diff options
author | Nicolas Iooss | 2014-11-15 12:14:07 +0100 |
---|---|---|
committer | Nicolas Iooss | 2015-06-27 11:44:58 +0800 |
commit | 5324fc18a5e684975aeff9bedac51c61dff0044d (patch) | |
tree | b5beab7635b81cc9ad7703bb4205350f8fb804c5 | |
parent | 84ce108e32ccd3d6aa4799fc30467e8dadaf5f03 (diff) | |
download | aur-5324fc18a5e684975aeff9bedac51c61dff0044d.tar.gz |
systemd-selinux 217-6 update
-rw-r--r-- | .SRCINFO | 47 | ||||
-rw-r--r-- | 0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch | 33 | ||||
-rw-r--r-- | 0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch | 25 | ||||
-rw-r--r-- | 0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch | 31 | ||||
-rw-r--r-- | 0001-shared-install-avoid-prematurely-rejecting-missing-u.patch | 39 | ||||
-rw-r--r-- | 0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch | 68 | ||||
-rw-r--r-- | 0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch | 31 | ||||
-rw-r--r-- | 0001-units-make-systemd-journald.service-Type-notify.patch | 35 | ||||
-rw-r--r-- | 0001-units-order-sd-journal-flush-after-sd-remount-fs.patch | 29 | ||||
-rw-r--r-- | PKGBUILD | 64 | ||||
-rw-r--r-- | initcpio-install-systemd | 34 |
11 files changed, 391 insertions, 45 deletions
@@ -1,6 +1,6 @@ pkgbase = systemd-selinux - pkgver = 216 - pkgrel = 3 + pkgver = 217 + pkgrel = 6 url = http://www.freedesktop.org/wiki/Software/systemd arch = i686 arch = x86_64 @@ -14,11 +14,13 @@ pkgbase = systemd-selinux makedepends = intltool makedepends = kmod makedepends = libcap + makedepends = libidn makedepends = libgcrypt makedepends = libmicrohttpd makedepends = libxslt - makedepends = libutil-linux + makedepends = util-linux makedepends = linux-api-headers + makedepends = lz4 makedepends = pam-selinux makedepends = python makedepends = python-lxml @@ -28,13 +30,29 @@ pkgbase = systemd-selinux makedepends = libselinux options = strip options = debug - source = http://www.freedesktop.org/software/systemd/systemd-216.tar.xz + source = http://www.freedesktop.org/software/systemd/systemd-217.tar.xz + source = 0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch + source = 0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch + source = 0001-shared-install-avoid-prematurely-rejecting-missing-u.patch + source = 0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch + source = 0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch + source = 0001-units-order-sd-journal-flush-after-sd-remount-fs.patch + source = 0001-units-make-systemd-journald.service-Type-notify.patch + source = 0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch source = initcpio-hook-udev source = initcpio-install-systemd source = initcpio-install-udev - md5sums = 04fda588a04f549da0f397dce3ae6a39 + md5sums = e68dbff3cc19f66e341572d9fb2ffa89 + md5sums = ca9e33118fd8d456563854d95512a577 + md5sums = ade8c1b5b2c85d0a83b7bcf5aa6d131a + md5sums = 7aaf44ce842deb449fca0f2595bbc1e4 + md5sums = 4adc3ddce027693bafa53089322e859b + md5sums = 42ff9d59bb057637355b202157d59991 + md5sums = 92497d06e0af615be4b368fe615109c0 + md5sums = a321d62d6ffada9e6976bdd339fa3219 + md5sums = f72e8d086172177c224f0ce48ef54222 md5sums = 29245f7a240bfba66e2b1783b63b6b40 - md5sums = 66cca7318e13eaf37c5b7db2efa69846 + md5sums = 107c489f27c667be4101aecd3369b355 md5sums = bde43090d4ac0ef048e3eaee8202a407 pkgname = systemd-selinux @@ -53,9 +71,11 @@ pkgname = systemd-selinux depends = libcap depends = libgcrypt depends = libsystemd-selinux + depends = libidn + depends = lz4 depends = pam-selinux depends = libseccomp - depends = libutil-linux-selinux + depends = util-linux-selinux depends = xz depends = libselinux optdepends = python: systemd library bindings @@ -63,10 +83,11 @@ pkgname = systemd-selinux optdepends = libmicrohttpd: remote journald capabilities optdepends = quota-tools: kernel-level quota management optdepends = systemd-sysvcompat: symlink package to provide sysvinit binaries + optdepends = polkit: allow administration as unprivileged user provides = nss-myhostname - provides = systemd-tools=216 - provides = udev=216 - provides = systemd=216-3 + provides = systemd-tools=217 + provides = udev=217 + provides = systemd=217-6 conflicts = nss-myhostname conflicts = systemd-tools conflicts = udev @@ -107,15 +128,15 @@ pkgname = libsystemd-selinux provides = libsystemd-journal.so provides = libsystemd-login.so provides = libudev.so - provides = libsystemd=216-3 + provides = libsystemd=217-6 conflicts = libsystemd pkgname = systemd-sysvcompat-selinux pkgdesc = sysvinit compat for systemd with SELinux support license = GPL2 depends = systemd-selinux - provides = systemd-sysvcompat=216-3 - provides = selinux-systemd-sysvcompat=216-3 + provides = systemd-sysvcompat=217-6 + provides = selinux-systemd-sysvcompat=217-6 conflicts = sysvinit conflicts = systemd-sysvcompat conflicts = selinux-systemd-sysvcompat diff --git a/0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch b/0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch new file mode 100644 index 000000000000..86817596b20e --- /dev/null +++ b/0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch @@ -0,0 +1,33 @@ +From 1ab19cb167b32967556eefd8f6d3df0e3de7d67d Mon Sep 17 00:00:00 2001 +From: Dave Reisner <dreisner@archlinux.org> +Date: Wed, 29 Oct 2014 13:32:43 -0400 +Subject: [PATCH] nspawn: ignore EEXIST when creating mount point + +A combination of commits f3c80515c and 79d80fc14 cause nspawn to +silently fail with a commandline such as: + + # systemd-nspawn -D /build/extra-x86_64 --bind=/usr + +strace shows the culprit: + + [pid 27868] writev(2, [{"Failed to create mount point /build/extra-x86_64/usr: File exists", 82}, {"\n", 1}], 2) = 83 +--- + src/nspawn/nspawn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index b6d9bc6..d88987a 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -758,7 +758,7 @@ static int mount_binds(const char *dest, char **l, bool ro) { + * and char devices. */ + if (S_ISDIR(source_st.st_mode)) { + r = mkdir_label(where, 0755); +- if (r < 0) { ++ if (r < 0 && errno != EEXIST) { + log_error("Failed to create mount point %s: %s", where, strerror(-r)); + + return r; +-- +2.1.2 + diff --git a/0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch b/0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch new file mode 100644 index 000000000000..fc8f16a79cf9 --- /dev/null +++ b/0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch @@ -0,0 +1,25 @@ +From ef7b6c0190fefaacf6d8f8e1a6dda4ba8b98091b Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 29 Oct 2014 17:58:43 +0100 +Subject: [PATCH] sd-bus: properly handle removals of non-existing matches + +--- + src/libsystemd/sd-bus/bus-match.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-bus/bus-match.c b/src/libsystemd/sd-bus/bus-match.c +index 18afe0f..5658c61 100644 +--- a/src/libsystemd/sd-bus/bus-match.c ++++ b/src/libsystemd/sd-bus/bus-match.c +@@ -537,7 +537,7 @@ static int bus_match_find_compare_value( + else if (BUS_MATCH_CAN_HASH(t)) + n = hashmap_get(c->compare.children, value_str); + else { +- for (n = c->child; !value_node_same(n, t, value_u8, value_str); n = n->next) ++ for (n = c->child; n && !value_node_same(n, t, value_u8, value_str); n = n->next) + ; + } + +-- +2.1.3 + diff --git a/0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch b/0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch new file mode 100644 index 000000000000..3d72b5df2dd0 --- /dev/null +++ b/0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch @@ -0,0 +1,31 @@ +From d5a248dbe933c5cbe3ba3d0c5eb8a035018ba6af Mon Sep 17 00:00:00 2001 +From: Dan Williams <dcbw@redhat.com> +Date: Thu, 30 Oct 2014 14:23:00 -0500 +Subject: [PATCH] sd-dhcp-client: clean up raw socket sd_event_source when + creating new UDP socket + +The raw socket sd_event_source used for DHCP server solicitations +was simply dropped on the floor when creating the new UDP socket +after a lease has been acquired. Clean it up properly so we're +not still listening and responding to events on it. +--- + src/libsystemd-network/sd-dhcp-client.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c +index 0eba4c3..1f7f238 100644 +--- a/src/libsystemd-network/sd-dhcp-client.c ++++ b/src/libsystemd-network/sd-dhcp-client.c +@@ -1269,6 +1269,9 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, + if (r >= 0) { + client->timeout_resend = + sd_event_source_unref(client->timeout_resend); ++ client->receive_message = ++ sd_event_source_unref(client->receive_message); ++ client->fd = asynchronous_close(client->fd); + + if (IN_SET(client->state, DHCP_STATE_REQUESTING, + DHCP_STATE_REBOOTING)) +-- +2.1.3 + diff --git a/0001-shared-install-avoid-prematurely-rejecting-missing-u.patch b/0001-shared-install-avoid-prematurely-rejecting-missing-u.patch new file mode 100644 index 000000000000..6ea9c7ccaf2a --- /dev/null +++ b/0001-shared-install-avoid-prematurely-rejecting-missing-u.patch @@ -0,0 +1,39 @@ +From 0ffce503cd6e5a5ff5ba5cd1cc23684cfb8bb9e3 Mon Sep 17 00:00:00 2001 +From: Dave Reisner <dreisner@archlinux.org> +Date: Thu, 30 Oct 2014 20:12:05 -0400 +Subject: [PATCH] shared/install: avoid prematurely rejecting "missing" units + +f7101b7368df copied some logic to prevent enabling masked units, but +also added a check which causes attempts to enable templated units to +fail. Since we know the logic beyond this check will properly handle +units which truly do not exist, we can rely on the unit file state +comparison to suffice for expressing the intent of f7101b7368df. + +ref: https://bugs.archlinux.org/task/42616 +--- + src/shared/install.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/src/shared/install.c b/src/shared/install.c +index 035b44c..cab93e8 100644 +--- a/src/shared/install.c ++++ b/src/shared/install.c +@@ -1620,12 +1620,10 @@ int unit_file_enable( + STRV_FOREACH(i, files) { + UnitFileState state; + ++ /* We only want to know if this unit is masked, so we ignore ++ * errors from unit_file_get_state, deferring other checks. ++ * This allows templated units to be enabled on the fly. */ + state = unit_file_get_state(scope, root_dir, *i); +- if (state < 0) { +- log_error("Failed to get unit file state for %s: %s", *i, strerror(-state)); +- return state; +- } +- + if (state == UNIT_FILE_MASKED || state == UNIT_FILE_MASKED_RUNTIME) { + log_error("Failed to enable unit: Unit %s is masked", *i); + return -ENOTSUP; +-- +2.1.3 + diff --git a/0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch b/0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch new file mode 100644 index 000000000000..5d48d17bc69b --- /dev/null +++ b/0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch @@ -0,0 +1,68 @@ +From 4b5d8d0f22ae61ceb45a25391354ba53b43ee992 Mon Sep 17 00:00:00 2001 +From: Michal Schmidt <mschmidt@redhat.com> +Date: Thu, 6 Nov 2014 22:24:13 +0100 +Subject: [PATCH] shutdown: fix arguments to /run/initramfs/shutdown + +Our initrd interface specifies that the verb is in argv[1]. +This is where systemd passes it to systemd-shutdown, but getopt +permutes argv[]. This confuses dracut's shutdown script: + Shutdown called with argument '--log-level'. Rebooting! + +getopt can be convinced to not permute argv[] by having '-' as the first +character of optstring. Let's use it. This requires changing the way +non-option arguments (in our case, the verb) are processed. + +This fixes a bug where the system would reboot instead of powering off. +--- + src/core/shutdown.c | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/src/core/shutdown.c b/src/core/shutdown.c +index dd11ae3..48ed7fa 100644 +--- a/src/core/shutdown.c ++++ b/src/core/shutdown.c +@@ -75,7 +75,9 @@ static int parse_argv(int argc, char *argv[]) { + assert(argc >= 1); + assert(argv); + +- while ((c = getopt_long(argc, argv, "", options, NULL)) >= 0) ++ /* "-" prevents getopt from permuting argv[] and moving the verb away ++ * from argv[1]. Our interface to initrd promises it'll be there. */ ++ while ((c = getopt_long(argc, argv, "-", options, NULL)) >= 0) + switch (c) { + + case ARG_LOG_LEVEL: +@@ -113,6 +115,13 @@ static int parse_argv(int argc, char *argv[]) { + + break; + ++ case '\001': ++ if (!arg_verb) ++ arg_verb = optarg; ++ else ++ log_error("Excess arguments, ignoring"); ++ break; ++ + case '?': + return -EINVAL; + +@@ -120,15 +129,11 @@ static int parse_argv(int argc, char *argv[]) { + assert_not_reached("Unhandled option code."); + } + +- if (optind >= argc) { ++ if (!arg_verb) { + log_error("Verb argument missing."); + return -EINVAL; + } + +- arg_verb = argv[optind]; +- +- if (optind + 1 < argc) +- log_error("Excess arguments, ignoring"); + return 0; + } + +-- +2.1.3 + diff --git a/0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch b/0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch new file mode 100644 index 000000000000..0be955ec7c1d --- /dev/null +++ b/0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch @@ -0,0 +1,31 @@ +From 919699ec301ea507edce4a619141ed22e789ac0d Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 31 Oct 2014 16:22:36 +0100 +Subject: [PATCH] units: don't order journal flushing afte remote-fs.target + +Instead, only depend on the actual file systems we need. + +This should solve dep loops on setups where remote-fs.target is moved +into late boot. +--- + units/systemd-journal-flush.service.in | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/units/systemd-journal-flush.service.in b/units/systemd-journal-flush.service.in +index 699670b..2612220 100644 +--- a/units/systemd-journal-flush.service.in ++++ b/units/systemd-journal-flush.service.in +@@ -10,8 +10,9 @@ Description=Trigger Flushing of Journal to Persistent Storage + Documentation=man:systemd-journald.service(8) man:journald.conf(5) + DefaultDependencies=no + Requires=systemd-journald.service +-After=systemd-journald.service local-fs.target remote-fs.target ++After=systemd-journald.service + Before=systemd-user-sessions.service systemd-tmpfiles-setup.service ++RequiresMountsFor=/var/log/journal + + [Service] + ExecStart=@rootbindir@/journalctl --flush +-- +2.1.3 + diff --git a/0001-units-make-systemd-journald.service-Type-notify.patch b/0001-units-make-systemd-journald.service-Type-notify.patch new file mode 100644 index 000000000000..820b23fbfa28 --- /dev/null +++ b/0001-units-make-systemd-journald.service-Type-notify.patch @@ -0,0 +1,35 @@ +From a87a38c20196a4aeb56b6ba71d688eefd0b21c30 Mon Sep 17 00:00:00 2001 +From: Michal Schmidt <mschmidt@redhat.com> +Date: Tue, 4 Nov 2014 20:28:08 +0100 +Subject: [PATCH] units: make systemd-journald.service Type=notify + +It already calls sd_notify(), so it looks like an oversight. + +Without it, its ordering to systemd-journal-flush.service is +non-deterministic and the SIGUSR1 from flushing may kill journald before +it has its signal handlers set up. + +https://bugs.freedesktop.org/show_bug.cgi?id=85871 +https://bugzilla.redhat.com/show_bug.cgi?id=1159641 +--- +(foutrelis: dropped systemd-journald-audit.socket from Sockets= in order to + apply to systemd 217) + + units/systemd-journald.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in +index 7ee67fd..8d380c8 100644 +--- a/units/systemd-journald.service.in ++++ b/units/systemd-journald.service.in +@@ -14,6 +14,7 @@ After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-a + Before=sysinit.target + + [Service] ++Type=notify + Sockets=systemd-journald.socket systemd-journald-dev-log.socket + ExecStart=@rootlibexecdir@/systemd-journald + Restart=always +-- +2.1.3 + diff --git a/0001-units-order-sd-journal-flush-after-sd-remount-fs.patch b/0001-units-order-sd-journal-flush-after-sd-remount-fs.patch new file mode 100644 index 000000000000..b288b5765cdb --- /dev/null +++ b/0001-units-order-sd-journal-flush-after-sd-remount-fs.patch @@ -0,0 +1,29 @@ +From 1f1926aa5e836caa3bd6df43704aecd606135103 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Sun, 2 Nov 2014 21:45:42 -0500 +Subject: [PATCH] units: order sd-journal-flush after sd-remount-fs + +Otherwise we could attempt to flush the journal while /var/log/ was +still ro, and silently skip journal flushing. + +The way that errors in flushing are handled should still be changed to +be more transparent and robust. +--- + units/systemd-journal-flush.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/units/systemd-journal-flush.service.in b/units/systemd-journal-flush.service.in +index fa29089..98c91b4 100644 +--- a/units/systemd-journal-flush.service.in ++++ b/units/systemd-journal-flush.service.in +@@ -11,6 +11,7 @@ Documentation=man:systemd-journald.service(8) man:journald.conf(5) + DefaultDependencies=no + Requires=systemd-journald.service + After=systemd-journald.service ++After=systemd-remount-fs.service + Before=systemd-user-sessions.service systemd-tmpfiles-setup.service + RequiresMountsFor=/var/log/journal + +-- +2.1.3 + @@ -6,28 +6,60 @@ pkgbase=systemd-selinux pkgname=('systemd-selinux' 'libsystemd-selinux' 'systemd-sysvcompat-selinux') -pkgver=216 -pkgrel=3 +pkgver=217 +pkgrel=6 arch=('i686' 'x86_64') url="http://www.freedesktop.org/wiki/Software/systemd" groups=('selinux') makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gobject-introspection' 'gperf' - 'gtk-doc' 'intltool' 'kmod' 'libcap' 'libgcrypt' 'libmicrohttpd' 'libxslt' - 'libutil-linux' 'linux-api-headers' 'pam-selinux' 'python' 'python-lxml' 'quota-tools' - 'shadow-selinux' 'xz' 'libselinux') + 'gtk-doc' 'intltool' 'kmod' 'libcap' 'libidn' 'libgcrypt' 'libmicrohttpd' + 'libxslt' 'util-linux' 'linux-api-headers' 'lz4' 'pam-selinux' 'python' + 'python-lxml' 'quota-tools' 'shadow-selinux' 'xz' 'libselinux') options=('strip' 'debug') source=("http://www.freedesktop.org/software/${pkgname/-selinux}/${pkgname/-selinux}-$pkgver.tar.xz" + '0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch' + '0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch' + '0001-shared-install-avoid-prematurely-rejecting-missing-u.patch' + '0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch' + '0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch' + '0001-units-order-sd-journal-flush-after-sd-remount-fs.patch' + '0001-units-make-systemd-journald.service-Type-notify.patch' + '0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch' 'initcpio-hook-udev' 'initcpio-install-systemd' 'initcpio-install-udev') -md5sums=('04fda588a04f549da0f397dce3ae6a39' +md5sums=('e68dbff3cc19f66e341572d9fb2ffa89' + 'ca9e33118fd8d456563854d95512a577' + 'ade8c1b5b2c85d0a83b7bcf5aa6d131a' + '7aaf44ce842deb449fca0f2595bbc1e4' + '4adc3ddce027693bafa53089322e859b' + '42ff9d59bb057637355b202157d59991' + '92497d06e0af615be4b368fe615109c0' + 'a321d62d6ffada9e6976bdd339fa3219' + 'f72e8d086172177c224f0ce48ef54222' '29245f7a240bfba66e2b1783b63b6b40' - '66cca7318e13eaf37c5b7db2efa69846' + '107c489f27c667be4101aecd3369b355' 'bde43090d4ac0ef048e3eaee8202a407') + +prepare() { + cd "${pkgname/-selinux}-$pkgver" + + patch -Np1 <../0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch + patch -Np1 <../0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch + patch -Np1 <../0001-shared-install-avoid-prematurely-rejecting-missing-u.patch + patch -Np1 <../0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch + patch -Np1 <../0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch + patch -Np1 <../0001-units-order-sd-journal-flush-after-sd-remount-fs.patch + patch -Np1 <../0001-units-make-systemd-journald.service-Type-notify.patch + patch -Np1 <../0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch +} + build() { cd "${pkgname/-selinux}-$pkgver" + local timeservers=({0..3}.arch.pool.ntp.org) + ./configure \ --libexecdir=/usr/lib \ --localstatedir=/var \ @@ -35,13 +67,14 @@ build() { --enable-audit \ --enable-introspection \ --enable-gtk-doc \ + --enable-lz4 \ --enable-compat-libs \ --enable-selinux \ --disable-ima \ --disable-kdbus \ --with-sysvinit-path= \ --with-sysvrcnd-path= \ - --with-firmware-path="/usr/lib/firmware/updates:/usr/lib/firmware" + --with-ntp-servers="${timeservers[*]}" make } @@ -54,8 +87,8 @@ package_systemd-selinux() { pkgdesc="system and service manager with SELinux support" license=('GPL2' 'LGPL2.1' 'MIT') depends=('acl' 'bash' 'dbus' 'glib2' 'kbd' 'kmod' 'hwids' 'libcap' 'libgcrypt' - 'libsystemd-selinux' 'pam-selinux' 'libseccomp' - 'libutil-linux-selinux' 'xz' 'libselinux') + 'libsystemd-selinux' 'libidn' 'lz4' 'pam-selinux' 'libseccomp' + 'util-linux-selinux' 'xz' 'libselinux') provides=('nss-myhostname' "systemd-tools=$pkgver" "udev=$pkgver" "${pkgname/-selinux}=${pkgver}-${pkgrel}") replaces=('nss-myhostname' 'systemd-tools' 'udev' 'selinux-systemd') @@ -65,7 +98,8 @@ package_systemd-selinux() { 'cryptsetup: required for encrypted block devices' 'libmicrohttpd: remote journald capabilities' 'quota-tools: kernel-level quota management' - 'systemd-sysvcompat: symlink package to provide sysvinit binaries') + 'systemd-sysvcompat: symlink package to provide sysvinit binaries' + 'polkit: allow administration as unprivileged user') backup=(etc/dbus-1/system.d/org.freedesktop.systemd1.conf etc/dbus-1/system.d/org.freedesktop.hostname1.conf etc/dbus-1/system.d/org.freedesktop.login1.conf @@ -173,12 +207,4 @@ package_systemd-sysvcompat-selinux() { ln -s '../lib/systemd/systemd' "$pkgdir/usr/bin/init" } -workaround_for_the_aur_webinterface=' -pkgname="systemd-selinux" -pkgdesc="System and service manager with SELinux support" -depends=('acl' 'bash' 'dbus' 'glib2' 'kbd' 'kmod' 'hwids' 'libcap' 'libgcrypt' - 'libsystemd-selinux' 'pam-selinux' 'libseccomp' 'libutil-linux-selinux' - 'util-linux-selinux' 'xz' 'libselinux') -' - # vim: ft=sh syn=sh et diff --git a/initcpio-install-systemd b/initcpio-install-systemd index 81ae8eb9731b..1ebca01a8de7 100644 --- a/initcpio-install-systemd +++ b/initcpio-install-systemd @@ -98,14 +98,17 @@ build() { # from base add_binary /bin/mount add_binary /usr/bin/kmod /usr/bin/modprobe - - # systemd add_binary /usr/lib/systemd/systemd /init - add_binary /usr/bin/systemd-tmpfiles + + map add_binary \ + /usr/lib/systemd/systemd-hibernate-resume \ + /usr/lib/systemd/system-generators/systemd-hibernate-resume-generator \ + /usr/bin/systemd-tmpfiles # generators - add_file "/usr/lib/systemd/system-generators/systemd-fstab-generator" - add_file "/usr/lib/systemd/system-generators/systemd-gpt-auto-generator" + map add_file \ + /usr/lib/systemd/system-generators/systemd-fstab-generator \ + /usr/lib/systemd/system-generators/systemd-gpt-auto-generator # udev rules and systemd units map add_udev_rule "$rules" \ @@ -113,10 +116,9 @@ build() { 60-persistent-storage.rules \ 64-btrfs.rules \ 80-drivers.rules \ - 99-systemd.rules \ + 99-systemd.rules map add_systemd_unit \ - ctrl-alt-del.target \ initrd-cleanup.service \ initrd-fs.target \ initrd-parse-etc.service \ @@ -126,24 +128,30 @@ build() { initrd-udevadm-cleanup-db.service \ initrd.target \ kmod-static-nodes.service \ + local-fs.target \ + local-fs-pre.target \ + paths.target \ + slices.target \ sockets.target \ + swap.target \ systemd-fsck@.service \ + systemd-hibernate-resume@.service \ systemd-journald.service \ + systemd-journald-dev-log.socket \ systemd-tmpfiles-setup-dev.service \ systemd-udev-trigger.service \ systemd-udevd-control.socket \ systemd-udevd-kernel.socket \ - systemd-udevd.service + systemd-udevd.service \ + timers.target add_symlink "/usr/lib/systemd/system/default.target" "initrd.target" + add_symlink "/usr/lib/systemd/system/ctrl-alt-del.target" "reboot.target" - # libdbus needs the passwd info of the root user - # TODO: make sure this is no longer necessary when systemctl moves to sd-bus + # udev wants /etc/group since it doesn't launch with --resolve-names=never add_file "/etc/nsswitch.conf" - add_file "/etc/passwd" add_binary "$(readlink -f /usr/lib/libnss_files.so)" - - # udev wants /etc/group since it doesn't launch with --resolve-names=never + add_file "/etc/passwd" add_file "/etc/group" } |