diff options
-rw-r--r-- | .SRCINFO | 38 | ||||
-rw-r--r-- | PKGBUILD | 81 |
2 files changed, 79 insertions, 40 deletions
@@ -1,6 +1,6 @@ pkgbase = systemd-selinux - pkgver = 255.4 - pkgrel = 2 + pkgver = 255.5 + pkgrel = 4 url = https://www.github.com/systemd/systemd arch = x86_64 arch = aarch64 @@ -55,7 +55,7 @@ pkgbase = systemd-selinux makedepends = python-pefile makedepends = libselinux conflicts = mkinitcpio<38-1 - source = git+https://github.com/systemd/systemd-stable#tag=4003dd6754e3446691402d3cc389fbfd4faccc90?signed + source = git+https://github.com/systemd/systemd-stable#tag=v255.5?signed source = git+https://github.com/systemd/systemd#tag=v255?signed source = 0001-Use-Arch-Linux-device-access-groups.patch source = arch.conf @@ -77,8 +77,8 @@ pkgbase = systemd-selinux validpgpkeys = A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E validpgpkeys = 9A774DB5DB996C154EBBFBFDA0099A18E29326E1 validpgpkeys = 5C251B5FC54EB2F80F407AAAC54CA336CFEB557E - sha512sums = SKIP - sha512sums = SKIP + sha512sums = ab0d47a29d60cb88f0934a9204c71cd78e2f5f568b9da532fdd4f8da55a352fce51cbcbaf17dc1a6f5b3c43ed7579876c724abcc2af5d8c4d3979f2ede60982f + sha512sums = d430427987309483c99062adb02741d25239ba5fbb97053ef817c0c5a0a935328af9c8b651de2b119b0e851dcf6623f01343859735ff81d7013ab0133e67c7ea sha512sums = 3ccf783c28f7a1c857120abac4002ca91ae1f92205dcd5a84aff515d57e706a3f9240d75a0a67cff5085716885e06e62597baa86897f298662ec36a940cf410e sha512sums = 61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648 sha512sums = c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5 @@ -103,6 +103,7 @@ pkgname = systemd-selinux license = CC0-1.0 license = GPL-2.0-or-later license = MIT-0 + depends = systemd-libs-selinux=255.5 depends = acl depends = libacl.so depends = bash @@ -119,7 +120,6 @@ pkgname = systemd-selinux depends = libgcrypt depends = libxcrypt depends = libcrypt.so - depends = systemd-libs-selinux depends = libidn2 depends = lz4 depends = pam-selinux @@ -151,9 +151,9 @@ pkgname = systemd-selinux optdepends = libp11-kit: support PKCS#11 optdepends = tpm2-tss: unlocking LUKS2 volumes with TPM2 provides = nss-myhostname - provides = systemd-tools=255.4 - provides = udev=255.4 - provides = systemd=255.4-2 + provides = systemd-tools=255.5 + provides = udev=255.5 + provides = systemd=255.5-4 conflicts = nss-myhostname conflicts = systemd-tools conflicts = udev @@ -194,7 +194,7 @@ pkgname = systemd-libs-selinux provides = libsystemd.so provides = libudev.so provides = libsystemd-selinux - provides = systemd-libs=255.4-2 + provides = systemd-libs=255.5-4 conflicts = libsystemd conflicts = libsystemd-selinux conflicts = systemd-libs @@ -202,29 +202,29 @@ pkgname = systemd-libs-selinux pkgname = systemd-resolvconf-selinux pkgdesc = systemd resolvconf replacement with SELinux support (for use with systemd-resolved) - depends = systemd-selinux + depends = systemd-selinux=255.5 provides = openresolv provides = resolvconf - provides = systemd-resolvconf=255.4-2 + provides = systemd-resolvconf=255.5-4 conflicts = resolvconf - conflicts = systemd-resolvconf=255.4-2 + conflicts = systemd-resolvconf=255.5-4 pkgname = systemd-sysvcompat-selinux pkgdesc = sysvinit compat for systemd with SELinux support - depends = systemd-selinux - provides = systemd-sysvcompat=255.4-2 - provides = selinux-systemd-sysvcompat=255.4-2 + depends = systemd-selinux=255.5 + provides = systemd-sysvcompat=255.5-4 + provides = selinux-systemd-sysvcompat=255.5-4 conflicts = sysvinit conflicts = systemd-sysvcompat conflicts = selinux-systemd-sysvcompat pkgname = systemd-ukify-selinux - pkgdesc = Combine kernel and initrd into a signed Unified Kernel Image + pkgdesc = Combine kernel and initrd into a signed Unified Kernel Image with SELinux support + depends = systemd-selinux=255.5 depends = binutils depends = python-cryptography depends = python-pefile - depends = systemd optdepends = python-pillow: Show the size of splash image optdepends = sbsigntools: Sign the embedded kernel provides = ukify - provides = systemd-ukify=255.4-2 + provides = systemd-ukify=255.5-4 @@ -12,8 +12,7 @@ pkgname=('systemd-selinux' 'systemd-resolvconf-selinux' 'systemd-sysvcompat-selinux' 'systemd-ukify-selinux') -_tag='4003dd6754e3446691402d3cc389fbfd4faccc90' # git rev-parse v${_tag_name} -_tag_name=255.4 +_tag='255.5' # Upstream versioning is incompatible with pacman's version comparisons so we # replace tildes with the empty string to make sure pacman's version comparing # does the right thing for rc versions: @@ -21,8 +20,8 @@ _tag_name=255.4 # 1 # ➜ vercmp 255rc1 255 # -1 -pkgver="${_tag_name/~/}" -pkgrel=2 +pkgver="${_tag/~/}" +pkgrel=4 arch=('x86_64' 'aarch64') license=('LGPL-2.1-or-later') url='https://www.github.com/systemd/systemd' @@ -40,8 +39,8 @@ validpgpkeys=('63CDA1E5D3FC22B998D20DD6327F26951A015CC4' # Lennart Poettering < 'A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E' # Luca Boccassi <luca.boccassi@gmail.com> '9A774DB5DB996C154EBBFBFDA0099A18E29326E1' # Yu Watanabe <watanabe.yu+github@gmail.com> '5C251B5FC54EB2F80F407AAAC54CA336CFEB557E') # Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> -source=("git+https://github.com/systemd/systemd-stable#tag=${_tag}?signed" - "git+https://github.com/systemd/systemd#tag=v${_tag_name%.*}?signed" +source=("git+https://github.com/systemd/systemd-stable#tag=v${_tag}?signed" + "git+https://github.com/systemd/systemd#tag=v${_tag%.*}?signed" '0001-Use-Arch-Linux-device-access-groups.patch' # bootloader files 'arch.conf' @@ -61,8 +60,8 @@ source=("git+https://github.com/systemd/systemd-stable#tag=${_tag}?signed" '30-systemd-tmpfiles.hook' '30-systemd-udev-reload.hook' '30-systemd-update.hook') -sha512sums=('SKIP' - 'SKIP' +sha512sums=('ab0d47a29d60cb88f0934a9204c71cd78e2f5f568b9da532fdd4f8da55a352fce51cbcbaf17dc1a6f5b3c43ed7579876c724abcc2af5d8c4d3979f2ede60982f' + 'd430427987309483c99062adb02741d25239ba5fbb97053ef817c0c5a0a935328af9c8b651de2b119b0e851dcf6623f01343859735ff81d7013ab0133e67c7ea' '3ccf783c28f7a1c857120abac4002ca91ae1f92205dcd5a84aff515d57e706a3f9240d75a0a67cff5085716885e06e62597baa86897f298662ec36a940cf410e' '61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648' 'c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5' @@ -80,7 +79,31 @@ sha512sums=('SKIP' 'a50d202a9c2e91a4450b45c227b295e1840cc99a5e545715d69c8af789ea3dd95a03a30f050d52855cabdc9183d4688c1b534eaa755ebe93616f9d192a855ee3' '825b9dd0167c072ba62cabe0677e7cd20f2b4b850328022540f122689d8b25315005fa98ce867cf6e7460b2b26df16b88bb3b5c9ebf721746dce4e2271af7b97') +_meson_version="${pkgver}-${pkgrel}" +_meson_mode='release' +_meson_compile=() +_meson_install=() + +if ((_systemd_UPSTREAM)); then + _meson_version="${pkgver}" + _meson_mode='developer' + pkgname+=('systemd-tests') + makedepends+=('libarchive') + optdepends_upstream=('libarchive: convert DDIs to tarballs') + if ((_systemd_QUIET)); then + _meson_install=('--quiet') + else + _meson_compile=('--verbose') + fi +fi + _backports=( + # resolved: always progress DS queries #32552 + 'd840783db5208219c78d73b9b46ef5daae9fea0a' + # resolved: probe for dnssec support in allow-downgrade mode + '5237ffdf2b63a5afea77c3470d9981a2c29643cc' + # resolved: validate authentic insecure delegation to CNAME + '414a9b8e5e1e772261b0ffaedc853f5c0aba5719' ) _reverts=( @@ -124,17 +147,18 @@ build() { ) local _meson_options=( - -Dversion-tag="${_tag_name}-${pkgrel}-arch" + -Dversion-tag="${_meson_version}-arch" # We use the version without tildes as the shared library tag because # pacman looks at the shared library version. - -Dshared-lib-tag="${pkgver}-${pkgrel}" - -Dmode=release + -Dshared-lib-tag="${_meson_version/~/}" + -Dmode="${_meson_mode}" -Dapparmor=false -Dbootloader=true -Dxenctrl=false -Dbpf-framework=true -Dima=false + -Dinstall-tests=true -Dlibidn2=true -Dlz4=true -Dman=true @@ -166,9 +190,9 @@ build() { -Dsbat-distro-url="https://aur.archlinux.org/packages/${pkgname}/" ) - arch-meson "${pkgbase/-selinux}-stable" build "${_meson_options[@]}" + arch-meson "${pkgbase/-selinux}-stable" build "${_meson_options[@]}" $MESON_EXTRA_CONFIGURE_OPTIONS - meson compile -C build + meson compile -C build "${_meson_compile[@]}" } check() { @@ -182,11 +206,12 @@ package_systemd-selinux() { 'GPL-2.0-or-later' # udev 'MIT-0' # documentation and config files ) - depends=('acl' 'libacl.so' 'bash' 'cryptsetup' 'libcryptsetup.so' 'dbus' + depends=("systemd-libs-selinux=${pkgver}" + 'acl' 'libacl.so' 'bash' 'cryptsetup' 'libcryptsetup.so' 'dbus' 'dbus-units' 'kbd' 'kmod' 'libkmod.so' 'hwdata' 'libcap' 'libcap.so' - 'libgcrypt' 'libxcrypt' 'libcrypt.so' 'systemd-libs-selinux' 'libidn2' 'lz4' 'pam-selinux' + 'libgcrypt' 'libxcrypt' 'libcrypt.so' 'libidn2' 'lz4' 'pam-selinux' 'libelf' 'libseccomp' 'libseccomp.so' 'util-linux-selinux' 'libblkid.so' - 'libmount.so' 'xz' 'pcre2' 'audit' 'libaudit.so' + 'libmount.so' 'xz' 'pcre2' 'audit' 'libaudit.so' 'openssl' 'libcrypto.so' 'libssl.so') provides=('nss-myhostname' "systemd-tools=$pkgver" "udev=$pkgver" "${pkgname/-selinux}=${pkgver}-${pkgrel}") @@ -206,6 +231,7 @@ package_systemd-selinux() { 'libfido2: unlocking LUKS2 volumes with FIDO2 token' 'libp11-kit: support PKCS#11' 'tpm2-tss: unlocking LUKS2 volumes with TPM2') + optdepends+=("${_optdepends_upstream[@]}") backup=(etc/pam.d/systemd-user etc/systemd/coredump.conf etc/systemd/homed.conf @@ -225,7 +251,7 @@ package_systemd-selinux() { etc/udev/udev.conf) install=systemd.install - meson install -C build --destdir "$pkgdir" + meson install -C build --destdir "$pkgdir" "${_meson_install[@]}" # we'll create this on installation rmdir "$pkgdir"/var/log/journal/remote @@ -255,6 +281,10 @@ package_systemd-selinux() { # files shipped with systemd-resolvconf rm "$pkgdir"/usr/{bin/resolvconf,share/man/man1/resolvconf.1} + # tests shipped with systemd-tests (for upstream) + install -d -m0755 systemd-tests/ + mv "$pkgdir"/usr/lib/systemd/tests systemd-tests/ + # avoid a potential conflict with [core]/filesystem rm "$pkgdir"/usr/share/factory/etc/{issue,nsswitch.conf} sed -i -e '/^C \/etc\/nsswitch\.conf/d' \ @@ -302,7 +332,7 @@ package_systemd-libs-selinux() { package_systemd-resolvconf-selinux() { pkgdesc='systemd resolvconf replacement with SELinux support (for use with systemd-resolved)' - depends=('systemd-selinux') + depends=("systemd-selinux=${pkgver}") provides=('openresolv' 'resolvconf' "${pkgname/-selinux}=${pkgver}-${pkgrel}") conflicts=('resolvconf' "${pkgname/-selinux}=${pkgver}-${pkgrel}") @@ -316,7 +346,7 @@ package_systemd-resolvconf-selinux() { package_systemd-sysvcompat-selinux() { pkgdesc='sysvinit compat for systemd with SELinux support' conflicts=('sysvinit' "${pkgname/-selinux}" 'selinux-systemd-sysvcompat') - depends=('systemd-selinux') + depends=("systemd-selinux=${pkgver}") provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}" "selinux-systemd-sysvcompat=${pkgver}-${pkgrel}") @@ -330,10 +360,19 @@ package_systemd-sysvcompat-selinux() { done } +package_systemd-tests-selinux() { + pkgdesc='systemd tests with SELinux support' + provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}") + depends=("systemd-selinux=${pkgver}") + + install -d -m0755 "$pkgdir"/usr/lib/systemd + mv systemd-tests/tests "$pkgdir"/usr/lib/systemd/tests +} + package_systemd-ukify-selinux() { - pkgdesc='Combine kernel and initrd into a signed Unified Kernel Image' + pkgdesc='Combine kernel and initrd into a signed Unified Kernel Image with SELinux support' provides=('ukify' "${pkgname/-selinux}=${pkgver}-${pkgrel}") - depends=('binutils' 'python-cryptography' 'python-pefile' 'systemd') + depends=("systemd-selinux=${pkgver}" 'binutils' 'python-cryptography' 'python-pefile') optdepends=('python-pillow: Show the size of splash image' 'sbsigntools: Sign the embedded kernel') |