diff options
| -rw-r--r-- | .SRCINFO | 150 | ||||
| -rw-r--r-- | .gitignore | 5 | ||||
| -rw-r--r-- | 0001-Use-Arch-Linux-device-access-groups.patch | 164 | ||||
| -rw-r--r-- | 20-systemd-sysusers.hook (renamed from systemd-sysusers.hook) | 2 | ||||
| -rw-r--r-- | 30-systemd-binfmt.hook (renamed from systemd-binfmt.hook) | 2 | ||||
| -rw-r--r-- | 30-systemd-catalog.hook (renamed from systemd-catalog.hook) | 2 | ||||
| -rw-r--r-- | 30-systemd-daemon-reload.hook (renamed from systemd-daemon-reload.hook) | 2 | ||||
| -rw-r--r-- | 30-systemd-hwdb.hook (renamed from systemd-hwdb.hook) | 2 | ||||
| -rw-r--r-- | 30-systemd-sysctl.hook (renamed from systemd-sysctl.hook) | 2 | ||||
| -rw-r--r-- | 30-systemd-tmpfiles.hook (renamed from systemd-tmpfiles.hook) | 2 | ||||
| -rw-r--r-- | 30-systemd-udev-reload.hook (renamed from systemd-udev-reload.hook) | 2 | ||||
| -rw-r--r-- | 30-systemd-update.hook (renamed from systemd-update.hook) | 2 | ||||
| -rw-r--r-- | PKGBUILD | 303 | ||||
| -rw-r--r-- | initcpio-hook-udev | 6 | ||||
| -rw-r--r-- | initcpio-install-systemd | 167 | ||||
| -rw-r--r-- | initcpio-install-udev | 22 | ||||
| -rw-r--r-- | systemd-hook | 70 | ||||
| -rw-r--r-- | systemd.install | 59 |
18 files changed, 586 insertions, 378 deletions
@@ -1,9 +1,10 @@ pkgbase = systemd-git pkgdesc = systemd (git version) - pkgver = 242.695 + pkgver = 254.r67937.abcf59970d pkgrel = 1 url = https://www.github.com/systemd/systemd arch = x86_64 + checkdepends = python-pefile makedepends = acl makedepends = cryptsetup makedepends = docbook-xsl @@ -19,13 +20,14 @@ pkgbase = systemd-git makedepends = libidn2 makedepends = libgcrypt makedepends = libmicrohttpd + makedepends = libxcrypt makedepends = libxslt makedepends = util-linux makedepends = linux-api-headers + makedepends = python-jinja makedepends = python-lxml makedepends = quota-tools makedepends = shadow - makedepends = gnu-efi-libs makedepends = git makedepends = meson makedepends = libseccomp @@ -34,45 +36,58 @@ pkgbase = systemd-git makedepends = kexec-tools makedepends = libxkbcommon makedepends = bash-completion - options = !strip - source = git+https://github.com/systemd/systemd + makedepends = p11-kit + makedepends = systemd + makedepends = libfido2 + makedepends = tpm2-tss + makedepends = rsync + makedepends = bpf + makedepends = libbpf + makedepends = clang + makedepends = llvm + makedepends = curl + makedepends = gnutls + makedepends = python-pyelftools + makedepends = lib32-gcc-libs + options = strip + source = systemd-git-stable::git+https://github.com/systemd/systemd source = 0001-Use-Arch-Linux-device-access-groups.patch source = initcpio-hook-udev source = initcpio-install-systemd source = initcpio-install-udev source = arch.conf source = loader.conf - source = splash-arch.bmp::https://git.archlinux.org/svntogit/packages.git/plain/trunk/splash-arch.bmp?h=packages/systemd + source = splash-arch.bmp::https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/raw/main/splash-arch.bmp source = systemd-user.pam source = systemd-hook - source = systemd-binfmt.hook - source = systemd-catalog.hook - source = systemd-daemon-reload.hook - source = systemd-hwdb.hook - source = systemd-sysctl.hook - source = systemd-sysusers.hook - source = systemd-tmpfiles.hook - source = systemd-udev-reload.hook - source = systemd-update.hook + source = 20-systemd-sysusers.hook + source = 30-systemd-binfmt.hook + source = 30-systemd-catalog.hook + source = 30-systemd-daemon-reload.hook + source = 30-systemd-hwdb.hook + source = 30-systemd-sysctl.hook + source = 30-systemd-tmpfiles.hook + source = 30-systemd-udev-reload.hook + source = 30-systemd-update.hook sha512sums = SKIP - sha512sums = 9348683829190628e25b7b3300fd880c426d555bde330d5fc5150a9a54b3ad9d4d1f2e69ea1dc6d6f086693dacc53c5af30f1fa7ad9b479791fd77bcdafa430e - sha512sums = f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73 - sha512sums = 01de24951a05d38eca6b615a7645beb3677ca0e0f87638d133649f6dc14dcd2ea82594a60b793c31b14493a286d1d11a0d25617f54dbfa02be237652c8faa691 - sha512sums = a25b28af2e8c516c3a2eec4e64b8c7f70c21f974af4a955a4a9d45fd3e3ff0d2a98b4419fe425d47152d5acae77d64e69d8d014a7209524b75a81b0edb10bf3a + sha512sums = 3ccf783c28f7a1c857120abac4002ca91ae1f92205dcd5a84aff515d57e706a3f9240d75a0a67cff5085716885e06e62597baa86897f298662ec36a940cf410e + sha512sums = 4a6cd0cf6764863985dc5ad774d7c93b574645a05b3295f989342951d43c71696d069641592e37eeadb6d6f0531576de96b6392224452f15cd9f056fae038f8e + sha512sums = 94a3bf4720d428c2ec4e6c493f78debeb3d3b865ba2bef266f388bffccda8592af81a1fa2cd98f3d60720935e796572fa07256ffafb8d73342214f0ca8ba7acc + sha512sums = a8c7e4a2cc9c9987e3c957a1fc3afe8281f2281fffd2e890913dcf00cf704024fb80d86cb75f9314b99b0e03bac275b22de93307bfc226d8be9435497e95b7e6 sha512sums = 61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648 sha512sums = c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5 sha512sums = 5a1d78b5170da5abe3d18fdf9f2c3a4d78f15ba7d1ee9ec2708c4c9c2e28973469bc19386f70b3cf32ffafbe4fcc4303e5ebbd6d5187a1df3314ae0965b25e75 sha512sums = b90c99d768dc2a4f020ba854edf45ccf1b86a09d2f66e475de21fe589ff7e32c33ef4aa0876d7f1864491488fd7edb2682fc0d68e83a6d4890a0778dc2d6fe19 - sha512sums = 6b82386fc20619eefa911cd9cdac8efbd0c7137bba4955e8ae75a0ea378d19dbfccc1f7bde6684f03e5f2badefa4abf20623153d88a170d14499167319586db7 - sha512sums = 5a6b6beef8c31c79018884d948de840f4d3dfb07d9a87081ebf65e2b8fe595bc8c96dbd7742920ccf948c233213ed0026abc913650cefd77ad90c6f8c89bddb8 - sha512sums = 4cff2ebd962e26e2f516d8b4ac45c839dbfa54dd0588b423c224a328b9f7c62306ca7b2f6cb55240c564caf9972d5bcd2e0efaf2de49d64729aeb3bc1560c9eb - sha512sums = 872de70325e9798f0b5a77e991c85bd2ab6de24d9b9ba4e35002d2dd5df15f8b30739a0042a624776177ffc14a838cde7ee98622016ed41df3efda9a659730b2 - sha512sums = 471342b8d0e05533908cda5d6a906050a51e3181beda1239e91d717029ee40a9eaed714996a445417d87c4e31b7f8522a665de176077fe0536d538369594996d - sha512sums = da783e3bfc6469b92dee4064a13e2b427520d3d96b57c95a4e07aaca3e844d95210a8b16122b022080f5452d65096f274dd1c1467725bbdb2e40ef304b78774a - sha512sums = 08a590d08043a21f30f04252164b94df972b1ff1022a0469d6aef713e14484a3a037cce290a2a582851e6fac3e64add69d6cc8fc130bbeeaea08626ebf3e1763 - sha512sums = 577e33a1c50b4b41157a67f64162b035dd0c4a541e19cee55a100048bdb50cb2c82852741b1372989a0fe4c4782ba477522747fcc81d72aed99b3db512a86447 - sha512sums = e4a9d7607fe93daf1d45270971c8d8455c4bfc2c0bea8bcad05aeb89847edee23cd1a41073a72042622acf417018fe254f5bfc137604fe2c71292680bf67a1c2 - sha512sums = 209b01b044877cc986757fa4009a92ea98f480306c2530075d153203c3cd2b3afccab6aacc1453dee8857991e04270572f1700310705d7a0f4d5bed27fab8c67 + sha512sums = 5c4119bf1d84b22986dc8d0c4c2de26500b824c21dfac69f22e36809e2673f0652447cc8c9f77190ad098896f4a5e1d03fa33676fe962de631bbfa44513a8860 + sha512sums = 299dcc7094ce53474521356647bdd2fb069731c08d14a872a425412fcd72da840727a23664b12d95465bf313e8e8297da31259508d1c62cc2dcea596160e21c5 + sha512sums = 0d6bc3d928cfafe4e4e0bc04dbb95c5d2b078573e4f9e0576e7f53a8fab08a7077202f575d74a3960248c4904b5f7f0661bf17dbe163c524ab51dd30e3cb80f7 + sha512sums = 2b50b25e8680878f7974fa9d519df7e141ca11c4bfe84a92a5d01bb193f034b1726ea05b3c0030bad1fbda8dbb78bf1dc7b73859053581b55ba813c39b27d9dc + sha512sums = 63e55b3acd14bc54320b6f2310b43398651ad4e262d4f4a0135e05d34a993e56ed673cc46e57f15b418371df5c4cef6f54486db96325e4abb1d33fb1a3946254 + sha512sums = a1661ab946c6cd7d3c6251a2a9fd68afe231db58ce33c92c42594aedb5629be8f299ba08a34713327b373a3badd1554a150343d8d3e5dfb102999c281bd49154 + sha512sums = 9426829605bbb9e65002437e02ed54e35c20fdf94706770a3dc1049da634147906d6b98bf7f5e7516c84068396a12c6feaf72f92b51bdf19715e0f64620319de + sha512sums = da7a97d5d3701c70dd5388b0440da39006ee4991ce174777931fea2aa8c90846a622b2b911f02ae4d5fffb92680d9a7e211c308f0f99c04896278e2ee0d9a4dc + sha512sums = a50d202a9c2e91a4450b45c227b295e1840cc99a5e545715d69c8af789ea3dd95a03a30f050d52855cabdc9183d4688c1b534eaa755ebe93616f9d192a855ee3 + sha512sums = 825b9dd0167c072ba62cabe0677e7cd20f2b4b850328022540f122689d8b25315005fa98ce867cf6e7460b2b26df16b88bb3b5c9ebf721746dce4e2271af7b97 pkgname = systemd-git pkgdesc = system and service manager (git version) @@ -80,87 +95,120 @@ pkgname = systemd-git license = GPL2 license = LGPL2.1 depends = acl + depends = libacl.so depends = bash depends = cryptsetup + depends = libcryptsetup.so depends = dbus depends = iptables depends = kbd depends = kmod - depends = hwids + depends = libkmod.so + depends = hwdata depends = libcap + depends = libcap.so depends = libgcrypt - depends = systemd-libs + depends = libxcrypt + depends = libcrypt.so + depends = systemd-libs-git=254.r67937.abcf59970d depends = libidn2 - depends = libidn2.so depends = lz4 depends = pam depends = libelf depends = libseccomp + depends = libseccomp.so depends = util-linux + depends = libblkid.so + depends = libmount.so depends = xz depends = pcre2 depends = audit - optdepends = libmicrohttpd: remote journald capabilities + depends = libaudit.so + depends = openssl + depends = libcrypto.so + depends = libssl.so + optdepends = libmicrohttpd: systemd-journal-gatewayd and systemd-journal-remote optdepends = quota-tools: kernel-level quota management - optdepends = systemd-sysvcompat-git: symlink package to provide sysvinit binaries + optdepends = systemd-sysvcompat: symlink package to provide sysvinit binaries + optdepends = systemd-ukify-git=254.r67937.abcf59970d: combine kernel and initrd into a signed Unified Kernel Image optdepends = polkit: allow administration as unprivileged user - optdepends = curl: machinectl pull-tar and pull-raw - provides = systemd=242.695 + optdepends = python: Unified Kernel Image with ukify + optdepends = curl: systemd-journal-upload, machinectl pull-tar and pull-raw + optdepends = gnutls: systemd-journal-gatewayd and systemd-journal-remote + optdepends = libbpf: support BPF programs + optdepends = libfido2: unlocking LUKS2 volumes with FIDO2 token + optdepends = libp11-kit: support PKCS#11 + optdepends = tpm2-tss: unlocking LUKS2 volumes with TPM2 provides = nss-myhostname - provides = systemd-tools=242.695 - provides = udev=242.695 - conflicts = systemd + provides = systemd-tools=254.r67937.abcf59970d + provides = udev=254.r67937.abcf59970d + provides = systemd=254.r67937.abcf59970d conflicts = nss-myhostname conflicts = systemd-tools conflicts = udev - replaces = nss-myhostname - replaces = systemd-tools - replaces = udev + conflicts = systemd backup = etc/pam.d/systemd-user backup = etc/systemd/coredump.conf + backup = etc/systemd/homed.conf backup = etc/systemd/journald.conf backup = etc/systemd/journal-remote.conf backup = etc/systemd/journal-upload.conf backup = etc/systemd/logind.conf backup = etc/systemd/networkd.conf + backup = etc/systemd/oomd.conf + backup = etc/systemd/pstore.conf backup = etc/systemd/resolved.conf backup = etc/systemd/sleep.conf backup = etc/systemd/system.conf backup = etc/systemd/timesyncd.conf backup = etc/systemd/user.conf + backup = etc/udev/iocost.conf backup = etc/udev/udev.conf pkgname = systemd-libs-git pkgdesc = systemd client libraries (git version) license = LGPL2.1 depends = glibc + depends = gcc-libs depends = libcap depends = libgcrypt depends = lz4 depends = xz - provides = systemd-libs + depends = zstd provides = libsystemd provides = libsystemd.so provides = libudev.so - conflicts = systemd-libs + provides = systemd-libs=254.r67937.abcf59970d conflicts = libsystemd - replaces = libsystemd + conflicts = systemd-libs pkgname = systemd-resolvconf-git - pkgdesc = systemd resolvconf replacement (for use with systemd-resolved, git version) + pkgdesc = systemd resolvconf replacement (for use with systemd-resolved) (git version) license = LGPL2.1 - depends = systemd-git - provides = systemd-resolvconf + depends = systemd-git=254.r67937.abcf59970d provides = openresolv provides = resolvconf - conflicts = systemd-resolvconf + provides = systemd-resolvconf=254.r67937.abcf59970d conflicts = openresolv + conflicts = systemd-resolvconf pkgname = systemd-sysvcompat-git pkgdesc = sysvinit compat for systemd (git version) license = GPL2 - depends = systemd-git - provides = systemd-sysvcompat - conflicts = systemd-sysvcompat + depends = systemd-git=254.r67937.abcf59970d + provides = systemd-sysvcompat=254.r67937.abcf59970d conflicts = sysvinit + conflicts = systemd-sysvcompat +pkgname = systemd-ukify-git + pkgdesc = Combine kernel and initrd into a signed Unified Kernel Image (git version) + license = GPL2 + depends = binutils + depends = python-cryptography + depends = python-pefile + depends = systemd-git=254.r67937.abcf59970d + optdepends = python-pillow: Show the size of splash image + optdepends = sbsigntools: Sign the embedded kernel + provides = ukify + provides = systemd-ukify=254.r67937.abcf59970d + conflicts = systemd-ukify diff --git a/.gitignore b/.gitignore index e3ac5ad9f301..fec2bdefad35 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,5 @@ systemd -src -pkg -*.pkg.* splash-arch.bmp +src +*pkg* *.log diff --git a/0001-Use-Arch-Linux-device-access-groups.patch b/0001-Use-Arch-Linux-device-access-groups.patch index c511144dee45..d88486575209 100644 --- a/0001-Use-Arch-Linux-device-access-groups.patch +++ b/0001-Use-Arch-Linux-device-access-groups.patch @@ -1,5 +1,4 @@ -From 34e4b4953cb99642e9144d97823edf32b06ffe93 Mon Sep 17 00:00:00 2001 -Message-Id: <34e4b4953cb99642e9144d97823edf32b06ffe93.1520376078.git.jan.steffens@gmail.com> +From 0e8c18bc2639da328274d02d9222ee2c1f6bf696 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Tue, 6 Mar 2018 23:39:47 +0100 Subject: [PATCH] Use Arch Linux' device access groups @@ -11,15 +10,84 @@ Content-Transfer-Encoding: 8bit dialout → uucp tape → storage --- - rules/50-udev-default.rules.in | 14 +++++++------- - sysusers.d/basic.conf.in | 6 +++--- - 2 files changed, 10 insertions(+), 10 deletions(-) + meson.build | 6 +++--- + meson_options.txt | 12 ++++++------ + rules.d/50-udev-default.rules.in | 14 +++++++------- + sysusers.d/basic.conf.in | 6 +++--- + 4 files changed, 19 insertions(+), 19 deletions(-) -diff --git a/rules/50-udev-default.rules.in b/rules/50-udev-default.rules.in -index 191f56f42..f81c4d0fc 100644 ---- a/rules/50-udev-default.rules.in -+++ b/rules/50-udev-default.rules.in -@@ -22,7 +22,7 @@ SUBSYSTEM=="tty", KERNEL=="sclp_line[0-9]*", GROUP="tty", MODE="0620" +diff --git a/meson.build b/meson.build +index 76ad51d3fb..5cf679b088 100644 +--- a/meson.build ++++ b/meson.build +@@ -915,19 +915,19 @@ conf.set_quoted('NOBODY_GROUP_NAME', nobody_group) + static_ugids = [] + foreach option : ['adm-gid', + 'audio-gid', +- 'cdrom-gid', +- 'dialout-gid', + 'disk-gid', + 'input-gid', + 'kmem-gid', + 'kvm-gid', + 'lp-gid', ++ 'optical-gid', + 'render-gid', + 'sgx-gid', +- 'tape-gid', ++ 'storage-gid', + 'tty-gid', + 'users-gid', + 'utmp-gid', ++ 'uucp-gid', + 'video-gid', + 'wheel-gid', + 'systemd-journal-gid', +diff --git a/meson_options.txt b/meson_options.txt +index 814f340840..253a77ecb3 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -257,10 +257,6 @@ option('adm-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "adm" group') + option('audio-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "audio" group') +-option('cdrom-gid', type : 'integer', value : 0, +- description : 'soft-static allocation for the "cdrom" group') +-option('dialout-gid', type : 'integer', value : 0, +- description : 'soft-static allocation for the "dialout" group') + option('disk-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "disk" group') + option('input-gid', type : 'integer', value : 0, +@@ -271,18 +267,22 @@ option('kvm-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "kvm" group') + option('lp-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "lp" group') ++option('optical-gid', type : 'integer', value : '0', ++ description : 'soft-static allocation for the "optical" group') + option('render-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "render" group') + option('sgx-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "sgx" group') +-option('tape-gid', type : 'integer', value : 0, +- description : 'soft-static allocation for the "tape" group') ++option('storage-gid', type : 'integer', value : '0', ++ description : 'soft-static allocation for the "storage" group') + option('tty-gid', type : 'integer', value : 5, + description : 'the numeric GID of the "tty" group') + option('users-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "users" group') + option('utmp-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "utmp" group') ++option('uucp-gid', type : 'integer', value : '0', ++ description : 'soft-static allocation for the "uucp" group') + option('video-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "video" group') + option('wheel-gid', type : 'integer', value : 0, +diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in +index 843bdaf9ce..a192f091df 100644 +--- a/rules.d/50-udev-default.rules.in ++++ b/rules.d/50-udev-default.rules.in +@@ -26,7 +26,7 @@ SUBSYSTEM=="tty", KERNEL=="sclp_line[0-9]*", GROUP="tty", MODE="0620" SUBSYSTEM=="tty", KERNEL=="ttysclp[0-9]*", GROUP="tty", MODE="0620" SUBSYSTEM=="tty", KERNEL=="3270/tty[0-9]*", GROUP="tty", MODE="0620" SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty" @@ -28,7 +96,7 @@ index 191f56f42..f81c4d0fc 100644 SUBSYSTEM=="mem", KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640" -@@ -57,13 +57,13 @@ KERNEL=="irlpt[0-9]*", GROUP="lp" +@@ -72,13 +72,13 @@ KERNEL=="irlpt[0-9]*", GROUP="lp" SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0701??:*", GROUP="lp" SUBSYSTEM=="block", GROUP="disk" @@ -49,27 +117,65 @@ index 191f56f42..f81c4d0fc 100644 KERNEL=="qft[0-9]*|nqft[0-9]*|zqft[0-9]*|nzqft[0-9]*|rawqft[0-9]*|nrawqft[0-9]*", GROUP="disk" KERNEL=="loop-control", GROUP="disk", OPTIONS+="static_node=loop-control" diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in -index 8e358c02d..33e513a36 100644 +index a602b872e4..8d38febb6a 100644 --- a/sysusers.d/basic.conf.in +++ b/sysusers.d/basic.conf.in -@@ -24,14 +24,14 @@ g utmp - - - +@@ -23,17 +23,17 @@ g utmp {{UTMP_GID }} - - - # Hardware access groups - g audio - - - --g cdrom - - - --g dialout - - - - g disk - - - - g input - - - - g kvm - - - - g lp - - - -+g optical - - - - g render - - - --g tape - - - -+g storage - - - -+g uucp - - - - g video - - - + # Physical and virtual hardware access groups + g audio {{AUDIO_GID }} - - +-g cdrom {{CDROM_GID }} - - +-g dialout {{DIALOUT_GID}} - - + g disk {{DISK_GID }} - - + g input {{INPUT_GID }} - - + g kmem {{KMEM_GID }} - - + g kvm {{KVM_GID }} - - + g lp {{LP_GID }} - - ++g optical {{OPTICAL_GID}} - - + g render {{RENDER_GID }} - - + g sgx {{SGX_GID }} - - +-g tape {{TAPE_GID }} - - ++g storage {{STORAGE_GID}} - - + g tty {{TTY_GID }} - - ++g uucp {{UUCP_GID }} - - + g video {{VIDEO_GID }} - - # Default group for normal users --- -2.16.2 +From 9e2987a7b4d09d7b554141e9ef2c911cb3fda570 Mon Sep 17 00:00:00 2001 +From: Christian Hesse <mail@eworm.de> +Date: Mon, 27 Dec 2021 23:32:42 +0100 +Subject: [PATCH] generate tmpfiles.d/legacy.conf + +--- + tmpfiles.d/legacy.conf.in | 3 --- + tmpfiles.d/meson.build | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +diff --git a/tmpfiles.d/legacy.conf.in b/tmpfiles.d/legacy.conf.in +index 4f2c0d7c43..62e2ae0986 100644 +--- a/tmpfiles.d/legacy.conf.in ++++ b/tmpfiles.d/legacy.conf.in +@@ -12,9 +12,6 @@ + + d /run/lock 0755 root root - + L /var/lock - - - - ../run/lock +-{% if CREATE_LOG_DIRS %} +-L /var/log/README - - - - ../..{{DOC_DIR}}/README.logs +-{% endif %} + + # /run/lock/subsys is used for serializing SysV service execution, and + # hence without use on SysV-less systems. +diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build +index ca1abbf3fe..25e2b53402 100644 +--- a/tmpfiles.d/meson.build ++++ b/tmpfiles.d/meson.build +@@ -29,7 +29,7 @@ foreach pair : files + endforeach + + in_files = [['etc.conf', ''], +- ['legacy.conf', 'HAVE_SYSV_COMPAT'], ++ ['legacy.conf', ''], + ['static-nodes-permissions.conf', ''], + ['systemd.conf', ''], + ['var.conf', ''], diff --git a/systemd-sysusers.hook b/20-systemd-sysusers.hook index 9873dd402013..edc71957b78c 100644 --- a/systemd-sysusers.hook +++ b/20-systemd-sysusers.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Target = usr/lib/sysusers.d/*.conf diff --git a/systemd-binfmt.hook b/30-systemd-binfmt.hook index 9c31a4b162cc..19f3bcc154a5 100644 --- a/systemd-binfmt.hook +++ b/30-systemd-binfmt.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Target = usr/lib/binfmt.d/*.conf diff --git a/systemd-catalog.hook b/30-systemd-catalog.hook index d28bddc4bbcd..6e717b9a4651 100644 --- a/systemd-catalog.hook +++ b/30-systemd-catalog.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Operation = Remove diff --git a/systemd-daemon-reload.hook b/30-systemd-daemon-reload.hook index 87923e862669..dff95e49747a 100644 --- a/systemd-daemon-reload.hook +++ b/30-systemd-daemon-reload.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Operation = Remove diff --git a/systemd-hwdb.hook b/30-systemd-hwdb.hook index f0440b0a6457..1d85e29e84c0 100644 --- a/systemd-hwdb.hook +++ b/30-systemd-hwdb.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Operation = Remove diff --git a/systemd-sysctl.hook b/30-systemd-sysctl.hook index aec5ac1b0e84..e2354c0b1563 100644 --- a/systemd-sysctl.hook +++ b/30-systemd-sysctl.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Target = usr/lib/sysctl.d/*.conf diff --git a/systemd-tmpfiles.hook b/30-systemd-tmpfiles.hook index df60d82752ea..b07db6a84328 100644 --- a/systemd-tmpfiles.hook +++ b/30-systemd-tmpfiles.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Target = usr/lib/tmpfiles.d/*.conf diff --git a/systemd-udev-reload.hook b/30-systemd-udev-reload.hook index 04238bd58d3d..7676cca8cda4 100644 --- a/systemd-udev-reload.hook +++ b/30-systemd-udev-reload.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Operation = Remove diff --git a/systemd-update.hook b/30-systemd-update.hook index 7084a0c161c8..f95d9dcc3b9e 100644 --- a/systemd-update.hook +++ b/30-systemd-update.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Operation = Remove @@ -1,116 +1,150 @@ # Maintainer: Yurii Kolesnykov <root@yurikoles.com> -# Credit: Christian Hesse <mail@eworm.de> -# Credit: Dave Reisner <dreisner@archlinux.org> -# Credit: Tom Gundersen <teg@jklm.no> +# Based on testing/systemd by Christian Hesse <mail@eworm.de> +# +# PRs are welcome here: https://github.com/yurikoles-aur/systemd-git +# pkgbase=systemd-git -_pkgbase=systemd -pkgname=('systemd-git' 'systemd-libs-git' 'systemd-resolvconf-git' 'systemd-sysvcompat-git') -pkgdesc="systemd (git version)" -pkgver=242.695 +pkgname=('systemd-git' + 'systemd-libs-git' + 'systemd-resolvconf-git' + 'systemd-sysvcompat-git' + 'systemd-ukify-git') +pkgdesc='systemd (git version)' +pkgver=254.r67973.cde8cc946b pkgrel=1 arch=('x86_64') url='https://www.github.com/systemd/systemd' makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gperf' 'lz4' 'xz' 'pam' 'libelf' 'intltool' 'iptables' 'kmod' 'libcap' 'libidn2' 'libgcrypt' - 'libmicrohttpd' 'libxslt' 'util-linux' 'linux-api-headers' - 'python-lxml' 'quota-tools' 'shadow' 'gnu-efi-libs' 'git' + 'libmicrohttpd' 'libxcrypt' 'libxslt' 'util-linux' 'linux-api-headers' + 'python-jinja' 'python-lxml' 'quota-tools' 'shadow' 'git' 'meson' 'libseccomp' 'pcre2' 'audit' 'kexec-tools' 'libxkbcommon' - 'bash-completion') -options=('!strip') -source=('git+https://github.com/systemd/systemd' + 'bash-completion' 'p11-kit' 'systemd' 'libfido2' 'tpm2-tss' 'rsync' + 'bpf' 'libbpf' 'clang' 'llvm' 'curl' 'gnutls' 'python-pyelftools' + 'lib32-gcc-libs') +checkdepends=('python-pefile') +options=('strip') +source=("$pkgbase-stable::git+https://github.com/systemd/systemd" '0001-Use-Arch-Linux-device-access-groups.patch' + # mkinitcpio files 'initcpio-hook-udev' 'initcpio-install-systemd' 'initcpio-install-udev' + # bootloader files 'arch.conf' 'loader.conf' - 'splash-arch.bmp'::'https://git.archlinux.org/svntogit/packages.git/plain/trunk/splash-arch.bmp?h=packages/systemd' + 'splash-arch.bmp'::'https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/raw/main/splash-arch.bmp' + # pam configuration 'systemd-user.pam' + # pacman / libalpm hooks 'systemd-hook' - 'systemd-binfmt.hook' - 'systemd-catalog.hook' - 'systemd-daemon-reload.hook' - 'systemd-hwdb.hook' - 'systemd-sysctl.hook' - 'systemd-sysusers.hook' - 'systemd-tmpfiles.hook' - 'systemd-udev-reload.hook' - 'systemd-update.hook') + '20-systemd-sysusers.hook' + '30-systemd-binfmt.hook' + '30-systemd-catalog.hook' + '30-systemd-daemon-reload.hook' + '30-systemd-hwdb.hook' + '30-systemd-sysctl.hook' + '30-systemd-tmpfiles.hook' + '30-systemd-udev-reload.hook' + '30-systemd-update.hook') sha512sums=('SKIP' - '9348683829190628e25b7b3300fd880c426d555bde330d5fc5150a9a54b3ad9d4d1f2e69ea1dc6d6f086693dacc53c5af30f1fa7ad9b479791fd77bcdafa430e' - 'f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73' - '01de24951a05d38eca6b615a7645beb3677ca0e0f87638d133649f6dc14dcd2ea82594a60b793c31b14493a286d1d11a0d25617f54dbfa02be237652c8faa691' - 'a25b28af2e8c516c3a2eec4e64b8c7f70c21f974af4a955a4a9d45fd3e3ff0d2a98b4419fe425d47152d5acae77d64e69d8d014a7209524b75a81b0edb10bf3a' + '3ccf783c28f7a1c857120abac4002ca91ae1f92205dcd5a84aff515d57e706a3f9240d75a0a67cff5085716885e06e62597baa86897f298662ec36a940cf410e' + '4a6cd0cf6764863985dc5ad774d7c93b574645a05b3295f989342951d43c71696d069641592e37eeadb6d6f0531576de96b6392224452f15cd9f056fae038f8e' + '94a3bf4720d428c2ec4e6c493f78debeb3d3b865ba2bef266f388bffccda8592af81a1fa2cd98f3d60720935e796572fa07256ffafb8d73342214f0ca8ba7acc' + 'a8c7e4a2cc9c9987e3c957a1fc3afe8281f2281fffd2e890913dcf00cf704024fb80d86cb75f9314b99b0e03bac275b22de93307bfc226d8be9435497e95b7e6' '61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648' 'c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5' '5a1d78b5170da5abe3d18fdf9f2c3a4d78f15ba7d1ee9ec2708c4c9c2e28973469bc19386f70b3cf32ffafbe4fcc4303e5ebbd6d5187a1df3314ae0965b25e75' 'b90c99d768dc2a4f020ba854edf45ccf1b86a09d2f66e475de21fe589ff7e32c33ef4aa0876d7f1864491488fd7edb2682fc0d68e83a6d4890a0778dc2d6fe19' - '6b82386fc20619eefa911cd9cdac8efbd0c7137bba4955e8ae75a0ea378d19dbfccc1f7bde6684f03e5f2badefa4abf20623153d88a170d14499167319586db7' - '5a6b6beef8c31c79018884d948de840f4d3dfb07d9a87081ebf65e2b8fe595bc8c96dbd7742920ccf948c233213ed0026abc913650cefd77ad90c6f8c89bddb8' - '4cff2ebd962e26e2f516d8b4ac45c839dbfa54dd0588b423c224a328b9f7c62306ca7b2f6cb55240c564caf9972d5bcd2e0efaf2de49d64729aeb3bc1560c9eb' - '872de70325e9798f0b5a77e991c85bd2ab6de24d9b9ba4e35002d2dd5df15f8b30739a0042a624776177ffc14a838cde7ee98622016ed41df3efda9a659730b2' - '471342b8d0e05533908cda5d6a906050a51e3181beda1239e91d717029ee40a9eaed714996a445417d87c4e31b7f8522a665de176077fe0536d538369594996d' - 'da783e3bfc6469b92dee4064a13e2b427520d3d96b57c95a4e07aaca3e844d95210a8b16122b022080f5452d65096f274dd1c1467725bbdb2e40ef304b78774a' - '08a590d08043a21f30f04252164b94df972b1ff1022a0469d6aef713e14484a3a037cce290a2a582851e6fac3e64add69d6cc8fc130bbeeaea08626ebf3e1763' - '577e33a1c50b4b41157a67f64162b035dd0c4a541e19cee55a100048bdb50cb2c82852741b1372989a0fe4c4782ba477522747fcc81d72aed99b3db512a86447' - 'e4a9d7607fe93daf1d45270971c8d8455c4bfc2c0bea8bcad05aeb89847edee23cd1a41073a72042622acf417018fe254f5bfc137604fe2c71292680bf67a1c2' - '209b01b044877cc986757fa4009a92ea98f480306c2530075d153203c3cd2b3afccab6aacc1453dee8857991e04270572f1700310705d7a0f4d5bed27fab8c67') -prepare() { - cd "$_pkgbase" + '5c4119bf1d84b22986dc8d0c4c2de26500b824c21dfac69f22e36809e2673f0652447cc8c9f77190ad098896f4a5e1d03fa33676fe962de631bbfa44513a8860' + '299dcc7094ce53474521356647bdd2fb069731c08d14a872a425412fcd72da840727a23664b12d95465bf313e8e8297da31259508d1c62cc2dcea596160e21c5' + '0d6bc3d928cfafe4e4e0bc04dbb95c5d2b078573e4f9e0576e7f53a8fab08a7077202f575d74a3960248c4904b5f7f0661bf17dbe163c524ab51dd30e3cb80f7' + '2b50b25e8680878f7974fa9d519df7e141ca11c4bfe84a92a5d01bb193f034b1726ea05b3c0030bad1fbda8dbb78bf1dc7b73859053581b55ba813c39b27d9dc' + '63e55b3acd14bc54320b6f2310b43398651ad4e262d4f4a0135e05d34a993e56ed673cc46e57f15b418371df5c4cef6f54486db96325e4abb1d33fb1a3946254' + 'a1661ab946c6cd7d3c6251a2a9fd68afe231db58ce33c92c42594aedb5629be8f299ba08a34713327b373a3badd1554a150343d8d3e5dfb102999c281bd49154' + '9426829605bbb9e65002437e02ed54e35c20fdf94706770a3dc1049da634147906d6b98bf7f5e7516c84068396a12c6feaf72f92b51bdf19715e0f64620319de' + 'da7a97d5d3701c70dd5388b0440da39006ee4991ce174777931fea2aa8c90846a622b2b911f02ae4d5fffb92680d9a7e211c308f0f99c04896278e2ee0d9a4dc' + 'a50d202a9c2e91a4450b45c227b295e1840cc99a5e545715d69c8af789ea3dd95a03a30f050d52855cabdc9183d4688c1b534eaa755ebe93616f9d192a855ee3' + '825b9dd0167c072ba62cabe0677e7cd20f2b4b850328022540f122689d8b25315005fa98ce867cf6e7460b2b26df16b88bb3b5c9ebf721746dce4e2271af7b97') - # Replace cdrom/dialout/tape groups with optical/uucp/storage - patch -Np1 -i ../0001-Use-Arch-Linux-device-access-groups.patch +pkgver() { + cd "$pkgbase-stable" + local _major=`grep -m1 version meson.build | cut -d\' -f2` + printf "%s.r%s.%s" "${_major}" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)" } -pkgver() { - cd "$_pkgbase" +prepare() { + cd "$pkgbase-stable" - local _version _count - _version="$(git describe --abbrev=0 --tags)" - _count="$(git rev-list --count ${_version}..)" - printf '%s.%s' "${_version#v}" "${_count}" + # Replace cdrom/dialout/tape groups with optical/uucp/storage + patch -Np1 -i ../0001-Use-Arch-Linux-device-access-groups.patch } build() { local _timeservers=({0..3}.arch.pool.ntp.org) local _nameservers=( - # We use these public name services, ordered by their - # privacy policy (hopefully): + # We use these public name services, ordered by their privacy policy (hopefully): # * Cloudflare (https://1.1.1.1/) - # * Quad9 without filtering (https://www.quad9.net/) + # * Quad9 (https://www.quad9.net/) # * Google (https://developers.google.com/speed/public-dns/) - 1.1.1.1 - 9.9.9.10 - 8.8.8.8 - 2606:4700:4700::1111 - 2620:fe::10 - 2001:4860:4860::8888 + '1.1.1.1#cloudflare-dns.com' + '9.9.9.9#dns.quad9.net' + '8.8.8.8#dns.google' + '2606:4700:4700::1111#cloudflare-dns.com' + '2620:fe::9#dns.quad9.net' + '2001:4860:4860::8888#dns.google' ) local _meson_options=( - -Dversion-tag="${pkgver}-${pkgrel}-git" - - -Dgnu-efi=true + # internal version comparison is incompatible with pacman: + # 249~rc1 < 249 < 249.1 < 249rc + -Dversion-tag="${pkgver}-${pkgrel}-arch" + -Dshared-lib-tag="${pkgver}-${pkgrel}" + -Dmode=release + + -Dapparmor=false + -Dbootloader=true + -Dbpf-framework=true -Dima=false -Dlibidn2=true -Dlz4=true - + -Dman=true + -Dnscd=false + -Dpasswdqc=false + -Dpwquality=false + -Dqrencode=false + -Dselinux=false + -Dxenctrl=false + + # We disable DNSSEC by default, it still causes trouble: + # https://github.com/systemd/systemd/issues/10579 + -Ddbuspolicydir=/usr/share/dbus-1/system.d - -Ddefault-hierarchy=hybrid - -Ddefault-locale=C + -Ddefault-dnssec=no + -Ddefault-hierarchy=unified -Ddefault-kill-user-processes=false + -Ddefault-locale='C.UTF-8' + -Dlocalegen-path=/usr/bin/locale-gen + -Ddns-over-tls=openssl -Dfallback-hostname='archlinux' + -Dnologin-path=/usr/bin/nologin -Dntp-servers="${_timeservers[*]}" -Ddns-servers="${_nameservers[*]}" -Drpmmacrosdir=no -Dsysvinit-path= -Dsysvrcnd-path= + + -Dsbat-distro='arch' + -Dsbat-distro-summary='Arch Linux AUR' + -Dsbat-distro-pkgname="${pkgname}" + -Dsbat-distro-version="${pkgver}" + -Dsbat-distro-url="https://aur.archlinux.org/pkgbase/${pkgname}" ) - - arch-meson "$_pkgbase" build "${_meson_options[@]}" - ninja -C build + arch-meson "$pkgbase-stable" build "${_meson_options[@]}" + + meson compile -C build } check() { @@ -118,62 +152,80 @@ check() { } package_systemd-git() { - pkgdesc="system and service manager (git version)" + pkgdesc='system and service manager' + pkgdesc+=' (git version)' license=('GPL2' 'LGPL2.1') - depends=('acl' 'bash' 'cryptsetup' 'dbus' 'iptables' 'kbd' 'kmod' 'hwids' 'libcap' - 'libgcrypt' 'systemd-libs' 'libidn2' 'libidn2.so' 'lz4' 'pam' 'libelf' - 'libseccomp' 'util-linux' 'xz' 'pcre2' 'audit') - provides=("${_pkgbase}=$pkgver" 'nss-myhostname' "systemd-tools=$pkgver" "udev=$pkgver") - replaces=('nss-myhostname' 'systemd-tools' 'udev') - conflicts=("${_pkgbase}" 'nss-myhostname' 'systemd-tools' 'udev') - optdepends=('libmicrohttpd: remote journald capabilities' + depends=('acl' 'libacl.so' 'bash' 'cryptsetup' 'libcryptsetup.so' 'dbus' + 'iptables' 'kbd' 'kmod' 'libkmod.so' 'hwdata' 'libcap' 'libcap.so' + 'libgcrypt' 'libxcrypt' 'libcrypt.so' "systemd-libs-git=$pkgver" 'libidn2' 'lz4' 'pam' + 'libelf' 'libseccomp' 'libseccomp.so' 'util-linux' 'libblkid.so' + 'libmount.so' 'xz' 'pcre2' 'audit' 'libaudit.so' + 'openssl' 'libcrypto.so' 'libssl.so') + provides=('nss-myhostname' "systemd-tools=$pkgver" "udev=$pkgver") + provides+=("systemd=$pkgver") + conflicts=('nss-myhostname' 'systemd-tools' 'udev') + conflicts+=('systemd') + optdepends=('libmicrohttpd: systemd-journal-gatewayd and systemd-journal-remote' 'quota-tools: kernel-level quota management' - 'systemd-sysvcompat-git: symlink package to provide sysvinit binaries' + 'systemd-sysvcompat: symlink package to provide sysvinit binaries' + "systemd-ukify-git=$pkgver: combine kernel and initrd into a signed Unified Kernel Image" 'polkit: allow administration as unprivileged user' - 'curl: machinectl pull-tar and pull-raw') + 'python: Unified Kernel Image with ukify' + 'curl: systemd-journal-upload, machinectl pull-tar and pull-raw' + 'gnutls: systemd-journal-gatewayd and systemd-journal-remote' + 'libbpf: support BPF programs' + 'libfido2: unlocking LUKS2 volumes with FIDO2 token' + 'libp11-kit: support PKCS#11' + 'tpm2-tss: unlocking LUKS2 volumes with TPM2') backup=(etc/pam.d/systemd-user etc/systemd/coredump.conf + etc/systemd/homed.conf etc/systemd/journald.conf etc/systemd/journal-remote.conf etc/systemd/journal-upload.conf etc/systemd/logind.conf etc/systemd/networkd.conf + etc/systemd/oomd.conf + etc/systemd/pstore.conf etc/systemd/resolved.conf etc/systemd/sleep.conf etc/systemd/system.conf etc/systemd/timesyncd.conf etc/systemd/user.conf + etc/udev/iocost.conf etc/udev/udev.conf) install=systemd.install - DESTDIR="$pkgdir" meson install -C build - - # don't write units to /etc by default. some of these will be re-enabled on - # post_install. - rm -rfv "$pkgdir"/etc/systemd/system/* + meson install -C build --destdir "$pkgdir" # we'll create this on installation rmdir "$pkgdir"/var/log/journal/remote # runtime libraries shipped with systemd-libs - install -d -m0755 systemd-libs - mv "$pkgdir"/usr/lib/lib{nss,systemd,udev}*.so* systemd-libs + install -d -m0755 systemd-libs/lib/ + mv "$pkgdir"/usr/lib/lib{nss,systemd,udev}*.so* systemd-libs/lib/ + mv "$pkgdir"/usr/lib/pkgconfig systemd-libs/lib/pkgconfig + mv "$pkgdir"/usr/include systemd-libs/include + mv "$pkgdir"/usr/share/man/man3 systemd-libs/man3 + + # ukify shipped in separate package + install -d -m0755 systemd-ukify/{systemd,man1} + mv "$pkgdir"/usr/lib/systemd/ukify systemd-ukify/systemd/ + mv "$pkgdir"/usr/share/man/man1/ukify.1 systemd-ukify/man1/ # manpages shipped with systemd-sysvcompat - rm -f "$pkgdir"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 + rm "$pkgdir"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 # executable (symlinks) shipped with systemd-sysvcompat - rm -f "$pkgdir"/usr/bin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} + rm "$pkgdir"/usr/bin/{halt,init,poweroff,reboot,shutdown} # files shipped with systemd-resolvconf - rm -f "$pkgdir"/usr/{bin/resolvconf,share/man/man1/resolvconf.1} + rm "$pkgdir"/usr/{bin/resolvconf,share/man/man1/resolvconf.1} # avoid a potential conflict with [core]/filesystem - rm -f "$pkgdir"/usr/share/factory/etc/nsswitch.conf - sed -i '/^C \/etc\/nsswitch\.conf/d' "$pkgdir"/usr/lib/tmpfiles.d/etc.conf - - # add back tmpfiles.d/legacy.conf, normally omitted without sysv-compat - install -m0644 $_pkgbase/tmpfiles.d/legacy.conf "$pkgdir"/usr/lib/tmpfiles.d + rm "$pkgdir"/usr/share/factory/etc/{issue,nsswitch.conf} + sed -i -e '/^C \/etc\/nsswitch\.conf/d' \ + -e '/^C \/etc\/issue/d' "$pkgdir"/usr/lib/tmpfiles.d/etc.conf # ship default policy to leave services disabled echo 'disable *' >"$pkgdir"/usr/lib/systemd/system-preset/99-default.preset @@ -183,11 +235,10 @@ package_systemd-git() { install -D -m0644 initcpio-install-udev "$pkgdir"/usr/lib/initcpio/install/udev install -D -m0644 initcpio-hook-udev "$pkgdir"/usr/lib/initcpio/hooks/udev - # ensure proper permissions for /var/log/journal - # The permissions are stored with named group by tar, so this works with - # users and groups populated by systemd-sysusers. This is only to prevent a - # warning from pacman as permissions are set by systemd-tmpfiles anyway. - install -d -o root -g systemd-journal -m 2755 "$pkgdir"/var/log/journal + # The group 'systemd-journal' is allocated dynamically and may have varying + # gid on different systems. Let's install with gid 0 (root), systemd-tmpfiles + # will fix the permissions for us. (see /usr/lib/tmpfiles.d/systemd.conf) + install -d -o root -g root -m 2755 "$pkgdir"/var/log/journal # match directory owner/group and mode from [extra]/polkit install -d -o root -g 102 -m 0750 "$pkgdir"/usr/share/polkit-1/rules.d @@ -206,23 +257,30 @@ package_systemd-git() { } package_systemd-libs-git() { - pkgdesc='systemd client libraries (git version)' - depends=('glibc' 'libcap' 'libgcrypt' 'lz4' 'xz') + pkgdesc='systemd client libraries' + pkgdesc+=' (git version)' + depends=('glibc' 'gcc-libs' 'libcap' 'libgcrypt' 'lz4' 'xz' 'zstd') license=('LGPL2.1') - provides=('systemd-libs' 'libsystemd' 'libsystemd.so' 'libudev.so') - conflicts=('systemd-libs' 'libsystemd') - replaces=('libsystemd') - - install -d -m0755 "$pkgdir"/usr - mv systemd-libs "$pkgdir"/usr/lib + provides=('libsystemd' 'libsystemd.so' 'libudev.so') + provides+=("systemd-libs=$pkgver") + conflicts=('libsystemd') + conflicts+=('systemd-libs') + + install -d -m0755 "$pkgdir"/usr/share/man + mv systemd-libs/lib "$pkgdir"/usr/lib + mv systemd-libs/include "$pkgdir"/usr/include + mv systemd-libs/man3 "$pkgdir"/usr/share/man/man3 } package_systemd-resolvconf-git() { - pkgdesc='systemd resolvconf replacement (for use with systemd-resolved, git version)' + pkgdesc='systemd resolvconf replacement (for use with systemd-resolved)' + pkgdesc+=' (git version)' license=('LGPL2.1') - depends=("${pkgbase}") - provides=('systemd-resolvconf' 'openresolv' 'resolvconf') - conflicts=('systemd-resolvconf' 'openresolv') + depends=("systemd-git=$pkgver") + provides=('openresolv' 'resolvconf') + provides+=("systemd-resolvconf=$pkgver") + conflicts=('openresolv') + conflicts+=('systemd-resolvconf') install -d -m0755 "$pkgdir"/usr/bin ln -s resolvectl "$pkgdir"/usr/bin/resolvconf @@ -231,20 +289,37 @@ package_systemd-resolvconf-git() { ln -s resolvectl.1.gz "$pkgdir"/usr/share/man/man1/resolvconf.1.gz } - package_systemd-sysvcompat-git() { - pkgdesc='sysvinit compat for systemd (git version)' + pkgdesc='sysvinit compat for systemd' + pkgdesc+=' (git version)' license=('GPL2') - depends=("${pkgbase}") - provides=('systemd-sysvcompat') - conflicts=('systemd-sysvcompat' 'sysvinit') + conflicts=('sysvinit') + conflicts+=('systemd-sysvcompat') + depends=("systemd-git=$pkgver") + provides=("systemd-sysvcompat=$pkgver") - # install -D -m0644 -t "$pkgdir"/usr/share/man/man8 \ - # build/man/{telinit,halt,reboot,poweroff,runlevel,shutdown}.8 + install -D -m0644 -t "$pkgdir"/usr/share/man/man8 \ + build/man/{halt,poweroff,reboot,shutdown}.8 install -d -m0755 "$pkgdir"/usr/bin ln -s ../lib/systemd/systemd "$pkgdir"/usr/bin/init - for tool in runlevel reboot shutdown poweroff halt telinit; do + for tool in halt poweroff reboot shutdown; do ln -s systemctl "$pkgdir"/usr/bin/$tool done } + +package_systemd-ukify-git() { + pkgdesc='Combine kernel and initrd into a signed Unified Kernel Image' + pkgdesc+=' (git version)' + license=('GPL2') + conflicts=('systemd-ukify') + provides=('ukify') + provides+=("systemd-ukify=$pkgver") + depends=('binutils' 'python-cryptography' 'python-pefile' "systemd-git=$pkgver") + optdepends=('python-pillow: Show the size of splash image' + 'sbsigntools: Sign the embedded kernel') + + install -d -m0755 "$pkgdir"/usr/{lib,share/man} + mv systemd-ukify/systemd "$pkgdir"/usr/lib/systemd + mv systemd-ukify/man1 "$pkgdir"/usr/share/man/man1 +} diff --git a/initcpio-hook-udev b/initcpio-hook-udev index ea9a11f8ce87..dfa875067ee3 100644 --- a/initcpio-hook-udev +++ b/initcpio-hook-udev @@ -3,7 +3,11 @@ run_earlyhook() { kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf systemd-tmpfiles --prefix=/dev --create --boot - /usr/lib/systemd/systemd-udevd --daemon --resolve-names=never + if [ "${quiet}" = "y" ]; then + /usr/lib/systemd/systemd-udevd --daemon --resolve-names=never >/dev/null 2>&1 + else + /usr/lib/systemd/systemd-udevd --daemon --resolve-names=never + fi udevd_running=1 } diff --git a/initcpio-install-systemd b/initcpio-install-systemd index 8fb4441f7c76..d59900c35b51 100644 --- a/initcpio-install-systemd +++ b/initcpio-install-systemd @@ -1,50 +1,5 @@ #!/bin/bash -strip_quotes() { - local len=${#1} quotes=$'[\'"]' str=${!1} - - if [[ ${str:0:1} = ${str: -1} && ${str:0:1} = $quotes ]]; then - printf -v "$1" %s "${str:1:-1}" - fi -} - -add_udev_rule() { - # Add an udev rules file to the initcpio image. Dependencies on binaries - # will be discovered and added. - # $1: path to rules file (or name of rules file) - - local rules= rule= key= value= binary= - - rules=$(PATH=/usr/lib/udev/rules.d:/lib/udev/rules.d type -P "$1") - if [[ -z $rules ]]; then - # complain about not found rules - return 1 - fi - - add_file "$rules" - - while IFS=, read -ra rule; do - # skip empty lines, comments - [[ -z $rule || $rule = @(+([[:space:]])|#*) ]] && continue - - for pair in "${rule[@]}"; do - IFS=' =' read -r key value <<< "$pair" - case $key in - RUN@({program}|+)|IMPORT{program}|ENV{REMOVE_CMD}) - strip_quotes 'value' - # just take the first word as the binary name - binary=${value%% *} - [[ ${binary:0:1} == '$' ]] && continue - if [[ ${binary:0:1} != '/' ]]; then - binary=$(PATH=/usr/lib/udev:/lib/udev type -P "$binary") - fi - add_binary "$binary" - ;; - esac - done - done <"$rules" -} - add_systemd_unit() { # Add a systemd unit file to the initcpio image. Hard dependencies on binaries # and other unit files will be discovered and added. @@ -69,10 +24,13 @@ add_systemd_unit() { map add_systemd_unit "${values[@]}" ;; Exec*) - # don't add binaries unless they are required - if [[ ${values[0]:0:1} != '-' ]]; then - add_binary "${values[0]}" - fi + # do not add binaries unless they are required, + # strip special executable prefixes + case ${values[0]} in + -*) ;; + !!*) add_binary "${values[0]#!!}" ;; + *) add_binary "${values[0]#[@!:+]}" ;; + esac ;; esac @@ -103,13 +61,14 @@ add_systemd_drop_in() { build() { local rules unit - # from base - add_binary /bin/mount add_binary /usr/bin/kmod /usr/bin/modprobe - add_binary /usr/lib/systemd/systemd /init + add_binary /usr/bin/mount add_binary /usr/bin/sulogin + add_binary /usr/bin/umount + add_binary /usr/lib/systemd/systemd /init map add_binary \ + /usr/bin/journalctl \ /usr/bin/systemd-tmpfiles \ /usr/lib/systemd/systemd-hibernate-resume \ /usr/lib/systemd/systemd-shutdown \ @@ -118,68 +77,72 @@ build() { /usr/lib/systemd/system-generators/systemd-gpt-auto-generator \ /usr/lib/systemd/system-generators/systemd-hibernate-resume-generator - # for journalctl in emergency shell - add_binary journalctl - - # udev rules and systemd units + # udev rules map add_udev_rule "$rules" \ - 50-udev-default.rules \ - 60-persistent-storage.rules \ - 64-btrfs.rules \ - 80-drivers.rules \ - 99-systemd.rules + 50-udev-default.rules \ + 60-persistent-storage.rules \ + 64-btrfs.rules \ + 80-drivers.rules \ + 99-systemd.rules + # systemd units map add_systemd_unit \ - initrd-cleanup.service \ - initrd-fs.target \ - initrd-parse-etc.service \ - initrd-root-fs.target \ - initrd-root-device.target \ - initrd-switch-root.service \ - initrd-switch-root.target \ - initrd-udevadm-cleanup-db.service \ - initrd.target \ - kmod-static-nodes.service \ - local-fs.target \ - local-fs-pre.target \ - paths.target \ - reboot.target \ - slices.target \ - sockets.target \ - swap.target \ - systemd-fsck@.service \ - systemd-hibernate-resume@.service \ - systemd-journald.service \ - systemd-journald-audit.socket \ - systemd-journald-dev-log.socket \ - systemd-modules-load.service \ - systemd-tmpfiles-setup-dev.service \ - systemd-udev-trigger.service \ - systemd-udevd-control.socket \ - systemd-udevd-kernel.socket \ - systemd-udevd.service \ - timers.target \ - rescue.target \ - emergency.target + initrd-cleanup.service \ + initrd-fs.target \ + initrd-parse-etc.service \ + initrd-root-fs.target \ + initrd-root-device.target \ + initrd-switch-root.service \ + initrd-switch-root.target \ + initrd-udevadm-cleanup-db.service \ + initrd.target \ + kmod-static-nodes.service \ + local-fs.target \ + local-fs-pre.target \ + paths.target \ + reboot.target \ + slices.target \ + sockets.target \ + swap.target \ + systemd-battery-check.service \ + systemd-fsck@.service \ + systemd-journald-audit.socket \ + systemd-journald-dev-log.socket \ + systemd-journald.service \ + systemd-modules-load.service \ + systemd-pcrphase-initrd.service \ + systemd-tmpfiles-setup-dev.service \ + systemd-udevd-control.socket \ + systemd-udevd-kernel.socket \ + systemd-udevd.service \ + systemd-udev-trigger.service \ + systemd-vconsole-setup.service \ + timers.target \ + rescue.target \ + emergency.target + + # add libraries dlopen()ed by tpm2-util + for LIB in tss2-{esys,rc,mu,tcti-'*'}; do + for FILE in $(find /usr/lib/ -maxdepth 1 -name "lib${LIB}.so*"); do + if [[ -L "${FILE}" ]]; then + add_symlink "${FILE}" + else + add_binary "${FILE}" + fi + done + done add_symlink "/usr/lib/systemd/system/default.target" "initrd.target" add_symlink "/usr/lib/systemd/system/ctrl-alt-del.target" "reboot.target" - add_binary "$(readlink -f /usr/lib/libnss_files.so)" printf '%s\n' >"$BUILDROOT/etc/nsswitch.conf" \ 'passwd: files' \ 'group: files' \ 'shadow: files' - echo "root:x:0:0:root:/:/bin/sh" >"$BUILDROOT/etc/passwd" - echo "root:x:0:root" >"$BUILDROOT/etc/group" - echo "root::::::::" >"$BUILDROOT/etc/shadow" - - add_systemd_drop_in systemd-udevd.service resolve-names <<EOF -[Service] -ExecStart= -ExecStart=/usr/lib/systemd/systemd-udevd --resolve-names=never -EOF + echo "root:x:0:0:root:/root:/bin/sh" >"$BUILDROOT/etc/passwd" + echo 'root:*:::::::' >"$BUILDROOT/etc/shadow" + getent group root audio disk input kmem kvm lp optical render sgx storage tty uucp video | awk -F: ' { print $1 ":x:" $3 ":" }' >"$BUILDROOT/etc/group" add_dir "/etc/modules-load.d" ( diff --git a/initcpio-install-udev b/initcpio-install-udev index 31d9827129e7..fef6f9bb7235 100644 --- a/initcpio-install-udev +++ b/initcpio-install-udev @@ -3,16 +3,20 @@ build() { local rules tool - add_binary /usr/lib/systemd/systemd-udevd - add_binary /usr/bin/udevadm - add_binary /usr/bin/systemd-tmpfiles + map add_binary \ + '/usr/lib/systemd/systemd-udevd' \ + '/usr/bin/udevadm' \ + '/usr/bin/systemd-tmpfiles' - for rules in 50-udev-default.rules 60-persistent-storage.rules 64-btrfs.rules 80-drivers.rules; do - add_file "/usr/lib/udev/rules.d/$rules" - done - for tool in ata_id scsi_id; do - add_file "/usr/lib/udev/$tool" - done + map add_udev_rule \ + '50-udev-default.rules' \ + '60-persistent-storage.rules' \ + '64-btrfs.rules' \ + '80-drivers.rules' + + map add_file \ + '/usr/lib/udev/ata_id' \ + '/usr/lib/udev/scsi_id' add_runscript } diff --git a/systemd-hook b/systemd-hook index 0a664f2c5824..63f27e0bd58a 100644 --- a/systemd-hook +++ b/systemd-hook @@ -1,6 +1,14 @@ #!/bin/sh -e +is_chrooted() { + if systemd-detect-virt --chroot; then + echo >&2 " Skipped: Running in chroot." + exit 0 + fi +} + systemd_live() { + is_chrooted if [ ! -d /run/systemd/system ]; then echo >&2 " Skipped: Current root is not booted." exit 0 @@ -8,25 +16,63 @@ systemd_live() { } udevd_live() { - if [ ! -d /run/udev ]; then + is_chrooted + if [ ! -S /run/udev/control ]; then echo >&2 " Skipped: Device manager is not running." exit 0 fi } -case $1 in - catalog) /usr/bin/journalctl --update-catalog ;; - hwdb) /usr/bin/systemd-hwdb --usr update ;; - update) touch -c /usr ;; - sysusers) /usr/bin/systemd-sysusers ;; - tmpfiles) /usr/bin/systemd-tmpfiles --create ;; +op="$1"; shift + +case "$op" in + catalog) + /usr/bin/journalctl --update-catalog + ;; + hwdb) + /usr/bin/systemd-hwdb --usr update + ;; + update) + touch -c /usr + ;; + sysusers) + /usr/bin/systemd-sysusers + ;; + tmpfiles) + /usr/bin/systemd-tmpfiles --create + ;; + + daemon-reload) + systemd_live + /usr/bin/systemctl daemon-reload + ;; + udev-reload) + udevd_live + /usr/bin/udevadm control --reload + if [ ! -e /etc/systemd/do-not-udevadm-trigger-on-update ]; then + /usr/bin/udevadm trigger -c change + /usr/bin/udevadm settle + fi + ;; + binfmt) + systemd_live + /usr/lib/systemd/systemd-binfmt + ;; + sysctl) + systemd_live + /usr/lib/systemd/systemd-sysctl + ;; - daemon-reload) systemd_live; /usr/bin/systemctl daemon-reload ;; - udev-reload) udevd_live; /usr/bin/udevadm control --reload ;; - binfmt) systemd_live; /usr/lib/systemd/systemd-binfmt ;; - sysctl) systemd_live; /usr/lib/systemd/systemd-sysctl ;; + # For use by other packages + reload) + systemd_live + /usr/bin/systemctl try-reload-or-restart "$@" + ;; - *) echo >&2 " Invalid operation '$1'"; exit 1 ;; + *) + echo >&2 " Invalid operation '$op'" + exit 1 + ;; esac exit 0 diff --git a/systemd.install b/systemd.install index fedc747ea6e8..536e54d1b8a8 100644 --- a/systemd.install +++ b/systemd.install @@ -15,41 +15,12 @@ post_common() { journalctl --update-catalog } -_216_2_changes() { - echo ':: Coredumps are handled by systemd by default. Collection behavior can be' - echo ' tuned in /etc/systemd/coredump.conf.' -} - -_219_2_changes() { - if mkdir -m2755 var/log/journal/remote 2>/dev/null; then - chgrp systemd-journal-remote var/log/journal/remote - fi -} - -_219_4_changes() { - if ! systemctl is-enabled -q remote-fs.target; then - systemctl enable -q remote-fs.target - fi -} - -_230_1_changes() { - echo ':: systemd-bootchart is no longer included with systemd' -} - -_232_8_changes() { - # paper over possible effects of CVE-2016-10156 - local stamps=(/var/lib/systemd/timers/*.timer) - - if [[ -f ${stamps[0]} ]]; then - chmod 0644 "${stamps[@]}" - fi -} - -_233_75_3_changes() { - # upstream installs services to /etc, which we remove - # to keep bus activation we re-enable systemd-resolved - if systemctl is-enabled -q systemd-resolved.service; then - systemctl reenable systemd-resolved.service 2>/dev/null +_242_0_2_changes() { + if [[ -L var/lib/systemd/timesync ]]; then + rm var/lib/systemd/timesync + if [[ -d var/lib/private/systemd/timesync ]]; then + mv var/lib/{private/,}systemd/timesync + fi fi } @@ -61,10 +32,9 @@ post_install() { add_journal_acls # enable some services by default, but don't track them - systemctl enable getty@tty1.service remote-fs.target - - echo ":: Append 'init=/usr/lib/systemd/systemd' to your kernel command line in your" - echo " bootloader to replace sysvinit with systemd, or install systemd-sysvcompat" + systemctl enable \ + getty@tty1.service \ + remote-fs.target # group 'systemd-journal-remote' is created by systemd-sysusers mkdir -m2755 var/log/journal/remote @@ -74,19 +44,12 @@ post_install() { post_upgrade() { post_common "$@" - # don't reexec if the old version is 231-1 or 231-2. - # https://github.com/systemd/systemd/commit/bd64d82c1c - if [[ $1 != 231-[12] ]] && sd_booted; then + if sd_booted; then systemctl --system daemon-reexec fi local v upgrades=( - 216-2 - 219-2 - 219-4 - 230-1 - 232-8 - 233.75-3 + 242.0-2 ) for v in "${upgrades[@]}"; do |