diff options
-rw-r--r-- | .SRCINFO | 146 | ||||
-rw-r--r-- | 0001-Use-Arch-Linux-device-access-groups.patch | 164 | ||||
-rw-r--r-- | 20-systemd-sysusers.hook | 2 | ||||
-rw-r--r-- | 30-systemd-binfmt.hook | 2 | ||||
-rw-r--r-- | 30-systemd-catalog.hook | 2 | ||||
-rw-r--r-- | 30-systemd-daemon-reload-system.hook (renamed from 30-systemd-daemon-reload.hook) | 4 | ||||
-rw-r--r-- | 30-systemd-daemon-reload-user.hook | 11 | ||||
-rw-r--r-- | 30-systemd-hwdb.hook | 2 | ||||
-rw-r--r-- | 30-systemd-sysctl.hook | 2 | ||||
-rw-r--r-- | 30-systemd-tmpfiles.hook | 2 | ||||
-rw-r--r-- | 30-systemd-udev-reload.hook | 2 | ||||
-rw-r--r-- | 30-systemd-update.hook | 2 | ||||
-rw-r--r-- | PKGBUILD | 290 | ||||
-rw-r--r-- | initcpio-hook-udev | 22 | ||||
-rw-r--r-- | initcpio-install-systemd | 202 | ||||
-rw-r--r-- | initcpio-install-udev | 29 | ||||
-rw-r--r-- | keys/pgp/5C251B5FC54EB2F80F407AAAC54CA336CFEB557E.asc | 51 | ||||
-rw-r--r-- | keys/pgp/63CDA1E5D3FC22B998D20DD6327F26951A015CC4.asc | 72 | ||||
-rw-r--r-- | keys/pgp/9A774DB5DB996C154EBBFBFDA0099A18E29326E1.asc | 52 | ||||
-rw-r--r-- | keys/pgp/A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E.asc | 241 | ||||
-rw-r--r-- | systemd-hook | 70 | ||||
-rw-r--r-- | systemd.install | 67 |
22 files changed, 899 insertions, 538 deletions
@@ -1,9 +1,11 @@ pkgbase = systemd-selinux - pkgver = 243.78 - pkgrel = 1 + pkgver = 255.4 + pkgrel = 2 url = https://www.github.com/systemd/systemd arch = x86_64 + arch = aarch64 groups = selinux + license = LGPL-2.1-or-later makedepends = acl makedepends = cryptsetup makedepends = docbook-xsl @@ -19,13 +21,14 @@ pkgbase = systemd-selinux makedepends = libidn2 makedepends = libgcrypt makedepends = libmicrohttpd + makedepends = libxcrypt makedepends = libxslt makedepends = util-linux makedepends = linux-api-headers + makedepends = python-jinja makedepends = python-lxml makedepends = quota-tools makedepends = shadow-selinux - makedepends = gnu-efi-libs makedepends = git makedepends = meson makedepends = libseccomp @@ -34,86 +37,123 @@ pkgbase = systemd-selinux makedepends = kexec-tools makedepends = libxkbcommon makedepends = bash-completion + makedepends = p11-kit + makedepends = systemd + makedepends = libfido2 + makedepends = tpm2-tss + makedepends = rsync + makedepends = bpf + makedepends = libbpf + makedepends = clang + makedepends = llvm + makedepends = curl + makedepends = gnutls + makedepends = python-pyelftools + makedepends = libpwquality + makedepends = qrencode + makedepends = lib32-gcc-libs + makedepends = python-pefile makedepends = libselinux - options = strip - source = git+https://github.com/systemd/systemd-stable#tag=v243?signed - source = git+https://github.com/systemd/systemd#tag=v243?signed + conflicts = mkinitcpio<38-1 + source = git+https://github.com/systemd/systemd-stable#tag=4003dd6754e3446691402d3cc389fbfd4faccc90?signed + source = git+https://github.com/systemd/systemd#tag=v255?signed source = 0001-Use-Arch-Linux-device-access-groups.patch - source = initcpio-hook-udev - source = initcpio-install-systemd - source = initcpio-install-udev source = arch.conf source = loader.conf - source = splash-arch.bmp::https://projects.archlinux.org/svntogit/packages.git/plain/trunk/splash-arch.bmp?h=packages/systemd&id=e43ddb71a5b1ab56e898347a63e54c5d5d07728a + source = splash-arch.bmp::https://raw.githubusercontent.com/archlinux/svntogit-packages/391c1f5d4a18d08be809caa08c769ef9cded28db/trunk/splash-arch.bmp source = systemd-user.pam source = systemd-hook source = 20-systemd-sysusers.hook source = 30-systemd-binfmt.hook source = 30-systemd-catalog.hook - source = 30-systemd-daemon-reload.hook + source = 30-systemd-daemon-reload-system.hook + source = 30-systemd-daemon-reload-user.hook source = 30-systemd-hwdb.hook source = 30-systemd-sysctl.hook source = 30-systemd-tmpfiles.hook source = 30-systemd-udev-reload.hook source = 30-systemd-update.hook validpgpkeys = 63CDA1E5D3FC22B998D20DD6327F26951A015CC4 + validpgpkeys = A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E + validpgpkeys = 9A774DB5DB996C154EBBFBFDA0099A18E29326E1 validpgpkeys = 5C251B5FC54EB2F80F407AAAC54CA336CFEB557E sha512sums = SKIP sha512sums = SKIP - sha512sums = 9348683829190628e25b7b3300fd880c426d555bde330d5fc5150a9a54b3ad9d4d1f2e69ea1dc6d6f086693dacc53c5af30f1fa7ad9b479791fd77bcdafa430e - sha512sums = f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73 - sha512sums = 01de24951a05d38eca6b615a7645beb3677ca0e0f87638d133649f6dc14dcd2ea82594a60b793c31b14493a286d1d11a0d25617f54dbfa02be237652c8faa691 - sha512sums = a25b28af2e8c516c3a2eec4e64b8c7f70c21f974af4a955a4a9d45fd3e3ff0d2a98b4419fe425d47152d5acae77d64e69d8d014a7209524b75a81b0edb10bf3a + sha512sums = 3ccf783c28f7a1c857120abac4002ca91ae1f92205dcd5a84aff515d57e706a3f9240d75a0a67cff5085716885e06e62597baa86897f298662ec36a940cf410e sha512sums = 61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648 sha512sums = c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5 sha512sums = 5a1d78b5170da5abe3d18fdf9f2c3a4d78f15ba7d1ee9ec2708c4c9c2e28973469bc19386f70b3cf32ffafbe4fcc4303e5ebbd6d5187a1df3314ae0965b25e75 sha512sums = b90c99d768dc2a4f020ba854edf45ccf1b86a09d2f66e475de21fe589ff7e32c33ef4aa0876d7f1864491488fd7edb2682fc0d68e83a6d4890a0778dc2d6fe19 - sha512sums = 869dab2b1837c964add4019bb402e24e52dbb7f009850ca69fcc5deddd923eeb98eb8ee38601f6e31531f30322472fe7df09af84df27f0467708406c55885323 - sha512sums = 08a590d08043a21f30f04252164b94df972b1ff1022a0469d6aef713e14484a3a037cce290a2a582851e6fac3e64add69d6cc8fc130bbeeaea08626ebf3e1763 - sha512sums = 5a6b6beef8c31c79018884d948de840f4d3dfb07d9a87081ebf65e2b8fe595bc8c96dbd7742920ccf948c233213ed0026abc913650cefd77ad90c6f8c89bddb8 - sha512sums = 4cff2ebd962e26e2f516d8b4ac45c839dbfa54dd0588b423c224a328b9f7c62306ca7b2f6cb55240c564caf9972d5bcd2e0efaf2de49d64729aeb3bc1560c9eb - sha512sums = 872de70325e9798f0b5a77e991c85bd2ab6de24d9b9ba4e35002d2dd5df15f8b30739a0042a624776177ffc14a838cde7ee98622016ed41df3efda9a659730b2 - sha512sums = 471342b8d0e05533908cda5d6a906050a51e3181beda1239e91d717029ee40a9eaed714996a445417d87c4e31b7f8522a665de176077fe0536d538369594996d - sha512sums = da783e3bfc6469b92dee4064a13e2b427520d3d96b57c95a4e07aaca3e844d95210a8b16122b022080f5452d65096f274dd1c1467725bbdb2e40ef304b78774a - sha512sums = 577e33a1c50b4b41157a67f64162b035dd0c4a541e19cee55a100048bdb50cb2c82852741b1372989a0fe4c4782ba477522747fcc81d72aed99b3db512a86447 - sha512sums = e4a9d7607fe93daf1d45270971c8d8455c4bfc2c0bea8bcad05aeb89847edee23cd1a41073a72042622acf417018fe254f5bfc137604fe2c71292680bf67a1c2 - sha512sums = 209b01b044877cc986757fa4009a92ea98f480306c2530075d153203c3cd2b3afccab6aacc1453dee8857991e04270572f1700310705d7a0f4d5bed27fab8c67 + sha512sums = 3cb8f88c1bffc753d0c540be5d25a0fdb9224478cca64743b5663340f2f26b197775286e6e680228db54c614dcd11da1135e625674a622127681662bec4fa886 + sha512sums = 299dcc7094ce53474521356647bdd2fb069731c08d14a872a425412fcd72da840727a23664b12d95465bf313e8e8297da31259508d1c62cc2dcea596160e21c5 + sha512sums = 0d6bc3d928cfafe4e4e0bc04dbb95c5d2b078573e4f9e0576e7f53a8fab08a7077202f575d74a3960248c4904b5f7f0661bf17dbe163c524ab51dd30e3cb80f7 + sha512sums = 2b50b25e8680878f7974fa9d519df7e141ca11c4bfe84a92a5d01bb193f034b1726ea05b3c0030bad1fbda8dbb78bf1dc7b73859053581b55ba813c39b27d9dc + sha512sums = a436d3f5126c6c0d6b58c6865e7bd38dbfbfb7babe017eeecb5e9d162c21902cbf4e0a68cf3ac2f99815106f9fa003b075bd2b4eb5d16333fa913df6e2f3e32a + sha512sums = 190112e38d5a5c0ca91b89cd58f95595262a551530a16546e1d84700fc9644aa2ca677953ffff655261e8a7bff6e6af4e431424df5f13c00bc90b77c421bc32d + sha512sums = a1661ab946c6cd7d3c6251a2a9fd68afe231db58ce33c92c42594aedb5629be8f299ba08a34713327b373a3badd1554a150343d8d3e5dfb102999c281bd49154 + sha512sums = 9426829605bbb9e65002437e02ed54e35c20fdf94706770a3dc1049da634147906d6b98bf7f5e7516c84068396a12c6feaf72f92b51bdf19715e0f64620319de + sha512sums = da7a97d5d3701c70dd5388b0440da39006ee4991ce174777931fea2aa8c90846a622b2b911f02ae4d5fffb92680d9a7e211c308f0f99c04896278e2ee0d9a4dc + sha512sums = a50d202a9c2e91a4450b45c227b295e1840cc99a5e545715d69c8af789ea3dd95a03a30f050d52855cabdc9183d4688c1b534eaa755ebe93616f9d192a855ee3 + sha512sums = 825b9dd0167c072ba62cabe0677e7cd20f2b4b850328022540f122689d8b25315005fa98ce867cf6e7460b2b26df16b88bb3b5c9ebf721746dce4e2271af7b97 pkgname = systemd-selinux pkgdesc = system and service manager with SELinux support install = systemd.install - license = GPL2 - license = LGPL2.1 + license = LGPL-2.1-or-later + license = CC0-1.0 + license = GPL-2.0-or-later + license = MIT-0 depends = acl + depends = libacl.so depends = bash depends = cryptsetup + depends = libcryptsetup.so depends = dbus - depends = iptables + depends = dbus-units depends = kbd depends = kmod - depends = hwids + depends = libkmod.so + depends = hwdata depends = libcap + depends = libcap.so depends = libgcrypt + depends = libxcrypt + depends = libcrypt.so depends = systemd-libs-selinux depends = libidn2 - depends = libidn2.so depends = lz4 depends = pam-selinux depends = libelf depends = libseccomp + depends = libseccomp.so depends = util-linux-selinux + depends = libblkid.so + depends = libmount.so depends = xz depends = pcre2 depends = audit - optdepends = libmicrohttpd: remote journald capabilities + depends = libaudit.so + depends = openssl + depends = libcrypto.so + depends = libssl.so + optdepends = libmicrohttpd: systemd-journal-gatewayd and systemd-journal-remote optdepends = quota-tools: kernel-level quota management - optdepends = systemd-sysvcompat: symlink package to provide sysvinit binaries + optdepends = systemd-sysvcompat-selinux: symlink package to provide sysvinit binaries + optdepends = systemd-ukify-selinux: combine kernel and initrd into a signed Unified Kernel Image optdepends = polkit: allow administration as unprivileged user - optdepends = curl: machinectl pull-tar and pull-raw + optdepends = curl: systemd-journal-upload, machinectl pull-tar and pull-raw + optdepends = gnutls: systemd-journal-gatewayd and systemd-journal-remote + optdepends = qrencode: show QR codes + optdepends = iptables: firewall features + optdepends = libbpf: support BPF programs + optdepends = libpwquality: check password quality + optdepends = libfido2: unlocking LUKS2 volumes with FIDO2 token + optdepends = libp11-kit: support PKCS#11 + optdepends = tpm2-tss: unlocking LUKS2 volumes with TPM2 provides = nss-myhostname - provides = systemd-tools=243.78 - provides = udev=243.78 - provides = systemd=243.78-1 + provides = systemd-tools=255.4 + provides = udev=255.4 + provides = systemd=255.4-2 conflicts = nss-myhostname conflicts = systemd-tools conflicts = udev @@ -121,32 +161,40 @@ pkgname = systemd-selinux conflicts = selinux-systemd backup = etc/pam.d/systemd-user backup = etc/systemd/coredump.conf + backup = etc/systemd/homed.conf backup = etc/systemd/journald.conf backup = etc/systemd/journal-remote.conf backup = etc/systemd/journal-upload.conf backup = etc/systemd/logind.conf backup = etc/systemd/networkd.conf + backup = etc/systemd/oomd.conf + backup = etc/systemd/pstore.conf backup = etc/systemd/resolved.conf backup = etc/systemd/sleep.conf backup = etc/systemd/system.conf backup = etc/systemd/timesyncd.conf backup = etc/systemd/user.conf + backup = etc/udev/iocost.conf backup = etc/udev/udev.conf pkgname = systemd-libs-selinux pkgdesc = systemd client libraries with SELinux support - license = LGPL2.1 + license = LGPL-2.1-or-later + license = CC0-1.0 + license = GPL-2.0-or-later WITH Linux-syscall-note depends = glibc + depends = gcc-libs depends = libcap depends = libgcrypt depends = lz4 depends = xz + depends = zstd depends = libselinux provides = libsystemd provides = libsystemd.so provides = libudev.so provides = libsystemd-selinux - provides = systemd-libs=243.78-1 + provides = systemd-libs=255.4-2 conflicts = libsystemd conflicts = libsystemd-selinux conflicts = systemd-libs @@ -154,21 +202,29 @@ pkgname = systemd-libs-selinux pkgname = systemd-resolvconf-selinux pkgdesc = systemd resolvconf replacement with SELinux support (for use with systemd-resolved) - license = LGPL2.1 depends = systemd-selinux provides = openresolv provides = resolvconf - provides = systemd-resolvconf=243.78-1 - conflicts = openresolv - conflicts = systemd-resolvconf=243.78-1 + provides = systemd-resolvconf=255.4-2 + conflicts = resolvconf + conflicts = systemd-resolvconf=255.4-2 pkgname = systemd-sysvcompat-selinux pkgdesc = sysvinit compat for systemd with SELinux support - license = GPL2 depends = systemd-selinux - provides = systemd-sysvcompat=243.78-1 - provides = selinux-systemd-sysvcompat=243.78-1 + provides = systemd-sysvcompat=255.4-2 + provides = selinux-systemd-sysvcompat=255.4-2 conflicts = sysvinit conflicts = systemd-sysvcompat conflicts = selinux-systemd-sysvcompat +pkgname = systemd-ukify-selinux + pkgdesc = Combine kernel and initrd into a signed Unified Kernel Image + depends = binutils + depends = python-cryptography + depends = python-pefile + depends = systemd + optdepends = python-pillow: Show the size of splash image + optdepends = sbsigntools: Sign the embedded kernel + provides = ukify + provides = systemd-ukify=255.4-2 diff --git a/0001-Use-Arch-Linux-device-access-groups.patch b/0001-Use-Arch-Linux-device-access-groups.patch index c511144dee45..d88486575209 100644 --- a/0001-Use-Arch-Linux-device-access-groups.patch +++ b/0001-Use-Arch-Linux-device-access-groups.patch @@ -1,5 +1,4 @@ -From 34e4b4953cb99642e9144d97823edf32b06ffe93 Mon Sep 17 00:00:00 2001 -Message-Id: <34e4b4953cb99642e9144d97823edf32b06ffe93.1520376078.git.jan.steffens@gmail.com> +From 0e8c18bc2639da328274d02d9222ee2c1f6bf696 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Tue, 6 Mar 2018 23:39:47 +0100 Subject: [PATCH] Use Arch Linux' device access groups @@ -11,15 +10,84 @@ Content-Transfer-Encoding: 8bit dialout → uucp tape → storage --- - rules/50-udev-default.rules.in | 14 +++++++------- - sysusers.d/basic.conf.in | 6 +++--- - 2 files changed, 10 insertions(+), 10 deletions(-) + meson.build | 6 +++--- + meson_options.txt | 12 ++++++------ + rules.d/50-udev-default.rules.in | 14 +++++++------- + sysusers.d/basic.conf.in | 6 +++--- + 4 files changed, 19 insertions(+), 19 deletions(-) -diff --git a/rules/50-udev-default.rules.in b/rules/50-udev-default.rules.in -index 191f56f42..f81c4d0fc 100644 ---- a/rules/50-udev-default.rules.in -+++ b/rules/50-udev-default.rules.in -@@ -22,7 +22,7 @@ SUBSYSTEM=="tty", KERNEL=="sclp_line[0-9]*", GROUP="tty", MODE="0620" +diff --git a/meson.build b/meson.build +index 76ad51d3fb..5cf679b088 100644 +--- a/meson.build ++++ b/meson.build +@@ -915,19 +915,19 @@ conf.set_quoted('NOBODY_GROUP_NAME', nobody_group) + static_ugids = [] + foreach option : ['adm-gid', + 'audio-gid', +- 'cdrom-gid', +- 'dialout-gid', + 'disk-gid', + 'input-gid', + 'kmem-gid', + 'kvm-gid', + 'lp-gid', ++ 'optical-gid', + 'render-gid', + 'sgx-gid', +- 'tape-gid', ++ 'storage-gid', + 'tty-gid', + 'users-gid', + 'utmp-gid', ++ 'uucp-gid', + 'video-gid', + 'wheel-gid', + 'systemd-journal-gid', +diff --git a/meson_options.txt b/meson_options.txt +index 814f340840..253a77ecb3 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -257,10 +257,6 @@ option('adm-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "adm" group') + option('audio-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "audio" group') +-option('cdrom-gid', type : 'integer', value : 0, +- description : 'soft-static allocation for the "cdrom" group') +-option('dialout-gid', type : 'integer', value : 0, +- description : 'soft-static allocation for the "dialout" group') + option('disk-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "disk" group') + option('input-gid', type : 'integer', value : 0, +@@ -271,18 +267,22 @@ option('kvm-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "kvm" group') + option('lp-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "lp" group') ++option('optical-gid', type : 'integer', value : '0', ++ description : 'soft-static allocation for the "optical" group') + option('render-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "render" group') + option('sgx-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "sgx" group') +-option('tape-gid', type : 'integer', value : 0, +- description : 'soft-static allocation for the "tape" group') ++option('storage-gid', type : 'integer', value : '0', ++ description : 'soft-static allocation for the "storage" group') + option('tty-gid', type : 'integer', value : 5, + description : 'the numeric GID of the "tty" group') + option('users-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "users" group') + option('utmp-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "utmp" group') ++option('uucp-gid', type : 'integer', value : '0', ++ description : 'soft-static allocation for the "uucp" group') + option('video-gid', type : 'integer', value : 0, + description : 'soft-static allocation for the "video" group') + option('wheel-gid', type : 'integer', value : 0, +diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in +index 843bdaf9ce..a192f091df 100644 +--- a/rules.d/50-udev-default.rules.in ++++ b/rules.d/50-udev-default.rules.in +@@ -26,7 +26,7 @@ SUBSYSTEM=="tty", KERNEL=="sclp_line[0-9]*", GROUP="tty", MODE="0620" SUBSYSTEM=="tty", KERNEL=="ttysclp[0-9]*", GROUP="tty", MODE="0620" SUBSYSTEM=="tty", KERNEL=="3270/tty[0-9]*", GROUP="tty", MODE="0620" SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty" @@ -28,7 +96,7 @@ index 191f56f42..f81c4d0fc 100644 SUBSYSTEM=="mem", KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640" -@@ -57,13 +57,13 @@ KERNEL=="irlpt[0-9]*", GROUP="lp" +@@ -72,13 +72,13 @@ KERNEL=="irlpt[0-9]*", GROUP="lp" SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0701??:*", GROUP="lp" SUBSYSTEM=="block", GROUP="disk" @@ -49,27 +117,65 @@ index 191f56f42..f81c4d0fc 100644 KERNEL=="qft[0-9]*|nqft[0-9]*|zqft[0-9]*|nzqft[0-9]*|rawqft[0-9]*|nrawqft[0-9]*", GROUP="disk" KERNEL=="loop-control", GROUP="disk", OPTIONS+="static_node=loop-control" diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in -index 8e358c02d..33e513a36 100644 +index a602b872e4..8d38febb6a 100644 --- a/sysusers.d/basic.conf.in +++ b/sysusers.d/basic.conf.in -@@ -24,14 +24,14 @@ g utmp - - - +@@ -23,17 +23,17 @@ g utmp {{UTMP_GID }} - - - # Hardware access groups - g audio - - - --g cdrom - - - --g dialout - - - - g disk - - - - g input - - - - g kvm - - - - g lp - - - -+g optical - - - - g render - - - --g tape - - - -+g storage - - - -+g uucp - - - - g video - - - + # Physical and virtual hardware access groups + g audio {{AUDIO_GID }} - - +-g cdrom {{CDROM_GID }} - - +-g dialout {{DIALOUT_GID}} - - + g disk {{DISK_GID }} - - + g input {{INPUT_GID }} - - + g kmem {{KMEM_GID }} - - + g kvm {{KVM_GID }} - - + g lp {{LP_GID }} - - ++g optical {{OPTICAL_GID}} - - + g render {{RENDER_GID }} - - + g sgx {{SGX_GID }} - - +-g tape {{TAPE_GID }} - - ++g storage {{STORAGE_GID}} - - + g tty {{TTY_GID }} - - ++g uucp {{UUCP_GID }} - - + g video {{VIDEO_GID }} - - # Default group for normal users --- -2.16.2 +From 9e2987a7b4d09d7b554141e9ef2c911cb3fda570 Mon Sep 17 00:00:00 2001 +From: Christian Hesse <mail@eworm.de> +Date: Mon, 27 Dec 2021 23:32:42 +0100 +Subject: [PATCH] generate tmpfiles.d/legacy.conf + +--- + tmpfiles.d/legacy.conf.in | 3 --- + tmpfiles.d/meson.build | 2 +- + 2 files changed, 1 insertion(+), 4 deletions(-) + +diff --git a/tmpfiles.d/legacy.conf.in b/tmpfiles.d/legacy.conf.in +index 4f2c0d7c43..62e2ae0986 100644 +--- a/tmpfiles.d/legacy.conf.in ++++ b/tmpfiles.d/legacy.conf.in +@@ -12,9 +12,6 @@ + + d /run/lock 0755 root root - + L /var/lock - - - - ../run/lock +-{% if CREATE_LOG_DIRS %} +-L /var/log/README - - - - ../..{{DOC_DIR}}/README.logs +-{% endif %} + + # /run/lock/subsys is used for serializing SysV service execution, and + # hence without use on SysV-less systems. +diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build +index ca1abbf3fe..25e2b53402 100644 +--- a/tmpfiles.d/meson.build ++++ b/tmpfiles.d/meson.build +@@ -29,7 +29,7 @@ foreach pair : files + endforeach + + in_files = [['etc.conf', ''], +- ['legacy.conf', 'HAVE_SYSV_COMPAT'], ++ ['legacy.conf', ''], + ['static-nodes-permissions.conf', ''], + ['systemd.conf', ''], + ['var.conf', ''], diff --git a/20-systemd-sysusers.hook b/20-systemd-sysusers.hook index 9873dd402013..edc71957b78c 100644 --- a/20-systemd-sysusers.hook +++ b/20-systemd-sysusers.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Target = usr/lib/sysusers.d/*.conf diff --git a/30-systemd-binfmt.hook b/30-systemd-binfmt.hook index 9c31a4b162cc..19f3bcc154a5 100644 --- a/30-systemd-binfmt.hook +++ b/30-systemd-binfmt.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Target = usr/lib/binfmt.d/*.conf diff --git a/30-systemd-catalog.hook b/30-systemd-catalog.hook index d28bddc4bbcd..6e717b9a4651 100644 --- a/30-systemd-catalog.hook +++ b/30-systemd-catalog.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Operation = Remove diff --git a/30-systemd-daemon-reload.hook b/30-systemd-daemon-reload-system.hook index 87923e862669..a305d734d782 100644 --- a/30-systemd-daemon-reload.hook +++ b/30-systemd-daemon-reload-system.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Operation = Remove @@ -8,4 +8,4 @@ Target = usr/lib/systemd/system/* [Action] Description = Reloading system manager configuration... When = PostTransaction -Exec = /usr/share/libalpm/scripts/systemd-hook daemon-reload +Exec = /usr/share/libalpm/scripts/systemd-hook daemon-reload-system diff --git a/30-systemd-daemon-reload-user.hook b/30-systemd-daemon-reload-user.hook new file mode 100644 index 000000000000..3eddf8f30e94 --- /dev/null +++ b/30-systemd-daemon-reload-user.hook @@ -0,0 +1,11 @@ +[Trigger] +Type = Path +Operation = Install +Operation = Upgrade +Operation = Remove +Target = usr/lib/systemd/user/* + +[Action] +Description = Reloading user manager configuration... +When = PostTransaction +Exec = /usr/share/libalpm/scripts/systemd-hook daemon-reload-user diff --git a/30-systemd-hwdb.hook b/30-systemd-hwdb.hook index f0440b0a6457..1d85e29e84c0 100644 --- a/30-systemd-hwdb.hook +++ b/30-systemd-hwdb.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Operation = Remove diff --git a/30-systemd-sysctl.hook b/30-systemd-sysctl.hook index aec5ac1b0e84..e2354c0b1563 100644 --- a/30-systemd-sysctl.hook +++ b/30-systemd-sysctl.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Target = usr/lib/sysctl.d/*.conf diff --git a/30-systemd-tmpfiles.hook b/30-systemd-tmpfiles.hook index df60d82752ea..b07db6a84328 100644 --- a/30-systemd-tmpfiles.hook +++ b/30-systemd-tmpfiles.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Target = usr/lib/tmpfiles.d/*.conf diff --git a/30-systemd-udev-reload.hook b/30-systemd-udev-reload.hook index 04238bd58d3d..7676cca8cda4 100644 --- a/30-systemd-udev-reload.hook +++ b/30-systemd-udev-reload.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Operation = Remove diff --git a/30-systemd-update.hook b/30-systemd-update.hook index 7084a0c161c8..f95d9dcc3b9e 100644 --- a/30-systemd-update.hook +++ b/30-systemd-update.hook @@ -1,5 +1,5 @@ [Trigger] -Type = File +Type = Path Operation = Install Operation = Upgrade Operation = Remove @@ -1,6 +1,4 @@ # Maintainer: Christian Hesse <mail@eworm.de> -# Maintainer: Dave Reisner <dreisner@archlinux.org> -# Maintainer: Tom Gundersen <teg@jklm.no> # SELinux Maintainer: Nicolas Iooss (nicolas <dot> iooss <at> m4x <dot> org) # SELinux Contributor: Timothée Ravier <tim@siosm.fr> # SELinux Contributor: Nicky726 <Nicky726@gmail.com> @@ -9,48 +7,55 @@ # If you want to help keep it up to date, please open a Pull Request there. pkgbase=systemd-selinux -pkgname=('systemd-selinux' 'systemd-libs-selinux' 'systemd-resolvconf-selinux' 'systemd-sysvcompat-selinux') -# Can be from either systemd or systemd-stable -_commit='ef677436aa203c24816021dd698b57f219f0ff64' -pkgver=243.78 -pkgrel=1 -arch=('x86_64') +pkgname=('systemd-selinux' + 'systemd-libs-selinux' + 'systemd-resolvconf-selinux' + 'systemd-sysvcompat-selinux' + 'systemd-ukify-selinux') +_tag='4003dd6754e3446691402d3cc389fbfd4faccc90' # git rev-parse v${_tag_name} +_tag_name=255.4 +# Upstream versioning is incompatible with pacman's version comparisons so we +# replace tildes with the empty string to make sure pacman's version comparing +# does the right thing for rc versions: +# ➜ vercmp 255~rc1 255 +# 1 +# ➜ vercmp 255rc1 255 +# -1 +pkgver="${_tag_name/~/}" +pkgrel=2 +arch=('x86_64' 'aarch64') +license=('LGPL-2.1-or-later') url='https://www.github.com/systemd/systemd' groups=('selinux') makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gperf' 'lz4' 'xz' 'pam-selinux' 'libelf' 'intltool' 'iptables' 'kmod' 'libcap' 'libidn2' 'libgcrypt' - 'libmicrohttpd' 'libxslt' 'util-linux' 'linux-api-headers' - 'python-lxml' 'quota-tools' 'shadow-selinux' 'gnu-efi-libs' 'git' + 'libmicrohttpd' 'libxcrypt' 'libxslt' 'util-linux' 'linux-api-headers' + 'python-jinja' 'python-lxml' 'quota-tools' 'shadow-selinux' 'git' 'meson' 'libseccomp' 'pcre2' 'audit' 'kexec-tools' 'libxkbcommon' - 'bash-completion' 'libselinux') -options=('strip') + 'bash-completion' 'p11-kit' 'systemd' 'libfido2' 'tpm2-tss' 'rsync' + 'bpf' 'libbpf' 'clang' 'llvm' 'curl' 'gnutls' 'python-pyelftools' + 'libpwquality' 'qrencode' 'lib32-gcc-libs' 'python-pefile' 'libselinux') +conflicts=("mkinitcpio<38-1") validpgpkeys=('63CDA1E5D3FC22B998D20DD6327F26951A015CC4' # Lennart Poettering <lennart@poettering.net> + 'A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E' # Luca Boccassi <luca.boccassi@gmail.com> + '9A774DB5DB996C154EBBFBFDA0099A18E29326E1' # Yu Watanabe <watanabe.yu+github@gmail.com> '5C251B5FC54EB2F80F407AAAC54CA336CFEB557E') # Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> -# Retrieve the splash-arch.bmp image from systemd package sources, as this -# file is too big to fit in the AUR. -# -# systemd 238.0-2 removed the ".git" from the Github URLs -# (cf. https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/systemd&id=fa248b709cd106bf65b42f3e93e68decc811e163 ) -# When updating, if makepkg reports "systemd-stable is not a clone of https://github.com/systemd/systemd-stable", -# you need to update the remotes of the git repositories, for example with the following commands: -# git -C systemd-stable remote set-url origin https://github.com/systemd/systemd-stable -# git -C systemd remote set-url origin https://github.com/systemd/systemd -source=(# fragment is latest tag for source verification, final merge in prepare() - "git+https://github.com/systemd/systemd-stable#tag=v${pkgver%.*}?signed" - "git+https://github.com/systemd/systemd#tag=v${pkgver%.*}?signed" +source=("git+https://github.com/systemd/systemd-stable#tag=${_tag}?signed" + "git+https://github.com/systemd/systemd#tag=v${_tag_name%.*}?signed" '0001-Use-Arch-Linux-device-access-groups.patch' - 'initcpio-hook-udev' - 'initcpio-install-systemd' - 'initcpio-install-udev' + # bootloader files 'arch.conf' 'loader.conf' - 'splash-arch.bmp::https://projects.archlinux.org/svntogit/packages.git/plain/trunk/splash-arch.bmp?h=packages/systemd&id=e43ddb71a5b1ab56e898347a63e54c5d5d07728a' + 'splash-arch.bmp::https://raw.githubusercontent.com/archlinux/svntogit-packages/391c1f5d4a18d08be809caa08c769ef9cded28db/trunk/splash-arch.bmp' + # pam configuration 'systemd-user.pam' + # pacman / libalpm hooks 'systemd-hook' '20-systemd-sysusers.hook' '30-systemd-binfmt.hook' '30-systemd-catalog.hook' - '30-systemd-daemon-reload.hook' + '30-systemd-daemon-reload-system.hook' + '30-systemd-daemon-reload-user.hook' '30-systemd-hwdb.hook' '30-systemd-sysctl.hook' '30-systemd-tmpfiles.hook' @@ -58,24 +63,22 @@ source=(# fragment is latest tag for source verification, final merge in prepare '30-systemd-update.hook') sha512sums=('SKIP' 'SKIP' - '9348683829190628e25b7b3300fd880c426d555bde330d5fc5150a9a54b3ad9d4d1f2e69ea1dc6d6f086693dacc53c5af30f1fa7ad9b479791fd77bcdafa430e' - 'f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73' - '01de24951a05d38eca6b615a7645beb3677ca0e0f87638d133649f6dc14dcd2ea82594a60b793c31b14493a286d1d11a0d25617f54dbfa02be237652c8faa691' - 'a25b28af2e8c516c3a2eec4e64b8c7f70c21f974af4a955a4a9d45fd3e3ff0d2a98b4419fe425d47152d5acae77d64e69d8d014a7209524b75a81b0edb10bf3a' + '3ccf783c28f7a1c857120abac4002ca91ae1f92205dcd5a84aff515d57e706a3f9240d75a0a67cff5085716885e06e62597baa86897f298662ec36a940cf410e' '61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648' 'c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5' '5a1d78b5170da5abe3d18fdf9f2c3a4d78f15ba7d1ee9ec2708c4c9c2e28973469bc19386f70b3cf32ffafbe4fcc4303e5ebbd6d5187a1df3314ae0965b25e75' 'b90c99d768dc2a4f020ba854edf45ccf1b86a09d2f66e475de21fe589ff7e32c33ef4aa0876d7f1864491488fd7edb2682fc0d68e83a6d4890a0778dc2d6fe19' - '869dab2b1837c964add4019bb402e24e52dbb7f009850ca69fcc5deddd923eeb98eb8ee38601f6e31531f30322472fe7df09af84df27f0467708406c55885323' - '08a590d08043a21f30f04252164b94df972b1ff1022a0469d6aef713e14484a3a037cce290a2a582851e6fac3e64add69d6cc8fc130bbeeaea08626ebf3e1763' - '5a6b6beef8c31c79018884d948de840f4d3dfb07d9a87081ebf65e2b8fe595bc8c96dbd7742920ccf948c233213ed0026abc913650cefd77ad90c6f8c89bddb8' - '4cff2ebd962e26e2f516d8b4ac45c839dbfa54dd0588b423c224a328b9f7c62306ca7b2f6cb55240c564caf9972d5bcd2e0efaf2de49d64729aeb3bc1560c9eb' - '872de70325e9798f0b5a77e991c85bd2ab6de24d9b9ba4e35002d2dd5df15f8b30739a0042a624776177ffc14a838cde7ee98622016ed41df3efda9a659730b2' - '471342b8d0e05533908cda5d6a906050a51e3181beda1239e91d717029ee40a9eaed714996a445417d87c4e31b7f8522a665de176077fe0536d538369594996d' - 'da783e3bfc6469b92dee4064a13e2b427520d3d96b57c95a4e07aaca3e844d95210a8b16122b022080f5452d65096f274dd1c1467725bbdb2e40ef304b78774a' - '577e33a1c50b4b41157a67f64162b035dd0c4a541e19cee55a100048bdb50cb2c82852741b1372989a0fe4c4782ba477522747fcc81d72aed99b3db512a86447' - 'e4a9d7607fe93daf1d45270971c8d8455c4bfc2c0bea8bcad05aeb89847edee23cd1a41073a72042622acf417018fe254f5bfc137604fe2c71292680bf67a1c2' - '209b01b044877cc986757fa4009a92ea98f480306c2530075d153203c3cd2b3afccab6aacc1453dee8857991e04270572f1700310705d7a0f4d5bed27fab8c67') + '3cb8f88c1bffc753d0c540be5d25a0fdb9224478cca64743b5663340f2f26b197775286e6e680228db54c614dcd11da1135e625674a622127681662bec4fa886' + '299dcc7094ce53474521356647bdd2fb069731c08d14a872a425412fcd72da840727a23664b12d95465bf313e8e8297da31259508d1c62cc2dcea596160e21c5' + '0d6bc3d928cfafe4e4e0bc04dbb95c5d2b078573e4f9e0576e7f53a8fab08a7077202f575d74a3960248c4904b5f7f0661bf17dbe163c524ab51dd30e3cb80f7' + '2b50b25e8680878f7974fa9d519df7e141ca11c4bfe84a92a5d01bb193f034b1726ea05b3c0030bad1fbda8dbb78bf1dc7b73859053581b55ba813c39b27d9dc' + 'a436d3f5126c6c0d6b58c6865e7bd38dbfbfb7babe017eeecb5e9d162c21902cbf4e0a68cf3ac2f99815106f9fa003b075bd2b4eb5d16333fa913df6e2f3e32a' + '190112e38d5a5c0ca91b89cd58f95595262a551530a16546e1d84700fc9644aa2ca677953ffff655261e8a7bff6e6af4e431424df5f13c00bc90b77c421bc32d' + 'a1661ab946c6cd7d3c6251a2a9fd68afe231db58ce33c92c42594aedb5629be8f299ba08a34713327b373a3badd1554a150343d8d3e5dfb102999c281bd49154' + '9426829605bbb9e65002437e02ed54e35c20fdf94706770a3dc1049da634147906d6b98bf7f5e7516c84068396a12c6feaf72f92b51bdf19715e0f64620319de' + 'da7a97d5d3701c70dd5388b0440da39006ee4991ce174777931fea2aa8c90846a622b2b911f02ae4d5fffb92680d9a7e211c308f0f99c04896278e2ee0d9a4dc' + 'a50d202a9c2e91a4450b45c227b295e1840cc99a5e545715d69c8af789ea3dd95a03a30f050d52855cabdc9183d4688c1b534eaa755ebe93616f9d192a855ee3' + '825b9dd0167c072ba62cabe0677e7cd20f2b4b850328022540f122689d8b25315005fa98ce867cf6e7460b2b26df16b88bb3b5c9ebf721746dce4e2271af7b97') _backports=( ) @@ -88,138 +91,166 @@ prepare() { # add upstream repository for cherry-picking git remote add -f upstream ../systemd - # merge the latest stable commit (fast-foward only to make sure - # the verified tag is in) - git merge --ff-only "${_commit}" - local _c + local _c _l for _c in "${_backports[@]}"; do - git log --oneline -1 "${_c}" - git cherry-pick -n "${_c}" + if [[ "${_c}" == *..* ]]; then _l='--reverse'; else _l='--max-count=1'; fi + git log --oneline "${_l}" "${_c}" + git cherry-pick --mainline 1 --no-commit "${_c}" done for _c in "${_reverts[@]}"; do - git log --oneline -1 "${_c}" - git revert -n "${_c}" + if [[ "${_c}" == *..* ]]; then _l='--reverse'; else _l='--max-count=1'; fi + git log --oneline "${_l}" "${_c}" + git revert --mainline 1 --no-commit "${_c}" done # Replace cdrom/dialout/tape groups with optical/uucp/storage patch -Np1 -i ../0001-Use-Arch-Linux-device-access-groups.patch } -pkgver() { - cd "${pkgbase/-selinux}-stable" - - local _version _count - _version="$(git describe --abbrev=0 --tags)" - _count="$(git rev-list --count ${_version}..)" - printf '%s.%s' "${_version#v}" "${_count}" -} - build() { local _timeservers=({0..3}.arch.pool.ntp.org) local _nameservers=( - # We use these public name services, ordered by their - # privacy policy (hopefully): + # We use these public name services, ordered by their privacy policy (hopefully): # * Cloudflare (https://1.1.1.1/) - # * Quad9 without filtering (https://www.quad9.net/) + # * Quad9 (https://www.quad9.net/) # * Google (https://developers.google.com/speed/public-dns/) - 1.1.1.1 - 9.9.9.10 - 8.8.8.8 - 2606:4700:4700::1111 - 2620:fe::10 - 2001:4860:4860::8888 + '1.1.1.1#cloudflare-dns.com' + '9.9.9.9#dns.quad9.net' + '8.8.8.8#dns.google' + '2606:4700:4700::1111#cloudflare-dns.com' + '2620:fe::9#dns.quad9.net' + '2001:4860:4860::8888#dns.google' ) local _meson_options=( - -Dversion-tag="${pkgver}-${pkgrel}-arch" - - -Daudit=true - -Dgnu-efi=true + -Dversion-tag="${_tag_name}-${pkgrel}-arch" + # We use the version without tildes as the shared library tag because + # pacman looks at the shared library version. + -Dshared-lib-tag="${pkgver}-${pkgrel}" + -Dmode=release + + -Dapparmor=false + -Dbootloader=true + -Dxenctrl=false + -Dbpf-framework=true -Dima=false -Dlibidn2=true -Dlz4=true -Dman=true + -Dnscd=false -Dselinux=true + # We disable DNSSEC by default, it still causes trouble: + # https://github.com/systemd/systemd/issues/10579 + -Ddbuspolicydir=/usr/share/dbus-1/system.d - -Ddefault-hierarchy=hybrid - -Ddefault-locale=C + -Ddefault-dnssec=no + -Ddefault-hierarchy=unified -Ddefault-kill-user-processes=false + -Ddefault-locale='C.UTF-8' + -Dlocalegen-path=/usr/bin/locale-gen + -Ddns-over-tls=openssl -Dfallback-hostname='archlinux' + -Dnologin-path=/usr/bin/nologin -Dntp-servers="${_timeservers[*]}" -Ddns-servers="${_nameservers[*]}" -Drpmmacrosdir=no -Dsysvinit-path= -Dsysvrcnd-path= - ) - # meson needs a UTF-8 locale. Otherwise it displays the following error message: - # WARNING: You are using 'ANSI_X3.4-1968' which is not a a Unicode-compatible locale. - # WARNING: You might see errors if you use UTF-8 strings as filenames, as strings, or as file contents. - # WARNING: Please switch to a UTF-8 locale for your platform. - # c.f. https://github.com/mesonbuild/meson/blob/0.42.0/meson.py#L21 - if ! (echo "$LANG" | grep -i '\.utf-\?8' > /dev/null) ; then - export LANG="$(locale -a | grep -i '\.utf-\?8' | head -n1)" - if [ -z "$LANG" ] ; then - echo >&2 "Unable to find a UTF-8 locale on the system" - return 1 - fi - fi + -Dsbat-distro='arch' + -Dsbat-distro-summary='Arch Linux' + -Dsbat-distro-pkgname="${pkgname}" + -Dsbat-distro-version="${pkgver}" + -Dsbat-distro-url="https://aur.archlinux.org/packages/${pkgname}/" + ) arch-meson "${pkgbase/-selinux}-stable" build "${_meson_options[@]}" - ninja -C build + meson compile -C build } check() { - meson test -C build + meson test -C build --print-errorlogs } package_systemd-selinux() { pkgdesc='system and service manager with SELinux support' - license=('GPL2' 'LGPL2.1') - depends=('acl' 'bash' 'cryptsetup' 'dbus' 'iptables' 'kbd' 'kmod' 'hwids' 'libcap' - 'libgcrypt' 'systemd-libs-selinux' 'libidn2' 'libidn2.so' 'lz4' 'pam-selinux' 'libelf' - 'libseccomp' 'util-linux-selinux' 'xz' 'pcre2' 'audit') + license+=( + 'CC0-1.0' # siphash + 'GPL-2.0-or-later' # udev + 'MIT-0' # documentation and config files + ) + depends=('acl' 'libacl.so' 'bash' 'cryptsetup' 'libcryptsetup.so' 'dbus' + 'dbus-units' 'kbd' 'kmod' 'libkmod.so' 'hwdata' 'libcap' 'libcap.so' + 'libgcrypt' 'libxcrypt' 'libcrypt.so' 'systemd-libs-selinux' 'libidn2' 'lz4' 'pam-selinux' + 'libelf' 'libseccomp' 'libseccomp.so' 'util-linux-selinux' 'libblkid.so' + 'libmount.so' 'xz' 'pcre2' 'audit' 'libaudit.so' + 'openssl' 'libcrypto.so' 'libssl.so') provides=('nss-myhostname' "systemd-tools=$pkgver" "udev=$pkgver" "${pkgname/-selinux}=${pkgver}-${pkgrel}") conflicts=('nss-myhostname' 'systemd-tools' 'udev' "${pkgname/-selinux}" 'selinux-systemd') - optdepends=('libmicrohttpd: remote journald capabilities' + optdepends=('libmicrohttpd: systemd-journal-gatewayd and systemd-journal-remote' 'quota-tools: kernel-level quota management' - 'systemd-sysvcompat: symlink package to provide sysvinit binaries' + 'systemd-sysvcompat-selinux: symlink package to provide sysvinit binaries' + 'systemd-ukify-selinux: combine kernel and initrd into a signed Unified Kernel Image' 'polkit: allow administration as unprivileged user' - 'curl: machinectl pull-tar and pull-raw') + 'curl: systemd-journal-upload, machinectl pull-tar and pull-raw' + 'gnutls: systemd-journal-gatewayd and systemd-journal-remote' + 'qrencode: show QR codes' + 'iptables: firewall features' + 'libbpf: support BPF programs' + 'libpwquality: check password quality' + 'libfido2: unlocking LUKS2 volumes with FIDO2 token' + 'libp11-kit: support PKCS#11' + 'tpm2-tss: unlocking LUKS2 volumes with TPM2') backup=(etc/pam.d/systemd-user etc/systemd/coredump.conf + etc/systemd/homed.conf etc/systemd/journald.conf etc/systemd/journal-remote.conf etc/systemd/journal-upload.conf etc/systemd/logind.conf etc/systemd/networkd.conf + etc/systemd/oomd.conf + etc/systemd/pstore.conf etc/systemd/resolved.conf etc/systemd/sleep.conf etc/systemd/system.conf etc/systemd/timesyncd.conf etc/systemd/user.conf + etc/udev/iocost.conf etc/udev/udev.conf) install=systemd.install - DESTDIR="$pkgdir" meson install -C build + meson install -C build --destdir "$pkgdir" # we'll create this on installation rmdir "$pkgdir"/var/log/journal/remote # runtime libraries shipped with systemd-libs - install -d -m0755 systemd-libs - mv "$pkgdir"/usr/lib/lib{nss,systemd,udev}*.so* systemd-libs + install -d -m0755 systemd-libs/lib/ + mv "$pkgdir"/usr/lib/lib{nss,systemd,udev}*.so* systemd-libs/lib/ + mv "$pkgdir"/usr/lib/pkgconfig systemd-libs/lib/pkgconfig + mv "$pkgdir"/usr/include systemd-libs/include + mv "$pkgdir"/usr/share/man/man3 systemd-libs/man3 + + # ukify shipped in separate package + install -d -m0755 systemd-ukify/{bin,systemd,man1,install.d} + mv "$pkgdir"/usr/bin/ukify systemd-ukify/bin/ + mv "$pkgdir"/usr/lib/systemd/ukify systemd-ukify/systemd/ + mv "$pkgdir"/usr/share/man/man1/ukify.1 systemd-ukify/man1/ + # we move the ukify hook itself, but keep 90-uki-copy.install in place, + # because there are other ways to generate UKIs w/o ukify, e.g. w/ mkinitcpio + mv "$pkgdir"/usr/lib/kernel/install.d/60-ukify.install systemd-ukify/install.d # manpages shipped with systemd-sysvcompat - rm "$pkgdir"/usr/share/man/man8/{halt,poweroff,reboot,runlevel,shutdown,telinit}.8 + rm "$pkgdir"/usr/share/man/man8/{halt,poweroff,reboot,shutdown}.8 # executable (symlinks) shipped with systemd-sysvcompat - rm "$pkgdir"/usr/bin/{halt,init,poweroff,reboot,runlevel,shutdown,telinit} + rm "$pkgdir"/usr/bin/{halt,init,poweroff,reboot,shutdown} # files shipped with systemd-resolvconf rm "$pkgdir"/usr/{bin/resolvconf,share/man/man1/resolvconf.1} @@ -229,25 +260,13 @@ package_systemd-selinux() { sed -i -e '/^C \/etc\/nsswitch\.conf/d' \ -e '/^C \/etc\/issue/d' "$pkgdir"/usr/lib/tmpfiles.d/etc.conf - # add back tmpfiles.d/legacy.conf, normally omitted without sysv-compat - install -m0644 ${pkgbase/-selinux}-stable/tmpfiles.d/legacy.conf "$pkgdir"/usr/lib/tmpfiles.d - # ship default policy to leave services disabled echo 'disable *' >"$pkgdir"/usr/lib/systemd/system-preset/99-default.preset - # add mkinitcpio hooks - install -D -m0644 initcpio-install-systemd "$pkgdir"/usr/lib/initcpio/install/systemd - install -D -m0644 initcpio-install-udev "$pkgdir"/usr/lib/initcpio/install/udev - install -D -m0644 initcpio-hook-udev "$pkgdir"/usr/lib/initcpio/hooks/udev - - # ensure proper permissions for /var/log/journal - # The permissions are stored with named group by tar, so this works with - # users and groups populated by systemd-sysusers. This is only to prevent a - # warning from pacman as permissions are set by systemd-tmpfiles anyway. - install -d -o root -g systemd-journal -m 2755 "$pkgdir"/var/log/journal - - # match directory owner/group and mode from [extra]/polkit - install -d -o root -g 102 -m 0750 "$pkgdir"/usr/share/polkit-1/rules.d + # The group 'systemd-journal' is allocated dynamically and may have varying + # gid on different systems. Let's install with gid 0 (root), systemd-tmpfiles + # will fix the permissions for us. (see /usr/lib/tmpfiles.d/systemd.conf) + install -d -o root -g root -m 2755 "$pkgdir"/var/log/journal # add example bootctl configuration install -D -m0644 arch.conf "$pkgdir"/usr/share/systemd/bootctl/arch.conf @@ -264,24 +283,28 @@ package_systemd-selinux() { package_systemd-libs-selinux() { pkgdesc='systemd client libraries with SELinux support' - depends=('glibc' 'libcap' 'libgcrypt' 'lz4' 'xz' 'libselinux') - license=('LGPL2.1') + depends=('glibc' 'gcc-libs' 'libcap' 'libgcrypt' 'lz4' 'xz' 'zstd' 'libselinux') + license+=( + 'CC0-1.0' # siphash + 'GPL-2.0-or-later WITH Linux-syscall-note' # src/basic/linux/* + ) provides=('libsystemd' 'libsystemd.so' 'libudev.so' 'libsystemd-selinux' "${pkgname/-selinux}=${pkgver}-${pkgrel}") conflicts=('libsystemd' 'libsystemd-selinux' "${pkgname/-selinux}") replaces=('libsystemd-selinux') - install -d -m0755 "$pkgdir"/usr - mv systemd-libs "$pkgdir"/usr/lib + install -d -m0755 "$pkgdir"/usr/share/man + mv systemd-libs/lib "$pkgdir"/usr/lib + mv systemd-libs/include "$pkgdir"/usr/include + mv systemd-libs/man3 "$pkgdir"/usr/share/man/man3 } package_systemd-resolvconf-selinux() { pkgdesc='systemd resolvconf replacement with SELinux support (for use with systemd-resolved)' - license=('LGPL2.1') depends=('systemd-selinux') provides=('openresolv' 'resolvconf' "${pkgname/-selinux}=${pkgver}-${pkgrel}") - conflicts=('openresolv' "${pkgname/-selinux}=${pkgver}-${pkgrel}") + conflicts=('resolvconf' "${pkgname/-selinux}=${pkgver}-${pkgrel}") install -d -m0755 "$pkgdir"/usr/bin ln -s resolvectl "$pkgdir"/usr/bin/resolvconf @@ -292,20 +315,33 @@ package_systemd-resolvconf-selinux() { package_systemd-sysvcompat-selinux() { pkgdesc='sysvinit compat for systemd with SELinux support' - license=('GPL2') conflicts=('sysvinit' "${pkgname/-selinux}" 'selinux-systemd-sysvcompat') depends=('systemd-selinux') provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}" "selinux-systemd-sysvcompat=${pkgver}-${pkgrel}") install -D -m0644 -t "$pkgdir"/usr/share/man/man8 \ - build/man/{telinit,halt,reboot,poweroff,runlevel,shutdown}.8 + build/man/{halt,poweroff,reboot,shutdown}.8 install -d -m0755 "$pkgdir"/usr/bin ln -s ../lib/systemd/systemd "$pkgdir"/usr/bin/init - for tool in runlevel reboot shutdown poweroff halt telinit; do + for tool in halt poweroff reboot shutdown; do ln -s systemctl "$pkgdir"/usr/bin/$tool done } +package_systemd-ukify-selinux() { + pkgdesc='Combine kernel and initrd into a signed Unified Kernel Image' + provides=('ukify' "${pkgname/-selinux}=${pkgver}-${pkgrel}") + depends=('binutils' 'python-cryptography' 'python-pefile' 'systemd') + optdepends=('python-pillow: Show the size of splash image' + 'sbsigntools: Sign the embedded kernel') + + install -d -m0755 "$pkgdir"/usr/{lib/kernel,share/man} + mv systemd-ukify/bin "$pkgdir"/usr/bin + mv systemd-ukify/systemd "$pkgdir"/usr/lib/systemd + mv systemd-ukify/man1 "$pkgdir"/usr/share/man/man1 + mv systemd-ukify/install.d "$pkgdir"/usr/lib/kernel/install.d +} + # vim:ft=sh syn=sh et sw=2: diff --git a/initcpio-hook-udev b/initcpio-hook-udev deleted file mode 100644 index ea9a11f8ce87..000000000000 --- a/initcpio-hook-udev +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/ash - -run_earlyhook() { - kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf - systemd-tmpfiles --prefix=/dev --create --boot - /usr/lib/systemd/systemd-udevd --daemon --resolve-names=never - udevd_running=1 -} - -run_hook() { - msg ":: Triggering uevents..." - udevadm trigger --action=add --type=subsystems - udevadm trigger --action=add --type=devices - udevadm settle -} - -run_cleanuphook() { - udevadm control --exit - udevadm info --cleanup-db -} - -# vim: set ft=sh ts=4 sw=4 et: diff --git a/initcpio-install-systemd b/initcpio-install-systemd deleted file mode 100644 index 8fb4441f7c76..000000000000 --- a/initcpio-install-systemd +++ /dev/null @@ -1,202 +0,0 @@ -#!/bin/bash - -strip_quotes() { - local len=${#1} quotes=$'[\'"]' str=${!1} - - if [[ ${str:0:1} = ${str: -1} && ${str:0:1} = $quotes ]]; then - printf -v "$1" %s "${str:1:-1}" - fi -} - -add_udev_rule() { - # Add an udev rules file to the initcpio image. Dependencies on binaries - # will be discovered and added. - # $1: path to rules file (or name of rules file) - - local rules= rule= key= value= binary= - - rules=$(PATH=/usr/lib/udev/rules.d:/lib/udev/rules.d type -P "$1") - if [[ -z $rules ]]; then - # complain about not found rules - return 1 - fi - - add_file "$rules" - - while IFS=, read -ra rule; do - # skip empty lines, comments - [[ -z $rule || $rule = @(+([[:space:]])|#*) ]] && continue - - for pair in "${rule[@]}"; do - IFS=' =' read -r key value <<< "$pair" - case $key in - RUN@({program}|+)|IMPORT{program}|ENV{REMOVE_CMD}) - strip_quotes 'value' - # just take the first word as the binary name - binary=${value%% *} - [[ ${binary:0:1} == '$' ]] && continue - if [[ ${binary:0:1} != '/' ]]; then - binary=$(PATH=/usr/lib/udev:/lib/udev type -P "$binary") - fi - add_binary "$binary" - ;; - esac - done - done <"$rules" -} - -add_systemd_unit() { - # Add a systemd unit file to the initcpio image. Hard dependencies on binaries - # and other unit files will be discovered and added. - # $1: path to rules file (or name of rules file) - - local unit= rule= entry= key= value= binary= dep= - - unit=$(PATH=/usr/lib/systemd/system:/lib/systemd/system type -P "$1") - if [[ -z $unit ]]; then - # complain about not found unit file - return 1 - fi - - add_file "$unit" - - while IFS='=' read -r key values; do - read -ra values <<< "$values" - - case $key in - Requires|OnFailure) - # only add hard dependencies (not Wants) - map add_systemd_unit "${values[@]}" - ;; - Exec*) - # don't add binaries unless they are required - if [[ ${values[0]:0:1} != '-' ]]; then - add_binary "${values[0]}" - fi - ;; - esac - - done <"$unit" - - # preserve reverse soft dependency - for dep in {/usr,}/lib/systemd/system/*.wants/${unit##*/}; do - if [[ -L $dep ]]; then - add_symlink "$dep" - fi - done - - # add hard dependencies - if [[ -d $unit.requires ]]; then - for dep in "$unit".requires/*; do - add_systemd_unit ${dep##*/} - done - fi -} - -add_systemd_drop_in() { - local unit=$1 dropin_name=$2 - - mkdir -p "$BUILDROOT/etc/systemd/system/$unit.d" - cat >"$BUILDROOT/etc/systemd/system/$unit.d/$2.conf" -} - -build() { - local rules unit - - # from base - add_binary /bin/mount - add_binary /usr/bin/kmod /usr/bin/modprobe - add_binary /usr/lib/systemd/systemd /init - add_binary /usr/bin/sulogin - - map add_binary \ - /usr/bin/systemd-tmpfiles \ - /usr/lib/systemd/systemd-hibernate-resume \ - /usr/lib/systemd/systemd-shutdown \ - /usr/lib/systemd/systemd-sulogin-shell \ - /usr/lib/systemd/system-generators/systemd-fstab-generator \ - /usr/lib/systemd/system-generators/systemd-gpt-auto-generator \ - /usr/lib/systemd/system-generators/systemd-hibernate-resume-generator - - # for journalctl in emergency shell - add_binary journalctl - - # udev rules and systemd units - map add_udev_rule "$rules" \ - 50-udev-default.rules \ - 60-persistent-storage.rules \ - 64-btrfs.rules \ - 80-drivers.rules \ - 99-systemd.rules - - map add_systemd_unit \ - initrd-cleanup.service \ - initrd-fs.target \ - initrd-parse-etc.service \ - initrd-root-fs.target \ - initrd-root-device.target \ - initrd-switch-root.service \ - initrd-switch-root.target \ - initrd-udevadm-cleanup-db.service \ - initrd.target \ - kmod-static-nodes.service \ - local-fs.target \ - local-fs-pre.target \ - paths.target \ - reboot.target \ - slices.target \ - sockets.target \ - swap.target \ - systemd-fsck@.service \ - systemd-hibernate-resume@.service \ - systemd-journald.service \ - systemd-journald-audit.socket \ - systemd-journald-dev-log.socket \ - systemd-modules-load.service \ - systemd-tmpfiles-setup-dev.service \ - systemd-udev-trigger.service \ - systemd-udevd-control.socket \ - systemd-udevd-kernel.socket \ - systemd-udevd.service \ - timers.target \ - rescue.target \ - emergency.target - - add_symlink "/usr/lib/systemd/system/default.target" "initrd.target" - add_symlink "/usr/lib/systemd/system/ctrl-alt-del.target" "reboot.target" - - add_binary "$(readlink -f /usr/lib/libnss_files.so)" - printf '%s\n' >"$BUILDROOT/etc/nsswitch.conf" \ - 'passwd: files' \ - 'group: files' \ - 'shadow: files' - - echo "root:x:0:0:root:/:/bin/sh" >"$BUILDROOT/etc/passwd" - echo "root:x:0:root" >"$BUILDROOT/etc/group" - echo "root::::::::" >"$BUILDROOT/etc/shadow" - - add_systemd_drop_in systemd-udevd.service resolve-names <<EOF -[Service] -ExecStart= -ExecStart=/usr/lib/systemd/systemd-udevd --resolve-names=never -EOF - - add_dir "/etc/modules-load.d" - ( - . "$_f_config" - set -f - printf '%s\n' ${MODULES[@]} >"$BUILDROOT/etc/modules-load.d/MODULES.conf" - ) -} - -help() { - cat <<HELPEOF -This will install a basic systemd setup in your initramfs, and is meant to -replace the 'base', 'usr', 'udev' and 'resume' hooks. Other hooks with runtime -components will need to be ported, and will not work as intended. You also may -wish to still include the 'base' hook (before this hook) to ensure that a -rescue shell exists on your initramfs. -HELPEOF -} - -# vim: set ft=sh ts=4 sw=4 et: diff --git a/initcpio-install-udev b/initcpio-install-udev deleted file mode 100644 index 31d9827129e7..000000000000 --- a/initcpio-install-udev +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash - -build() { - local rules tool - - add_binary /usr/lib/systemd/systemd-udevd - add_binary /usr/bin/udevadm - add_binary /usr/bin/systemd-tmpfiles - - for rules in 50-udev-default.rules 60-persistent-storage.rules 64-btrfs.rules 80-drivers.rules; do - add_file "/usr/lib/udev/rules.d/$rules" - done - for tool in ata_id scsi_id; do - add_file "/usr/lib/udev/$tool" - done - - add_runscript -} - -help() { - cat <<HELPEOF -This hook adds the udev daemon to the initramfs, allowing for dynamic loading -of modules and reliable detection of the root device via tags (e.g. UUID or -LABEL). Do not remove this hook unless you are using the systemd hook, or you -know what you're doing. -HELPEOF -} - -# vim: set ft=sh ts=4 sw=4 et: diff --git a/keys/pgp/5C251B5FC54EB2F80F407AAAC54CA336CFEB557E.asc b/keys/pgp/5C251B5FC54EB2F80F407AAAC54CA336CFEB557E.asc new file mode 100644 index 000000000000..4940079d4ee2 --- /dev/null +++ b/keys/pgp/5C251B5FC54EB2F80F407AAAC54CA336CFEB557E.asc @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFBHPMsBEACeInGYJCb+7TurKfb6wGyTottCDtiSJB310i37/6ZYoeIay/5s +oJjlMyfMFQ9T2XNT/0LM6gTa0MpC1st9LnzYTMsT6tzRly1D1UbVI6xw0g0vE5y2 +Cjk3xUwAynCsSsgg5KrjdYWRqLSTZ3zEABm/gNg6OgA5l6QU+geXcQ9+P285WoUu +j0j7HN6T217Bd+RcVxNWOMxsqx+b0rjWa8db1KiwM95wddCwzMPB2S/6IswD1P8n +VfGnkgp7pfoTyMuDkVU6hmO5RHq9M26eNoQ4sJZuXe5YjODnjgxkKKilFLY8hUkj +wa1VPrx4QnTwzIn16JlUO03At9tpe+9SnShDV0cBlHxo3DhnHmCPWJ0HquLGpdDV +i8d9tn0nlit96z9Svb9ii6Uq/J8zR1Bp+hxCMN/ON1c4U+cf1jfADPO5c3KV89y5 +wvvQvzjTjuzVolR4ZZmkNSql+4vspo94JrssymEv9WWiMJyOjN50QhLbgmWiuzYj +odZiL0CTB4MAC+hTrDZrZfyAnbAttBLfNWd/jcdK+AGVRXtqU997sZPzj8z3b7v2 +N5YJqgm2aQTiDehtHtHDJ8rKh7kcsssnhzzoZluTKl96JHgllFWUC6sedAFVxHDm +b7cxb+Sr0krwbt22is+41gPCuoz1MRKwQYQPTYgcCzX/PzyOHj6KEYZCIQARAQAB +tDBaYmlnbmlldyBKxJlkcnplamV3c2tpLVN6bWVrIDx6YnlzemVrQGluLndhdy5w +bD6JAjgEEwECACIFAlBHPMsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJ +EMVMozbP61V+T80QAIHvIeDdKKrqiN98ob+aNe4McpqXWgiLoDMWaxQ7R8K+2Uia +HMn2J6abhKidvUr7mnixkyBZaRxi1JiT8uzX4HTQ3B/UVJgf2QiRHRvZpdSVn7O7 +OF0u4SqH6BEw5UaA30hMWtgz7m6aXSAN1aitd4efgKjBYKtfsHJ63HhFrpJyIyOG +g0eLGObXJxjW04cUbzPoCoNuFcpphzW3WhdaJ5PXblfjNxWxKzwvAzRhevDjrrKU +4jARNAIkLUMi4gUoC+7th6ATGWjYV8iOvju1cLExn8ktYMZl+BhbkYiRMddMZaZ/ +nY2T2SqQ8kkEXJyY6SNtd/BWuCPyt0RlTgPSK4SK9JGArVJ/PSXJrn53JUl1MUc4 +/75JE2KEBPkN4jQpeshlPfm0mzo/+opyi6iyVnPTZT7m7r9P7Vxc18J+IlPdfl0w +s0YPnR+0oUvo370zoNqqhJ9aNU+5d4VCPUHVIvEWEF3MHuXHKq0mnnI/4jJMvZn3 +0+okZZfYABYXkMZVTA0XprkIxZm38X9s/uw886xvMqPh8fhqpVdTHD5/2h8ahkMM +G1zKs6W6gCfM7gYh+BT37Ce1szo/7RHtbvYq5BTwcWXhpSKzywluRe6rYUPJ0MCZ +17Jk6AXStD1aRYS6rCykryRL0OvMz/4Gd8f+dcQjg5Si23mAj8VJtyrX1MaXuQIN +BFBHPMsBEACtDR2e2G4uL/MKtDsJu3cwQFlK9kmGEX4UqePBc29xn1BTfU6o1Y4p +AXRoLrGvXuVruOwznNdkpjF8kb1BpO/li8qNU6LKyv2n9Hyg0bxRQA24TVC4bF4m +fdqaGGYLqxe3iXI/TRmhsmiSg7WoEWxj0NEaEjydTAieT4kz2ASCYtnzhGM8iS2T +e+scUXYcGNyE2nPjiacJGiLeKiOj21+j6sICTrKX8TAcXSU7btPEy2IIocxBoxZe +Ofp0rNw4293cLVu0kEasB4h43lE1Uax7JYX1q9LC4TkqLaLDa3YyDGvK2FOPNNIr +sKcoYG6Y43DcmaSPZCJ1ApVvoxPct7UI+EYy9VBu3wwY0obRadweXSNgscZZNvEx +ZgdjRXJypv8A9A+nvc2xBMWw/9fAlHzrpjds+3Z2RxbGC4Qav/sdP0WqQZ8xo5U2 +YPxBSHwWCjSxvQWcoDLLOgMlB05oheR2g1VDk4QA+AXDwmxurpvJLh/fyX3mi7nP +VUynTLV/UeWaXbZneh+mT3Lc1ZVYnntSoZv7aYQqnA+a2ajm08lVMmpb5v8L7Zia +dvW2xptVATlWI1DeBTyNwZYyx7GuUsfFTSyQJixtjuWim0acpqNUp8z6TgXj02Ht +Rfk9SwzvBCgJT5mWoGlSu04FR/0pn5ReVCM8RSb6/HOROnrfswGeGQARAQABiQIf +BBgBAgAJBQJQRzzLAhsMAAoJEMVMozbP61V+qg8P/1BuLn6+bVgDdye37GV4kXSV +xB5SQZj8ElwTj+daWq8ZEIoZ0ySyRz2uC7Haeh5XulF1hj13AYfM4Ary9Whx9hCQ +98D4+JK5eiagBuSpIApCkQk+jj44q7VKLanyZV0kWRNBSfr0TnE6GoBSL1gTjpsq +t/mUR2R5zgCE59Ex4HHBwvosIcXgGopbPGNtX9S4Rm7f2wWOSdXGc6pfnuFsVtkb +k8z+uITyK3WX+jHiW5JRgyHWaFyYqwDjds8q0LkmIL80scPa3sEl9QzfT7+7xqcv +iKfemg6XgCwYmSOhPHSK/E6MIC6Wb4QY6H3ixCuMfaic6AsB4sH4vFPoPnJWmIGm +QlU3L1UJz4VNvzCaClaxWPa5nZZAWyFRMof4VtO2Q1LTZa6NQbGNFRRLPDBXpcOq +CNicjZjSaHO9Zxp/V+9W9GgH6u7i/eAnxifwUFvN0BfkwbDnp4BNyvyA+fpZ4oPW +InygfP1P/fvALssBvJjo/q6eZ4b5O11Ut/13JzO4IYNISK8uKnt5AbU9YUnSKClg +1MtTRlBCD3v+UYy102F7p8rJnVTHelfgmjP9UPhP7AUwZ0UQYq9QypNeoRvR4GjL +/3Yz53yHFeYaN/lBglm4jNQOmHTQSibvz8lx8ALGbLxTaUr8j+UG4Gu2z3tFpYo0 +NHq9Ahd8L7JVIsbKtcoP +=a25g +-----END PGP PUBLIC KEY BLOCK----- diff --git a/keys/pgp/63CDA1E5D3FC22B998D20DD6327F26951A015CC4.asc b/keys/pgp/63CDA1E5D3FC22B998D20DD6327F26951A015CC4.asc new file mode 100644 index 000000000000..2c907f78c16a --- /dev/null +++ b/keys/pgp/63CDA1E5D3FC22B998D20DD6327F26951A015CC4.asc @@ -0,0 +1,72 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGiBDjDxTgRBADILCd6h0DKdoY0bkATA20IBHAQ8axjpzVFocYco9w90jWRYj0y +5JntFUdXB20qh/tr1+H3p7Wr/9MNJDX/k+EJ8LCbqouFItfyE1m5k2iaqlGn3MBG +z+gbadL5x+01zZcuJmkhMa/xogs3OGvuw4QU0lRf/3VRgEvGQxh/DCQI7wCg91fQ +X5nGmLfaEajvZk622f4cmXED/jCtmntvBwk9J8jkYDrINEeglEcF8naA/qr20AkD +hvupalZDEL8CJVh+jKA9HcF584mQzV9BURxaWsU89sT7Jg7incdsOOSOJkCyaasO +slt7vGKlUjHBqYCUCp336BVDOY5k2c6U52bsMvfywVAAFf4cDn3S9QHDyaYkur2R +aqMrA/4giC+bF/K1sn4MHacr97QxEeeGNM6KG4z4QDmLeNdAANmJOLQaQFH+84Qj +r8KyRV0zd0sioh3419AsZ/o41W4cIahovJKWyDcNwKI0tP2y3KZDVtmD26RQ/BO4 +aFEqv3Uii0Cop6j495XmSvteL7CZHLEog90hexe9ExI0xIIBs7QrTGVubmFydCBQ +b2V0dGVyaW5nIDxsZW5uYXJ0QHBvZXR0ZXJpbmcubmV0PohjBBMRAgAjAhsDBgsJ +CAcDAgQVAggDBBYCAwECHgECF4AFAkZkpWkCGQEACgkQMn8mlRoBXMTV9ACg3hY9 +4BfhZQjIJ8NSVrv3zOR/KWIAoO1UczsbaRBIg0sN+4b+Hon8qOz+tCpMZW5uYXJ0 +IFBvZXR0ZXJpbmcgPGxlbm5hcnRAcG9ldHRlcmluZy5kZT6IXgQTEQIAFgQLCgQD +AxUDAgMWAgECF4AFAkZkpWgAEgdlR1BHAAEBCRAyfyaVGgFcxKgAAJwI1MS3uN1m +9VV4BhlC7lxqJ0dm9QCcCvAPuYktZ10RQrZddY57I5j7Raa0L0xlbm5hcnQgUG9l +dHRlcmluZyAoTGlzYSkgPGxwb2V0dGVyaW5nQGxpc2EuZGU+iEkEMBECAAkFAk6K +PXcCHSAACgkQMn8mlRoBXMSZNgCgjKt+QUMXVT1a2h25RkUyiiBPeAYAnRpV0f+q +i9N55hov5qCieRGUdvVctDJMZW5uYXJ0IFBvZXR0ZXJpbmcgKFJlZCBIYXQpIDxs +cG9ldHRlckByZWRoYXQuY29tPohgBBMRAgAgAhsDBgsJCAcDAgQVAggDBBYCAwEC +HgECF4AFAkZkpUsACgkQMn8mlRoBXMRg5ACdGbqakvk8qTTLbuAnu5fHZ3BfDRcA +oLUGbw6bWIXP8WDi9067ZK/zwJkWtEdMZW5uYXJ0IFBvZXR0ZXJpbmcgKFNvdXJj +ZWZvcmdlLm5ldCkgPHBvZXR0ZXJpbmdAdXNlcnMuc291cmNlZm9yZ2UubmV0Pohc +BBMRAgAcAhsDBAsHAwIDFQIDAxYCAQIeAQIXgAUCRmSlSwAKCRAyfyaVGgFcxAFq +AKCSWOqL1eJ7x5eYQ64T39WOvNj92wCg78m3sIPTDrijHH0G9B4FzcwV/ry5AQ0E +OMPFQBAEAMSnJ4cOPBHdy71LPPy5Ov8Sa33Hh3uPRbfnPMAIz3DJlOBvHpqkqTjW +4aKXlbpwwiIbKIq/A4vtQQdkj9VcJyqZc+NJsqVTjBb90DGHnQWWPc/oRQ0CswAR +7S4+U63BD/nlelidMmbsq1ykxgMvKlkkgJpFaZBg5ujuwmDoJEejAAMFA/wKnR/v +WsIkB2LFixW+yIlyQQTXgFv+5+nIVcF/3UZ0wr9cdWiFuR2qnIoAjp4IoBDmsAQu +y0rxvasvpiV+x2tZm7nUQ6wby2RFg+C/mAOa0M2bi6BEXhMa28dM4b3AiGy0eKXZ +3OFSzcW+ZkcTqstIjtHJXctYhEKPvFEReCgBzYhGBBgRAgAGBQI4w8VBAAoJEDJ/ +JpUaAVzEOj0An0okC9+lkcgkD6Ce2UY3j4GGnHcmAKCw5GzTgeomE1fieTKq6qK2 +MF2AMrkCDQROijyAARAAvKA6Jl/ygMBw26vskGrU7O72qsKn2PpzWbB9BUFE9khC +8YldL5QdFz3kFbD9m4Ln9YQ/xdyZf39t6OhUdXHaH9BN7wUDU0MEMmmmE+eKoE7P +wR0fSNiRCIXjA5MyZW8cnyvlqpEY3yy2QfXuUWDDFIK7RR4nHm4Ep+5Uaz2tCMbD +M/8wWenwEgjrF/9IBQlTPjbOgWrLqnjBddr8EmFMa88ILxhY8hhqmYBizCRP/bOw +54Pf6MmQkli72327/l8PGLROOm/ju2xs+UySoJWISZOSwB2GhNQH9sg2pl6wyzw+ +JXdB5Iza6YmXnvouA0r68yhTMAAG9qhE9AGtSmVf6m8M5tT5x04He5mjiukrmp3N +ESJICO1GtrHQhg6k6aDcBnYU9Qz0Hd1qBOj6Z3PJqYjg/n1xVSQNSVAcNiJWhuJo +k9nbWyf3DeTPobFNcQS2GcR0Du+CXMVAnY7P1DmAfuNseo/RqnLiW9jnxBUxr9x2 +eKNwh66a+j1cE2YH6yZfvdioK/wCMIypidPa2tqObXSv2FrhAw6Jhc8/Jn8FJN2l +VJDL5rxH0u3nKFzZl0dAFf8AnNxWbn2hXRlJRfkfjgKoCatnavO81APRsOcZsh5T +z4XfPsv1k9jQAoWcMaaSGSr3YDAAXuTUX/2eQ1MPfvhHKFdr3uzz6p/G8fOXdKUA +EQEAAYkCaAQYEQIACQUCToo8gAIbAgIpCRAyfyaVGgFcxMFdIAQZAQIABgUCToo8 +gAAKCRC2OyGHnDSFsDkJD/49cjBQlDDNnIVbWF4lm/2KkOJ9oleKWg0/Ebvpz9Kh +LzzE0Je3kJgKrPJc6HyWTYHuwS1WiHlN0a6XZ1uTXvQC70q+b+PUsyRsunNWa2Hl +DmlfwKAelzgUB2ZdGL5ImDWiLaO49QPlg7qm2+q0yMu8g9FrfevOwa0Cb0IIx/qD +rdwhUolERf4LtD7g0Se5WNyheYH5uBhqu14gl7CCSaAYTIDo4wcobFwSbWo2UEdC +rRbD+GZDt9JN1+s4/VGVSJn4swCotuBJvBbV4XbZYvxTTjIfCc995KynPk0KMDAB +Qx3Cebhky4jeCL1+y2fIwN3GYcCmMY5a9x8JExu9Tn59SU6NupYpq4m3/lTwYW1l +WVx96WhbxC3hGes054WGKTN6xme594ZP63q+GZlvR6FAB/Bm9cUjnh2+G3YXCq8f +pu0r5rjRM9W+FMOGOEfBoVb0xL3qnkrauhBJ3eIp4hn5QL1W1SZN2Qp8G8hw1tVF +ipjfmNkZyKKI1Xu/uED5VKixY6lP04NLuBQ5UYna7AFgH8L3RymNEg/S9UVfPYnK +3rs6scsgxXx6wnFkZPQpZElads9+CiHhH3QhmwFnBWRP1o2eZbxsIKC5y5jfFHHF +N3UEjkJy8CX0G99fee8HTD6TBizv3fcGvmSopbAkTdroonVJ9Y7QPgFfhkifW6TK +I0PZAKDUJ7s2kuX912cfPRbExB3bzqTm8gCgjxaoQANSf6wZbWeD7BKnxqtFuUO5 +Ag0EToo80gEQAKFxFBRp/CqX6NeVGNqCQF3q5h5Qufy1xBpBrLgoQfbVq1Ei0swQ +JOQBQ2K4olhKjcmXji+Z295zExWjEmJAxWuzGrkSQkbet5T+SROiNaos9P5Syp1e +jryh4Ko5nbGF/dZXNktkW3eAyDR6YZ39I6EZb7lfagG9KmxjlE9L8lPGTaDXNieI +FXVLrOaQUQ8Z0Mv0AniLX3tQDP6flaPjHPFX5pwnuS4VRUeUMc49tARw9qkUmmfC +gBt6G/fhHBJ3Kzj17OTbk/UcGVhr1hOYIu10kB8GSnXmmzTJh1T/KBDvd/MPxDmD +4bFG0PEAXO2X7n2c7BJ54L7EaTyC+h4Alr/olnnoAbk79GxDO3o6hWwcCWPdA3Il +E7W5tG42nxIhD2hhu3FJ1Rb7jLVzq+t539EML+1K+UGlps/D1SSkDuMtNyaDEpkt +jXhKR9Y0EzbuUPe+nflJ0NZ2B6AqpO566mDHMlkv8kZwQLZKLYeljWUBI1AdU2sp +GeMrBmiXEkcRIxXWe0tTMidXt7poVr7haP0nUklueNeooJ8eUfmRuFRmye2aWYjq +gjtxiXZHH/DPqxjqsO+jJQxOjf9Io6o93jR9O5knsmtaVp8JNE3RzO40Lyszwyeu +lxylMpd1HfOt6MZYk0we0Ed7vVEPEjE08YF6sC0Qk1b7crk/t0GLOdYtABEBAAGI +SQQYEQIACQUCToo80gIbDAAKCRAyfyaVGgFcxNUwAKCvb0Lisf/Rll5vPLqGGIci +sDadOQCg30tdWRaNvasUMaTQL+fqE/pFzeI= +=uJel +-----END PGP PUBLIC KEY BLOCK----- diff --git a/keys/pgp/9A774DB5DB996C154EBBFBFDA0099A18E29326E1.asc b/keys/pgp/9A774DB5DB996C154EBBFBFDA0099A18E29326E1.asc new file mode 100644 index 000000000000..bc801dc50de0 --- /dev/null +++ b/keys/pgp/9A774DB5DB996C154EBBFBFDA0099A18E29326E1.asc @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGJ+vc0BEACRcuRdhpQCw4ccAwirgpN3RYkaOX4F1lgz+mhBGvIAm5pr3GKD +pQ+dV+68ehvflL7rkxDpXFXAKIcaZSQlMPidi+w04iM7Vlz+3tPXeCbMRSNvrbDE +MBWuDizGXPU8+5iA+hcuuuKqJ9EkHzPXRv+JJdy1CYOptwz24L3jwLGs2y3ESe0o +Vc+co9d71FUOGtixpSoKiSI/cYr16xLC3rPsRogvSm/Pn7SLbFQLWUH9arWJLYIn +q3/h30npK+jsLX1Q+fu6GA5cY6e3yljrHv2QX2Guo/8uyxvHx0UI+F2WK87embz4 +lOgpITgU7gAgNwIkSpVpt06GvH74xqWfyIFuDB0E9uOnAyyXzcYQc869O7Abb46a ++axN2a3G1//lj0pcU9mxUUSbcReNLiGjkh8alTQs+UupVozzdKPIoQjdorqQEtWG +IyEkwgscGAL7ByWS+sEYzWdUFdHlMA9uLiBqWf06zN1Nay9LdyUfQWLBFBlHeJJL +SIAPXCfCbRhdIYnBbdv155aclPDoS+RoIL+CDXDlBW4NSm1UgcCjgjfYV6bc4wfl +pY/esUhXmZLUe3xxWk/rIovZyBgS+P8GS0/BrZD5BGzSnJdVouHbjiH0NU2ug57L +fLkQB8yV2AXYEh7AfxiO1OW+NPgAQ3web4fxnH/zpV6n4j0654p7HgDcyQARAQAB +tCpZdSBXYXRhbmFiZSA8d2F0YW5hYmUueXUrZ2l0aHViQGdtYWlsLmNvbT6JAlIE +EwEIADwWIQSad02125lsFU67+/2gCZoY4pMm4QUCYn69zQIbAwULCQgHAgMiAgEG +FQoJCAsCBBYCAwECHgcCF4AACgkQoAmaGOKTJuHbdw/+KvzX2M/d7A8ethhtNSZ4 +kiDTC1AGS2zqpJJQLmvtZveWZ5U5zYH1a//ju6Giyq071KCxeZ3Fa2yiXLPXtjDy +ao3hIAPFTtWgEOlRgpzO/iRFwx6ihUbiW2LIa+LoKeivH6EV4AwCSAbrUEQ5nXih +yvVie6uyZ+qS9END62atSXqfue1k+QNNFvtyqVTSKnrFgXcH/C1c0aA/s/ByGNVX +XKRslmnVqqwxR2OHMRrOnNubgQYlgAjelgoiohzsgus7YzdkUXfQ9CN2B2gajxsp +xznt7HJVRjwugkvPIDLsQfEA2typHViOxijaJgohOz5l87v9hKppc/BLj28/jC0o +EyafbubBUmYiCV65UgL/PCfTXnHraS4xZDs+dwaq2X4Ba0XBHO2BnIT/kdIoUN7R +gyf9qzVst4/p/O5G9U5nOG3H6yGQ0Q1Smyb9gR7n8pkZEv+96Br65FrM2SXcBc5g +iifuW0Kfsqp0OVBNSbVBiIQ5spfQc3SzBAgj0TmG2doxyJvErAfsJPzWeVnMNAsc +qCDXBx1y6Mib79xE9iqeDz+c3S9ZsOLDmBkVNh5jjRJj4HL1D3g2W+w6Y/qvdycv +OH+pWMycmJVYri74LJbWMBFQysGqv9DjjZb6yajK3Na3Kv96HsE+37V2qFYVB97I +50uFPxH6BZlz91NepqS4nhy5Ag0EYn69zQEQAKr4PhfbF1Z5todAQEV2koIk1Yvx +/K3eDI/JnmXc/x65Abhvt0LUC0ukWvAcuusffOk8BpSA4YNT3fOL2CdnAkP3lWKy +YZeHtd4sjxR6zMUOPV62oTSTt8RmZ4alWXP2b0pW7/cKt/Dz/WRYbk0XFOffuCiZ +OQ4aqc7e+YHwB/YkVs9R14ID5Tio6Pg/wz1zmSkJhmesN+hxJixa9I9V/qyfJhRr +XCZh5NCAGMnKFSFtub6J35zlXa4DEFi78z2sHkK6cdw/rEeWvSewaBZukBKDWdhN +zOkLcg0Z84I/Ds3sXM74NRVZTRxLMKCCjWJrOhBrFAFaOh/2SEIoURwvJuj0uC/Z +q8+QNX87weFFaSSawwy4X3Px+zRl9wpqNlMPZuZKi68F8AMeUmIxo7WL886UBeZ+ +/wksoj/6t6bCIZwMNNsS8Jg5d7KrIeORjDMi6iNzafDXArMWIPkimg+xlppFnJLU +1+jMXjdixgl2va8wp2btTxCKYy8ICKC2lqB2DpFq0/CcBdSyI+ao4c5S3Kvv9rRV +CKbGKNAtqWATztpcOv1RjQ94UKWGi0iJKPBRh+mVoIOXQWiYmpv+8kpY9/bsK+lr +p6RrCwvlbD0PUWJM6e6X3OSV8mVPGNpjdLlK5iuVedHU+ONyVqlAl4l5slYYz6U5 +qgG+EiBk6etuqfEdABEBAAGJAjYEGAEIACAWIQSad02125lsFU67+/2gCZoY4pMm +4QUCYn69zQIbDAAKCRCgCZoY4pMm4e/yD/93SEVwimmAy0qBILAj6jUSkVddea60 +e4IQv1Xp5sbY+8JdGB7REakFAHOvwRhv/RYV+l0UBscW+u5j1JG4dvgpBCdDGAy9 +M35kVof9OdMQCxmUJO5D7wU7bENS+9JgjuM7NHHddzmFhTagAhAInCNSvlnZaTBZ +KSBS880WZH28F3GJrmSJzZd2OpjcKFqzCmM6HwvxFimUhr4S4/5awduW3zMjQoyv ++kJgKZWKUtS97UdnPK8BRANfbjeXDn70ao7TebJm0DaNnB0UddkQMbnYpZOTqEPD +mJ39Ugc8tk3cw5EqHwD9H9yhsbVBEJmOTaMd6WjgcVN6PNs1So+7TveSh66Jj2l3 +A4zGhPP+CuRD+ZXZHdNwsvIYVN4No1UGgXUs23gRtP2hwtT1t2hCXAJYVE4sD4D6 +didtR9JVb46psxfTANexe5S/uzqMZ9bJsg54dxFhhw0wZFhptNEmSUjfDTvlD9Rk +uil3324HFVAm7ZrefiP+NGPqj/FTc4ZKThhyoPNQRhbANFvNfD3+EYiqDXCkkkkv +p7HR47nbhzl7RC/y7QY7OFkeNRdgZyOvaaizwuxuncoejPcivjGQ+KbRvG2c0Kr/ +D+ZeTj9fkqce3cHVkxqFEcx9e8Ps0jwd6LRqQ04zRtFTJxK5ac+e+dtDW5hrwGFA +HcRCOxTr2xTemQ== +=+88M +-----END PGP PUBLIC KEY BLOCK----- diff --git a/keys/pgp/A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E.asc b/keys/pgp/A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E.asc new file mode 100644 index 000000000000..d740744a8a2d --- /dev/null +++ b/keys/pgp/A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E.asc @@ -0,0 +1,241 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFTKss4BEAC6LdgaSpaSBbMZK8erDulfXpCszvssCvEAI5lshfNNLHqOGy4r +g+A3xyaGe+ITjoahT56Ly+dylduRvuZaJwbKWZqOKLnZHG0/Y/4K1MSk73TtcFbS +Vn0q1dZmr14ysTKB8E1UJ8XQZO+PO79VANjvj9oEqsYX4xJ5BenWdfqJOGa+8jn8 +ou75vYcTFkIlvSnaHT4MkCqPGnuGgqiunEScjpBRFOX6ZIdRZvXcjP4HymdQAIMA +BDDcV/qT+3VIOwKCn2e1jtxGbgMUwyosfz7nmlNHAdLrnficbSSsjRBIKxLgKN/N +2fk/jk87mbs7Qz5L2bSxU68emGHZ1BEkBJ4vhiO6VBx8XHolK2RpI/3v0qzdGynZ +YKTF2yBFqBlDI12gbfxabCQ7FgxwLBmYw/C068NVtXLM0AAMFrJmXRoexE698DJi +wL/4qxWy2Py/wBHSFInmyUSSVi2CjRkLh2zA/EJ/268HooItcnL7kGnyWo9IJZEz +Ma7QO1FF/513xsW2QyPr/QNvuJ4GT/SyIgz+6Ln/z8wHCJQw8CM7vFRgOCuy2U3R +srO926muRbl97pqRmCXbb+OJQMcYaA841FPKHq52kUTeGqkiJW4RocckcEGqhxhh +zj8KjIb2wBgkYviFQWKLIpZBVxKSAjVXTl/Bzk9m2ZPETjMZKtz09xtloQARAQAB +tCdMdWNhIEJvY2Nhc3NpIDxsdWNhLmJvY2Nhc3NpQGdtYWlsLmNvbT6JAjoEEwEI +ACQCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlTKtMICGQEACgkQqBzqIryM +fi7S/g/+PiSGiC1nGyMpkoa+3DoZViru/wKgB60/sv9LPfTt07ukw+25OS1DFC+U +wWbclW1EIdCj41WB/kGcgxiAsJ/bJ25H7SAAr8A/C4LVL/uT2wENQ6H9WbTY25eU +vlXiqA+RL9NbeULrEX04coh8xUmTr3j4i7kckXtYsZ9X815fzcbltne3icsTUZsm +ejet0lQ5wbzhcGzUieGsF2Wtktt3nbMHzXHxHmFVaxJhHwbIuFN2WK4x1lfkrx6G +ut7xH8qKMp0aH14MD2S3jnLGun9kN40yO1mglZ8S+ytBpcVt6XfjDhPByhY//DJy +tvcpEIL3zo7wbSiEJmaDxwdfhU+mCMa9H5CyCthRxmdGs4dE+7FhIdFj0HonhhXQ +zqtM/SX+n4lsCHnracHXhKAM810GZB30TacM5F8e0ZXyE1KpKN1Ilpf8OUu7eMdh +xchR1W+aLKhfjYQsRmqmRhpJHoBP/UUXLxczfKW1BzTMZ8FfykFvFdQ2fT+yq/mv +ylfnZhLP+7wI9L8hcwiW3PKnnKjllTi42PbczgYxFmtc77ej1cWRiSN4vpb3S3Kb +yFsgCOvBou5DrE7rvAPIlw8RH8yfJBpQZ35ateLIqN1Sj+p1SD8GxeQsLbq5ETNL +z5CkiJYgQr0tjL5wt0vtAJCo4SkZfSJwYdJgsdXEcpSfGZbR4/a0JEx1Y2EgQm9j +Y2Fzc2kgPGxib2NjYXNzQGJyb2NhZGUuY29tPokCMwQwAQoAHQUCWaM3MxYdIHBy +ZXZpb3VzIGpvYidzIGVtYWlsAAoJEKgc6iK8jH4uuyIQAKuxo/qeF7eWXOToTLe8 +Ws+pRlXYF5YxhJlZioJsh1sDJzUaS67F1FivImbr6YPRnrNaNApH+3/ut9V0zpXt +K9zMLFSPhYFlTAcwIO37fRpSDKoGOrLlpVe0cGq/q5s4H+AOrQ4w1quC69kE24c4 +yqGXlS+dmdraXZ6tCKtUSrlz0PABJD3H4WHN2fGS9DENXC/fHONqlUWJqGtSZgAX +p+60lJiEC97fb2mVy6p0zThLaWydEC7oWrAUz8FFuxTsL0ha/D0qEirTifVSxBg4 +CQ+sHsHPzGCbLnzBAnX1WIqTj/5pV9Ya5scrnBJtGugoxQ76z+OrFCeCaFXJq9U3 +vPfFUGCrwURWSu1MSSG6ep2XcluoyNB3bLYFDcodCM04DlH4HZJ+ZvF8NwGiXcxi +MunLuPoNEJonn622a0XlXFmD7MCE6Zw7RAJoIauwu0CeTgezwNhtcVqjnizEJxNr +UxqSX1pLr+hRCJRvubrQCksA8/bGfd8G2Bopef6wUizktl6GX0uu8kTkB/Pn9b3N +rTKXXw+mfK7ZBx36LVcA5Md8SClghDXZi9HsB284yl4JUotVZBRna8aF8kL6UngI +DthhNLKTN5USEXHzbF688eCdtU1A64yvZoP/ilRBgNiOxPeXfwcsow8+MNMsesb+ +J8h7abYAHO9mj+NTTEqa9Ko3tCBMdWNhIEJvY2Nhc3NpIDxibHVjYUBkZWJpYW4u +b3JnPokCNwQTAQoAIQUCWab4pwIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAK +CRCoHOoivIx+Lmx3D/0f5NxiLYPDpxPOJDnEGUNqLiHlnyHwlHidV1xROfh8F6Wk +DrEAO5YfkASJjqBYJY93ZiZU/ROUdpcct9sN0K1Vw4yTAHFYpYO2G9oc3ax+3ly0 +rON4L7t1Xj9cvR1/b2fIIltEYied0XP3ukUfjECOkwQZJbmOHjsea61i5da/JEbD +Fkr32witorIMMIOAsZkZ+tcLxo2kRhk5PT7t6yo5cRLd0rLGKvKMBkMrNcPNk/T1 +V1YKB6yy0gAfo+dhZyI/khNCVuYZB59oYX5FS5FkGn/CCmuPN3YkGBqe0vZJjYLe +8PK0vPS1obg9gRuYuJXdxIQnP8hD/y6Cu1axoy5EPt1uNc1bUSkvWUoJ2pWkeUAE +Ka/E8I0xKwQfHHo93rA1Xfdcc3rivihyj25/CkHo3zP6Xa0fqQLjpvusdf5nxuKL +5cQYCAkNV9/sITTCxxYiKhp5lto9jhxs5j3/D4WV0+EGaQ/jfwg0i1h5eApzJQWM +G+dEiT28s9+zPgFqfYq5oqVkcF+3tv39Mk/k06XqEwD+TmhV3Yv/wy1BDrGxvQgM +P5GtIPS6p6+PBWFE+HUYYPdZ/vFN5DugzvVznjxLETUvj1G7mCQyHFXIkezF3mfr +3uk0WiYWYoEqQ1Jdg8nsiTq3iRTwW3XNsNhB28OoXH461215t/LakjGMVOmUSrQr +THVjYSBCb2NjYXNzaSA8bHVjYS5ib2NjYXNzaUBtaWNyb3NvZnQuY29tPokCTgQT +AQoAOBYhBKnqkIFyT/rgSEw1oagc6iK8jH4uBQJccpvuAhsDBQsJCAcDBRUKCQgL +BRYCAwEAAh4BAheAAAoJEKgc6iK8jH4uA7kP/RbwUH1C8RfWJWvtaDsvoJ5jnoB1 +lJDxUBEd+6j+AWTUD+fAAxLE/bcqxXzsPz4dscwpnoKmqVIpAdhTN+EvRZRLA1r/ +kbKlnDFnEm89MYYS1e8dGtXqa1zAPl+IxL46Da5/l8GsepOr9HftrPBjN56R/HIf +tOwc9Vir1NLaC+S0CsAKwyAjpq8srjvrxFWr9a82+7GiBz2Wrc60vWIfaZuDKpVE +4RpvEaiYoGEJEUp4wNhaVdQrhe8m6C0uczwq2t5aSjxuuso+rsN3PK/jvNrmxfbS +a0NMzwhZ92w+J7CFyg85c0OQ6hmZRTf6G2v8pFpWlbcb7sePlvYcEIeZik4Nx73T +EkqwmX5WC0NPzj+wdBWG/G+fFIcUUaMZzcGjgy9MXD+RVVyGs6W2/Q7iPBzDxny6 +KJLjUK8xMGRLo3rvdAUqug3Gpe6dth/8XBp0cY1gk4n3OUluBWOXSEwW7zm3s77r +K4s5JC/rBOgCeCNV+qXLydazn4qjQXixqb0ezyGGxO9w/+q9T7MBwQy5/Q25w4qL +bcCxTLAhRpye2C1nCHt4GvH4SUjdh6wtHdkXjtyYMTRmMU40GN/PL5QFyyMS7nEC +YiycLB99knGwsh1FX31Q4aU7qUWO6Ejhk9W43IZjQpaITXoyCwKnMaE+X6Uqk745 +io6PFV1+6ix1l8MhuQINBFTKss4BEADdcEUo30DMmUXHpU9/MoWVIkrYuiqpY4s4 +5Fs1WJIRWm9yF3luJublL/zfCdt4drVIXOEd3YtVuS93bzjM2PXB3keCrnFN0AO0 +wv3FEkKPrXcY9B4FyzKEx1FHqNsO5l9DU3h+xL6t8xMFjiZLAF4G+PvFebf2nwZd +SAtIHzaJf9Yh5F+v+PZEiftB6GBI+3DxfCJeyDeeV3v2ZrLrnIIzOlrd/53SSph8 +rLA8QKVJ5SuVI/vtN/UO0jUQ7S6HPGNS6C+eOG0gAzjK0QFxCo+AAmDVLPCNaX/N +MPAk5x4O0hCC3rDqgTH2KLc9qUNsdCqnwjn3rUnvWHGSLv0HY8fKgZt2uvWOsEp+ +NLiMLFvJXxC/ldpbUbMgrZgNYTZq3jXOLV7ZV7VhemmcU9sJvexp/GI4kExHu7H7 +zTXEx8D9vSlKH5iBbVwl9njHqkVgYbahRObmg3SOVEMn42PQLvjHP3dlhzEtTxiv +2fDSsu4bjNuP8iuxsRW2z5t6WYlpVeZG5eX+GxD6waKs3c6CtPzddlLH7lhVeZtm +FCMFuAV2iNunc1DPRXPXnG3KCV3exc4JnSlItPxsOzWK27C9Pc6wAfgEHq+tNix1 +tQIqq/d0JJAdlYlrqWIhpYtrAueKqwEeIhFAEwJNgCSMl542iNw37RMc/3OMvDbj +MBVynC8VhwARAQABiQI8BBgBCgAmAhsMFiEEqeqQgXJP+uBITDWhqBzqIryMfi4F +AmHYcJcFCRZzv0kACgkQqBzqIryMfi7QOA/8C2FkJrx6UTi1zu15Qd49aXCjib1r +Qhd4Ngv0N3P2LsAbjZ8zzO50OYDLBfnLRGyukOE3fWFwN4VXOpLcDjHH68QpLgQK ++F4kX8M0KdF/g/7wIoSHetQvO+w6BAc4O7zDMgmEbWqvoXgp7z/XiKwXWDTvpQzq +tErbx+Y1kRJNww2NvgBj7bHDoXGUXlAF51mlndekljvxTnZBC0e3rDwFBvhPF7Tl +2BSlg15g5Z80HZJkJ91gh7BqkYa5d6FpPfeZ+6IOOR6nJZaXFUmT0EvjXf3/AbXq +TzRmQUabaEgazZIA9EKfV3Kf8cq6dMDouprwm6xqA1RjhVqfWrNupstko6nSt+C/ +2fHFM5AbaXDfdn8DrfbEjH3iH3MFBp9Hp5B2e9vZT089M0XQOtDxXN1qxb4l64Vw +mJN7BzE6wIMz7I9KqcL/HdokYBDXcPpdFOoGPK+hBRoxzbWYcmecAqRRxG9xvAtX +0G/6nmvwkBiM6h3rUOYigettEWWZYscbPXywZjuuFu8ziWWY2LpKoK4wsJQx4Vs1 +8YgerNvMK1MOA94miQoPqZWXTRVfLJ2PI8kDC5g+ieWX7IhvtxB5TLeeflU4/JX+ +ypn6fUEINvSfJMquoOC8WuPgyf8TJvuFb48q+IMYp0A9/BV0Pzyuom6yuy8G8x8T +POJhgKxEqNUKSDC5Ag0EVRbhQgEQAPrUwnwbPqUQYO5T6+g7SN0mODPk+SKdhEBr +lku7e64jT9K27UoXN8dRgaJFTRDkznup9vA0yNEwPA+1mulnnypwWw0D1XuwIFgg +tdYGF1yKnESD5Z71u1/IWZ+hcP2/nqfRZ8OqYooUZOX52MrKQwU0RP9QwQcx6jj3 +3qR4CM4e6lXvDAn03aUWLB12RGvaNFmC6EV3oPshbypo4/PgZuDsi0Obze7g6g09 +6YfGrzO0UL76i2a14cnFrquG7U+gWvaDGddFM1Bfx12i4GpLHA1+hcwcIL9v5VWr +od4nuCfgLtJQOIWBwlYTWRoC7BhumqDBAwNgG+ry6lSHjo+3Wzly6ucCzCZcsAGc +LZ6Ep88cjzykGqwpd9JWA2lxWpBRmaSNdJ0a0UstmnEXKbkueutnJ1PJGc1ZfZm8 +cqxKSM5HOeDQ/lMx71uhVSqiSwf8tq0OmUROnC2ocDu+C2aA3OPCaVZHVwpM/hds +iOLrLVnL9L3VEPpix241KH+sxi3E1UTKbXhaSKMweoIhdaIWsqDQIMMsJOvbTE4T +WuTuCeNOXQzwzuJTcpe5xi5cci9KLmteom6c9ln2FLD7CZkSZwfvCmeUsyBluw/2 +qa4WKaK2Hac+qspz7Q5pA+85eUR0Am/D6oK5JBz1Va3Yxwu1HT/wnF46tSiLihBu +OOsSSE13ABEBAAGJAjwEGAEKACYCGyAWIQSp6pCBck/64EhMNaGoHOoivIx+LgUC +YdhwmAUJFieQ1QAKCRCoHOoivIx+LvnqEACkhJOClrjKL8o6QxZL+G2Q8N68m9Yu +Qpme3UFI+A0zRXo5itbDna7aQJP//pAuB/DwOBio+0BQrTGZed2GAkC+MuJdfAEt +mZqIr+a7/Wj62GCEzrmNp2vF+f8lGwt7PYdW8xIy2abT4rm0zjXo6jpzvQW3q0LL +qqTnMvmk8fZ5RmZh/ZXn2uPMCG0gKsNuItmhd78Tom7v7tzBwK8Ko5m1hW6Jgr6C +7hS0y+VnmKZU/SGb6JC2Ee9GsqXrWfxW2ZaxCJ4xoIIlUwhVHzCVWMkkO+vk4dDV +eo0qYrHGqcHiOrSp1nVRUqgIpISxP2jgOp951lWgeiHS/ULEVEfWJQ7OlUurUntG +xVh80/VazB4P/2hJqCORp7hJM+sXopsXhxn9hIH8BaKagFybE6s57s4AA4HT9NI8 +9XCMh+ja5ZwfW5a51m4sRbxFAbV2Z+kPc+LxhqACbs0kGnZGmfVFE/vA9x3Nqia3 +S9qaSs4nXcUKrvq0bIvxcunOtVPs5YI7tE1JRKmnIzT1nWJdIm0WhRCwj2NVQJRR +MH0Vfl6UWr/nSgsQ8sZodj0PyTibaR8ExSBacukw6/sQ2jcmLdUrb9KuZfBWtUWS +sBQ6WgTYRD3RlSskGLNMH3OGIsvNQAPZaAd8KHAUZ33nebAxfb8D12uvmsJnJ1hg +MyQe04TmWbry7rkCDQRVFwDNARAA1ndBquW5F9llTH8CPBEE57iQUYCS5mi2/CDY +PyMpK87Z8dLfw+W8We0jJsnEabyhBMEk9jTM7rT7eG8a2zceRQALJc8vd23dZhx9 +K9sUITPzSkjR7GDraaHsn+73ET2gZAqrulM3lgq2HBc26xA5jKiqHgHpElhcoo/9 +UptIT2Fivah2Bu3Yakvrea6tCBrl9i4XEmw7mx8rAmS7ycVs2bKbnaxYBpAl+vKE +veLstxEYK1FLfUBcHlrngulycY/hSJSv9Y92YClJyWdd4kV689rzq/OAvNjC6QMP +xz5nFO96mTOVdPkRQikT+CEinhoayxUjFTi1ZMjR2GAavtKLNtVSBgQPy9pFr9Rs +vzJzw8iOKdOc88F1Lun94gMD6sMEagPv4I9ieWKKGWtZjxlLrZM9ypilspkwZW3a +9TEf5XZ7lAMHYF3ThI/2D7JG/FbFc8hI8jaWj00FtSprFgyT87bkP+nAD1wnmhAi +/9ddDExWNXrEuEjO83e+UYINcOvIRZtA9U6LZrj1VufQzdk841VAmpjlYDEhH1AR +ERqNNDx7hmKg5VbfoC3sjjP1jiyYs0xACRFFaUfbUbKRR3/Z1yDiXUmqC+KKV7S6 +IOZ1QdrKk/arfaj7QT20IhyV4pr+awaY2j3gWQPkcaJUzKT5BbEl1ZDXL4cdz/7i +rw/bptEAEQEAAYkEWwQYAQoAJgIbAhYhBKnqkIFyT/rgSEw1oagc6iK8jH4uBQJh +2HCYBQkWJ3FKAikJEKgc6iK8jH4uwV0gBBkBCAAGBQJVFwDNAAoJEChr9+/NdyQe +14QP/2Y/Tu/3pZ1DDH+g0naAICZ57jdeWXmQtVrhMK5gsj6I+0u3WAqu1WLD4z6h +iGy3kpPaOV9qPpPQakNtumoEYLMnYRqzR2yclG03rO69df61hZ7bz88IS4H1BI4e +qRU8bzhppuoCyV60aFZModZNB/sBrXGVeB0Enw2RkFSTBZDkwaQpLQE/vG9orrPm +c5lI+ySmh2EqXnV3ghGBbAr6PS0p2CwOpKN5I5/DZ4zv/PiRLMNOx3GgFa+yRpJC +0yfD2qJt9SsjnOCL9hySHYyh0SjF0gBBYS0pHR0QfBWE4h3vqWrX2xLojgwpN8dn +vEaddOjNt6qNxNfR50DTfVoULhcakNMOXID9dcAG73vnzY069cuQ8xyP83z8/QxY +mC3Akcw3AOoEcKxmZLIrtkocsLvXKHmZQJKcuK7RzP/ussH5Ucj5LA9cE7yI8JkC +6mZ/5zIgKQg0ULCAXK4sphgBGFKvoups7Oj96RC/Pxv2rvc4Oq+EQ3RP3jkAl0C3 +YE+3NvQtg4FoDF0Rmy7YFydYT7ERFUruZJ4YeZ+eHqyYRlLHq5FrAxibpj9gu3NC +nqIFOq03BivKX49tEnW/bx7mKymbKUKtHJvQJKA2optC5+Eo7vX6l4EHK1vQ2P1V +RhcZh7u8cJ5nGC9NSc9sehWNRdlK75OK7UaTLUQ4W0Rb9J7xbBkP/1w5sam6uL0O +DWYmAjZaqVKnXdNE0whRCamCyfDvOBXS3ckpyUy3f6txo+539+mCEdzmA/ON6Ar+ +nTbwIAhiZROOH/aidxynJ4kyuCyksA9K6vQIDoGGHSv+eZAGvl3m2VewIbO5b7Vo +roE7Li/HcI5wSu/qr6F6L4GdYDAW4hVJjnLe/8sZnVZ5F+tWKzudgivK0vWUFE9a +47/4GFBxX0Jr+mQKXk0buE52OaRCQ5K2zbRZ0N/HbfrSAVBop2J7i5DWuBZ8yJ18 +CdxYDFJMTOTsaH5JPUhH25RhclRCeXvLAeFO01r4L/hRAsv1bdLqaPA9vmyLWraQ +DA0VX8YAIDkW0kz45uhslYH0vOv5SW0zuJxiYhngl+YUzWGdCgllBcAwHyejmJhe +Jpxe23OjXzmrNwguH6zhzlK9W7Tf+QL8nsZAUNNPWMSTBBAKwgptmUQUT3StQK2B +iasjGZwBKfYfb4gHyIcKzoxo9wgJrioNsaJZ3d8YWtI5dpo2VEmFS3PteqbVb1x9 +8iJFOPGCS4l971n0MnMse3QDzcWmvx+B/eXbnfgQofkJycpoZmsNR5x9T4sY6AX5 +AfqgoEUr3MjXls6OGAA7aHbaOUcFC0wU8QeMhe7tZ1qDJe0ser30M3vTcLEurIOJ +CIg9UJVaRBBwp/+2uu20v0eQyOPvCL1buQENBFieLi0BCAC8doYzfmC8HWjtP0Q0 +s6fpRwjwGTTOaxk8qOMW+vgVY5eAIWYOGX8kNdzUE1nnRgrGhqcOe+g0NvXNkE83 +KIeAZFL5k96/o+K9IJTSlrNzjWR3NsQPfjrQ4/pDcuwtxWBIaZNAF7GJNnjGeQ4d +vVHwTzi1b3xrELxKYO3iiYkku5O2rrHxI2Pv8mBWZ/v6Zr81hutk6TtpsGGWRBEq +2sAdS+qV+Bk+C8LJsdOLeZLU9aVILtMPQkL0z3GTcb7IVknLPZ+aeraFRBLXO1k2 +9J2JnTwECEkfOQepmBkGJ4FGHQ+eG7ejLd1i8BLFEeLk9ia2wLl6xiij1I2lplcu +aLq7ABEBAAGJA1sEGAEKACYCGwIWIQSp6pCBck/64EhMNaGoHOoivIx+LgUCYdhw +mAUJEqBD6gEpCRCoHOoivIx+LsBdIAQZAQoABgUCWJ4uLQAKCRBLKWaAUHhRYsuR +CACNmF77YeLUaI8pnWd6GImUc917cTiYohLI2ZD9N+pOKSnZrZ9c8QD83eVuZKa5 +PAJFo4ysgUjUuO4t5b40RUF6SqVGxidAnYwwhNgmqJzG9aIf6VW0NFbzKD0co9SY +8/4BQnlyxavAHF60WI4f2lukTT49EJ6i+9LWuqhUmr8ayz1ZJtNphVhCpVjS7W+7 +syzNinwiyP2WXbCkpE8GYVg0Mm6dqFztX2XSO2kqC2EBWOqSI3SLk50K6iK0SrZP +rppgTDCgUtfHsoidRUe3CKeeFXpLZVXGhThiPjBw6wzuPoRnxPsOfbM1uZmutEvd +pHiUloDiUA+Dbv7D6K/TPmZXKcMP/ioYpKy1lDFSBrephUp6hfgoi9zz7RgxKLkC +AFas7zPGQzcAlq1XEZL4fFa4z9bZg9gBgz/p4N45Z51zneWA+YOS+OtVTGs84v4f +ten14bG3clhtK7VRW2g/gOA3abILNN3mZ1QZkaPSOZjSe2LbtQa4HTK5rdIQoJ4c +zKej0NJ3wbwUnljLdT3z5zM7hvhzI0O8+ORpMuORX+pzfMG2c8p7Efibyfk4S7yl +67Pb44xzkHiXJmZJ4eVhGPAmV6AoO46M8bf5P0mpzmdtjBWGlkUV4XFLF5w4hKV0 +y+KUvV+6WLDbl3vOPyRxDYhgxt1pbDsKXNB/fBprqW7SqiPDhanfu0/eF2lKzqOq +IfqWixl24LMcCMYIRaAdGH2tOv4PQTyxT+kH9uDlnvUzPV7HMhiFuhipnuH3/zpY +Esh0l+p5VGcDNPOawDMJjGcvhUQ+60FWsynsZAAMCNEP8In+/wpo1QfXJkTlux20 +7CUkKJUiAOOd35RVF97Fa3Wos00ExCGKOhQbaiIhw7M6csjukIl1WWYOk+DVxcwq +wWj5kWulF0whKe8O7gQR+L/2yFnJmNhjUHf+7j3v4zpiiY7ez222AR7kTKozGBT4 +RayGNmulYD8nkPiDcdXh8Lh0WvI52qBPEi9uWIlbk7QuLQ+t8VPNgXOrPFcMTuWp +glhgv4r7iQI2BCgBCgAgFiEEqeqQgXJP+uBITDWhqBzqIryMfi4FAmMPwxECHQEA +CgkQqBzqIryMfi5mMw//WFnEIjSh5zhrWFBPD8572A03Ot6VjuKbHRUXUGvkU8i7 +cVXwJC7P/nCNUYcvvLLzxxlx6cMdWs9EohtM+Syfx5l1JjL4kz8DN1dF1/p0+5IZ +ZN1Mqp4X4mRa4k8QDve/TkuGvSWyj4bDQ48X8jyKeyFNYJI6AQ9zv1FV4qBOtwvx +WEEDoXXfa8RUw2UzQ8NfA+W5LLhwLGrFwBkJNXU6MDytOI30lIJjq1rlkuTKLU4T +UGmuiXepbglyHSpK1nOZ4TAHIngXvrwyQfUOjrQyux8Dk8RWFF/yhSU4RSYpPmTF +Jv40xMYk6tt21OkGAKU+S83oVRM133FJxI92Bm/JCM3vpeR9sJPO62Y0lv+XL8wU +A1YeN+5XDxDNVZdRa0O8RMjLNRPvV7qSFWNqP0b4wrbBlXeslcI2m0i1plCMFZSv +AuIy3R/mTFhsE8TVpW0uCueV+o6MQ2MpTnTSSSMuo+aeXeUkp1cbh6qCDdjlLz0L +3eexkJfuC2Ti3Ytq1E5Go8nKNpPRF/wOToj3s9g07LnNMw5plZLxEVfUtZE1CThY +L8iZkSInfZdomyxHtmDrZFlhD4IWlRAqiSU8HU0rwJ1s/czZy3etjwpX6fVSDr8r +lhNbjZqKzdNNaofy6j4s3E9Nls4e0fIcvmbZAu01XO3rkdlJM7MsASWbq7XWNrC5 +AQ0EWJ4uPgEIANSlvCdaomyMvqVrwd1E4dj8t48y9aIIkArW1lfodp1bTsXEIyVA +86FfqONgjzkGZgzUBmkQNEup2QBR/r6VJj1XLBfLobwOxBNKI74WfoNYQn3Jh6Us +hBbTEwlxZ3nkP360OUkUV+ITY4uOtKjE9EaOEHuJqOx02UPolOO4mrrTMBzEXsna +jop56zAdViijPjrQwu5WrcF7I3Ef930H/LmfeJtJWAlzw9iQNE3Zj4gu4Bd3+JrQ +ZOmFMzmP1H6YIkO5FFVkCA19r0Akw8nRBsgWdF2fBFMQa3otgD8AigGDCOK95N+v +w3YsCsMBE0/qtX5SB/etbZtk8SgK/zZuzHcAEQEAAYkCPAQYAQoAJgIbDBYhBKnq +kIFyT/rgSEw1oagc6iK8jH4uBQJh2HCYBQkSoEPZAAoJEKgc6iK8jH4uzRAP/1Kn +2LHO7XDw80Q98QpioZ01/QaR8zLxYK6QlU5Bk+pIPJL7KybL9NdtExwdFGH86p73 +cxLTUK2JxHf0w9CryCVhyp0ufKEdEcYR3aAec4vjBR/ouJ3Emma4XSctJ4PvcSaW +9OYneGBqDHnUN1Grir+ZmPLlnf0bzVR+QDR7cqOSgtB60mZMx+WpwxOUQP8i2npJ +sBuDi0eE2YbIYgmTwKyseC3uRgVOsTPvVL3/1o8A+vsRSJY7OVVpdDkzCTwAB/3p +190mAffeTJh5DtON0r3iKFY+Iy5GEQmNrvC0kDiNnu0dlEAtr+fQ8e+k/F1RRvwc +or0T2iD2tH5ujm+KSItHRKQjj487Q5mI/4eRfy1M7US0jBoG7HmL9TWX9waWuRL4 +D9nFYuSaiHB/qPNHK3yrhHEtM4N87jNqJzyisvdBg4gkpuOHLS9ZLlSwMxmvEZ5g +OqNwSQ+9/TPGF/7XBghBzk6MsdhVW757msNQe2wX01F1ls7M2opHg8hsRtt8O704 +Y4IcverkP6Da0iTjgIz6e3LJkkSr0R2G9vXV3f5Mwgl6+LjPw1XEtqNhBxkrfbhg +0rOFVVJh4XZ8xIzeqEJtLx43kiiT2/yfOqRh0ZVc5DqSzXzmQj6tg2eoIOuL2QWn +C0rS/AazPvji6IEQ5iMcG7HDwxepEa3C7xeIOmYhiQI2BCgBCgAgFiEEqeqQgXJP ++uBITDWhqBzqIryMfi4FAmMPwxICHQEACgkQqBzqIryMfi746g//VMoDIppDTbkQ +RbF8N36QDHXfrWub19xJGDo9D5GMbCRisVg8HuaP5Gatat8dewl4d3dCEXz1OuHg +wuyvpZnEA58K2JTfanWgT4NcuTuudAW5lcLX34ucBy8bMz13dYxwt4BIdUiNzWro +12I91wDN5e79pSo7T1RqsihD5mTCnhAKSCUzPN7Dge0xk+nPG5rT1L60BjYxfTUr +XkAon8snSn6X4pHkdxh1FrDTtj6M9A9JuusMnpgqryrrg+IYuLAIoCoJ/qJQYyix +nXSIoaIGv7Kyk7mVnP6JRiXi8ZZ0KHYtxdwOrJHjCL14OrliYyCvSH3a1dFwRKiE +A1fB+FhVQ4ZqSDq0YVkZVdz8cB8EAdq6VjHfYBFbJZMBFnORfTVLGxZ9bedb7VKm +kl70CPtZInhA2l9w1mJiHUAOe1hEW+CsKc+r9sZlKrFTYIFXLGGpP4Q8BAG6kjNQ +hI4gbj532oqpxA7mkErcLUw+3cdI+rQbsExFVe/TgU/ENMYwYdKFRI54mg76pIFR +5Yg11rgFlU6mI+59sMGUVZDzNyk0QIHyYwLtLQ7TX1r4ke1o1xgXTuoyqSmYRKcn +vWQhw4iA1XKEjl4k9AJeipA7E90nflu4cGEYtfVJ2mMQ/ER8IvmN/e2z7ElgChou +4MPPH7suC77kTv+LygQe2TBGLao77sS5AQ0EWJ4uTAEIAJwc5niH8Wl3m5kiY8Gx +9UnBByAE16A7NRbVbplk5nxkvOdZaqDAaHplj2ZXgaDEzs2uXJ7+hMzyBmEWC0nf +hkwzgMzXZ7h8VC5vIFKhHaEPPhsHE1wkozrL7mSbyFoyd0os9yUZ07DPIa2KM7WW +YQ0KrJqpgsq5sOSLMSJw303el63SfN+EzkvO6SU8Bc67dweFLoTDBl/CFoz7BmdG +UQW1DIQMbdO/iVdpVvaOwANB+99zR44WeP5o5+tlqQ1RcxyJL3VWjW2+YRl6yR20 +SKkFI+LV99rmBJKXdFMuyhLaofxyPrVtZy+OwWuhBGPtyLxTvlyYsuWYaHtJLjYi +3m8AEQEAAYkCPAQYAQoAJgIbIBYhBKnqkIFyT/rgSEw1oagc6iK8jH4uBQJh2HCY +BQkSoEPLAAoJEKgc6iK8jH4uGrIP/jr664fKpNPnXnhPCJrc/MiDPHmCgROzrkbE +kwFY7HHxxkvV7VuThfr5yXz0KDaO2FAAWhYC4WewTR7Ifp65vUEosPOQ0WDNKrql +m86c2N7R/ylGlWVKHNbLQCcC3DxJIXz4fOy1UpMezFq2dZVX2GnQ0MGVKHgo75x5 +TVWlFRnFnQ4DODoPS9E+G+IZFAmbLAfsOqcs+HsVh9+UAu3jZadk0iuMsZ5rbSE1 +BTlA/qQfpmzJibeqAsTgo67+ZYM4jlE1rsXVkTYz4WU2CIk4OhO6YdFdMFclo3Sg +8ByG70C3XWF+43AAZ+tpdnTpsYd2NIUgQfmWNXTXYeZDmyInFXfvkAdb83L2Vkj7 +6B/7QoOe+T2qNTTfoIn/AXohxT8ioilgunYP3XP8uY8OxViKBroTSIdTER2g/yAt +c5Uc6fw6CufgUu1oNti4oI3OmQ+iA9myK99+caeSfJoT1eir78W04wX7jHKXkKzI +poRF2hZw3G3XNxfwmQtvP649j0ZGk9fYCTGq8H0dpzjim3HOhsrvPWeoV9wvl6GN +YPsk0CFCIZCe/xbZPbtPNGNzWS/Te/Etxj2NyytuoyGKzpdj5JyWBCD5hGq+AZdv +dem0MwywatzRS5zGJ3sPBfC0nr9cuKiGd/2nL06uMa3sGu0s3/A/NYA1X1BmjR6S +PoMotfImiQI2BCgBCgAgFiEEqeqQgXJP+uBITDWhqBzqIryMfi4FAmMPwxICHQEA +CgkQqBzqIryMfi4iKg//aE5wAUZkRgh4IuGtOc3q6vL4uLMGc53DYIy5Q/yHhKOT +OJ9z4nhR/jaqasn0EeDOHDtc+cEPGnWSbNOF68bo9QopLpdtWNAxV9mNgngyqeFu +lLmW/S0Zf8QfJYfnN489SJOlg8Od34HDAV8NrHi3X2VqjHK7U66mciuoX2SVQ2sJ +QFhADJgUGlscbxwgOt+KQjSOH14ozp9HDdo436vN66sZpUHCwH+Cp2VojuZJ3mCN +hqBy3mz/UafAOeo+bpVvYUUPML+nmeVisbVpCR/xxF9cFpj4MEdtOWzw8K5QY3Mg +Vkmy6ABobLNYl6oMJOFqxla9XtuTfJy5Isg0rfhVyEM6Yml2y5YAm8eHHETQ3NdB +AhSVYHD12Wx/6WM/xK/ZWMzAOExBB/31yRQjWXuHgulpC+hP1+SGbC5bU3p8wrNG +EYg7fYzIgMj7JQU5MR3+LZ1A0I2YuTCFhKbQnHN5qZlZ9mG0fTGpHNgwMEA0CDrT +Fo4vvaeUz76JkFQDMBLP5tkgH24/6hsBULhZSuC9wGCa6nBi8OwwWwdMiHU3PnMg +W0ePKaKUB0Pjs5caJm5zY1wnWz/uRp9WZRyH8jBjoXpzcx7QA35+O345uBk/LEGp +j9htU27IOllKJQujQjFUwwuStWNfTGRzA4ixtODAv8ZUwdPdgmAb4zxY+MrRk1Q= +=Zx2v +-----END PGP PUBLIC KEY BLOCK----- diff --git a/systemd-hook b/systemd-hook index 6f2e899234cf..d64341fd3ca6 100644 --- a/systemd-hook +++ b/systemd-hook @@ -1,6 +1,14 @@ #!/bin/sh -e +is_chrooted() { + if systemd-detect-virt --chroot; then + echo >&2 " Skipped: Running in chroot." + exit 0 + fi +} + systemd_live() { + is_chrooted if [ ! -d /run/systemd/system ]; then echo >&2 " Skipped: Current root is not booted." exit 0 @@ -8,7 +16,8 @@ systemd_live() { } udevd_live() { - if [ ! -d /run/udev ]; then + is_chrooted + if [ ! -S /run/udev/control ]; then echo >&2 " Skipped: Device manager is not running." exit 0 fi @@ -17,21 +26,56 @@ udevd_live() { op="$1"; shift case "$op" in - catalog) /usr/bin/journalctl --update-catalog ;; - hwdb) /usr/bin/systemd-hwdb --usr update ;; - update) touch -c /usr ;; - sysusers) /usr/bin/systemd-sysusers ;; - tmpfiles) /usr/bin/systemd-tmpfiles --create ;; - - daemon-reload) systemd_live; /usr/bin/systemctl daemon-reload ;; - udev-reload) udevd_live; /usr/bin/udevadm control --reload ;; - binfmt) systemd_live; /usr/lib/systemd/systemd-binfmt ;; - sysctl) systemd_live; /usr/lib/systemd/systemd-sysctl ;; + binfmt) + systemd_live + /usr/lib/systemd/systemd-binfmt + ;; + catalog) + /usr/bin/journalctl --update-catalog + ;; + daemon-reload-system) + systemd_live + /usr/bin/systemctl --system daemon-reload + ;; + daemon-reload-user) + systemd_live + /usr/bin/systemctl kill --kill-whom='main' --signal='SIGHUP' 'user@*.service' + ;; + hwdb) + /usr/bin/systemd-hwdb --usr update + ;; + sysctl) + systemd_live + /usr/lib/systemd/systemd-sysctl + ;; + sysusers) + /usr/bin/systemd-sysusers + ;; + tmpfiles) + /usr/bin/systemd-tmpfiles --create + ;; + update) + touch -c /usr + ;; + udev-reload) + udevd_live + /usr/bin/udevadm control --reload + if [ ! -e /etc/systemd/do-not-udevadm-trigger-on-update ]; then + /usr/bin/udevadm trigger -c change + /usr/bin/udevadm settle + fi + ;; # For use by other packages - reload) systemd_live; /usr/bin/systemctl try-reload-or-restart "$@" ;; + reload) + systemd_live + /usr/bin/systemctl try-reload-or-restart "$@" + ;; - *) echo >&2 " Invalid operation '$op'"; exit 1 ;; + *) + echo >&2 " Invalid operation '$op'" + exit 1 + ;; esac exit 0 diff --git a/systemd.install b/systemd.install index 417110181c5d..d5f0a68ff66e 100644 --- a/systemd.install +++ b/systemd.install @@ -15,53 +15,6 @@ post_common() { journalctl --update-catalog } -_216_2_changes() { - echo ':: Coredumps are handled by systemd by default. Collection behavior can be' - echo ' tuned in /etc/systemd/coredump.conf.' -} - -_219_2_changes() { - if mkdir -m2755 var/log/journal/remote 2>/dev/null; then - chgrp systemd-journal-remote var/log/journal/remote - fi -} - -_219_4_changes() { - if ! systemctl is-enabled -q remote-fs.target; then - systemctl enable -q remote-fs.target - fi -} - -_230_1_changes() { - echo ':: systemd-bootchart is no longer included with systemd' -} - -_232_8_changes() { - # paper over possible effects of CVE-2016-10156 - local stamps=(/var/lib/systemd/timers/*.timer) - - if [[ -f ${stamps[0]} ]]; then - chmod 0644 "${stamps[@]}" - fi -} - -_233_75_3_changes() { - # upstream installs services to /etc, which we remove - # to keep bus activation we re-enable systemd-resolved - if systemctl is-enabled -q systemd-resolved.service; then - systemctl reenable systemd-resolved.service 2>/dev/null - fi -} - -_242_0_2_changes() { - if [[ -L var/lib/systemd/timesync ]]; then - rm var/lib/systemd/timesync - if [[ -d var/lib/private/systemd/timesync ]]; then - mv var/lib/{private/,}systemd/timesync - fi - fi -} - post_install() { systemd-machine-id-setup @@ -70,10 +23,10 @@ post_install() { add_journal_acls # enable some services by default, but don't track them - systemctl enable getty@tty1.service remote-fs.target - - echo ":: Append 'init=/usr/lib/systemd/systemd' to your kernel command line in your" - echo " bootloader to replace sysvinit with systemd, or install systemd-sysvcompat" + systemctl enable \ + getty@tty1.service \ + remote-fs.target \ + systemd-userdbd.socket # group 'systemd-journal-remote' is created by systemd-sysusers mkdir -m2755 var/log/journal/remote @@ -83,20 +36,12 @@ post_install() { post_upgrade() { post_common "$@" - # don't reexec if the old version is 231-1 or 231-2. - # https://github.com/systemd/systemd/commit/bd64d82c1c - if [[ $1 != 231-[12] ]] && sd_booted; then + if sd_booted; then systemctl --system daemon-reexec + systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service' fi local v upgrades=( - 216-2 - 219-2 - 219-4 - 230-1 - 232-8 - 233.75-3 - 242.0-2 ) for v in "${upgrades[@]}"; do |