Merge ~enr0n/ubuntu/+source/systemd:ubuntu-kinetic into ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-kinetic
- Git
- lp:~enr0n/ubuntu/+source/systemd
- ubuntu-kinetic
- Merge into ubuntu-kinetic
Status: | Merged |
---|---|
Merged at revision: | fb5fdc89d8514683e3c46b6e5267dce869495808 |
Proposed branch: | ~enr0n/ubuntu/+source/systemd:ubuntu-kinetic |
Merge into: | ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-kinetic |
Diff against target: |
7594 lines (+2925/-689) 205 files modified
.gitignore (+1/-0) debian/changelog (+190/-5) debian/control (+110/-9) debian/extra/initramfs/post-update.d/systemd-boot (+11/-0) debian/extra/kernel/postinst.d/systemd-boot (+11/-0) debian/extra/kernel/postrm.d/systemd-boot (+11/-0) debian/extra/pam-configs/systemd-homed (+15/-0) debian/gitlab-ci.yml (+2/-0) debian/libnss-myhostname.install (+0/-2) debian/libnss-myhostname.manpages (+2/-0) debian/libnss-myhostname.nss (+1/-0) debian/libnss-mymachines.install (+0/-2) debian/libnss-mymachines.manpages (+2/-0) debian/libnss-mymachines.nss (+1/-0) debian/libnss-resolve.install (+0/-2) debian/libnss-resolve.lintian-overrides (+0/-1) debian/libnss-resolve.manpages (+2/-0) debian/libnss-resolve.nss (+1/-0) debian/libnss-systemd.install (+0/-2) debian/libnss-systemd.manpages (+2/-0) debian/libnss-systemd.nss (+4/-0) debian/libpam-systemd.install (+1/-2) debian/libpam-systemd.manpages (+1/-0) debian/libsystemd-dev.install (+0/-2) debian/libsystemd-dev.manpages (+2/-0) debian/libsystemd-shared.install (+2/-0) debian/libsystemd-shared.lintian-overrides (+2/-0) debian/libudev-dev.install (+0/-2) debian/libudev-dev.manpages (+2/-0) debian/patches/Move-homectl-and-userdbctl-to-bindir.patch (+35/-0) debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch (+4/-4) debian/patches/debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch (+4/-4) debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch (+2/-2) debian/patches/debian/Use-Debian-specific-config-files.patch (+2/-2) debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch (+3/-3) debian/patches/meson-install-libsystemd-shared-into-rootpkglibdir.patch (+1218/-0) debian/patches/series (+4/-5) debian/patches/shellcheck-clean-kernel-install-again.patch (+46/-0) debian/patches/test-denylist-TEST-29-PORTABLE-again.patch (+18/-0) debian/rules (+54/-38) debian/shlibs.local.in (+2/-2) debian/systemd-boot-efi.install (+1/-0) debian/systemd-boot-efi.lintian-overrides (+6/-0) debian/systemd-boot-efi.manpages (+1/-0) debian/systemd-boot.install (+10/-0) debian/systemd-boot.lintian-overrides (+3/-0) debian/systemd-boot.manpages (+8/-0) debian/systemd-container.install (+0/-6) debian/systemd-container.manpages (+6/-0) debian/systemd-coredump.install (+0/-3) debian/systemd-coredump.manpages (+3/-0) debian/systemd-homed.install (+11/-0) debian/systemd-homed.lintian-overrides (+5/-0) debian/systemd-homed.manpages (+1/-0) debian/systemd-homed.postinst (+7/-0) debian/systemd-homed.prerm (+20/-0) debian/systemd-journal-remote.install (+0/-12) debian/systemd-journal-remote.manpages (+12/-0) debian/systemd-oomd.install (+0/-1) debian/systemd-oomd.manpages (+1/-0) debian/systemd-resolved.install (+13/-0) debian/systemd-resolved.links (+1/-0) debian/systemd-resolved.lintian-overrides (+3/-0) debian/systemd-resolved.manpages (+4/-0) debian/systemd-resolved.postinst (+28/-0) debian/systemd-standalone-sysusers.manpages (+1/-0) debian/systemd-standalone-tmpfiles.manpages (+1/-0) debian/systemd-sysv.install (+0/-7) debian/systemd-sysv.manpages (+7/-0) debian/systemd-timesyncd.install (+0/-1) debian/systemd-timesyncd.manpages (+1/-0) debian/systemd-userdbd.install (+5/-0) debian/systemd-userdbd.lintian-overrides (+3/-0) debian/systemd-userdbd.manpages (+1/-0) debian/systemd.NEWS (+21/-0) debian/systemd.install (+0/-5) debian/systemd.lintian-overrides (+0/-7) debian/systemd.maintscript (+1/-0) debian/systemd.manpages (+4/-0) debian/systemd.postinst (+1/-4) debian/tests/control (+4/-0) debian/udev.install (+0/-7) debian/udev.manpages (+7/-0) dev/null (+0/-33) hwdb.d/70-analyzers.hwdb (+0/-1) man/journalctl.xml (+1/-1) man/os-release.xml (+1/-1) man/pam_systemd_home.xml (+14/-5) man/sd_notify.xml (+9/-8) man/system-or-user-ns.xml (+2/-2) man/systemctl.xml (+41/-40) man/systemd-creds.xml (+1/-1) man/systemd-integritysetup-generator.xml (+1/-1) man/systemd-sysctl.service.xml (+1/-1) man/systemd.exec.xml (+34/-12) man/systemd.mount.xml (+7/-9) man/systemd.netdev.xml (+1/-1) man/systemd.network.xml (+6/-6) man/sysupdate.d.xml (+10/-10) man/udevadm.xml (+2/-1) meson.build (+15/-2) src/analyze/analyze-security.c (+22/-17) src/basic/fd-util.c (+2/-0) src/basic/gcrypt-util.c (+2/-0) src/basic/hashmap.c (+8/-5) src/basic/missing_fs.h (+5/-0) src/basic/set.h (+6/-3) src/basic/stat-util.c (+6/-14) src/basic/stat-util.h (+7/-2) src/basic/time-util.c (+1/-1) src/basic/unit-file.c (+1/-4) src/basic/virt.c (+12/-7) src/boot/efi/meson.build (+13/-0) src/boot/efi/xbootldr.c (+1/-1) src/cgroups-agent/cgroups-agent.c (+7/-0) src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.c (+1/-1) src/core/dbus.c (+3/-1) src/core/import-creds.c (+4/-4) src/core/load-fragment.c (+46/-12) src/core/main.c (+10/-7) src/core/mount.c (+7/-5) src/core/namespace.c (+4/-1) src/core/scope.c (+1/-1) src/core/systemd.pc.in (+2/-0) src/coredump/coredump.c (+9/-2) src/dissect/dissect.c (+1/-0) src/fundamental/sha256.c (+1/-1) src/home/homed-home-bus.c (+2/-0) src/home/homework-cifs.c (+5/-0) src/home/homework-luks.c (+4/-8) src/home/homework-mount.c (+2/-0) src/home/homework.h (+2/-1) src/import/pull-common.h (+9/-9) src/integritysetup/integritysetup.c (+6/-6) src/journal-remote/microhttpd-util.c (+1/-1) src/kernel-install/kernel-install.in (+1/-1) src/libsystemd-network/dhcp6-option.c (+7/-7) src/libsystemd-network/sd-dhcp-lease.c (+1/-1) src/libsystemd-network/sd-dhcp6-lease.c (+22/-12) src/libsystemd-network/test-dhcp6-client.c (+42/-0) src/libsystemd/sd-bus/sd-bus.c (+1/-1) src/libsystemd/sd-device/device-internal.h (+1/-1) src/libsystemd/sd-device/device-monitor.c (+2/-2) src/libsystemd/sd-device/device-private.c (+33/-22) src/libsystemd/sd-device/device-private.h (+3/-3) src/libsystemd/sd-device/sd-device.c (+3/-0) src/libsystemd/sd-device/test-sd-device.c (+18/-4) src/libsystemd/sd-event/sd-event.c (+1/-1) src/libsystemd/sd-event/test-event.c (+52/-0) src/libsystemd/sd-id128/id128-util.c (+4/-4) src/libsystemd/sd-journal/journal-verify.c (+6/-1) src/libsystemd/sd-journal/sd-journal.c (+2/-0) src/locale/keymap-util.c (+1/-1) src/network/netdev/l2tp-tunnel.c (+1/-1) src/network/netdev/macsec.c (+0/-2) src/network/netdev/wireguard.c (+0/-2) src/network/networkctl.c (+1/-1) src/network/networkd-dhcp-common.c (+4/-7) src/network/networkd-dhcp4.c (+0/-5) src/network/networkd-dhcp6.c (+0/-5) src/network/networkd-link.c (+1/-1) src/network/networkd-ndisc.c (+5/-13) src/network/networkd-radv.c (+8/-3) src/nspawn/nspawn-settings.c (+5/-0) src/nspawn/nspawn.c (+2/-2) src/partition/growfs.c (+5/-1) src/partition/repart.c (+2/-2) src/portable/profile/trusted/service.conf (+2/-1) src/resolve/resolved-bus.c (+1/-7) src/resolve/resolved-dns-cache.c (+28/-6) src/resolve/resolved-dns-cache.h (+1/-1) src/resolve/resolved-dns-packet.c (+28/-10) src/resolve/resolved-dns-packet.h (+2/-0) src/resolve/resolved-dns-scope.c (+11/-8) src/resolve/resolved-dns-transaction.c (+157/-104) src/resolve/resolved-dns-transaction.h (+0/-4) src/resolve/resolved-mdns.c (+25/-10) src/rpm/macros.systemd.in (+1/-0) src/shared/base-filesystem.c (+1/-1) src/shared/dissect-image.c (+1/-0) src/shared/dns-domain.c (+1/-1) src/shared/json.c (+3/-1) src/shared/logs-show.c (+1/-1) src/shared/mount-util.c (+2/-0) src/shared/seccomp-util.c (+1/-0) src/shared/utmp-wtmp.h (+1/-1) src/sleep/sleep.conf (+1/-1) src/sysext/sysext.c (+1/-0) src/systemctl/systemctl-list-unit-files.c (+1/-1) src/systemctl/systemctl-show.c (+4/-4) src/systemctl/systemctl-util.c (+3/-1) src/systemctl/systemctl.c (+6/-5) src/systemd/_sd-common.h (+1/-1) src/test/test-dns-domain.c (+1/-0) src/test/test-loop-block.c (+1/-0) src/test/test-sd-hwdb.c (+1/-1) src/test/test-set.c (+30/-0) src/test/test-time-util.c (+5/-0) src/tmpfiles/tmpfiles.c (+8/-11) src/udev/udev-rules.c (+4/-4) src/udev/udevd.c (+1/-1) test/units/testsuite-04.sh (+1/-1) test/units/testsuite-67.sh (+25/-4) units/modprobe@.service (+1/-0) units/systemd-udev-trigger.service (+1/-1) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Lukas Märdian | Approve | ||
Review via email: mp+428504@code.launchpad.net |
Commit message
Description of the change
Merge of systemd 251.4-1 from Debian. I will post the PPA autopkgtest results when they have finished.
Lukas Märdian (slyon) wrote (last edit ): | # |
Nick Rosbrook (enr0n) wrote : | # |
I opted to make systemd Recommends: systemd-resolved to avoid circular Depends: between the two packages. The Recommends: is strong enough to ensure that systemd-resolved is installed with systemd by default.
Some PPA autopkgtests are here: https:/
Something odd is going in with armhf (apt-source systemd fails), but I have not been able to re-create the issue outside autopkgtest.
On arm64, my PPA builder is using proposed by default, despite the PPA dependencies being configured otherwise. This means the package on arm64 wants libc6 2.36, which cannot be satisfied without proposed.
Still waiting for tests to finish on ppc64el, but tests are passing on amd64 and s390x.
Overall, we may have some work to do to get this version migrated, but I don't think we should block the upload on these PPA autopkgtest issues.
Lukas Märdian (slyon) wrote : | # |
Thanks for explaining the test failures!
+1
Preview Diff
1 | diff --git a/.gitignore b/.gitignore |
2 | index 9763766..7b6d0a3 100644 |
3 | --- a/.gitignore |
4 | +++ b/.gitignore |
5 | @@ -36,3 +36,4 @@ __pycache__/ |
6 | # Ignore any mkosi config files with "local" in the name |
7 | /mkosi.default.d/**/*local*.conf |
8 | /tags |
9 | +.dir-locals-2.el |
10 | diff --git a/debian/changelog b/debian/changelog |
11 | index 2c2c602..acbfad0 100644 |
12 | --- a/debian/changelog |
13 | +++ b/debian/changelog |
14 | @@ -1,10 +1,195 @@ |
15 | -systemd (251.2-2ubuntu3) UNRELEASED; urgency=medium |
16 | +systemd (251.4-1ubuntu1) kinetic; urgency=medium |
17 | |
18 | - * Cherry-pick upstream commit (3657d3a) to fix glibc 2.36 compat |
19 | - File: debian/patches/glibc-Remove-include-linux-fs.h-to-resolve-fsconfig_comma.patch |
20 | - https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=1e8048741cc0f811faf6b9e713a3fb7e38ef3503 |
21 | + * Merge 251.4-1 from Debian |
22 | + - debian/rules: Keep our diff for TPM2 build on i386 |
23 | + - Drop EFI build patches. |
24 | + An upstream patch that covers these changes was backported to the 251 |
25 | + stable branch. |
26 | + Files: |
27 | + - debian/patches/lp1979215-boot-efi-missing-.note.GNU-stack-section-implies-executab.patch |
28 | + - debian/patches/lp1979236-boot-efi-set-no-warn-rwx-segments-on-arm.patch |
29 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=983b46f110b5a6e32a28b87c4b9458442624c0cd |
30 | + - Drop debian/patches/units-remove-the-restart-limit-on-the-modprobe-.service.patch. |
31 | + This patch was backported to the 251 stable branch. |
32 | + File: debian/patches/units-remove-the-restart-limit-on-the-modprobe-.service.patch |
33 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=959fe326da87466775b37088e9bfd476056373ea |
34 | + - debian/rules: update i386 debugedit workaround. |
35 | + This linuxia32.elf.stub is shipped with systemd-boot-efi now, so update |
36 | + the workaround to include that path as well. |
37 | + File: debian/rules |
38 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=354f9fccc94dcb0d555329921510d5f22e62351a |
39 | + * test: denylist TEST-29-PORTABLE again |
40 | + File: debian/patches/test-denylist-TEST-29-PORTABLE-again.patch |
41 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=6036de78481f8cbf3e8f3a52dac711c732d80c59 |
42 | + * debian/control: add systemd-resolved to systemd's Recommends: |
43 | + In Ubuntu, systemd-resolved is used by default, so after the |
44 | + systemd-resolved package split, we should have a stronger relationship |
45 | + than Suggests: systemd-resolved. |
46 | + File: debian/control |
47 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=400bf9dd2cf83c91f47326769eff0259429f3e0a |
48 | + * debian/control: add Recommends: systemd-hwe-hwdb to udev. |
49 | + The systemd-hwe-hwdb brings in additional hwdb rules for HWE, so we want |
50 | + those installed with udev by default. |
51 | + File: debian/control |
52 | + https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd/commit/?id=148d8d9cd4c260559ad944de3427f183e04858cc |
53 | + |
54 | + -- Nick Rosbrook <nick.rosbrook@canonical.com> Tue, 23 Aug 2022 17:45:48 -0400 |
55 | + |
56 | +systemd (251.4-1) unstable; urgency=medium |
57 | + |
58 | + * New upstream version 251.4 |
59 | + * Rebase patches |
60 | + * Rebuild against fixed dh-nss to avoid duplicates in /etc/nsswitch.conf |
61 | + (Closes: #1017096) |
62 | + |
63 | + -- Michael Biebl <biebl@debian.org> Sun, 14 Aug 2022 20:06:18 +0200 |
64 | + |
65 | +systemd (251.3-2) unstable; urgency=medium |
66 | + |
67 | + [ Luca Boccassi ] |
68 | + * libnss-systemd: also let userdbd manage passwords. |
69 | + As of upstream commit: |
70 | + https://github.com/systemd/systemd/commit/f43a19ecd6e3415e |
71 | + in v249 userdbd can also synthesize shadow/gshadow records, |
72 | + so add the shadow config to nsswitch.conf on installation. |
73 | + (Closes: #1004326) |
74 | + * homed: make PAM rules higher priority than unix users. |
75 | + Make sure homed is tried first when logging in. This is required |
76 | + after adding nss-systemd support for 'shadow' in /etc/nsswitch.conf. |
77 | + See Arch bug: https://bugs.archlinux.org/task/72967 |
78 | + |
79 | + [ Gioele Barabucci ] |
80 | + * d/control: Use dh_installnss |
81 | + * d/libnss-myhostname.nss: Install NSS service `myhostname` via dh_installnss |
82 | + * d/libnss-mymaschines.nss: Install NSS service `mymaschines` via dh_installnss |
83 | + * d/libnss-resolve.nss: Install NSS service `resolve` via dh_installnss |
84 | + * d/libnss-systemd.nss: Install NSS service `systemd` via dh_installnss |
85 | + |
86 | + -- Michael Biebl <biebl@debian.org> Fri, 12 Aug 2022 19:06:38 +0200 |
87 | + |
88 | +systemd (251.3-2~exp2) experimental; urgency=medium |
89 | + |
90 | + * Note in systemd.NEWS that resolved has moved to a new package |
91 | + * systemd-resolved: move conffile from systemd. Copied from systemd- |
92 | + timesyncd |
93 | + |
94 | + -- Luca Boccassi <bluca@debian.org> Sun, 07 Aug 2022 00:06:03 +0100 |
95 | + |
96 | +systemd (251.3-2~exp1) experimental; urgency=medium |
97 | + |
98 | + * Split systemd-resolved into its own package which takes over |
99 | + /etc/resolv.conf (Closes: #939904) |
100 | + |
101 | + -- Luca Boccassi <bluca@debian.org> Thu, 04 Aug 2022 14:55:48 +0100 |
102 | + |
103 | +systemd (251.3-1) unstable; urgency=medium |
104 | + |
105 | + * New upstream version 251.3 |
106 | + * Rebase patches |
107 | + |
108 | + -- Michael Biebl <biebl@debian.org> Wed, 13 Jul 2022 23:05:40 +0200 |
109 | + |
110 | +systemd (251.2-8) unstable; urgency=medium |
111 | + |
112 | + * autopkgtest: install openssl for upstream test. |
113 | + Install openssl explicitly and do not rely on other packages, like |
114 | + swtpm-libs, to pull this dependency for us. |
115 | + Used by TEST-50-DISSECT, which otherwise just silently skips the test. |
116 | + * Add versioned dependency on init-system-helpers to systemd-homed. |
117 | + Ensure that we have a version of deb-systemd-helper which properly |
118 | + handles loops in Also= dependencies. (Closes: #1014115) |
119 | + * Demote shlibs dependencies of libsystemd0 from Pre-Depends to Depends. |
120 | + As systemctl, which is quasi-essential, no longer links against |
121 | + libsystemd0, we do not need those strict requirements anymore. |
122 | + * Work around some more dh_installman issues |
123 | |
124 | - -- Lukas Märdian <slyon@ubuntu.com> Mon, 15 Aug 2022 15:29:16 +0200 |
125 | + -- Michael Biebl <biebl@debian.org> Wed, 06 Jul 2022 21:23:38 +0200 |
126 | + |
127 | +systemd (251.2-7) unstable; urgency=medium |
128 | + |
129 | + [ Luca Boccassi ] |
130 | + * sd-boot: add kernel hooks scripts |
131 | + |
132 | + [ Andrea Pappacoda ] |
133 | + * sd-boot: add initramfs hook (Closes: #826045) |
134 | + |
135 | + [ Michael Biebl ] |
136 | + * sd-boot: exit early in initramfs and kernel hook scripts if package is |
137 | + removed but not purged |
138 | + * Do not fail with older binutils. |
139 | + Test if the linker supports --no-warn-execstack and --no-warn-rwx-segments |
140 | + before using those flags. (Closes: #1013967) |
141 | + |
142 | + -- Michael Biebl <biebl@debian.org> Tue, 28 Jun 2022 14:33:37 +0200 |
143 | + |
144 | +systemd (251.2-6) unstable; urgency=medium |
145 | + |
146 | + [ Helmut Grohne ] |
147 | + * Mark systemd-userdbd and systemd-homed as !stage1 (Closes: #1012738) |
148 | + |
149 | + [ Luca Boccassi ] |
150 | + * Remove unused Lintian overrides |
151 | + * Stop overriding the build directory name. |
152 | + We don't do a separate udeb build anymore, so there's no need |
153 | + to specify a separate build directory. |
154 | + * Use execute_before_/after_ instead of override_ |
155 | + * Add nodoc profile support. |
156 | + Co-authored-by: Michael Biebl <biebl@debian.org> |
157 | + |
158 | + [ Michael Biebl ] |
159 | + * Do not fail EFI build with newer binutils (Closes: #1013482) |
160 | + * shared/microhttp-util: silence gcc warning |
161 | + * Clarify NEWS message about systemd-boot split (Closes: #1013340) |
162 | + |
163 | + -- Michael Biebl <biebl@debian.org> Fri, 24 Jun 2022 10:12:34 +0200 |
164 | + |
165 | +systemd (251.2-5) unstable; urgency=medium |
166 | + |
167 | + * Tweak description of systemd-homed package |
168 | + * Move shlibs dependencies of libsystemd-shared from Pre-Depends to Depends |
169 | + (Closes: #1012637) |
170 | + * Add versioned Breaks against sicherboot for the systemd-boot split |
171 | + (Closes: #1012625) |
172 | + * Drop old Conflicts against hal from udev. |
173 | + The hal package has been gone for several release cycles, so this |
174 | + Conflicts should not be necessary anymore. |
175 | + |
176 | + -- Michael Biebl <biebl@debian.org> Fri, 10 Jun 2022 23:51:50 +0200 |
177 | + |
178 | +systemd (251.2-4) unstable; urgency=medium |
179 | + |
180 | + * Use try-restart in systemd-binfmt dpkg trigger |
181 | + * Fix bashism in kernel-install |
182 | + * Upload to unstable |
183 | + |
184 | + -- Michael Biebl <biebl@debian.org> Fri, 10 Jun 2022 09:16:48 +0200 |
185 | + |
186 | +systemd (251.2-3) experimental; urgency=medium |
187 | + |
188 | + [ Luca Boccassi ] |
189 | + * Add systemd-userdbd package. This can be used to synthetize dynamic |
190 | + user/groups, and can be useful by itself. It will also be used by |
191 | + homed. |
192 | + * Add systemd-homed package (Closes: #976960) |
193 | + * Add systemd-boot-efi multiarch package. Allows EFI binaries for |
194 | + different architectures to be co-installed. Useful when the EFI has a |
195 | + different architecture, or to manipulate images. The userspace tooling |
196 | + doesn't need to match the EFI binaries. Also allows one to reduce the |
197 | + number of packages and dependencies needed when i386 is not a full |
198 | + architecture, but a subset for libraries and for EFI support. |
199 | + |
200 | + [ Michael Biebl ] |
201 | + * Move homectl and userdbctl to /usr/bin |
202 | + * Install libsystemd-shared into rootpkglibdir |
203 | + * Split out libsystemd-shared into its own package. Since libsystem- |
204 | + shared is an internal implementation detail, do not generate a shlibs |
205 | + file for it. This means dh_shlibdeps needs to be told explicitly where |
206 | + it can find libsystemd-shared. Mark this new package as Multi-Arch: |
207 | + same. (Closes: #990547) |
208 | + * Split out systemd-boot into its own package |
209 | + * Add NEWS entry for the systemd-boot package split |
210 | + |
211 | + -- Luca Boccassi <bluca@debian.org> Wed, 08 Jun 2022 23:56:04 +0100 |
212 | |
213 | systemd (251.2-2ubuntu2) kinetic; urgency=medium |
214 | |
215 | diff --git a/debian/control b/debian/control |
216 | index d940ed4..6bafebb 100644 |
217 | --- a/debian/control |
218 | +++ b/debian/control |
219 | @@ -15,11 +15,12 @@ Vcs-Git: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd |
220 | Vcs-Browser: https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/systemd |
221 | Homepage: https://www.freedesktop.org/wiki/Software/systemd |
222 | Build-Depends: debhelper-compat (= 13), |
223 | + dh-sequence-installnss, |
224 | dh-sequence-package-notes, |
225 | pkg-config, |
226 | - xsltproc, |
227 | - docbook-xsl, |
228 | - docbook-xml, |
229 | + xsltproc <!nodoc>, |
230 | + docbook-xsl <!nodoc>, |
231 | + docbook-xml <!nodoc>, |
232 | meson (>= 0.53.2), |
233 | gettext, |
234 | gperf, |
235 | @@ -75,7 +76,11 @@ Priority: important |
236 | Recommends: default-dbus-system-bus | dbus-system-bus, |
237 | networkd-dispatcher, |
238 | systemd-timesyncd | time-daemon, |
239 | + systemd-resolved, |
240 | Suggests: systemd-container, |
241 | + systemd-homed, |
242 | + systemd-userdbd, |
243 | + systemd-boot, |
244 | libfido2-1, |
245 | libtss2-esys-3.0.2-0, |
246 | libtss2-mu0, |
247 | @@ -94,6 +99,7 @@ Conflicts: consolekit, |
248 | Breaks: resolvconf (<< 1.83~), |
249 | udev (<< 247~), |
250 | less (<< 563), |
251 | + sicherboot (<< 0.1.6), |
252 | Provides: systemd-sysusers (= ${binary:Version}), |
253 | systemd-tmpfiles (= ${binary:Version}), |
254 | Description: system and service manager |
255 | @@ -272,11 +278,11 @@ Multi-Arch: same |
256 | Pre-Depends: ${misc:Pre-Depends} |
257 | Depends: ${shlibs:Depends}, |
258 | ${misc:Depends}, |
259 | - systemd (= ${binary:Version}), |
260 | + systemd-resolved (= ${binary:Version}), |
261 | Description: nss module to resolve names via systemd-resolved |
262 | nss-resolve is a plugin for the GNU Name Service Switch (NSS) functionality |
263 | of the GNU C Library (glibc) providing DNS and LLMNR resolution to programs via |
264 | - the systemd-resolved daemon (provided in the systemd package). |
265 | + the systemd-resolved daemon (provided in the systemd-resolved package). |
266 | . |
267 | Installing this package automatically adds resolve to /etc/nsswitch.conf. |
268 | |
269 | @@ -301,9 +307,8 @@ Package: libsystemd0 |
270 | Architecture: linux-any |
271 | Multi-Arch: same |
272 | Section: libs |
273 | -Pre-Depends: ${shlibs:Depends}, |
274 | - ${misc:Pre-Depends} |
275 | -Depends: ${misc:Depends} |
276 | +Depends: ${shlibs:Depends}, |
277 | + ${misc:Depends} |
278 | Description: systemd utility library |
279 | This library provides APIs to interface with various system components such as |
280 | the system journal, the system service manager, D-Bus and more. |
281 | @@ -321,6 +326,18 @@ Description: systemd utility library - development files |
282 | This package contains the files needed for developing applications that |
283 | use libsystemd. |
284 | |
285 | +Package: libsystemd-shared |
286 | +Architecture: linux-any |
287 | +Multi-Arch: same |
288 | +Section: libs |
289 | +Pre-Depends: ${misc:Pre-Depends} |
290 | +Depends: ${shlibs:Depends}, |
291 | + ${misc:Depends} |
292 | +Description: systemd shared private library |
293 | + This internal shared library provides common code used by various systemd |
294 | + components. It is supposed to decrease memory and disk footprint. |
295 | + The shared library is not meant for public use and is not API or ABI stable. |
296 | + |
297 | Package: udev |
298 | Priority: important |
299 | Architecture: linux-any |
300 | @@ -331,7 +348,7 @@ Depends: ${shlibs:Depends}, |
301 | adduser, |
302 | libudev1 (= ${binary:Version}), |
303 | s390-tools [s390], |
304 | -Conflicts: hal |
305 | +Recommends: systemd-hwe-hwdb, |
306 | Breaks: systemd (<< ${binary:Version}), |
307 | Description: /dev/ and hotplug management daemon |
308 | udev is a daemon which dynamically creates and removes device nodes from |
309 | @@ -427,3 +444,87 @@ Description: userspace out-of-memory (OOM) killer |
310 | systemd-oomd is a system service that uses cgroups-v2 and |
311 | pressure stall information (PSI) to monitor and take action on |
312 | processes before an OOM occurs in kernel space. |
313 | + |
314 | +Package: systemd-userdbd |
315 | +Build-Profiles: <!stage1> |
316 | +Architecture: linux-any |
317 | +Depends: ${shlibs:Depends}, |
318 | + ${misc:Depends}, |
319 | + systemd (= ${binary:Version}), |
320 | +Description: dynamic user/group manager |
321 | + systemd-userdbd is a system service that multiplexes user/group lookups to all |
322 | + local services that provide JSON user/group record definitions to the system. |
323 | + In addition it synthesizes JSON user/group records from classic UNIX/glibc NSS |
324 | + user/group records in order to provide full backwards compatibility. It may |
325 | + also pick up statically defined JSON user/group records from drop-in files. |
326 | + |
327 | +Package: systemd-homed |
328 | +Build-Profiles: <!stage1> |
329 | +Architecture: linux-any |
330 | +Pre-Depends: ${misc:Pre-Depends}, |
331 | + init-system-helpers (>= 1.64~), |
332 | +Depends: ${shlibs:Depends}, |
333 | + ${misc:Depends}, |
334 | + systemd-userdbd (= ${binary:Version}), |
335 | + systemd (= ${binary:Version}), |
336 | + libpam-runtime, |
337 | +Description: home area manager |
338 | + systemd-homed is a system service designed to manage home directories. This |
339 | + package includes the homed service, a PAM module to automatically mount home |
340 | + directories on user login, tools and documentation. |
341 | + |
342 | +Package: systemd-boot |
343 | +Architecture: amd64 i386 arm64 armhf |
344 | +Depends: ${shlibs:Depends}, |
345 | + ${misc:Depends}, |
346 | + systemd-boot-efi (= ${binary:Version}), |
347 | +Recommends: efibootmgr, |
348 | +Breaks: systemd (<< 251.2-3~) |
349 | +Replaces: systemd (<< 251.2-3~) |
350 | +Description: simple UEFI boot manager - tools and services |
351 | + systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a |
352 | + textual menu to select the entry to boot and an editor for the kernel command |
353 | + line. It supports systems with UEFI firmware only. |
354 | + . |
355 | + Installing systemd-boot will not automatically switch your boot loader. |
356 | + . |
357 | + This package contains various tools and services to manage systems using |
358 | + systemd-boot. |
359 | + |
360 | +Package: systemd-boot-efi |
361 | +Architecture: amd64 i386 arm64 armhf |
362 | +Multi-Arch: same |
363 | +Pre-Depends: ${misc:Pre-Depends}, |
364 | +Depends: ${misc:Depends}, |
365 | +Breaks: systemd (<< 251.2-3~) |
366 | +Replaces: systemd (<< 251.2-3~) |
367 | +Description: simple UEFI boot manager - EFI binaries |
368 | + systemd-boot (short: sd-boot) is a simple UEFI boot manager. It provides a |
369 | + textual menu to select the entry to boot and an editor for the kernel command |
370 | + line. It supports systems with UEFI firmware only. |
371 | + . |
372 | + This package contains the EFI binaries. |
373 | + |
374 | +Package: systemd-resolved |
375 | +Multi-Arch: foreign |
376 | +Architecture: linux-any |
377 | +Pre-Depends: ${misc:Pre-Depends} |
378 | +Depends: ${shlibs:Depends}, |
379 | + ${misc:Depends}, |
380 | + adduser, |
381 | + systemd (= ${binary:Version}), |
382 | + default-dbus-system-bus | dbus-system-bus |
383 | +Recommends: libnss-myhostname, |
384 | + libnss-resolve, |
385 | +Suggests: policykit-1, |
386 | +Provides: resolvconf |
387 | +Conflicts: resolvconf |
388 | +Replaces: resolvconf, |
389 | + systemd (<< 251.3-2~) |
390 | +Breaks: systemd (<< 251.3-2~) |
391 | +Description: systemd DNS resolver |
392 | + This package provides systemd's DNS resolver and the command line tool to |
393 | + manage it. |
394 | + . |
395 | + Installing this package automatically overwrites /etc/resolv.conf and switches |
396 | + it to be managed by systemd-resolved. |
397 | diff --git a/debian/extra/initramfs/post-update.d/systemd-boot b/debian/extra/initramfs/post-update.d/systemd-boot |
398 | new file mode 100755 |
399 | index 0000000..1cee51c |
400 | --- /dev/null |
401 | +++ b/debian/extra/initramfs/post-update.d/systemd-boot |
402 | @@ -0,0 +1,11 @@ |
403 | +#!/bin/sh |
404 | + |
405 | +set -eu |
406 | + |
407 | +test -x /usr/bin/bootctl || exit 0 |
408 | + |
409 | +bootctl is-installed --quiet || exit 0 |
410 | + |
411 | +echo "Updating kernel version $1 in systemd-boot..." |
412 | + |
413 | +kernel-install add "$1" "/boot/vmlinuz-$1" "$2" |
414 | diff --git a/debian/extra/kernel/postinst.d/systemd-boot b/debian/extra/kernel/postinst.d/systemd-boot |
415 | new file mode 100755 |
416 | index 0000000..8901140 |
417 | --- /dev/null |
418 | +++ b/debian/extra/kernel/postinst.d/systemd-boot |
419 | @@ -0,0 +1,11 @@ |
420 | +#!/bin/sh |
421 | + |
422 | +set -e |
423 | + |
424 | +test -x /usr/bin/bootctl || exit 0 |
425 | + |
426 | +bootctl is-installed --quiet || exit 0 |
427 | + |
428 | +echo "Installing kernel version $1 in systemd-boot..." |
429 | + |
430 | +kernel-install add "$1" "$2" |
431 | diff --git a/debian/extra/kernel/postrm.d/systemd-boot b/debian/extra/kernel/postrm.d/systemd-boot |
432 | new file mode 100755 |
433 | index 0000000..4db5e51 |
434 | --- /dev/null |
435 | +++ b/debian/extra/kernel/postrm.d/systemd-boot |
436 | @@ -0,0 +1,11 @@ |
437 | +#!/bin/sh |
438 | + |
439 | +set -e |
440 | + |
441 | +test -x /usr/bin/bootctl || exit 0 |
442 | + |
443 | +bootctl is-installed --quiet || exit 0 |
444 | + |
445 | +echo "Removing kernel version $1 from systemd-boot..." |
446 | + |
447 | +kernel-install remove "$1" |
448 | diff --git a/debian/extra/pam-configs/systemd-homed b/debian/extra/pam-configs/systemd-homed |
449 | new file mode 100644 |
450 | index 0000000..0613efc |
451 | --- /dev/null |
452 | +++ b/debian/extra/pam-configs/systemd-homed |
453 | @@ -0,0 +1,15 @@ |
454 | +Name: Enable user management by systemd-homed |
455 | +Default: yes |
456 | +Priority: 257 |
457 | +Auth-Type: Primary |
458 | +Auth: |
459 | + [success=end default=ignore] pam_systemd_home.so |
460 | +Account-Type: Primary |
461 | +Account: |
462 | + [success=end default=ignore] pam_systemd_home.so |
463 | +Session-Type: Additional |
464 | +Session: |
465 | + optional pam_systemd_home.so |
466 | +Password-Type: Primary |
467 | +Password: |
468 | + [success=end default=ignore] pam_systemd_home.so |
469 | diff --git a/debian/gitlab-ci.yml b/debian/gitlab-ci.yml |
470 | index f39ddcf..c405d57 100644 |
471 | --- a/debian/gitlab-ci.yml |
472 | +++ b/debian/gitlab-ci.yml |
473 | @@ -9,3 +9,5 @@ variables: |
474 | # Many false positives due to issue in binutils: |
475 | # https://bugs.debian.org/1000977 |
476 | SALSA_CI_LINTIAN_SUPPRESS_TAGS: "elf-error" |
477 | + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011649 |
478 | + SALSA_CI_DISABLE_PIUPARTS: 1 |
479 | diff --git a/debian/libnss-myhostname.install b/debian/libnss-myhostname.install |
480 | index 758fe00..fa88dd6 100644 |
481 | --- a/debian/libnss-myhostname.install |
482 | +++ b/debian/libnss-myhostname.install |
483 | @@ -1,3 +1 @@ |
484 | usr/lib/*/libnss_myhostname*.so.* |
485 | -usr/share/man/man8/libnss_myhostname.so.2.8 |
486 | -usr/share/man/man8/nss-myhostname.8 |
487 | diff --git a/debian/libnss-myhostname.manpages b/debian/libnss-myhostname.manpages |
488 | new file mode 100644 |
489 | index 0000000..d3ba44d |
490 | --- /dev/null |
491 | +++ b/debian/libnss-myhostname.manpages |
492 | @@ -0,0 +1,2 @@ |
493 | +usr/share/man/man8/libnss_myhostname.so.2.8 |
494 | +usr/share/man/man8/nss-myhostname.8 |
495 | diff --git a/debian/libnss-myhostname.nss b/debian/libnss-myhostname.nss |
496 | new file mode 100644 |
497 | index 0000000..0ef4054 |
498 | --- /dev/null |
499 | +++ b/debian/libnss-myhostname.nss |
500 | @@ -0,0 +1 @@ |
501 | +hosts last myhostname |
502 | diff --git a/debian/libnss-myhostname.postinst b/debian/libnss-myhostname.postinst |
503 | deleted file mode 100644 |
504 | index 1ee0c99..0000000 |
505 | --- a/debian/libnss-myhostname.postinst |
506 | +++ /dev/null |
507 | @@ -1,41 +0,0 @@ |
508 | -#!/bin/sh |
509 | - |
510 | -set -e |
511 | - |
512 | -# This code was taken from libnss-myhostname |
513 | - |
514 | -# try to insert myhostname entries to the "hosts" line in /etc/nsswitch.conf to |
515 | -# automatically enable libnss-myhostname support; do not change the |
516 | -# configuration if the "hosts" line already references some myhostname lookups |
517 | -insert_nss_entry() { |
518 | - echo "Checking NSS setup..." |
519 | - # abort if /etc/nsswitch.conf does not exist |
520 | - if ! [ -e /etc/nsswitch.conf ]; then |
521 | - echo "Could not find /etc/nsswitch.conf." |
522 | - return |
523 | - fi |
524 | - perl -i -pe ' |
525 | - sub insert { |
526 | - my $line = shift; |
527 | - # this also splits on tab |
528 | - my @bits=split(" ", $line); |
529 | - # do not break configuration if the "hosts" line already references |
530 | - # myhostname |
531 | - if (grep { $_ eq "myhostname"} @bits) { |
532 | - return $line; |
533 | - } |
534 | - # add myhostname at the end |
535 | - return $line . " myhostname"; |
536 | - } |
537 | - s/^(hosts:\s+)(.*)/$1.insert($2)/e; |
538 | - ' /etc/nsswitch.conf |
539 | -} |
540 | - |
541 | -if [ "$1" = configure ] && [ -z "$2" ]; then |
542 | - echo "First installation detected..." |
543 | - # first install: setup the recommended configuration (unless |
544 | - # nsswitch.conf already contains myhostname entries) |
545 | - insert_nss_entry |
546 | -fi |
547 | - |
548 | -#DEBHELPER# |
549 | diff --git a/debian/libnss-myhostname.postrm b/debian/libnss-myhostname.postrm |
550 | deleted file mode 100644 |
551 | index 90e3c38..0000000 |
552 | --- a/debian/libnss-myhostname.postrm |
553 | +++ /dev/null |
554 | @@ -1,29 +0,0 @@ |
555 | -#!/bin/sh |
556 | - |
557 | -set -e |
558 | - |
559 | -remove_nss_entry() { |
560 | - local file=$1 |
561 | - local pkg=$2 |
562 | - local module=$3 |
563 | - refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \ |
564 | - -W $pkg | grep '^i' | wc -l) |
565 | - if [ "$refcount" -gt 0 ] ; then |
566 | - # package is installed for other architectures still, do nothing |
567 | - return |
568 | - fi |
569 | - echo "Checking NSS setup..." |
570 | - # abort if file does not exist |
571 | - if ! [ -e $file ]; then |
572 | - echo "Could not find ${file}." |
573 | - return |
574 | - fi |
575 | - # we must remove possible [foo=bar] options as well |
576 | - sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file |
577 | -} |
578 | - |
579 | -if [ "$1" = remove ]; then |
580 | - remove_nss_entry /etc/nsswitch.conf libnss-myhostname myhostname |
581 | -fi |
582 | - |
583 | -#DEBHELPER# |
584 | diff --git a/debian/libnss-mymachines.install b/debian/libnss-mymachines.install |
585 | index 1923505..50e7d2e 100644 |
586 | --- a/debian/libnss-mymachines.install |
587 | +++ b/debian/libnss-mymachines.install |
588 | @@ -1,3 +1 @@ |
589 | usr/lib/*/libnss_mymachines*.so.* |
590 | -usr/share/man/man8/libnss_mymachines.so.2.8 |
591 | -usr/share/man/man8/nss-mymachines.8 |
592 | diff --git a/debian/libnss-mymachines.manpages b/debian/libnss-mymachines.manpages |
593 | new file mode 100644 |
594 | index 0000000..7afe71d |
595 | --- /dev/null |
596 | +++ b/debian/libnss-mymachines.manpages |
597 | @@ -0,0 +1,2 @@ |
598 | +usr/share/man/man8/libnss_mymachines.so.2.8 |
599 | +usr/share/man/man8/nss-mymachines.8 |
600 | diff --git a/debian/libnss-mymachines.nss b/debian/libnss-mymachines.nss |
601 | new file mode 100644 |
602 | index 0000000..dd7e3a1 |
603 | --- /dev/null |
604 | +++ b/debian/libnss-mymachines.nss |
605 | @@ -0,0 +1 @@ |
606 | +hosts last mymachines |
607 | diff --git a/debian/libnss-mymachines.postinst b/debian/libnss-mymachines.postinst |
608 | deleted file mode 100644 |
609 | index 165a80a..0000000 |
610 | --- a/debian/libnss-mymachines.postinst |
611 | +++ /dev/null |
612 | @@ -1,41 +0,0 @@ |
613 | -#!/bin/sh |
614 | - |
615 | -set -e |
616 | - |
617 | -# This code was taken from libnss-myhostname |
618 | - |
619 | -# try to insert mymachines entries to the "hosts" line in /etc/nsswitch.conf to |
620 | -# automatically enable libnss-mymachines support; do not change the |
621 | -# configuration if the "hosts" line already references some mymachines lookups |
622 | -insert_nss_entry() { |
623 | - echo "Checking NSS setup..." |
624 | - # abort if /etc/nsswitch.conf does not exist |
625 | - if ! [ -e /etc/nsswitch.conf ]; then |
626 | - echo "Could not find /etc/nsswitch.conf." |
627 | - return |
628 | - fi |
629 | - perl -i -pe ' |
630 | - sub insert { |
631 | - my $line = shift; |
632 | - # this also splits on tab |
633 | - my @bits=split(" ", $line); |
634 | - # do not break configuration if the "hosts" line already references |
635 | - # mymachines |
636 | - if (grep { $_ eq "mymachines"} @bits) { |
637 | - return $line; |
638 | - } |
639 | - # add mymachines at the end |
640 | - return $line . " mymachines"; |
641 | - } |
642 | - s/^(hosts:\s+)(.*)/$1.insert($2)/e; |
643 | - ' /etc/nsswitch.conf |
644 | -} |
645 | - |
646 | -if [ "$1" = configure ] && [ -z "$2" ]; then |
647 | - echo "First installation detected..." |
648 | - # first install: setup the recommended configuration (unless |
649 | - # nsswitch.conf already contains mymachines entries) |
650 | - insert_nss_entry |
651 | -fi |
652 | - |
653 | -#DEBHELPER# |
654 | diff --git a/debian/libnss-mymachines.postrm b/debian/libnss-mymachines.postrm |
655 | deleted file mode 100644 |
656 | index c8fb09c..0000000 |
657 | --- a/debian/libnss-mymachines.postrm |
658 | +++ /dev/null |
659 | @@ -1,29 +0,0 @@ |
660 | -#!/bin/sh |
661 | - |
662 | -set -e |
663 | - |
664 | -remove_nss_entry() { |
665 | - local file=$1 |
666 | - local pkg=$2 |
667 | - local module=$3 |
668 | - refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \ |
669 | - -W $pkg | grep '^i' | wc -l) |
670 | - if [ "$refcount" -gt 0 ] ; then |
671 | - # package is installed for other architectures still, do nothing |
672 | - return |
673 | - fi |
674 | - echo "Checking NSS setup..." |
675 | - # abort if file does not exist |
676 | - if ! [ -e $file ]; then |
677 | - echo "Could not find ${file}." |
678 | - return |
679 | - fi |
680 | - # we must remove possible [foo=bar] options as well |
681 | - sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file |
682 | -} |
683 | - |
684 | -if [ "$1" = remove ]; then |
685 | - remove_nss_entry /etc/nsswitch.conf libnss-mymachines mymachines |
686 | -fi |
687 | - |
688 | -#DEBHELPER# |
689 | diff --git a/debian/libnss-resolve.install b/debian/libnss-resolve.install |
690 | index 871aac0..3554b53 100644 |
691 | --- a/debian/libnss-resolve.install |
692 | +++ b/debian/libnss-resolve.install |
693 | @@ -1,3 +1 @@ |
694 | usr/lib/*/libnss_resolve*.so.* |
695 | -usr/share/man/man8/libnss_resolve.so.2.8 |
696 | -usr/share/man/man8/nss-resolve.8 |
697 | diff --git a/debian/libnss-resolve.lintian-overrides b/debian/libnss-resolve.lintian-overrides |
698 | index d29b4e3..06097e8 100644 |
699 | --- a/debian/libnss-resolve.lintian-overrides |
700 | +++ b/debian/libnss-resolve.lintian-overrides |
701 | @@ -1,3 +1,2 @@ |
702 | # Lintian is really bad at associating manpages |
703 | libnss-resolve: spare-manual-page |
704 | -libnss-resolve: maintainer-script-calls-systemctl |
705 | diff --git a/debian/libnss-resolve.manpages b/debian/libnss-resolve.manpages |
706 | new file mode 100644 |
707 | index 0000000..b3c5a78 |
708 | --- /dev/null |
709 | +++ b/debian/libnss-resolve.manpages |
710 | @@ -0,0 +1,2 @@ |
711 | +usr/share/man/man8/libnss_resolve.so.2.8 |
712 | +usr/share/man/man8/nss-resolve.8 |
713 | diff --git a/debian/libnss-resolve.nss b/debian/libnss-resolve.nss |
714 | new file mode 100644 |
715 | index 0000000..a7142b3 |
716 | --- /dev/null |
717 | +++ b/debian/libnss-resolve.nss |
718 | @@ -0,0 +1 @@ |
719 | +hosts before=dns resolve [!UNAVAIL=return] |
720 | diff --git a/debian/libnss-resolve.postinst b/debian/libnss-resolve.postinst |
721 | deleted file mode 100644 |
722 | index 382364e..0000000 |
723 | --- a/debian/libnss-resolve.postinst |
724 | +++ /dev/null |
725 | @@ -1,48 +0,0 @@ |
726 | -#!/bin/sh |
727 | - |
728 | -set -e |
729 | - |
730 | -# This code was taken from libnss-myhostname |
731 | - |
732 | -# try to insert resolve entries to the "hosts" line in /etc/nsswitch.conf to |
733 | -# automatically enable libnss-resolve support; do not change the |
734 | -# configuration if the "hosts" line already references some resolve lookups |
735 | -insert_nss_entry() { |
736 | - echo "Checking NSS setup..." |
737 | - # abort if /etc/nsswitch.conf does not exist |
738 | - if ! [ -e /etc/nsswitch.conf ]; then |
739 | - echo "Could not find /etc/nsswitch.conf." |
740 | - return |
741 | - fi |
742 | - perl -i -pe ' |
743 | - sub insert { |
744 | - my $line = shift; |
745 | - # this also splits on tab |
746 | - my @bits=split(" ", $line); |
747 | - # do not break configuration if the "hosts" line already references |
748 | - # resolve |
749 | - if (grep { $_ eq "resolve"} @bits) { |
750 | - return $line; |
751 | - } |
752 | - # add resolve before dns |
753 | - return join " ", map { |
754 | - $_ eq "dns" ? ("resolve [!UNAVAIL=return]", "$_") : $_ |
755 | - } @bits; |
756 | - } |
757 | - s/^(hosts:\s+)(.*)/$1.insert($2)/e; |
758 | - ' /etc/nsswitch.conf |
759 | -} |
760 | - |
761 | -if [ "$1" = configure ] && [ -z "$2" ]; then |
762 | - echo "First installation detected..." |
763 | - # first install: setup the recommended configuration (unless |
764 | - # nsswitch.conf already contains resolve entries) |
765 | - insert_nss_entry |
766 | - # ... and enable resolved |
767 | - systemctl enable systemd-resolved.service |
768 | - if [ -d /run/systemd/system ]; then |
769 | - deb-systemd-invoke start systemd-resolved.service || true |
770 | - fi |
771 | -fi |
772 | - |
773 | -#DEBHELPER# |
774 | diff --git a/debian/libnss-resolve.postrm b/debian/libnss-resolve.postrm |
775 | deleted file mode 100644 |
776 | index 32b9b8f..0000000 |
777 | --- a/debian/libnss-resolve.postrm |
778 | +++ /dev/null |
779 | @@ -1,29 +0,0 @@ |
780 | -#!/bin/sh |
781 | - |
782 | -set -e |
783 | - |
784 | -remove_nss_entry() { |
785 | - local file=$1 |
786 | - local pkg=$2 |
787 | - local module=$3 |
788 | - refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \ |
789 | - -W $pkg | grep '^i' | wc -l) |
790 | - if [ "$refcount" -gt 0 ] ; then |
791 | - # package is installed for other architectures still, do nothing |
792 | - return |
793 | - fi |
794 | - echo "Checking NSS setup..." |
795 | - # abort if file does not exist |
796 | - if ! [ -e $file ]; then |
797 | - echo "Could not find ${file}." |
798 | - return |
799 | - fi |
800 | - # we must remove possible [foo=bar] options as well |
801 | - sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file |
802 | -} |
803 | - |
804 | -if [ "$1" = remove ]; then |
805 | - remove_nss_entry /etc/nsswitch.conf libnss-resolve resolve |
806 | -fi |
807 | - |
808 | -#DEBHELPER# |
809 | diff --git a/debian/libnss-systemd.install b/debian/libnss-systemd.install |
810 | index 858f307..df23cb8 100644 |
811 | --- a/debian/libnss-systemd.install |
812 | +++ b/debian/libnss-systemd.install |
813 | @@ -1,3 +1 @@ |
814 | usr/lib/*/libnss_systemd*.so.* |
815 | -usr/share/man/man8/libnss_systemd* |
816 | -usr/share/man/man8/nss-systemd* |
817 | diff --git a/debian/libnss-systemd.manpages b/debian/libnss-systemd.manpages |
818 | new file mode 100644 |
819 | index 0000000..bf1e840 |
820 | --- /dev/null |
821 | +++ b/debian/libnss-systemd.manpages |
822 | @@ -0,0 +1,2 @@ |
823 | +usr/share/man/man8/libnss_systemd* |
824 | +usr/share/man/man8/nss-systemd* |
825 | diff --git a/debian/libnss-systemd.nss b/debian/libnss-systemd.nss |
826 | new file mode 100644 |
827 | index 0000000..9c3f443 |
828 | --- /dev/null |
829 | +++ b/debian/libnss-systemd.nss |
830 | @@ -0,0 +1,4 @@ |
831 | +passwd last systemd |
832 | +group last systemd |
833 | +shadow last systemd |
834 | +gshadow last systemd |
835 | diff --git a/debian/libnss-systemd.postinst b/debian/libnss-systemd.postinst |
836 | deleted file mode 100644 |
837 | index 16040bc..0000000 |
838 | --- a/debian/libnss-systemd.postinst |
839 | +++ /dev/null |
840 | @@ -1,39 +0,0 @@ |
841 | -#!/bin/sh |
842 | - |
843 | -set -e |
844 | - |
845 | -# try to insert the systemd entry to the "passwd" and "group" lines in |
846 | -# /etc/nsswitch.conf to automatically enable libnss-systemd support; do not |
847 | -# change the configuration if the lines already contain "systemd" |
848 | -insert_nss_entry() { |
849 | - echo "Checking NSS setup..." |
850 | - # abort if /etc/nsswitch.conf does not exist |
851 | - if ! [ -e /etc/nsswitch.conf ]; then |
852 | - echo "Could not find /etc/nsswitch.conf." |
853 | - return |
854 | - fi |
855 | - perl -i -pe ' |
856 | - sub insert { |
857 | - my $line = shift; |
858 | - # this also splits on tab |
859 | - my @bits=split(" ", $line); |
860 | - # do not break configuration if the line already references |
861 | - # systemd |
862 | - if (grep { $_ eq "systemd"} @bits) { |
863 | - return $line; |
864 | - } |
865 | - # add systemd at the end |
866 | - return $line . " systemd"; |
867 | - } |
868 | - s/^(passwd:\s+)(.*)/$1.insert($2)/e; |
869 | - s/^(group:\s+)(.*)/$1.insert($2)/e; |
870 | - ' /etc/nsswitch.conf |
871 | -} |
872 | - |
873 | -if [ "$1" = configure ] && [ -z "$2" ]; then |
874 | - echo "First installation detected..." |
875 | - # first install: setup the recommended configuration |
876 | - insert_nss_entry |
877 | -fi |
878 | - |
879 | -#DEBHELPER# |
880 | diff --git a/debian/libnss-systemd.postrm b/debian/libnss-systemd.postrm |
881 | deleted file mode 100644 |
882 | index ce8e954..0000000 |
883 | --- a/debian/libnss-systemd.postrm |
884 | +++ /dev/null |
885 | @@ -1,29 +0,0 @@ |
886 | -#!/bin/sh |
887 | - |
888 | -set -e |
889 | - |
890 | -remove_nss_entry() { |
891 | - local file=$1 |
892 | - local pkg=$2 |
893 | - local module=$3 |
894 | - refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \ |
895 | - -W $pkg | grep '^i' | wc -l) |
896 | - if [ "$refcount" -gt 0 ] ; then |
897 | - # package is installed for other architectures still, do nothing |
898 | - return |
899 | - fi |
900 | - echo "Checking NSS setup..." |
901 | - # abort if file does not exist |
902 | - if ! [ -e $file ]; then |
903 | - echo "Could not find ${file}." |
904 | - return |
905 | - fi |
906 | - # we must remove possible [foo=bar] options as well |
907 | - sed -i -r "/(passwd|group):/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file |
908 | -} |
909 | - |
910 | -if [ "$1" = remove ]; then |
911 | - remove_nss_entry /etc/nsswitch.conf libnss-systemd systemd |
912 | -fi |
913 | - |
914 | -#DEBHELPER# |
915 | diff --git a/debian/libpam-systemd.install b/debian/libpam-systemd.install |
916 | index 7b5a260..b4faf87 100644 |
917 | --- a/debian/libpam-systemd.install |
918 | +++ b/debian/libpam-systemd.install |
919 | @@ -1,3 +1,2 @@ |
920 | lib/*/security/pam_systemd.so |
921 | -usr/share/man/man8/pam_systemd.8 |
922 | -../extra/pam-configs usr/share/ |
923 | +../extra/pam-configs/systemd usr/share/pam-configs/ |
924 | diff --git a/debian/libpam-systemd.manpages b/debian/libpam-systemd.manpages |
925 | new file mode 100644 |
926 | index 0000000..d30ee0f |
927 | --- /dev/null |
928 | +++ b/debian/libpam-systemd.manpages |
929 | @@ -0,0 +1 @@ |
930 | +usr/share/man/man8/pam_systemd.8 |
931 | diff --git a/debian/libsystemd-dev.install b/debian/libsystemd-dev.install |
932 | index eef73a9..5a73373 100644 |
933 | --- a/debian/libsystemd-dev.install |
934 | +++ b/debian/libsystemd-dev.install |
935 | @@ -1,5 +1,3 @@ |
936 | usr/include/systemd/ |
937 | usr/lib/*/libsystemd.so |
938 | usr/lib/*/pkgconfig/libsystemd.pc |
939 | -usr/share/man/man3/sd* |
940 | -usr/share/man/man3/SD* |
941 | diff --git a/debian/libsystemd-dev.manpages b/debian/libsystemd-dev.manpages |
942 | new file mode 100644 |
943 | index 0000000..0723dcb |
944 | --- /dev/null |
945 | +++ b/debian/libsystemd-dev.manpages |
946 | @@ -0,0 +1,2 @@ |
947 | +usr/share/man/man3/sd* |
948 | +usr/share/man/man3/SD* |
949 | diff --git a/debian/libsystemd-shared.install b/debian/libsystemd-shared.install |
950 | new file mode 100644 |
951 | index 0000000..085a7cd |
952 | --- /dev/null |
953 | +++ b/debian/libsystemd-shared.install |
954 | @@ -0,0 +1,2 @@ |
955 | +usr/lib/*/systemd/libsystemd-core-*.so |
956 | +usr/lib/*/systemd/libsystemd-shared-*.so |
957 | diff --git a/debian/libsystemd-shared.lintian-overrides b/debian/libsystemd-shared.lintian-overrides |
958 | new file mode 100644 |
959 | index 0000000..065ba9b |
960 | --- /dev/null |
961 | +++ b/debian/libsystemd-shared.lintian-overrides |
962 | @@ -0,0 +1,2 @@ |
963 | +# Intentional: value of config got in a release by mistake, needs to be kept |
964 | +libsystemd-shared: spelling-error-in-binary usr/lib/*/systemd/libsystemd-shared-251.so anually annually |
965 | diff --git a/debian/libudev-dev.install b/debian/libudev-dev.install |
966 | index 3cd6bf0..ac9a6b4 100644 |
967 | --- a/debian/libudev-dev.install |
968 | +++ b/debian/libudev-dev.install |
969 | @@ -1,5 +1,3 @@ |
970 | usr/include/libudev.h |
971 | usr/lib/*/libudev.so |
972 | usr/lib/*/pkgconfig/libudev.pc |
973 | -usr/share/man/man3/udev* |
974 | -usr/share/man/man3/libudev* |
975 | diff --git a/debian/libudev-dev.manpages b/debian/libudev-dev.manpages |
976 | new file mode 100644 |
977 | index 0000000..009109c |
978 | --- /dev/null |
979 | +++ b/debian/libudev-dev.manpages |
980 | @@ -0,0 +1,2 @@ |
981 | +usr/share/man/man3/udev* |
982 | +usr/share/man/man3/libudev* |
983 | diff --git a/debian/patches/Move-homectl-and-userdbctl-to-bindir.patch b/debian/patches/Move-homectl-and-userdbctl-to-bindir.patch |
984 | new file mode 100644 |
985 | index 0000000..a07e5cd |
986 | --- /dev/null |
987 | +++ b/debian/patches/Move-homectl-and-userdbctl-to-bindir.patch |
988 | @@ -0,0 +1,35 @@ |
989 | +From: Michael Biebl <biebl@debian.org> |
990 | +Date: Sat, 28 May 2022 12:00:08 +0200 |
991 | +Subject: Move homectl and userdbctl to bindir |
992 | + |
993 | +Those binaries aren't needed during early boot. |
994 | + |
995 | +(cherry picked from commit 003a67616148a8c2b94aa0c87595465f5dcac508) |
996 | +--- |
997 | + meson.build | 6 ++---- |
998 | + 1 file changed, 2 insertions(+), 4 deletions(-) |
999 | + |
1000 | +diff --git a/meson.build b/meson.build |
1001 | +index dbba108..ecc5533 100644 |
1002 | +--- a/meson.build |
1003 | ++++ b/meson.build |
1004 | +@@ -2577,8 +2577,7 @@ if conf.get('ENABLE_USERDB') == 1 |
1005 | + link_with : [libshared], |
1006 | + dependencies : [threads], |
1007 | + install_rpath : rootlibexecdir, |
1008 | +- install : true, |
1009 | +- install_dir : rootbindir) |
1010 | ++ install : true) |
1011 | + endif |
1012 | + |
1013 | + if conf.get('ENABLE_HOMED') == 1 |
1014 | +@@ -2621,8 +2620,7 @@ if conf.get('ENABLE_HOMED') == 1 |
1015 | + libp11kit, |
1016 | + libdl], |
1017 | + install_rpath : rootlibexecdir, |
1018 | +- install : true, |
1019 | +- install_dir : rootbindir) |
1020 | ++ install : true) |
1021 | + |
1022 | + if conf.get('HAVE_PAM') == 1 |
1023 | + version_script_arg = project_source_root / pam_systemd_home_sym |
1024 | diff --git a/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch b/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch |
1025 | index 0c8f9f4..1c4762c 100644 |
1026 | --- a/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch |
1027 | +++ b/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch |
1028 | @@ -16,7 +16,7 @@ Closes: #981407 |
1029 | 3 files changed, 7 insertions(+), 3 deletions(-) |
1030 | |
1031 | diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c |
1032 | -index 3ff6eae..09ba381 100644 |
1033 | +index 11991ec..76893db 100644 |
1034 | --- a/src/core/load-fragment.c |
1035 | +++ b/src/core/load-fragment.c |
1036 | @@ -522,6 +522,7 @@ static int patch_var_run( |
1037 | @@ -51,10 +51,10 @@ index 14ae873..aa9e94b 100644 |
1038 | "Please update package to include a native systemd unit file, in order to make it more safe and robust.", fpath); |
1039 | |
1040 | diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c |
1041 | -index 94973c2..0d27daa 100644 |
1042 | +index 53cd570..7d71edd 100644 |
1043 | --- a/src/tmpfiles/tmpfiles.c |
1044 | +++ b/src/tmpfiles/tmpfiles.c |
1045 | -@@ -2760,6 +2760,7 @@ static int specifier_expansion_from_arg(const Specifier *specifier_table, Item * |
1046 | +@@ -2757,6 +2757,7 @@ static int specifier_expansion_from_arg(const Specifier *specifier_table, Item * |
1047 | static int patch_var_run(const char *fname, unsigned line, char **path) { |
1048 | const char *k; |
1049 | char *n; |
1050 | @@ -62,7 +62,7 @@ index 94973c2..0d27daa 100644 |
1051 | |
1052 | assert(path); |
1053 | assert(*path); |
1054 | -@@ -2785,7 +2786,8 @@ static int patch_var_run(const char *fname, unsigned line, char **path) { |
1055 | +@@ -2782,7 +2783,8 @@ static int patch_var_run(const char *fname, unsigned line, char **path) { |
1056 | /* Also log about this briefly. We do so at LOG_NOTICE level, as we fixed up the situation automatically, hence |
1057 | * there's no immediate need for action by the user. However, in the interest of making things less confusing |
1058 | * to the user, let's still inform the user that these snippets should really be updated. */ |
1059 | diff --git a/debian/patches/debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch b/debian/patches/debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch |
1060 | index 3cb53bc..9a39629 100644 |
1061 | --- a/debian/patches/debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch |
1062 | +++ b/debian/patches/debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch |
1063 | @@ -14,12 +14,12 @@ Closes: #971282 |
1064 | 2 files changed, 8 insertions(+), 8 deletions(-) |
1065 | |
1066 | diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in |
1067 | -index fc0f8c3..65996bb 100644 |
1068 | +index 693433b..8368a3f 100644 |
1069 | --- a/src/core/systemd.pc.in |
1070 | +++ b/src/core/systemd.pc.in |
1071 | -@@ -65,16 +65,16 @@ systemdshutdowndir=${systemd_shutdown_dir} |
1072 | - tmpfiles_dir=${prefix}/lib/tmpfiles.d |
1073 | - tmpfilesdir=${tmpfiles_dir} |
1074 | +@@ -67,16 +67,16 @@ tmpfilesdir=${tmpfiles_dir} |
1075 | + |
1076 | + user_tmpfiles_dir=${prefix}/share/user-tmpfiles.d |
1077 | |
1078 | -sysusers_dir=${rootprefix}/lib/sysusers.d |
1079 | +sysusers_dir=${prefix}/lib/sysusers.d |
1080 | diff --git a/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch b/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch |
1081 | index 37f3a0a..6043efd 100644 |
1082 | --- a/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch |
1083 | +++ b/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch |
1084 | @@ -19,7 +19,7 @@ Bug-Debian: https://bugs.debian.org/815020 |
1085 | 2 files changed, 1 insertion(+), 21 deletions(-) |
1086 | |
1087 | diff --git a/src/core/main.c b/src/core/main.c |
1088 | -index 409b84a..7989bbe 100644 |
1089 | +index 69d450a..badd385 100644 |
1090 | --- a/src/core/main.c |
1091 | +++ b/src/core/main.c |
1092 | @@ -1619,24 +1619,6 @@ static void cmdline_take_random_seed(void) { |
1093 | @@ -47,7 +47,7 @@ index 409b84a..7989bbe 100644 |
1094 | static void initialize_core_pattern(bool skip_setup) { |
1095 | int r; |
1096 | |
1097 | -@@ -2765,8 +2747,6 @@ int main(int argc, char *argv[]) { |
1098 | +@@ -2763,8 +2745,6 @@ int main(int argc, char *argv[]) { |
1099 | kernel_timestamp = DUAL_TIMESTAMP_NULL; |
1100 | } |
1101 | |
1102 | diff --git a/debian/patches/debian/Use-Debian-specific-config-files.patch b/debian/patches/debian/Use-Debian-specific-config-files.patch |
1103 | index 3b25027..b7a2c6d 100644 |
1104 | --- a/debian/patches/debian/Use-Debian-specific-config-files.patch |
1105 | +++ b/debian/patches/debian/Use-Debian-specific-config-files.patch |
1106 | @@ -16,7 +16,7 @@ Read/write /etc/timezone if /etc/localtime does not exist. |
1107 | 4 files changed, 164 insertions(+), 113 deletions(-) |
1108 | |
1109 | diff --git a/src/basic/time-util.c b/src/basic/time-util.c |
1110 | -index c309369..6e3fbd1 100644 |
1111 | +index 0ad8de4..f0f0ef4 100644 |
1112 | --- a/src/basic/time-util.c |
1113 | +++ b/src/basic/time-util.c |
1114 | @@ -1477,19 +1477,43 @@ int get_timezone(char **ret) { |
1115 | @@ -101,7 +101,7 @@ index 716febb..9818602 100644 |
1116 | char *s; |
1117 | |
1118 | diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c |
1119 | -index 9759f46..4eb48bb 100644 |
1120 | +index 2d1b982..96b7eca 100644 |
1121 | --- a/src/locale/keymap-util.c |
1122 | +++ b/src/locale/keymap-util.c |
1123 | @@ -91,6 +91,7 @@ void locale_simplify(char *locale[_VARIABLE_LC_MAX]) { |
1124 | diff --git a/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch b/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch |
1125 | index e028e3c..80211e4 100644 |
1126 | --- a/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch |
1127 | +++ b/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch |
1128 | @@ -239,10 +239,10 @@ index 0000000..b7ad58d |
1129 | + |
1130 | +</refentry> |
1131 | diff --git a/meson.build b/meson.build |
1132 | -index 36cbfa4..2abc0f1 100644 |
1133 | +index f73c7ff..d94e75d 100644 |
1134 | --- a/meson.build |
1135 | +++ b/meson.build |
1136 | -@@ -3207,6 +3207,15 @@ executable( |
1137 | +@@ -3219,6 +3219,15 @@ executable( |
1138 | install : true, |
1139 | install_dir : rootlibexecdir) |
1140 | |
1141 | @@ -251,7 +251,7 @@ index 36cbfa4..2abc0f1 100644 |
1142 | + 'src/fsckd/fsckd.c', |
1143 | + include_directories : includes, |
1144 | + link_with : [libshared], |
1145 | -+ install_rpath : rootlibexecdir, |
1146 | ++ install_rpath : rootpkglibdir, |
1147 | + install : true, |
1148 | + install_dir : rootlibexecdir) |
1149 | + |
1150 | diff --git a/debian/patches/glibc-Remove-include-linux-fs.h-to-resolve-fsconfig_comma.patch b/debian/patches/glibc-Remove-include-linux-fs.h-to-resolve-fsconfig_comma.patch |
1151 | deleted file mode 100644 |
1152 | index c11f3e8..0000000 |
1153 | --- a/debian/patches/glibc-Remove-include-linux-fs.h-to-resolve-fsconfig_comma.patch |
1154 | +++ /dev/null |
1155 | @@ -1,95 +0,0 @@ |
1156 | -From: Rudi Heitbaum <rudi@heitbaum.com> |
1157 | -Date: Sat, 23 Jul 2022 10:38:49 +0000 |
1158 | -Subject: glibc: Remove #include <linux/fs.h> to resolve |
1159 | -Origin: upstream,https://github.com/systemd/systemd/pull/23992 |
1160 | - |
1161 | -fsconfig_command/mount_attr conflict with glibc 2.36 |
1162 | -Fixes: #23984 |
1163 | - |
1164 | ---- |
1165 | - meson.build | 13 ++++++++++++- |
1166 | - src/basic/fd-util.c | 2 ++ |
1167 | - src/core/namespace.c | 2 ++ |
1168 | - src/shared/mount-util.c | 2 ++ |
1169 | - 4 files changed, 18 insertions(+), 1 deletion(-) |
1170 | - |
1171 | -diff --git a/meson.build b/meson.build |
1172 | -index 2abc0f1..9f00405 100644 |
1173 | ---- a/meson.build |
1174 | -+++ b/meson.build |
1175 | -@@ -479,7 +479,6 @@ decl_headers = ''' |
1176 | - #include <uchar.h> |
1177 | - #include <sys/mount.h> |
1178 | - #include <sys/stat.h> |
1179 | --#include <linux/fs.h> |
1180 | - ''' |
1181 | - |
1182 | - foreach decl : ['char16_t', |
1183 | -@@ -491,6 +490,17 @@ foreach decl : ['char16_t', |
1184 | - # We get -1 if the size cannot be determined |
1185 | - have = cc.sizeof(decl, prefix : decl_headers, args : '-D_GNU_SOURCE') > 0 |
1186 | - |
1187 | -+ if decl == 'struct mount_attr' |
1188 | -+ if have |
1189 | -+ want_linux_fs_h = false |
1190 | -+ else |
1191 | -+ have = cc.sizeof(decl, |
1192 | -+ prefix : decl_headers + '#include <linux/fs.h>', |
1193 | -+ args : '-D_GNU_SOURCE') > 0 |
1194 | -+ want_linux_fs_h = have |
1195 | -+ endif |
1196 | -+ endif |
1197 | -+ |
1198 | - if decl == 'struct statx' |
1199 | - if have |
1200 | - want_linux_stat_h = false |
1201 | -@@ -506,6 +516,7 @@ foreach decl : ['char16_t', |
1202 | - endforeach |
1203 | - |
1204 | - conf.set10('WANT_LINUX_STAT_H', want_linux_stat_h) |
1205 | -+conf.set10('WANT_LINUX_FS_H', want_linux_fs_h) |
1206 | - |
1207 | - foreach ident : ['secure_getenv', '__secure_getenv'] |
1208 | - conf.set10('HAVE_' + ident.to_upper(), cc.has_function(ident)) |
1209 | -diff --git a/src/basic/fd-util.c b/src/basic/fd-util.c |
1210 | -index 6c1de92..00591d6 100644 |
1211 | ---- a/src/basic/fd-util.c |
1212 | -+++ b/src/basic/fd-util.c |
1213 | -@@ -3,7 +3,9 @@ |
1214 | - #include <errno.h> |
1215 | - #include <fcntl.h> |
1216 | - #include <linux/btrfs.h> |
1217 | -+#if WANT_LINUX_FS_H |
1218 | - #include <linux/fs.h> |
1219 | -+#endif |
1220 | - #include <linux/magic.h> |
1221 | - #include <sys/ioctl.h> |
1222 | - #include <sys/resource.h> |
1223 | -diff --git a/src/core/namespace.c b/src/core/namespace.c |
1224 | -index 926aa96..c85a947 100644 |
1225 | ---- a/src/core/namespace.c |
1226 | -+++ b/src/core/namespace.c |
1227 | -@@ -6,7 +6,9 @@ |
1228 | - #include <stdio.h> |
1229 | - #include <sys/mount.h> |
1230 | - #include <unistd.h> |
1231 | -+#if WANT_LINUX_FS_H |
1232 | - #include <linux/fs.h> |
1233 | -+#endif |
1234 | - |
1235 | - #include "alloc-util.h" |
1236 | - #include "base-filesystem.h" |
1237 | -diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c |
1238 | -index e76e4a0..0c8dec7 100644 |
1239 | ---- a/src/shared/mount-util.c |
1240 | -+++ b/src/shared/mount-util.c |
1241 | -@@ -7,7 +7,9 @@ |
1242 | - #include <sys/statvfs.h> |
1243 | - #include <unistd.h> |
1244 | - #include <linux/loop.h> |
1245 | -+#if WANT_LINUX_FS_H |
1246 | - #include <linux/fs.h> |
1247 | -+#endif |
1248 | - |
1249 | - #include "alloc-util.h" |
1250 | - #include "chase-symlinks.h" |
1251 | diff --git a/debian/patches/lp1979215-boot-efi-missing-.note.GNU-stack-section-implies-executab.patch b/debian/patches/lp1979215-boot-efi-missing-.note.GNU-stack-section-implies-executab.patch |
1252 | deleted file mode 100644 |
1253 | index 150eb84..0000000 |
1254 | --- a/debian/patches/lp1979215-boot-efi-missing-.note.GNU-stack-section-implies-executab.patch |
1255 | +++ /dev/null |
1256 | @@ -1,32 +0,0 @@ |
1257 | -Description: Ignore 'missing .note.GNU-stack section implies executable stack' warning |
1258 | - This is actually caused by crt0-efi-x86_64.o from gnu-efi. Ignore the warning until |
1259 | - this package is fixed. |
1260 | -Author: Nick Rosbrook <nick.rosbrook@canonical.com> |
1261 | -Bug: https://sourceforge.net/p/gnu-efi/bugs/28/ |
1262 | -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnu-efi/+bug/1979215 |
1263 | -Last-Update: 2022-06-20 |
1264 | ---- |
1265 | -From: Nick Rosbrook <nick.rosbrook@canonical.com> |
1266 | -Date: Fri, 17 Jun 2022 14:48:49 -0400 |
1267 | -Subject: boot/efi: ignore 'missing .note.GNU-stack section implies executable stack' warning |
1268 | - |
1269 | -This actually comes from gnu-efi [1], so once that is fixed we can drop |
1270 | -this patch. |
1271 | - |
1272 | -[1] https://sourceforge.net/p/gnu-efi/bugs/28/ |
1273 | ---- |
1274 | - src/boot/efi/meson.build | 1 + |
1275 | - 1 file changed, 1 insertion(+) |
1276 | - |
1277 | -diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build |
1278 | -index 299a01b..6f0d7b9 100644 |
1279 | ---- a/src/boot/efi/meson.build |
1280 | -+++ b/src/boot/efi/meson.build |
1281 | -@@ -256,6 +256,7 @@ efi_ldflags = [ |
1282 | - '-Wl,--fatal-warnings', |
1283 | - '-Wl,--no-undefined', |
1284 | - '-Wl,--warn-common', |
1285 | -+ '-Wl,--no-warn-execstack', |
1286 | - '-Wl,-Bsymbolic', |
1287 | - '-z', 'nocombreloc', |
1288 | - efi_crt0, |
1289 | diff --git a/debian/patches/lp1979236-boot-efi-set-no-warn-rwx-segments-on-arm.patch b/debian/patches/lp1979236-boot-efi-set-no-warn-rwx-segments-on-arm.patch |
1290 | deleted file mode 100644 |
1291 | index 2e09a6d..0000000 |
1292 | --- a/debian/patches/lp1979236-boot-efi-set-no-warn-rwx-segments-on-arm.patch |
1293 | +++ /dev/null |
1294 | @@ -1,34 +0,0 @@ |
1295 | -Description: Set --no-warn-rwx-segments on arm |
1296 | - A new linker warning is causing FTBFS on arm. Until upstream systemd |
1297 | - has an appropriate patch, just disable the warning. |
1298 | -Author: Nick Rosbrook <nick.rosbrook@canonical.com> |
1299 | -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1979236 |
1300 | -Last-Update: 2022-06-20 |
1301 | ---- |
1302 | -From: Nick Rosbrook <nick.rosbrook@canonical.com> |
1303 | -Date: Fri, 17 Jun 2022 15:54:34 -0400 |
1304 | -Subject: boot/efi: set --no-warn-rwx-segments on arm |
1305 | - |
1306 | ---- |
1307 | - src/boot/efi/meson.build | 2 ++ |
1308 | - 1 file changed, 2 insertions(+) |
1309 | -diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build |
1310 | -index 6f0d7b9..c0beffb 100644 |
1311 | ---- a/src/boot/efi/meson.build |
1312 | -+++ b/src/boot/efi/meson.build |
1313 | -@@ -266,6 +266,7 @@ if efi_arch[1] in ['aarch64', 'arm', 'riscv64'] |
1314 | - # Aarch64, ARM32 and 64bit RISC-V don't have an EFI capable objcopy. |
1315 | - # Use 'binary' instead, and add required symbols manually. |
1316 | - efi_ldflags += ['-Wl,--defsym=EFI_SUBSYSTEM=0xa'] |
1317 | -+ efi_ldflags += ['-Wl,--no-warn-rwx-segments'] |
1318 | - efi_format = ['-O', 'binary'] |
1319 | - else |
1320 | - efi_ldflags += ['-pie'] |
1321 | -@@ -280,6 +281,7 @@ if efi_arch[1] == 'arm' |
1322 | - # is because libgcc is not compiled with -fshort-wchar, but it does not |
1323 | - # have any occurrences of wchar_t in its sources or the documentation, so |
1324 | - # it is safe to assume that we can ignore this warning. |
1325 | -+ efi_ldflags += ['-Wl,--no-warn-rwx-segments'] |
1326 | - efi_ldflags += ['-Wl,--no-wchar-size-warning'] |
1327 | - endif |
1328 | - |
1329 | diff --git a/debian/patches/meson-install-libsystemd-shared-into-rootpkglibdir.patch b/debian/patches/meson-install-libsystemd-shared-into-rootpkglibdir.patch |
1330 | new file mode 100644 |
1331 | index 0000000..91a4e3a |
1332 | --- /dev/null |
1333 | +++ b/debian/patches/meson-install-libsystemd-shared-into-rootpkglibdir.patch |
1334 | @@ -0,0 +1,1218 @@ |
1335 | +From: Michael Biebl <biebl@debian.org> |
1336 | +Date: Wed, 1 Jun 2022 08:23:02 +0200 |
1337 | +Subject: meson: install libsystemd-shared into rootpkglibdir |
1338 | + |
1339 | +Introduce rootpkglibdir for installing libsystemd-{shared,core}.so. |
1340 | +The benefit over using rootlibexecdir is that this path can be |
1341 | +multiarch aware, i.e. this path can be architecture qualified. |
1342 | + |
1343 | +This is something we'd like to make use of in Debian/Ubuntu to make |
1344 | +libsystemd-shared co-installable, e.g. for i386 the path would be |
1345 | +/usr/lib/i386-linux-gnu/systemd/libsystemd-shared-*.so and for amd64 |
1346 | +/usr/lib/x86_64-linux-gnu/systemd/libsystemd-shared-*.so. |
1347 | +This will allow for example to install and run systemd-boot/i386 on an |
1348 | +amd64 host. It also simplifies/enables cross-building/bootstrapping. |
1349 | + |
1350 | +For more infos about Multi-Arch see https://wiki.debian.org/Multiarch. |
1351 | + |
1352 | +See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990547 |
1353 | + |
1354 | +(cherry picked from commit 5fb225615bf751b97644bed7aae44f69ba03cc84) |
1355 | +--- |
1356 | + meson.build | 249 ++++++++++++++++++++++++----------------------- |
1357 | + src/core/meson.build | 2 +- |
1358 | + src/nspawn/nspawn-util.c | 5 +- |
1359 | + src/shared/meson.build | 2 +- |
1360 | + src/udev/meson.build | 2 +- |
1361 | + 5 files changed, 132 insertions(+), 128 deletions(-) |
1362 | + |
1363 | +diff --git a/meson.build b/meson.build |
1364 | +index ecc5533..f73c7ff 100644 |
1365 | +--- a/meson.build |
1366 | ++++ b/meson.build |
1367 | +@@ -146,6 +146,7 @@ rootlibdir = get_option('rootlibdir') |
1368 | + if rootlibdir == '' |
1369 | + rootlibdir = rootprefixdir / libdir.split('/')[-1] |
1370 | + endif |
1371 | ++rootpkglibdir = rootlibdir / 'systemd' |
1372 | + |
1373 | + install_sysconfdir = get_option('install-sysconfdir') != 'false' |
1374 | + install_sysconfdir_samples = get_option('install-sysconfdir') == 'true' |
1375 | +@@ -1994,7 +1995,7 @@ if conf.get('HAVE_LIBCRYPTSETUP_PLUGINS') == 1 |
1376 | + tpm2, |
1377 | + versiondep], |
1378 | + link_depends : cryptsetup_token_sym, |
1379 | +- install_rpath : rootlibexecdir, |
1380 | ++ install_rpath : rootpkglibdir, |
1381 | + install : true, |
1382 | + install_dir : libcryptsetup_plugins_dir) |
1383 | + endif |
1384 | +@@ -2012,7 +2013,7 @@ if conf.get('HAVE_LIBCRYPTSETUP_PLUGINS') == 1 |
1385 | + libfido2, |
1386 | + versiondep], |
1387 | + link_depends : cryptsetup_token_sym, |
1388 | +- install_rpath : rootlibexecdir, |
1389 | ++ install_rpath : rootpkglibdir, |
1390 | + install : true, |
1391 | + install_dir : libcryptsetup_plugins_dir) |
1392 | + endif |
1393 | +@@ -2030,7 +2031,7 @@ if conf.get('HAVE_LIBCRYPTSETUP_PLUGINS') == 1 |
1394 | + libp11kit, |
1395 | + versiondep], |
1396 | + link_depends : cryptsetup_token_sym, |
1397 | +- install_rpath : rootlibexecdir, |
1398 | ++ install_rpath : rootpkglibdir, |
1399 | + install : true, |
1400 | + install_dir : libcryptsetup_plugins_dir) |
1401 | + endif |
1402 | +@@ -2165,7 +2166,7 @@ exe = executable( |
1403 | + libshared], |
1404 | + dependencies : [versiondep, |
1405 | + libseccomp], |
1406 | +- install_rpath : rootlibexecdir, |
1407 | ++ install_rpath : rootpkglibdir, |
1408 | + install : true, |
1409 | + install_dir : rootlibexecdir) |
1410 | + dbus_programs += exe |
1411 | +@@ -2183,7 +2184,7 @@ public_programs += executable( |
1412 | + libshared], |
1413 | + dependencies : [versiondep, |
1414 | + libseccomp], |
1415 | +- install_rpath : rootlibexecdir, |
1416 | ++ install_rpath : rootpkglibdir, |
1417 | + install : conf.get('ENABLE_ANALYZE') == 1) |
1418 | + |
1419 | + executable( |
1420 | +@@ -2197,7 +2198,7 @@ executable( |
1421 | + liblz4, |
1422 | + libselinux, |
1423 | + libzstd], |
1424 | +- install_rpath : rootlibexecdir, |
1425 | ++ install_rpath : rootpkglibdir, |
1426 | + install : true, |
1427 | + install_dir : rootlibexecdir) |
1428 | + |
1429 | +@@ -2208,7 +2209,7 @@ public_programs += executable( |
1430 | + link_with : [libjournal_core, |
1431 | + libshared], |
1432 | + dependencies : [threads], |
1433 | +- install_rpath : rootlibexecdir, |
1434 | ++ install_rpath : rootpkglibdir, |
1435 | + install : true) |
1436 | + |
1437 | + public_programs += executable( |
1438 | +@@ -2222,7 +2223,7 @@ public_programs += executable( |
1439 | + liblz4, |
1440 | + libzstd, |
1441 | + libdl], |
1442 | +- install_rpath : rootlibexecdir, |
1443 | ++ install_rpath : rootpkglibdir, |
1444 | + install : true, |
1445 | + install_dir : rootbindir) |
1446 | + |
1447 | +@@ -2231,7 +2232,7 @@ executable( |
1448 | + 'src/getty-generator/getty-generator.c', |
1449 | + include_directories : includes, |
1450 | + link_with : [libshared], |
1451 | +- install_rpath : rootlibexecdir, |
1452 | ++ install_rpath : rootpkglibdir, |
1453 | + install : true, |
1454 | + install_dir : systemgeneratordir) |
1455 | + |
1456 | +@@ -2240,7 +2241,7 @@ executable( |
1457 | + 'src/debug-generator/debug-generator.c', |
1458 | + include_directories : includes, |
1459 | + link_with : [libshared], |
1460 | +- install_rpath : rootlibexecdir, |
1461 | ++ install_rpath : rootpkglibdir, |
1462 | + install : true, |
1463 | + install_dir : systemgeneratordir) |
1464 | + |
1465 | +@@ -2249,7 +2250,7 @@ executable( |
1466 | + 'src/run-generator/run-generator.c', |
1467 | + include_directories : includes, |
1468 | + link_with : [libshared], |
1469 | +- install_rpath : rootlibexecdir, |
1470 | ++ install_rpath : rootpkglibdir, |
1471 | + install : true, |
1472 | + install_dir : systemgeneratordir) |
1473 | + |
1474 | +@@ -2258,7 +2259,7 @@ exe = executable( |
1475 | + 'src/fstab-generator/fstab-generator.c', |
1476 | + include_directories : includes, |
1477 | + link_with : [libshared], |
1478 | +- install_rpath : rootlibexecdir, |
1479 | ++ install_rpath : rootpkglibdir, |
1480 | + install : true, |
1481 | + install_dir : systemgeneratordir) |
1482 | + |
1483 | +@@ -2276,7 +2277,7 @@ if conf.get('ENABLE_ENVIRONMENT_D') == 1 |
1484 | + 'src/environment-d-generator/environment-d-generator.c', |
1485 | + include_directories : includes, |
1486 | + link_with : [libshared], |
1487 | +- install_rpath : rootlibexecdir, |
1488 | ++ install_rpath : rootpkglibdir, |
1489 | + install : true, |
1490 | + install_dir : userenvgeneratordir) |
1491 | + |
1492 | +@@ -2291,7 +2292,7 @@ if conf.get('ENABLE_HIBERNATE') == 1 |
1493 | + 'src/hibernate-resume/hibernate-resume-generator.c', |
1494 | + include_directories : includes, |
1495 | + link_with : [libshared], |
1496 | +- install_rpath : rootlibexecdir, |
1497 | ++ install_rpath : rootpkglibdir, |
1498 | + install : true, |
1499 | + install_dir : systemgeneratordir) |
1500 | + |
1501 | +@@ -2300,7 +2301,7 @@ if conf.get('ENABLE_HIBERNATE') == 1 |
1502 | + 'src/hibernate-resume/hibernate-resume.c', |
1503 | + include_directories : includes, |
1504 | + link_with : [libshared], |
1505 | +- install_rpath : rootlibexecdir, |
1506 | ++ install_rpath : rootpkglibdir, |
1507 | + install : true, |
1508 | + install_dir : rootlibexecdir) |
1509 | + endif |
1510 | +@@ -2312,7 +2313,7 @@ if conf.get('HAVE_BLKID') == 1 |
1511 | + include_directories : includes, |
1512 | + link_with : [libshared], |
1513 | + dependencies : libblkid, |
1514 | +- install_rpath : rootlibexecdir, |
1515 | ++ install_rpath : rootpkglibdir, |
1516 | + install : true, |
1517 | + install_dir : systemgeneratordir) |
1518 | + |
1519 | +@@ -2321,7 +2322,7 @@ if conf.get('HAVE_BLKID') == 1 |
1520 | + 'src/dissect/dissect.c', |
1521 | + include_directories : includes, |
1522 | + link_with : [libshared], |
1523 | +- install_rpath : rootlibexecdir, |
1524 | ++ install_rpath : rootpkglibdir, |
1525 | + install : true) |
1526 | + endif |
1527 | + |
1528 | +@@ -2334,7 +2335,7 @@ if conf.get('ENABLE_RESOLVE') == 1 |
1529 | + libbasic_gcrypt, |
1530 | + libsystemd_resolve_core], |
1531 | + dependencies : systemd_resolved_dependencies, |
1532 | +- install_rpath : rootlibexecdir, |
1533 | ++ install_rpath : rootpkglibdir, |
1534 | + install : true, |
1535 | + install_dir : rootlibexecdir) |
1536 | + |
1537 | +@@ -2349,7 +2350,7 @@ if conf.get('ENABLE_RESOLVE') == 1 |
1538 | + lib_openssl_or_gcrypt, |
1539 | + libm, |
1540 | + libidn], |
1541 | +- install_rpath : rootlibexecdir, |
1542 | ++ install_rpath : rootpkglibdir, |
1543 | + install : true) |
1544 | + |
1545 | + meson.add_install_script(meson_make_symlink, |
1546 | +@@ -2370,7 +2371,7 @@ if conf.get('ENABLE_LOGIND') == 1 |
1547 | + libshared], |
1548 | + dependencies : [threads, |
1549 | + libacl], |
1550 | +- install_rpath : rootlibexecdir, |
1551 | ++ install_rpath : rootpkglibdir, |
1552 | + install : true, |
1553 | + install_dir : rootlibexecdir) |
1554 | + |
1555 | +@@ -2383,7 +2384,7 @@ if conf.get('ENABLE_LOGIND') == 1 |
1556 | + liblz4, |
1557 | + libxz, |
1558 | + libzstd], |
1559 | +- install_rpath : rootlibexecdir, |
1560 | ++ install_rpath : rootpkglibdir, |
1561 | + install : true, |
1562 | + install_dir : rootbindir) |
1563 | + |
1564 | +@@ -2392,7 +2393,7 @@ if conf.get('ENABLE_LOGIND') == 1 |
1565 | + 'src/login/inhibit.c', |
1566 | + include_directories : includes, |
1567 | + link_with : [libshared], |
1568 | +- install_rpath : rootlibexecdir, |
1569 | ++ install_rpath : rootpkglibdir, |
1570 | + install : true, |
1571 | + install_dir : rootbindir) |
1572 | + |
1573 | +@@ -2429,7 +2430,7 @@ if conf.get('ENABLE_LOGIND') == 1 |
1574 | + user_runtime_dir_sources, |
1575 | + include_directories : includes, |
1576 | + link_with : [libshared], |
1577 | +- install_rpath : rootlibexecdir, |
1578 | ++ install_rpath : rootpkglibdir, |
1579 | + install : true, |
1580 | + install_dir : rootlibexecdir) |
1581 | + endif |
1582 | +@@ -2440,7 +2441,7 @@ if conf.get('HAVE_PAM') == 1 |
1583 | + 'src/user-sessions/user-sessions.c', |
1584 | + include_directories : includes, |
1585 | + link_with : [libshared], |
1586 | +- install_rpath : rootlibexecdir, |
1587 | ++ install_rpath : rootpkglibdir, |
1588 | + install : true, |
1589 | + install_dir : rootlibexecdir) |
1590 | + endif |
1591 | +@@ -2458,7 +2459,7 @@ if conf.get('HAVE_BLKID') == 1 and conf.get('HAVE_GNU_EFI') == 1 |
1592 | + include_directories : includes, |
1593 | + link_with : [boot_link_with], |
1594 | + dependencies : [libblkid], |
1595 | +- install_rpath : rootlibexecdir, |
1596 | ++ install_rpath : rootpkglibdir, |
1597 | + install : true) |
1598 | + |
1599 | + public_programs += executable( |
1600 | +@@ -2467,7 +2468,7 @@ if conf.get('HAVE_BLKID') == 1 and conf.get('HAVE_GNU_EFI') == 1 |
1601 | + include_directories : includes, |
1602 | + link_with : [boot_link_with], |
1603 | + dependencies : [libblkid], |
1604 | +- install_rpath : rootlibexecdir, |
1605 | ++ install_rpath : rootpkglibdir, |
1606 | + install : true, |
1607 | + install_dir : rootlibexecdir) |
1608 | + |
1609 | +@@ -2476,7 +2477,7 @@ if conf.get('HAVE_BLKID') == 1 and conf.get('HAVE_GNU_EFI') == 1 |
1610 | + 'src/boot/bless-boot-generator.c', |
1611 | + include_directories : includes, |
1612 | + link_with : [boot_link_with], |
1613 | +- install_rpath : rootlibexecdir, |
1614 | ++ install_rpath : rootpkglibdir, |
1615 | + install : true, |
1616 | + install_dir : systemgeneratordir) |
1617 | + endif |
1618 | +@@ -2487,7 +2488,7 @@ executable( |
1619 | + include_directories : includes, |
1620 | + link_with : [libshared], |
1621 | + dependencies : [libblkid], |
1622 | +- install_rpath : rootlibexecdir, |
1623 | ++ install_rpath : rootpkglibdir, |
1624 | + install : true, |
1625 | + install_dir : rootlibexecdir) |
1626 | + |
1627 | +@@ -2497,7 +2498,7 @@ public_programs += executable( |
1628 | + include_directories : includes, |
1629 | + link_with : [libshared], |
1630 | + dependencies : [threads], |
1631 | +- install_rpath : rootlibexecdir, |
1632 | ++ install_rpath : rootpkglibdir, |
1633 | + install : true) |
1634 | + |
1635 | + systemctl = executable( |
1636 | +@@ -2511,7 +2512,7 @@ systemctl = executable( |
1637 | + libxz, |
1638 | + liblz4, |
1639 | + libzstd], |
1640 | +- install_rpath : rootlibexecdir, |
1641 | ++ install_rpath : rootpkglibdir, |
1642 | + install : true, |
1643 | + install_dir : rootbindir) |
1644 | + public_programs += systemctl |
1645 | +@@ -2523,7 +2524,7 @@ if conf.get('ENABLE_PORTABLED') == 1 |
1646 | + include_directories : includes, |
1647 | + link_with : [libshared], |
1648 | + dependencies : [threads, libselinux], |
1649 | +- install_rpath : rootlibexecdir, |
1650 | ++ install_rpath : rootpkglibdir, |
1651 | + install : true, |
1652 | + install_dir : rootlibexecdir) |
1653 | + |
1654 | +@@ -2533,7 +2534,7 @@ if conf.get('ENABLE_PORTABLED') == 1 |
1655 | + include_directories : includes, |
1656 | + link_with : [libshared], |
1657 | + dependencies : [threads], |
1658 | +- install_rpath : rootlibexecdir, |
1659 | ++ install_rpath : rootpkglibdir, |
1660 | + install : true, |
1661 | + install_dir : rootbindir) |
1662 | + endif |
1663 | +@@ -2544,7 +2545,7 @@ if conf.get('ENABLE_SYSEXT') == 1 |
1664 | + systemd_sysext_sources, |
1665 | + include_directories : includes, |
1666 | + link_with : [libshared], |
1667 | +- install_rpath : rootlibexecdir, |
1668 | ++ install_rpath : rootpkglibdir, |
1669 | + install : true, |
1670 | + install_dir : rootbindir) |
1671 | + endif |
1672 | +@@ -2556,7 +2557,7 @@ if conf.get('ENABLE_USERDB') == 1 |
1673 | + include_directories : includes, |
1674 | + link_with : [libshared], |
1675 | + dependencies : [threads], |
1676 | +- install_rpath : rootlibexecdir, |
1677 | ++ install_rpath : rootpkglibdir, |
1678 | + install : true, |
1679 | + install_dir : rootlibexecdir) |
1680 | + |
1681 | +@@ -2566,7 +2567,7 @@ if conf.get('ENABLE_USERDB') == 1 |
1682 | + include_directories : includes, |
1683 | + link_with : [libshared], |
1684 | + dependencies : [threads], |
1685 | +- install_rpath : rootlibexecdir, |
1686 | ++ install_rpath : rootpkglibdir, |
1687 | + install : true, |
1688 | + install_dir : rootlibexecdir) |
1689 | + |
1690 | +@@ -2576,7 +2577,7 @@ if conf.get('ENABLE_USERDB') == 1 |
1691 | + include_directories : includes, |
1692 | + link_with : [libshared], |
1693 | + dependencies : [threads], |
1694 | +- install_rpath : rootlibexecdir, |
1695 | ++ install_rpath : rootpkglibdir, |
1696 | + install : true) |
1697 | + endif |
1698 | + |
1699 | +@@ -2592,7 +2593,7 @@ if conf.get('ENABLE_HOMED') == 1 |
1700 | + libopenssl, |
1701 | + libfdisk, |
1702 | + libp11kit], |
1703 | +- install_rpath : rootlibexecdir, |
1704 | ++ install_rpath : rootpkglibdir, |
1705 | + install : true, |
1706 | + install_dir : rootlibexecdir) |
1707 | + |
1708 | +@@ -2605,7 +2606,7 @@ if conf.get('ENABLE_HOMED') == 1 |
1709 | + libcrypt, |
1710 | + libopenssl, |
1711 | + libm], |
1712 | +- install_rpath : rootlibexecdir, |
1713 | ++ install_rpath : rootpkglibdir, |
1714 | + install : true, |
1715 | + install_dir : rootlibexecdir) |
1716 | + |
1717 | +@@ -2619,7 +2620,7 @@ if conf.get('ENABLE_HOMED') == 1 |
1718 | + libopenssl, |
1719 | + libp11kit, |
1720 | + libdl], |
1721 | +- install_rpath : rootlibexecdir, |
1722 | ++ install_rpath : rootpkglibdir, |
1723 | + install : true) |
1724 | + |
1725 | + if conf.get('HAVE_PAM') == 1 |
1726 | +@@ -2661,7 +2662,7 @@ if conf.get('ENABLE_BACKLIGHT') == 1 |
1727 | + 'src/backlight/backlight.c', |
1728 | + include_directories : includes, |
1729 | + link_with : [libshared], |
1730 | +- install_rpath : rootlibexecdir, |
1731 | ++ install_rpath : rootpkglibdir, |
1732 | + install : true, |
1733 | + install_dir : rootlibexecdir) |
1734 | + endif |
1735 | +@@ -2672,7 +2673,7 @@ if conf.get('ENABLE_RFKILL') == 1 |
1736 | + 'src/rfkill/rfkill.c', |
1737 | + include_directories : includes, |
1738 | + link_with : [libshared], |
1739 | +- install_rpath : rootlibexecdir, |
1740 | ++ install_rpath : rootpkglibdir, |
1741 | + install : true, |
1742 | + install_dir : rootlibexecdir) |
1743 | + endif |
1744 | +@@ -2682,7 +2683,7 @@ executable( |
1745 | + 'src/system-update-generator/system-update-generator.c', |
1746 | + include_directories : includes, |
1747 | + link_with : [libshared], |
1748 | +- install_rpath : rootlibexecdir, |
1749 | ++ install_rpath : rootpkglibdir, |
1750 | + install : true, |
1751 | + install_dir : systemgeneratordir) |
1752 | + |
1753 | +@@ -2694,7 +2695,7 @@ if conf.get('HAVE_LIBCRYPTSETUP') == 1 |
1754 | + link_with : [libshared], |
1755 | + dependencies : [libcryptsetup, |
1756 | + libp11kit], |
1757 | +- install_rpath : rootlibexecdir, |
1758 | ++ install_rpath : rootpkglibdir, |
1759 | + install : true, |
1760 | + install_dir : rootlibexecdir) |
1761 | + |
1762 | +@@ -2703,7 +2704,7 @@ if conf.get('HAVE_LIBCRYPTSETUP') == 1 |
1763 | + 'src/cryptsetup/cryptsetup-generator.c', |
1764 | + include_directories : includes, |
1765 | + link_with : [libshared], |
1766 | +- install_rpath : rootlibexecdir, |
1767 | ++ install_rpath : rootpkglibdir, |
1768 | + install : true, |
1769 | + install_dir : systemgeneratordir) |
1770 | + |
1771 | +@@ -2713,7 +2714,7 @@ if conf.get('HAVE_LIBCRYPTSETUP') == 1 |
1772 | + include_directories : includes, |
1773 | + link_with : [libshared], |
1774 | + dependencies : [libcryptsetup], |
1775 | +- install_rpath : rootlibexecdir, |
1776 | ++ install_rpath : rootpkglibdir, |
1777 | + install : true, |
1778 | + install_dir : rootlibexecdir) |
1779 | + |
1780 | +@@ -2722,7 +2723,7 @@ if conf.get('HAVE_LIBCRYPTSETUP') == 1 |
1781 | + 'src/veritysetup/veritysetup-generator.c', |
1782 | + include_directories : includes, |
1783 | + link_with : [libshared], |
1784 | +- install_rpath : rootlibexecdir, |
1785 | ++ install_rpath : rootpkglibdir, |
1786 | + install : true, |
1787 | + install_dir : systemgeneratordir) |
1788 | + |
1789 | +@@ -2735,7 +2736,7 @@ if conf.get('HAVE_LIBCRYPTSETUP') == 1 |
1790 | + libdl, |
1791 | + libopenssl, |
1792 | + libp11kit], |
1793 | +- install_rpath : rootlibexecdir, |
1794 | ++ install_rpath : rootpkglibdir, |
1795 | + install : true) |
1796 | + |
1797 | + executable( |
1798 | +@@ -2744,7 +2745,7 @@ if conf.get('HAVE_LIBCRYPTSETUP') == 1 |
1799 | + include_directories : includes, |
1800 | + link_with : [libshared], |
1801 | + dependencies : [libcryptsetup], |
1802 | +- install_rpath : rootlibexecdir, |
1803 | ++ install_rpath : rootpkglibdir, |
1804 | + install : true, |
1805 | + install_dir : rootlibexecdir) |
1806 | + |
1807 | +@@ -2753,7 +2754,7 @@ if conf.get('HAVE_LIBCRYPTSETUP') == 1 |
1808 | + ['src/integritysetup/integritysetup-generator.c', 'src/integritysetup/integrity-util.c'], |
1809 | + include_directories : includes, |
1810 | + link_with : [libshared], |
1811 | +- install_rpath : rootlibexecdir, |
1812 | ++ install_rpath : rootpkglibdir, |
1813 | + install : true, |
1814 | + install_dir : systemgeneratordir) |
1815 | + endif |
1816 | +@@ -2764,7 +2765,7 @@ if conf.get('HAVE_SYSV_COMPAT') == 1 |
1817 | + 'src/sysv-generator/sysv-generator.c', |
1818 | + include_directories : includes, |
1819 | + link_with : [libshared], |
1820 | +- install_rpath : rootlibexecdir, |
1821 | ++ install_rpath : rootpkglibdir, |
1822 | + install : true, |
1823 | + install_dir : systemgeneratordir) |
1824 | + |
1825 | +@@ -2780,7 +2781,7 @@ if conf.get('HAVE_SYSV_COMPAT') == 1 |
1826 | + 'src/rc-local-generator/rc-local-generator.c', |
1827 | + include_directories : includes, |
1828 | + link_with : [libshared], |
1829 | +- install_rpath : rootlibexecdir, |
1830 | ++ install_rpath : rootpkglibdir, |
1831 | + install : true, |
1832 | + install_dir : systemgeneratordir) |
1833 | + endif |
1834 | +@@ -2791,7 +2792,7 @@ if conf.get('ENABLE_XDG_AUTOSTART') == 1 |
1835 | + systemd_xdg_autostart_generator_sources, |
1836 | + include_directories : includes, |
1837 | + link_with : [libshared], |
1838 | +- install_rpath : rootlibexecdir, |
1839 | ++ install_rpath : rootpkglibdir, |
1840 | + install : true, |
1841 | + install_dir : usergeneratordir) |
1842 | + |
1843 | +@@ -2800,7 +2801,7 @@ if conf.get('ENABLE_XDG_AUTOSTART') == 1 |
1844 | + 'src/xdg-autostart-generator/xdg-autostart-condition.c', |
1845 | + include_directories : includes, |
1846 | + link_with : [libshared], |
1847 | +- install_rpath : rootlibexecdir, |
1848 | ++ install_rpath : rootpkglibdir, |
1849 | + install : true, |
1850 | + install_dir : rootlibexecdir) |
1851 | + endif |
1852 | +@@ -2811,7 +2812,7 @@ if conf.get('ENABLE_HOSTNAMED') == 1 |
1853 | + 'src/hostname/hostnamed.c', |
1854 | + include_directories : includes, |
1855 | + link_with : [libshared], |
1856 | +- install_rpath : rootlibexecdir, |
1857 | ++ install_rpath : rootpkglibdir, |
1858 | + install : true, |
1859 | + install_dir : rootlibexecdir) |
1860 | + |
1861 | +@@ -2820,7 +2821,7 @@ if conf.get('ENABLE_HOSTNAMED') == 1 |
1862 | + 'src/hostname/hostnamectl.c', |
1863 | + include_directories : includes, |
1864 | + link_with : [libshared], |
1865 | +- install_rpath : rootlibexecdir, |
1866 | ++ install_rpath : rootpkglibdir, |
1867 | + install : true) |
1868 | + endif |
1869 | + |
1870 | +@@ -2839,7 +2840,7 @@ if conf.get('ENABLE_LOCALED') == 1 |
1871 | + include_directories : includes, |
1872 | + link_with : [libshared], |
1873 | + dependencies : deps, |
1874 | +- install_rpath : rootlibexecdir, |
1875 | ++ install_rpath : rootpkglibdir, |
1876 | + install : true, |
1877 | + install_dir : rootlibexecdir) |
1878 | + |
1879 | +@@ -2848,7 +2849,7 @@ if conf.get('ENABLE_LOCALED') == 1 |
1880 | + localectl_sources, |
1881 | + include_directories : includes, |
1882 | + link_with : [libshared], |
1883 | +- install_rpath : rootlibexecdir, |
1884 | ++ install_rpath : rootpkglibdir, |
1885 | + install : true) |
1886 | + endif |
1887 | + |
1888 | +@@ -2858,7 +2859,7 @@ if conf.get('ENABLE_TIMEDATED') == 1 |
1889 | + 'src/timedate/timedated.c', |
1890 | + include_directories : includes, |
1891 | + link_with : [libshared], |
1892 | +- install_rpath : rootlibexecdir, |
1893 | ++ install_rpath : rootpkglibdir, |
1894 | + install : true, |
1895 | + install_dir : rootlibexecdir) |
1896 | + endif |
1897 | +@@ -2868,7 +2869,7 @@ if conf.get('ENABLE_TIMEDATECTL') == 1 |
1898 | + 'timedatectl', |
1899 | + 'src/timedate/timedatectl.c', |
1900 | + include_directories : includes, |
1901 | +- install_rpath : rootlibexecdir, |
1902 | ++ install_rpath : rootpkglibdir, |
1903 | + link_with : [libshared], |
1904 | + dependencies : [libm], |
1905 | + install : true) |
1906 | +@@ -2882,7 +2883,7 @@ if conf.get('ENABLE_TIMESYNCD') == 1 |
1907 | + link_with : [libtimesyncd_core], |
1908 | + dependencies : [threads, |
1909 | + libm], |
1910 | +- install_rpath : rootlibexecdir, |
1911 | ++ install_rpath : rootpkglibdir, |
1912 | + install : true, |
1913 | + install_dir : rootlibexecdir) |
1914 | + |
1915 | +@@ -2891,7 +2892,7 @@ if conf.get('ENABLE_TIMESYNCD') == 1 |
1916 | + 'src/timesync/wait-sync.c', |
1917 | + include_directories : includes, |
1918 | + link_with : [libtimesyncd_core], |
1919 | +- install_rpath : rootlibexecdir, |
1920 | ++ install_rpath : rootpkglibdir, |
1921 | + install : true, |
1922 | + install_dir : rootlibexecdir) |
1923 | + endif |
1924 | +@@ -2903,7 +2904,7 @@ if conf.get('ENABLE_MACHINED') == 1 |
1925 | + include_directories : includes, |
1926 | + link_with : [libmachine_core, |
1927 | + libshared], |
1928 | +- install_rpath : rootlibexecdir, |
1929 | ++ install_rpath : rootpkglibdir, |
1930 | + install : true, |
1931 | + install_dir : rootlibexecdir) |
1932 | + |
1933 | +@@ -2916,7 +2917,7 @@ if conf.get('ENABLE_MACHINED') == 1 |
1934 | + libxz, |
1935 | + liblz4, |
1936 | + libzstd], |
1937 | +- install_rpath : rootlibexecdir, |
1938 | ++ install_rpath : rootpkglibdir, |
1939 | + install : true, |
1940 | + install_dir : rootbindir) |
1941 | + endif |
1942 | +@@ -2928,7 +2929,7 @@ if conf.get('ENABLE_IMPORTD') == 1 |
1943 | + include_directories : includes, |
1944 | + link_with : [libshared], |
1945 | + dependencies : [threads], |
1946 | +- install_rpath : rootlibexecdir, |
1947 | ++ install_rpath : rootpkglibdir, |
1948 | + install : true, |
1949 | + install_dir : rootlibexecdir) |
1950 | + |
1951 | +@@ -2944,7 +2945,7 @@ if conf.get('ENABLE_IMPORTD') == 1 |
1952 | + libz, |
1953 | + libbzip2, |
1954 | + libxz], |
1955 | +- install_rpath : rootlibexecdir, |
1956 | ++ install_rpath : rootpkglibdir, |
1957 | + install : true, |
1958 | + install_dir : rootlibexecdir) |
1959 | + |
1960 | +@@ -2958,7 +2959,7 @@ if conf.get('ENABLE_IMPORTD') == 1 |
1961 | + libz, |
1962 | + libbzip2, |
1963 | + libxz], |
1964 | +- install_rpath : rootlibexecdir, |
1965 | ++ install_rpath : rootpkglibdir, |
1966 | + install : true, |
1967 | + install_dir : rootlibexecdir) |
1968 | + |
1969 | +@@ -2968,7 +2969,7 @@ if conf.get('ENABLE_IMPORTD') == 1 |
1970 | + include_directories : includes, |
1971 | + link_with : [libshared, |
1972 | + lib_import_common], |
1973 | +- install_rpath : rootlibexecdir, |
1974 | ++ install_rpath : rootpkglibdir, |
1975 | + install : true, |
1976 | + install_dir : rootlibexecdir) |
1977 | + |
1978 | +@@ -2982,7 +2983,7 @@ if conf.get('ENABLE_IMPORTD') == 1 |
1979 | + libz, |
1980 | + libbzip2, |
1981 | + libxz], |
1982 | +- install_rpath : rootlibexecdir, |
1983 | ++ install_rpath : rootpkglibdir, |
1984 | + install : true, |
1985 | + install_dir : rootlibexecdir) |
1986 | + |
1987 | +@@ -3002,7 +3003,7 @@ if conf.get('ENABLE_REMOTE') == 1 and conf.get('HAVE_LIBCURL') == 1 |
1988 | + libxz, |
1989 | + liblz4, |
1990 | + libzstd], |
1991 | +- install_rpath : rootlibexecdir, |
1992 | ++ install_rpath : rootpkglibdir, |
1993 | + install : true, |
1994 | + install_dir : rootlibexecdir) |
1995 | + endif |
1996 | +@@ -3020,7 +3021,7 @@ if conf.get('ENABLE_REMOTE') == 1 and conf.get('HAVE_MICROHTTPD') == 1 |
1997 | + libxz, |
1998 | + liblz4, |
1999 | + libzstd], |
2000 | +- install_rpath : rootlibexecdir, |
2001 | ++ install_rpath : rootpkglibdir, |
2002 | + install : true, |
2003 | + install_dir : rootlibexecdir) |
2004 | + |
2005 | +@@ -3035,7 +3036,7 @@ if conf.get('ENABLE_REMOTE') == 1 and conf.get('HAVE_MICROHTTPD') == 1 |
2006 | + libxz, |
2007 | + liblz4, |
2008 | + libzstd], |
2009 | +- install_rpath : rootlibexecdir, |
2010 | ++ install_rpath : rootpkglibdir, |
2011 | + install : true, |
2012 | + install_dir : rootlibexecdir) |
2013 | + endif |
2014 | +@@ -3052,7 +3053,7 @@ if conf.get('ENABLE_COREDUMP') == 1 |
2015 | + libxz, |
2016 | + liblz4, |
2017 | + libzstd], |
2018 | +- install_rpath : rootlibexecdir, |
2019 | ++ install_rpath : rootpkglibdir, |
2020 | + install : true, |
2021 | + install_dir : rootlibexecdir) |
2022 | + |
2023 | +@@ -3066,7 +3067,7 @@ if conf.get('ENABLE_COREDUMP') == 1 |
2024 | + libxz, |
2025 | + liblz4, |
2026 | + libzstd], |
2027 | +- install_rpath : rootlibexecdir, |
2028 | ++ install_rpath : rootpkglibdir, |
2029 | + install : true) |
2030 | + endif |
2031 | + |
2032 | +@@ -3081,7 +3082,7 @@ if conf.get('ENABLE_PSTORE') == 1 |
2033 | + libxz, |
2034 | + liblz4, |
2035 | + libzstd], |
2036 | +- install_rpath : rootlibexecdir, |
2037 | ++ install_rpath : rootpkglibdir, |
2038 | + install : true, |
2039 | + install_dir : rootlibexecdir) |
2040 | + endif |
2041 | +@@ -3092,7 +3093,7 @@ if conf.get('ENABLE_OOMD') == 1 |
2042 | + include_directories : includes, |
2043 | + link_with : [libshared], |
2044 | + dependencies : [], |
2045 | +- install_rpath : rootlibexecdir, |
2046 | ++ install_rpath : rootpkglibdir, |
2047 | + install : true, |
2048 | + install_dir : rootlibexecdir) |
2049 | + |
2050 | +@@ -3102,7 +3103,7 @@ if conf.get('ENABLE_OOMD') == 1 |
2051 | + include_directories : includes, |
2052 | + link_with : [libshared], |
2053 | + dependencies : [], |
2054 | +- install_rpath : rootlibexecdir, |
2055 | ++ install_rpath : rootpkglibdir, |
2056 | + install : true) |
2057 | + endif |
2058 | + |
2059 | +@@ -3112,7 +3113,7 @@ if conf.get('ENABLE_BINFMT') == 1 |
2060 | + 'src/binfmt/binfmt.c', |
2061 | + include_directories : includes, |
2062 | + link_with : [libshared], |
2063 | +- install_rpath : rootlibexecdir, |
2064 | ++ install_rpath : rootpkglibdir, |
2065 | + install : true, |
2066 | + install_dir : rootlibexecdir) |
2067 | + |
2068 | +@@ -3134,7 +3135,7 @@ if conf.get('ENABLE_SYSUPDATE') == 1 |
2069 | + libblkid, |
2070 | + libfdisk, |
2071 | + libopenssl], |
2072 | +- install_rpath : rootlibexecdir, |
2073 | ++ install_rpath : rootpkglibdir, |
2074 | + install : true, |
2075 | + install_dir : rootlibexecdir) |
2076 | + public_programs += exe |
2077 | +@@ -3146,7 +3147,7 @@ if conf.get('ENABLE_VCONSOLE') == 1 |
2078 | + 'src/vconsole/vconsole-setup.c', |
2079 | + include_directories : includes, |
2080 | + link_with : [libshared], |
2081 | +- install_rpath : rootlibexecdir, |
2082 | ++ install_rpath : rootpkglibdir, |
2083 | + install : true, |
2084 | + install_dir : rootlibexecdir) |
2085 | + endif |
2086 | +@@ -3157,7 +3158,7 @@ if conf.get('ENABLE_RANDOMSEED') == 1 |
2087 | + 'src/random-seed/random-seed.c', |
2088 | + include_directories : includes, |
2089 | + link_with : [libshared], |
2090 | +- install_rpath : rootlibexecdir, |
2091 | ++ install_rpath : rootpkglibdir, |
2092 | + install : true, |
2093 | + install_dir : rootlibexecdir) |
2094 | + endif |
2095 | +@@ -3169,7 +3170,7 @@ if conf.get('ENABLE_FIRSTBOOT') == 1 |
2096 | + include_directories : includes, |
2097 | + link_with : [libshared], |
2098 | + dependencies : [libcrypt], |
2099 | +- install_rpath : rootlibexecdir, |
2100 | ++ install_rpath : rootpkglibdir, |
2101 | + install : true, |
2102 | + install_dir : rootbindir) |
2103 | + endif |
2104 | +@@ -3179,7 +3180,7 @@ executable( |
2105 | + 'src/remount-fs/remount-fs.c', |
2106 | + include_directories : includes, |
2107 | + link_with : [libshared], |
2108 | +- install_rpath : rootlibexecdir, |
2109 | ++ install_rpath : rootpkglibdir, |
2110 | + install : true, |
2111 | + install_dir : rootlibexecdir) |
2112 | + |
2113 | +@@ -3188,7 +3189,7 @@ executable( |
2114 | + 'src/machine-id-setup/machine-id-setup-main.c', |
2115 | + include_directories : includes, |
2116 | + link_with : [libshared], |
2117 | +- install_rpath : rootlibexecdir, |
2118 | ++ install_rpath : rootpkglibdir, |
2119 | + install : true, |
2120 | + install_dir : rootbindir) |
2121 | + |
2122 | +@@ -3197,7 +3198,7 @@ executable( |
2123 | + 'src/fsck/fsck.c', |
2124 | + include_directories : includes, |
2125 | + link_with : [libshared], |
2126 | +- install_rpath : rootlibexecdir, |
2127 | ++ install_rpath : rootpkglibdir, |
2128 | + install : true, |
2129 | + install_dir : rootlibexecdir) |
2130 | + |
2131 | +@@ -3205,7 +3206,7 @@ executable('systemd-growfs', |
2132 | + 'src/partition/growfs.c', |
2133 | + include_directories : includes, |
2134 | + link_with : [libshared], |
2135 | +- install_rpath : rootlibexecdir, |
2136 | ++ install_rpath : rootpkglibdir, |
2137 | + install : true, |
2138 | + install_dir : rootlibexecdir) |
2139 | + |
2140 | +@@ -3214,7 +3215,7 @@ executable( |
2141 | + 'src/partition/makefs.c', |
2142 | + include_directories : includes, |
2143 | + link_with : [libshared], |
2144 | +- install_rpath : rootlibexecdir, |
2145 | ++ install_rpath : rootpkglibdir, |
2146 | + install : true, |
2147 | + install_dir : rootlibexecdir) |
2148 | + |
2149 | +@@ -3223,7 +3224,7 @@ executable( |
2150 | + 'src/sleep/sleep.c', |
2151 | + include_directories : includes, |
2152 | + link_with : [libshared], |
2153 | +- install_rpath : rootlibexecdir, |
2154 | ++ install_rpath : rootpkglibdir, |
2155 | + install : true, |
2156 | + install_dir : rootlibexecdir) |
2157 | + |
2158 | +@@ -3237,7 +3238,7 @@ public_programs += executable( |
2159 | + 'src/sysctl/sysctl.c', |
2160 | + include_directories : includes, |
2161 | + link_with : [libshared], |
2162 | +- install_rpath : rootlibexecdir, |
2163 | ++ install_rpath : rootpkglibdir, |
2164 | + install : true, |
2165 | + install_dir : rootlibexecdir) |
2166 | + |
2167 | +@@ -3246,7 +3247,7 @@ executable( |
2168 | + 'src/ac-power/ac-power.c', |
2169 | + include_directories : includes, |
2170 | + link_with : [libshared], |
2171 | +- install_rpath : rootlibexecdir, |
2172 | ++ install_rpath : rootpkglibdir, |
2173 | + install : true, |
2174 | + install_dir : rootlibexecdir) |
2175 | + |
2176 | +@@ -3255,7 +3256,7 @@ public_programs += executable( |
2177 | + 'src/detect-virt/detect-virt.c', |
2178 | + include_directories : includes, |
2179 | + link_with : [libshared], |
2180 | +- install_rpath : rootlibexecdir, |
2181 | ++ install_rpath : rootpkglibdir, |
2182 | + install : true) |
2183 | + |
2184 | + public_programs += executable( |
2185 | +@@ -3263,7 +3264,7 @@ public_programs += executable( |
2186 | + 'src/delta/delta.c', |
2187 | + include_directories : includes, |
2188 | + link_with : [libshared], |
2189 | +- install_rpath : rootlibexecdir, |
2190 | ++ install_rpath : rootpkglibdir, |
2191 | + install : true) |
2192 | + |
2193 | + public_programs += executable( |
2194 | +@@ -3271,7 +3272,7 @@ public_programs += executable( |
2195 | + 'src/escape/escape.c', |
2196 | + include_directories : includes, |
2197 | + link_with : [libshared], |
2198 | +- install_rpath : rootlibexecdir, |
2199 | ++ install_rpath : rootpkglibdir, |
2200 | + install : true, |
2201 | + install_dir : rootbindir) |
2202 | + |
2203 | +@@ -3280,7 +3281,7 @@ public_programs += executable( |
2204 | + 'src/notify/notify.c', |
2205 | + include_directories : includes, |
2206 | + link_with : [libshared], |
2207 | +- install_rpath : rootlibexecdir, |
2208 | ++ install_rpath : rootpkglibdir, |
2209 | + install : true, |
2210 | + install_dir : rootbindir) |
2211 | + |
2212 | +@@ -3291,7 +3292,7 @@ public_programs += executable( |
2213 | + link_with : [libshared], |
2214 | + dependencies : [threads, |
2215 | + libopenssl], |
2216 | +- install_rpath : rootlibexecdir, |
2217 | ++ install_rpath : rootpkglibdir, |
2218 | + install : true, |
2219 | + install_dir : rootbindir) |
2220 | + |
2221 | +@@ -3300,7 +3301,7 @@ executable( |
2222 | + 'src/volatile-root/volatile-root.c', |
2223 | + include_directories : includes, |
2224 | + link_with : [libshared], |
2225 | +- install_rpath : rootlibexecdir, |
2226 | ++ install_rpath : rootpkglibdir, |
2227 | + install : conf.get('ENABLE_INITRD') == 1, |
2228 | + install_dir : rootlibexecdir) |
2229 | + |
2230 | +@@ -3309,7 +3310,7 @@ executable( |
2231 | + 'src/cgroups-agent/cgroups-agent.c', |
2232 | + include_directories : includes, |
2233 | + link_with : [libshared], |
2234 | +- install_rpath : rootlibexecdir, |
2235 | ++ install_rpath : rootpkglibdir, |
2236 | + install : true, |
2237 | + install_dir : rootlibexecdir) |
2238 | + |
2239 | +@@ -3318,7 +3319,7 @@ systemd_id128 = executable( |
2240 | + 'src/id128/id128.c', |
2241 | + include_directories : includes, |
2242 | + link_with : [libshared], |
2243 | +- install_rpath : rootlibexecdir, |
2244 | ++ install_rpath : rootpkglibdir, |
2245 | + install : true) |
2246 | + public_programs += systemd_id128 |
2247 | + |
2248 | +@@ -3335,7 +3336,7 @@ public_programs += executable( |
2249 | + 'src/path/path.c', |
2250 | + include_directories : includes, |
2251 | + link_with : [libshared], |
2252 | +- install_rpath : rootlibexecdir, |
2253 | ++ install_rpath : rootpkglibdir, |
2254 | + install : true) |
2255 | + |
2256 | + public_programs += executable( |
2257 | +@@ -3343,7 +3344,7 @@ public_programs += executable( |
2258 | + 'src/ask-password/ask-password.c', |
2259 | + include_directories : includes, |
2260 | + link_with : [libshared], |
2261 | +- install_rpath : rootlibexecdir, |
2262 | ++ install_rpath : rootpkglibdir, |
2263 | + install : true, |
2264 | + install_dir : rootbindir) |
2265 | + |
2266 | +@@ -3352,7 +3353,7 @@ executable( |
2267 | + 'src/reply-password/reply-password.c', |
2268 | + include_directories : includes, |
2269 | + link_with : [libshared], |
2270 | +- install_rpath : rootlibexecdir, |
2271 | ++ install_rpath : rootpkglibdir, |
2272 | + install : true, |
2273 | + install_dir : rootlibexecdir) |
2274 | + |
2275 | +@@ -3361,7 +3362,7 @@ public_programs += executable( |
2276 | + 'src/tty-ask-password-agent/tty-ask-password-agent.c', |
2277 | + include_directories : includes, |
2278 | + link_with : [libshared], |
2279 | +- install_rpath : rootlibexecdir, |
2280 | ++ install_rpath : rootpkglibdir, |
2281 | + install : true, |
2282 | + install_dir : rootbindir) |
2283 | + |
2284 | +@@ -3370,7 +3371,7 @@ public_programs += executable( |
2285 | + 'src/cgls/cgls.c', |
2286 | + include_directories : includes, |
2287 | + link_with : [libshared], |
2288 | +- install_rpath : rootlibexecdir, |
2289 | ++ install_rpath : rootpkglibdir, |
2290 | + install : true) |
2291 | + |
2292 | + public_programs += executable( |
2293 | +@@ -3378,7 +3379,7 @@ public_programs += executable( |
2294 | + 'src/cgtop/cgtop.c', |
2295 | + include_directories : includes, |
2296 | + link_with : [libshared], |
2297 | +- install_rpath : rootlibexecdir, |
2298 | ++ install_rpath : rootpkglibdir, |
2299 | + install : true) |
2300 | + |
2301 | + executable( |
2302 | +@@ -3386,7 +3387,7 @@ executable( |
2303 | + 'src/initctl/initctl.c', |
2304 | + include_directories : includes, |
2305 | + link_with : [libshared], |
2306 | +- install_rpath : rootlibexecdir, |
2307 | ++ install_rpath : rootpkglibdir, |
2308 | + install : (conf.get('HAVE_SYSV_COMPAT') == 1), |
2309 | + install_dir : rootlibexecdir) |
2310 | + |
2311 | +@@ -3396,7 +3397,7 @@ public_programs += executable( |
2312 | + include_directories : includes, |
2313 | + link_with : [libshared], |
2314 | + dependencies: [libmount], |
2315 | +- install_rpath : rootlibexecdir, |
2316 | ++ install_rpath : rootpkglibdir, |
2317 | + install : true) |
2318 | + |
2319 | + meson.add_install_script(meson_make_symlink, |
2320 | +@@ -3407,7 +3408,7 @@ public_programs += executable( |
2321 | + 'src/run/run.c', |
2322 | + include_directories : includes, |
2323 | + link_with : [libshared], |
2324 | +- install_rpath : rootlibexecdir, |
2325 | ++ install_rpath : rootpkglibdir, |
2326 | + install : true) |
2327 | + |
2328 | + public_programs += executable( |
2329 | +@@ -3416,7 +3417,7 @@ public_programs += executable( |
2330 | + include_directories : includes, |
2331 | + link_with : [libshared], |
2332 | + dependencies : [versiondep], |
2333 | +- install_rpath : rootlibexecdir, |
2334 | ++ install_rpath : rootpkglibdir, |
2335 | + install : true) |
2336 | + |
2337 | + public_programs += executable( |
2338 | +@@ -3425,7 +3426,7 @@ public_programs += executable( |
2339 | + include_directories : includes, |
2340 | + link_with : [libshared], |
2341 | + dependencies : [versiondep], |
2342 | +- install_rpath : rootlibexecdir, |
2343 | ++ install_rpath : rootpkglibdir, |
2344 | + install : true) |
2345 | + |
2346 | + if enable_sysusers |
2347 | +@@ -3434,7 +3435,7 @@ if enable_sysusers |
2348 | + 'src/sysusers/sysusers.c', |
2349 | + include_directories : includes, |
2350 | + link_with : [libshared], |
2351 | +- install_rpath : rootlibexecdir, |
2352 | ++ install_rpath : rootpkglibdir, |
2353 | + install : true, |
2354 | + install_dir : rootbindir) |
2355 | + public_programs += exe |
2356 | +@@ -3476,7 +3477,7 @@ if conf.get('ENABLE_TMPFILES') == 1 |
2357 | + include_directories : includes, |
2358 | + link_with : [libshared], |
2359 | + dependencies : [libacl], |
2360 | +- install_rpath : rootlibexecdir, |
2361 | ++ install_rpath : rootpkglibdir, |
2362 | + install : true, |
2363 | + install_dir : rootbindir) |
2364 | + public_programs += exe |
2365 | +@@ -3538,7 +3539,7 @@ if conf.get('ENABLE_QUOTACHECK') == 1 |
2366 | + 'src/quotacheck/quotacheck.c', |
2367 | + include_directories : includes, |
2368 | + link_with : [libshared], |
2369 | +- install_rpath : rootlibexecdir, |
2370 | ++ install_rpath : rootpkglibdir, |
2371 | + install : true, |
2372 | + install_dir : rootlibexecdir) |
2373 | + endif |
2374 | +@@ -3549,7 +3550,7 @@ public_programs += executable( |
2375 | + include_directories : includes, |
2376 | + link_with : [libshared], |
2377 | + dependencies : [threads], |
2378 | +- install_rpath : rootlibexecdir, |
2379 | ++ install_rpath : rootpkglibdir, |
2380 | + install : true, |
2381 | + install_dir : rootlibexecdir) |
2382 | + |
2383 | +@@ -3578,7 +3579,7 @@ if conf.get('ENABLE_REPART') == 1 |
2384 | + dependencies : [threads, |
2385 | + libblkid, |
2386 | + libfdisk], |
2387 | +- install_rpath : rootlibexecdir, |
2388 | ++ install_rpath : rootpkglibdir, |
2389 | + install : true, |
2390 | + install_dir : rootbindir) |
2391 | + public_programs += exe |
2392 | +@@ -3596,7 +3597,7 @@ executable( |
2393 | + include_directories : includes, |
2394 | + link_with : [libshared], |
2395 | + dependencies : [libmount], |
2396 | +- install_rpath : rootlibexecdir, |
2397 | ++ install_rpath : rootpkglibdir, |
2398 | + install : true, |
2399 | + install_dir : rootlibexecdir) |
2400 | + |
2401 | +@@ -3605,7 +3606,7 @@ executable( |
2402 | + 'src/update-done/update-done.c', |
2403 | + include_directories : includes, |
2404 | + link_with : [libshared], |
2405 | +- install_rpath : rootlibexecdir, |
2406 | ++ install_rpath : rootpkglibdir, |
2407 | + install : true, |
2408 | + install_dir : rootlibexecdir) |
2409 | + |
2410 | +@@ -3615,7 +3616,7 @@ executable( |
2411 | + include_directories : includes, |
2412 | + link_with : [libshared], |
2413 | + dependencies : [libaudit], |
2414 | +- install_rpath : rootlibexecdir, |
2415 | ++ install_rpath : rootpkglibdir, |
2416 | + install : (conf.get('ENABLE_UTMP') == 1), |
2417 | + install_dir : rootlibexecdir) |
2418 | + |
2419 | +@@ -3626,7 +3627,7 @@ if conf.get('HAVE_KMOD') == 1 |
2420 | + include_directories : includes, |
2421 | + link_with : [libshared], |
2422 | + dependencies : [libkmod], |
2423 | +- install_rpath : rootlibexecdir, |
2424 | ++ install_rpath : rootpkglibdir, |
2425 | + install : true, |
2426 | + install_dir : rootlibexecdir) |
2427 | + |
2428 | +@@ -3646,7 +3647,7 @@ public_programs += executable( |
2429 | + libshared], |
2430 | + dependencies : [libblkid, |
2431 | + libseccomp], |
2432 | +- install_rpath : rootlibexecdir, |
2433 | ++ install_rpath : rootpkglibdir, |
2434 | + install : true) |
2435 | + |
2436 | + if conf.get('ENABLE_NETWORKD') == 1 |
2437 | +@@ -3658,7 +3659,7 @@ if conf.get('ENABLE_NETWORKD') == 1 |
2438 | + libsystemd_network, |
2439 | + networkd_link_with], |
2440 | + dependencies : [threads], |
2441 | +- install_rpath : rootlibexecdir, |
2442 | ++ install_rpath : rootpkglibdir, |
2443 | + install : true, |
2444 | + install_dir : rootlibexecdir) |
2445 | + |
2446 | +@@ -3667,7 +3668,7 @@ if conf.get('ENABLE_NETWORKD') == 1 |
2447 | + systemd_networkd_wait_online_sources, |
2448 | + include_directories : includes, |
2449 | + link_with : [networkd_link_with], |
2450 | +- install_rpath : rootlibexecdir, |
2451 | ++ install_rpath : rootpkglibdir, |
2452 | + install : true, |
2453 | + install_dir : rootlibexecdir) |
2454 | + |
2455 | +@@ -3677,7 +3678,7 @@ if conf.get('ENABLE_NETWORKD') == 1 |
2456 | + include_directories : libsystemd_network_includes, |
2457 | + link_with : [libsystemd_network, |
2458 | + networkd_link_with], |
2459 | +- install_rpath : rootlibexecdir, |
2460 | ++ install_rpath : rootpkglibdir, |
2461 | + install : true, |
2462 | + install_dir : rootbindir) |
2463 | + endif |
2464 | +@@ -3687,7 +3688,7 @@ exe = executable( |
2465 | + network_generator_sources, |
2466 | + include_directories : includes, |
2467 | + link_with : [networkd_link_with], |
2468 | +- install_rpath : rootlibexecdir, |
2469 | ++ install_rpath : rootpkglibdir, |
2470 | + install : true, |
2471 | + install_dir : rootlibexecdir) |
2472 | + |
2473 | +@@ -3704,7 +3705,7 @@ executable( |
2474 | + 'src/sulogin-shell/sulogin-shell.c', |
2475 | + include_directories : includes, |
2476 | + link_with : [libshared], |
2477 | +- install_rpath : rootlibexecdir, |
2478 | ++ install_rpath : rootpkglibdir, |
2479 | + install : true, |
2480 | + install_dir : rootlibexecdir) |
2481 | + |
2482 | +@@ -3767,7 +3768,7 @@ foreach tuple : tests |
2483 | + dependencies], |
2484 | + c_args : defs, |
2485 | + build_by_default : want_tests != 'false', |
2486 | +- install_rpath : rootlibexecdir, |
2487 | ++ install_rpath : rootpkglibdir, |
2488 | + install : install_tests, |
2489 | + install_dir : testsdir / type, |
2490 | + link_depends : runtest_env) |
2491 | +diff --git a/src/core/meson.build b/src/core/meson.build |
2492 | +index 9efa542..162090a 100644 |
2493 | +--- a/src/core/meson.build |
2494 | ++++ b/src/core/meson.build |
2495 | +@@ -202,7 +202,7 @@ libcore = shared_library( |
2496 | + libblkid, |
2497 | + libacl], |
2498 | + install : true, |
2499 | +- install_dir : rootlibexecdir) |
2500 | ++ install_dir : rootpkglibdir) |
2501 | + |
2502 | + core_includes = [includes, include_directories('.')] |
2503 | + |
2504 | +diff --git a/src/nspawn/nspawn-util.c b/src/nspawn/nspawn-util.c |
2505 | +index 402554f..830ac39 100644 |
2506 | +--- a/src/nspawn/nspawn-util.c |
2507 | ++++ b/src/nspawn/nspawn-util.c |
2508 | +@@ -20,9 +20,12 @@ int systemd_installation_has_version(const char *root, const char *minimal_versi |
2509 | + /* /lib works for systems without usr-merge, and for systems with a sane |
2510 | + * usr-merge, where /lib is a symlink to /usr/lib. /usr/lib is necessary |
2511 | + * for Gentoo which does a merge without making /lib a symlink. |
2512 | ++ * Also support multiarch paths von Debian/Ubuntu; *-linux-* is a small |
2513 | ++ * optimization based on the naming scheme of existing multiarch tuples. |
2514 | + */ |
2515 | + "/lib/systemd/libsystemd-shared-*.so", |
2516 | + "/lib64/systemd/libsystemd-shared-*.so", |
2517 | ++ "/usr/lib/*-linux-*/systemd/libsystemd-shared-*.so", |
2518 | + "/usr/lib/systemd/libsystemd-shared-*.so", |
2519 | + "/usr/lib64/systemd/libsystemd-shared-*.so") { |
2520 | + |
2521 | +@@ -47,7 +50,7 @@ int systemd_installation_has_version(const char *root, const char *minimal_versi |
2522 | + /* This is most likely to run only once, hence let's not optimize anything. */ |
2523 | + char *t, *t2; |
2524 | + |
2525 | +- t = startswith(*name, path); |
2526 | ++ t = startswith(basename(*name), "libsystemd-shared-"); |
2527 | + if (!t) |
2528 | + continue; |
2529 | + |
2530 | +diff --git a/src/shared/meson.build b/src/shared/meson.build |
2531 | +index 1d4e4a0..363693d 100644 |
2532 | +--- a/src/shared/meson.build |
2533 | ++++ b/src/shared/meson.build |
2534 | +@@ -483,4 +483,4 @@ libshared = shared_library( |
2535 | + libsystemd_static], |
2536 | + dependencies : libshared_deps, |
2537 | + install : true, |
2538 | +- install_dir : rootlibexecdir) |
2539 | ++ install_dir : rootpkglibdir) |
2540 | +diff --git a/src/udev/meson.build b/src/udev/meson.build |
2541 | +index 79964a7..c6711be 100644 |
2542 | +--- a/src/udev/meson.build |
2543 | ++++ b/src/udev/meson.build |
2544 | +@@ -100,7 +100,7 @@ link_config_gperf_c = custom_target( |
2545 | + |
2546 | + if get_option('link-udev-shared') |
2547 | + udev_link_with = [libshared] |
2548 | +- udev_rpath = rootlibexecdir |
2549 | ++ udev_rpath = rootpkglibdir |
2550 | + else |
2551 | + udev_link_with = [libshared_static, |
2552 | + libsystemd_static] |
2553 | diff --git a/debian/patches/series b/debian/patches/series |
2554 | index 4b00a36..7c6674d 100644 |
2555 | --- a/debian/patches/series |
2556 | +++ b/debian/patches/series |
2557 | @@ -1,5 +1,7 @@ |
2558 | Do-not-require-a-valid-version-when-parsing-sd-boot-loade.patch |
2559 | -sha256-fix-compilation-on-efi-ia32.patch |
2560 | +Move-homectl-and-userdbctl-to-bindir.patch |
2561 | +meson-install-libsystemd-shared-into-rootpkglibdir.patch |
2562 | +shellcheck-clean-kernel-install-again.patch |
2563 | debian/Use-Debian-specific-config-files.patch |
2564 | debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch |
2565 | debian/Make-run-lock-tmpfs-an-API-fs.patch |
2566 | @@ -41,13 +43,10 @@ lp1950794-Revert-sd-dhcp-do-not-use-detect_container-to-guess-.patch |
2567 | 0001-Revert-tests-add-test-case-for-UMask-BindPaths-combi.patch |
2568 | deny-list-TEST-55-OOMD-on-ppc64el.patch |
2569 | debian/UBUNTU-Don-t-override-Ubuntu-s-default-sysctl-values-LP-1962038.patch |
2570 | -lp1979215-boot-efi-missing-.note.GNU-stack-section-implies-executab.patch |
2571 | -lp1979236-boot-efi-set-no-warn-rwx-segments-on-arm.patch |
2572 | lp1978079-pstore-Run-after-modules-are-loaded.patch |
2573 | sd-hwdb-add-sd_hwdb_new_from_path.patch |
2574 | hwdb-implement-root-option-for-systemd-hwdb-query.patch |
2575 | test-increase-QEMU_MEM-for-some-tests.patch |
2576 | test-copy-libgcc_s.so.1-to-TPM2-test-image-on-Debian-like.patch |
2577 | -units-remove-the-restart-limit-on-the-modprobe-.service.patch |
2578 | lp1981042-core-firstboot-workaround-timezone-issues-caused-by-Ubunt.patch |
2579 | -glibc-Remove-include-linux-fs.h-to-resolve-fsconfig_comma.patch |
2580 | +test-denylist-TEST-29-PORTABLE-again.patch |
2581 | diff --git a/debian/patches/sha256-fix-compilation-on-efi-ia32.patch b/debian/patches/sha256-fix-compilation-on-efi-ia32.patch |
2582 | deleted file mode 100644 |
2583 | index 9d0494a..0000000 |
2584 | --- a/debian/patches/sha256-fix-compilation-on-efi-ia32.patch |
2585 | +++ /dev/null |
2586 | @@ -1,39 +0,0 @@ |
2587 | -From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> |
2588 | -Date: Fri, 3 Jun 2022 09:32:02 +0200 |
2589 | -Subject: sha256: fix compilation on efi-ia32 |
2590 | -MIME-Version: 1.0 |
2591 | -Content-Type: text/plain; charset="utf-8" |
2592 | -Content-Transfer-Encoding: 8bit |
2593 | - |
2594 | -/usr/bin/gcc -c ../src/fundamental/sha256.c -o src/boot/efi/sha256.c.o -Wno-format-signedness -Wno-missing-field-initializers -Wno-unused-parameter -Wdate-time -Wendif-labels -Werror=format=2 -Werror=implicit-function-declaration -Werror=incompatible-pointer-types -Werror=int-conversion -Werror=overflow -Werror=override-init -Werror=return-type -Werror=shift-count-overflow -Werror=shift-overflow=2 -Werror=undef -Wfloat-equal -Wimplicit-fallthrough=5 -Winit-self -Wlogical-op -Wmissing-include-dirs -Wmissing-noreturn -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-aliasing=2 -Wstrict-prototypes -Wsuggest-attribute=noreturn -Wunused-function -Wwrite-strings -Wno-unused-result -fno-stack-protector -fno-strict-aliasing -fpic -fwide-exec-charset=UCS2 -Wall -Wextra -Wsign-compare -nostdlib -std=gnu99 -ffreestanding -fshort-wchar -fvisibility=hidden -isystem /usr/include/efi -isystem /usr/include/efi/ia32 -I /builddir/build/BUILD/systemd-stable-250.7/src/fundamental -DSD_BOOT -DGNU_EFI_USE_MS_ABI -include src/boot/efi/efi_config.h -include version.h -mno-sse -mno-mmx -flto -O2 -flto=auto |
2595 | -../src/fundamental/sha256.c: In function ‘sha256_finish_ctx’: |
2596 | -../src/fundamental/sha256.c:61:25: error: ‘false’ undeclared (first use in this function) |
2597 | - 61 | # define UNALIGNED_P(p) false |
2598 | - | ^~~~~ |
2599 | -../src/fundamental/sha256.c:136:21: note: in expansion of macro ‘UNALIGNED_P’ |
2600 | - 136 | if (UNALIGNED_P(resbuf)) |
2601 | - | ^~~~~~~~~~~ |
2602 | -../src/fundamental/sha256.c:32:1: note: ‘false’ is defined in header ‘<stdbool.h>’; did you forget to ‘#include <stdbool.h>’? |
2603 | - 31 | #include "sha256.h" |
2604 | - +++ |+#include <stdbool.h> |
2605 | - 32 | |
2606 | -... |
2607 | - |
2608 | -(cherry picked from commit 38c87ca2ab96d085158485ecfc46c7cb6af0f166) |
2609 | ---- |
2610 | - src/fundamental/sha256.c | 2 +- |
2611 | - 1 file changed, 1 insertion(+), 1 deletion(-) |
2612 | - |
2613 | -diff --git a/src/fundamental/sha256.c b/src/fundamental/sha256.c |
2614 | -index cd16aec..58b1a80 100644 |
2615 | ---- a/src/fundamental/sha256.c |
2616 | -+++ b/src/fundamental/sha256.c |
2617 | -@@ -58,7 +58,7 @@ |
2618 | - # define UNALIGNED_P(p) (((size_t) p) % sizeof(uint32_t) != 0) |
2619 | - # endif |
2620 | - #else |
2621 | --# define UNALIGNED_P(p) false |
2622 | -+# define UNALIGNED_P(p) sd_false |
2623 | - #endif |
2624 | - |
2625 | - /* This array contains the bytes used to pad the buffer to the next |
2626 | diff --git a/debian/patches/shellcheck-clean-kernel-install-again.patch b/debian/patches/shellcheck-clean-kernel-install-again.patch |
2627 | new file mode 100644 |
2628 | index 0000000..ff3d498 |
2629 | --- /dev/null |
2630 | +++ b/debian/patches/shellcheck-clean-kernel-install-again.patch |
2631 | @@ -0,0 +1,46 @@ |
2632 | +From: =?utf-8?b?0L3QsNCx?= <nabijaczleweli@nabijaczleweli.xyz> |
2633 | +Date: Sun, 22 May 2022 22:09:23 +0200 |
2634 | +Subject: shellcheck-clean kernel-install again |
2635 | + |
2636 | +(cherry picked from commit 35339eb88c72f30204589101765a0bca5424e253) |
2637 | +--- |
2638 | + src/kernel-install/kernel-install.in | 5 ++++- |
2639 | + 1 file changed, 4 insertions(+), 1 deletion(-) |
2640 | + |
2641 | +diff --git a/src/kernel-install/kernel-install.in b/src/kernel-install/kernel-install.in |
2642 | +index cf1b81b..c6965ee 100755 |
2643 | +--- a/src/kernel-install/kernel-install.in |
2644 | ++++ b/src/kernel-install/kernel-install.in |
2645 | +@@ -115,6 +115,7 @@ fi |
2646 | + |
2647 | + if [ -n "$install_conf" ]; then |
2648 | + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Reading $install_conf…" |
2649 | ++ # shellcheck source=/dev/null |
2650 | + . "$install_conf" |
2651 | + # FIXME: This may override configuration in environment variables, e.g. $BOOT_ROOT. |
2652 | + fi |
2653 | +@@ -133,6 +134,7 @@ fi |
2654 | + # generated one. If the user configured an explicit machine ID to use in |
2655 | + # /etc/machine-info to use for our purpose, we'll use that instead (for |
2656 | + # compatibility). |
2657 | ++# shellcheck source=/dev/null |
2658 | + if [ -z "$MACHINE_ID" ] && [ -r /etc/machine-info ] && . /etc/machine-info && MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"; then |
2659 | + [ -n "$MACHINE_ID" ] && [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ |
2660 | + echo "machine-id $MACHINE_ID acquired from /etc/machine-info" |
2661 | +@@ -160,6 +162,7 @@ if [ -z "$ENTRY_TOKEN" ]; then |
2662 | + # the IMAGE_ID= and ID= fields from /etc/os-release and finally the fixed |
2663 | + # string "Default" |
2664 | + ENTRY_TOKEN_SEARCH="$MACHINE_ID" |
2665 | ++ # shellcheck source=/dev/null |
2666 | + [ -r /etc/os-release ] && . /etc/os-release |
2667 | + [ -n "$IMAGE_ID" ] && ENTRY_TOKEN_SEARCH="$ENTRY_TOKEN_SEARCH $IMAGE_ID" |
2668 | + [ -n "$ID" ] && ENTRY_TOKEN_SEARCH="$ENTRY_TOKEN_SEARCH $ID" |
2669 | +@@ -294,7 +297,7 @@ PLUGINS="$( |
2670 | + IFS=" |
2671 | + " |
2672 | + |
2673 | +-[ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo -e "Plugin files:\n$PLUGINS" |
2674 | ++[ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && printf '%s\n' "Plugin files:" "$PLUGINS" |
2675 | + |
2676 | + case "$COMMAND" in |
2677 | + add) |
2678 | diff --git a/debian/patches/test-denylist-TEST-29-PORTABLE-again.patch b/debian/patches/test-denylist-TEST-29-PORTABLE-again.patch |
2679 | new file mode 100644 |
2680 | index 0000000..5a97810 |
2681 | --- /dev/null |
2682 | +++ b/debian/patches/test-denylist-TEST-29-PORTABLE-again.patch |
2683 | @@ -0,0 +1,18 @@ |
2684 | +From: Nick Rosbrook <nick.rosbrook@canonical.com> |
2685 | +Date: Tue, 16 Aug 2022 17:38:36 -0400 |
2686 | +Subject: test: denylist TEST-29-PORTABLE again |
2687 | + |
2688 | +Bug: https://github.com/systemd/systemd/issues/24147 |
2689 | + |
2690 | +--- |
2691 | + test/TEST-29-PORTABLE/deny-list-upstream-ci | 1 + |
2692 | + 1 file changed, 1 insertion(+) |
2693 | + create mode 100644 test/TEST-29-PORTABLE/deny-list-upstream-ci |
2694 | + |
2695 | +diff --git a/test/TEST-29-PORTABLE/deny-list-upstream-ci b/test/TEST-29-PORTABLE/deny-list-upstream-ci |
2696 | +new file mode 100644 |
2697 | +index 0000000..89e1567 |
2698 | +--- /dev/null |
2699 | ++++ b/test/TEST-29-PORTABLE/deny-list-upstream-ci |
2700 | +@@ -0,0 +1 @@ |
2701 | ++# Flaky test tracked in https://github.com/systemd/systemd/issues/24147 |
2702 | diff --git a/debian/patches/units-remove-the-restart-limit-on-the-modprobe-.service.patch b/debian/patches/units-remove-the-restart-limit-on-the-modprobe-.service.patch |
2703 | deleted file mode 100644 |
2704 | index f8668f9..0000000 |
2705 | --- a/debian/patches/units-remove-the-restart-limit-on-the-modprobe-.service.patch |
2706 | +++ /dev/null |
2707 | @@ -1,33 +0,0 @@ |
2708 | -From: Alban Bedel <alban.bedel@aerq.com> |
2709 | -Date: Wed, 15 Jun 2022 13:12:46 +0200 |
2710 | -Subject: units: remove the restart limit on the modprobe@.service |
2711 | - |
2712 | -They are various cases where the same module might be repeatedly |
2713 | -loaded in a short time frame, for example if a service depending on a |
2714 | -module keep restarting, or if many instances of such service get |
2715 | -started at the same time. If this happend the modprobe@.service |
2716 | -instance will be marked as failed because it hit the restart limit. |
2717 | - |
2718 | -Overall it doesn't seems to make much sense to have a restart limit on |
2719 | -the modprobe service so just disable it. |
2720 | - |
2721 | -Fixes: #23742 |
2722 | ---- |
2723 | -Origin: upstream, https://github.com/systemd/systemd/commit/9625350e5381a68c1179ae4581e7586c206663e1 |
2724 | -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1982462 |
2725 | ---- |
2726 | - units/modprobe@.service | 1 + |
2727 | - 1 file changed, 1 insertion(+) |
2728 | - |
2729 | -diff --git a/units/modprobe@.service b/units/modprobe@.service |
2730 | -index cf8baf6..85a2c08 100644 |
2731 | ---- a/units/modprobe@.service |
2732 | -+++ b/units/modprobe@.service |
2733 | -@@ -13,6 +13,7 @@ DefaultDependencies=no |
2734 | - Before=sysinit.target |
2735 | - Documentation=man:modprobe(8) |
2736 | - ConditionCapability=CAP_SYS_MODULE |
2737 | -+StartLimitIntervalSec=0 |
2738 | - |
2739 | - [Service] |
2740 | - Type=oneshot |
2741 | diff --git a/debian/rules b/debian/rules |
2742 | index 957f0c3..e47607a 100755 |
2743 | --- a/debian/rules |
2744 | +++ b/debian/rules |
2745 | @@ -75,8 +75,6 @@ CONFFLAGS = \ |
2746 | -Dsysupdate=false \ |
2747 | -Dxkbcommon=false \ |
2748 | -Dwheel-group=false \ |
2749 | - -Duserdb=false \ |
2750 | - -Dhomed=false \ |
2751 | -Dpwquality=false \ |
2752 | -Dp11kit=false \ |
2753 | -Doomd=true \ |
2754 | @@ -103,7 +101,7 @@ CONFFLAGS = \ |
2755 | -Dinstall-tests=$(if $(filter noinsttest,$(DEB_BUILD_PROFILES)),false,true) \ |
2756 | -Dlibcryptsetup-plugins=false \ |
2757 | -Defi=true \ |
2758 | - -Dman=true \ |
2759 | + -Dman=$(if $(filter nodoc,$(DEB_BUILD_PROFILES)),false,true) \ |
2760 | -Dtranslations=true \ |
2761 | -Dnss-myhostname=true \ |
2762 | -Dnss-mymachines=true \ |
2763 | @@ -129,6 +127,8 @@ CONFFLAGS += \ |
2764 | -Ddns-over-tls=openssl \ |
2765 | -Dlibfido2=true \ |
2766 | -Dtpm2=$(if $(filter i386,$(DEB_HOST_ARCH)),false,true) \ |
2767 | + -Dhomed=true \ |
2768 | + -Duserdb=true \ |
2769 | -Dpcre2=true |
2770 | else |
2771 | CONFFLAGS += \ |
2772 | @@ -145,41 +145,46 @@ CONFFLAGS += \ |
2773 | -Dopenssl=false \ |
2774 | -Dlibfido2=false \ |
2775 | -Dtpm2=false \ |
2776 | + -Dhomed=false \ |
2777 | + -Duserdb=false \ |
2778 | -Dpcre2=false |
2779 | endif |
2780 | |
2781 | override_dh_auto_configure: |
2782 | - dh_auto_configure --builddirectory=build-deb \ |
2783 | + dh_auto_configure \ |
2784 | -- $(CONFFLAGS) $(CONFFLAGS_DISTRO) $(CONFFLAGS_UPSTREAM) |
2785 | |
2786 | -override_dh_auto_build: |
2787 | +execute_before_dh_auto_build: |
2788 | # blhc false positives: C++ fuzz test program, cc -E flags listing, PE-COFF EFI binaries |
2789 | @echo 'blhc: ignore-line-regexp: .* -o test-bus-vtable-cc.*' |
2790 | @echo 'blhc: ignore-line-regexp: .*cc -E.*' |
2791 | @echo 'blhc: ignore-line-regexp: .* -o src/boot/efi.*' |
2792 | - dh_auto_build --builddirectory=build-deb |
2793 | + |
2794 | +execute_after_dh_auto_build: |
2795 | # generate POT file for translators |
2796 | - ninja -C build-deb/ systemd-pot |
2797 | + ninja -C obj-$(DEB_HOST_GNU_TYPE) systemd-pot |
2798 | |
2799 | -override_dh_auto_install: |
2800 | - dh_auto_install --builddirectory=build-deb |
2801 | +execute_after_dh_auto_install: |
2802 | # fix paths in manpages; manually check the remaining /usr occurrences |
2803 | # occasionally, with filtering out paths which are known to be in /usr: |
2804 | # grep -r /usr debian/tmp/usr/share/man/|egrep -v '/usr/local|os.*release|factory|zoneinfo|tmpfiles|kernel|foo|machines|sysctl|dbus|include|binfmt' |
2805 | - find debian/tmp/usr/share/man/ -type f | xargs sed -ri 's_/usr(/lib/systemd/system|/lib/systemd/network|/lib/udev|/lib[^/]|/lib/[^a-z])_\1_g' |
2806 | + if test -d debian/tmp/usr/share/man; then \ |
2807 | + find debian/tmp/usr/share/man/ -type f | xargs sed -ri 's_/usr(/lib/systemd/system|/lib/systemd/network|/lib/udev|/lib[^/]|/lib/[^a-z])_\1_g'; \ |
2808 | + fi |
2809 | |
2810 | -override_dh_auto_clean: |
2811 | +execute_before_dh_auto_clean: |
2812 | ifneq (, $(TEST_UPSTREAM)) |
2813 | debian/extra/checkout-upstream |
2814 | endif |
2815 | - dh_auto_clean --builddirectory=build-deb |
2816 | + |
2817 | +execute_after_dh_auto_clean: |
2818 | rm -f debian/shlibs.local |
2819 | # remove Python byte code files |
2820 | rm -rf tools/__pycache__/ |
2821 | rm -rf tools/chromiumos/__pycache__/ |
2822 | rm -f po/systemd.pot |
2823 | |
2824 | -override_dh_install: |
2825 | +execute_before_dh_install: |
2826 | # remove unnecessary / unused files |
2827 | rm -rf debian/tmp/usr/share/doc/systemd/LICENSES/ |
2828 | rm -f debian/tmp/usr/share/doc/systemd/LICENSE.* |
2829 | @@ -202,21 +207,14 @@ override_dh_install: |
2830 | rm -rf debian/tmp/usr/share/factory/ |
2831 | # replace upstream sysusers.d/basic.conf with proper users for Debian |
2832 | debian/extra/make-sysusers-basic > debian/tmp/usr/lib/sysusers.d/basic.conf |
2833 | - # remove resolvconf compat symlink |
2834 | - rm -f debian/tmp/sbin/resolvconf |
2835 | # remove obsolete compat symlink |
2836 | rm -f debian/tmp/usr/bin/systemd-resolve |
2837 | - # do not create a potentially broken /etc/resolv.conf symlink |
2838 | - # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007018 |
2839 | - rm -f debian/tmp/usr/lib/tmpfiles.d/systemd-resolve.conf |
2840 | - |
2841 | - dh_install |
2842 | |
2843 | - # install standalone binaries and manpages |
2844 | +execute_after_dh_install: |
2845 | + # install standalone binaries |
2846 | for pkg in sysusers tmpfiles; do \ |
2847 | - mkdir -p debian/systemd-standalone-$$pkg/bin debian/systemd-standalone-$$pkg/usr/share/man/man8; \ |
2848 | + mkdir -p debian/systemd-standalone-$$pkg/bin; \ |
2849 | mv debian/systemd/bin/systemd-$$pkg.standalone debian/systemd-standalone-$$pkg/bin/systemd-$$pkg; \ |
2850 | - cp debian/tmp/usr/share/man/man8/systemd-$$pkg.8 debian/systemd-standalone-$$pkg/usr/share/man/man8/; \ |
2851 | done |
2852 | |
2853 | # we don't want /tmp to be a tmpfs by default |
2854 | @@ -226,7 +224,7 @@ override_dh_install: |
2855 | |
2856 | # files shipped by cryptsetup |
2857 | ifeq (, $(filter stage1, $(DEB_BUILD_PROFILES))) |
2858 | - rm debian/systemd/usr/share/man/man5/crypttab.5 |
2859 | + rm -f debian/tmp/usr/share/man/man5/crypttab.5 |
2860 | endif |
2861 | |
2862 | # files shipped by systemd |
2863 | @@ -235,14 +233,6 @@ endif |
2864 | rm debian/udev/lib/udev/rules.d/71-seat.rules |
2865 | rm debian/udev/lib/udev/rules.d/99-systemd.rules |
2866 | |
2867 | - # remove duplicate files shipped by systemd-*/udev |
2868 | - echo "Removing duplicate files in systemd package:" |
2869 | - set -e; for pkg in $(shell dh_listpackages -Nudev-udeb -Nlibudev1-udeb -Nsystemd -Nsystemd-standalone-sysusers -Nsystemd-standalone-tmpfiles); do \ |
2870 | - echo "... from $$pkg..."; \ |
2871 | - (cd debian/$$pkg; find -type f -o -type l) | (cd debian/systemd; xargs rm -f --verbose); \ |
2872 | - (cd debian/$$pkg; find -mindepth 1 -type d | sort -r) | (cd debian/systemd; xargs rmdir --ignore-fail-on-non-empty --verbose || true); \ |
2873 | - done |
2874 | - |
2875 | # Ubuntu specific files |
2876 | ifeq ($(DEB_VENDOR),Ubuntu) |
2877 | install -D --mode=644 debian/extra/udev.py debian/udev/usr/share/apport/package-hooks/udev.py |
2878 | @@ -254,8 +244,30 @@ endif |
2879 | # Remove unneeded file that produces errors in debugedit (LP: #1950445) |
2880 | ifeq ($(DEB_HOST_ARCH),i386) |
2881 | rm -f debian/systemd/usr/lib/systemd/boot/efi/linuxia32.elf.stub |
2882 | + rm -f debian/systemd-boot-efi/usr/lib/systemd/boot/efi/linuxia32.elf.stub |
2883 | endif |
2884 | |
2885 | +execute_after_dh_installman: |
2886 | + # remove duplicate files shipped by systemd-*/udev |
2887 | + # run after dh_installman, which runs after dh_install, to include manpages |
2888 | + echo "Removing duplicate files in systemd package:" |
2889 | + set -e; for pkg in $(shell dh_listpackages -Nudev-udeb -Nlibudev1-udeb -Nsystemd -Nsystemd-standalone-sysusers -Nsystemd-standalone-tmpfiles); do \ |
2890 | + echo "... from $$pkg..."; \ |
2891 | + (cd debian/$$pkg; find -type f -o -type l) | (cd debian/systemd; xargs rm -f --verbose); \ |
2892 | + (cd debian/$$pkg; find -mindepth 1 -type d | sort -r) | (cd debian/systemd; xargs rmdir --ignore-fail-on-non-empty --verbose || true); \ |
2893 | + done |
2894 | + |
2895 | + # dh_installman is affected by false positives and mangles manpages named as lib*.so.* |
2896 | + # fixed in debhelper 13.7.2 by https://salsa.debian.org/debian/debhelper/-/merge_requests/69 |
2897 | + for pkg in libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd; do \ |
2898 | + rm -rf debian/$$pkg/usr/share/man/so; \ |
2899 | + done |
2900 | + # work around some more dh_installman issues |
2901 | + # see https://salsa.debian.org/debian/debhelper/-/merge_requests/69#note_316102 |
2902 | + for pkg in libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd; do \ |
2903 | + rm -rf debian/$$pkg/usr/share/man/man2/; \ |
2904 | + done |
2905 | + |
2906 | override_dh_missing: |
2907 | dh_missing $(DH_MISSING) |
2908 | |
2909 | @@ -267,31 +279,35 @@ override_dh_installsystemd: |
2910 | dh_installsystemd -psystemd-timesyncd |
2911 | dh_installsystemd -psystemd-oomd systemd-oomd.service |
2912 | dh_installsystemd -psystemd-oomd --no-stop-on-upgrade systemd-oomd.socket |
2913 | + dh_installsystemd -psystemd-userdbd --no-stop-on-upgrade systemd-userdbd.socket |
2914 | + dh_installsystemd -psystemd-homed --no-also systemd-homed.service systemd-homed-activate.service |
2915 | + dh_installsystemd -psystemd-resolved |
2916 | |
2917 | override_dh_installsystemduser: |
2918 | |
2919 | -PROJECT_VERSION ?= $(shell awk '/(PROJECT|PACKAGE)_VERSION/ {print $$3}' build-deb/config.h | tr -d \") |
2920 | +PROJECT_VERSION ?= $(shell awk '/(PROJECT|PACKAGE)_VERSION/ {print $$3}' obj-$(DEB_HOST_GNU_TYPE)/config.h | tr -d \") |
2921 | |
2922 | # The SysV compat tools (which are symlinks to systemctl) are |
2923 | # quasi-essential, so add their dependencies to Pre-Depends |
2924 | # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753589 |
2925 | override_dh_shlibdeps: |
2926 | - dh_shlibdeps -psystemd -llib/systemd/ -- \ |
2927 | + dh_shlibdeps -psystemd -Llibsystemd-shared -- \ |
2928 | -dPre-Depends -edebian/systemd/bin/systemctl \ |
2929 | -dDepends |
2930 | - dh_shlibdeps --remaining-packages -Lsystemd |
2931 | + dh_shlibdeps -plibsystemd-shared -lusr/lib/$(DEB_HOST_MULTIARCH)/systemd |
2932 | + dh_shlibdeps --remaining-packages -Llibsystemd-shared |
2933 | |
2934 | override_dh_makeshlibs: |
2935 | sed 's/SHARED_LIB_VERSION/$(PROJECT_VERSION)/' debian/shlibs.local.in > debian/shlibs.local |
2936 | dh_makeshlibs -plibudev1 --add-udeb=libudev1-udeb -- -c$(GENSYMBOLS_LEVEL) |
2937 | - dh_makeshlibs -psystemd -Xlibsystemd-shared -Xlibsystemd-core -- -c$(GENSYMBOLS_LEVEL) |
2938 | + dh_makeshlibs -plibsystemd-shared -Xlibsystemd-shared -Xlibsystemd-core -- -c$(GENSYMBOLS_LEVEL) |
2939 | dh_makeshlibs --remaining-packages -- -c$(GENSYMBOLS_LEVEL) |
2940 | |
2941 | override_dh_auto_test: |
2942 | ifeq (, $(filter nocheck, $(DEB_BUILD_OPTIONS))) |
2943 | - echo "01234567890123456789012345678901" > build-deb/machine-id |
2944 | + echo "01234567890123456789012345678901" > obj-$(DEB_HOST_GNU_TYPE)/machine-id |
2945 | # some tests hang under fakeroot, so disable fakeroot |
2946 | - env -u LD_PRELOAD SYSTEMD_MACHINE_ID_PATH=$(CURDIR)/build-deb/machine-id meson test -C build-deb --print-errorlogs $(TEST_TIMEOUT_MULTIPLIER) |
2947 | + env -u LD_PRELOAD SYSTEMD_MACHINE_ID_PATH=$(CURDIR)/obj-$(DEB_HOST_GNU_TYPE)/machine-id meson test -C obj-$(DEB_HOST_GNU_TYPE) --print-errorlogs $(TEST_TIMEOUT_MULTIPLIER) |
2948 | endif |
2949 | |
2950 | %: |
2951 | diff --git a/debian/shlibs.local.in b/debian/shlibs.local.in |
2952 | index 3a5cc0d..085835d 100644 |
2953 | --- a/debian/shlibs.local.in |
2954 | +++ b/debian/shlibs.local.in |
2955 | @@ -1,4 +1,4 @@ |
2956 | udeb: libudev 1 libudev1-udeb |
2957 | libsystemd 0 libsystemd0 (= ${binary:Version}) |
2958 | -libsystemd-shared SHARED_LIB_VERSION systemd (= ${binary:Version}) |
2959 | -libsystemd-core SHARED_LIB_VERSION systemd (= ${binary:Version}) |
2960 | +libsystemd-shared SHARED_LIB_VERSION libsystemd-shared (= ${binary:Version}) |
2961 | +libsystemd-core SHARED_LIB_VERSION libsystemd-shared (= ${binary:Version}) |
2962 | diff --git a/debian/systemd-boot-efi.install b/debian/systemd-boot-efi.install |
2963 | new file mode 100644 |
2964 | index 0000000..1cb75d0 |
2965 | --- /dev/null |
2966 | +++ b/debian/systemd-boot-efi.install |
2967 | @@ -0,0 +1 @@ |
2968 | +usr/lib/systemd/boot/ |
2969 | diff --git a/debian/systemd-boot-efi.lintian-overrides b/debian/systemd-boot-efi.lintian-overrides |
2970 | new file mode 100644 |
2971 | index 0000000..79067b8 |
2972 | --- /dev/null |
2973 | +++ b/debian/systemd-boot-efi.lintian-overrides |
2974 | @@ -0,0 +1,6 @@ |
2975 | +# Not a shared library |
2976 | +systemd-boot-efi: shared-library-lacks-prerequisites |
2977 | +# PE-COFF EFI binaries, false positives |
2978 | +systemd-boot-efi: executable-not-elf-or-script |
2979 | +# These are EFI binaries, not libraries, they all ship in /usr/lib/systemd/boot |
2980 | +systemd-boot-efi: arch-dependent-file-not-in-arch-specific-directory |
2981 | diff --git a/debian/systemd-boot-efi.manpages b/debian/systemd-boot-efi.manpages |
2982 | new file mode 100644 |
2983 | index 0000000..4af7d86 |
2984 | --- /dev/null |
2985 | +++ b/debian/systemd-boot-efi.manpages |
2986 | @@ -0,0 +1 @@ |
2987 | +usr/share/man/man7/*.efi.stub.7 |
2988 | diff --git a/debian/systemd-boot.install b/debian/systemd-boot.install |
2989 | new file mode 100644 |
2990 | index 0000000..29cd23b |
2991 | --- /dev/null |
2992 | +++ b/debian/systemd-boot.install |
2993 | @@ -0,0 +1,10 @@ |
2994 | +lib/systemd/systemd-bless-boot |
2995 | +lib/systemd/system-generators/systemd-bless-boot-generator |
2996 | +lib/systemd/system/sysinit.target.wants/systemd-boot-system-token.service |
2997 | +lib/systemd/system/systemd-bless-boot.service |
2998 | +lib/systemd/system/systemd-boot-system-token.service |
2999 | +lib/systemd/system/systemd-boot-update.service |
3000 | +usr/bin/bootctl |
3001 | +usr/share/bash-completion/completions/bootctl |
3002 | +../extra/initramfs etc/ |
3003 | +../extra/kernel etc/ |
3004 | diff --git a/debian/systemd-boot.lintian-overrides b/debian/systemd-boot.lintian-overrides |
3005 | new file mode 100644 |
3006 | index 0000000..9a3c32a |
3007 | --- /dev/null |
3008 | +++ b/debian/systemd-boot.lintian-overrides |
3009 | @@ -0,0 +1,3 @@ |
3010 | +# Lintian is really bad at associating manpages |
3011 | +systemd-boot: spare-manual-page |
3012 | +systemd-boot: package-supports-alternative-init-but-no-init.d-script |
3013 | diff --git a/debian/systemd-boot.manpages b/debian/systemd-boot.manpages |
3014 | new file mode 100644 |
3015 | index 0000000..e9c96fd |
3016 | --- /dev/null |
3017 | +++ b/debian/systemd-boot.manpages |
3018 | @@ -0,0 +1,8 @@ |
3019 | +usr/share/man/man1/bootctl.1 |
3020 | +usr/share/man/man5/loader.conf.5 |
3021 | +usr/share/man/man7/sd-boot.7 |
3022 | +usr/share/man/man7/systemd-boot.7 |
3023 | +usr/share/man/man8/systemd-bless-boot.8 |
3024 | +usr/share/man/man8/systemd-bless-boot-generator.8 |
3025 | +usr/share/man/man8/systemd-bless-boot.service.8 |
3026 | +usr/share/man/man8/systemd-boot-system-token.service.8 |
3027 | diff --git a/debian/systemd-container.install b/debian/systemd-container.install |
3028 | index a092998..0d0a86c 100644 |
3029 | --- a/debian/systemd-container.install |
3030 | +++ b/debian/systemd-container.install |
3031 | @@ -27,12 +27,6 @@ usr/share/dbus-1/system.d/org.freedesktop.portable1.conf |
3032 | usr/share/dbus-1/system-services/org.freedesktop.import1.service |
3033 | usr/share/dbus-1/system-services/org.freedesktop.machine1.service |
3034 | usr/share/dbus-1/system-services/org.freedesktop.portable1.service |
3035 | -usr/share/man/man*/*nspawn* |
3036 | -usr/share/man/man*/machinectl* |
3037 | -usr/share/man/man*/portablectl* |
3038 | -usr/share/man/man*/systemd-dissect* |
3039 | -usr/share/man/man*/systemd-machined* |
3040 | -usr/share/man/man*/systemd-portabled* |
3041 | usr/share/polkit-1/actions/org.freedesktop.import1.policy |
3042 | usr/share/polkit-1/actions/org.freedesktop.machine1.policy |
3043 | usr/share/polkit-1/actions/org.freedesktop.portable1.policy |
3044 | diff --git a/debian/systemd-container.manpages b/debian/systemd-container.manpages |
3045 | new file mode 100644 |
3046 | index 0000000..c09a172 |
3047 | --- /dev/null |
3048 | +++ b/debian/systemd-container.manpages |
3049 | @@ -0,0 +1,6 @@ |
3050 | +usr/share/man/man*/*nspawn* |
3051 | +usr/share/man/man*/machinectl* |
3052 | +usr/share/man/man*/portablectl* |
3053 | +usr/share/man/man*/systemd-dissect* |
3054 | +usr/share/man/man*/systemd-machined* |
3055 | +usr/share/man/man*/systemd-portabled* |
3056 | diff --git a/debian/systemd-coredump.install b/debian/systemd-coredump.install |
3057 | index e3c3245..730a98c 100644 |
3058 | --- a/debian/systemd-coredump.install |
3059 | +++ b/debian/systemd-coredump.install |
3060 | @@ -5,8 +5,5 @@ lib/systemd/system/*/systemd-coredump* |
3061 | usr/bin/coredumpctl |
3062 | usr/lib/sysctl.d/50-coredump.conf |
3063 | usr/lib/sysusers.d/systemd-coredump.conf |
3064 | -usr/share/man/man1/coredumpctl* |
3065 | -usr/share/man/man5/coredump.conf* |
3066 | -usr/share/man/man8/systemd-coredump* |
3067 | usr/share/bash-completion/completions/coredumpctl |
3068 | usr/share/zsh/vendor-completions/_coredumpctl |
3069 | diff --git a/debian/systemd-coredump.manpages b/debian/systemd-coredump.manpages |
3070 | new file mode 100644 |
3071 | index 0000000..5e7573e |
3072 | --- /dev/null |
3073 | +++ b/debian/systemd-coredump.manpages |
3074 | @@ -0,0 +1,3 @@ |
3075 | +usr/share/man/man1/coredumpctl* |
3076 | +usr/share/man/man5/coredump.conf* |
3077 | +usr/share/man/man8/systemd-coredump* |
3078 | diff --git a/debian/systemd-homed.install b/debian/systemd-homed.install |
3079 | new file mode 100644 |
3080 | index 0000000..b8357a3 |
3081 | --- /dev/null |
3082 | +++ b/debian/systemd-homed.install |
3083 | @@ -0,0 +1,11 @@ |
3084 | +etc/systemd/homed.conf |
3085 | +lib/*/security/pam_systemd_home.so |
3086 | +lib/systemd/systemd-homed |
3087 | +lib/systemd/systemd-homework |
3088 | +lib/systemd/system/systemd-homed.service |
3089 | +lib/systemd/system/systemd-homed-activate.service |
3090 | +usr/bin/homectl |
3091 | +usr/share/dbus-1/*/*home* |
3092 | +usr/share/polkit-1/actions/org.freedesktop.home1.policy |
3093 | +usr/share/bash-completion/completions/homectl |
3094 | +../extra/pam-configs/systemd-homed usr/share/pam-configs/ |
3095 | diff --git a/debian/systemd-homed.lintian-overrides b/debian/systemd-homed.lintian-overrides |
3096 | new file mode 100644 |
3097 | index 0000000..51274e4 |
3098 | --- /dev/null |
3099 | +++ b/debian/systemd-homed.lintian-overrides |
3100 | @@ -0,0 +1,5 @@ |
3101 | +# Lintian is really bad at associating manpages |
3102 | +systemd-homed: spare-manual-page |
3103 | +# False positive: Lintian doesn't recognize Also= |
3104 | +systemd-homed: systemd-service-file-refers-to-unusual-wantedby-target |
3105 | +systemd-homed: package-supports-alternative-init-but-no-init.d-script |
3106 | diff --git a/debian/systemd-homed.manpages b/debian/systemd-homed.manpages |
3107 | new file mode 100644 |
3108 | index 0000000..4696f75 |
3109 | --- /dev/null |
3110 | +++ b/debian/systemd-homed.manpages |
3111 | @@ -0,0 +1 @@ |
3112 | +usr/share/man/man*/*home* |
3113 | diff --git a/debian/systemd-homed.postinst b/debian/systemd-homed.postinst |
3114 | new file mode 100644 |
3115 | index 0000000..7e37590 |
3116 | --- /dev/null |
3117 | +++ b/debian/systemd-homed.postinst |
3118 | @@ -0,0 +1,7 @@ |
3119 | +#!/bin/sh |
3120 | + |
3121 | +set -e |
3122 | + |
3123 | +pam-auth-update --package |
3124 | + |
3125 | +#DEBHELPER# |
3126 | diff --git a/debian/systemd-homed.prerm b/debian/systemd-homed.prerm |
3127 | new file mode 100644 |
3128 | index 0000000..0dd38b0 |
3129 | --- /dev/null |
3130 | +++ b/debian/systemd-homed.prerm |
3131 | @@ -0,0 +1,20 @@ |
3132 | +#!/bin/sh |
3133 | + |
3134 | +set -e |
3135 | + |
3136 | +# pam-auth-update --remove removes the named profile from the active config. |
3137 | +# It arguably should be called during deconfigure as well, but deconfigure |
3138 | +# can happen in some cases during a dist-upgrade and we don't want to |
3139 | +# deconfigure all PAM modules in the middle of a dist-upgrade by accident. |
3140 | +# |
3141 | +# More importantly, with the current implementation, --remove also removes |
3142 | +# all local preferences for the named config (such as whether it's enabled |
3143 | +# or disabled), which we don't want to do on deconfigure. |
3144 | +# |
3145 | +# This may need to change later as pam-auth-update evolves. |
3146 | + |
3147 | +if [ "$1" = remove ] && [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then |
3148 | + pam-auth-update --package --remove systemd-homed |
3149 | +fi |
3150 | + |
3151 | +#DEBHELPER# |
3152 | diff --git a/debian/systemd-journal-remote.install b/debian/systemd-journal-remote.install |
3153 | index 188628b..f187d8f 100644 |
3154 | --- a/debian/systemd-journal-remote.install |
3155 | +++ b/debian/systemd-journal-remote.install |
3156 | @@ -2,10 +2,6 @@ |
3157 | etc/systemd/journal-upload.conf |
3158 | lib/systemd/systemd-journal-upload |
3159 | lib/systemd/system/systemd-journal-upload.service |
3160 | -usr/share/man/man5/journal-upload.conf.d.5 |
3161 | -usr/share/man/man5/journal-upload.conf.5 |
3162 | -usr/share/man/man8/systemd-journal-upload.8 |
3163 | -usr/share/man/man8/systemd-journal-upload.service.8 |
3164 | |
3165 | # systemd-journal-remote |
3166 | etc/systemd/journal-remote.conf |
3167 | @@ -13,17 +9,9 @@ lib/systemd/systemd-journal-remote |
3168 | lib/systemd/system/systemd-journal-remote.service |
3169 | lib/systemd/system/systemd-journal-remote.socket |
3170 | usr/lib/sysusers.d/systemd-remote.conf |
3171 | -usr/share/man/man5/journal-remote.conf.d.5 |
3172 | -usr/share/man/man5/journal-remote.conf.5 |
3173 | -usr/share/man/man8/systemd-journal-remote.service.8 |
3174 | -usr/share/man/man8/systemd-journal-remote.socket.8 |
3175 | -usr/share/man/man8/systemd-journal-remote.8 |
3176 | |
3177 | # systemd-journal-gatewayd |
3178 | lib/systemd/systemd-journal-gatewayd |
3179 | lib/systemd/system/systemd-journal-gatewayd.service |
3180 | lib/systemd/system/systemd-journal-gatewayd.socket |
3181 | usr/share/systemd/gatewayd/ |
3182 | -usr/share/man/man8/systemd-journal-gatewayd.service.8 |
3183 | -usr/share/man/man8/systemd-journal-gatewayd.socket.8 |
3184 | -usr/share/man/man8/systemd-journal-gatewayd.8 |
3185 | diff --git a/debian/systemd-journal-remote.manpages b/debian/systemd-journal-remote.manpages |
3186 | new file mode 100644 |
3187 | index 0000000..55ede14 |
3188 | --- /dev/null |
3189 | +++ b/debian/systemd-journal-remote.manpages |
3190 | @@ -0,0 +1,12 @@ |
3191 | +usr/share/man/man5/journal-upload.conf.d.5 |
3192 | +usr/share/man/man5/journal-upload.conf.5 |
3193 | +usr/share/man/man8/systemd-journal-upload.8 |
3194 | +usr/share/man/man8/systemd-journal-upload.service.8 |
3195 | +usr/share/man/man5/journal-remote.conf.d.5 |
3196 | +usr/share/man/man5/journal-remote.conf.5 |
3197 | +usr/share/man/man8/systemd-journal-remote.service.8 |
3198 | +usr/share/man/man8/systemd-journal-remote.socket.8 |
3199 | +usr/share/man/man8/systemd-journal-remote.8 |
3200 | +usr/share/man/man8/systemd-journal-gatewayd.service.8 |
3201 | +usr/share/man/man8/systemd-journal-gatewayd.socket.8 |
3202 | +usr/share/man/man8/systemd-journal-gatewayd.8 |
3203 | diff --git a/debian/systemd-oomd.install b/debian/systemd-oomd.install |
3204 | index f9f6686..7bbe7cd 100644 |
3205 | --- a/debian/systemd-oomd.install |
3206 | +++ b/debian/systemd-oomd.install |
3207 | @@ -8,6 +8,5 @@ lib/systemd/system/systemd-oomd.socket |
3208 | usr/bin/oomctl |
3209 | usr/lib/sysusers.d/systemd-oom.conf |
3210 | usr/share/dbus-1/*/*oom* |
3211 | -usr/share/man/man*/*oom* |
3212 | usr/share/bash-completion/completions/oomctl |
3213 | usr/share/zsh/vendor-completions/_oomctl |
3214 | diff --git a/debian/systemd-oomd.manpages b/debian/systemd-oomd.manpages |
3215 | new file mode 100644 |
3216 | index 0000000..b1f4970 |
3217 | --- /dev/null |
3218 | +++ b/debian/systemd-oomd.manpages |
3219 | @@ -0,0 +1 @@ |
3220 | +usr/share/man/man*/*oom* |
3221 | diff --git a/debian/systemd-resolved.install b/debian/systemd-resolved.install |
3222 | new file mode 100644 |
3223 | index 0000000..6d7241d |
3224 | --- /dev/null |
3225 | +++ b/debian/systemd-resolved.install |
3226 | @@ -0,0 +1,13 @@ |
3227 | +/sbin/resolvconf |
3228 | +/etc/systemd/resolved.conf |
3229 | +/lib/systemd/systemd-resolved |
3230 | +/lib/systemd/system/systemd-resolved.service |
3231 | +/usr/bin/resolvectl |
3232 | +/usr/lib/sysusers.d/systemd-resolve.conf |
3233 | +/usr/lib/tmpfiles.d/systemd-resolve.conf |
3234 | +/usr/share/bash-completion/completions/resolvectl |
3235 | +/usr/share/bash-completion/completions/systemd-resolve |
3236 | +/usr/share/dbus-1/system.d/org.freedesktop.resolve1.conf |
3237 | +/usr/share/dbus-1/system-services/org.freedesktop.resolve1.service |
3238 | +/usr/share/polkit-1/actions/org.freedesktop.resolve1.policy |
3239 | +/usr/share/zsh/vendor-completions/_resolvectl |
3240 | diff --git a/debian/systemd-resolved.links b/debian/systemd-resolved.links |
3241 | new file mode 100644 |
3242 | index 0000000..63b933a |
3243 | --- /dev/null |
3244 | +++ b/debian/systemd-resolved.links |
3245 | @@ -0,0 +1 @@ |
3246 | +/run/systemd/resolve/stub-resolv.conf /etc/resolv.conf |
3247 | diff --git a/debian/systemd-resolved.lintian-overrides b/debian/systemd-resolved.lintian-overrides |
3248 | new file mode 100644 |
3249 | index 0000000..459af93 |
3250 | --- /dev/null |
3251 | +++ b/debian/systemd-resolved.lintian-overrides |
3252 | @@ -0,0 +1,3 @@ |
3253 | +# Lintian is really bad at associating manpages |
3254 | +systemd-resolved: spare-manual-page |
3255 | +systemd-resolved: package-supports-alternative-init-but-no-init.d-script |
3256 | diff --git a/debian/systemd-resolved.manpages b/debian/systemd-resolved.manpages |
3257 | new file mode 100644 |
3258 | index 0000000..2933665 |
3259 | --- /dev/null |
3260 | +++ b/debian/systemd-resolved.manpages |
3261 | @@ -0,0 +1,4 @@ |
3262 | +usr/share/man/man1/resolv* |
3263 | +usr/share/man/man5/org.freedesktop.resolve1* |
3264 | +usr/share/man/man5/resolved.conf.* |
3265 | +usr/share/man/man8/systemd-resolved.* |
3266 | diff --git a/debian/systemd-resolved.postinst b/debian/systemd-resolved.postinst |
3267 | new file mode 100644 |
3268 | index 0000000..17ab957 |
3269 | --- /dev/null |
3270 | +++ b/debian/systemd-resolved.postinst |
3271 | @@ -0,0 +1,28 @@ |
3272 | +#!/bin/sh |
3273 | + |
3274 | +set -e |
3275 | + |
3276 | +_adopt_conffile() { |
3277 | + conffile=$1 |
3278 | + pkg=$2 |
3279 | + |
3280 | + [ -f ${conffile}.dpkg-bak ] || return 0 |
3281 | + |
3282 | + md5sum="$(md5sum ${conffile} | sed -e 's/ .*//')" |
3283 | + old_md5sum="$(dpkg-query -W -f='${Conffiles}' $pkg | \ |
3284 | + sed -n -e "\' ${conffile} ' { s/ obsolete$//; s/.* //; p }")" |
3285 | + # On new installs, if the policy file was preserved on systemd upgrade |
3286 | + # by dpkg-maintscript helper, copy it back if the new file has not been modified yet |
3287 | + if [ "$md5sum" = "$old_md5sum" ]; then |
3288 | + mv ${conffile}.dpkg-bak ${conffile} |
3289 | + fi |
3290 | +} |
3291 | + |
3292 | + |
3293 | +if [ "$1" = configure ] && [ -z "$2" ]; then |
3294 | + adduser --quiet --system --group --no-create-home --home /run/systemd \ |
3295 | + --gecos "systemd Resolver" systemd-resolve |
3296 | + _adopt_conffile /etc/systemd/resolved.conf systemd-resolved |
3297 | +fi |
3298 | + |
3299 | +#DEBHELPER# |
3300 | diff --git a/debian/systemd-standalone-sysusers.manpages b/debian/systemd-standalone-sysusers.manpages |
3301 | new file mode 100644 |
3302 | index 0000000..daaab6a |
3303 | --- /dev/null |
3304 | +++ b/debian/systemd-standalone-sysusers.manpages |
3305 | @@ -0,0 +1 @@ |
3306 | +usr/share/man/man8/systemd-sysusers.8 |
3307 | diff --git a/debian/systemd-standalone-tmpfiles.manpages b/debian/systemd-standalone-tmpfiles.manpages |
3308 | new file mode 100644 |
3309 | index 0000000..d90ac8f |
3310 | --- /dev/null |
3311 | +++ b/debian/systemd-standalone-tmpfiles.manpages |
3312 | @@ -0,0 +1 @@ |
3313 | +usr/share/man/man8/systemd-tmpfiles.8 |
3314 | diff --git a/debian/systemd-sysv.install b/debian/systemd-sysv.install |
3315 | index 9c104a9..34e4528 100644 |
3316 | --- a/debian/systemd-sysv.install |
3317 | +++ b/debian/systemd-sysv.install |
3318 | @@ -1,10 +1,3 @@ |
3319 | -usr/share/man/man1/init.1 |
3320 | -usr/share/man/man8/telinit.8 |
3321 | -usr/share/man/man8/runlevel.8 |
3322 | -usr/share/man/man8/shutdown.8 |
3323 | -usr/share/man/man8/poweroff.8 |
3324 | -usr/share/man/man8/reboot.8 |
3325 | -usr/share/man/man8/halt.8 |
3326 | sbin/init |
3327 | sbin/telinit |
3328 | sbin/runlevel |
3329 | diff --git a/debian/systemd-sysv.manpages b/debian/systemd-sysv.manpages |
3330 | new file mode 100644 |
3331 | index 0000000..0a949c9 |
3332 | --- /dev/null |
3333 | +++ b/debian/systemd-sysv.manpages |
3334 | @@ -0,0 +1,7 @@ |
3335 | +usr/share/man/man1/init.1 |
3336 | +usr/share/man/man8/telinit.8 |
3337 | +usr/share/man/man8/runlevel.8 |
3338 | +usr/share/man/man8/shutdown.8 |
3339 | +usr/share/man/man8/poweroff.8 |
3340 | +usr/share/man/man8/reboot.8 |
3341 | +usr/share/man/man8/halt.8 |
3342 | diff --git a/debian/systemd-timesyncd.install b/debian/systemd-timesyncd.install |
3343 | index 7090dba..a5be5b5 100644 |
3344 | --- a/debian/systemd-timesyncd.install |
3345 | +++ b/debian/systemd-timesyncd.install |
3346 | @@ -4,5 +4,4 @@ lib/systemd/systemd-timesyncd |
3347 | lib/systemd/system/systemd-timesyncd.service |
3348 | usr/lib/sysusers.d/systemd-timesync.conf |
3349 | usr/share/dbus-1/*/*timesync* |
3350 | -usr/share/man/man*/*timesyncd* |
3351 | ../extra/dhclient-exit-hooks.d/ etc/dhcp/ |
3352 | diff --git a/debian/systemd-timesyncd.manpages b/debian/systemd-timesyncd.manpages |
3353 | new file mode 100644 |
3354 | index 0000000..b77577f |
3355 | --- /dev/null |
3356 | +++ b/debian/systemd-timesyncd.manpages |
3357 | @@ -0,0 +1 @@ |
3358 | +usr/share/man/man*/*timesyncd* |
3359 | diff --git a/debian/systemd-userdbd.install b/debian/systemd-userdbd.install |
3360 | new file mode 100644 |
3361 | index 0000000..c40ee43 |
3362 | --- /dev/null |
3363 | +++ b/debian/systemd-userdbd.install |
3364 | @@ -0,0 +1,5 @@ |
3365 | +lib/systemd/systemd-userdbd |
3366 | +lib/systemd/systemd-userwork |
3367 | +lib/systemd/system/systemd-userdbd.service |
3368 | +lib/systemd/system/systemd-userdbd.socket |
3369 | +usr/bin/userdbctl |
3370 | diff --git a/debian/systemd-userdbd.lintian-overrides b/debian/systemd-userdbd.lintian-overrides |
3371 | new file mode 100644 |
3372 | index 0000000..f834679 |
3373 | --- /dev/null |
3374 | +++ b/debian/systemd-userdbd.lintian-overrides |
3375 | @@ -0,0 +1,3 @@ |
3376 | +# Lintian is really bad at associating manpages |
3377 | +systemd-userdbd: spare-manual-page |
3378 | +systemd-userdbd: package-supports-alternative-init-but-no-init.d-script |
3379 | diff --git a/debian/systemd-userdbd.manpages b/debian/systemd-userdbd.manpages |
3380 | new file mode 100644 |
3381 | index 0000000..95d4d26 |
3382 | --- /dev/null |
3383 | +++ b/debian/systemd-userdbd.manpages |
3384 | @@ -0,0 +1 @@ |
3385 | +usr/share/man/man*/*userdb* |
3386 | diff --git a/debian/systemd.NEWS b/debian/systemd.NEWS |
3387 | index 4003182..100a1df 100644 |
3388 | --- a/debian/systemd.NEWS |
3389 | +++ b/debian/systemd.NEWS |
3390 | @@ -1,3 +1,24 @@ |
3391 | +systemd (251.3-2) unstable; urgency=medium |
3392 | + |
3393 | + systemd-resolved has been split into a separate package. |
3394 | + This new systemd-resolved package will not be installed automatically on |
3395 | + upgrades. If you are using systemd-resolved, please install this new |
3396 | + package manually. |
3397 | + |
3398 | + -- Luca Boccassi <bluca@debian.org> Thu, 05 Aug 2022 20:26:12 +0100 |
3399 | + |
3400 | +systemd (251.2-3) unstable; urgency=medium |
3401 | + |
3402 | + systemd-boot has been split into a separate package. |
3403 | + This new systemd-boot package will not be installed automatically on |
3404 | + upgrades. If you are using systemd-boot, please install this new |
3405 | + package manually. |
3406 | + |
3407 | + The default boot loader in Debian is grub2. If you have not set up |
3408 | + systemd-boot manually, no action is required on your side. |
3409 | + |
3410 | + -- Michael Biebl <biebl@debian.org> Wed, 08 Jun 2022 21:49:47 +0200 |
3411 | + |
3412 | systemd (251.1-1) unstable; urgency=medium |
3413 | |
3414 | systemd-journal-gatewayd and systemd-journal-remote are now built |
3415 | diff --git a/debian/systemd.install b/debian/systemd.install |
3416 | index c2e5c69..f5547d0 100644 |
3417 | --- a/debian/systemd.install |
3418 | +++ b/debian/systemd.install |
3419 | @@ -14,14 +14,9 @@ usr/lib/sysctl.d/ |
3420 | usr/lib/sysusers.d/basic.conf |
3421 | usr/lib/sysusers.d/systemd-journal.conf |
3422 | usr/lib/sysusers.d/systemd-network.conf |
3423 | -usr/lib/sysusers.d/systemd-resolve.conf |
3424 | usr/lib/systemd/ |
3425 | usr/lib/tmpfiles.d/ |
3426 | usr/lib/kernel |
3427 | -usr/share/man/man1/ |
3428 | -usr/share/man/man5/ |
3429 | -usr/share/man/man7/ |
3430 | -usr/share/man/man8/ |
3431 | usr/share/bash-completion/ |
3432 | usr/share/zsh/vendor-completions/ |
3433 | usr/share/dbus-1/ |
3434 | diff --git a/debian/systemd.lintian-overrides b/debian/systemd.lintian-overrides |
3435 | index 1c2a8f2..5159e2c 100644 |
3436 | --- a/debian/systemd.lintian-overrides |
3437 | +++ b/debian/systemd.lintian-overrides |
3438 | @@ -15,12 +15,5 @@ systemd: package-contains-empty-directory lib/systemd/system/runlevel4.target.wa |
3439 | systemd: package-contains-empty-directory lib/systemd/system/runlevel5.target.wants/ |
3440 | systemd: package-contains-empty-directory usr/lib/binfmt.d/ |
3441 | systemd: package-contains-empty-directory usr/lib/modules-load.d/ |
3442 | -# Not a shared library |
3443 | -systemd: shared-library-lacks-prerequisites usr/lib/systemd/boot/efi/linuxx64.elf.stub |
3444 | -# PE-COFF EFI binaries, false positives |
3445 | -systemd: executable-not-elf-or-script usr/lib/systemd/boot/efi/linuxx64.efi.stub |
3446 | -systemd: executable-not-elf-or-script usr/lib/systemd/boot/efi/systemd-bootx64.efi |
3447 | -# Intentional: value of config got in a release by mistake, needs to be kept |
3448 | -systemd: spelling-error-in-binary lib/systemd/libsystemd-shared-251.so anually annually |
3449 | # netlink keyword |
3450 | systemd: spelling-error-in-binary lib/systemd/systemd-networkd iif if |
3451 | diff --git a/debian/systemd.maintscript b/debian/systemd.maintscript |
3452 | index a4cd38d..e7fd0a1 100644 |
3453 | --- a/debian/systemd.maintscript |
3454 | +++ b/debian/systemd.maintscript |
3455 | @@ -2,3 +2,4 @@ rm_conffile /etc/dhcp/dhclient-exit-hooks.d/timesyncd 245.4-2~ |
3456 | rm_conffile /etc/systemd/timesyncd.conf 245.4-2~ |
3457 | rm_conffile /etc/dhcp/dhclient-enter-hooks.d/resolved 246-2ubuntu1~ |
3458 | rm_conffile /etc/pam.d/systemd-user 246.6-3~ |
3459 | +rm_conffile /etc/systemd/resolved.conf 251.3-2~ |
3460 | diff --git a/debian/systemd.manpages b/debian/systemd.manpages |
3461 | new file mode 100644 |
3462 | index 0000000..57f666f |
3463 | --- /dev/null |
3464 | +++ b/debian/systemd.manpages |
3465 | @@ -0,0 +1,4 @@ |
3466 | +usr/share/man/man1/* |
3467 | +usr/share/man/man5/* |
3468 | +usr/share/man/man7/* |
3469 | +usr/share/man/man8/* |
3470 | diff --git a/debian/systemd.postinst b/debian/systemd.postinst |
3471 | index 32fa7db..63e78ca 100644 |
3472 | --- a/debian/systemd.postinst |
3473 | +++ b/debian/systemd.postinst |
3474 | @@ -19,7 +19,7 @@ _update_binfmt() { |
3475 | # configuration ship a corresponding binfmt.d snippet yet. |
3476 | # Once this is the case, this additional safety check can be removed. |
3477 | if ! _systemctl -q is-active binfmt-support.service; then |
3478 | - _systemctl restart systemd-binfmt.service || true |
3479 | + _systemctl try-restart systemd-binfmt.service || true |
3480 | fi |
3481 | } |
3482 | |
3483 | @@ -84,8 +84,6 @@ addgroup --quiet --system systemd-journal |
3484 | |
3485 | adduser --quiet --system --group --no-create-home --home /run/systemd \ |
3486 | --gecos "systemd Network Management" systemd-network |
3487 | -adduser --quiet --system --group --no-create-home --home /run/systemd \ |
3488 | - --gecos "systemd Resolver" systemd-resolve |
3489 | |
3490 | # Enable persistent journal, in auto-mode, by default on new installs installs and upgrades |
3491 | if dpkg --compare-versions "$2" lt "235-3ubuntu3~"; then |
3492 | @@ -116,7 +114,6 @@ if [ -n "$2" ] && [ "$(systemctl is-system-running)" != "stopping" ]; then |
3493 | _systemctl stop systemd-networkd.socket || true |
3494 | fi |
3495 | _systemctl try-restart systemd-networkd.service || true |
3496 | - _systemctl try-restart systemd-resolved.service || true |
3497 | _systemctl try-restart systemd-journald.service || true |
3498 | fi |
3499 | |
3500 | diff --git a/debian/tests/control b/debian/tests/control |
3501 | index 56626f9..361abe0 100644 |
3502 | --- a/debian/tests/control |
3503 | +++ b/debian/tests/control |
3504 | @@ -37,6 +37,7 @@ Tests: networkd-test.py |
3505 | Tests-Directory: test |
3506 | Depends: systemd, |
3507 | udev, |
3508 | + systemd-resolved, |
3509 | libpam-systemd, |
3510 | libnss-systemd, |
3511 | acl, |
3512 | @@ -137,6 +138,8 @@ Depends: systemd-tests, |
3513 | systemd-coredump, |
3514 | systemd-timesyncd, |
3515 | systemd-oomd, |
3516 | + systemd-homed, |
3517 | + systemd-resolved, |
3518 | libnss-myhostname, |
3519 | libnss-mymachines, |
3520 | libnss-resolve, |
3521 | @@ -188,6 +191,7 @@ Depends: systemd-tests, |
3522 | swtpm, |
3523 | tpm2-tools, |
3524 | libgcc-s1, |
3525 | + openssl, |
3526 | Restrictions: needs-root, allow-stderr, isolation-machine |
3527 | |
3528 | Tests: boot-smoke |
3529 | diff --git a/debian/udev.install b/debian/udev.install |
3530 | index cb52122..adeb7ad 100644 |
3531 | --- a/debian/udev.install |
3532 | +++ b/debian/udev.install |
3533 | @@ -7,13 +7,6 @@ lib/systemd/systemd-udevd |
3534 | bin/udevadm |
3535 | bin/systemd-hwdb |
3536 | usr/lib/tmpfiles.d/static-nodes-permissions.conf |
3537 | -usr/share/man/man5/udev.conf.5 |
3538 | -usr/share/man/man5/systemd.link.5 |
3539 | -usr/share/man/man7/hwdb.7 |
3540 | -usr/share/man/man7/udev.7 |
3541 | -usr/share/man/man8/systemd-hwdb* |
3542 | -usr/share/man/man8/systemd-udevd* |
3543 | -usr/share/man/man8/udevadm.8 |
3544 | usr/share/bash-completion/completions/udevadm |
3545 | usr/share/zsh/vendor-completions/_udevadm |
3546 | usr/share/pkgconfig/udev.pc |
3547 | diff --git a/debian/udev.manpages b/debian/udev.manpages |
3548 | new file mode 100644 |
3549 | index 0000000..f55622c |
3550 | --- /dev/null |
3551 | +++ b/debian/udev.manpages |
3552 | @@ -0,0 +1,7 @@ |
3553 | +usr/share/man/man5/udev.conf.5 |
3554 | +usr/share/man/man5/systemd.link.5 |
3555 | +usr/share/man/man7/hwdb.7 |
3556 | +usr/share/man/man7/udev.7 |
3557 | +usr/share/man/man8/systemd-hwdb* |
3558 | +usr/share/man/man8/systemd-udevd* |
3559 | +usr/share/man/man8/udevadm.8 |
3560 | diff --git a/hwdb.d/70-analyzers.hwdb b/hwdb.d/70-analyzers.hwdb |
3561 | index 899ece3..0a19115 100644 |
3562 | --- a/hwdb.d/70-analyzers.hwdb |
3563 | +++ b/hwdb.d/70-analyzers.hwdb |
3564 | @@ -29,7 +29,6 @@ usb:v1679p3001* |
3565 | |
3566 | # Power Delivery Analyzers |
3567 | usb:v1679p6003* |
3568 | -usb:v0483pDF11* |
3569 | ID_SIGNAL_ANALYZER=1 |
3570 | |
3571 | ########################################################### |
3572 | diff --git a/man/journalctl.xml b/man/journalctl.xml |
3573 | index 424acc9..e226663 100644 |
3574 | --- a/man/journalctl.xml |
3575 | +++ b/man/journalctl.xml |
3576 | @@ -650,7 +650,7 @@ |
3577 | |
3578 | <listitem><para>If <replaceable>FILE</replaceable> exists and contains a |
3579 | cursor, start showing entries <emphasis>after</emphasis> this location. |
3580 | - Otherwise the show entries according the other given options. At the end, |
3581 | + Otherwise show entries according to the other given options. At the end, |
3582 | write the cursor of the last entry to <replaceable>FILE</replaceable>. Use |
3583 | this option to continually read the journal by sequentially calling |
3584 | <command>journalctl</command>.</para></listitem> |
3585 | diff --git a/man/os-release.xml b/man/os-release.xml |
3586 | index 875ac94..dd135d6 100644 |
3587 | --- a/man/os-release.xml |
3588 | +++ b/man/os-release.xml |
3589 | @@ -429,7 +429,7 @@ |
3590 | <listitem><para>Takes a space-separated list of one or more valid prefix match strings for the |
3591 | <ulink url="https://systemd.io/PORTABLE_SERVICES">Portable Services</ulink> logic. This field |
3592 | serves two purposes: it is informational, identifying portable service images as such (and thus |
3593 | - allowing them to be distinguished from other OS images, such as bootable system images). In is also |
3594 | + allowing them to be distinguished from other OS images, such as bootable system images). It is also |
3595 | used when a portable service image is attached: the specified or implied portable service prefix is |
3596 | checked against the list specified here, to enforce restrictions how images may be attached to a |
3597 | system.</para></listitem> |
3598 | diff --git a/man/pam_systemd_home.xml b/man/pam_systemd_home.xml |
3599 | index 906d1c1..9fa0e0a 100644 |
3600 | --- a/man/pam_systemd_home.xml |
3601 | +++ b/man/pam_systemd_home.xml |
3602 | @@ -17,8 +17,8 @@ |
3603 | |
3604 | <refnamediv> |
3605 | <refname>pam_systemd_home</refname> |
3606 | - <refpurpose>Automatically mount home directories managed by <filename>systemd-homed.service</filename> on |
3607 | - login, and unmount them on logout</refpurpose> |
3608 | + <refpurpose>Authenticate users and mount home directories via <filename>systemd-homed.service</filename> |
3609 | + </refpurpose> |
3610 | </refnamediv> |
3611 | |
3612 | <refsynopsisdiv> |
3613 | @@ -31,7 +31,11 @@ |
3614 | <para><command>pam_systemd_home</command> ensures that home directories managed by |
3615 | <citerefentry><refentrytitle>systemd-homed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
3616 | are automatically activated (mounted) on user login, and are deactivated (unmounted) when the last |
3617 | - session of the user ends.</para> |
3618 | + session of the user ends. For such users, it also provides authentication (when per-user disk encryption |
3619 | + is used, the disk encryption key is derived from the authentication credential supplied at login time), |
3620 | + account management (the <ulink url="https://systemd.io/USER_RECORD/">JSON user record</ulink> embedded in |
3621 | + the home store contains account details), and implements the updating of the encryption password (which |
3622 | + is also used for user authentication).</para> |
3623 | </refsect1> |
3624 | |
3625 | <refsect1> |
3626 | @@ -93,8 +97,13 @@ |
3627 | <refsect1> |
3628 | <title>Module Types Provided</title> |
3629 | |
3630 | - <para>The module provides all four management operations: <option>auth</option>, <option>account</option>, |
3631 | - <option>session</option>, <option>password</option>.</para> |
3632 | + <para>The module implements all four PAM operations: <option>auth</option> (reason: to allow |
3633 | + authentication using the encrypted data), <option>account</option> (reason: users with |
3634 | + <filename>systemd-homed.service</filename> user accounts are described in a <ulink |
3635 | + url="https://systemd.io/USER_RECORD/">JSON user record</ulink> and may be configured in more detail than |
3636 | + in the traditional Linux user database), <option>session</option> (user sessions must be tracked in order |
3637 | + to implement automatic release when the last session of the user is gone), <option>password</option> (to |
3638 | + change the encryption password — also used for user authentication — through PAM).</para> |
3639 | </refsect1> |
3640 | |
3641 | <refsect1> |
3642 | diff --git a/man/sd_notify.xml b/man/sd_notify.xml |
3643 | index 4a0a7b3..31388b9 100644 |
3644 | --- a/man/sd_notify.xml |
3645 | +++ b/man/sd_notify.xml |
3646 | @@ -272,13 +272,14 @@ |
3647 | <varlistentry> |
3648 | <term>BARRIER=1</term> |
3649 | |
3650 | - <listitem><para>Tells the service manager that the client is explicitly requesting synchronization by means of |
3651 | - closing the file descriptor sent with this command. The service manager guarantees that the processing of a <varname> |
3652 | - BARRIER=1</varname> command will only happen after all previous notification messages sent before this command |
3653 | - have been processed. Hence, this command accompanied with a single file descriptor can be used to synchronize |
3654 | - against reception of all previous status messages. Note that this command cannot be mixed with other notifications, |
3655 | - and has to be sent in a separate message to the service manager, otherwise all assignments will be ignored. Note that |
3656 | - sending 0 or more than 1 file descriptor with this command is a violation of the protocol.</para></listitem> |
3657 | + <listitem><para>Tells the service manager that the client is explicitly requesting synchronization by |
3658 | + means of closing the file descriptor sent with this command. The service manager guarantees that the |
3659 | + processing of a <varname>BARRIER=1</varname> command will only happen after all previous notification |
3660 | + messages sent before this command have been processed. Hence, this command accompanied with a single |
3661 | + file descriptor can be used to synchronize against reception of all previous status messages. Note |
3662 | + that this command cannot be mixed with other notifications, and has to be sent in a separate message |
3663 | + to the service manager, otherwise all assignments will be ignored. Note that sending 0 or more than 1 |
3664 | + file descriptor with this command is a violation of the protocol.</para></listitem> |
3665 | </varlistentry> |
3666 | </variablelist> |
3667 | |
3668 | @@ -341,7 +342,7 @@ |
3669 | |
3670 | <para><function>sd_notify_barrier()</function> allows the caller to |
3671 | synchronize against reception of previously sent notification messages |
3672 | - and uses the <literal>BARRIER=1</literal> command. It takes a relative |
3673 | + and uses the <varname>BARRIER=1</varname> command. It takes a relative |
3674 | <varname>timeout</varname> value in microseconds which is passed to |
3675 | <citerefentry><refentrytitle>ppoll</refentrytitle><manvolnum>2</manvolnum> |
3676 | </citerefentry>. A value of UINT64_MAX is interpreted as infinite timeout. |
3677 | diff --git a/man/system-or-user-ns.xml b/man/system-or-user-ns.xml |
3678 | index 01d1dd0..7a302d5 100644 |
3679 | --- a/man/system-or-user-ns.xml |
3680 | +++ b/man/system-or-user-ns.xml |
3681 | @@ -8,9 +8,9 @@ |
3682 | <refsect1> |
3683 | |
3684 | <para id="singular">This option is only available for system services, or for services running in per-user |
3685 | - instances of the service manager when unprivileged user namespaces are available.</para> |
3686 | + instances of the service manager when <varname>PrivateUsers=</varname> is enabled.</para> |
3687 | |
3688 | <para id="plural">These options are only available for system services, or for services running in per-user |
3689 | - instances of the service manager when unprivileged user namespaces are available.</para> |
3690 | + instances of the service manager when <varname>PrivateUsers=</varname> is enabled.</para> |
3691 | |
3692 | </refsect1> |
3693 | diff --git a/man/systemctl.xml b/man/systemctl.xml |
3694 | index 963eb9e..64af099 100644 |
3695 | --- a/man/systemctl.xml |
3696 | +++ b/man/systemctl.xml |
3697 | @@ -196,32 +196,31 @@ Sun 2017-02-26 20:57:49 EST 2h 3min left Sun 2017-02-26 11:56:36 EST 6h ago |
3698 | <option>-t</option>). If a PID is passed, show information |
3699 | about the unit the process belongs to.</para> |
3700 | |
3701 | - <para>This function is intended to generate human-readable |
3702 | - output. If you are looking for computer-parsable output, |
3703 | - use <command>show</command> instead. By default, this |
3704 | - function only shows 10 lines of output and ellipsizes |
3705 | - lines to fit in the terminal window. This can be changed |
3706 | - with <option>--lines</option> and <option>--full</option>, |
3707 | - see above. In addition, <command>journalctl |
3708 | - --unit=<replaceable>NAME</replaceable></command> or |
3709 | - <command>journalctl |
3710 | - --user-unit=<replaceable>NAME</replaceable></command> use |
3711 | - a similar filter for messages and might be more |
3712 | - convenient. |
3713 | - </para> |
3714 | - |
3715 | - <para>systemd implicitly loads units as necessary, so just running the <command>status</command> will |
3716 | - attempt to load a file. The command is thus not useful for determining if something was already loaded or |
3717 | - not. The units may possibly also be quickly unloaded after the operation is completed if there's no reason |
3718 | - to keep it in memory thereafter. |
3719 | - </para> |
3720 | + <para>This function is intended to generate human-readable output. If you are looking for |
3721 | + computer-parsable output, use <command>show</command> instead. By default, this function only |
3722 | + shows 10 lines of output and ellipsizes lines to fit in the terminal window. This can be changed |
3723 | + with <option>--lines</option> and <option>--full</option>, see above. In addition, |
3724 | + <command>journalctl --unit=<replaceable>NAME</replaceable></command> or <command>journalctl |
3725 | + --user-unit=<replaceable>NAME</replaceable></command> use a similar filter for messages and might |
3726 | + be more convenient.</para> |
3727 | + |
3728 | + <para>Note that this operation only displays <emphasis>runtime</emphasis> status, i.e. information about |
3729 | + the current invocation of the unit (if it is running) or the most recent invocation (if it is not |
3730 | + running anymore, and has not been released from memory). Information about earlier invocations, |
3731 | + invocations from previous system boots, or prior invocations that have already been released from |
3732 | + memory may be retrieved via <command>journalctl --unit=</command>.</para> |
3733 | + |
3734 | + <para>systemd implicitly loads units as necessary, so just running the <command>status</command> |
3735 | + will attempt to load a file. The command is thus not useful for determining if something was |
3736 | + already loaded or not. The units may possibly also be quickly unloaded after the operation is |
3737 | + completed if there's no reason to keep it in memory thereafter.</para> |
3738 | |
3739 | <example> |
3740 | <title>Example output from systemctl status </title> |
3741 | |
3742 | <programlisting>$ systemctl status bluetooth |
3743 | ● bluetooth.service - Bluetooth service |
3744 | - Loaded: loaded (/usr/lib/systemd/system/bluetooth.service; enabled; vendor preset: enabled) |
3745 | + Loaded: loaded (/usr/lib/systemd/system/bluetooth.service; enabled; preset: enabled) |
3746 | Active: active (running) since Wed 2017-01-04 13:54:04 EST; 1 weeks 0 days ago |
3747 | Docs: man:bluetoothd(8) |
3748 | Main PID: 930 (bluetoothd) |
3749 | @@ -237,29 +236,31 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: Current Time Service could not be |
3750 | Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output error (5) |
3751 | </programlisting> |
3752 | |
3753 | - <para>The dot ("●") uses color on supported terminals to summarize the unit state at a glance. Along with |
3754 | - its color, its shape varies according to its state: <literal>inactive</literal> or |
3755 | - <literal>maintenance</literal> is a white circle ("○"), <literal>active</literal> is a green dot ("●"), |
3756 | - <literal>deactivating</literal> is a white dot, <literal>failed</literal> or <literal>error</literal> is |
3757 | - a red cross ("×"), and <literal>reloading</literal> is a green clockwise circle arrow ("↻"). |
3758 | - </para> |
3759 | - |
3760 | - <para>The "Loaded:" line in the output will show <literal>loaded</literal> if the unit has been loaded into |
3761 | - memory. Other possible values for "Loaded:" include: <literal>error</literal> if there was a problem |
3762 | - loading it, <literal>not-found</literal> if no unit file was found for this unit, |
3763 | - <literal>bad-setting</literal> if an essential unit file setting could not be parsed and |
3764 | - <literal>masked</literal> if the unit file has been masked. Along with showing the path to the unit file, |
3765 | - this line will also show the enablement state. Enabled commands start at boot. See the full table of |
3766 | - possible enablement states — including the definition of <literal>masked</literal> — in the documentation |
3767 | - for the <command>is-enabled</command> command. |
3768 | + <para>The dot ("●") uses color on supported terminals to summarize the unit state at a |
3769 | + glance. Along with its color, its shape varies according to its state: |
3770 | + <literal>inactive</literal> or <literal>maintenance</literal> is a white circle ("○"), |
3771 | + <literal>active</literal> is a green dot ("●"), <literal>deactivating</literal> is a white dot, |
3772 | + <literal>failed</literal> or <literal>error</literal> is a red cross ("×"), and |
3773 | + <literal>reloading</literal> is a green clockwise circle arrow ("↻").</para> |
3774 | + |
3775 | + <para>The "Loaded:" line in the output will show <literal>loaded</literal> if the unit has been |
3776 | + loaded into memory. Other possible values for "Loaded:" include: <literal>error</literal> if |
3777 | + there was a problem loading it, <literal>not-found</literal> if no unit file was found for this |
3778 | + unit, <literal>bad-setting</literal> if an essential unit file setting could not be parsed and |
3779 | + <literal>masked</literal> if the unit file has been masked. Along with showing the path to the |
3780 | + unit file, this line will also show the enablement state. Enabled units are included in the |
3781 | + dependency network between units, and thus are started at boot or via some other form of |
3782 | + activation. See the full table of possible enablement states — including the definition of |
3783 | + <literal>masked</literal> — in the documentation for the <command>is-enabled</command> command. |
3784 | </para> |
3785 | |
3786 | <para>The "Active:" line shows active state. The value is usually <literal>active</literal> or |
3787 | - <literal>inactive</literal>. Active could mean started, bound, plugged in, etc depending on the unit type. |
3788 | - The unit could also be in process of changing states, reporting a state of <literal>activating</literal> or |
3789 | - <literal>deactivating</literal>. A special <literal>failed</literal> state is entered when the service |
3790 | - failed in some way, such as a crash, exiting with an error code or timing out. If the failed state is |
3791 | - entered the cause will be logged for later reference.</para> |
3792 | + <literal>inactive</literal>. Active could mean started, bound, plugged in, etc depending on the |
3793 | + unit type. The unit could also be in process of changing states, reporting a state of |
3794 | + <literal>activating</literal> or <literal>deactivating</literal>. A special |
3795 | + <literal>failed</literal> state is entered when the service failed in some way, such as a crash, |
3796 | + exiting with an error code or timing out. If the failed state is entered the cause will be logged |
3797 | + for later reference.</para> |
3798 | </example> |
3799 | |
3800 | </listitem> |
3801 | diff --git a/man/systemd-creds.xml b/man/systemd-creds.xml |
3802 | index d803b5c..7592961 100644 |
3803 | --- a/man/systemd-creds.xml |
3804 | +++ b/man/systemd-creds.xml |
3805 | @@ -172,7 +172,7 @@ |
3806 | <term><command>has-tpm2</command></term> |
3807 | |
3808 | <listitem><para>Reports whether the system is equipped with a TPM2 device usable for protecting |
3809 | - credentials. If the a TPM2 device has been discovered, is supported, and is being used by firmware, |
3810 | + credentials. If a TPM2 device has been discovered, is supported, and is being used by firmware, |
3811 | by the OS kernel drivers and by userspace (i.e. systemd) this prints <literal>yes</literal> and exits |
3812 | with exit status zero. If no such device is discovered/supported/used, prints |
3813 | <literal>no</literal>. Otherwise prints <literal>partial</literal>. In either of these two cases |
3814 | diff --git a/man/systemd-integritysetup-generator.xml b/man/systemd-integritysetup-generator.xml |
3815 | index 23eab01..44248b2 100644 |
3816 | --- a/man/systemd-integritysetup-generator.xml |
3817 | +++ b/man/systemd-integritysetup-generator.xml |
3818 | @@ -41,7 +41,7 @@ |
3819 | <para> |
3820 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
3821 | <citerefentry><refentrytitle>systemd-integritysetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
3822 | - <citerefentry project='die-net'><refentrytitle>integritysetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
3823 | + <citerefentry project='die-net'><refentrytitle>integritysetup</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
3824 | </para> |
3825 | </refsect1> |
3826 | |
3827 | diff --git a/man/systemd-sysctl.service.xml b/man/systemd-sysctl.service.xml |
3828 | index 751aa2b..ea81084 100644 |
3829 | --- a/man/systemd-sysctl.service.xml |
3830 | +++ b/man/systemd-sysctl.service.xml |
3831 | @@ -122,7 +122,7 @@ kernel.core_pattern = |/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t %P %I |
3832 | <para> |
3833 | <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
3834 | <citerefentry><refentrytitle>sysctl.d</refentrytitle><manvolnum>5</manvolnum></citerefentry>, |
3835 | - <citerefentry project='man-pages'><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
3836 | + <citerefentry project='man-pages'><refentrytitle>sysctl</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
3837 | </para> |
3838 | </refsect1> |
3839 | |
3840 | diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml |
3841 | index 50c5c89..daa2249 100644 |
3842 | --- a/man/systemd.exec.xml |
3843 | +++ b/man/systemd.exec.xml |
3844 | @@ -819,13 +819,13 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting> |
3845 | |
3846 | <listitem><para>Set soft and hard limits on various resources for executed processes. See |
3847 | <citerefentry><refentrytitle>setrlimit</refentrytitle><manvolnum>2</manvolnum></citerefentry> for |
3848 | - details on the resource limit concept. Resource limits may be specified in two formats: either as |
3849 | - single value to set a specific soft and hard limit to the same value, or as colon-separated pair |
3850 | - <option>soft:hard</option> to set both limits individually (e.g. <literal>LimitAS=4G:16G</literal>). |
3851 | - Use the string <option>infinity</option> to configure no limit on a specific resource. The |
3852 | - multiplicative suffixes K, M, G, T, P and E (to the base 1024) may be used for resource limits |
3853 | - measured in bytes (e.g. <literal>LimitAS=16G</literal>). For the limits referring to time values, the |
3854 | - usual time units ms, s, min, h and so on may be used (see |
3855 | + details on the process resource limit concept. Process resource limits may be specified in two formats: |
3856 | + either as single value to set a specific soft and hard limit to the same value, or as colon-separated |
3857 | + pair <option>soft:hard</option> to set both limits individually |
3858 | + (e.g. <literal>LimitAS=4G:16G</literal>). Use the string <option>infinity</option> to configure no |
3859 | + limit on a specific resource. The multiplicative suffixes K, M, G, T, P and E (to the base 1024) may |
3860 | + be used for resource limits measured in bytes (e.g. <literal>LimitAS=16G</literal>). For the limits |
3861 | + referring to time values, the usual time units ms, s, min, h and so on may be used (see |
3862 | <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> for |
3863 | details). Note that if no time unit is specified for <varname>LimitCPU=</varname> the default unit of |
3864 | seconds is implied, while for <varname>LimitRTTIME=</varname> the default unit of microseconds is |
3865 | @@ -875,15 +875,17 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting> |
3866 | <table> |
3867 | <title>Resource limit directives, their equivalent <command>ulimit</command> shell commands and the unit used</title> |
3868 | |
3869 | - <tgroup cols='3'> |
3870 | + <tgroup cols='4'> |
3871 | <colspec colname='directive' /> |
3872 | <colspec colname='equivalent' /> |
3873 | <colspec colname='unit' /> |
3874 | + <colspec colname='notes' /> |
3875 | <thead> |
3876 | <row> |
3877 | <entry>Directive</entry> |
3878 | <entry><command>ulimit</command> equivalent</entry> |
3879 | <entry>Unit</entry> |
3880 | + <entry>Notes</entry> |
3881 | </row> |
3882 | </thead> |
3883 | <tbody> |
3884 | @@ -891,81 +893,97 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting> |
3885 | <entry>LimitCPU=</entry> |
3886 | <entry>ulimit -t</entry> |
3887 | <entry>Seconds</entry> |
3888 | + <entry>-</entry> |
3889 | </row> |
3890 | <row> |
3891 | <entry>LimitFSIZE=</entry> |
3892 | <entry>ulimit -f</entry> |
3893 | <entry>Bytes</entry> |
3894 | + <entry>-</entry> |
3895 | </row> |
3896 | <row> |
3897 | <entry>LimitDATA=</entry> |
3898 | <entry>ulimit -d</entry> |
3899 | <entry>Bytes</entry> |
3900 | + <entry>Don't use. This limits the allowed address range, not memory use! Defaults to unlimited and should not be lowered. To limit memory use, see <varname>MemoryMax=</varname> in <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</entry> |
3901 | </row> |
3902 | <row> |
3903 | <entry>LimitSTACK=</entry> |
3904 | <entry>ulimit -s</entry> |
3905 | <entry>Bytes</entry> |
3906 | + <entry>-</entry> |
3907 | </row> |
3908 | <row> |
3909 | <entry>LimitCORE=</entry> |
3910 | <entry>ulimit -c</entry> |
3911 | <entry>Bytes</entry> |
3912 | + <entry>-</entry> |
3913 | </row> |
3914 | <row> |
3915 | <entry>LimitRSS=</entry> |
3916 | <entry>ulimit -m</entry> |
3917 | <entry>Bytes</entry> |
3918 | + <entry>Don't use. No effect on Linux.</entry> |
3919 | </row> |
3920 | <row> |
3921 | <entry>LimitNOFILE=</entry> |
3922 | <entry>ulimit -n</entry> |
3923 | <entry>Number of File Descriptors</entry> |
3924 | + <entry>Don't use. Be careful when raising the soft limit above 1024, since <function>select()</function> cannot function with file descriptors above 1023 on Linux. Nowadays, the hard limit defaults to 524288, a very high value compared to historical defaults. Typically applications should increase their soft limit to the hard limit on their own, if they are OK with working with file descriptors above 1023, i.e. do not use <function>select()</function>. Note that file descriptors are nowadays accounted like any other form of memory, thus there should not be any need to lower the hard limit. Use <varname>MemoryMax=</varname> to control overall service memory use, including file descriptor memory.</entry> |
3925 | </row> |
3926 | <row> |
3927 | <entry>LimitAS=</entry> |
3928 | <entry>ulimit -v</entry> |
3929 | <entry>Bytes</entry> |
3930 | + <entry>Don't use. This limits the allowed address range, not memory use! Defaults to unlimited and should not be lowered. To limit memory use, see <varname>MemoryMax=</varname> in <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</entry> |
3931 | </row> |
3932 | <row> |
3933 | <entry>LimitNPROC=</entry> |
3934 | <entry>ulimit -u</entry> |
3935 | <entry>Number of Processes</entry> |
3936 | + <entry>This limit is enforced based on the number of processes belonging to the user. Typically it's better to track processes per service, i.e. use <varname>TasksMax=</varname>, see <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</entry> |
3937 | </row> |
3938 | <row> |
3939 | <entry>LimitMEMLOCK=</entry> |
3940 | <entry>ulimit -l</entry> |
3941 | <entry>Bytes</entry> |
3942 | + <entry>-</entry> |
3943 | </row> |
3944 | <row> |
3945 | <entry>LimitLOCKS=</entry> |
3946 | <entry>ulimit -x</entry> |
3947 | <entry>Number of Locks</entry> |
3948 | + <entry>-</entry> |
3949 | </row> |
3950 | <row> |
3951 | <entry>LimitSIGPENDING=</entry> |
3952 | <entry>ulimit -i</entry> |
3953 | <entry>Number of Queued Signals</entry> |
3954 | + <entry>-</entry> |
3955 | </row> |
3956 | <row> |
3957 | <entry>LimitMSGQUEUE=</entry> |
3958 | <entry>ulimit -q</entry> |
3959 | <entry>Bytes</entry> |
3960 | + <entry>-</entry> |
3961 | </row> |
3962 | <row> |
3963 | <entry>LimitNICE=</entry> |
3964 | <entry>ulimit -e</entry> |
3965 | <entry>Nice Level</entry> |
3966 | + <entry>-</entry> |
3967 | </row> |
3968 | <row> |
3969 | <entry>LimitRTPRIO=</entry> |
3970 | <entry>ulimit -r</entry> |
3971 | <entry>Realtime Priority</entry> |
3972 | + <entry>-</entry> |
3973 | </row> |
3974 | <row> |
3975 | <entry>LimitRTTIME=</entry> |
3976 | - <entry>No equivalent</entry> |
3977 | + <entry>ulimit -R</entry> |
3978 | <entry>Microseconds</entry> |
3979 | + <entry>-</entry> |
3980 | </row> |
3981 | </tbody> |
3982 | </tgroup> |
3983 | @@ -2774,7 +2792,11 @@ SystemCallErrorNumber=EPERM</programlisting> |
3984 | writing text to stderr will not work. To mitigate this use the construct <command>echo "hello" |
3985 | >&2</command> instead, which is mostly equivalent and avoids this pitfall.</para> |
3986 | |
3987 | - <para>This setting defaults to the value set with <varname>DefaultStandardOutput=</varname> in |
3988 | + <para>If <varname>StandardInput=</varname> is set to one of <option>tty</option>, <option>tty-force</option>, |
3989 | + <option>tty-fail</option>, <option>socket</option>, or <option>fd:<replaceable>name</replaceable></option>, this |
3990 | + setting defaults to <option>inherit</option>.</para> |
3991 | + |
3992 | + <para>In other cases, this setting defaults to the value set with <varname>DefaultStandardOutput=</varname> in |
3993 | <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, which |
3994 | defaults to <option>journal</option>. Note that setting this parameter might result in additional dependencies |
3995 | to be added to the unit (see above).</para></listitem> |
3996 | @@ -3635,7 +3657,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX |
3997 | <term><varname>$MONITOR_INVOCATION_ID</varname></term> |
3998 | <term><varname>$MONITOR_UNIT</varname></term> |
3999 | |
4000 | - <listitem><para>Only defined for the service unit type. Those environment variable are passed to |
4001 | + <listitem><para>Only defined for the service unit type. Those environment variables are passed to |
4002 | all <varname>ExecStart=</varname> and <varname>ExecStartPre=</varname> processes which run in |
4003 | services triggered by <varname>OnFailure=</varname> or <varname>OnSuccess=</varname> dependencies. |
4004 | </para> |
4005 | @@ -3644,7 +3666,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX |
4006 | and <varname>$MONITOR_EXIT_STATUS</varname> take the same values as for |
4007 | <varname>ExecStop=</varname> and <varname>ExecStopPost=</varname> processes. Variables |
4008 | <varname>$MONITOR_INVOCATION_ID</varname> and <varname>$MONITOR_UNIT</varname> are set to the |
4009 | - invocaton id and unit name of the service which triggered the dependency.</para> |
4010 | + invocation id and unit name of the service which triggered the dependency.</para> |
4011 | |
4012 | <para>Note that when multiple services trigger the same unit, those variables will be |
4013 | <emphasis>not</emphasis> be passed. Consider using a template handler unit for that case instead: |
4014 | diff --git a/man/systemd.mount.xml b/man/systemd.mount.xml |
4015 | index 6d21d32..0b247c1 100644 |
4016 | --- a/man/systemd.mount.xml |
4017 | +++ b/man/systemd.mount.xml |
4018 | @@ -155,16 +155,14 @@ |
4019 | <refsect1> |
4020 | <title><filename>fstab</filename></title> |
4021 | |
4022 | - <para>Mount units may either be configured via unit files, or via |
4023 | - <filename>/etc/fstab</filename> (see |
4024 | + <para>Mount units may either be configured via unit files, or via <filename>/etc/fstab</filename> (see |
4025 | <citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4026 | - for details). Mounts listed in <filename>/etc/fstab</filename> |
4027 | - will be converted into native units dynamically at boot and when |
4028 | - the configuration of the system manager is reloaded. In general, |
4029 | - configuring mount points through <filename>/etc/fstab</filename> |
4030 | - is the preferred approach. See |
4031 | - <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
4032 | - for details about the conversion.</para> |
4033 | + for details). Mounts listed in <filename>/etc/fstab</filename> will be converted into native units |
4034 | + dynamically at boot and when the configuration of the system manager is reloaded. In general, configuring |
4035 | + mount points through <filename>/etc/fstab</filename> is the preferred approach to manage mounts for |
4036 | + humans. For tooling, writing mount units should be preferred over editing <filename>/etc/fstab</filename>. |
4037 | + See <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
4038 | + for details about the conversion from <filename>/etc/fstab</filename> to mount units.</para> |
4039 | |
4040 | <para>The NFS mount option <option>bg</option> for NFS background mounts |
4041 | as documented in <citerefentry project='man-pages'><refentrytitle>nfs</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
4042 | diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml |
4043 | index 3a776b3..b197f33 100644 |
4044 | --- a/man/systemd.netdev.xml |
4045 | +++ b/man/systemd.netdev.xml |
4046 | @@ -2199,7 +2199,7 @@ |
4047 | <term><varname>PhysicalDevice=</varname></term> |
4048 | <listitem> |
4049 | <para>Specifies the name or index of the physical WLAN device (e.g. <literal>0</literal> or |
4050 | - <literal>phy0</literal>). The list of the physical WLAN devices that exist os the host can be |
4051 | + <literal>phy0</literal>). The list of the physical WLAN devices that exist on the host can be |
4052 | obtained by <command>iw phy</command> command. This option is mandatory.</para> |
4053 | </listitem> |
4054 | </varlistentry> |
4055 | diff --git a/man/systemd.network.xml b/man/systemd.network.xml |
4056 | index c2ce1b1..3b29905 100644 |
4057 | --- a/man/systemd.network.xml |
4058 | +++ b/man/systemd.network.xml |
4059 | @@ -1103,9 +1103,9 @@ Table=1234</programlisting></para> |
4060 | IGMP snooping since the switch would not replicate multicast packets on ports that did not |
4061 | have IGMP reports for the multicast addresses. Linux vxlan interfaces created via |
4062 | <command>ip link add vxlan</command> or networkd's netdev kind vxlan have the group option |
4063 | - that enables then to do the required join. By extending ip address command with option |
4064 | - <literal>autojoin</literal> we can get similar functionality for openvswitch (OVS) vxlan |
4065 | - interfaces as well as other tunneling mechanisms that need to receive multicast traffic. |
4066 | + that enables them to do the required join. By extending <command>ip address</command> command |
4067 | + with option <literal>autojoin</literal> we can get similar functionality for openvswitch (OVS) |
4068 | + vxlan interfaces as well as other tunneling mechanisms that need to receive multicast traffic. |
4069 | Defaults to <literal>no</literal>.</para> |
4070 | </listitem> |
4071 | </varlistentry> |
4072 | @@ -1487,7 +1487,7 @@ Table=1234</programlisting></para> |
4073 | <para>For IPv4 route, defaults to <literal>host</literal> if <varname>Type=</varname> is |
4074 | <literal>local</literal> or <literal>nat</literal>, and <literal>link</literal> if |
4075 | <varname>Type=</varname> is <literal>broadcast</literal>, <literal>multicast</literal>, |
4076 | - <literal>anycast</literal>, or direct <literal>unicast</literal> routes. In other cases, |
4077 | + <literal>anycast</literal>, or <literal>unicast</literal>. In other cases, |
4078 | defaults to <literal>global</literal>. The value is not used for IPv6.</para> |
4079 | </listitem> |
4080 | </varlistentry> |
4081 | @@ -2534,7 +2534,7 @@ Token=prefixstable:2002:da8:1::</programlisting></para> |
4082 | <varlistentry> |
4083 | <term><varname>ServerAddress=</varname></term> |
4084 | <listitem><para>Specifies server address for the DHCP server. Takes an IPv4 address with prefix |
4085 | - length, for example <literal>192.168.0.1/24</literal>. This setting may be useful when the link on |
4086 | + length, for example 192.168.0.1/24. This setting may be useful when the link on |
4087 | which the DHCP server is running has multiple static addresses. When unset, one of static addresses |
4088 | in the link will be automatically selected. Defaults to unset.</para></listitem> |
4089 | </varlistentry> |
4090 | @@ -2956,7 +2956,7 @@ Token=prefixstable:2002:da8:1::</programlisting></para> |
4091 | |
4092 | <listitem><para>The IPv6 route that is to be distributed to hosts. Similarly to configuring static |
4093 | IPv6 routes, the setting is configured as an IPv6 prefix routes and its prefix route length, |
4094 | - separated by a <literal>/</literal> character. Use multiple [IPv6PrefixRoutes] sections to configure |
4095 | + separated by a <literal>/</literal> character. Use multiple [IPv6RoutePrefix] sections to configure |
4096 | multiple IPv6 prefix routes.</para></listitem> |
4097 | </varlistentry> |
4098 | |
4099 | diff --git a/man/sysupdate.d.xml b/man/sysupdate.d.xml |
4100 | index 03d27b9..d57fbf0 100644 |
4101 | --- a/man/sysupdate.d.xml |
4102 | +++ b/man/sysupdate.d.xml |
4103 | @@ -76,7 +76,7 @@ |
4104 | |
4105 | <listitem><para>Similarly, a file <literal>https://download.example.com/foobarOS_47.verity.xz</literal> |
4106 | should be downloaded, decompressed and written to a previously empty partition with GPT partition type |
4107 | - UUID of 2c7357ed-ebd2-46d9-aec1-23d437ec2bf5 (i.e the partition type for Verity integrity information |
4108 | + UUID of 2c7357ed-ebd2-46d9-aec1-23d437ec2bf5 (i.e. the partition type for Verity integrity information |
4109 | for x86-64 root file systems).</para></listitem> |
4110 | |
4111 | <listitem><para>Finally, a file <literal>https://download.example.com/foobarOS_47.efi.xz</literal> (a |
4112 | @@ -117,7 +117,7 @@ |
4113 | <itemizedlist> |
4114 | <listitem><para>For partitions: the surrounding GPT partition table contains a list of defined |
4115 | partitions, including a partition type UUID and a partition label (in this scheme the partition label |
4116 | - plays a role for the partition similar to the filename for a regular file)</para></listitem> |
4117 | + plays a role for the partition similar to the filename for a regular file).</para></listitem> |
4118 | |
4119 | <listitem><para>For regular files: the directory listing of the directory the files are contained in |
4120 | provides a list of existing files in a straightforward way.</para></listitem> |
4121 | @@ -369,7 +369,7 @@ |
4122 | <entry><literal>@r</literal></entry> |
4123 | <entry>Read-only flag</entry> |
4124 | <entry>Either <literal>0</literal> or <literal>1</literal></entry> |
4125 | - <entry>Controls ReadOnly bit of the GPT partition flags, as per <ulink url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions Specification</ulink> and other output read-only flags, see <varname>ReadOnly=</varname> below.</entry> |
4126 | + <entry>Controls ReadOnly bit of the GPT partition flags, as per <ulink url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions Specification</ulink> and other output read-only flags, see <varname>ReadOnly=</varname> below</entry> |
4127 | </row> |
4128 | |
4129 | <row> |
4130 | @@ -404,14 +404,14 @@ |
4131 | <entry><literal>@l</literal></entry> |
4132 | <entry>Tries left</entry> |
4133 | <entry>Formatted decimal integer</entry> |
4134 | - <entry>Useful when operating with kernel images, as per <ulink url="https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT">Automatic Boot Assessment</ulink></entry> |
4135 | + <entry>Useful when operating with kernel image files, as per <ulink url="https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT">Automatic Boot Assessment</ulink></entry> |
4136 | </row> |
4137 | |
4138 | <row> |
4139 | <entry><literal>@h</literal></entry> |
4140 | <entry>SHA256 hash of compressed file</entry> |
4141 | <entry>64 hexadecimal characters</entry> |
4142 | - <entry>The SHA256 hash of the compressed file; not useful for <constant>url-file</constant> or <constant>url-tar</constant> where the SHA256 hash is already included in the manifest file anyway.</entry> |
4143 | + <entry>The SHA256 hash of the compressed file; not useful for <constant>url-file</constant> or <constant>url-tar</constant> where the SHA256 hash is already included in the manifest file anyway</entry> |
4144 | </row> |
4145 | </tbody> |
4146 | </tgroup> |
4147 | @@ -432,7 +432,7 @@ |
4148 | <refsect1> |
4149 | <title>[Transfer] Section Options</title> |
4150 | |
4151 | - <para>This section defines general properties of this transfer.</para> |
4152 | + <para>This section defines general properties of this transfer:</para> |
4153 | |
4154 | <variablelist> |
4155 | <varlistentry> |
4156 | @@ -555,8 +555,8 @@ |
4157 | <listitem><para>Specifies a file system path where to look for already installed versions or place |
4158 | newly downloaded versions of this configured resource. If <varname>Type=</varname> is set to |
4159 | <constant>partition</constant>, expects a path to a (whole) block device node, or the special string |
4160 | - <literal>auto</literal> in which case the block device the root file system of the currently booted |
4161 | - system is automatically determined and used. If <varname>Type=</varname> is set to |
4162 | + <literal>auto</literal> in which case the block device which contains the root file system of the |
4163 | + currently booted system is automatically determined and used. If <varname>Type=</varname> is set to |
4164 | <constant>regular-file</constant>, <constant>directory</constant> or <constant>subvolume</constant>, |
4165 | must refer to a path in the local file system referencing the directory to find or place the version |
4166 | files or directories under.</para> |
4167 | @@ -818,7 +818,7 @@ Path=https://download.example.com/ |
4168 | MatchPattern=foobarOS_@v.efi.xz |
4169 | |
4170 | [Target] |
4171 | -Type=file |
4172 | +Type=regular-file |
4173 | Path=/efi/EFI/Linux |
4174 | MatchPattern=foobarOS_@v+@l-@d.efi \ |
4175 | foobarOS_@v+@l.efi \ |
4176 | @@ -831,7 +831,7 @@ InstancesMax=2</programlisting></para> |
4177 | <para>The above installs a unified kernel image into the ESP (which is mounted to |
4178 | <filename>/efi/</filename>), as per <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot |
4179 | Loader Specification</ulink> Type #2. This defines three possible patterns for the names of the |
4180 | - kernel images images, as per <ulink url="https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT">Automatic Boot |
4181 | + kernel images, as per <ulink url="https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT">Automatic Boot |
4182 | Assessment</ulink>, and ensures when installing new kernels, they are set up with 3 tries left. No |
4183 | more than two parallel kernels are kept.</para> |
4184 | |
4185 | diff --git a/man/udevadm.xml b/man/udevadm.xml |
4186 | index 3a9b133..89ebfbd 100644 |
4187 | --- a/man/udevadm.xml |
4188 | +++ b/man/udevadm.xml |
4189 | @@ -802,7 +802,8 @@ |
4190 | <para><command>udevadm lock</command> takes an (advisory) exclusive lock(s) on a block device (or |
4191 | multiple thereof), as per <ulink url="https://systemd.io/BLOCK_DEVICE_LOCKING">Locking Block Device |
4192 | Access</ulink> and invokes a program with the lock(s) taken. When the invoked program exits the lock(s) |
4193 | - are automatically released.</para> |
4194 | + are automatically released and its return value is propagated as exit code of <command>udevadm |
4195 | + lock</command>.</para> |
4196 | |
4197 | <para>This tool is in particular useful to ensure that |
4198 | <citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> |
4199 | diff --git a/meson.build b/meson.build |
4200 | index 36cbfa4..dbba108 100644 |
4201 | --- a/meson.build |
4202 | +++ b/meson.build |
4203 | @@ -169,6 +169,7 @@ pkgsysconfdir = sysconfdir / 'systemd' |
4204 | userunitdir = prefixdir / 'lib/systemd/user' |
4205 | userpresetdir = prefixdir / 'lib/systemd/user-preset' |
4206 | tmpfilesdir = prefixdir / 'lib/tmpfiles.d' |
4207 | +usertmpfilesdir = prefixdir / 'share/user-tmpfiles.d' |
4208 | sysusersdir = prefixdir / 'lib/sysusers.d' |
4209 | sysctldir = prefixdir / 'lib/sysctl.d' |
4210 | binfmtdir = prefixdir / 'lib/binfmt.d' |
4211 | @@ -278,6 +279,7 @@ conf.set_quoted('SYSTEM_SYSVINIT_PATH', sysvinit_path) |
4212 | conf.set_quoted('SYSTEM_SYSVRCND_PATH', sysvrcnd_path) |
4213 | conf.set_quoted('SYSUSERS_DIR', sysusersdir) |
4214 | conf.set_quoted('TMPFILES_DIR', tmpfilesdir) |
4215 | +conf.set_quoted('USER_TMPFILES_DIR', usertmpfilesdir) |
4216 | conf.set_quoted('UDEVLIBEXECDIR', udevlibexecdir) |
4217 | conf.set_quoted('UDEV_HWDB_DIR', udevhwdbdir) |
4218 | conf.set_quoted('UDEV_RULES_DIR', udevrulesdir) |
4219 | @@ -479,7 +481,6 @@ decl_headers = ''' |
4220 | #include <uchar.h> |
4221 | #include <sys/mount.h> |
4222 | #include <sys/stat.h> |
4223 | -#include <linux/fs.h> |
4224 | ''' |
4225 | |
4226 | foreach decl : ['char16_t', |
4227 | @@ -491,6 +492,17 @@ foreach decl : ['char16_t', |
4228 | # We get -1 if the size cannot be determined |
4229 | have = cc.sizeof(decl, prefix : decl_headers, args : '-D_GNU_SOURCE') > 0 |
4230 | |
4231 | + if decl == 'struct mount_attr' |
4232 | + if have |
4233 | + want_linux_fs_h = false |
4234 | + else |
4235 | + have = cc.sizeof(decl, |
4236 | + prefix : decl_headers + '#include <linux/fs.h>', |
4237 | + args : '-D_GNU_SOURCE') > 0 |
4238 | + want_linux_fs_h = have |
4239 | + endif |
4240 | + endif |
4241 | + |
4242 | if decl == 'struct statx' |
4243 | if have |
4244 | want_linux_stat_h = false |
4245 | @@ -506,6 +518,7 @@ foreach decl : ['char16_t', |
4246 | endforeach |
4247 | |
4248 | conf.set10('WANT_LINUX_STAT_H', want_linux_stat_h) |
4249 | +conf.set10('WANT_LINUX_FS_H', want_linux_fs_h) |
4250 | |
4251 | foreach ident : ['secure_getenv', '__secure_getenv'] |
4252 | conf.set10('HAVE_' + ident.to_upper(), cc.has_function(ident)) |
4253 | @@ -2171,7 +2184,7 @@ public_programs += executable( |
4254 | dependencies : [versiondep, |
4255 | libseccomp], |
4256 | install_rpath : rootlibexecdir, |
4257 | - install : conf.get('ENABLE_ANALYZE')) |
4258 | + install : conf.get('ENABLE_ANALYZE') == 1) |
4259 | |
4260 | executable( |
4261 | 'systemd-journald', |
4262 | diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c |
4263 | index 5b4d4ca..9255f4c 100644 |
4264 | --- a/src/analyze/analyze-security.c |
4265 | +++ b/src/analyze/analyze-security.c |
4266 | @@ -105,7 +105,7 @@ typedef struct SecurityInfo { |
4267 | Set *system_call_architectures; |
4268 | |
4269 | bool system_call_filter_allow_list; |
4270 | - Hashmap *system_call_filter; |
4271 | + Set *system_call_filter; |
4272 | |
4273 | mode_t _umask; |
4274 | } SecurityInfo; |
4275 | @@ -172,8 +172,7 @@ static SecurityInfo *security_info_free(SecurityInfo *i) { |
4276 | |
4277 | strv_free(i->supplementary_groups); |
4278 | set_free(i->system_call_architectures); |
4279 | - |
4280 | - hashmap_free(i->system_call_filter); |
4281 | + set_free(i->system_call_filter); |
4282 | |
4283 | return mfree(i); |
4284 | } |
4285 | @@ -567,12 +566,10 @@ static int assess_system_call_architectures( |
4286 | return 0; |
4287 | } |
4288 | |
4289 | -static bool syscall_names_in_filter(Hashmap *s, bool allow_list, const SyscallFilterSet *f, const char **ret_offending_syscall) { |
4290 | +static bool syscall_names_in_filter(Set *s, bool allow_list, const SyscallFilterSet *f, const char **ret_offending_syscall) { |
4291 | const char *syscall; |
4292 | |
4293 | NULSTR_FOREACH(syscall, f->value) { |
4294 | - int id; |
4295 | - |
4296 | if (syscall[0] == '@') { |
4297 | const SyscallFilterSet *g; |
4298 | |
4299 | @@ -584,11 +581,10 @@ static bool syscall_names_in_filter(Hashmap *s, bool allow_list, const SyscallFi |
4300 | } |
4301 | |
4302 | /* Let's see if the system call actually exists on this platform, before complaining */ |
4303 | - id = seccomp_syscall_resolve_name(syscall); |
4304 | - if (id < 0) |
4305 | + if (seccomp_syscall_resolve_name(syscall) < 0) |
4306 | continue; |
4307 | |
4308 | - if (hashmap_contains(s, syscall) != allow_list) { |
4309 | + if (set_contains(s, syscall) == allow_list) { |
4310 | log_debug("Offending syscall filter item: %s", syscall); |
4311 | if (ret_offending_syscall) |
4312 | *ret_offending_syscall = syscall; |
4313 | @@ -619,7 +615,7 @@ static int assess_system_call_filter( |
4314 | uint64_t b; |
4315 | int r; |
4316 | |
4317 | - if (!info->system_call_filter_allow_list && hashmap_isempty(info->system_call_filter)) { |
4318 | + if (!info->system_call_filter_allow_list && set_isempty(info->system_call_filter)) { |
4319 | r = free_and_strdup(&d, "Service does not filter system calls"); |
4320 | b = 10; |
4321 | } else { |
4322 | @@ -2139,9 +2135,8 @@ static int property_read_system_call_filter( |
4323 | if (r == 0) |
4324 | break; |
4325 | |
4326 | - /* The actual ExecContext stores the system call id as the map value, which we don't |
4327 | - * need. So we assign NULL to all values here. */ |
4328 | - r = hashmap_put_strdup(&info->system_call_filter, name, NULL); |
4329 | + /* ignore errno or action after colon */ |
4330 | + r = set_put_strndup(&info->system_call_filter, name, strchrnul(name, ':') - name); |
4331 | if (r < 0) |
4332 | return r; |
4333 | } |
4334 | @@ -2589,14 +2584,24 @@ static int get_security_info(Unit *u, ExecContext *c, CGroupContext *g, Security |
4335 | if (set_put_strdup(&info->system_call_architectures, name) < 0) |
4336 | return log_oom(); |
4337 | } |
4338 | -#endif |
4339 | |
4340 | info->system_call_filter_allow_list = c->syscall_allow_list; |
4341 | - if (c->syscall_filter) { |
4342 | - info->system_call_filter = hashmap_copy(c->syscall_filter); |
4343 | - if (!info->system_call_filter) |
4344 | + |
4345 | + void *id, *num; |
4346 | + HASHMAP_FOREACH_KEY(num, id, c->syscall_filter) { |
4347 | + _cleanup_free_ char *name = NULL; |
4348 | + |
4349 | + if (info->system_call_filter_allow_list && PTR_TO_INT(num) >= 0) |
4350 | + continue; |
4351 | + |
4352 | + name = seccomp_syscall_resolve_num_arch(SCMP_ARCH_NATIVE, PTR_TO_INT(id) - 1); |
4353 | + if (!name) |
4354 | + continue; |
4355 | + |
4356 | + if (set_ensure_consume(&info->system_call_filter, &string_hash_ops_free, TAKE_PTR(name)) < 0) |
4357 | return log_oom(); |
4358 | } |
4359 | +#endif |
4360 | } |
4361 | |
4362 | if (g) { |
4363 | diff --git a/src/basic/fd-util.c b/src/basic/fd-util.c |
4364 | index 6c1de92..00591d6 100644 |
4365 | --- a/src/basic/fd-util.c |
4366 | +++ b/src/basic/fd-util.c |
4367 | @@ -3,7 +3,9 @@ |
4368 | #include <errno.h> |
4369 | #include <fcntl.h> |
4370 | #include <linux/btrfs.h> |
4371 | +#if WANT_LINUX_FS_H |
4372 | #include <linux/fs.h> |
4373 | +#endif |
4374 | #include <linux/magic.h> |
4375 | #include <sys/ioctl.h> |
4376 | #include <sys/resource.h> |
4377 | diff --git a/src/basic/gcrypt-util.c b/src/basic/gcrypt-util.c |
4378 | index 64c63cd..41c9362 100644 |
4379 | --- a/src/basic/gcrypt-util.c |
4380 | +++ b/src/basic/gcrypt-util.c |
4381 | @@ -9,12 +9,14 @@ void initialize_libgcrypt(bool secmem) { |
4382 | if (gcry_control(GCRYCTL_INITIALIZATION_FINISHED_P)) |
4383 | return; |
4384 | |
4385 | + gcry_control(GCRYCTL_SET_PREFERRED_RNG_TYPE, GCRY_RNG_TYPE_SYSTEM); |
4386 | assert_se(gcry_check_version("1.4.5")); |
4387 | |
4388 | /* Turn off "secmem". Clients which wish to make use of this |
4389 | * feature should initialize the library manually */ |
4390 | if (!secmem) |
4391 | gcry_control(GCRYCTL_DISABLE_SECMEM); |
4392 | + |
4393 | gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); |
4394 | } |
4395 | |
4396 | diff --git a/src/basic/hashmap.c b/src/basic/hashmap.c |
4397 | index e33d6c3..62380b0 100644 |
4398 | --- a/src/basic/hashmap.c |
4399 | +++ b/src/basic/hashmap.c |
4400 | @@ -1842,7 +1842,7 @@ int _hashmap_put_strdup_full(Hashmap **h, const struct hash_ops *hash_ops, const |
4401 | return r; |
4402 | } |
4403 | |
4404 | -int _set_put_strdup_full(Set **s, const struct hash_ops *hash_ops, const char *p HASHMAP_DEBUG_PARAMS) { |
4405 | +int _set_put_strndup_full(Set **s, const struct hash_ops *hash_ops, const char *p, size_t n HASHMAP_DEBUG_PARAMS) { |
4406 | char *c; |
4407 | int r; |
4408 | |
4409 | @@ -1853,10 +1853,13 @@ int _set_put_strdup_full(Set **s, const struct hash_ops *hash_ops, const char *p |
4410 | if (r < 0) |
4411 | return r; |
4412 | |
4413 | - if (set_contains(*s, (char*) p)) |
4414 | - return 0; |
4415 | + if (n == SIZE_MAX) { |
4416 | + if (set_contains(*s, (char*) p)) |
4417 | + return 0; |
4418 | |
4419 | - c = strdup(p); |
4420 | + c = strdup(p); |
4421 | + } else |
4422 | + c = strndup(p, n); |
4423 | if (!c) |
4424 | return -ENOMEM; |
4425 | |
4426 | @@ -1869,7 +1872,7 @@ int _set_put_strdupv_full(Set **s, const struct hash_ops *hash_ops, char **l HA |
4427 | assert(s); |
4428 | |
4429 | STRV_FOREACH(i, l) { |
4430 | - r = _set_put_strdup_full(s, hash_ops, *i HASHMAP_DEBUG_PASS_ARGS); |
4431 | + r = _set_put_strndup_full(s, hash_ops, *i, SIZE_MAX HASHMAP_DEBUG_PASS_ARGS); |
4432 | if (r < 0) |
4433 | return r; |
4434 | |
4435 | diff --git a/src/basic/missing_fs.h b/src/basic/missing_fs.h |
4436 | index 0cacd49..6638d76 100644 |
4437 | --- a/src/basic/missing_fs.h |
4438 | +++ b/src/basic/missing_fs.h |
4439 | @@ -64,3 +64,8 @@ |
4440 | #ifndef FS_PROJINHERIT_FL |
4441 | #define FS_PROJINHERIT_FL 0x20000000 |
4442 | #endif |
4443 | + |
4444 | +/* linux/fscrypt.h */ |
4445 | +#ifndef FS_KEY_DESCRIPTOR_SIZE |
4446 | +#define FS_KEY_DESCRIPTOR_SIZE 8 |
4447 | +#endif |
4448 | diff --git a/src/basic/set.h b/src/basic/set.h |
4449 | index 243a747..52cf63e 100644 |
4450 | --- a/src/basic/set.h |
4451 | +++ b/src/basic/set.h |
4452 | @@ -127,9 +127,12 @@ int _set_ensure_consume(Set **s, const struct hash_ops *hash_ops, void *key HAS |
4453 | |
4454 | int set_consume(Set *s, void *value); |
4455 | |
4456 | -int _set_put_strdup_full(Set **s, const struct hash_ops *hash_ops, const char *p HASHMAP_DEBUG_PARAMS); |
4457 | -#define set_put_strdup_full(s, hash_ops, p) _set_put_strdup_full(s, hash_ops, p HASHMAP_DEBUG_SRC_ARGS) |
4458 | -#define set_put_strdup(s, p) set_put_strdup_full(s, &string_hash_ops_free, p) |
4459 | +int _set_put_strndup_full(Set **s, const struct hash_ops *hash_ops, const char *p, size_t n HASHMAP_DEBUG_PARAMS); |
4460 | +#define set_put_strndup_full(s, hash_ops, p, n) _set_put_strndup_full(s, hash_ops, p, n HASHMAP_DEBUG_SRC_ARGS) |
4461 | +#define set_put_strdup_full(s, hash_ops, p) set_put_strndup_full(s, hash_ops, p, SIZE_MAX) |
4462 | +#define set_put_strndup(s, p, n) set_put_strndup_full(s, &string_hash_ops_free, p, n) |
4463 | +#define set_put_strdup(s, p) set_put_strndup(s, p, SIZE_MAX) |
4464 | + |
4465 | int _set_put_strdupv_full(Set **s, const struct hash_ops *hash_ops, char **l HASHMAP_DEBUG_PARAMS); |
4466 | #define set_put_strdupv_full(s, hash_ops, l) _set_put_strdupv_full(s, hash_ops, l HASHMAP_DEBUG_SRC_ARGS) |
4467 | #define set_put_strdupv(s, l) set_put_strdupv_full(s, &string_hash_ops_free, l) |
4468 | diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c |
4469 | index 64c2f80..c31b4d8 100644 |
4470 | --- a/src/basic/stat-util.c |
4471 | +++ b/src/basic/stat-util.c |
4472 | @@ -35,31 +35,23 @@ int is_symlink(const char *path) { |
4473 | return !!S_ISLNK(info.st_mode); |
4474 | } |
4475 | |
4476 | -int is_dir(const char* path, bool follow) { |
4477 | +int is_dir_full(int atfd, const char* path, bool follow) { |
4478 | struct stat st; |
4479 | int r; |
4480 | |
4481 | - assert(path); |
4482 | + assert(atfd >= 0 || atfd == AT_FDCWD); |
4483 | + assert(atfd >= 0 || path); |
4484 | |
4485 | - if (follow) |
4486 | - r = stat(path, &st); |
4487 | + if (path) |
4488 | + r = fstatat(atfd, path, &st, follow ? 0 : AT_SYMLINK_NOFOLLOW); |
4489 | else |
4490 | - r = lstat(path, &st); |
4491 | + r = fstat(atfd, &st); |
4492 | if (r < 0) |
4493 | return -errno; |
4494 | |
4495 | return !!S_ISDIR(st.st_mode); |
4496 | } |
4497 | |
4498 | -int is_dir_fd(int fd) { |
4499 | - struct stat st; |
4500 | - |
4501 | - if (fstat(fd, &st) < 0) |
4502 | - return -errno; |
4503 | - |
4504 | - return !!S_ISDIR(st.st_mode); |
4505 | -} |
4506 | - |
4507 | int is_device_node(const char *path) { |
4508 | struct stat info; |
4509 | |
4510 | diff --git a/src/basic/stat-util.h b/src/basic/stat-util.h |
4511 | index 7f0b3dc..56f1553 100644 |
4512 | --- a/src/basic/stat-util.h |
4513 | +++ b/src/basic/stat-util.h |
4514 | @@ -13,8 +13,13 @@ |
4515 | #include "missing_stat.h" |
4516 | |
4517 | int is_symlink(const char *path); |
4518 | -int is_dir(const char *path, bool follow); |
4519 | -int is_dir_fd(int fd); |
4520 | +int is_dir_full(int atfd, const char *fname, bool follow); |
4521 | +static inline int is_dir(const char *path, bool follow) { |
4522 | + return is_dir_full(AT_FDCWD, path, follow); |
4523 | +} |
4524 | +static inline int is_dir_fd(int fd) { |
4525 | + return is_dir_full(fd, NULL, false); |
4526 | +} |
4527 | int is_device_node(const char *path); |
4528 | |
4529 | int dir_is_empty_at(int dir_fd, const char *path, bool ignore_hidden_or_backup); |
4530 | diff --git a/src/basic/time-util.c b/src/basic/time-util.c |
4531 | index c309369..0ad8de4 100644 |
4532 | --- a/src/basic/time-util.c |
4533 | +++ b/src/basic/time-util.c |
4534 | @@ -591,7 +591,7 @@ char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) { |
4535 | t = b; |
4536 | } |
4537 | |
4538 | - n = MIN((size_t) k, l); |
4539 | + n = MIN((size_t) k, l-1); |
4540 | |
4541 | l -= n; |
4542 | p += n; |
4543 | diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c |
4544 | index 83c29bb..bfe8c02 100644 |
4545 | --- a/src/basic/unit-file.c |
4546 | +++ b/src/basic/unit-file.c |
4547 | @@ -695,12 +695,9 @@ static int add_names( |
4548 | continue; |
4549 | } |
4550 | |
4551 | - r = set_consume(*names, TAKE_PTR(inst)); |
4552 | - if (r > 0) |
4553 | - log_debug("Unit %s has alias %s.", unit_name, inst); |
4554 | + r = add_name(unit_name, names, inst); |
4555 | } else |
4556 | r = add_name(unit_name, names, *alias); |
4557 | - |
4558 | if (r < 0) |
4559 | return r; |
4560 | } |
4561 | diff --git a/src/basic/virt.c b/src/basic/virt.c |
4562 | index c7ae2af..74e4ea8 100644 |
4563 | --- a/src/basic/virt.c |
4564 | +++ b/src/basic/virt.c |
4565 | @@ -158,6 +158,7 @@ static Virtualization detect_vm_dmi_vendor(void) { |
4566 | } dmi_vendor_table[] = { |
4567 | { "KVM", VIRTUALIZATION_KVM }, |
4568 | { "OpenStack", VIRTUALIZATION_KVM }, /* Detect OpenStack instance as KVM in non x86 architecture */ |
4569 | + { "KubeVirt", VIRTUALIZATION_KVM }, /* Detect KubeVirt instance as KVM in non x86 architecture */ |
4570 | { "Amazon EC2", VIRTUALIZATION_AMAZON }, |
4571 | { "QEMU", VIRTUALIZATION_QEMU }, |
4572 | { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */ |
4573 | @@ -436,18 +437,22 @@ Virtualization detect_vm(void) { |
4574 | |
4575 | /* We have to use the correct order here: |
4576 | * |
4577 | - * → First, try to detect Oracle Virtualbox and Amazon EC2 Nitro, even if they use KVM, as well as Xen even if |
4578 | - * it cloaks as Microsoft Hyper-V. Attempt to detect uml at this stage also since it runs as a user-process |
4579 | - * nested inside other VMs. Also check for Xen now, because Xen PV mode does not override CPUID when nested |
4580 | - * inside another hypervisor. |
4581 | + * → First, try to detect Oracle Virtualbox, Amazon EC2 Nitro, and Parallels, even if they use KVM, |
4582 | + * as well as Xen even if it cloaks as Microsoft Hyper-V. Attempt to detect uml at this stage also |
4583 | + * since it runs as a user-process nested inside other VMs. Also check for Xen now, because Xen PV |
4584 | + * mode does not override CPUID when nested inside another hypervisor. |
4585 | * |
4586 | - * → Second, try to detect from CPUID, this will report KVM for whatever software is used even if info in DMI is |
4587 | - * overwritten. |
4588 | + * → Second, try to detect from CPUID, this will report KVM for whatever software is used even if |
4589 | + * info in DMI is overwritten. |
4590 | * |
4591 | * → Third, try to detect from DMI. */ |
4592 | |
4593 | dmi = detect_vm_dmi(); |
4594 | - if (IN_SET(dmi, VIRTUALIZATION_ORACLE, VIRTUALIZATION_XEN, VIRTUALIZATION_AMAZON)) { |
4595 | + if (IN_SET(dmi, |
4596 | + VIRTUALIZATION_ORACLE, |
4597 | + VIRTUALIZATION_XEN, |
4598 | + VIRTUALIZATION_AMAZON, |
4599 | + VIRTUALIZATION_PARALLELS)) { |
4600 | v = dmi; |
4601 | goto finish; |
4602 | } |
4603 | diff --git a/src/boot/efi/meson.build b/src/boot/efi/meson.build |
4604 | index 299a01b..370ae97 100644 |
4605 | --- a/src/boot/efi/meson.build |
4606 | +++ b/src/boot/efi/meson.build |
4607 | @@ -200,6 +200,12 @@ efi_cflags = cc.get_supported_arguments( |
4608 | '-include', version_h, |
4609 | ] |
4610 | |
4611 | +# On some distros, sd-boot/-stub may trigger some bug somewhere that will cause |
4612 | +# kernel execution to fail. The cause seems to be purely based on code size and |
4613 | +# always compiling with at least -O1 will work around that. |
4614 | +# https://github.com/systemd/systemd/issues/24202 |
4615 | +efi_cflags += '-O1' |
4616 | + |
4617 | efi_cflags += cc.get_supported_arguments({ |
4618 | 'ia32': ['-mno-sse', '-mno-mmx'], |
4619 | 'x86_64': ['-mno-red-zone', '-mno-sse', '-mno-mmx'], |
4620 | @@ -260,6 +266,13 @@ efi_ldflags = [ |
4621 | '-z', 'nocombreloc', |
4622 | efi_crt0, |
4623 | ] |
4624 | + |
4625 | +possible_link_flags = [ |
4626 | + '-Wl,--no-warn-execstack', |
4627 | + '-Wl,--no-warn-rwx-segments', |
4628 | +] |
4629 | +efi_ldflags += cc.get_supported_link_arguments(possible_link_flags) |
4630 | + |
4631 | if efi_arch[1] in ['aarch64', 'arm', 'riscv64'] |
4632 | efi_ldflags += ['-shared'] |
4633 | # Aarch64, ARM32 and 64bit RISC-V don't have an EFI capable objcopy. |
4634 | diff --git a/src/boot/efi/xbootldr.c b/src/boot/efi/xbootldr.c |
4635 | index 793e394..f73b5ee 100644 |
4636 | --- a/src/boot/efi/xbootldr.c |
4637 | +++ b/src/boot/efi/xbootldr.c |
4638 | @@ -35,7 +35,7 @@ static BOOLEAN verify_gpt(union GptHeaderBuffer *gpt_header_buffer, EFI_LBA lba_ |
4639 | h = &gpt_header_buffer->gpt_header; |
4640 | |
4641 | /* Some superficial validation of the GPT header */ |
4642 | - if (CompareMem(&h->Header.Signature, "EFI PART", sizeof(h->Header.Signature) != 0)) |
4643 | + if (CompareMem(&h->Header.Signature, "EFI PART", sizeof(h->Header.Signature)) != 0) |
4644 | return FALSE; |
4645 | |
4646 | if (h->Header.HeaderSize < 92 || h->Header.HeaderSize > 512) |
4647 | diff --git a/src/cgroups-agent/cgroups-agent.c b/src/cgroups-agent/cgroups-agent.c |
4648 | index 071cba3..9126736 100644 |
4649 | --- a/src/cgroups-agent/cgroups-agent.c |
4650 | +++ b/src/cgroups-agent/cgroups-agent.c |
4651 | @@ -16,6 +16,13 @@ int main(int argc, char *argv[]) { |
4652 | _cleanup_close_ int fd = -1; |
4653 | ssize_t n; |
4654 | size_t l; |
4655 | + int r; |
4656 | + |
4657 | + r = rearrange_stdio(-1, -1, -1); |
4658 | + if (r < 0) { |
4659 | + log_error_errno(r, "Failed to connect stdin/stdout/stderr with /dev/null: %m"); |
4660 | + return EXIT_FAILURE; |
4661 | + } |
4662 | |
4663 | if (argc != 2) { |
4664 | log_error("Incorrect number of arguments."); |
4665 | diff --git a/src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.c b/src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.c |
4666 | index 347a3a8..6c960b8 100644 |
4667 | --- a/src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.c |
4668 | +++ b/src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.c |
4669 | @@ -6,7 +6,7 @@ |
4670 | #include <linux/bpf.h> |
4671 | #include <bpf/bpf_helpers.h> |
4672 | |
4673 | -const volatile __u8 is_allow_list = 0; |
4674 | +const volatile __u8 is_allow_list SEC(".rodata") = 0; |
4675 | |
4676 | /* Map containing the network interfaces indexes. |
4677 | * The interpretation of the map depends on the value of is_allow_list. |
4678 | diff --git a/src/core/dbus.c b/src/core/dbus.c |
4679 | index 073675c..ad2230d 100644 |
4680 | --- a/src/core/dbus.c |
4681 | +++ b/src/core/dbus.c |
4682 | @@ -42,6 +42,7 @@ |
4683 | #include "string-util.h" |
4684 | #include "strv.h" |
4685 | #include "strxcpyx.h" |
4686 | +#include "umask-util.h" |
4687 | #include "user-util.h" |
4688 | |
4689 | #define CONNECTIONS_MAX 4096 |
4690 | @@ -950,7 +951,8 @@ int bus_init_private(Manager *m) { |
4691 | if (fd < 0) |
4692 | return log_error_errno(errno, "Failed to allocate private socket: %m"); |
4693 | |
4694 | - r = bind(fd, &sa.sa, sa_len); |
4695 | + RUN_WITH_UMASK(0077) |
4696 | + r = bind(fd, &sa.sa, sa_len); |
4697 | if (r < 0) |
4698 | return log_error_errno(errno, "Failed to bind private socket: %m"); |
4699 | |
4700 | diff --git a/src/core/import-creds.c b/src/core/import-creds.c |
4701 | index 8b87434..5379648 100644 |
4702 | --- a/src/core/import-creds.c |
4703 | +++ b/src/core/import-creds.c |
4704 | @@ -226,7 +226,7 @@ static int import_credentials_boot(void) { |
4705 | if (nfd == -EEXIST) |
4706 | continue; |
4707 | if (nfd < 0) |
4708 | - return r; |
4709 | + return nfd; |
4710 | |
4711 | r = copy_bytes(cfd, nfd, st.st_size, 0); |
4712 | if (r < 0) { |
4713 | @@ -325,7 +325,7 @@ static int proc_cmdline_callback(const char *key, const char *value, void *data) |
4714 | if (nfd == -EEXIST) |
4715 | return 0; |
4716 | if (nfd < 0) |
4717 | - return r; |
4718 | + return nfd; |
4719 | |
4720 | r = loop_write(nfd, colon, l, /* do_poll= */ false); |
4721 | if (r < 0) { |
4722 | @@ -417,7 +417,7 @@ static int import_credentials_qemu(ImportCredentialContext *c) { |
4723 | |
4724 | rfd = openat(vfd, "raw", O_RDONLY|O_CLOEXEC); |
4725 | if (rfd < 0) { |
4726 | - log_warning_errno(r, "Failed to open '" QEMU_FWCFG_PATH "'/%s/raw, ignoring: %m", d->d_name); |
4727 | + log_warning_errno(errno, "Failed to open '" QEMU_FWCFG_PATH "'/%s/raw, ignoring: %m", d->d_name); |
4728 | continue; |
4729 | } |
4730 | |
4731 | @@ -429,7 +429,7 @@ static int import_credentials_qemu(ImportCredentialContext *c) { |
4732 | if (nfd == -EEXIST) |
4733 | continue; |
4734 | if (nfd < 0) |
4735 | - return r; |
4736 | + return nfd; |
4737 | |
4738 | r = copy_bytes(rfd, nfd, sz, 0); |
4739 | if (r < 0) { |
4740 | diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c |
4741 | index 3ff6eae..11991ec 100644 |
4742 | --- a/src/core/load-fragment.c |
4743 | +++ b/src/core/load-fragment.c |
4744 | @@ -4211,11 +4211,16 @@ int config_parse_io_device_weight( |
4745 | r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE); |
4746 | if (r == -ENOMEM) |
4747 | return log_oom(); |
4748 | - if (r <= 0 || isempty(p)) { |
4749 | + if (r < 0) { |
4750 | log_syntax(unit, LOG_WARNING, filename, line, r, |
4751 | "Failed to extract device path and weight from '%s', ignoring.", rvalue); |
4752 | return 0; |
4753 | } |
4754 | + if (r == 0 || isempty(p)) { |
4755 | + log_syntax(unit, LOG_WARNING, filename, line, 0, |
4756 | + "Invalid device path or weight specified in '%s', ignoring.", rvalue); |
4757 | + return 0; |
4758 | + } |
4759 | |
4760 | r = unit_path_printf(userdata, path, &resolved); |
4761 | if (r < 0) { |
4762 | @@ -4280,11 +4285,16 @@ int config_parse_io_device_latency( |
4763 | r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE); |
4764 | if (r == -ENOMEM) |
4765 | return log_oom(); |
4766 | - if (r <= 0 || isempty(p)) { |
4767 | + if (r < 0) { |
4768 | log_syntax(unit, LOG_WARNING, filename, line, r, |
4769 | "Failed to extract device path and latency from '%s', ignoring.", rvalue); |
4770 | return 0; |
4771 | } |
4772 | + if (r == 0 || isempty(p)) { |
4773 | + log_syntax(unit, LOG_WARNING, filename, line, 0, |
4774 | + "Invalid device path or latency specified in '%s', ignoring.", rvalue); |
4775 | + return 0; |
4776 | + } |
4777 | |
4778 | r = unit_path_printf(userdata, path, &resolved); |
4779 | if (r < 0) { |
4780 | @@ -4350,11 +4360,16 @@ int config_parse_io_limit( |
4781 | r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE); |
4782 | if (r == -ENOMEM) |
4783 | return log_oom(); |
4784 | - if (r <= 0 || isempty(p)) { |
4785 | + if (r < 0) { |
4786 | log_syntax(unit, LOG_WARNING, filename, line, r, |
4787 | "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue); |
4788 | return 0; |
4789 | } |
4790 | + if (r == 0 || isempty(p)) { |
4791 | + log_syntax(unit, LOG_WARNING, filename, line, 0, |
4792 | + "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue); |
4793 | + return 0; |
4794 | + } |
4795 | |
4796 | r = unit_path_printf(userdata, path, &resolved); |
4797 | if (r < 0) { |
4798 | @@ -4435,11 +4450,16 @@ int config_parse_blockio_device_weight( |
4799 | r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE); |
4800 | if (r == -ENOMEM) |
4801 | return log_oom(); |
4802 | - if (r <= 0 || isempty(p)) { |
4803 | + if (r < 0) { |
4804 | log_syntax(unit, LOG_WARNING, filename, line, r, |
4805 | "Failed to extract device node and weight from '%s', ignoring.", rvalue); |
4806 | return 0; |
4807 | } |
4808 | + if (r == 0 || isempty(p)) { |
4809 | + log_syntax(unit, LOG_WARNING, filename, line, 0, |
4810 | + "Invalid device node or weight specified in '%s', ignoring.", rvalue); |
4811 | + return 0; |
4812 | + } |
4813 | |
4814 | r = unit_path_printf(userdata, path, &resolved); |
4815 | if (r < 0) { |
4816 | @@ -4508,11 +4528,16 @@ int config_parse_blockio_bandwidth( |
4817 | r = extract_first_word(&p, &path, NULL, EXTRACT_UNQUOTE); |
4818 | if (r == -ENOMEM) |
4819 | return log_oom(); |
4820 | - if (r <= 0 || isempty(p)) { |
4821 | + if (r < 0) { |
4822 | log_syntax(unit, LOG_WARNING, filename, line, r, |
4823 | "Failed to extract device node and bandwidth from '%s', ignoring.", rvalue); |
4824 | return 0; |
4825 | } |
4826 | + if (r == 0 || isempty(p)) { |
4827 | + log_syntax(unit, LOG_WARNING, filename, line, 0, |
4828 | + "Invalid device node or bandwidth specified in '%s', ignoring.", rvalue); |
4829 | + return 0; |
4830 | + } |
4831 | |
4832 | r = unit_path_printf(userdata, path, &resolved); |
4833 | if (r < 0) { |
4834 | @@ -4728,8 +4753,12 @@ int config_parse_set_credential( |
4835 | r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS); |
4836 | if (r == -ENOMEM) |
4837 | return log_oom(); |
4838 | - if (r <= 0 || !p) { |
4839 | - log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue); |
4840 | + if (r < 0) { |
4841 | + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to extract credential name, ignoring: %s", rvalue); |
4842 | + return 0; |
4843 | + } |
4844 | + if (r == 0 || isempty(p)) { |
4845 | + log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid syntax, ignoring: %s", rvalue); |
4846 | return 0; |
4847 | } |
4848 | |
4849 | @@ -5208,7 +5237,7 @@ int config_parse_bind_paths( |
4850 | if (r == -ENOMEM) |
4851 | return log_oom(); |
4852 | if (r < 0) { |
4853 | - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s: %s", lvalue, rvalue); |
4854 | + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s=, ignoring: %s", lvalue, rvalue); |
4855 | return 0; |
4856 | } |
4857 | |
4858 | @@ -5858,6 +5887,7 @@ int config_parse_bpf_foreign_program( |
4859 | void *userdata) { |
4860 | _cleanup_free_ char *resolved = NULL, *word = NULL; |
4861 | CGroupContext *c = data; |
4862 | + const char *p = rvalue; |
4863 | Unit *u = userdata; |
4864 | int attach_type, r; |
4865 | |
4866 | @@ -5872,13 +5902,17 @@ int config_parse_bpf_foreign_program( |
4867 | return 0; |
4868 | } |
4869 | |
4870 | - r = extract_first_word(&rvalue, &word, ":", 0); |
4871 | + r = extract_first_word(&p, &word, ":", 0); |
4872 | if (r == -ENOMEM) |
4873 | return log_oom(); |
4874 | - if (r <= 0 || isempty(rvalue)) { |
4875 | + if (r < 0) { |
4876 | log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse foreign BPF program, ignoring: %s", rvalue); |
4877 | return 0; |
4878 | } |
4879 | + if (r == 0 || isempty(p)) { |
4880 | + log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid syntax in %s=, ignoring: %s", lvalue, rvalue); |
4881 | + return 0; |
4882 | + } |
4883 | |
4884 | attach_type = bpf_cgroup_attach_type_from_string(word); |
4885 | if (attach_type < 0) { |
4886 | @@ -5886,9 +5920,9 @@ int config_parse_bpf_foreign_program( |
4887 | return 0; |
4888 | } |
4889 | |
4890 | - r = unit_path_printf(u, rvalue, &resolved); |
4891 | + r = unit_path_printf(u, p, &resolved); |
4892 | if (r < 0) { |
4893 | - log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %m", rvalue); |
4894 | + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to resolve unit specifiers in '%s', ignoring: %s", p, rvalue); |
4895 | return 0; |
4896 | } |
4897 | |
4898 | diff --git a/src/core/main.c b/src/core/main.c |
4899 | index 409b84a..69d450a 100644 |
4900 | --- a/src/core/main.c |
4901 | +++ b/src/core/main.c |
4902 | @@ -2118,11 +2118,9 @@ static int initialize_runtime( |
4903 | write_container_id(); |
4904 | } |
4905 | |
4906 | - if (arg_watchdog_device) { |
4907 | - r = watchdog_set_device(arg_watchdog_device); |
4908 | - if (r < 0) |
4909 | - log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m", arg_watchdog_device); |
4910 | - } |
4911 | + r = watchdog_set_device(arg_watchdog_device); |
4912 | + if (r < 0) |
4913 | + log_warning_errno(r, "Failed to set watchdog device to %s, ignoring: %m", arg_watchdog_device); |
4914 | } else { |
4915 | _cleanup_free_ char *p = NULL; |
4916 | |
4917 | @@ -2377,8 +2375,8 @@ static void reset_arguments(void) { |
4918 | arg_reboot_watchdog = 10 * USEC_PER_MINUTE; |
4919 | arg_kexec_watchdog = 0; |
4920 | arg_pretimeout_watchdog = 0; |
4921 | - arg_early_core_pattern = NULL; |
4922 | - arg_watchdog_device = NULL; |
4923 | + arg_early_core_pattern = mfree(arg_early_core_pattern); |
4924 | + arg_watchdog_device = mfree(arg_watchdog_device); |
4925 | arg_watchdog_pretimeout_governor = mfree(arg_watchdog_pretimeout_governor); |
4926 | |
4927 | arg_default_environment = strv_free(arg_default_environment); |
4928 | @@ -2808,6 +2806,11 @@ int main(int argc, char *argv[]) { |
4929 | /* clear the kernel timestamp, because we are not PID 1 */ |
4930 | kernel_timestamp = DUAL_TIMESTAMP_NULL; |
4931 | |
4932 | + /* Clear ambient capabilities, so services do not inherit them implicitly. Dropping them does |
4933 | + * not affect the permitted and effective sets which are important for the manager itself to |
4934 | + * operate. */ |
4935 | + capability_ambient_set_apply(0, /* also_inherit= */ false); |
4936 | + |
4937 | if (mac_selinux_init() < 0) { |
4938 | error_message = "Failed to initialize SELinux support"; |
4939 | goto finish; |
4940 | diff --git a/src/core/mount.c b/src/core/mount.c |
4941 | index 20b4bb6..029f132 100644 |
4942 | --- a/src/core/mount.c |
4943 | +++ b/src/core/mount.c |
4944 | @@ -1029,11 +1029,13 @@ static void mount_enter_mounting(Mount *m) { |
4945 | if (p && mount_is_bind(p)) { |
4946 | r = mkdir_p_label(p->what, m->directory_mode); |
4947 | /* mkdir_p_label() can return -EEXIST if the target path exists and is not a directory - which is |
4948 | - * totally OK, in case the user wants us to overmount a non-directory inode. */ |
4949 | - if (r < 0 && r != -EEXIST) { |
4950 | - log_unit_error_errno(UNIT(m), r, "Failed to make bind mount source '%s': %m", p->what); |
4951 | - goto fail; |
4952 | - } |
4953 | + * totally OK, in case the user wants us to overmount a non-directory inode. Also -EROFS can be |
4954 | + * returned on read-only filesystem. Moreover, -EACCES (and also maybe -EPERM?) may be returned |
4955 | + * when the path is on NFS. See issue #24120. All such errors will be logged in the debug level. */ |
4956 | + if (r < 0 && r != -EEXIST) |
4957 | + log_unit_full_errno(UNIT(m), |
4958 | + (r == -EROFS || ERRNO_IS_PRIVILEGE(r)) ? LOG_DEBUG : LOG_WARNING, |
4959 | + r, "Failed to make bind mount source '%s', ignoring: %m", p->what); |
4960 | } |
4961 | |
4962 | if (p) { |
4963 | diff --git a/src/core/namespace.c b/src/core/namespace.c |
4964 | index 926aa96..2eafe43 100644 |
4965 | --- a/src/core/namespace.c |
4966 | +++ b/src/core/namespace.c |
4967 | @@ -4,9 +4,12 @@ |
4968 | #include <linux/loop.h> |
4969 | #include <sched.h> |
4970 | #include <stdio.h> |
4971 | +#include <sys/file.h> |
4972 | #include <sys/mount.h> |
4973 | #include <unistd.h> |
4974 | +#if WANT_LINUX_FS_H |
4975 | #include <linux/fs.h> |
4976 | +#endif |
4977 | |
4978 | #include "alloc-util.h" |
4979 | #include "base-filesystem.h" |
4980 | @@ -928,7 +931,7 @@ static int mount_private_dev(MountEntry *m) { |
4981 | |
4982 | r = label_fix_container(dev, "/dev", 0); |
4983 | if (r < 0) { |
4984 | - log_debug_errno(errno, "Failed to fix label of '%s' as /dev: %m", dev); |
4985 | + log_debug_errno(r, "Failed to fix label of '%s' as /dev: %m", dev); |
4986 | goto fail; |
4987 | } |
4988 | |
4989 | diff --git a/src/core/scope.c b/src/core/scope.c |
4990 | index 63d3288..080bb71 100644 |
4991 | --- a/src/core/scope.c |
4992 | +++ b/src/core/scope.c |
4993 | @@ -392,7 +392,7 @@ static int scope_start(Unit *u) { |
4994 | return r; |
4995 | } |
4996 | if (r == 0) { |
4997 | - log_unit_warning(u, "No PIDs left to attach to the scope's control group, refusing: %m"); |
4998 | + log_unit_warning(u, "No PIDs left to attach to the scope's control group, refusing."); |
4999 | scope_enter_dead(s, SCOPE_FAILURE_RESOURCES); |
5000 | return -ECHILD; |
+1 for DENYLISTing the 29-PORTABLE test, it seems to fail more often than not. Maybe we could also update the upstream bug report with some logs from autopkgtest. ubuntu. com to provide some evidence.
As suggested earlier, I think we need to upgrade the systemd -> (Suggests:) -> systemd-resolved to something stronger, probably "Depends:" in Ubuntu. As Ubuntu has been using systemd-resolved by default for a while.
LGTM otherwise.
PS: I also like the enablement of systemd-homed, wanted to do this for a long time but never found the time (and a proper reason in Ubuntu) to get it enabled.