Tue Jun 4 00:27:56 PDT 2013

author: root <root@rshg054.dnsready.net> 2013-06-04 00:27:56 -0700
committer: root <root@rshg054.dnsready.net> 2013-06-04 00:27:56 -0700
commit: cc57cb201ddb179d2bb481c13dd4f286ae643b12 (patch)
tree: 7932470d6b8a193c032f1012a7996cc78ea52201 /core/systemd
parent: 1f86bf1b08cb980cea57c1d4d3187e2251f5a63b (diff)
3 files changed, 98 insertions, 29 deletions
diff --git a/core/systemd/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch b/core/systemd/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch
new file mode 100644
index 000000000..372ecebff
--- /dev/null
+++ b/core/systemd/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch
@@ -0,0 +1,87 @@
+From 23ad4dd8844c582929115a11ed2830a1371568d6 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Tue, 28 May 2013 20:45:34 +0200
+Subject: [PATCH] journald: DO recalculate the ACL mask, but only if it doesn't
+ exist
+
+Since 11ec7ce, journald isn't setting the ACLs properly anymore if
+the files had no ACLs to begin with: acl_set_fd fails with EINVAL.
+
+An ACL with ACL_USER or ACL_GROUP entries but no ACL_MASK entry is
+invalid, so make sure a mask exists before trying to set the ACL.
+---
+ src/journal/journald-server.c |  6 ++++--
+ src/shared/acl-util.c         | 28 ++++++++++++++++++++++++++++
+ src/shared/acl-util.h         |  1 +
+ 3 files changed, 33 insertions(+), 2 deletions(-)
+
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index b717b92..da5b725 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -227,9 +227,11 @@ void server_fix_perms(Server *s, JournalFile *f, uid_t uid) {
+                 }
+         }
+ 
+-        /* We do not recalculate the mask here, so that the fchmod() mask above stays intact. */
++        /* We do not recalculate the mask unconditionally here,
++         * so that the fchmod() mask above stays intact. */
+         if (acl_get_permset(entry, &permset) < 0 ||
+-            acl_add_perm(permset, ACL_READ) < 0) {
++            acl_add_perm(permset, ACL_READ) < 0 ||
++            calc_acl_mask_if_needed(&acl) < 0) {
+                 log_warning("Failed to patch ACL on %s, ignoring: %m", f->path);
+                 goto finish;
+         }
+diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c
+index 48bb12f..fb04e49 100644
+--- a/src/shared/acl-util.c
++++ b/src/shared/acl-util.c
+@@ -69,6 +69,34 @@ int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry) {
+         return 0;
+ }
+ 
++int calc_acl_mask_if_needed(acl_t *acl_p) {
++        acl_entry_t i;
++        int found;
++
++        assert(acl_p);
++
++        for (found = acl_get_entry(*acl_p, ACL_FIRST_ENTRY, &i);
++             found > 0;
++             found = acl_get_entry(*acl_p, ACL_NEXT_ENTRY, &i)) {
++
++                acl_tag_t tag;
++
++                if (acl_get_tag_type(i, &tag) < 0)
++                        return -errno;
++
++                if (tag == ACL_MASK)
++                        return 0;
++        }
++
++        if (found < 0)
++                return -errno;
++
++        if (acl_calc_mask(acl_p) < 0)
++                return -errno;
++
++        return 0;
++}
++
+ int search_acl_groups(char*** dst, const char* path, bool* belong) {
+         acl_t acl;
+ 
+diff --git a/src/shared/acl-util.h b/src/shared/acl-util.h
+index 23090d9..36ef490 100644
+--- a/src/shared/acl-util.h
++++ b/src/shared/acl-util.h
+@@ -24,4 +24,5 @@
+ #include <stdbool.h>
+ 
+ int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry);
++int calc_acl_mask_if_needed(acl_t *acl_p);
+ int search_acl_groups(char*** dst, const char* path, bool* belong);
+-- 
+1.8.3
+
diff --git a/core/systemd/PKGBUILD b/core/systemd/PKGBUILD
index 3a71fe769..9b17e6d8f 100644
--- a/core/systemd/PKGBUILD
+++ b/core/systemd/PKGBUILD
@@ -4,7 +4,7 @@
 pkgbase=systemd
 pkgname=('systemd' 'systemd-sysvcompat')
 pkgver=204
-pkgrel=2
+pkgrel=3
 arch=('i686' 'x86_64')
 url="http://www.freedesktop.org/wiki/Software/systemd"
 license=('GPL2' 'LGPL2.1' 'MIT')
@@ -14,24 +14,24 @@ makedepends=('acl' 'cryptsetup' 'dbus-core' 'docbook-xsl' 'gobject-introspection
 options=('!libtool')
 source=("http://www.freedesktop.org/software/$pkgname/$pkgname-$pkgver.tar.xz"
         0001-utmp-turn-systemd-update-utmp-shutdown.service-into-.patch
+        0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch
         'initcpio-hook-udev'
         'initcpio-install-udev'
-        'initcpio-install-timestamp'
-        'use-split-usr-path.patch')
+        'initcpio-install-timestamp')
 md5sums=('a07619bb19f48164fbf0761d12fd39a8'
          '7f39f9fde1ff7b48293ed1e3d0a6c213'
+         '66e3162856ded8eb7dc7383405c6e0d6'
          'e99e9189aa2f6084ac28b8ddf605aeb8'
          'fb37e34ea006c79be1c54cbb0f803414'
-         'df69615503ad293c9ddf9d8b7755282d'
-         '76bf83fe34c5b40533abc5dc940576a6')
+         'df69615503ad293c9ddf9d8b7755282d')
 
 prepare() {
   cd "$pkgname-$pkgver"
 
-  # hang onto this until we do the /{,s}bin merge
-  patch -Np1 <"$srcdir/use-split-usr-path.patch"
-
   patch -Np1 <"$srcdir/0001-utmp-turn-systemd-update-utmp-shutdown.service-into-.patch"
+
+  patch -Np1 <"$srcdir/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch"
+
   autoreconf
 }
 
@@ -101,10 +101,6 @@ package_systemd() {
   # get rid of RPM macros
   rm -r "$pkgdir/etc/rpm"
 
-  # the path to udevadm is hardcoded in some places
-  install -d "$pkgdir/sbin"
-  ln -s ../usr/bin/udevadm "$pkgdir/sbin/udevadm"
-
   # add back tmpfiles.d/legacy.conf
   install -m644 "systemd-$pkgver/tmpfiles.d/legacy.conf" "$pkgdir/usr/lib/tmpfiles.d"
 
@@ -133,12 +129,12 @@ package_systemd-sysvcompat() {
 
   mv "$srcdir/_sysvcompat"/* "$pkgdir"
 
-  install -dm755 "$pkgdir/sbin"
+  install -dm755 "$pkgdir/usr/bin"
   for tool in runlevel reboot shutdown poweroff halt telinit; do
-    ln -s '/usr/bin/systemctl' "$pkgdir/sbin/$tool"
+    ln -s 'systemctl' "$pkgdir/usr/bin/$tool"
   done
 
-  ln -s '../usr/lib/systemd/systemd' "$pkgdir/sbin/init"
+  ln -s '../lib/systemd/systemd' "$pkgdir/usr/bin/init"
 }
 
 # vim: ft=sh syn=sh et
diff --git a/core/systemd/use-split-usr-path.patch b/core/systemd/use-split-usr-path.patch
deleted file mode 100644
index 40dd62f90..000000000
--- a/core/systemd/use-split-usr-path.patch
+++ /dev/null
@@ -1,14 +0,0 @@
---- a/src/core/main.c	2012-09-20 23:02:54.000000000 -0400
-+++ b/src/core/main.c	2012-09-20 23:03:13.000000000 -0400
-@@ -1487,11 +1487,7 @@ int main(int argc, char *argv[]) {
- 
-         /* Set up PATH unless it is already set */
-         setenv("PATH",
--#ifdef HAVE_SPLIT_USR
-                "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
--#else
--               "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin",
--#endif
-                arg_running_as == SYSTEMD_SYSTEM);
- 
-         if (arg_running_as == SYSTEMD_SYSTEM) {
author	root <root@rshg054.dnsready.net>	2013-06-04 00:27:56 -0700
committer	root <root@rshg054.dnsready.net>	2013-06-04 00:27:56 -0700
commit	cc57cb201ddb179d2bb481c13dd4f286ae643b12 (patch)
tree	7932470d6b8a193c032f1012a7996cc78ea52201 /core/systemd
parent	1f86bf1b08cb980cea57c1d4d3187e2251f5a63b (diff)