diff options
author | Nicolas Iooss | 2021-04-19 21:02:27 +0200 |
---|---|---|
committer | Nicolas Iooss | 2021-04-19 21:02:27 +0200 |
commit | 6b506e1cef38ccfe9ccb7a4dac67727b6d852085 (patch) | |
tree | ba20b937dc49dea72cf502f37cd009ec807e11b3 | |
parent | 9eeb636bde8d972420daa792a3411a4bb940e5d8 (diff) | |
download | aur-6b506e1cef38ccfe9ccb7a4dac67727b6d852085.tar.gz |
systemd-selinux 248-5 update
-rw-r--r-- | .SRCINFO | 25 | ||||
-rw-r--r-- | 0003-PARTIAL-REVERT-commit-tree-wide-replace-strverscmp-and-str_verscmp-with-strverscmp_improved.patch | 78 | ||||
-rw-r--r-- | PKGBUILD | 26 | ||||
-rw-r--r-- | initcpio-install-systemd | 35 |
4 files changed, 119 insertions, 45 deletions
@@ -1,6 +1,6 @@ pkgbase = systemd-selinux pkgver = 248 - pkgrel = 2 + pkgrel = 5 url = https://www.github.com/systemd/systemd arch = x86_64 groups = selinux @@ -39,12 +39,14 @@ pkgbase = systemd-selinux makedepends = systemd makedepends = libfido2 makedepends = tpm2-tss + makedepends = rsync makedepends = libselinux options = strip source = git+https://github.com/systemd/systemd-stable#tag=e13126bd95857eb9344e030edbb4c603aab63884?signed source = git+https://github.com/systemd/systemd#tag=v248?signed source = 0001-Use-Arch-Linux-device-access-groups.patch source = 0002-Disable-SYSTEMD_URLIFY-by-default.patch + source = 0003-PARTIAL-REVERT-commit-tree-wide-replace-strverscmp-and-str_verscmp-with-strverscmp_improved.patch source = initcpio-hook-udev source = initcpio-install-systemd source = initcpio-install-udev @@ -68,8 +70,9 @@ pkgbase = systemd-selinux sha512sums = SKIP sha512sums = 882e486b6d88c8bafc50088845e41a49686e98981967f72ca1fb4ef07a01767400632f4b648fd31857d2a2a24a8fd65bcc2a8983284dd4fff2380732741d4c41 sha512sums = 313f3d6cc3d88f718509007e029213a82d84b196afdadc6ef560580acf70ab480aaecd7622f51726cc1af7d7841c6ec5390f72890b055a54fc74722341395651 + sha512sums = 34541f1967536524329867f9f341f8d9250d9d771c60dc3e6a22ccb82fc01f103cfd3f9903329777591ccbecd2446622a5d6b3804fa0411482b85c70593ee8ad sha512sums = f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73 - sha512sums = 1c8bdc6ecc3b755b0258faf4cbfac1b5bc25dbcd88c68cbb2ef1c41842ed349cdce84ce3f6f537845e49fab02cb5282504e1f97aa73c163fbc78997f9f00fc61 + sha512sums = f599e1a35cba2c4e83e37c2299fac23ae128d8f68081283e71e1729384975dee1c4b677787f31a17890aeb98c8d2fc90405a202644290708ef9c027315022b17 sha512sums = a25b28af2e8c516c3a2eec4e64b8c7f70c21f974af4a955a4a9d45fd3e3ff0d2a98b4419fe425d47152d5acae77d64e69d8d014a7209524b75a81b0edb10bf3a sha512sums = 61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648 sha512sums = c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5 @@ -129,12 +132,12 @@ pkgname = systemd-selinux optdepends = systemd-sysvcompat: symlink package to provide sysvinit binaries optdepends = polkit: allow administration as unprivileged user optdepends = curl: machinectl pull-tar and pull-raw - optdepends = libfido2: unlocking LUKS2 volumes - optdepends = tpm2-tss: unlocking LUKS2 volumes + optdepends = libfido2: unlocking LUKS2 volumes with FIDO2 token + optdepends = tpm2-tss: unlocking LUKS2 volumes with TPM2 provides = nss-myhostname provides = systemd-tools=248 provides = udev=248 - provides = systemd=248-2 + provides = systemd=248-5 conflicts = nss-myhostname conflicts = systemd-tools conflicts = udev @@ -148,6 +151,7 @@ pkgname = systemd-selinux backup = etc/systemd/journal-upload.conf backup = etc/systemd/logind.conf backup = etc/systemd/networkd.conf + backup = etc/systemd/oomd.conf backup = etc/systemd/pstore.conf backup = etc/systemd/resolved.conf backup = etc/systemd/sleep.conf @@ -162,6 +166,7 @@ pkgname = systemd-libs-selinux depends = glibc depends = libcap depends = libgcrypt + depends = libp11-kit depends = lz4 depends = xz depends = zstd @@ -170,7 +175,7 @@ pkgname = systemd-libs-selinux provides = libsystemd.so provides = libudev.so provides = libsystemd-selinux - provides = systemd-libs=248-2 + provides = systemd-libs=248-5 conflicts = libsystemd conflicts = libsystemd-selinux conflicts = systemd-libs @@ -182,16 +187,16 @@ pkgname = systemd-resolvconf-selinux depends = systemd-selinux provides = openresolv provides = resolvconf - provides = systemd-resolvconf=248-2 + provides = systemd-resolvconf=248-5 conflicts = openresolv - conflicts = systemd-resolvconf=248-2 + conflicts = systemd-resolvconf=248-5 pkgname = systemd-sysvcompat-selinux pkgdesc = sysvinit compat for systemd with SELinux support license = GPL2 depends = systemd-selinux - provides = systemd-sysvcompat=248-2 - provides = selinux-systemd-sysvcompat=248-2 + provides = systemd-sysvcompat=248-5 + provides = selinux-systemd-sysvcompat=248-5 conflicts = sysvinit conflicts = systemd-sysvcompat conflicts = selinux-systemd-sysvcompat diff --git a/0003-PARTIAL-REVERT-commit-tree-wide-replace-strverscmp-and-str_verscmp-with-strverscmp_improved.patch b/0003-PARTIAL-REVERT-commit-tree-wide-replace-strverscmp-and-str_verscmp-with-strverscmp_improved.patch new file mode 100644 index 000000000000..57b9e4dfcae3 --- /dev/null +++ b/0003-PARTIAL-REVERT-commit-tree-wide-replace-strverscmp-and-str_verscmp-with-strverscmp_improved.patch @@ -0,0 +1,78 @@ +From 9021729667e019defea0d4c1bdf563d629d7d837 Mon Sep 17 00:00:00 2001 +From: Ernesto Castellotti <mail@ernestocastellotti.it> +Date: Sat, 10 Apr 2021 18:59:14 +0200 +Subject: [PATCH] PARTIAL REVERT commit tree-wide: replace strverscmp() and + str_verscmp() with strverscmp_improved + +This is a workaround for the issue https://github.com/systemd/systemd/issues/19191 +--- + src/boot/efi/boot.c | 49 ++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 48 insertions(+), 1 deletion(-) + +diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c +index 35248db009bf..75c7e2c61d19 100644 +--- a/src/boot/efi/boot.c ++++ b/src/boot/efi/boot.c +@@ -914,6 +914,53 @@ static VOID config_entry_free(ConfigEntry *entry) { + FreePool(entry); + } + ++static BOOLEAN is_digit(CHAR16 c) { ++ return (c >= '0') && (c <= '9'); ++} ++static UINTN c_order(CHAR16 c) { ++ if (c == '\0') ++ return 0; ++ if (is_digit(c)) ++ return 0; ++ else if ((c >= 'a') && (c <= 'z')) ++ return c; ++ else ++ return c + 0x10000; ++} ++static INTN str_verscmp(CHAR16 *s1, CHAR16 *s2) { ++ CHAR16 *os1 = s1; ++ CHAR16 *os2 = s2; ++ while (*s1 || *s2) { ++ INTN first; ++ while ((*s1 && !is_digit(*s1)) || (*s2 && !is_digit(*s2))) { ++ INTN order; ++ order = c_order(*s1) - c_order(*s2); ++ if (order != 0) ++ return order; ++ s1++; ++ s2++; ++ } ++ while (*s1 == '0') ++ s1++; ++ while (*s2 == '0') ++ s2++; ++ first = 0; ++ while (is_digit(*s1) && is_digit(*s2)) { ++ if (first == 0) ++ first = *s1 - *s2; ++ s1++; ++ s2++; ++ } ++ if (is_digit(*s1)) ++ return 1; ++ if (is_digit(*s2)) ++ return -1; ++ if (first != 0) ++ return first; ++ } ++ return StrCmp(os1, os2); ++} ++ + static CHAR8 *line_get_key_value( + CHAR8 *content, + CHAR8 *sep, +@@ -1478,7 +1525,7 @@ static INTN config_entry_compare(ConfigEntry *a, ConfigEntry *b) { + if (a->tries_left == 0 && b->tries_left != 0) + return -1; + +- r = strverscmp_improved(a->id, b->id); ++ r = str_verscmp(a->id, b->id); + if (r != 0) + return r; + @@ -11,8 +11,9 @@ pkgbase=systemd-selinux pkgname=('systemd-selinux' 'systemd-libs-selinux' 'systemd-resolvconf-selinux' 'systemd-sysvcompat-selinux') _tag='e13126bd95857eb9344e030edbb4c603aab63884' # git rev-parse v${_tag_name} -pkgver=248 -pkgrel=2 +_tag_name=248 +pkgver="${_tag_name/-/}" +pkgrel=5 arch=('x86_64') url='https://www.github.com/systemd/systemd' groups=('selinux') @@ -21,14 +22,15 @@ makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gperf' 'lz4' 'xz' 'pam-selinux' ' 'libmicrohttpd' 'libxcrypt' 'libxslt' 'util-linux' 'linux-api-headers' 'python-lxml' 'quota-tools' 'shadow-selinux' 'gnu-efi-libs' 'git' 'meson' 'libseccomp' 'pcre2' 'audit' 'kexec-tools' 'libxkbcommon' - 'bash-completion' 'p11-kit' 'systemd' 'libfido2' 'tpm2-tss' 'libselinux') + 'bash-completion' 'p11-kit' 'systemd' 'libfido2' 'tpm2-tss' 'rsync' 'libselinux') options=('strip') validpgpkeys=('63CDA1E5D3FC22B998D20DD6327F26951A015CC4' # Lennart Poettering <lennart@poettering.net> '5C251B5FC54EB2F80F407AAAC54CA336CFEB557E') # Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> source=("git+https://github.com/systemd/systemd-stable#tag=${_tag}?signed" - "git+https://github.com/systemd/systemd#tag=v${pkgver%.*}?signed" + "git+https://github.com/systemd/systemd#tag=v${_tag_name%.*}?signed" '0001-Use-Arch-Linux-device-access-groups.patch' '0002-Disable-SYSTEMD_URLIFY-by-default.patch' + '0003-PARTIAL-REVERT-commit-tree-wide-replace-strverscmp-and-str_verscmp-with-strverscmp_improved.patch' 'initcpio-hook-udev' 'initcpio-install-systemd' 'initcpio-install-udev' @@ -49,9 +51,10 @@ source=("git+https://github.com/systemd/systemd-stable#tag=${_tag}?signed" sha512sums=('SKIP' 'SKIP' '882e486b6d88c8bafc50088845e41a49686e98981967f72ca1fb4ef07a01767400632f4b648fd31857d2a2a24a8fd65bcc2a8983284dd4fff2380732741d4c41' - '313f3d6cc3d88f718509007e029213a82d84b196afdadc6ef560580acf70ab480aaecd7622f51726cc1af7d7841c6ec5390f72890b055a54fc74722341395651' + '313f3d6cc3d88f718509007e029213a82d84b196afdadc6ef560580acf70ab480aaecd7622f51726cc1af7d7841c6ec5390f72890b055a54fc74722341395651' + '34541f1967536524329867f9f341f8d9250d9d771c60dc3e6a22ccb82fc01f103cfd3f9903329777591ccbecd2446622a5d6b3804fa0411482b85c70593ee8ad' 'f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73' - '1c8bdc6ecc3b755b0258faf4cbfac1b5bc25dbcd88c68cbb2ef1c41842ed349cdce84ce3f6f537845e49fab02cb5282504e1f97aa73c163fbc78997f9f00fc61' + 'f599e1a35cba2c4e83e37c2299fac23ae128d8f68081283e71e1729384975dee1c4b677787f31a17890aeb98c8d2fc90405a202644290708ef9c027315022b17' 'a25b28af2e8c516c3a2eec4e64b8c7f70c21f974af4a955a4a9d45fd3e3ff0d2a98b4419fe425d47152d5acae77d64e69d8d014a7209524b75a81b0edb10bf3a' '61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648' 'c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5' @@ -95,6 +98,10 @@ prepare() { # https://github.com/gwsw/less/issues/140 patch -Np1 -i ../0002-Disable-SYSTEMD_URLIFY-by-default.patch + + # https://bugs.archlinux.org/task/70264 + # https://github.com/systemd/systemd/issues/19191 + patch -Np1 -i ../0003-PARTIAL-REVERT-commit-tree-wide-replace-strverscmp-and-str_verscmp-with-strverscmp_improved.patch } build() { @@ -171,8 +178,8 @@ package_systemd-selinux() { 'systemd-sysvcompat: symlink package to provide sysvinit binaries' 'polkit: allow administration as unprivileged user' 'curl: machinectl pull-tar and pull-raw' - 'libfido2: unlocking LUKS2 volumes' - 'tpm2-tss: unlocking LUKS2 volumes') + 'libfido2: unlocking LUKS2 volumes with FIDO2 token' + 'tpm2-tss: unlocking LUKS2 volumes with TPM2') backup=(etc/pam.d/systemd-user etc/systemd/coredump.conf etc/systemd/homed.conf @@ -181,6 +188,7 @@ package_systemd-selinux() { etc/systemd/journal-upload.conf etc/systemd/logind.conf etc/systemd/networkd.conf + etc/systemd/oomd.conf etc/systemd/pstore.conf etc/systemd/resolved.conf etc/systemd/sleep.conf @@ -247,7 +255,7 @@ package_systemd-selinux() { package_systemd-libs-selinux() { pkgdesc='systemd client libraries with SELinux support' - depends=('glibc' 'libcap' 'libgcrypt' 'lz4' 'xz' 'zstd' 'libselinux') + depends=('glibc' 'libcap' 'libgcrypt' 'libp11-kit' 'lz4' 'xz' 'zstd' 'libselinux') license=('LGPL2.1') provides=('libsystemd' 'libsystemd.so' 'libudev.so' 'libsystemd-selinux' diff --git a/initcpio-install-systemd b/initcpio-install-systemd index c5b82b17d00b..05ccb904fa90 100644 --- a/initcpio-install-systemd +++ b/initcpio-install-systemd @@ -1,27 +1,21 @@ #!/bin/bash -strip_quotes() { - local len=${#1} quotes=$'[\'"]' str=${!1} - - if [[ ${str:0:1} = ${str: -1} && ${str:0:1} = $quotes ]]; then - printf -v "$1" %s "${str:1:-1}" - fi -} - add_udev_rule() { # Add an udev rules file to the initcpio image. Dependencies on binaries # will be discovered and added. # $1: path to rules file (or name of rules file) - local rules= rule= key= value= binary= + local rules="$1" rule= key= value= binary= - rules=$(PATH=/usr/lib/udev/rules.d:/lib/udev/rules.d type -P "$1") + if [[ ${rules:0:1} != '/' ]]; then + rules=$(PATH=/usr/lib/udev/rules.d:/lib/udev/rules.d type -P "$1") + fi if [[ -z $rules ]]; then # complain about not found rules return 1 fi - add_file "$rules" + add_file "$rules" /usr/lib/udev/rules.d/"${rules##*/}" while IFS=, read -ra rule; do # skip empty lines, comments @@ -31,9 +25,10 @@ add_udev_rule() { IFS=' =' read -r key value <<< "$pair" case $key in RUN@({program}|+)|IMPORT{program}|ENV{REMOVE_CMD}) - strip_quotes 'value' + # strip quotes + binary=${value//[\"\']/} # just take the first word as the binary name - binary=${value%% *} + binary=${binary%% *} [[ ${binary:0:1} == '$' ]] && continue if [[ ${binary:0:1} != '/' ]]; then binary=$(PATH=/usr/lib/udev:/lib/udev type -P "$binary") @@ -125,7 +120,6 @@ build() { # udev rules and systemd units map add_udev_rule "$rules" \ 50-udev-default.rules \ - 60-fido-id.rules \ 60-persistent-storage.rules \ 64-btrfs.rules \ 80-drivers.rules \ @@ -164,17 +158,6 @@ build() { rescue.target \ emergency.target - # add libraries dlopen()ed by systemd and its tools - for LIB in fido2 tss2-{{esys,rc,mu},tcti-'*'}; do - for FILE in $(find /usr/lib/ -maxdepth 1 -name "lib${LIB}.so*"); do - if [[ -L "${FILE}" ]]; then - add_symlink "${FILE}" - else - add_binary "${FILE}" - fi - done - done - add_symlink "/usr/lib/systemd/system/default.target" "initrd.target" add_symlink "/usr/lib/systemd/system/ctrl-alt-del.target" "reboot.target" @@ -186,7 +169,7 @@ build() { echo "root:x:0:0:root:/root:/bin/sh" >"$BUILDROOT/etc/passwd" echo 'root:*:::::::' >"$BUILDROOT/etc/shadow" - getent group root audio disk input kmem kvm lp optical render storage tty uucp video | awk -F: ' { print $1 ":x:" $3 ":" }' >"$BUILDROOT/etc/group" + getent group root audio disk input kmem kvm lp optical render sgx storage tty uucp video | awk -F: ' { print $1 ":x:" $3 ":" }' >"$BUILDROOT/etc/group" add_dir "/etc/modules-load.d" ( |