From f961eb7d7befe4dce77937b7fad6d97089ae76f1 Mon Sep 17 00:00:00 2001 From: Britney Fransen Date: Sun, 4 Mar 2018 21:45:17 +0000 Subject: systemd: update to 237.64 --- abs/core/systemd/PKGBUILD | 238 ++++++++++++++++++++---------- abs/core/systemd/__changelog | 1 - abs/core/systemd/initcpio-install-systemd | 44 +++++- abs/core/systemd/initcpio-install-udev | 7 +- abs/core/systemd/systemd-hwdb.hook | 11 ++ abs/core/systemd/systemd-sysusers.hook | 11 ++ abs/core/systemd/systemd-tmpfiles.hook | 11 ++ abs/core/systemd/systemd-update.hook | 11 ++ abs/core/systemd/systemd-user.pam | 5 + abs/core/systemd/systemd.install | 178 +++++----------------- 10 files changed, 285 insertions(+), 232 deletions(-) create mode 100644 abs/core/systemd/systemd-hwdb.hook create mode 100644 abs/core/systemd/systemd-sysusers.hook create mode 100644 abs/core/systemd/systemd-tmpfiles.hook create mode 100644 abs/core/systemd/systemd-update.hook create mode 100644 abs/core/systemd/systemd-user.pam diff --git a/abs/core/systemd/PKGBUILD b/abs/core/systemd/PKGBUILD index ecbf16c..f2c335c 100644 --- a/abs/core/systemd/PKGBUILD +++ b/abs/core/systemd/PKGBUILD @@ -1,88 +1,155 @@ +# $Id$ +# Maintainer: Christian Hesse # Maintainer: Dave Reisner # Maintainer: Tom Gundersen pkgbase=systemd pkgname=('systemd' 'libsystemd' 'systemd-sysvcompat') -pkgver=224 -pkgrel=2 -arch=('i686' 'x86_64') -url="http://www.freedesktop.org/wiki/Software/systemd" -makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gperf' 'lz4' 'xz' 'pam' +# latest commit on stable branch +_commit='7909254c7a8ee09d91b8b21fd779320b3e2fe716' +# Bump this to latest major release for signed tag verification, +# the commit count is handled by pkgver() function. +pkgver=237.64 +pkgrel=1 +arch=('x86_64') +url="https://www.github.com/systemd/systemd" +makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gperf' 'lz4' 'xz' 'pam' 'libelf' 'intltool' 'iptables' 'kmod' 'libcap' 'libidn' 'libgcrypt' 'libmicrohttpd' 'libxslt' 'util-linux' 'linux-api-headers' - 'python2-lxml' 'quota-tools' 'shadow' 'gnu-efi-libs' 'git') -options=('strip' 'debug') -source=("git://github.com/systemd/systemd.git#tag=v$pkgver" + 'python-lxml' 'quota-tools' 'shadow' 'gnu-efi-libs' 'git' + 'meson' 'libseccomp' 'pcre2') +options=('strip') +validpgpkeys=('63CDA1E5D3FC22B998D20DD6327F26951A015CC4') # Lennart Poettering +source=('git://github.com/systemd/systemd-stable.git' + 'git://github.com/systemd/systemd.git' # pull in for tags, backports & reverts 'initcpio-hook-udev' 'initcpio-install-systemd' 'initcpio-install-udev' 'arch.conf' 'loader.conf' - 'splash-arch.bmp') -md5sums=('SKIP' - '90ea67a7bb237502094914622a39e281' - '976c5511b6493715e381f43f16cdb151' - '1b3aa3a0551b08af9305d33f85b5c2fc' - '20ead378f5d6df4b2a3e670301510a7d' - 'ddaef54f68f6c86c6c07835fc668f62a' - '1e2f9a8b0fa32022bf0a8f39123e5f4e') + 'splash-arch.bmp' + 'systemd-user.pam' + 'systemd-hwdb.hook' + 'systemd-sysusers.hook' + 'systemd-tmpfiles.hook' + 'systemd-update.hook') +sha512sums=('SKIP' + 'SKIP' + 'f0d933e8c6064ed830dec54049b0a01e27be87203208f6ae982f10fb4eddc7258cb2919d594cbfb9a33e74c3510cfd682f3416ba8e804387ab87d1a217eb4b73' + '86d7cacd7536b1069c82bbbb08de7ec81e7f0f18a19fc2b06fabe90db4700623eb3540b75121080d325672d92e26912632ae4f93fd3c0bb48eb3e5eedd88352c' + 'a25b28af2e8c516c3a2eec4e64b8c7f70c21f974af4a955a4a9d45fd3e3ff0d2a98b4419fe425d47152d5acae77d64e69d8d014a7209524b75a81b0edb10bf3a' + '61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648' + 'c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5' + '5a1d78b5170da5abe3d18fdf9f2c3a4d78f15ba7d1ee9ec2708c4c9c2e28973469bc19386f70b3cf32ffafbe4fcc4303e5ebbd6d5187a1df3314ae0965b25e75' + 'b90c99d768dc2a4f020ba854edf45ccf1b86a09d2f66e475de21fe589ff7e32c33ef4aa0876d7f1864491488fd7edb2682fc0d68e83a6d4890a0778dc2d6fe19' + '2c1f765e7cefc50f07ad994634ea25d9396e6b9c0de46e58f18377e642a471517a0dbf5eb547070a38c6ecf84ec8e030f650a6cee010871cd7a466a32534adda' + '7d49a948f5d58f662a7d81544254528257ef8c0a08ca560834f09a7cdf566161d2df4d419ebbc2983196cd45c9eeefcd0c4c2c554376916dce42e895262afc30' + 'e521d92674597f82d589b83c378c50c92c881fdb84c436c8b26f7a3436a4c91a20585824a5563933f6868a3023b9ee2fdc7bd58e04bb47c25a0a36e296308fd3' + '10190fba9f39a8f4b620a0829e0ba8ed63bb4dbeca712966011ee7807880d01ab2abff1a80baafeb6674db70526a473fe585db8190e864f318fc4d6068552618') + +_backports=( +) + +_reverts=( +) + +_validate_tag() { + local success fingerprint trusted status tag=v${pkgver%.*} + + parse_gpg_statusfile /dev/stdin < <(git verify-tag --raw "$tag" 2>&1) + + if (( ! success )); then + error 'failed to validate tag %s\n' "$tag" + return 1 + fi + + if ! in_array "$fingerprint" "${validpgpkeys[@]}" && (( ! trusted )); then + error 'unknown or untrusted public key: %s\n' "$fingerprint" + return 1 + fi + + case $status in + 'expired') + warning 'the signature has expired' + ;; + 'expiredkey') + warning 'the key has expired' + ;; + esac + + return 0 +} + +pkgver() { + local version count + + cd "$pkgbase-stable" + + version="$(git describe --abbrev=0 --tags)" + count="$(git rev-list --count ${version}..)" + printf '%s.%s' "${version#v}" "${count}" +} prepare() { - cd "$pkgname" + cd "$pkgbase-stable" + + git remote add upstream ../systemd/ + git fetch --all - # networkd: fix neworkd crash - # https://github.com/systemd/systemd/commit/49f6e11e89b4 - git cherry-pick -n 49f6e11e89b4 + git checkout "${_commit}" - ./autogen.sh + _validate_tag || return + + local _commit + for _commit in "${_backports[@]}"; do + git cherry-pick -n "$_commit" + done + for _commit in "${_reverts[@]}"; do + git revert -n "$_commit" + done } build() { - cd "$pkgname" - local timeservers=({0..3}.arch.pool.ntp.org) - ./configure \ - --libexecdir=/usr/lib \ - --localstatedir=/var \ - --sysconfdir=/etc \ - --enable-lz4 \ - --enable-compat-libs \ - --enable-gnuefi \ - --disable-audit \ - --disable-ima \ - --disable-kdbus \ - --with-sysvinit-path= \ - --with-sysvrcnd-path= \ - --with-ntp-servers="${timeservers[*]}" - - make + local meson_options=( + -Daudit=false + -Dgnuefi=true + -Dima=false + -Dlz4=true + + -Ddbuspolicydir=/usr/share/dbus-1/system.d + -Ddefault-dnssec=no + # TODO(dreisner): consider changing this to unified + -Ddefault-hierarchy=hybrid + -Ddefault-kill-user-processes=false + -Dfallback-hostname='archlinux' + -Dntp-servers="${timeservers[*]}" + -Drpmmacrosdir=no + -Dsysvinit-path= + -Dsysvrcnd-path= + ) + + arch-meson "$pkgbase-stable" build "${meson_options[@]}" + + ninja -C build } package_systemd() { pkgdesc="system and service manager" license=('GPL2' 'LGPL2.1') - depends=('acl' 'bash' 'dbus' 'iptables' 'kbd' 'kmod' 'hwids' 'libcap' - 'libgcrypt' 'libsystemd' 'libidn' 'lz4' 'pam' 'libseccomp' 'util-linux' - 'xz') + groups=('base-devel') + depends=('acl' 'bash' 'cryptsetup' 'dbus' 'iptables' 'kbd' 'kmod' 'hwids' 'libcap' + 'libgcrypt' 'libsystemd' 'libidn' 'lz4' 'pam' 'libelf' 'libseccomp' + 'util-linux' 'xz' 'pcre2') provides=('nss-myhostname' "systemd-tools=$pkgver" "udev=$pkgver") replaces=('nss-myhostname' 'systemd-tools' 'udev') conflicts=('nss-myhostname' 'systemd-tools' 'udev') - optdepends=('cryptsetup: required for encrypted block devices' - 'libmicrohttpd: remote journald capabilities' + optdepends=('libmicrohttpd: remote journald capabilities' 'quota-tools: kernel-level quota management' 'systemd-sysvcompat: symlink package to provide sysvinit binaries' 'polkit: allow administration as unprivileged user') - backup=(etc/dbus-1/system.d/org.freedesktop.systemd1.conf - etc/dbus-1/system.d/org.freedesktop.hostname1.conf - etc/dbus-1/system.d/org.freedesktop.login1.conf - etc/dbus-1/system.d/org.freedesktop.locale1.conf - etc/dbus-1/system.d/org.freedesktop.machine1.conf - etc/dbus-1/system.d/org.freedesktop.timedate1.conf - etc/dbus-1/system.d/org.freedesktop.import1.conf - etc/dbus-1/system.d/org.freedesktop.network1.conf - etc/pam.d/systemd-user - etc/systemd/bootchart.conf + backup=(etc/pam.d/systemd-user etc/systemd/coredump.conf etc/systemd/journald.conf etc/systemd/journal-remote.conf @@ -95,17 +162,15 @@ package_systemd() { etc/udev/udev.conf) install="systemd.install" - make -C "$pkgname" DESTDIR="$pkgdir" install + DESTDIR="$pkgdir" ninja -C build install # don't write units to /etc by default. some of these will be re-enabled on # post_install. rm -r "$pkgdir/etc/systemd/system/"*.wants - - # get rid of RPM macros - rm -r "$pkgdir/usr/lib/rpm" + rm -r "$pkgdir/etc/systemd/system/"*.service # add back tmpfiles.d/legacy.conf - install -m644 "$pkgname/tmpfiles.d/legacy.conf" "$pkgdir/usr/lib/tmpfiles.d" + install -m644 "$pkgbase-stable/tmpfiles.d/legacy.conf" "$pkgdir/usr/lib/tmpfiles.d" # Replace dialout/tape/cdrom group in rules with uucp/storage/optical group sed -i 's#GROUP="dialout"#GROUP="uucp"#g; @@ -120,45 +185,59 @@ package_systemd() { install -Dm644 "$srcdir/initcpio-install-udev" "$pkgdir/usr/lib/initcpio/install/udev" install -Dm644 "$srcdir/initcpio-hook-udev" "$pkgdir/usr/lib/initcpio/hooks/udev" - # ensure proper permissions for /var/log/journal. This is only to placate + # ensure proper permissions for /var/log/journal + # The permissions are stored with named group by tar, so this works with + # users and groups populated by systemd-sysusers. This is only to prevent a + # warning from pacman as permissions are set by systemd-tmpfiles anyway. chown root:systemd-journal "$pkgdir/var/log/journal" chmod 2755 "$pkgdir/var/log/journal" - # we'll create this on installation - #rmdir "$pkgdir/var/log/journal/remote" + # match directory owner/group and mode from extra/polkit + chown root:102 "$pkgdir"/usr/share/polkit-1/rules.d + chmod 0750 "$pkgdir"/usr/share/polkit-1/rules.d - # fix pam file - sed 's|system-auth|system-login|g' -i "$pkgdir/etc/pam.d/systemd-user" + # we'll create this on installation + # rmdir "$pkgdir/var/log/journal/remote" # ship default policy to leave services disabled echo 'disable *' >"$pkgdir"/usr/lib/systemd/system-preset/99-default.preset - ### split out manpages for sysvcompat - rm -rf "$srcdir/_sysvcompat" - install -dm755 "$srcdir"/_sysvcompat/usr/share/man/man8/ - mv "$pkgdir"/usr/share/man/man8/{telinit,halt,reboot,poweroff,runlevel,shutdown}.8 \ - "$srcdir"/_sysvcompat/usr/share/man/man8 + # manpages shipped with systemd-sysvcompat + rm "$pkgdir"/usr/share/man/man8/{telinit,halt,reboot,poweroff,runlevel,shutdown}.8 + + # runtime libraries shipped with libsystemd + rm "$pkgdir"/usr/lib/lib{nss,systemd,udev}*.so* - ### split off runtime libraries - rm -rf "$srcdir/_libsystemd" - install -dm755 "$srcdir"/_libsystemd/usr/lib - cd "$srcdir"/_libsystemd - mv "$pkgdir"/usr/lib/lib{systemd,udev}*.so* usr/lib + # allow core/filesystem to pristine nsswitch.conf + rm "$pkgdir/usr/share/factory/etc/nsswitch.conf" + sed -i '/^C \/etc\/nsswitch\.conf/d' "$pkgdir/usr/lib/tmpfiles.d/etc.conf" # add example bootctl configuration install -Dm644 "$srcdir/arch.conf" "$pkgdir"/usr/share/systemd/bootctl/arch.conf install -Dm644 "$srcdir/loader.conf" "$pkgdir"/usr/share/systemd/bootctl/loader.conf install -Dm644 "$srcdir/splash-arch.bmp" "$pkgdir"/usr/share/systemd/bootctl/splash-arch.bmp + + install -Dm644 "$srcdir/systemd-hwdb.hook" "$pkgdir/usr/share/libalpm/hooks/systemd-hwdb.hook" + install -Dm644 "$srcdir/systemd-sysusers.hook" "$pkgdir/usr/share/libalpm/hooks/systemd-sysusers.hook" + install -Dm644 "$srcdir/systemd-tmpfiles.hook" "$pkgdir/usr/share/libalpm/hooks/systemd-tmpfiles.hook" + install -Dm644 "$srcdir/systemd-update.hook" "$pkgdir/usr/share/libalpm/hooks/systemd-update.hook" + + # overwrite the systemd-user PAM configuration with our own + install -Dm644 systemd-user.pam "$pkgdir/etc/pam.d/systemd-user" } package_libsystemd() { pkgdesc="systemd client libraries" - depends=('glibc' 'libgcrypt' 'lz4' 'xz') + depends=('glibc' 'libcap' 'libgcrypt' 'lz4' 'xz') license=('GPL2') - provides=('libsystemd.so' 'libsystemd-daemon.so' 'libsystemd-id128.so' - 'libsystemd-journal.so' 'libsystemd-login.so' 'libudev.so') + provides=('libsystemd.so' 'libudev.so') + + # meson does not support installing subsets of files, no? + # So do a full install to temporary directory, then install what we need. + DESTDIR="$srcdir"/full-install ninja -C build install - mv "$srcdir/_libsystemd"/* "$pkgdir" + install -dm755 "$pkgdir"/usr/lib/ + cp --archive "$srcdir"/full-install/usr/lib/lib{nss_*,systemd,udev}.so* "$pkgdir"/usr/lib/ } package_systemd-sysvcompat() { @@ -168,7 +247,10 @@ package_systemd-sysvcompat() { conflicts=('sysvinit') depends=('systemd') - mv "$srcdir/_sysvcompat"/* "$pkgdir" + install -dm755 "$pkgdir"/usr/share/man/man8 + cp -d --no-preserve=ownership,timestamp \ + build/man/{telinit,halt,reboot,poweroff,runlevel,shutdown}.8 \ + "$pkgdir"/usr/share/man/man8 install -dm755 "$pkgdir/usr/bin" #for tool in runlevel reboot shutdown poweroff halt telinit; do diff --git a/abs/core/systemd/__changelog b/abs/core/systemd/__changelog index 841eee3..591fa91 100644 --- a/abs/core/systemd/__changelog +++ b/abs/core/systemd/__changelog @@ -1,4 +1,3 @@ -PKGBUILD: change dep python-lxml to python2-lxml PKGBUILD: comment out rmdir "$pkgdir/var/log/journal/remote" PKGBUILD: Change for tool in runlevel reboot shutdown poweroff halt telinit; do to for tool in runlevel telinit; do diff --git a/abs/core/systemd/initcpio-install-systemd b/abs/core/systemd/initcpio-install-systemd index 96df98a..40a352c 100644 --- a/abs/core/systemd/initcpio-install-systemd +++ b/abs/core/systemd/initcpio-install-systemd @@ -93,6 +93,13 @@ add_systemd_unit() { fi } +add_systemd_drop_in() { + local unit=$1 dropin_name=$2 + + mkdir -p "$BUILDROOT/etc/systemd/system/$unit.d" + cat >"$BUILDROOT/etc/systemd/system/$unit.d/$2.conf" +} + build() { local rules unit @@ -100,16 +107,16 @@ build() { add_binary /bin/mount add_binary /usr/bin/kmod /usr/bin/modprobe add_binary /usr/lib/systemd/systemd /init + add_binary /usr/bin/sulogin map add_binary \ /usr/bin/systemd-tmpfiles \ /usr/lib/systemd/systemd-hibernate-resume \ + /usr/lib/systemd/systemd-sulogin-shell \ /usr/lib/systemd/system-generators/systemd-fstab-generator \ /usr/lib/systemd/system-generators/systemd-gpt-auto-generator \ /usr/lib/systemd/system-generators/systemd-hibernate-resume-generator - add_module "kdbus?" - # udev rules and systemd units map add_udev_rule "$rules" \ 50-udev-default.rules \ @@ -123,6 +130,7 @@ build() { initrd-fs.target \ initrd-parse-etc.service \ initrd-root-fs.target \ + initrd-root-device.target \ initrd-switch-root.service \ initrd-switch-root.target \ initrd-udevadm-cleanup-db.service \ @@ -140,27 +148,47 @@ build() { systemd-journald.service \ systemd-journald-audit.socket \ systemd-journald-dev-log.socket \ + systemd-modules-load.service \ systemd-tmpfiles-setup-dev.service \ systemd-udev-trigger.service \ systemd-udevd-control.socket \ systemd-udevd-kernel.socket \ systemd-udevd.service \ - timers.target + timers.target \ + rescue.target \ + emergency.target add_symlink "/usr/lib/systemd/system/default.target" "initrd.target" add_symlink "/usr/lib/systemd/system/ctrl-alt-del.target" "reboot.target" - # udev wants /etc/group since it doesn't launch with --resolve-names=never - add_file "/etc/nsswitch.conf" add_binary "$(readlink -f /usr/lib/libnss_files.so)" - add_file "/etc/passwd" - add_file "/etc/group" + printf '%s\n' >"$BUILDROOT/etc/nsswitch.conf" \ + 'passwd: files' \ + 'group: files' \ + 'shadow: files' + + echo "root:x:0:0:root:/:/bin/sh" >"$BUILDROOT/etc/passwd" + echo "root:x:0:root" >"$BUILDROOT/etc/group" + echo "root::::::::" >"$BUILDROOT/etc/shadow" + + add_systemd_drop_in systemd-udevd.service resolve-names <"$BUILDROOT/etc/modules-load.d/MODULES.conf" + ) } help() { cat </dev/null; then - echo "==> Warning: setcap failed, falling back to setuid root on /$1" - chmod u+s "$1" - fi -} - add_journal_acls() { # ignore errors, since the filesystem might not support ACLs setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx var/log/journal/ 2>/dev/null : } -maybe_reexec() { - # don't reexec on 209-1 upgrade due to large infrastructural changes. - if [[ $(vercmp 209-1 "$2") -eq 1 ]]; then - echo ':: systemd has not been reexecuted. It is recommended that you' - echo ' reboot at your earliest convenience.' - return - fi - - if sd_booted; then - systemctl --system daemon-reexec - fi -} - -_dir_empty() { - set -- "$1"/* - [[ ! -e $1 && ! -L $1 ]] -} - post_common() { systemd-sysusers - udevadm hwdb --update journalctl --update-catalog } -_204_1_changes() { - printf '==> The /bin/systemd symlink has been removed. Any references in your\n' - printf ' bootloader (or elsewhere) must be updated to /usr/lib/systemd/systemd.\n' -} - -_205_1_changes() { - printf '==> systemd 205 restructures the cgroup hierarchy and changes internal\n' - printf ' protocols. You should reboot at your earliest convenience.\n' -} - -_206_1_changes() { - printf '==> The "timestamp" hook for mkinitcpio no longer exists. If you used\n' - printf ' this hook, you must remove it from /etc/mkinitcpio.conf. A "systemd"\n' - printf ' hook has been added which provides this functionality, and more.\n' -} - -_208_1_changes() { - if [[ -e var/lib/backlight && ! -e var/lib/systemd/backlight ]]; then - mv -T var/lib/backlight var/lib/systemd/backlight - fi - - if [[ -e var/lib/random-seed && ! -e var/lib/systemd/random-seed ]]; then - mv -T var/lib/random-seed var/lib/systemd/random-seed - fi -} - -_208_8_changes() { - add_journal_acls -} - -_209_1_changes() { - # attempt to preserve existing behavior - - local old_rule=etc/udev/rules.d/80-net-name-slot.rules - local new_rule=etc/udev/rules.d/80-net-setup-link.rules - - echo ":: Network device naming is now controlled by udev's net_setup_link" - echo " builtin. Refer to the systemd.link manpage for a full description." - - # not clear what action we can take here, so don't do anything - [[ -e $new_rule ]] && return 0 - - # rename the old rule to the new one so that we preserve the user's - # existing option. - if [[ -e $old_rule ]]; then - printf ':: Renaming %s to %s in order\n' "${old_rule##*/}" "${new_rule##*/}" - printf ' to preserve existing network naming behavior.\n' - mv -v "$old_rule" "$new_rule" - else - echo ':: No changes have been made to your network naming configuration.' - echo ' Interfaces should continue to maintain the same names.' - fi -} - -_210_1_changes() { - if sd_booted; then - # If /etc/systemd/network is non-empty, then this is a 209 user who used - # networkd. Re-enable it for them. - if ! _dir_empty etc/systemd/network; then - systemctl enable systemd-networkd - fi - fi -} - -_213_4_changes() { - if sd_booted; then - # if /etc/resolv.conf is a symlink, just assume that it was being managed - # by systemd-networkd, and re-enable systemd-resolved. - if [[ -L etc/resolv.conf ]]; then - systemctl enable systemd-resolved - fi - fi -} - -_214_2_changes() { - # /run/systemd/network/resolv.conf -> /run/systemd/resolve/resolv.conf - if [[ etc/resolv.conf -ef run/systemd/network/resolv.conf ]]; then - ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf - - if sd_booted; then - if [[ ! -d run/systemd/resolve ]]; then - mkdir run/systemd/resolve - fi - - if [[ -f run/systemd/network/resolv.conf ]]; then - mv run/systemd/{network,resolve}/resolv.conf - fi - fi - fi - - echo ':: coredumps are no longer sent to the journal by default. To re-enable:' - echo ' echo >/etc/sysctl.d/50-coredump.conf \' - echo ' "kernel.core_pattern=|/usr/lib/systemd/systemd-coredump %p %u %g %s %t %e"' -} - -_215_2_changes() { - # create at least the symlink from /etc/os-release to /usr/lib/os-release - systemd-tmpfiles --create etc.conf -} - _216_2_changes() { echo ':: Coredumps are handled by systemd by default. Collection behavior can be' echo ' tuned in /etc/systemd/coredump.conf.' @@ -158,6 +32,27 @@ _219_4_changes() { fi } +_230_1_changes() { + echo ':: systemd-bootchart is no longer included with systemd' +} + +_232_8_changes() { + # paper over possible effects of CVE-2016-10156 + local stamps=(/var/lib/systemd/timers/*.timer) + + if [[ -f ${stamps[0]} ]]; then + chmod 0644 "${stamps[@]}" + fi +} + +_233_75_3_changes() { + # upstream installs services to /etc, which we remove + # to keep bus activation we re-enable systemd-resolved + if systemctl is-enabled -q systemd-resolved.service; then + systemctl reenable systemd-resolved.service 2>/dev/null + fi +} + post_install() { systemd-machine-id-setup @@ -179,25 +74,24 @@ post_install() { post_upgrade() { post_common "$@" - maybe_reexec "$@" - - local v upgrades=(204-1 - 205-1 - 206-1 - 208-1 - 208-8 - 209-1 - 210-1 - 213-4 - 214-2 - 215-2 - 216-2 - 219-2 - 219-4) + # don't reexec if the old version is 231-1 or 231-2. + # https://github.com/systemd/systemd/commit/bd64d82c1c + if [[ $1 != 231-[12] ]] && sd_booted; then + systemctl --system daemon-reexec + fi + + local v upgrades=( + 216-2 + 219-2 + 219-4 + 230-1 + 232-8 + 233.75-3 + ) for v in "${upgrades[@]}"; do if [[ $(vercmp "$v" "$2") -eq 1 ]]; then - "_${v//-/_}_changes" + "_${v//[.-]/_}_changes" fi done } -- cgit v0.12