diff options
15 files changed, 132 insertions, 406 deletions
diff --git a/pcr/systemd-knock/0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch b/pcr/systemd-knock/0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch deleted file mode 100644 index 86817596b..000000000 --- a/pcr/systemd-knock/0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 1ab19cb167b32967556eefd8f6d3df0e3de7d67d Mon Sep 17 00:00:00 2001 -From: Dave Reisner <dreisner@archlinux.org> -Date: Wed, 29 Oct 2014 13:32:43 -0400 -Subject: [PATCH] nspawn: ignore EEXIST when creating mount point - -A combination of commits f3c80515c and 79d80fc14 cause nspawn to -silently fail with a commandline such as: - - # systemd-nspawn -D /build/extra-x86_64 --bind=/usr - -strace shows the culprit: - - [pid 27868] writev(2, [{"Failed to create mount point /build/extra-x86_64/usr: File exists", 82}, {"\n", 1}], 2) = 83 ---- - src/nspawn/nspawn.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c -index b6d9bc6..d88987a 100644 ---- a/src/nspawn/nspawn.c -+++ b/src/nspawn/nspawn.c -@@ -758,7 +758,7 @@ static int mount_binds(const char *dest, char **l, bool ro) { - * and char devices. */ - if (S_ISDIR(source_st.st_mode)) { - r = mkdir_label(where, 0755); -- if (r < 0) { -+ if (r < 0 && errno != EEXIST) { - log_error("Failed to create mount point %s: %s", where, strerror(-r)); - - return r; --- -2.1.2 - diff --git a/pcr/systemd-knock/0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch b/pcr/systemd-knock/0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch deleted file mode 100644 index fc8f16a79..000000000 --- a/pcr/systemd-knock/0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch +++ /dev/null @@ -1,25 +0,0 @@ -From ef7b6c0190fefaacf6d8f8e1a6dda4ba8b98091b Mon Sep 17 00:00:00 2001 -From: Lennart Poettering <lennart@poettering.net> -Date: Wed, 29 Oct 2014 17:58:43 +0100 -Subject: [PATCH] sd-bus: properly handle removals of non-existing matches - ---- - src/libsystemd/sd-bus/bus-match.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libsystemd/sd-bus/bus-match.c b/src/libsystemd/sd-bus/bus-match.c -index 18afe0f..5658c61 100644 ---- a/src/libsystemd/sd-bus/bus-match.c -+++ b/src/libsystemd/sd-bus/bus-match.c -@@ -537,7 +537,7 @@ static int bus_match_find_compare_value( - else if (BUS_MATCH_CAN_HASH(t)) - n = hashmap_get(c->compare.children, value_str); - else { -- for (n = c->child; !value_node_same(n, t, value_u8, value_str); n = n->next) -+ for (n = c->child; n && !value_node_same(n, t, value_u8, value_str); n = n->next) - ; - } - --- -2.1.3 - diff --git a/pcr/systemd-knock/0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch b/pcr/systemd-knock/0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch deleted file mode 100644 index 3d72b5df2..000000000 --- a/pcr/systemd-knock/0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch +++ /dev/null @@ -1,31 +0,0 @@ -From d5a248dbe933c5cbe3ba3d0c5eb8a035018ba6af Mon Sep 17 00:00:00 2001 -From: Dan Williams <dcbw@redhat.com> -Date: Thu, 30 Oct 2014 14:23:00 -0500 -Subject: [PATCH] sd-dhcp-client: clean up raw socket sd_event_source when - creating new UDP socket - -The raw socket sd_event_source used for DHCP server solicitations -was simply dropped on the floor when creating the new UDP socket -after a lease has been acquired. Clean it up properly so we're -not still listening and responding to events on it. ---- - src/libsystemd-network/sd-dhcp-client.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c -index 0eba4c3..1f7f238 100644 ---- a/src/libsystemd-network/sd-dhcp-client.c -+++ b/src/libsystemd-network/sd-dhcp-client.c -@@ -1269,6 +1269,9 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, - if (r >= 0) { - client->timeout_resend = - sd_event_source_unref(client->timeout_resend); -+ client->receive_message = -+ sd_event_source_unref(client->receive_message); -+ client->fd = asynchronous_close(client->fd); - - if (IN_SET(client->state, DHCP_STATE_REQUESTING, - DHCP_STATE_REBOOTING)) --- -2.1.3 - diff --git a/pcr/systemd-knock/0001-shared-install-avoid-prematurely-rejecting-missing-u.patch b/pcr/systemd-knock/0001-shared-install-avoid-prematurely-rejecting-missing-u.patch deleted file mode 100644 index 6ea9c7cca..000000000 --- a/pcr/systemd-knock/0001-shared-install-avoid-prematurely-rejecting-missing-u.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 0ffce503cd6e5a5ff5ba5cd1cc23684cfb8bb9e3 Mon Sep 17 00:00:00 2001 -From: Dave Reisner <dreisner@archlinux.org> -Date: Thu, 30 Oct 2014 20:12:05 -0400 -Subject: [PATCH] shared/install: avoid prematurely rejecting "missing" units - -f7101b7368df copied some logic to prevent enabling masked units, but -also added a check which causes attempts to enable templated units to -fail. Since we know the logic beyond this check will properly handle -units which truly do not exist, we can rely on the unit file state -comparison to suffice for expressing the intent of f7101b7368df. - -ref: https://bugs.archlinux.org/task/42616 ---- - src/shared/install.c | 8 +++----- - 1 file changed, 3 insertions(+), 5 deletions(-) - -diff --git a/src/shared/install.c b/src/shared/install.c -index 035b44c..cab93e8 100644 ---- a/src/shared/install.c -+++ b/src/shared/install.c -@@ -1620,12 +1620,10 @@ int unit_file_enable( - STRV_FOREACH(i, files) { - UnitFileState state; - -+ /* We only want to know if this unit is masked, so we ignore -+ * errors from unit_file_get_state, deferring other checks. -+ * This allows templated units to be enabled on the fly. */ - state = unit_file_get_state(scope, root_dir, *i); -- if (state < 0) { -- log_error("Failed to get unit file state for %s: %s", *i, strerror(-state)); -- return state; -- } -- - if (state == UNIT_FILE_MASKED || state == UNIT_FILE_MASKED_RUNTIME) { - log_error("Failed to enable unit: Unit %s is masked", *i); - return -ENOTSUP; --- -2.1.3 - diff --git a/pcr/systemd-knock/0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch b/pcr/systemd-knock/0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch deleted file mode 100644 index 5d48d17bc..000000000 --- a/pcr/systemd-knock/0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 4b5d8d0f22ae61ceb45a25391354ba53b43ee992 Mon Sep 17 00:00:00 2001 -From: Michal Schmidt <mschmidt@redhat.com> -Date: Thu, 6 Nov 2014 22:24:13 +0100 -Subject: [PATCH] shutdown: fix arguments to /run/initramfs/shutdown - -Our initrd interface specifies that the verb is in argv[1]. -This is where systemd passes it to systemd-shutdown, but getopt -permutes argv[]. This confuses dracut's shutdown script: - Shutdown called with argument '--log-level'. Rebooting! - -getopt can be convinced to not permute argv[] by having '-' as the first -character of optstring. Let's use it. This requires changing the way -non-option arguments (in our case, the verb) are processed. - -This fixes a bug where the system would reboot instead of powering off. ---- - src/core/shutdown.c | 17 +++++++++++------ - 1 file changed, 11 insertions(+), 6 deletions(-) - -diff --git a/src/core/shutdown.c b/src/core/shutdown.c -index dd11ae3..48ed7fa 100644 ---- a/src/core/shutdown.c -+++ b/src/core/shutdown.c -@@ -75,7 +75,9 @@ static int parse_argv(int argc, char *argv[]) { - assert(argc >= 1); - assert(argv); - -- while ((c = getopt_long(argc, argv, "", options, NULL)) >= 0) -+ /* "-" prevents getopt from permuting argv[] and moving the verb away -+ * from argv[1]. Our interface to initrd promises it'll be there. */ -+ while ((c = getopt_long(argc, argv, "-", options, NULL)) >= 0) - switch (c) { - - case ARG_LOG_LEVEL: -@@ -113,6 +115,13 @@ static int parse_argv(int argc, char *argv[]) { - - break; - -+ case '\001': -+ if (!arg_verb) -+ arg_verb = optarg; -+ else -+ log_error("Excess arguments, ignoring"); -+ break; -+ - case '?': - return -EINVAL; - -@@ -120,15 +129,11 @@ static int parse_argv(int argc, char *argv[]) { - assert_not_reached("Unhandled option code."); - } - -- if (optind >= argc) { -+ if (!arg_verb) { - log_error("Verb argument missing."); - return -EINVAL; - } - -- arg_verb = argv[optind]; -- -- if (optind + 1 < argc) -- log_error("Excess arguments, ignoring"); - return 0; - } - --- -2.1.3 - diff --git a/pcr/systemd-knock/0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch b/pcr/systemd-knock/0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch deleted file mode 100644 index 1a2ac1edf..000000000 --- a/pcr/systemd-knock/0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 8232e39e7cf32071e11b3b04839e6c98fbc81d0f Mon Sep 17 00:00:00 2001 -From: Colin Guthrie <colin@mageia.org> -Date: Wed, 5 Nov 2014 15:29:41 +0000 -Subject: [PATCH] udev hwdb: Change error message regarding missing hwdb.bin - back to debug. - -When used in an initramfs, it's expected that the hwdb.bin file is -not present (it makes for a very large initramfs otherwise). - -While it's nice to tell the user about this, as it's not strictly -speaking an error we really shouldn't be so forceful in our -reporting. ---- - src/libudev/libudev-hwdb.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/libudev/libudev-hwdb.c b/src/libudev/libudev-hwdb.c -index a1cfc0b..0716072 100644 ---- a/src/libudev/libudev-hwdb.c -+++ b/src/libudev/libudev-hwdb.c -@@ -296,7 +296,7 @@ _public_ struct udev_hwdb *udev_hwdb_new(struct udev *udev) { - } - - if (!hwdb->f) { -- udev_err(udev, "hwdb.bin does not exist, please run udevadm hwdb --update"); -+ udev_dbg(udev, "hwdb.bin does not exist, please run udevadm hwdb --update"); - udev_hwdb_unref(hwdb); - return NULL; - } --- -2.1.3 - diff --git a/pcr/systemd-knock/0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch b/pcr/systemd-knock/0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch deleted file mode 100644 index 0be955ec7..000000000 --- a/pcr/systemd-knock/0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 919699ec301ea507edce4a619141ed22e789ac0d Mon Sep 17 00:00:00 2001 -From: Lennart Poettering <lennart@poettering.net> -Date: Fri, 31 Oct 2014 16:22:36 +0100 -Subject: [PATCH] units: don't order journal flushing afte remote-fs.target - -Instead, only depend on the actual file systems we need. - -This should solve dep loops on setups where remote-fs.target is moved -into late boot. ---- - units/systemd-journal-flush.service.in | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/units/systemd-journal-flush.service.in b/units/systemd-journal-flush.service.in -index 699670b..2612220 100644 ---- a/units/systemd-journal-flush.service.in -+++ b/units/systemd-journal-flush.service.in -@@ -10,8 +10,9 @@ Description=Trigger Flushing of Journal to Persistent Storage - Documentation=man:systemd-journald.service(8) man:journald.conf(5) - DefaultDependencies=no - Requires=systemd-journald.service --After=systemd-journald.service local-fs.target remote-fs.target -+After=systemd-journald.service - Before=systemd-user-sessions.service systemd-tmpfiles-setup.service -+RequiresMountsFor=/var/log/journal - - [Service] - ExecStart=@rootbindir@/journalctl --flush --- -2.1.3 - diff --git a/pcr/systemd-knock/0001-units-make-systemd-journald.service-Type-notify.patch b/pcr/systemd-knock/0001-units-make-systemd-journald.service-Type-notify.patch deleted file mode 100644 index 820b23fbf..000000000 --- a/pcr/systemd-knock/0001-units-make-systemd-journald.service-Type-notify.patch +++ /dev/null @@ -1,35 +0,0 @@ -From a87a38c20196a4aeb56b6ba71d688eefd0b21c30 Mon Sep 17 00:00:00 2001 -From: Michal Schmidt <mschmidt@redhat.com> -Date: Tue, 4 Nov 2014 20:28:08 +0100 -Subject: [PATCH] units: make systemd-journald.service Type=notify - -It already calls sd_notify(), so it looks like an oversight. - -Without it, its ordering to systemd-journal-flush.service is -non-deterministic and the SIGUSR1 from flushing may kill journald before -it has its signal handlers set up. - -https://bugs.freedesktop.org/show_bug.cgi?id=85871 -https://bugzilla.redhat.com/show_bug.cgi?id=1159641 ---- -(foutrelis: dropped systemd-journald-audit.socket from Sockets= in order to - apply to systemd 217) - - units/systemd-journald.service.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in -index 7ee67fd..8d380c8 100644 ---- a/units/systemd-journald.service.in -+++ b/units/systemd-journald.service.in -@@ -14,6 +14,7 @@ After=systemd-journald.socket systemd-journald-dev-log.socket systemd-journald-a - Before=sysinit.target - - [Service] -+Type=notify - Sockets=systemd-journald.socket systemd-journald-dev-log.socket - ExecStart=@rootlibexecdir@/systemd-journald - Restart=always --- -2.1.3 - diff --git a/pcr/systemd-knock/0001-units-order-sd-journal-flush-after-sd-remount-fs.patch b/pcr/systemd-knock/0001-units-order-sd-journal-flush-after-sd-remount-fs.patch deleted file mode 100644 index b288b5765..000000000 --- a/pcr/systemd-knock/0001-units-order-sd-journal-flush-after-sd-remount-fs.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 1f1926aa5e836caa3bd6df43704aecd606135103 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> -Date: Sun, 2 Nov 2014 21:45:42 -0500 -Subject: [PATCH] units: order sd-journal-flush after sd-remount-fs - -Otherwise we could attempt to flush the journal while /var/log/ was -still ro, and silently skip journal flushing. - -The way that errors in flushing are handled should still be changed to -be more transparent and robust. ---- - units/systemd-journal-flush.service.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/units/systemd-journal-flush.service.in b/units/systemd-journal-flush.service.in -index fa29089..98c91b4 100644 ---- a/units/systemd-journal-flush.service.in -+++ b/units/systemd-journal-flush.service.in -@@ -11,6 +11,7 @@ Documentation=man:systemd-journald.service(8) man:journald.conf(5) - DefaultDependencies=no - Requires=systemd-journald.service - After=systemd-journald.service -+After=systemd-remount-fs.service - Before=systemd-user-sessions.service systemd-tmpfiles-setup.service - RequiresMountsFor=/var/log/journal - --- -2.1.3 - diff --git a/pcr/systemd-knock/PKGBUILD b/pcr/systemd-knock/PKGBUILD index 932fe14cd..ad7e45925 100644 --- a/pcr/systemd-knock/PKGBUILD +++ b/pcr/systemd-knock/PKGBUILD @@ -1,78 +1,82 @@ # Maintainer (Arch): Dave Reisner <dreisner@archlinux.org> # Maintainer (Arch): Tom Gundersen <teg@jklm.no> # Maintainer: Márcio Silva <coadde@parabola.nu> +# Maintainer: André Silva <emulatorman@parabola.nu> _pkgbase=systemd pkgbase=systemd-knock -pkgname=('systemd-knock' 'libsystemd-knock') -pkgver=217 -pkgrel=8 +pkgname=('systemd-knock' 'libsystemd-knock' 'systemd-knock-sysvcompat') +pkgver=221 +pkgrel=2 arch=('i686' 'x86_64') url="http://www.freedesktop.org/wiki/Software/systemd" -makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gobject-introspection' 'gperf' - 'gtk-doc' 'intltool' 'kmod' 'libcap' 'libidn' 'libgcrypt' 'libmicrohttpd' - 'libxslt' 'util-linux' 'linux-api-headers' 'lz4' 'pam' 'python' - 'python-lxml' 'quota-tools' 'shadow' 'xz') +makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gperf' 'lz4' 'xz' 'pam' + 'intltool' 'iptables' 'kmod' 'libcap' 'libidn' 'libgcrypt' + 'libmicrohttpd' 'libxslt' 'util-linux' 'linux-libre-api-headers' + 'python' 'python-lxml' 'quota-tools' 'shadow' 'gnu-efi-libs' 'git') options=('strip' 'debug') -source=("http://www.freedesktop.org/software/$_pkgbase/$_pkgbase-$pkgver.tar.xz" - '0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch' - '0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch' - '0001-shared-install-avoid-prematurely-rejecting-missing-u.patch' - '0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch' - '0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch' - '0001-units-order-sd-journal-flush-after-sd-remount-fs.patch' - '0001-units-make-systemd-journald.service-Type-notify.patch' - '0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch' - '0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch' - '0001-adds-TCP-Stealth-support-to-systemd.patch::https://gnunet.org/sites/default/files/systemd-knock-patch.diff' +source=("git://github.com/systemd/systemd.git#tag=v$pkgver" + #'0001-adds-TCP-Stealth-support-to-systemd.patch::https://gnunet.org/sites/default/files/systemd-knock-patch.diff' + "https://repo.parabola.nu/other/knock/patches/systemd/0001-adds-TCP-Stealth-support-to-systemd-221.patch" 'initcpio-hook-udev' 'initcpio-install-systemd' - 'initcpio-install-udev') -md5sums=('e68dbff3cc19f66e341572d9fb2ffa89' - 'ca9e33118fd8d456563854d95512a577' - 'ade8c1b5b2c85d0a83b7bcf5aa6d131a' - '7aaf44ce842deb449fca0f2595bbc1e4' - '4adc3ddce027693bafa53089322e859b' - '42ff9d59bb057637355b202157d59991' - '92497d06e0af615be4b368fe615109c0' - 'a321d62d6ffada9e6976bdd339fa3219' - 'f72e8d086172177c224f0ce48ef54222' - '6326988822e9d18217525b2cb25cec1d' - '460945a02c8972bbc6616a5d8136a3ad' + 'initcpio-install-udev' + 'parabola.conf' + 'loader.conf' + 'splash-parabola.bmp') +md5sums=('SKIP' + '936208db8995db77efbb388735f950af' '90ea67a7bb237502094914622a39e281' - '107c489f27c667be4101aecd3369b355' - 'bde43090d4ac0ef048e3eaee8202a407') - + '976c5511b6493715e381f43f16cdb151' + 'bde43090d4ac0ef048e3eaee8202a407' + '36ee74767ac8734dede1cbd0f4f275d7' + '9b9f4a58e4c4009bf5290c5b297600c3' + 'db7c5e4aaa501c1af4301e011f4f5966') prepare() { - cd "$_pkgbase-$pkgver" - - patch -Np1 <../0001-nspawn-ignore-EEXIST-when-creating-mount-point.patch - patch -Np1 <../0001-sd-dhcp-client-clean-up-raw-socket-sd_event_source-w.patch - patch -Np1 <../0001-shared-install-avoid-prematurely-rejecting-missing-u.patch - patch -Np1 <../0001-sd-bus-properly-handle-removals-of-non-existing-matc.patch - patch -Np1 <../0001-units-don-t-order-journal-flushing-afte-remote-fs.ta.patch - patch -Np1 <../0001-units-order-sd-journal-flush-after-sd-remount-fs.patch - patch -Np1 <../0001-units-make-systemd-journald.service-Type-notify.patch - patch -Np1 <../0001-shutdown-fix-arguments-to-run-initramfs-shutdown.patch - patch -Np1 <../0001-udev-hwdb-Change-error-message-regarding-missing-hwd.patch - patch -Np1 <../0001-adds-TCP-Stealth-support-to-systemd.patch + cd "$_pkgbase" + + # pam_systemd: Properly check kdbus availability + # https://github.com/systemd/systemd/commit/c5d452bb228e + git cherry-pick -n c5d452bb228e + + # udevd: suppress warning if we don't find cgroup + # https://github.com/systemd/systemd/commit/11b9fb15be96 + git cherry-pick -n 11b9fb15be96 + + # core: fix reversed dependency check in unit_check_unneeded + # https://github.com/systemd/systemd/commit/084918ba41ac + git cherry-pick -n 084918ba41ac + + # rules: remove all power management from udev + # https://github.com/systemd/systemd/commit/e2452eef02a8 + git cherry-pick -n e2452eef02a8 + + # logind: fix delayed execution regression + # https://github.com/systemd/systemd/commit/418b22b88f79 + git cherry-pick -n 418b22b88f79 + + # bus-proxy: never apply policy when sending signals + # https://github.com/systemd/systemd/commit/3723263f4989 + git cherry-pick -n 3723263f4989 + + patch -Np1 <../0001-adds-TCP-Stealth-support-to-systemd-221.patch + + ./autogen.sh } build() { - cd "$_pkgbase-$pkgver" + cd "$_pkgbase" local timeservers=({0..3}.arch.pool.ntp.org) - autoreconf --force --install -I config -I m4 ./configure \ --libexecdir=/usr/lib \ --localstatedir=/var \ --sysconfdir=/etc \ - --enable-introspection \ - --enable-gtk-doc \ --enable-lz4 \ --enable-compat-libs \ + --enable-gnuefi \ --enable-tcp-stealth \ --disable-audit \ --disable-ima \ @@ -85,10 +89,11 @@ build() { } package_systemd-knock() { - pkgdesc="system and service manager with support for stealth TCP sockets" - license=('GPL2' 'LGPL2.1' 'MIT') - depends=('acl' 'bash' 'dbus' 'glib2' 'kbd' 'kmod' 'hwids' 'libcap' 'libgcrypt' - 'libsystemd-knock' 'libidn' 'lz4' 'pam' 'libseccomp' 'util-linux' 'xz') + pkgdesc="system and service manager with support for stealth TCP sockets (Parabola rebranded)" + license=('GPL2' 'LGPL2.1') + depends=('acl' 'bash' 'dbus' 'glib2' 'iptables' 'kbd' 'kmod' 'hwids' 'libcap' + 'libgcrypt' 'libsystemd-knock' 'libidn' 'lz4' 'pam' 'libseccomp' 'util-linux' + 'xz') provides=('nss-myhostname' "systemd-tools=$pkgver" "udev=$pkgver" "systemd=$pkgver") replaces=('nss-myhostname' 'systemd-tools' 'udev') conflicts=('nss-myhostname' 'systemd-tools' 'udev' 'systemd') @@ -96,7 +101,7 @@ package_systemd-knock() { 'cryptsetup: required for encrypted block devices' 'libmicrohttpd: remote journald capabilities' 'quota-tools: kernel-level quota management' - 'systemd-sysvcompat: symlink package to provide sysvinit binaries' + 'systemd-knock-sysvcompat: symlink package to provide sysvinit binaries' 'polkit: allow administration as unprivileged user') backup=(etc/dbus-1/system.d/org.freedesktop.systemd1.conf etc/dbus-1/system.d/org.freedesktop.hostname1.conf @@ -104,10 +109,14 @@ package_systemd-knock() { etc/dbus-1/system.d/org.freedesktop.locale1.conf etc/dbus-1/system.d/org.freedesktop.machine1.conf etc/dbus-1/system.d/org.freedesktop.timedate1.conf + etc/dbus-1/system.d/org.freedesktop.import1.conf + etc/dbus-1/system.d/org.freedesktop.network1.conf etc/pam.d/systemd-user etc/systemd/bootchart.conf etc/systemd/coredump.conf etc/systemd/journald.conf + etc/systemd/journal-remote.conf + etc/systemd/journal-upload.conf etc/systemd/logind.conf etc/systemd/system.conf etc/systemd/timesyncd.conf @@ -116,23 +125,17 @@ package_systemd-knock() { etc/udev/udev.conf) install="systemd.install" - make -C "$_pkgbase-$pkgver" DESTDIR="$pkgdir" install + make -C "$_pkgbase" DESTDIR="$pkgdir" install # don't write units to /etc by default. some of these will be re-enabled on # post_install. - rm "$pkgdir/etc/systemd/system/getty.target.wants/getty@tty1.service" \ - "$pkgdir/etc/systemd/system/multi-user.target.wants/systemd-networkd.service" \ - "$pkgdir/etc/systemd/system/multi-user.target.wants/systemd-resolved.service" \ - "$pkgdir/etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service" \ - "$pkgdir/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service" - rmdir "$pkgdir/etc/systemd/system/getty.target.wants" \ - "$pkgdir/etc/systemd/system/network-online.target.wants" + rm -r "$pkgdir/etc/systemd/system/"*.wants # get rid of RPM macros rm -r "$pkgdir/usr/lib/rpm" # add back tmpfiles.d/legacy.conf - install -m644 "systemd-$pkgver/tmpfiles.d/legacy.conf" "$pkgdir/usr/lib/tmpfiles.d" + install -m644 "systemd/tmpfiles.d/legacy.conf" "$pkgdir/usr/lib/tmpfiles.d" # Replace dialout/tape/cdrom group in rules with uucp/storage/optical group sed -i 's#GROUP="dialout"#GROUP="uucp"#g; @@ -149,7 +152,10 @@ package_systemd-knock() { # ensure proper permissions for /var/log/journal. This is only to placate chown root:systemd-journal "$pkgdir/var/log/journal" - chmod 2755 "$pkgdir/var/log/journal"{,/remote} + chmod 2755 "$pkgdir/var/log/journal" + + # we'll create this on installation + rmdir "$pkgdir/var/log/journal/remote" # fix pam file sed 's|system-auth|system-login|g' -i "$pkgdir/etc/pam.d/systemd-user" @@ -167,22 +173,41 @@ package_systemd-knock() { rm -rf "$srcdir/_libsystemd" install -dm755 "$srcdir"/_libsystemd/usr/lib cd "$srcdir"/_libsystemd - mv "$pkgdir"/usr/lib/lib{systemd,{g,}udev}*.so* usr/lib + mv "$pkgdir"/usr/lib/lib{systemd,udev}*.so* usr/lib - # include MIT license, since it's technically custom - install -Dm644 "$srcdir/$_pkgbase-$pkgver/LICENSE.MIT" \ - "$pkgdir/usr/share/licenses/systemd/LICENSE.MIT" + # add example bootctl configuration + install -Dm644 "$srcdir/parabola.conf" "$pkgdir"/usr/share/systemd/bootctl/parabola.conf + install -Dm644 "$srcdir/loader.conf" "$pkgdir"/usr/share/systemd/bootctl/loader.conf + install -Dm644 "$srcdir/splash-parabola.bmp" "$pkgdir"/usr/share/systemd/bootctl/splash-parabola.bmp } package_libsystemd-knock() { pkgdesc="systemd client libraries with support for stealth TCP sockets" depends=('glib2' 'glibc' 'libgcrypt' 'lz4' 'xz') license=('GPL2') - provides=('libgudev-1.0.so' 'libsystemd.so' 'libsystemd-daemon.so' 'libsystemd-id128.so' + provides=('libsystemd.so' 'libsystemd-daemon.so' 'libsystemd-id128.so' 'libsystemd-journal.so' 'libsystemd-login.so' 'libudev.so' "libsystemd=$pkgver") conflicts=('libsystemd') mv "$srcdir/_libsystemd"/* "$pkgdir" } +package_systemd-knock-sysvcompat() { + pkgdesc="sysvinit compat for systemd-knock" + license=('GPL2') + groups=('base') + provides=("systemd-sysvcompat=$pkgver") + conflicts=('sysvinit' 'systemd-sysvcompat') + depends=('systemd-knock') + + mv "$srcdir/_sysvcompat"/* "$pkgdir" + + install -dm755 "$pkgdir/usr/bin" + for tool in runlevel reboot shutdown poweroff halt telinit; do + ln -s 'systemctl' "$pkgdir/usr/bin/$tool" + done + + ln -s '../lib/systemd/systemd' "$pkgdir/usr/bin/init" +} + # vim: ft=sh syn=sh et diff --git a/pcr/systemd-knock/initcpio-install-systemd b/pcr/systemd-knock/initcpio-install-systemd index 1ebca01a8..96df98ada 100644 --- a/pcr/systemd-knock/initcpio-install-systemd +++ b/pcr/systemd-knock/initcpio-install-systemd @@ -34,6 +34,7 @@ add_udev_rule() { strip_quotes 'value' # just take the first word as the binary name binary=${value%% *} + [[ ${binary:0:1} == '$' ]] && continue if [[ ${binary:0:1} != '/' ]]; then binary=$(PATH=/usr/lib/udev:/lib/udev type -P "$binary") fi @@ -101,14 +102,13 @@ build() { add_binary /usr/lib/systemd/systemd /init map add_binary \ + /usr/bin/systemd-tmpfiles \ /usr/lib/systemd/systemd-hibernate-resume \ - /usr/lib/systemd/system-generators/systemd-hibernate-resume-generator \ - /usr/bin/systemd-tmpfiles - - # generators - map add_file \ /usr/lib/systemd/system-generators/systemd-fstab-generator \ - /usr/lib/systemd/system-generators/systemd-gpt-auto-generator + /usr/lib/systemd/system-generators/systemd-gpt-auto-generator \ + /usr/lib/systemd/system-generators/systemd-hibernate-resume-generator + + add_module "kdbus?" # udev rules and systemd units map add_udev_rule "$rules" \ @@ -131,12 +131,14 @@ build() { local-fs.target \ local-fs-pre.target \ paths.target \ + reboot.target \ slices.target \ sockets.target \ swap.target \ systemd-fsck@.service \ systemd-hibernate-resume@.service \ systemd-journald.service \ + systemd-journald-audit.socket \ systemd-journald-dev-log.socket \ systemd-tmpfiles-setup-dev.service \ systemd-udev-trigger.service \ diff --git a/pcr/systemd-knock/loader.conf b/pcr/systemd-knock/loader.conf new file mode 100644 index 000000000..a064e3463 --- /dev/null +++ b/pcr/systemd-knock/loader.conf @@ -0,0 +1 @@ +default parabola diff --git a/pcr/systemd-knock/parabola.conf b/pcr/systemd-knock/parabola.conf new file mode 100644 index 000000000..111072ea2 --- /dev/null +++ b/pcr/systemd-knock/parabola.conf @@ -0,0 +1,7 @@ +## This is just an example config file. +## Please edit the paths and kernel parameters according to your system. + +title Parabola GNU/Linux-libre +linux /vmlinuz-linux-libre +initrd /initramfs-linux-libre.img +options root=PARTUUID=XXXX rootfstype=XXXX add_efi_memmap diff --git a/pcr/systemd-knock/splash-parabola.bmp b/pcr/systemd-knock/splash-parabola.bmp Binary files differnew file mode 100644 index 000000000..b6ae7fcee --- /dev/null +++ b/pcr/systemd-knock/splash-parabola.bmp diff --git a/pcr/systemd-knock/systemd.install b/pcr/systemd-knock/systemd.install index 8957a3336..b0a3e1fa4 100644 --- a/pcr/systemd-knock/systemd.install +++ b/pcr/systemd-knock/systemd.install @@ -146,22 +146,34 @@ _216_2_changes() { echo ' tuned in /etc/systemd/coredump.conf.' } +_219_2_changes() { + if mkdir -m2755 var/log/journal/remote 2>/dev/null; then + chgrp systemd-journal-remote var/log/journal/remote + fi +} + +_219_4_changes() { + if ! systemctl is-enabled -q remote-fs.target; then + systemctl enable -q remote-fs.target + fi +} + post_install() { - # because systemd can't sanely manage this meanial task... - uuidgen | { - read - echo "${REPLY//-}">etc/machine-id - } + systemd-machine-id-setup post_common "$@" add_journal_acls - # enable getty@tty1 by default, but don't track the file - systemctl enable getty@tty1.service + # enable some services by default, but don't track them + systemctl enable getty@tty1.service remote-fs.target echo ":: Append 'init=/usr/lib/systemd/systemd' to your kernel command line in your" echo " bootloader to replace sysvinit with systemd, or install systemd-sysvcompat" + + # group 'systemd-journal-remote' is created by systemd-sysusers + mkdir -m2755 var/log/journal/remote + chgrp systemd-journal-remote var/log/journal/remote } post_upgrade() { @@ -179,7 +191,9 @@ post_upgrade() { 213-4 214-2 215-2 - 216-2) + 216-2 + 219-2 + 219-4) for v in "${upgrades[@]}"; do if [[ $(vercmp "$v" "$2") -eq 1 ]]; then |