", *i); + return -ENOTSUP; +-- +2.1.3 + diff --git a/pcr/systemd-knock/0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch b/pcr/systemd-knock/0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch new file mode 100644 index 000000000..5d48d17bc --- /dev/null +++ b/pcr/systemd-knock/0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch @@ -0,0 +1,68 @@ +From 4b5d8d0f22ae61ceb45a25391354ba53b43ee992 Mon Sep 17 00:00:00 2001 +From: Michal Schmidt <mschmidt@redhat.com> +Date: Thu, 6 Nov 2014 22:24:13 +0100 +Subject: [PATCH] shutdown: fix arguments to /run/initramfs/shutdown + +Our initrd interface specifies that the verb is in argv[1]. +This is where systemd passes it to systemd-shutdown, but getopt +permutes argv[]. This confuses dracut's shutdown script: + Shutdown called with argument '--log-level'. Rebooting! + +getopt can be convinced to not permute argv[] by having '-' as the first +character of optstring. Let's use it. This requires changing the way +non-option arguments (in our case, the verb) are processed. + +This fixes a bug where the system would reboot instead of powering off. +--- + src/core/shutdown.c | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/src/core/shutdown.c b/src/core/shutdown.c +index dd11ae3..48ed7fa 100644 +--- a/src/core/shutdown.c ++++ b/src/core/shutdown.c +@@ -75,7 +75,9 @@ static int parse_argv(int argc, char *argv[]) { + assert(argc >= 1); + assert(argv); + +- while ((c = getopt_long(argc, argv, "", options, NULL)) >= 0) ++ /* "-" prevents getopt from permuting argv[] and moving the verb away ++ * from argv[1]. Our interface to initrd promises it'll be there. */ ++ while ((c = getopt_long(argc, argv, "-", options, NULL)) >= 0) + switch (c) { + + case ARG_LOG_LEVEL: +@@ -113,6 +115,13 @@ static int parse_argv(int argc, char *argv[]) { + + break; + ++ case '\001': ++ if (!arg_verb) ++ arg_verb = optarg; ++ else ++ log_error("Excess arguments, ignoring"); ++ break; ++ + case '?': + return -EINVAL; + +@@ -120,15 +129,11 @@ static int parse_argv(int argc, char *argv[]) { + assert_not_reached("Unhandled option code."); + } + +- if (optind >= argc) { ++ if (!arg_verb) { + log_error("Verb argument missing."); + return -EINVAL; + } + +- arg_verb = argv[optind]; +- +- if (optind + 1 < argc) +- log_error("Excess arguments, ignoring"); + return 0; + } + +-- +2.1.3 + diff --git a/pcr/systemd-knock/0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch b/pcr/systemd-knock/0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch new file mode 100644 index 000000000..1a2ac1edf --- /dev/null +++ b/pcr/systemd-knock/0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch @@ -0,0 +1,32 @@ +From 8232e39e7cf32071e11b3b04839e6c98fbc81d0f Mon Sep 17 00:00:00 2001 +From: Colin Guthrie <colin@mageia.org> +Date: Wed, 5 Nov 2014 15:29:41 +0000 +Subject: [PATCH] udev hwdb: Change error message regarding missing hwdb.bin + back to debug. + +When used in an initramfs, it's expected that the hwdb.bin file is +not present (it makes for a very large initramfs otherwise). + +While it's nice to tell the user about this, as it's not strictly +speaking an error we really shouldn't be so forceful in our +reporting. +--- + src/libudev/libudev-hwdb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libudev/libudev-hwdb.c b/src/libudev/libudev-hwdb.c +index a1cfc0b..0716072 100644 +--- a/src/libudev/libudev-hwdb.c ++++ b/src/libudev/libudev-hwdb.c +@@ -296,7 +296,7 @@ _public_ struct udev_hwdb *udev_hwdb_new(struct udev *udev) { + } + + if (!hwdb->f) { +- udev_err(udev, "hwdb.bin does not exist, please run udevadm hwdb --update"); ++ udev_dbg(udev, "hwdb.bin does not exist, please run udevadm hwdb --update"); + udev_hwdb_unref(hwdb); + return NULL; + } +-- +2.1.3 + diff --git a/pcr/systemd-knock/0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch b/pcr/systemd-knock/0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch new file mode 100644 index 000000000..0be955ec7 --- /dev/null +++ b/pcr/systemd-knock/0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch @@ -0,0 +1,31 @@ +From 919699ec301ea507edce4a619141ed22e789ac0d Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 31 Oct 2014 16:22:36 +0100 +Subject: [PATCH] units: don't order journal flushing afte remote-fs.target + +Instead, only depend on the actual file systems we need. + +This should solve dep loops on setups where remote-fs.target is moved +into late boot. +--- + units/systemd-journal-flush.service.in | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/units/systemd-journal-flush.service.in b/units/systemd-journal-flush.service.in +index 699670b..2612220 100644 +--- a/units/systemd-journal-flush.service.in ++++ b/units/systemd-journal-flush.service.in +@@ -10,8 +10,9 @@ Description=Trigger Flushing of Journal to Persistent Storage + Documentation=man:systemd-journald.service(8) man:journald.conf(5) + DefaultDependencies=no + Requires=systemd-journald.service +-After=systemd-journald.service local-fs.target remote-fs.target ++After=systemd-journald.service + Before=systemd-user-sessions.service systemd-tmpfiles-setup.service ++RequiresMountsFor=/var/log/journal + + [Service] + ExecStart=@rootbindir@/journalctl --flush +-- +2.1.3 + diff --git a/pcr/systemd-knock/0001-units-make-systemd-journald.service-Type-notify.patch b/pcr/systemd-knock/0001-units-make-systemd-journald.service-Type-notify.patch new file mode 100644 index 000000000..820b23fbf --- /dev/null +++ b/pcr/systemd-knock/0001-units-make-systemd-journald.service-Type-notify.patch @@ -0,0 +1,35 @@ +From a87a38c20196a4aeb56b6ba71d688eefd0b21c30 Mon Sep 17 00:00:00 2001 +From: Michal Schmidt <mschmidt@redhat.com> +Date: Tue, 4 Nov 2014 20:28:08 +0100 +Subject: [PATCH] units: make systemd-journald.service Type=notify + +It already calls sd_notify(), so it looks like an oversight. + +Without it, its ordering to systemd-journal-flush.service is +non-deterministic and the SIGUSR1 from flushing may kill journald before +it has its signal handlers set up. + +https://bugs.freedesktop.org/show_bug.cgi?id=85871 +https://bugzilla.redhat.com/show_bug.cgi?id=1159641 +--- +(foutrelis: dropped systemd-journald-audit.socket from Sockets= in order to + apply to systemd 217) + + units/systemd-journald.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in +index 7ee67fd..8d380c8 100644 +--- a/units/systemd-journald.service.in ++++ b/units/systemd-journald.service.in +@@ -14,6 +14,7 @@ After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-a + Before=sysinit.target + + [Service] ++Type=notify + Sockets=systemd-journald.socket systemd-journald-dev-log.socket + ExecStart=@rootlibexecdir@/systemd-journald + Restart=always +-- +2.1.3 + diff --git a/pcr/systemd-knock/0001-units-order-sd-journal-flush-after-sd-remount-fs.patch b/pcr/systemd-knock/0001-units-order-sd-journal-flush-after-sd-remount-fs.patch new file mode 100644 index 000000000..b288b5765 --- /dev/null +++ b/pcr/systemd-knock/0001-units-order-sd-journal-flush-after-sd-remount-fs.patch @@ -0,0 +1,29 @@ +From 1f1926aa5e836caa3bd6df43704aecd606135103 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Sun, 2 Nov 2014 21:45:42 -0500 +Subject: [PATCH] units: order sd-journal-flush after sd-remount-fs + +Otherwise we could attempt to flush the journal while /var/log/ was +still ro, and silently skip journal flushing. + +The way that errors in flushing are handled should still be changed to +be more transparent and robust. +--- + units/systemd-journal-flush.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/systemd-journal-flush.service.in b/units/systemd-journal-flush.service.in +index fa29089..98c91b4 100644 +--- a/units/systemd-journal-flush.service.in ++++ b/units/systemd-journal-flush.service.in +@@ -11,6 +11,7 @@ Documentation=man:systemd-journald.service(8) man:journald.conf(5) + DefaultDependencies=no + Requires=systemd-journald.service + After=systemd-journald.service ++After=systemd-remount-fs.service + Before=systemd-user-sessions.service systemd-tmpfiles-setup.service + RequiresMountsFor=/var/log/journal + +-- +2.1.3 + diff --git a/pcr/systemd-knock/PKGBUILD b/pcr/systemd-knock/PKGBUILD new file mode 100644 index 000000000..296e2a47c --- /dev/null +++ b/pcr/systemd-knock/PKGBUILD @@ -0,0 +1,186 @@ +# Maintainer (Arch): Dave Reisner <dreisner@archlinux.org> +# Maintainer (Arch): Tom Gundersen <teg@jklm.no> +# Maintainer: Márcio Silva <coadde@parabola.nu> + +pkgbase=systemd +pkgname=('systemd-knock' 'libsystemd-knock') +pkgver=217 +pkgrel=7 +arch=('i686' 'x86_64') +url="http://www.freedesktop.org/wiki/Software/systemd" +makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gobject-introspection' 'gperf' + 'gtk-doc' 'intltool' 'kmod' 'libcap' 'libidn' 'libgcrypt' 'libmicrohttpd' + 'libxslt' 'util-linux' 'linux-api-headers' 'lz4' 'pam' 'python' + 'python-lxml' 'quota-tools' 'shadow' 'xz') +options=('strip' 'debug') +source=("http://www.freedesktop.org/software/$pkgbase/$pkgbase-$pkgver.tar.xz" + '0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch' + '0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch' + '0001-shared-install-avoid-prematurely-rejecting-missing-u.patch' + '0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch' + '0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch' + '0001-units-order-sd-journal-flush-after-sd-remount-fs.patch' + '0001-units-make-systemd-journald.service-Type-notify.patch' + '0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch' + '0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch' + '0001-adds-TCP-Stealth-support-to-systemd.patch::https://gnunet.org/sites/default/files/systemd-knock-patch.diff' + 'initcpio-hook-udev' + 'initcpio-install-systemd' + 'initcpio-install-udev') +md5sums=('e68dbff3cc19f66e341572d9fb2ffa89' + 'ca9e33118fd8d456563854d95512a577' + 'ade8c1b5b2c85d0a83b7bcf5aa6d131a' + '7aaf44ce842deb449fca0f2595bbc1e4' + '4adc3ddce027693bafa53089322e859b' + '42ff9d59bb057637355b202157d59991' + '92497d06e0af615be4b368fe615109c0' + 'a321d62d6ffada9e6976bdd339fa3219' + 'f72e8d086172177c224f0ce48ef54222' + '6326988822e9d18217525b2cb25cec1d' + '460945a02c8972bbc6616a5d8136a3ad' + '90ea67a7bb237502094914622a39e281' + '107c489f27c667be4101aecd3369b355' + 'bde43090d4ac0ef048e3eaee8202a407') + +prepare() { + cd "$pkgbase-$pkgver" + + patch -Np1 <../0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch + patch -Np1 <../0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch + patch -Np1 <../0001-shared-install-avoid-prematurely-rejecting-missing-u.patch + patch -Np1 <../0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch + patch -Np1 <../0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch + patch -Np1 <../0001-units-order-sd-journal-flush-after-sd-remount-fs.patch + patch -Np1 <../0001-units-make-systemd-journald.service-Type-notify.patch + patch -Np1 <../0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch + patch -Np1 <../0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch + patch -Np1 <../0001-adds-TCP-Stealth-support-to-systemd.patch +} + +build() { + cd "$pkgbase-$pkgver" + + local timeservers=({0..3}.arch.pool.ntp.org) + + autoreconf --force --install -I config -I m4 + ./configure \ + --libexecdir=/usr/lib \ + --localstatedir=/var \ + --sysconfdir=/etc \ + --enable-introspection \ + --enable-gtk-doc \ + --enable-lz4 \ + --enable-compat-libs \ + --enable-tcp-stealth \ + --disable-audit \ + --disable-ima \ + --disable-kdbus \ + --with-sysvinit-path= \ + --with-sysvrcnd-path= \ + --with-ntp-servers="${timeservers[*]}" + + make +} + +package_systemd-knock() { + pkgdesc="system and service manager with support for stealth TCP sockets" + license=('GPL2' 'LGPL2.1' 'MIT') + depends=('acl' 'bash' 'dbus' 'glib2' 'kbd' 'kmod' 'hwids' 'libcap' 'libgcrypt' + 'libsystemd-knock' 'libidn' 'lz4' 'pam' 'libseccomp' 'util-linux' 'xz') + provides=('nss-myhostname' "systemd-tools=$pkgver" "udev=$pkgver" "systemd=$pkgver") + replaces=('nss-myhostname' 'systemd-tools' 'udev') + conflicts=('nss-myhostname' 'systemd-tools' 'udev' 'systemd') + optdepends=('python: systemd library bindings' + 'cryptsetup: required for encrypted block devices' + 'libmicrohttpd: remote journald capabilities' + 'quota-tools: kernel-level quota management' + 'systemd-sysvcompat: symlink package to provide sysvinit binaries' + 'polkit: allow administration as unprivileged user') + backup=(etc/dbus-1/system.d/org.freedesktop.systemd1.conf + etc/dbus-1/system.d/org.freedesktop.hostname1.conf + etc/dbus-1/system.d/org.freedesktop.login1.conf + etc/dbus-1/system.d/org.freedesktop.locale1.conf + etc/dbus-1/system.d/org.freedesktop.machine1.conf + etc/dbus-1/system.d/org.freedesktop.timedate1.conf + etc/pam.d/systemd-user + etc/systemd/bootchart.conf + etc/systemd/coredump.conf + etc/systemd/journald.conf + etc/systemd/logind.conf + etc/systemd/system.conf + etc/systemd/timesyncd.conf + etc/systemd/resolved.conf + etc/systemd/user.conf + etc/udev/udev.conf) + install="systemd.install" + + make -C "$pkgbase-$pkgver" DESTDIR="$pkgdir" install + + # don't write units to /etc by default. some of these will be re-enabled on + # post_install. + rm "$pkgdir/etc/systemd/system/getty.target.wants/getty@tty1.service" \ + "$pkgdir/etc/systemd/system/multi-user.target.wants/systemd-networkd.service" \ + "$pkgdir/etc/systemd/system/multi-user.target.wants/systemd-resolved.service" \ + "$pkgdir/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service" \ + "$pkgdir/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service" + rmdir "$pkgdir/etc/systemd/system/getty.target.wants" \ + "$pkgdir/etc/systemd/system/network-online.target.wants" + + # get rid of RPM macros + rm -r "$pkgdir/usr/lib/rpm" + + # add back tmpfiles.d/legacy.conf + install -m644 "systemd-$pkgver/tmpfiles.d/legacy.conf" "$pkgdir/usr/lib/tmpfiles.d" + + # Replace dialout/tape/cdrom group in rules with uucp/storage/optical group + sed -i 's#GROUP="dialout"#GROUP="uucp"#g; + s#GROUP="tape"#GROUP="storage"#g; + s#GROUP="cdrom"#GROUP="optical"#g' "$pkgdir"/usr/lib/udev/rules.d/*.rules + sed -i 's/dialout/uucp/g; + s/tape/storage/g; + s/cdrom/optical/g' "$pkgdir"/usr/lib/sysusers.d/basic.conf + + # add mkinitcpio hooks + install -Dm644 "$srcdir/initcpio-install-systemd" "$pkgdir/usr/lib/initcpio/install/systemd" + install -Dm644 "$srcdir/initcpio-install-udev" "$pkgdir/usr/lib/initcpio/install/udev" + install -Dm644 "$srcdir/initcpio-hook-udev" "$pkgdir/usr/lib/initcpio/hooks/udev" + + # ensure proper permissions for /var/log/journal. This is only to placate + chown root:systemd-journal "$pkgdir/var/log/journal" + chmod 2755 "$pkgdir/var/log/journal"{,/remote} + + # fix pam file + sed 's|system-auth|system-login|g' -i "$pkgdir/etc/pam.d/systemd-user" + + # ship default policy to leave services disabled + echo 'disable *' >"$pkgdir"/usr/lib/systemd/system-preset/99-default.preset + + ### split out manpages for sysvcompat + rm -rf "$srcdir/_sysvcompat" + install -dm755 "$srcdir"/_sysvcompat/usr/share/man/man8/ + mv "$pkgdir"/usr/share/man/man8/{telinit,halt,reboot,poweroff,runlevel,shutdown}.8 \ + "$srcdir"/_sysvcompat/usr/share/man/man8 + + ### split off runtime libraries + rm -rf "$srcdir/_libsystemd" + install -dm755 "$srcdir"/_libsystemd/usr/lib + cd "$srcdir"/_libsystemd + mv "$pkgdir"/usr/lib/lib{systemd,{g,}udev}*.so* usr/lib + + # include MIT license, since it's technically custom + install -Dm644 "$srcdir/$pkgbase-$pkgver/LICENSE.MIT" \ + "$pkgdir/usr/share/licenses/systemd/LICENSE.MIT" +} + +package_libsystemd-knock() { + pkgdesc="systemd client libraries with support for stealth TCP sockets" + depends=('glib2' 'glibc' 'libgcrypt' 'xz') + license=('GPL2') + provides=('libgudev-1.0.so' 'libsystemd.so' 'libsystemd-daemon.so' 'libsystemd-id128.so' + 'libsystemd-journal.so' 'libsystemd-login.so' 'libudev.so' "libsystemd=$pkgver") + conflicts=('libsystemd') + + mv "$srcdir/_libsystemd"/* "$pkgdir" +} + +# vim: ft=sh syn=sh et diff --git a/pcr/systemd-knock/initcpio-hook-udev b/pcr/systemd-knock/initcpio-hook-udev new file mode 100644 index 000000000..ea9a11f8c --- /dev/null +++ b/pcr/systemd-knock/initcpio-hook-udev @@ -0,0 +1,22 @@ +#!/usr/bin/ash + +run_earlyhook() { + kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf + systemd-tmpfiles --prefix=/dev --create --boot + /usr/lib/systemd/systemd-udevd --daemon --resolve-names=never + udevd_running=1 +} + +run_hook() { + msg ":: Triggering uevents..." + udevadm trigger --action=add --type=subsystems + udevadm trigger --action=add --type=devices + udevadm settle +} + +run_cleanuphook() { + udevadm control --exit + udevadm info --cleanup-db +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/pcr/systemd-knock/initcpio-install-systemd b/pcr/systemd-knock/initcpio-install-systemd new file mode 100644 index 000000000..1ebca01a8 --- /dev/null +++ b/pcr/systemd-knock/initcpio-install-systemd @@ -0,0 +1,168 @@ +#!/bin/bash + +strip_quotes() { + local len=${#1} quotes=$'[\'"]' str=${!1} + + if [[ ${str:0:1} = ${str: -1} && ${str:0:1} = $quotes ]]; then + printf -v "$1" %s "${str:1:-1}" + fi +} + +add_udev_rule() { + # Add an udev rules file to the initcpio image. Dependencies on binaries + # will be discovered and added. + # $1: path to rules file (or name of rules file) + + local rules= rule= key= value= binary= + + rules=$(PATH=/usr/lib/udev/rules.d:/lib/udev/rules.d type -P "$1") + if [[ -z $rules ]]; then + # complain about not found rules + return 1 + fi + + add_file "$rules" + + while IFS=, read -ra rule; do + # skip empty lines, comments + [[ -z $rule || $rule = @(+([[:space:]])|#*) ]] && continue + + for pair in "${rule[@]}"; do + IFS=' =' read -r key value <<< "$pair" + case $key in + RUN@({program}|+)|IMPORT{program}|ENV{REMOVE_CMD}) + strip_quotes 'value' + # just take the first word as the binary name + binary=${value%% *} + if [[ ${binary:0:1} != '/' ]]; then + binary=$(PATH=/usr/lib/udev:/lib/udev type -P "$binary") + fi + add_binary "$binary" + ;; + esac + done + done <"$rules" +} + +add_systemd_unit() { + # Add a systemd unit file to the initcpio image. Hard dependencies on binaries + # and other unit files will be discovered and added. + # $1: path to rules file (or name of rules file) + + local unit= rule= entry= key= value= binary= dep= + + unit=$(PATH=/usr/lib/systemd/system:/lib/systemd/system type -P "$1") + if [[ -z $unit ]]; then + # complain about not found unit file + return 1 + fi + + add_file "$unit" + + while IFS='=' read -r key values; do + read -ra values <<< "$values" + + case $key in + Requires|OnFailure) + # only add hard dependencies (not Wants) + map add_systemd_unit "${values[@]}" + ;; + Exec*) + # don't add binaries unless they are required + if [[ ${values[0]:0:1} != '-' ]]; then + add_binary "${values[0]}" + fi + ;; + esac + + done <"$unit" + + # preserve reverse soft dependency + for dep in {/usr,}/lib/systemd/system/*.wants/${unit##*/}; do + if [[ -L $dep ]]; then + add_symlink "$dep" + fi + done + + # add hard dependencies + if [[ -d $unit.requires ]]; then + for dep in "$unit".requires/*; do + add_systemd_unit ${dep##*/} + done + fi +} + +build() { + local rules unit + + # from base + add_binary /bin/mount + add_binary /usr/bin/kmod /usr/bin/modprobe + add_binary /usr/lib/systemd/systemd /init + + map add_binary \ + /usr/lib/systemd/systemd-hibernate-resume \ + /usr/lib/systemd/system-generators/systemd-hibernate-resume-generator \ + /usr/bin/systemd-tmpfiles + + # generators + map add_file \ + /usr/lib/systemd/system-generators/systemd-fstab-generator \ + /usr/lib/systemd/system-generators/systemd-gpt-auto-generator + + # udev rules and systemd units + map add_udev_rule "$rules" \ + 50-udev-default.rules \ + 60-persistent-storage.rules \ + 64-btrfs.rules \ + 80-drivers.rules \ + 99-systemd.rules + + map add_systemd_unit \ + initrd-cleanup.service \ + initrd-fs.target \ + initrd-parse-etc.service \ + initrd-root-fs.target \ + initrd-switch-root.service \ + initrd-switch-root.target \ + initrd-udevadm-cleanup-db.service \ + initrd.target \ + kmod-static-nodes.service \ + local-fs.target \ + local-fs-pre.target \ + paths.target \ + slices.target \ + sockets.target \ + swap.target \ + systemd-fsck@.service \ + systemd-hibernate-resume@.service \ + systemd-journald.service \ + systemd-journald-dev-log.socket \ + systemd-tmpfiles-setup-dev.service \ + systemd-udev-trigger.service \ + systemd-udevd-control.socket \ + systemd-udevd-kernel.socket \ + systemd-udevd.service \ + timers.target + + add_symlink "/usr/lib/systemd/system/default.target" "initrd.target" + add_symlink "/usr/lib/systemd/system/ctrl-alt-del.target" "reboot.target" + + # udev wants /etc/group since it doesn't launch with --resolve-names=never + add_file "/etc/nsswitch.conf" + add_binary "$(readlink -f /usr/lib/libnss_files.so)" + add_file "/etc/passwd" + add_file "/etc/group" +} + +help() { + cat <<HELPEOF +This will install a basic systemd setup in your initramfs, and is meant to +replace the 'base', 'usr', 'udev' and 'timestamp' hooks. Other hooks with runtime +components will need to be ported, and will not work as intended. You also may +wish to still include the 'base' hook (before this hook) to ensure that a +rescue shell exists on your initramfs. +HELPEOF +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/pcr/systemd-knock/initcpio-install-udev b/pcr/systemd-knock/initcpio-install-udev new file mode 100644 index 000000000..419c19e58 --- /dev/null +++ b/pcr/systemd-knock/initcpio-install-udev @@ -0,0 +1,29 @@ +#!/bin/bash + +build() { + local rules tool + + add_file "/etc/udev/udev.conf" + add_binary /usr/lib/systemd/systemd-udevd + add_binary /usr/bin/udevadm + add_binary /usr/bin/systemd-tmpfiles + + for rules in 50-udev-default.rules 60-persistent-storage.rules 64-btrfs.rules 80-drivers.rules; do + add_file "/usr/lib/udev/rules.d/$rules" + done + for tool in ata_id scsi_id; do + add_file "/usr/lib/udev/$tool" + done + + add_runscript +} + +help() { + cat <<HELPEOF +This hook will use udev to create your root device node and detect the needed +modules for your root device. It is also required for firmware loading in +initramfs. It is recommended to use this hook. +HELPEOF +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/pcr/systemd-knock/systemd.install b/pcr/systemd-knock/systemd.install new file mode 100644 index 000000000..8957a3336 --- /dev/null +++ b/pcr/systemd-knock/systemd.install @@ -0,0 +1,191 @@ +#!/bin/bash + +sd_booted() { + [[ -d run/systemd/system && ! -L run/systemd/system ]] +} + +add_privs() { + if ! setcap "$2" "$1" 2>/dev/null; then + echo "==> Warning: setcap failed, falling back to setuid root on /$1" + chmod u+s "$1" + fi +} + +add_journal_acls() { + # ignore errors, since the filesystem might not support ACLs + setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx var/log/journal/ 2>/dev/null + : +} + +maybe_reexec() { + # don't reexec on 209-1 upgrade due to large infrastructural changes. + if [[ $(vercmp 209-1 "$2") -eq 1 ]]; then + echo ':: systemd has not been reexecuted. It is recommended that you' + echo ' reboot at your earliest convenience.' + return + fi + + if sd_booted; then + systemctl --system daemon-reexec + fi +} + +_dir_empty() { + set -- "$1"/* + [[ ! -e $1 && ! -L $1 ]] +} + +post_common() { + systemd-sysusers + udevadm hwdb --update + journalctl --update-catalog +} + +_204_1_changes() { + printf '==> The /bin/systemd symlink has been removed. Any references in your\n' + printf ' bootloader (or elsewhere) must be updated to /usr/lib/systemd/systemd.\n' +} + +_205_1_changes() { + printf '==> systemd 205 restructures the cgroup hierarchy and changes internal\n' + printf ' protocols. You should reboot at your earliest convenience.\n' +} + +_206_1_changes() { + printf '==> The "timestamp" hook for mkinitcpio no longer exists. If you used\n' + printf ' this hook, you must remove it from /etc/mkinitcpio.conf. A "systemd"\n' + printf ' hook has been added which provides this functionality, and more.\n' +} + +_208_1_changes() { + if [[ -e var/lib/backlight && ! -e var/lib/systemd/backlight ]]; then + mv -T var/lib/backlight var/lib/systemd/backlight + fi + + if [[ -e var/lib/random-seed && ! -e var/lib/systemd/random-seed ]]; then + mv -T var/lib/random-seed var/lib/systemd/random-seed + fi +} + +_208_8_changes() { + add_journal_acls +} + +_209_1_changes() { + # attempt to preserve existing behavior + + local old_rule=etc/udev/rules.d/80-net-name-slot.rules + local new_rule=etc/udev/rules.d/80-net-setup-link.rules + + echo ":: Network device naming is now controlled by udev's net_setup_link" + echo " builtin. Refer to the systemd.link manpage for a full description." + + # not clear what action we can take here, so don't do anything + [[ -e $new_rule ]] && return 0 + + # rename the old rule to the new one so that we preserve the user's + # existing option. + if [[ -e $old_rule ]]; then + printf ':: Renaming %s to %s in order\n' "${old_rule##*/}" "${new_rule##*/}" + printf ' to preserve existing network naming behavior.\n' + mv -v "$old_rule" "$new_rule" + else + echo ':: No changes have been made to your network naming configuration.' + echo ' Interfaces should continue to maintain the same names.' + fi +} + +_210_1_changes() { + if sd_booted; then + # If /etc/systemd/network is non-empty, then this is a 209 user who used + # networkd. Re-enable it for them. + if ! _dir_empty etc/systemd/network; then + systemctl enable systemd-networkd + fi + fi +} + +_213_4_changes() { + if sd_booted; then + # if /etc/resolv.conf is a symlink, just assume that it was being managed + # by systemd-networkd, and re-enable systemd-resolved. + if [[ -L etc/resolv.conf ]]; then + systemctl enable systemd-resolved + fi + fi +} + +_214_2_changes() { + # /run/systemd/network/resolv.conf -> /run/systemd/resolve/resolv.conf + if [[ etc/resolv.conf -ef run/systemd/network/resolv.conf ]]; then + ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf + + if sd_booted; then + if [[ ! -d run/systemd/resolve ]]; then + mkdir run/systemd/resolve + fi + + if [[ -f run/systemd/network/resolv.conf ]]; then + mv run/systemd/{network,resolve}/resolv.conf + fi + fi + fi + + echo ':: coredumps are no longer sent to the journal by default. To re-enable:' + echo ' echo >/etc/sysctl.d/50-coredump.conf \' + echo ' "kernel.core_pattern=|/usr/lib/systemd/systemd-coredump %p %u %g %s %t %e"' +} + +_215_2_changes() { + # create at least the symlink from /etc/os-release to /usr/lib/os-release + systemd-tmpfiles --create etc.conf +} + +_216_2_changes() { + echo ':: Coredumps are handled by systemd by default. Collection behavior can be' + echo ' tuned in /etc/systemd/coredump.conf.' +} + +post_install() { + # because systemd can't sanely manage this meanial task... + uuidgen | { + read + echo "${REPLY//-}">etc/machine-id + } + + post_common "$@" + + add_journal_acls + + # enable getty@tty1 by default, but don't track the file + systemctl enable getty@tty1.service + + echo ":: Append 'init=/usr/lib/systemd/systemd' to your kernel command line in your" + echo " bootloader to replace sysvinit with systemd, or install systemd-sysvcompat" +} + +post_upgrade() { + post_common "$@" + + maybe_reexec "$@" + + local v upgrades=(204-1 + 205-1 + 206-1 + 208-1 + 208-8 + 209-1 + 210-1 + 213-4 + 214-2 + 215-2 + 216-2) + + for v in "${upgrades[@]}"; do + if [[ $(vercmp "$v" "$2") -eq 1 ]]; then + "_${v//-/_}_changes" + fi + done +} + +# vim:set ts=2 sw=2 et: |