Date: Monday, December 5, 2016 @ 20:33:52 Author: lcarlier Revision: 198072
archrelease: copy trunk to multilib-x86_64 Added: lib32-systemd/repos/multilib-x86_64/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch (from rev 198071, lib32-systemd/trunk/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch) lib32-systemd/repos/multilib-x86_64/0001-disable-RestrictAddressFamilies-on-i686.patch (from rev 198071, lib32-systemd/trunk/0001-disable-RestrictAddressFamilies-on-i686.patch) lib32-systemd/repos/multilib-x86_64/PKGBUILD (from rev 198071, lib32-systemd/trunk/PKGBUILD) Deleted: lib32-systemd/repos/multilib-x86_64/PKGBUILD -----------------------------------------------------------------+ 0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch | 62 ++ 0001-disable-RestrictAddressFamilies-on-i686.patch | 30 + PKGBUILD | 212 ++++++---- 3 files changed, 223 insertions(+), 81 deletions(-) Copied: lib32-systemd/repos/multilib-x86_64/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch (from rev 198071, lib32-systemd/trunk/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch) =================================================================== --- 0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch (rev 0) +++ 0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch 2016-12-05 20:33:52 UTC (rev 198072) @@ -0,0 +1,62 @@ +From 481712d9ee88395042f0640f272c1f87142bc0a8 Mon Sep 17 00:00:00 2001 +From: Dave Reisner <dreis...@archlinux.org> +Date: Wed, 9 Nov 2016 11:14:03 -0500 +Subject: [PATCH] Revert "nspawn: try to bind mount resolved's resolv.conf + snippet into the container" + +This reverts commit 3539724c26a1b2b00c4eb3c004b635a4b8647de6. +--- + src/nspawn/nspawn.c | 27 ++++++++------------------- + 1 file changed, 8 insertions(+), 19 deletions(-) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index c8b18bc..93df7c6 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -1309,35 +1309,24 @@ static int setup_resolv_conf(const char *dest) { + /* Fix resolv.conf, if possible */ + where = prefix_roota(dest, "/etc/resolv.conf"); + +- if (access("/usr/lib/systemd/resolv.conf", F_OK) >= 0) { +- /* resolved is enabled on the host. In this, case bind mount its static resolv.conf file into the +- * container, so that the container can use the host's resolver. Given that network namespacing is +- * disabled it's only natural of the container also uses the host's resolver. It also has the big +- * advantage that the container will be able to follow the host's DNS server configuration changes +- * transparently. */ +- +- r = mount_verbose(LOG_WARNING, "/usr/lib/systemd/resolv.conf", where, NULL, MS_BIND, NULL); +- if (r >= 0) +- return mount_verbose(LOG_ERR, NULL, where, NULL, +- MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NOSUID|MS_NODEV, NULL); +- } +- +- /* If that didn't work, let's copy the file */ + r = copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW, 0644, 0); + if (r < 0) { +- /* If the file already exists as symlink, let's suppress the warning, under the assumption that +- * resolved or something similar runs inside and the symlink points there. ++ /* If the file already exists as symlink, let's ++ * suppress the warning, under the assumption that ++ * resolved or something similar runs inside and the ++ * symlink points there. + * +- * If the disk image is read-only, there's also no point in complaining. ++ * If the disk image is read-only, there's also no ++ * point in complaining. + */ + log_full_errno(IN_SET(r, -ELOOP, -EROFS) ? LOG_DEBUG : LOG_WARNING, r, +- "Failed to copy /etc/resolv.conf to %s, ignoring: %m", where); ++ "Failed to copy /etc/resolv.conf to %s: %m", where); + return 0; + } + + r = userns_lchown(where, 0, 0); + if (r < 0) +- log_warning_errno(r, "Failed to chown /etc/resolv.conf, ignoring: %m"); ++ log_warning_errno(r, "Failed to chown /etc/resolv.conf: %m"); + + return 0; + } +-- +2.10.2 + Copied: lib32-systemd/repos/multilib-x86_64/0001-disable-RestrictAddressFamilies-on-i686.patch (from rev 198071, lib32-systemd/trunk/0001-disable-RestrictAddressFamilies-on-i686.patch) =================================================================== --- 0001-disable-RestrictAddressFamilies-on-i686.patch (rev 0) +++ 0001-disable-RestrictAddressFamilies-on-i686.patch 2016-12-05 20:33:52 UTC (rev 198072) @@ -0,0 +1,30 @@ +From ff59e06f9423af0532aaeedf931474823f764875 Mon Sep 17 00:00:00 2001 +From: Dave Reisner <dreis...@archlinux.org> +Date: Wed, 9 Nov 2016 08:00:26 -0500 +Subject: [PATCH] disable RestrictAddressFamilies on i686 + +Shit's broke, yo. + +https://github.com/systemd/systemd/issues/4575 +--- + src/core/execute.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/core/execute.c b/src/core/execute.c +index f666f7c..7d09154 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -1254,6 +1254,10 @@ static int apply_address_families(const Unit* u, const ExecContext *c) { + Iterator i; + int r; + ++#if defined(__i386__) ++ return 0; ++#endif ++ + assert(c); + + if (skip_seccomp_unavailable(u, "RestrictAddressFamilies=")) +-- +2.10.2 + Deleted: PKGBUILD =================================================================== --- PKGBUILD 2016-12-05 20:33:43 UTC (rev 198071) +++ PKGBUILD 2016-12-05 20:33:52 UTC (rev 198072) @@ -1,81 +0,0 @@ -# $Id$ -# Maintainer: Dave Reisner <dreis...@archlinux.org> -# Maintainer: Tom Gundersen <t...@jklm.no> - -pkgname=lib32-systemd -_pkgbasename=systemd -pkgver=231 -pkgrel=1 -pkgdesc="system and service manager (32-bit)" -arch=('x86_64') -url="http://www.freedesktop.org/wiki/Software/systemd" -license=('GPL2' 'LGPL2.1') -depends=('lib32-libgcrypt' 'lib32-xz' 'lib32-libcap' 'lib32-acl' 'lib32-libidn' 'lib32-gcc-libs' 'systemd') -makedepends=('lib32-gcc-libs' 'gcc-multilib' 'lib32-libidn' 'lib32-glib2' 'intltool' 'gperf' - 'lib32-curl' 'lib32-bzip2' 'git') -source=("git://github.com/systemd/systemd.git#tag=v$pkgver") -md5sums=('SKIP') - -_backports=( -) - -prepare() { - cd systemd - - if (( ${#_backports[*]} > 0 )); then - git cherry-pick -n "${_backports[@]}" - fi - - ./autogen.sh -} - -build() { - export CC="gcc -m32" - export CXX="g++ -m32" - export PKG_CONFIG_PATH="/usr/lib32/pkgconfig" - - cd systemd - - local timeservers=({0..3}.arch.pool.ntp.org) - - local configure_options=( - --libexecdir=/usr/lib32 - --libdir=/usr/lib32 - --localstatedir=/var - --sysconfdir=/etc - - --disable-audit - --disable-tests - --disable-ima - --disable-seccomp - --disable-pam - --disable-kmod - --disable-networkd - --disable-blkid - --disable-libiptc - --disable-lz4 - --disable-manpages - --without-python - - --with-sysvinit-path= - --with-sysvrcnd-path= - --with-ntp-servers="${timeservers[*]}" - --with-default-dnssec=no - --with-dbuspolicydir=/usr/share/dbus-1/system.d - --without-kill-user-processes - ) - # --disable-libcryptsetup - - ./configure "${configure_options[@]}" - - make -} - -package() { - cd systemd - - make DESTDIR="$pkgdir" install - - rm -rf "${pkgdir}"/{etc,var} - rm -rf "${pkgdir}"/usr/{bin,include,lib,share} -} Copied: lib32-systemd/repos/multilib-x86_64/PKGBUILD (from rev 198071, lib32-systemd/trunk/PKGBUILD) =================================================================== --- PKGBUILD (rev 0) +++ PKGBUILD 2016-12-05 20:33:52 UTC (rev 198072) @@ -0,0 +1,131 @@ +# $Id$ +# Maintainer: Dave Reisner <dreis...@archlinux.org> +# Maintainer: Tom Gundersen <t...@jklm.no> + +pkgname=lib32-systemd +_pkgbasename=systemd +pkgver=232 +pkgrel=1 +pkgdesc="system and service manager (32-bit)" +arch=('x86_64') +url="https://www.github.com/systemd/systemd" +license=('GPL2' 'LGPL2.1') +depends=('lib32-libgcrypt' 'lib32-xz' 'lib32-libcap' 'lib32-gcc-libs' 'systemd') +makedepends=('lib32-gcc-libs' 'gcc-multilib' 'lib32-libidn' 'lib32-glib2' 'intltool' 'gperf' + 'lib32-curl' 'lib32-bzip2' 'git') +options=('strip') +source=("git://github.com/systemd/systemd.git#tag=v$pkgver" + '0001-disable-RestrictAddressFamilies-on-i686.patch' + '0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch') +md5sums=('SKIP' + '9536d399938a48fbf38c24e322f4f078' + '2f324d6ddd4fd78b73d453044292b9b1') +validpgpkeys=( + '63CDA1E5D3FC22B998D20DD6327F26951A015CC4' # Lennart Poettering +) + +_backports=( + '843d5baf6aad6c53fc00ea8d95d83209a4f92de1' # core: don't use the unified hierarchy for the systemd cgroup yet (#4628) + 'abd67ce74858491565cde157c7b08fda43d3279c' # basic/virt: fix userns check on CONFIG_USER_NS=n kernel (#4651) + '4318abe8d26e969ebdb97744a63ab900233a0185' # build-sys: do not install ctrl-alt-del.target symlink twice + 'd112eae7da77899be245ab52aa1747d4675549f1' # device: Avoid calling unit_free(NULL) in device setup logic (#4748) +) + +_validate_tag() { + local success fingerprint trusted status tag=v$pkgver + + parse_gpg_statusfile /dev/stdin < <(git verify-tag --raw "$tag" 2>&1) + + if (( ! success )); then + error 'failed to validate tag %s\n' "$tag" + return 1 + fi + + if ! in_array "$fingerprint" "${validpgpkeys[@]}" && (( ! trusted )); then + error 'unknown or untrusted public key: %s\n' "$fingerprint" + return 1 + fi + + case $status in + 'expired') + warning 'the signature has expired' + ;; + 'expiredkey') + warning 'the key has expired' + ;; + esac + + return 0 +} + +prepare() { + cd systemd + + _validate_tag || return + + if (( ${#_backports[*]} > 0 )); then + git cherry-pick -n "${_backports[@]}" + fi + + # these patches aren't upstream, but they make v232 more useable. + + # https://github.com/systemd/systemd/issues/4575 + patch -Np1 <../0001-disable-RestrictAddressFamilies-on-i686.patch + + # https://github.com/systemd/systemd/issues/4595 + # https://github.com/systemd/systemd/issues/3826 + patch -Np1 <../0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch + + ./autogen.sh +} + +build() { + export CC="gcc -m32" + export CXX="g++ -m32" + export PKG_CONFIG_PATH="/usr/lib32/pkgconfig" + + cd systemd + + local timeservers=({0..3}.arch.pool.ntp.org) + + local configure_options=( + --libexecdir=/usr/lib32 + --libdir=/usr/lib32 + --localstatedir=/var + --sysconfdir=/etc + + --disable-audit + --disable-tests + --disable-ima + --disable-seccomp + --disable-pam + --disable-kmod + --disable-networkd + --disable-blkid + --disable-libiptc + --disable-lz4 + --disable-manpages + --without-python + + --with-sysvinit-path= + --with-sysvrcnd-path= + --with-ntp-servers="${timeservers[*]}" + --with-default-dnssec=no + --with-dbuspolicydir=/usr/share/dbus-1/system.d + --without-kill-user-processes + ) + # --disable-libcryptsetup + + ./configure "${configure_options[@]}" + + make +} + +package() { + cd systemd + + make DESTDIR="$pkgdir" install + + rm -rf "${pkgdir}"/{etc,var} + rm -rf "${pkgdir}"/usr/{bin,include,lib,share} +}