Christian Hesse pushed to branch main at Arch Linux / Packaging / Packages / systemd
Commits: 147c2142 by Mike Yuan at 2024-09-13T21:19:25+02:00 systemd-hook: use systemd-notify --booted to detect if systemd is running - - - - - 81e7545c by Mike Yuan at 2024-09-13T22:03:39+02:00 systemd.install: stop applying ACL ourselves This can easily go out of sync with upstream, and the current rule leads to "execute" bit being set on journal files in addition to dirs, which is spurious. The systemd-tmpfiles ALPM hook would take care of this properly. See also: https://github.com/systemd/systemd/pull/34410 - - - - - 14e6d27d by Mike Yuan at 2024-09-13T22:03:39+02:00 build: drop deprecated default-hierarchy option - - - - - 65363cc5 by Mike Yuan at 2024-09-13T22:03:40+02:00 build: explicitly enable vmlinux-h=generated By default (auto), part of eBPF functionality would be disabled if vmlinux.h cannot be obtained. Let's explicitly opt-in, so that the build in such case fails rather than silently continuing with degraded feature set. - - - - - 83edb524 by Mike Yuan at 2024-09-13T22:05:14+02:00 build: set ssh privsep dir to /usr/share/empty.sshd An accompanying change has been merged into openssh pkg: https://gitlab.archlinux.org/archlinux/packaging/packages/openssh/-/commit/c58e50d7339e03d469f3b2eaf66385f3d0b838e2 - - - - - 3 changed files: - PKGBUILD - systemd-hook - systemd.install Changes: ===================================== PKGBUILD ===================================== @@ -141,13 +141,14 @@ build() { -Dman=enabled -Dnscd=false -Dselinux=disabled + -Dsshdprivsepdir=/usr/share/empty.sshd + -Dvmlinux-h=generated # We disable DNSSEC by default, it still causes trouble: # https://github.com/systemd/systemd/issues/10579 -Ddbuspolicydir=/usr/share/dbus-1/system.d -Ddefault-dnssec=no - -Ddefault-hierarchy=unified -Ddefault-kill-user-processes=false -Ddefault-locale='C.UTF-8' -Dlocalegen-path=/usr/bin/locale-gen ===================================== systemd-hook ===================================== @@ -1,6 +1,6 @@ #!/bin/sh -e -is_chrooted() { +skip_chrooted() { if systemd-detect-virt --chroot; then echo >&2 " Skipped: Running in chroot." exit 0 @@ -8,15 +8,17 @@ is_chrooted() { } systemd_live() { - is_chrooted - if [ ! -d /run/systemd/system ]; then + skip_chrooted + + if ! systemd-notify --booted &>/dev/null; then echo >&2 " Skipped: Current root is not booted." exit 0 fi } udevd_live() { - is_chrooted + skip_chrooted + if [ ! -S /run/udev/control ]; then echo >&2 " Skipped: Device manager is not running." exit 0 ===================================== systemd.install ===================================== @@ -4,12 +4,6 @@ sd_booted() { [[ -d run/systemd/system && ! -L run/systemd/system ]] } -add_journal_acls() { - # ignore errors, since the filesystem might not support ACLs - setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx var/log/journal/ 2>/dev/null - : -} - post_common() { systemd-sysusers journalctl --update-catalog @@ -24,8 +18,6 @@ post_install() { post_common "$@" - add_journal_acls - # enable some services by default, but don't track them systemctl enable \ [email protected] \ View it on GitLab: https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/compare/010bc3c05c46e0a6a24dc15d33426a132d9b8edd...83edb5244e9ea0363268467452f8540b58be9f28 -- View it on GitLab: https://gitlab.archlinux.org/archlinux/packaging/packages/systemd/-/compare/010bc3c05c46e0a6a24dc15d33426a132d9b8edd...83edb5244e9ea0363268467452f8540b58be9f28 You're receiving this email because of your account on gitlab.archlinux.org.
