systemd-selinux 249-3 update

4 files changed, 126 insertions, 40 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 37d9e4e68b59..e33cb8bd6d2f 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = systemd-selinux
-	pkgver = 248.3
-	pkgrel = 2
+	pkgver = 249
+	pkgrel = 3
 	url = https://www.github.com/systemd/systemd
 	arch = x86_64
 	arch = aarch64
@@ -24,6 +24,7 @@ pkgbase = systemd-selinux
 	makedepends = libxslt
 	makedepends = util-linux
 	makedepends = linux-api-headers
+	makedepends = python-jinja
 	makedepends = python-lxml
 	makedepends = quota-tools
 	makedepends = shadow-selinux
@@ -43,8 +44,8 @@ pkgbase = systemd-selinux
 	makedepends = rsync
 	makedepends = libselinux
 	options = strip
-	source = git+https://github.com/systemd/systemd-stable#tag=fd9ad7d3bc35a3633b99edac14ff2a4fb10599b7?signed
-	source = git+https://github.com/systemd/systemd#tag=v248?signed
+	source = git+https://github.com/systemd/systemd-stable#tag=b134c9cc4b02eddca2ea098324369018123fdf15?signed
+	source = git+https://github.com/systemd/systemd#tag=v249?signed
 	source = 0001-Use-Arch-Linux-device-access-groups.patch
 	source = 0003-PARTIAL-REVERT-commit-tree-wide-replace-strverscmp-and-str_verscmp-with-strverscmp_improved.patch
 	source = initcpio-hook-udev
@@ -65,10 +66,11 @@ pkgbase = systemd-selinux
 	source = 30-systemd-udev-reload.hook
 	source = 30-systemd-update.hook
 	validpgpkeys = 63CDA1E5D3FC22B998D20DD6327F26951A015CC4
+	validpgpkeys = A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E
 	validpgpkeys = 5C251B5FC54EB2F80F407AAAC54CA336CFEB557E
 	sha512sums = SKIP
 	sha512sums = SKIP
-	sha512sums = 882e486b6d88c8bafc50088845e41a49686e98981967f72ca1fb4ef07a01767400632f4b648fd31857d2a2a24a8fd65bcc2a8983284dd4fff2380732741d4c41
+	sha512sums = 10f3b477527ec263cc6465c84d94416e356435930edc9e26844a0fd4f71e87a27fa0f91ce24b43a22cacdd2ead5e760e9d607369bc537a8da8d34021302a89a1
 	sha512sums = 34541f1967536524329867f9f341f8d9250d9d771c60dc3e6a22ccb82fc01f103cfd3f9903329777591ccbecd2446622a5d6b3804fa0411482b85c70593ee8ad
 	sha512sums = f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73
 	sha512sums = f599e1a35cba2c4e83e37c2299fac23ae128d8f68081283e71e1729384975dee1c4b677787f31a17890aeb98c8d2fc90405a202644290708ef9c027315022b17
@@ -134,9 +136,9 @@ pkgname = systemd-selinux
 	optdepends = libfido2: unlocking LUKS2 volumes with FIDO2 token
 	optdepends = tpm2-tss: unlocking LUKS2 volumes with TPM2
 	provides = nss-myhostname
-	provides = systemd-tools=248.3
-	provides = udev=248.3
-	provides = systemd=248.3-2
+	provides = systemd-tools=249
+	provides = udev=249
+	provides = systemd=249-3
 	conflicts = nss-myhostname
 	conflicts = systemd-tools
 	conflicts = udev
@@ -174,7 +176,7 @@ pkgname = systemd-libs-selinux
 	provides = libsystemd.so
 	provides = libudev.so
 	provides = libsystemd-selinux
-	provides = systemd-libs=248.3-2
+	provides = systemd-libs=249-3
 	conflicts = libsystemd
 	conflicts = libsystemd-selinux
 	conflicts = systemd-libs
@@ -186,16 +188,16 @@ pkgname = systemd-resolvconf-selinux
 	depends = systemd-selinux
 	provides = openresolv
 	provides = resolvconf
-	provides = systemd-resolvconf=248.3-2
+	provides = systemd-resolvconf=249-3
 	conflicts = openresolv
-	conflicts = systemd-resolvconf=248.3-2
+	conflicts = systemd-resolvconf=249-3
 
 pkgname = systemd-sysvcompat-selinux
 	pkgdesc = sysvinit compat for systemd with SELinux support
 	license = GPL2
 	depends = systemd-selinux
-	provides = systemd-sysvcompat=248.3-2
-	provides = selinux-systemd-sysvcompat=248.3-2
+	provides = systemd-sysvcompat=249-3
+	provides = selinux-systemd-sysvcompat=249-3
 	conflicts = sysvinit
 	conflicts = systemd-sysvcompat
 	conflicts = selinux-systemd-sysvcompat
diff --git a/0001-Use-Arch-Linux-device-access-groups.patch b/0001-Use-Arch-Linux-device-access-groups.patch
index 3abb448bfe92..6449c017db0c 100644
--- a/0001-Use-Arch-Linux-device-access-groups.patch
+++ b/0001-Use-Arch-Linux-device-access-groups.patch
@@ -1,4 +1,4 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From f7d07e298c819a81eab965efbdbf53a2ce67fc0e Mon Sep 17 00:00:00 2001
 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
 Date: Tue, 6 Mar 2018 23:39:47 +0100
 Subject: [PATCH] Use Arch Linux' device access groups
@@ -10,12 +10,81 @@ Content-Transfer-Encoding: 8bit
   dialout → uucp
   tape    → storage
 ---
+ meson.build                      |  6 +++---
+ meson_options.txt                | 12 ++++++------
  rules.d/50-udev-default.rules.in | 14 +++++++-------
  sysusers.d/basic.conf.in         |  6 +++---
- 2 files changed, 10 insertions(+), 10 deletions(-)
+ 4 files changed, 19 insertions(+), 19 deletions(-)
 
+diff --git a/meson.build b/meson.build
+index 32e5413a62..f781e06fed 100644
+--- a/meson.build
++++ b/meson.build
+@@ -796,19 +796,19 @@ conf.set_quoted('NOBODY_GROUP_NAME', nobody_group)
+ static_ugids = []
+ foreach option : ['adm-gid',
+                   'audio-gid',
+-                  'cdrom-gid',
+-                  'dialout-gid',
+                   'disk-gid',
+                   'input-gid',
+                   'kmem-gid',
+                   'kvm-gid',
+                   'lp-gid',
++                  'optical-gid',
+                   'render-gid',
+                   'sgx-gid',
+-                  'tape-gid',
++                  'storage-gid',
+                   'tty-gid',
+                   'users-gid',
+                   'utmp-gid',
++                  'uucp-gid',
+                   'video-gid',
+                   'wheel-gid',
+                   'systemd-journal-gid',
+diff --git a/meson_options.txt b/meson_options.txt
+index 5048de755d..676e5e2e0d 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -235,10 +235,6 @@ option('adm-gid', type : 'integer', value : '-1',
+        description : 'soft-static allocation for the "adm" group')
+ option('audio-gid', type : 'integer', value : '-1',
+        description : 'soft-static allocation for the "audio" group')
+-option('cdrom-gid', type : 'integer', value : '-1',
+-       description : 'soft-static allocation for the "cdrom" group')
+-option('dialout-gid', type : 'integer', value : '-1',
+-       description : 'soft-static allocation for the "dialout" group')
+ option('disk-gid', type : 'integer', value : '-1',
+        description : 'soft-static allocation for the "disk" group')
+ option('input-gid', type : 'integer', value : '-1',
+@@ -249,18 +245,22 @@ option('kvm-gid', type : 'integer', value : '-1',
+        description : 'soft-static allocation for the "kvm" group')
+ option('lp-gid', type : 'integer', value : '-1',
+        description : 'soft-static allocation for the "lp" group')
++option('optical-gid', type : 'integer', value : '-1',
++       description : 'soft-static allocation for the "optical" group')
+ option('render-gid', type : 'integer', value : '-1',
+        description : 'soft-static allocation for the "render" group')
+ option('sgx-gid', type : 'integer', value : '-1',
+        description : 'soft-static allocation for the "sgx" group')
+-option('tape-gid', type : 'integer', value : '-1',
+-       description : 'soft-static allocation for the "tape" group')
++option('storage-gid', type : 'integer', value : '-1',
++       description : 'soft-static allocation for the "storage" group')
+ option('tty-gid', type : 'integer', value : 5,
+        description : 'the numeric GID of the "tty" group')
+ option('users-gid', type : 'integer', value : '-1',
+        description : 'soft-static allocation for the "users" group')
+ option('utmp-gid', type : 'integer', value : '-1',
+        description : 'soft-static allocation for the "utmp" group')
++option('uucp-gid', type : 'integer', value : '-1',
++       description : 'soft-static allocation for the "uucp" group')
+ option('video-gid', type : 'integer', value : '-1',
+        description : 'soft-static allocation for the "video" group')
+ option('wheel-gid', type : 'integer', value : '-1',
 diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
-index edfa8bb107..35b8d4ba41 100644
+index 18a3cf46bf..f3c440fd89 100644
 --- a/rules.d/50-udev-default.rules.in
 +++ b/rules.d/50-udev-default.rules.in
 @@ -22,7 +22,7 @@ SUBSYSTEM=="tty", KERNEL=="sclp_line[0-9]*", GROUP="tty", MODE="0620"
@@ -27,7 +96,7 @@ index edfa8bb107..35b8d4ba41 100644
  
  SUBSYSTEM=="mem", KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640"
  
-@@ -62,13 +62,13 @@ KERNEL=="irlpt[0-9]*", GROUP="lp"
+@@ -67,13 +67,13 @@ KERNEL=="irlpt[0-9]*", GROUP="lp"
  SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0701??:*", GROUP="lp"
  
  SUBSYSTEM=="block", GROUP="disk"
@@ -48,25 +117,27 @@ index edfa8bb107..35b8d4ba41 100644
  KERNEL=="qft[0-9]*|nqft[0-9]*|zqft[0-9]*|nzqft[0-9]*|rawqft[0-9]*|nrawqft[0-9]*", GROUP="disk"
  KERNEL=="loop-control", GROUP="disk", OPTIONS+="static_node=loop-control"
 diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in
-index 4be0bd869e..cc3721b58a 100644
+index 8cc1a7cad2..21bb6d8948 100644
 --- a/sysusers.d/basic.conf.in
 +++ b/sysusers.d/basic.conf.in
-@@ -24,15 +24,15 @@ g utmp    -     -            -
+@@ -22,17 +22,17 @@ g utmp    {{UTMP_GID   }}     -            -
  
- # Hardware access groups
- g audio   -     -            -
--g cdrom   -     -            -
--g dialout -     -            -
- g disk    -     -            -
- g input   -     -            -
- g kvm     -     -            -
- g lp      -     -            -
-+g optical -     -            -
- g render  -     -            -
- g sgx     -     -            -
--g tape    -     -            -
-+g storage -     -            -
-+g uucp    -     -            -
- g video   -     -            -
+ # Physical and virtual hardware access groups
+ g audio   {{AUDIO_GID  }}     -            -
+-g cdrom   {{CDROM_GID  }}     -            -
+-g dialout {{DIALOUT_GID}}     -            -
+ g disk    {{DISK_GID   }}     -            -
+ g input   {{INPUT_GID  }}     -            -
+ g kmem    {{KMEM_GID   }}     -            -
+ g kvm     {{KVM_GID    }}     -            -
+ g lp      {{LP_GID     }}     -            -
++g optical {{OPTICAL_GID}}     -            -
+ g render  {{RENDER_GID }}     -            -
+ g sgx     {{SGX_GID    }}     -            -
+-g tape    {{TAPE_GID   }}     -            -
++g storage {{STORAGE_GID}}     -            -
+ g tty     {{TTY_GID    }}     -            -
++g uucp    {{UUCP_GID   }}     -            -
+ g video   {{VIDEO_GID  }}     -            -
  
  # Default group for normal users
diff --git a/PKGBUILD b/PKGBUILD
index cdd1be3cfa7c..16893f9b1edc 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -10,21 +10,22 @@
 
 pkgbase=systemd-selinux
 pkgname=('systemd-selinux' 'systemd-libs-selinux' 'systemd-resolvconf-selinux' 'systemd-sysvcompat-selinux')
-_tag='fd9ad7d3bc35a3633b99edac14ff2a4fb10599b7' # git rev-parse v${_tag_name}
-_tag_name=248.3
+_tag='b134c9cc4b02eddca2ea098324369018123fdf15' # git rev-parse v${_tag_name}
+_tag_name=249
 pkgver="${_tag_name/-/}"
-pkgrel=2
+pkgrel=3
 arch=('x86_64' 'aarch64')
 url='https://www.github.com/systemd/systemd'
 groups=('selinux')
 makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gperf' 'lz4' 'xz' 'pam-selinux' 'libelf'
              'intltool' 'iptables' 'kmod' 'libcap' 'libidn2' 'libgcrypt'
              'libmicrohttpd' 'libxcrypt' 'libxslt' 'util-linux' 'linux-api-headers'
-             'python-lxml' 'quota-tools' 'shadow-selinux' 'gnu-efi-libs' 'git'
+             'python-jinja' 'python-lxml' 'quota-tools' 'shadow-selinux' 'gnu-efi-libs' 'git'
              'meson' 'libseccomp' 'pcre2' 'audit' 'kexec-tools' 'libxkbcommon'
              'bash-completion' 'p11-kit' 'systemd' 'libfido2' 'tpm2-tss' 'rsync' 'libselinux')
 options=('strip')
 validpgpkeys=('63CDA1E5D3FC22B998D20DD6327F26951A015CC4'  # Lennart Poettering <lennart@poettering.net>
+              'A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E'  # Luca Boccassi <luca.boccassi@gmail.com>
               '5C251B5FC54EB2F80F407AAAC54CA336CFEB557E') # Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
 source=("git+https://github.com/systemd/systemd-stable#tag=${_tag}?signed"
         "git+https://github.com/systemd/systemd#tag=v${_tag_name%.*}?signed"
@@ -49,7 +50,7 @@ source=("git+https://github.com/systemd/systemd-stable#tag=${_tag}?signed"
         '30-systemd-update.hook')
 sha512sums=('SKIP'
             'SKIP'
-            '882e486b6d88c8bafc50088845e41a49686e98981967f72ca1fb4ef07a01767400632f4b648fd31857d2a2a24a8fd65bcc2a8983284dd4fff2380732741d4c41'
+            '10f3b477527ec263cc6465c84d94416e356435930edc9e26844a0fd4f71e87a27fa0f91ce24b43a22cacdd2ead5e760e9d607369bc537a8da8d34021302a89a1'
             '34541f1967536524329867f9f341f8d9250d9d771c60dc3e6a22ccb82fc01f103cfd3f9903329777591ccbecd2446622a5d6b3804fa0411482b85c70593ee8ad'
             'f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73'
             'f599e1a35cba2c4e83e37c2299fac23ae128d8f68081283e71e1729384975dee1c4b677787f31a17890aeb98c8d2fc90405a202644290708ef9c027315022b17'
@@ -116,7 +117,9 @@ build() {
   )
 
   local _meson_options=(
-    -Dversion-tag="${pkgver}-${pkgrel}-arch"
+    # internal version comparison is incompatible with pacman:
+    #   249~rc1 < 249 < 249.1 < 249rc
+    -Dversion-tag="${_tag_name/-/\~}-${pkgrel}-arch"
     -Dmode=release
 
     -Daudit=true
@@ -144,6 +147,12 @@ build() {
     -Drpmmacrosdir=no
     -Dsysvinit-path=
     -Dsysvrcnd-path=
+
+    -Dsbat-distro='arch'
+    -Dsbat-distro-summary='Arch Linux'
+    -Dsbat-distro-pkgname="${pkgname}"
+    -Dsbat-distro-version="${pkgver}"
+    -Dsbat-distro-url="https://aur.archlinux.org/packages/${pkgname}/"
   )
 
   arch-meson "${pkgbase/-selinux}-stable" build "${_meson_options[@]}"
diff --git a/systemd.install b/systemd.install
index bbc7efd83606..cece9d2dea25 100644
--- a/systemd.install
+++ b/systemd.install
@@ -47,6 +47,10 @@ post_install() {
 post_upgrade() {
   post_common "$@"
 
+  if sd_booted; then
+    systemctl --system daemon-reexec
+  fi
+
   local v upgrades=(
     242.0-2
   )