Hello,
I've updated the systemd package, because the current version of
GDM excepts a more recent systemd version, as it is discussed in this
issue: https://labs.parabola.nu/issues/3740
While trying to update PKGBUILD and make the package, I had problem
with this line:
> mv "$pkgdir"/usr/lib/systemd/libsystemd-shared-${pkgver}-{*,${pkgrel..
It was trying to move a file to the same file, which causes an error,
so I had comment it out.
From 6f12f846010f94a754495883fa514d63d68cbd07 Mon Sep 17 00:00:00 2001
From: Martin Sotirov <[email protected]>
Date: Thu, 20 Nov 2025 10:22:37 +0900
Subject: [PATCH] Update systemd to 258.2-2
---
...-Use-Arch-Linux-device-access-groups.patch | 28 +-
...-Systemd-Boot-Manager-instead-of-Lin.patch | 26 +-
...Default-PRETTY_NAME-to-GNU-Linux-ins.patch | 57 +--
...Default-NAME-to-GNU-Linux-instead-of.patch | 2 +-
...Default-ID-to-gnu-linux-instead-of-l.patch | 34 +-
...olved-Fallback-hostname-to-gnu-linux.patch | 24 +-
...man-Mention-Parabola-instead-of-Arch.patch | 19 +-
...to-the-operating-system-as-GNU-Linux.patch | 326 +++++++-----------
libre/systemd/PKGBUILD | 62 ++--
libre/systemd/REUSE.toml | 33 ++
libre/systemd/loader.conf | 2 +-
libre/systemd/systemd-hook | 10 +-
libre/systemd/systemd-user.pam | 11 +-
13 files changed, 263 insertions(+), 371 deletions(-)
create mode 100644 libre/systemd/REUSE.toml
diff --git a/libre/systemd/0001-Use-Arch-Linux-device-access-groups.patch b/libre/systemd/0001-Use-Arch-Linux-device-access-groups.patch
index 79c23585b..e328c0ab6 100644
--- a/libre/systemd/0001-Use-Arch-Linux-device-access-groups.patch
+++ b/libre/systemd/0001-Use-Arch-Linux-device-access-groups.patch
@@ -1,4 +1,4 @@
-From dfdd57b81916ac4c9a69b4c4400a9145d9746e9f Mon Sep 17 00:00:00 2001
+From 24112f5adb393febab43dbff3a8533146b25d7a3 Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <[email protected]>
Date: Tue, 6 Mar 2018 23:39:47 +0100
Subject: [PATCH] Use Arch Linux' device access groups
@@ -14,14 +14,15 @@ Subject: [PATCH] Use Arch Linux' device access groups
4 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/meson.build b/meson.build
-index d392610625..ab8689da68 100644
+index e87c8ea2ec..8f56e87b68 100644
--- a/meson.build
+++ b/meson.build
-@@ -940,19 +940,19 @@ conf.set_quoted('NOBODY_GROUP_NAME', nobody_group)
+@@ -949,20 +949,20 @@ conf.set_quoted('NOBODY_GROUP_NAME', nobody_group)
static_ugids = []
foreach option : ['adm-gid',
'audio-gid',
- 'cdrom-gid',
+ 'clock-gid',
- 'dialout-gid',
'disk-gid',
'input-gid',
@@ -41,21 +42,23 @@ index d392610625..ab8689da68 100644
'wheel-gid',
'systemd-journal-gid',
diff --git a/meson_options.txt b/meson_options.txt
-index 78ec25bfa3..0ac81db762 100644
+index c616f23297..3999595c2f 100644
--- a/meson_options.txt
+++ b/meson_options.txt
-@@ -287,10 +287,6 @@ option('adm-gid', type : 'integer', value : 0,
+@@ -289,12 +289,8 @@ option('adm-gid', type : 'integer', value : 0,
description : 'soft-static allocation for the "adm" group')
option('audio-gid', type : 'integer', value : 0,
description : 'soft-static allocation for the "audio" group')
-option('cdrom-gid', type : 'integer', value : 0,
- description : 'soft-static allocation for the "cdrom" group')
+ option('clock-gid', type : 'integer', value : 0,
+ description : 'soft-static allocation for the "clock" group')
-option('dialout-gid', type : 'integer', value : 0,
- description : 'soft-static allocation for the "dialout" group')
option('disk-gid', type : 'integer', value : 0,
description : 'soft-static allocation for the "disk" group')
option('input-gid', type : 'integer', value : 0,
-@@ -301,18 +297,22 @@ option('kvm-gid', type : 'integer', value : 0,
+@@ -305,18 +301,22 @@ option('kvm-gid', type : 'integer', value : 0,
description : 'soft-static allocation for the "kvm" group')
option('lp-gid', type : 'integer', value : 0,
description : 'soft-static allocation for the "lp" group')
@@ -81,19 +84,19 @@ index 78ec25bfa3..0ac81db762 100644
description : 'soft-static allocation for the "video" group')
option('wheel-gid', type : 'integer', value : 0,
diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
-index 6f80feeecf..40c1bf3dbc 100644
+index 078a78ad1a..c54ef92943 100644
--- a/rules.d/50-udev-default.rules.in
+++ b/rules.d/50-udev-default.rules.in
-@@ -39,7 +39,7 @@ SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666"
+@@ -41,7 +41,7 @@ SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666"
SUBSYSTEM=="tty", KERNEL=="tty", GROUP="tty", MODE="0666"
- SUBSYSTEM=="tty", KERNEL=="tty[0-9]*|hvc[0-9]*|sclp_line[0-9]*|ttysclp[0-9]*|3270/tty[0-9]*", GROUP="tty", MODE="0620"
+ SUBSYSTEM=="tty", KERNEL=="tty[0-9]*|hvc[0-9]*|sclp_line[0-9]*|ttysclp[0-9]*|3270/tty[0-9]*", GROUP="tty", MODE="{{TTY_MODE}}"
SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", GROUP="tty"
-KERNEL=="tty[A-Z]*[0-9]|ttymxc[0-9]*|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="dialout"
+KERNEL=="tty[A-Z]*[0-9]|ttymxc[0-9]*|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", GROUP="uucp"
SUBSYSTEM=="mem", KERNEL=="mem|kmem|port", GROUP="kmem", MODE="0640"
-@@ -86,13 +86,13 @@ KERNEL=="irlpt[0-9]*", GROUP="lp"
+@@ -88,13 +88,13 @@ KERNEL=="irlpt[0-9]*", GROUP="lp"
SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0701??:*", GROUP="lp"
SUBSYSTEM=="block", GROUP="disk"
@@ -114,14 +117,15 @@ index 6f80feeecf..40c1bf3dbc 100644
KERNEL=="qft[0-9]*|nqft[0-9]*|zqft[0-9]*|nzqft[0-9]*|rawqft[0-9]*|nrawqft[0-9]*", GROUP="disk"
KERNEL=="loop-control", GROUP="disk", OPTIONS+="static_node=loop-control"
diff --git a/sysusers.d/basic.conf.in b/sysusers.d/basic.conf.in
-index 992af346ca..86e622e5dd 100644
+index 503a4c4dac..0052690d97 100644
--- a/sysusers.d/basic.conf.in
+++ b/sysusers.d/basic.conf.in
-@@ -24,17 +24,17 @@ g utmp {{UTMP_GID }} - -
+@@ -24,18 +24,18 @@ g utmp {{UTMP_GID }} - -
# Physical and virtual hardware access groups
g audio {{AUDIO_GID }} - -
-g cdrom {{CDROM_GID }} - -
+ g clock {{CLOCK_GID }} - -
-g dialout {{DIALOUT_GID}} - -
g disk {{DISK_GID }} - -
g input {{INPUT_GID }} - -
diff --git a/libre/systemd/9001-FSDG-bootctl-Say-Systemd-Boot-Manager-instead-of-Lin.patch b/libre/systemd/9001-FSDG-bootctl-Say-Systemd-Boot-Manager-instead-of-Lin.patch
index f3b91fadf..9a4d4c5b6 100644
--- a/libre/systemd/9001-FSDG-bootctl-Say-Systemd-Boot-Manager-instead-of-Lin.patch
+++ b/libre/systemd/9001-FSDG-bootctl-Say-Systemd-Boot-Manager-instead-of-Lin.patch
@@ -1,19 +1,8 @@
-From 0ea7d667604ee7e300ba2addf82455f500912013 Mon Sep 17 00:00:00 2001
-From: Luke Shumaker <[email protected]>
-Date: Sat, 17 Dec 2016 00:56:43 -0500
-Subject: [PATCH 1/7] FSDG: bootctl: Say "Systemd Boot Manager" instead of
- "Linux Boot Manager"
-
----
- man/bootctl.xml | 6 +++---
- src/boot/bootctl-install.c | 2 +-
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
diff --git a/man/bootctl.xml b/man/bootctl.xml
-index d5ded286cc..e1a2936b2e 100644
+index cbe735437fd..d2699776357 100644
--- a/man/bootctl.xml
+++ b/man/bootctl.xml
-@@ -475,10 +475,10 @@
+@@ -511,10 +511,10 @@
<varlistentry>
<term><option>--efi-boot-option-description=</option></term>
@@ -25,8 +14,8 @@ index d5ded286cc..e1a2936b2e 100644
+ <para>Using the default entry name <literal>Systemd Boot Manager</literal> is generally preferable as only
one bootloader installed to a single ESP partition should be used to boot any number of OS installations
found on the various disks installed in the system. Specifically distributions should not use this flag
- to install a branded entry in the boot option list. However in situations with multiple disks, each with
-@@ -570,7 +570,7 @@ Available Boot Loaders on ESP:
+ to install a branded entry in the boot option list. However, in situations with multiple disks, each with
+@@ -635,7 +635,7 @@ Available Boot Loaders on ESP:
File: ââ/EFI/BOOT/BOOTX64.EFI (systemd-boot 251
Boot Loaders Listed in EFI Variables:
@@ -36,10 +25,10 @@ index d5ded286cc..e1a2936b2e 100644
Status: active, boot-order
Partition: /dev/disk/by-partuuid/â¦
diff --git a/src/bootctl/bootctl-install.c b/src/bootctl/bootctl-install.c
-index dc46d30c5b..d907926f2a 100644
+index 0a2fb1888ba..0ab9caaf236 100644
--- a/src/bootctl/bootctl-install.c
+++ b/src/bootctl/bootctl-install.c
-@@ -683,7 +683,7 @@ static int remove_from_order(uint16_t slot) {
+@@ -870,7 +870,7 @@ static int remove_from_order(uint16_t slot) {
}
static const char *pick_efi_boot_option_description(void) {
@@ -48,6 +37,3 @@ index dc46d30c5b..d907926f2a 100644
}
static int install_variables(
---
-2.45.2
-
diff --git a/libre/systemd/9002-FSDG-os-release-Default-PRETTY_NAME-to-GNU-Linux-ins.patch b/libre/systemd/9002-FSDG-os-release-Default-PRETTY_NAME-to-GNU-Linux-ins.patch
index 7108a3f4e..8c1c59357 100644
--- a/libre/systemd/9002-FSDG-os-release-Default-PRETTY_NAME-to-GNU-Linux-ins.patch
+++ b/libre/systemd/9002-FSDG-os-release-Default-PRETTY_NAME-to-GNU-Linux-ins.patch
@@ -1,21 +1,5 @@
-From b9c335f8a95094e5fd31a90a0f67613c0081e604 Mon Sep 17 00:00:00 2001
-From: Luke Shumaker <[email protected]>
-Date: Wed, 25 May 2016 12:23:40 -0400
-Subject: [PATCH 2/7] FSDG: os-release: Default PRETTY_NAME to "GNU/Linux"
- instead of "Linux"
-
----
- man/check-os-release-simple.py | 2 +-
- man/check-os-release.py | 2 +-
- man/check-os-release.sh | 2 +-
- man/kernel-install.xml | 4 ++--
- man/os-release.xml | 2 +-
- src/basic/os-util.c | 2 +-
- src/kernel-install/90-loaderentry.install.in | 2 +-
- 7 files changed, 8 insertions(+), 8 deletions(-)
-
diff --git a/man/check-os-release-simple.py b/man/check-os-release-simple.py
-index ce73c77b14..9ad899a814 100644
+index ce73c77b14a..9ad899a8148 100755
--- a/man/check-os-release-simple.py
+++ b/man/check-os-release-simple.py
@@ -4,7 +4,7 @@
@@ -28,7 +12,7 @@ index ce73c77b14..9ad899a814 100644
if 'fedora' in [os_release.get('ID', 'linux'),
diff --git a/man/check-os-release.py b/man/check-os-release.py
-index 19b193ec76..373b77ed06 100644
+index 19b193ec76a..373b77ed065 100755
--- a/man/check-os-release.py
+++ b/man/check-os-release.py
@@ -29,7 +29,7 @@ def read_os_release():
@@ -41,7 +25,7 @@ index 19b193ec76..373b77ed06 100644
if 'debian' in [os_release.get('ID', 'linux'),
diff --git a/man/check-os-release.sh b/man/check-os-release.sh
-index 12f7ee12cc..084647a38b 100644
+index 12f7ee12cc5..084647a38b0 100644
--- a/man/check-os-release.sh
+++ b/man/check-os-release.sh
@@ -4,7 +4,7 @@
@@ -54,19 +38,19 @@ index 12f7ee12cc..084647a38b 100644
if [ "${ID:-linux}" = "debian" ] || [ "${ID_LIKE#*debian*}" != "${ID_LIKE}" ]; then
echo "Looks like Debian!"
diff --git a/man/kernel-install.xml b/man/kernel-install.xml
-index f3468bbde0..163e233489 100644
+index 0603292c3ef..13e054bf49c 100644
--- a/man/kernel-install.xml
+++ b/man/kernel-install.xml
-@@ -140,7 +140,7 @@
- <filename>$BOOT/loader/entries/<replaceable>ENTRY-TOKEN</replaceable>-<replaceable>KERNEL-VERSION</replaceable>.conf</filename>.
- The title of the entry is the <replaceable>PRETTY_NAME</replaceable> parameter specified in
- <filename>/etc/os-release</filename> or <filename>/usr/lib/os-release</filename> (if the former
-- is missing), or "Linux <replaceable>KERNEL-VERSION</replaceable>", if unset.</para>
-+ is missing), or "GNU/Linux <replaceable>KERNEL-VERSION</replaceable>", if unset.</para>
+@@ -146,7 +146,7 @@
+ <filename>$BOOT/loader/entries/<replaceable>ENTRY-TOKEN</replaceable>-<replaceable>KERNEL-VERSION</replaceable>.conf</filename>.
+ The title of the entry is the <replaceable>PRETTY_NAME</replaceable> parameter specified in
+ <filename>/etc/os-release</filename> or <filename>/usr/lib/os-release</filename> (if the
+- former is missing), or "Linux <replaceable>KERNEL-VERSION</replaceable>", if unset.</para>
++ former is missing), or "GNU/Linux <replaceable>KERNEL-VERSION</replaceable>", if unset.</para>
- <para>If <varname>$KERNEL_INSTALL_LAYOUT</varname> is not "bls", this plugin does nothing.</para></listitem>
-
-@@ -640,7 +640,7 @@
+ <para>If <varname>$KERNEL_INSTALL_LAYOUT</varname> is not "bls", this plugin does nothing.</para>
+ </listitem>
+@@ -694,7 +694,7 @@
<listitem>
<para>Read by <filename>90-loaderentry.install</filename>. If available,
<varname>PRETTY_NAME=</varname> is read from these files and used as the title of the boot menu
@@ -76,10 +60,10 @@ index f3468bbde0..163e233489 100644
<xi:include href="version-info.xml" xpointer="v198"/>
diff --git a/man/os-release.xml b/man/os-release.xml
-index afdb21fc57..a1f0bbb9f4 100644
+index 0c9b3de493b..4909d5b76ce 100644
--- a/man/os-release.xml
+++ b/man/os-release.xml
-@@ -190,7 +190,7 @@
+@@ -191,7 +191,7 @@
<listitem><para>A pretty operating system name in a format suitable for presentation to the
user. May or may not contain a release code name or OS version of some kind, as suitable. If not
@@ -89,10 +73,10 @@ index afdb21fc57..a1f0bbb9f4 100644
<para>Example: <literal>PRETTY_NAME="Fedora 17 (Beefy Miracle)"</literal>.</para></listitem>
</varlistentry>
diff --git a/src/basic/os-util.c b/src/basic/os-util.c
-index 79f641b364..efbb08c985 100644
+index c04f86893cc..fb3ad6412dc 100644
--- a/src/basic/os-util.c
+++ b/src/basic/os-util.c
-@@ -476,5 +476,5 @@ const char *os_release_pretty_name(const char *pretty_name, const char *name) {
+@@ -503,5 +503,5 @@ const char* os_release_pretty_name(const char *pretty_name, const char *name) {
* exists mostly to ensure we use the same logic wherever possible. */
return empty_to_null(pretty_name) ?:
@@ -100,10 +84,10 @@ index 79f641b364..efbb08c985 100644
+ empty_to_null(name) ?: "GNU/Linux";
}
diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in
-index 766d321595..56775e63d0 100755
+index 6945a0fd288..a126063f779 100755
--- a/src/kernel-install/90-loaderentry.install.in
+++ b/src/kernel-install/90-loaderentry.install.in
-@@ -66,7 +66,7 @@ elif [ -f /usr/lib/os-release ]; then
+@@ -75,7 +75,7 @@ elif [ -f /usr/lib/os-release ]; then
. /usr/lib/os-release
fi
@@ -112,6 +96,3 @@ index 766d321595..56775e63d0 100755
SORT_KEY="$IMAGE_ID"
[ -z "$SORT_KEY" ] && SORT_KEY="$ID"
---
-2.45.2
-
diff --git a/libre/systemd/9003-FSDG-os-release-Default-NAME-to-GNU-Linux-instead-of.patch b/libre/systemd/9003-FSDG-os-release-Default-NAME-to-GNU-Linux-instead-of.patch
index c34349309..354b66950 100644
--- a/libre/systemd/9003-FSDG-os-release-Default-NAME-to-GNU-Linux-instead-of.patch
+++ b/libre/systemd/9003-FSDG-os-release-Default-NAME-to-GNU-Linux-instead-of.patch
@@ -12,7 +12,7 @@ diff --git a/man/os-release.xml b/man/os-release.xml
index a1f0bbb9f4..f5167c6af0 100644
--- a/man/os-release.xml
+++ b/man/os-release.xml
-@@ -146,7 +146,7 @@
+@@ -147,7 +147,7 @@
<term><varname>NAME=</varname></term>
<listitem><para>A string identifying the operating system, without a version component, and
diff --git a/libre/systemd/9004-FSDG-os-release-Default-ID-to-gnu-linux-instead-of-l.patch b/libre/systemd/9004-FSDG-os-release-Default-ID-to-gnu-linux-instead-of-l.patch
index a33f31ec5..e93f2126f 100644
--- a/libre/systemd/9004-FSDG-os-release-Default-ID-to-gnu-linux-instead-of-l.patch
+++ b/libre/systemd/9004-FSDG-os-release-Default-ID-to-gnu-linux-instead-of-l.patch
@@ -1,24 +1,9 @@
-From 27d6039270fe98df9a6b49ca53324b9acf8a7264 Mon Sep 17 00:00:00 2001
-From: Luke Shumaker <[email protected]>
-Date: Wed, 25 May 2016 12:28:30 -0400
-Subject: [PATCH 4/7] FSDG: os-release: Default ID to "gnu-linux" instead of
- "linux"
-
-As far as I can tell, no code in this repository actually uses the ID
-field, so this is just a man page change.
----
- man/check-os-release-simple.py | 2 +-
- man/check-os-release.py | 2 +-
- man/check-os-release.sh | 2 +-
- man/os-release.xml | 2 +-
- 4 files changed, 4 insertions(+), 4 deletions(-)
-
diff --git a/man/check-os-release-simple.py b/man/check-os-release-simple.py
-index 9ad899a814..63ea424891 100644
+index ce73c77b14a..3efbe4475c5 100755
--- a/man/check-os-release-simple.py
+++ b/man/check-os-release-simple.py
@@ -7,6 +7,6 @@ os_release = platform.freedesktop_os_release()
- pretty_name = os_release.get('PRETTY_NAME', 'GNU/Linux')
+ pretty_name = os_release.get('PRETTY_NAME', 'Linux')
print(f'Running on {pretty_name!r}')
-if 'fedora' in [os_release.get('ID', 'linux'),
@@ -26,11 +11,11 @@ index 9ad899a814..63ea424891 100644
*os_release.get('ID_LIKE', '').split()]:
print('Looks like Fedora!')
diff --git a/man/check-os-release.py b/man/check-os-release.py
-index 373b77ed06..09aebd7a4f 100644
+index 19b193ec76a..42d2b476da4 100755
--- a/man/check-os-release.py
+++ b/man/check-os-release.py
@@ -32,6 +32,6 @@ os_release = dict(read_os_release())
- pretty_name = os_release.get('PRETTY_NAME', 'GNU/Linux')
+ pretty_name = os_release.get('PRETTY_NAME', 'Linux')
print(f'Running on {pretty_name!r}')
-if 'debian' in [os_release.get('ID', 'linux'),
@@ -38,22 +23,22 @@ index 373b77ed06..09aebd7a4f 100644
*os_release.get('ID_LIKE', '').split()]:
print('Looks like Debian!')
diff --git a/man/check-os-release.sh b/man/check-os-release.sh
-index 084647a38b..c02b4e6743 100644
+index 12f7ee12cc5..d90aaad7e3a 100644
--- a/man/check-os-release.sh
+++ b/man/check-os-release.sh
@@ -6,6 +6,6 @@ test -e /etc/os-release && os_release='/etc/os-release' || os_release='/usr/lib/
- echo "Running on ${PRETTY_NAME:-GNU/Linux}"
+ echo "Running on ${PRETTY_NAME:-Linux}"
-if [ "${ID:-linux}" = "debian" ] || [ "${ID_LIKE#*debian*}" != "${ID_LIKE}" ]; then
+if [ "${ID:-gnu-linux}" = "debian" ] || [ "${ID_LIKE#*debian*}" != "${ID_LIKE}" ]; then
echo "Looks like Debian!"
fi
diff --git a/man/os-release.xml b/man/os-release.xml
-index f5167c6af0..e5a797489c 100644
+index 0c9b3de493b..1978b9e038d 100644
--- a/man/os-release.xml
+++ b/man/os-release.xml
-@@ -159,7 +159,7 @@
+@@ -160,7 +160,7 @@
<listitem><para>A lower-case string (no spaces or other characters outside of 0â9, aâz, ".", "_"
and "-") identifying the operating system, excluding any version information and suitable for
processing by scripts or usage in generated filenames. If not set, a default of
@@ -62,6 +47,3 @@ index f5167c6af0..e5a797489c 100644
characters that require shell quoting, quoting may nevertheless be used.</para>
<para>Examples: <literal>ID=fedora</literal>, <literal>ID=debian</literal>.</para></listitem>
---
-2.45.2
-
diff --git a/libre/systemd/9005-FSDG-systemd-resolved-Fallback-hostname-to-gnu-linux.patch b/libre/systemd/9005-FSDG-systemd-resolved-Fallback-hostname-to-gnu-linux.patch
index 1fc504705..30faa1de9 100644
--- a/libre/systemd/9005-FSDG-systemd-resolved-Fallback-hostname-to-gnu-linux.patch
+++ b/libre/systemd/9005-FSDG-systemd-resolved-Fallback-hostname-to-gnu-linux.patch
@@ -1,19 +1,8 @@
-From 75ea90fc45e5d404ca7e2495b175f77c906ac7bb Mon Sep 17 00:00:00 2001
-From: Luke Shumaker <[email protected]>
-Date: Wed, 25 May 2016 12:31:20 -0400
-Subject: [PATCH 5/7] FSDG: systemd-resolved: Fallback hostname to "gnu-linux"
- instead of "linux"
-
----
- man/hostname.xml | 2 +-
- src/resolve/resolved-manager.c | 4 ++--
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
diff --git a/man/hostname.xml b/man/hostname.xml
-index 746de21cd1..8960cf4a06 100644
+index 76acb8d7a5c..42f213b9b0d 100644
--- a/man/hostname.xml
+++ b/man/hostname.xml
-@@ -79,7 +79,7 @@
+@@ -86,7 +86,7 @@
<listitem><para>Otherwise, a fallback hostname configured at compilation time will be used
(<literal>&FALLBACK_HOSTNAME;</literal>).</para></listitem>
@@ -23,10 +12,10 @@ index 746de21cd1..8960cf4a06 100644
<para>Effectively, the static hostname has higher priority than a transient hostname, which has higher
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c
-index 99787f7822..ca24918041 100644
+index d256804dbc1..d75f784ed1b 100644
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
-@@ -374,7 +374,7 @@ static int determine_hostnames(char **full_hostname, char **llmnr_hostname, char
+@@ -436,7 +436,7 @@ static int determine_hostnames(char **full_hostname, char **llmnr_hostname, char
static char* fallback_hostname(void) {
/* Determine the fall back hostname. For exposing this system to the outside world, we cannot have it
@@ -35,7 +24,7 @@ index 99787f7822..ca24918041 100644
* instead. */
_cleanup_free_ char *n = get_default_hostname();
-@@ -382,7 +382,7 @@ static char* fallback_hostname(void) {
+@@ -444,7 +444,7 @@ static char* fallback_hostname(void) {
return NULL;
if (is_localhost(n))
@@ -44,6 +33,3 @@ index 99787f7822..ca24918041 100644
return TAKE_PTR(n);
}
---
-2.45.2
-
diff --git a/libre/systemd/9006-FSDG-man-Mention-Parabola-instead-of-Arch.patch b/libre/systemd/9006-FSDG-man-Mention-Parabola-instead-of-Arch.patch
index de4fc68a7..524af2b1f 100644
--- a/libre/systemd/9006-FSDG-man-Mention-Parabola-instead-of-Arch.patch
+++ b/libre/systemd/9006-FSDG-man-Mention-Parabola-instead-of-Arch.patch
@@ -1,20 +1,8 @@
-From d57a9ce4ea98bf3290823573711a1e2d1264aa99 Mon Sep 17 00:00:00 2001
-From: Luke Shumaker <[email protected]>
-Date: Wed, 25 May 2016 12:32:21 -0400
-Subject: [PATCH 6/7] FSDG: man/: Mention Parabola instead of Arch
-
-Ideally, we'd use FSDG distros for all of the examples, but doing so is
-beyond my knowledge. Bill Auger and I have agreed to not remove examples
-for non-FSDG distros that don't have a replacement.
----
- man/systemd-nspawn.xml | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
-index 2645a6b217..e7ceb94012 100644
+index ed0acc69371..9765cd9c924 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
-@@ -1869,13 +1869,13 @@ After=sys-subsystem-net-devices-ens1.device</programlisting>
+@@ -1969,13 +1969,13 @@ After=sys-subsystem-net-devices-ens1.device</programlisting>
<example>
<title>Boot a minimal
@@ -33,6 +21,3 @@ index 2645a6b217..e7ceb94012 100644
in a namespace container in it.</para>
</example>
---
-2.45.2
-
diff --git a/libre/systemd/9007-FSDG-man-Refer-to-the-operating-system-as-GNU-Linux.patch b/libre/systemd/9007-FSDG-man-Refer-to-the-operating-system-as-GNU-Linux.patch
index 5fd878975..85fb2a48e 100644
--- a/libre/systemd/9007-FSDG-man-Refer-to-the-operating-system-as-GNU-Linux.patch
+++ b/libre/systemd/9007-FSDG-man-Refer-to-the-operating-system-as-GNU-Linux.patch
@@ -1,76 +1,5 @@
-From fa2461713fbb68a1297f9cf0f86e88fbf3a8ab32 Mon Sep 17 00:00:00 2001
-From: Luke Shumaker <[email protected]>
-Date: Wed, 25 May 2016 12:19:20 -0400
-Subject: [PATCH 7/7] FSDG: man/: Refer to the operating system as GNU/Linux
-
-... and say "Linux kernel" when we explicitly mean the kernel and not the
-whole system.
-
-I use the following command to search for instances I might want to replace:
-
- git grep -w Linux man|sed -E 's,(EFI/Linux|GNU/Linux|Fedora Linux|Arch Linux|User-mode Linux|Windows Subsystem for Linux|Linux[- ]kernel|Linux KVM|Linux container|Linux[_ ]Security[_ ]Module),,g'|grep Linux
-
-There are still a few false-positives in that output.
----
- man/bootup.xml | 2 +-
- man/daemon.xml | 10 ++++----
- man/homectl.xml | 2 +-
- man/hostnamectl.xml | 4 ++--
- man/journald.conf.xml | 2 +-
- man/machinectl.xml | 4 ++--
- man/org.freedesktop.machine1.xml | 2 +-
- man/org.freedesktop.resolve1.xml | 8 +++----
- man/org.freedesktop.systemd1.xml | 2 +-
- man/os-release.xml | 2 +-
- man/pam_systemd_home.xml | 2 +-
- man/portablectl.xml | 2 +-
- man/repart.d.xml | 2 +-
- man/sd-bus-errors.xml | 2 +-
- man/sd-event.xml | 2 +-
- man/sd-id128.xml | 2 +-
- man/sd_bus_error_add_map.xml | 2 +-
- man/sd_bus_get_name_machine_id.xml | 2 +-
- man/sd_event_add_io.xml | 2 +-
- man/sd_event_set_signal_exit.xml | 2 +-
- man/sd_id128_to_string.xml | 2 +-
- man/sd_is_fifo.xml | 2 +-
- man/sd_notify.xml | 2 +-
- man/sd_uid_get_state.xml | 2 +-
- man/systemd-analyze.xml | 2 +-
- man/systemd-boot.xml | 2 +-
- man/systemd-cgls.xml | 2 +-
- man/systemd-cgtop.xml | 2 +-
- man/systemd-cryptenroll.xml | 2 +-
- man/systemd-detect-virt.xml | 8 +++----
- man/systemd-dissect.xml | 2 +-
- man/systemd-machine-id-setup.xml | 2 +-
- man/systemd-nspawn.xml | 6 ++---
- man/systemd-nsresourced.service.xml | 2 +-
- man/systemd-oomd.service.xml | 2 +-
- man/systemd-pstore.service.xml | 4 ++--
- man/systemd-resolved.service.xml | 6 ++---
- man/systemd-sleep.conf.xml | 2 +-
- man/systemd-stub.xml | 2 +-
- man/systemd-sysext.xml | 2 +-
- man/systemd-system.conf.xml | 2 +-
- man/systemd.automount.xml | 2 +-
- man/systemd.exec.xml | 36 ++++++++++++++---------------
- man/systemd.netdev.xml | 2 +-
- man/systemd.network.xml | 8 +++----
- man/systemd.nspawn.xml | 4 ++--
- man/systemd.resource-control.xml | 2 +-
- man/systemd.service.xml | 4 ++--
- man/systemd.slice.xml | 2 +-
- man/systemd.socket.xml | 2 +-
- man/systemd.swap.xml | 2 +-
- man/systemd.unit.xml | 2 +-
- man/systemd.xml | 6 ++---
- man/tmpfiles.d.xml | 6 ++---
- man/ukify.xml | 4 ++--
- 55 files changed, 99 insertions(+), 99 deletions(-)
-
diff --git a/man/bootup.xml b/man/bootup.xml
-index c942bab344..be292bf3cd 100644
+index 8c97051b56d..cf47cb83d82 100644
--- a/man/bootup.xml
+++ b/man/bootup.xml
@@ -23,7 +23,7 @@
@@ -83,7 +12,7 @@ index c942bab344..be292bf3cd 100644
loader (e.g.
<citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry> or
diff --git a/man/daemon.xml b/man/daemon.xml
-index 42630d2782..dad234eb54 100644
+index 1d9b937b2f6..e74220281aa 100644
--- a/man/daemon.xml
+++ b/man/daemon.xml
@@ -47,7 +47,7 @@
@@ -132,10 +61,10 @@ index 42630d2782..dad234eb54 100644
leave the scheduling of processes to the OS scheduler itself. systemd provides fine-grained access to
the CPU and I/O schedulers. If a process executed by the service manager shall not negatively impact
diff --git a/man/homectl.xml b/man/homectl.xml
-index 43bde52e0d..d7790beacb 100644
+index 82ea2e3943d..563076faa55 100644
--- a/man/homectl.xml
+++ b/man/homectl.xml
-@@ -442,7 +442,7 @@
+@@ -607,7 +607,7 @@
<varlistentry>
<term><option>--fido2-device=<replaceable>PATH</replaceable></option></term>
@@ -145,7 +74,7 @@ index 43bde52e0d..d7790beacb 100644
<literal>hmac-secret</literal> extension that shall be able to unlock the user account. A random salt
value is generated on the host and passed to the FIDO2 device, which calculates a HMAC hash of the
diff --git a/man/hostnamectl.xml b/man/hostnamectl.xml
-index 0f50bf9e44..b0ae42d42e 100644
+index 8ac18349c67..58911d661b5 100644
--- a/man/hostnamectl.xml
+++ b/man/hostnamectl.xml
@@ -47,7 +47,7 @@
@@ -164,13 +93,13 @@ index 0f50bf9e44..b0ae42d42e 100644
- hostname must be at most 64 characters, which is a Linux limitation (DNS allows longer names).</para>
+ hostname must be at most 64 characters, which is a Linux kernel limitation (DNS allows longer names).</para>
- <xi:include href="version-info.xml" xpointer="v249"/></listitem>
- </varlistentry>
+ <xi:include href="hostname.xml" xpointer="question-mark-hostname-pattern"/>
+
diff --git a/man/journald.conf.xml b/man/journald.conf.xml
-index 1aa74926ab..9743d53ce7 100644
+index 322fe6d17b6..f6ad7de967b 100644
--- a/man/journald.conf.xml
+++ b/man/journald.conf.xml
-@@ -147,7 +147,7 @@
+@@ -151,7 +151,7 @@
<term><varname>SplitMode=</varname></term>
<listitem><para>Controls whether to split up journal files per user, either <literal>uid</literal> or
@@ -180,7 +109,7 @@ index 1aa74926ab..9743d53ce7 100644
<literal>uid</literal>, all regular users (with UID outside the range of system users, dynamic service users,
and the nobody user) will each get their own journal files, and system users will log to the system journal.
diff --git a/man/machinectl.xml b/man/machinectl.xml
-index 3964dc0580..790079c4c2 100644
+index e64a20bb1d0..6e9c2e53199 100644
--- a/man/machinectl.xml
+++ b/man/machinectl.xml
@@ -72,7 +72,7 @@
@@ -192,7 +121,7 @@ index 3964dc0580..790079c4c2 100644
systems.</para></listitem>
<listitem><para>Similarly, block devices containing MBR or GPT partition tables and file systems.</para></listitem>
-@@ -773,7 +773,7 @@
+@@ -771,7 +771,7 @@
<para>The <command>machinectl</command> tool operates on machines
and images whose names must be chosen following strict
rules. Machine names must be suitable for use as hostnames
@@ -202,10 +131,10 @@ index 3964dc0580..790079c4c2 100644
non-empty label strings, separated by dots. No leading or trailing
dots are allowed. No sequences of multiple dots are allowed. The
diff --git a/man/org.freedesktop.machine1.xml b/man/org.freedesktop.machine1.xml
-index 8abef00e53..ed0f6840f0 100644
+index 39bd96d87c5..ebc7d7bf85a 100644
--- a/man/org.freedesktop.machine1.xml
+++ b/man/org.freedesktop.machine1.xml
-@@ -323,7 +323,7 @@ node /org/freedesktop/machine1 {
+@@ -329,7 +329,7 @@ node /org/freedesktop/machine1 {
service that registers the machine, a class string, the PID of the leader process of the machine, an
optional root directory of the container, and an array of additional properties to use for the scope
registration. The virtual machine name must be suitable as a hostname, and hence should follow the usual
@@ -215,10 +144,10 @@ index 8abef00e53..ed0f6840f0 100644
<literal>a-zA-Z0-9-_.</literal> are allowed, the name may not begin with a dot, and it may not contain
two dots immediately following each other. Container and VM managers should ideally use the hostname
diff --git a/man/org.freedesktop.resolve1.xml b/man/org.freedesktop.resolve1.xml
-index f6b70d6e4f..241c58ee1e 100644
+index 16133e1bebb..00775e8f03c 100644
--- a/man/org.freedesktop.resolve1.xml
+++ b/man/org.freedesktop.resolve1.xml
-@@ -246,7 +246,7 @@ node /org/freedesktop/resolve1 {
+@@ -253,7 +253,7 @@ node /org/freedesktop/resolve1 {
<title>Methods</title>
<para><function>ResolveHostname()</function> takes a hostname and resolves it to one or more IP
@@ -227,7 +156,7 @@ index f6b70d6e4f..241c58ee1e 100644
it may be done on any suitable interface. The <varname>name</varname> parameter specifies the hostname
to resolve. Note that if required, IDNA conversion is applied to this name unless it is resolved via
LLMNR or MulticastDNS. The <varname>family</varname> parameter limits the results to a specific address
-@@ -280,7 +280,7 @@ node /org/freedesktop/resolve1 {
+@@ -287,7 +287,7 @@ node /org/freedesktop/resolve1 {
<para><function>ResolveRecord()</function> takes a DNS resource record (RR) type, class and name, and
retrieves the full resource record set (RRset), including the RDATA, for it. As parameter it takes the
@@ -236,7 +165,7 @@ index f6b70d6e4f..241c58ee1e 100644
any suitable interface. The <varname>name</varname> parameter specifies the RR domain name to look up
(no IDNA conversion is applied), followed by the 16-bit class and type fields (which may be
ANY). Finally, a <varname>flags</varname> field may be passed in to alter behaviour of the look-up (see
-@@ -304,7 +304,7 @@ node /org/freedesktop/resolve1 {
+@@ -311,7 +311,7 @@ node /org/freedesktop/resolve1 {
service metadata. The primary benefit of using this method over <function>ResolveRecord()</function>
specifying the <constant class="dns">SRV</constant> type is that it will resolve the
<constant class="dns">SRV</constant> and <constant class="dns">TXT</constant> RRs as well as the
@@ -245,7 +174,7 @@ index f6b70d6e4f..241c58ee1e 100644
index, a service name, a service type and a service domain. This method may be invoked in three
different modes:</para>
-@@ -761,7 +761,7 @@ node /org/freedesktop/resolve1/link/_1 {
+@@ -775,7 +775,7 @@ node /org/freedesktop/resolve1/link/_1 {
<!--End of Autogenerated section-->
@@ -255,10 +184,10 @@ index f6b70d6e4f..241c58ee1e 100644
object path for a link object given the network interface index (see above).</para>
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
-index b0b45097e3..a9aec94723 100644
+index 8d16d6618d3..99dffde2e74 100644
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
-@@ -1269,7 +1269,7 @@ node /org/freedesktop/systemd1 {
+@@ -1267,7 +1267,7 @@ node /org/freedesktop/systemd1 {
<para><function>GetUnitByPID()</function> may be used to get the unit object path of the unit a process
ID belongs to. It takes a UNIX PID and returns the object path. The PID must refer to an existing system process.
@@ -268,10 +197,10 @@ index b0b45097e3..a9aec94723 100644
of a PID, which is safer as UNIX PIDs can be recycled. The latter method returns the unit id and the
invocation id together with the unit object path.</para>
diff --git a/man/os-release.xml b/man/os-release.xml
-index e5a797489c..a1a1cf39ec 100644
+index 0c9b3de493b..a92d5ef3c6f 100644
--- a/man/os-release.xml
+++ b/man/os-release.xml
-@@ -458,7 +458,7 @@
+@@ -547,7 +547,7 @@
present and no other configuration source specifies the hostname. Must be either a single DNS label
(a string composed of 7-bit ASCII lower-case characters and no spaces or dots, limited to the
format allowed for DNS domain name labels), or a sequence of such labels separated by single dots
@@ -279,12 +208,12 @@ index e5a797489c..a1a1cf39ec 100644
+ that forms a valid DNS FQDN. The hostname must be at most 64 characters, which is a Linux kernel
limitation (DNS allows longer names).</para>
- <para>See <citerefentry><refentrytitle>org.freedesktop.hostname1</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ <xi:include href="hostname.xml" xpointer="question-mark-hostname-pattern"/>
diff --git a/man/pam_systemd_home.xml b/man/pam_systemd_home.xml
-index 5bd48de4a6..ee2f99557c 100644
+index c1a4dc7f977..123814ce048 100644
--- a/man/pam_systemd_home.xml
+++ b/man/pam_systemd_home.xml
-@@ -106,7 +106,7 @@
+@@ -153,7 +153,7 @@ lennart@zeta$ cp -av /etc/skel ~/Areas/versuch1</programlisting>
the encrypted data), <option>account</option> (because users with
<filename>systemd-homed.service</filename> user accounts are described in a <ulink
url="https://systemd.io/USER_RECORD/";>JSON user record</ulink> and may be configured in more detail than
@@ -294,7 +223,7 @@ index 5bd48de4a6..ee2f99557c 100644
<option>password</option> (to change the encryption password â also used for user authentication â
through PAM).</para>
diff --git a/man/portablectl.xml b/man/portablectl.xml
-index 92d8ff03aa..6ee898487b 100644
+index 5678171a170..4c81bc3ac4b 100644
--- a/man/portablectl.xml
+++ b/man/portablectl.xml
@@ -58,7 +58,7 @@
@@ -307,10 +236,10 @@ index 92d8ff03aa..6ee898487b 100644
</itemizedlist>
diff --git a/man/repart.d.xml b/man/repart.d.xml
-index 52e6b97240..31a850a85e 100644
+index 22d50e2c636..f2080a23060 100644
--- a/man/repart.d.xml
+++ b/man/repart.d.xml
-@@ -141,7 +141,7 @@
+@@ -132,7 +132,7 @@
<row>
<entry><constant>linux-generic</constant></entry>
@@ -320,7 +249,7 @@ index 52e6b97240..31a850a85e 100644
<row>
diff --git a/man/sd-bus-errors.xml b/man/sd-bus-errors.xml
-index b9919b13f6..5c0c2d3629 100644
+index b9919b13f65..5c0c2d3629f 100644
--- a/man/sd-bus-errors.xml
+++ b/man/sd-bus-errors.xml
@@ -110,7 +110,7 @@
@@ -333,7 +262,7 @@ index b9919b13f6..5c0c2d3629 100644
to D-Bus errors and back. For example, the error
<constant>EUCLEAN</constant> is mapped to
diff --git a/man/sd-event.xml b/man/sd-event.xml
-index 46b50ea401..e1e6edf92d 100644
+index 46b50ea401b..e1e6edf92d5 100644
--- a/man/sd-event.xml
+++ b/man/sd-event.xml
@@ -36,7 +36,7 @@
@@ -346,7 +275,7 @@ index 46b50ea401..e1e6edf92d 100644
</para>
diff --git a/man/sd-id128.xml b/man/sd-id128.xml
-index 5a2ca4636a..f3f05ff2dd 100644
+index c568fbf4bc0..ed0aa37bd49 100644
--- a/man/sd-id128.xml
+++ b/man/sd-id128.xml
@@ -195,7 +195,7 @@ int main(int argc, char **argv) {
@@ -359,7 +288,7 @@ index 5a2ca4636a..f3f05ff2dd 100644
generated by the sd-id128 APIs strictly conform to Variant 1 Version 4 UUIDs, as per RFC 4122.</para>
diff --git a/man/sd_bus_error_add_map.xml b/man/sd_bus_error_add_map.xml
-index e6e635130e..faaf69828b 100644
+index e6e635130ee..faaf69828b2 100644
--- a/man/sd_bus_error_add_map.xml
+++ b/man/sd_bus_error_add_map.xml
@@ -51,7 +51,7 @@
@@ -372,7 +301,7 @@ index e6e635130e..faaf69828b 100644
<citerefentry><refentrytitle>sd_bus_error_set</refentrytitle><manvolnum>3</manvolnum></citerefentry>
or
diff --git a/man/sd_bus_get_name_machine_id.xml b/man/sd_bus_get_name_machine_id.xml
-index 486701841b..5d61735af8 100644
+index 486701841b7..5d61735af88 100644
--- a/man/sd_bus_get_name_machine_id.xml
+++ b/man/sd_bus_get_name_machine_id.xml
@@ -40,7 +40,7 @@
@@ -385,7 +314,7 @@ index 486701841b..5d61735af8 100644
stored in <parameter>machine</parameter>.</para>
</refsect1>
diff --git a/man/sd_event_add_io.xml b/man/sd_event_add_io.xml
-index 3a405f0595..21eff70e2a 100644
+index baf1debaf04..b327d516ca1 100644
--- a/man/sd_event_add_io.xml
+++ b/man/sd_event_add_io.xml
@@ -104,7 +104,7 @@
@@ -398,20 +327,20 @@ index 3a405f0595..21eff70e2a 100644
<parameter>events</parameter> parameter takes a bit mask of events to watch for, a combination of the
following event flags: <constant>EPOLLIN</constant>, <constant>EPOLLOUT</constant>,
diff --git a/man/sd_event_set_signal_exit.xml b/man/sd_event_set_signal_exit.xml
-index 10b68a0edf..6247e7936d 100644
+index fd40863868b..59c76a35250 100644
--- a/man/sd_event_set_signal_exit.xml
+++ b/man/sd_event_set_signal_exit.xml
@@ -49,7 +49,7 @@
<constant>SIGINT</constant> and <constant>SIGTERM</constant>. If specified as false, it will no
longer. When this functionality is turned off the calling thread's signal mask is restored to match the
- state before it was turned on, for the two signals. By default the two signals are not handled by the
+ state before it was turned on, for the two signals. By default, the two signals are not handled by the
- event loop, and Linux' default signal handling for them is in effect.</para>
+ event loop, and the Linux kernel's default signal handling for them is in effect.</para>
- <para>It's customary for UNIX programs to exit on either of these two signals, hence it's typically a
+ <para>It is customary for UNIX programs to exit on either of these two signals, hence it is typically a
good idea to enable this functionality for the main event loop of a program.</para>
diff --git a/man/sd_id128_to_string.xml b/man/sd_id128_to_string.xml
-index b2f3030534..a237284cb5 100644
+index 1d6301ec615..910763ac3b8 100644
--- a/man/sd_id128_to_string.xml
+++ b/man/sd_id128_to_string.xml
@@ -83,7 +83,7 @@
@@ -424,7 +353,7 @@ index b2f3030534..a237284cb5 100644
<para>For more information about the <literal>sd_id128_t</literal> type see
diff --git a/man/sd_is_fifo.xml b/man/sd_is_fifo.xml
-index 8f6fa43f6b..dd7b3ad35f 100644
+index 8f6fa43f6b3..dd7b3ad35fa 100644
--- a/man/sd_is_fifo.xml
+++ b/man/sd_is_fifo.xml
@@ -140,7 +140,7 @@
@@ -437,10 +366,10 @@ index 8f6fa43f6b..dd7b3ad35f 100644
size of the address, including the initial 0 byte, and set the
<parameter>path</parameter> to the initial 0 byte of the socket
diff --git a/man/sd_notify.xml b/man/sd_notify.xml
-index 35c450b128..9e5354cb15 100644
+index f9bb56b2d47..a38a8d3b57d 100644
--- a/man/sd_notify.xml
+++ b/man/sd_notify.xml
-@@ -479,7 +479,7 @@
+@@ -545,7 +545,7 @@
<para>These functions send a single datagram with the state string as payload to the socket referenced in
the <varname>$NOTIFY_SOCKET</varname> environment variable. If the first character of
<varname>$NOTIFY_SOCKET</varname> is <literal>/</literal> or <literal>@</literal>, the string is
@@ -450,7 +379,7 @@ index 35c450b128..9e5354cb15 100644
SCM_CREDENTIALS. If the string starts with <literal>vsock:</literal> then the string is understood as an
<constant>AF_VSOCK</constant> address, which is useful for hypervisors/VMMs or other processes on the
diff --git a/man/sd_uid_get_state.xml b/man/sd_uid_get_state.xml
-index 2a91686e1c..15d6ab745b 100644
+index 2a91686e1c7..15d6ab745b0 100644
--- a/man/sd_uid_get_state.xml
+++ b/man/sd_uid_get_state.xml
@@ -181,7 +181,7 @@
@@ -463,12 +392,12 @@ index 2a91686e1c..15d6ab745b 100644
</varlistentry>
diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml
-index 9a4b0cada4..a84e430396 100644
+index 927748bdc5d..ddcff51967e 100644
--- a/man/systemd-analyze.xml
+++ b/man/systemd-analyze.xml
-@@ -438,7 +438,7 @@ DATAERR 65 BSD
- <refsect2>
- <title><command>systemd-analyze capability <optional><replaceable>CAPABILITY</replaceable>...</optional></command></title>
+@@ -500,7 +500,7 @@ DATAERR 65 BSD
+ </command>
+ </title>
- <para>This command prints a list of Linux capabilities along with their numeric IDs. See <citerefentry
+ <para>This command prints a list of Linux kernel capabilities along with their numeric IDs. See <citerefentry
@@ -476,7 +405,7 @@ index 9a4b0cada4..a84e430396 100644
for details. If no argument is specified the full list of capabilities known to the service manager and
the kernel is shown. Capabilities defined by the kernel but not known to the service manager are shown
diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml
-index cc4504926c..d92beba056 100644
+index c465d4f4f35..992f1a2f4b9 100644
--- a/man/systemd-boot.xml
+++ b/man/systemd-boot.xml
@@ -111,7 +111,7 @@
@@ -489,7 +418,7 @@ index cc4504926c..d92beba056 100644
booted kernel images.</para>
</refsect1>
diff --git a/man/systemd-cgls.xml b/man/systemd-cgls.xml
-index 5280992c8c..e9d55ff6a8 100644
+index 5280992c8c6..e9d55ff6a86 100644
--- a/man/systemd-cgls.xml
+++ b/man/systemd-cgls.xml
@@ -39,7 +39,7 @@
@@ -502,7 +431,7 @@ index 5280992c8c..e9d55ff6a8 100644
specified control groups plus all their subgroups and their
members. The control groups may either be specified by their full
diff --git a/man/systemd-cgtop.xml b/man/systemd-cgtop.xml
-index 5b5ab5b736..eaee2111df 100644
+index d734ccd283b..b320ccf5e0f 100644
--- a/man/systemd-cgtop.xml
+++ b/man/systemd-cgtop.xml
@@ -33,7 +33,7 @@
@@ -515,7 +444,7 @@ index 5b5ab5b736..eaee2111df 100644
regular intervals (by default every 1s), similar in style to
<citerefentry project='man-pages'><refentrytitle>top</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml
-index a47866ba61..c2474b1bb7 100644
+index e27ae4288e0..d695b03b639 100644
--- a/man/systemd-cryptenroll.xml
+++ b/man/systemd-cryptenroll.xml
@@ -158,7 +158,7 @@
@@ -528,7 +457,7 @@ index a47866ba61..c2474b1bb7 100644
<row>
diff --git a/man/systemd-detect-virt.xml b/man/systemd-detect-virt.xml
-index 2239294145..b0af55c2ce 100644
+index e89f72bc229..97b9bfddc0c 100644
--- a/man/systemd-detect-virt.xml
+++ b/man/systemd-detect-virt.xml
@@ -160,12 +160,12 @@
@@ -558,10 +487,10 @@ index 2239294145..b0af55c2ce 100644
Multiple WSL environments share the same kernel and services
should generally behave like when being run in a container.</para>
diff --git a/man/systemd-dissect.xml b/man/systemd-dissect.xml
-index b65a2c39f1..e4436a3ea6 100644
+index c52de5f454c..bc732aefbf2 100644
--- a/man/systemd-dissect.xml
+++ b/man/systemd-dissect.xml
-@@ -100,7 +100,7 @@
+@@ -103,7 +103,7 @@
partition only. (This partition is assumed to contain the root file system of the OS.)</para></listitem>
</orderedlist>
@@ -571,7 +500,7 @@ index b65a2c39f1..e4436a3ea6 100644
with <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
<option>--image=</option> switch, and be used as root file system for system service using the
diff --git a/man/systemd-machine-id-setup.xml b/man/systemd-machine-id-setup.xml
-index bb53cc7069..c8ffa86e2b 100644
+index bb53cc7069d..c8ffa86e2bd 100644
--- a/man/systemd-machine-id-setup.xml
+++ b/man/systemd-machine-id-setup.xml
@@ -62,7 +62,7 @@
@@ -584,7 +513,7 @@ index bb53cc7069..c8ffa86e2b 100644
url="https://systemd.io/CONTAINER_INTERFACE";>Container Interface</ulink>. This step is skipped if
<option>--root=</option> is specified or running in a chroot environment.</para></listitem>
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
-index e7ceb94012..da11ab17c5 100644
+index ed0acc69371..308af859a0c 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -57,7 +57,7 @@
@@ -594,9 +523,9 @@ index e7ceb94012..da11ab17c5 100644
- may be used to boot full Linux-based operating systems in a container.</para>
+ may be used to boot full Linux-kernel-based operating systems in a container.</para>
- <para><command>systemd-nspawn</command> limits access to various kernel interfaces in the container to read-only,
- such as <filename>/sys/</filename>, <filename>/proc/sys/</filename> or <filename>/sys/fs/selinux/</filename>. The
-@@ -1029,7 +1029,7 @@ After=sys-subsystem-net-devices-ens1.device</programlisting>
+ <para><command>systemd-nspawn</command> limits access to various kernel interfaces in the container to
+ read-only, such as <filename>/sys/</filename>, <filename>/proc/sys/</filename>, or
+@@ -1068,7 +1068,7 @@ After=sys-subsystem-net-devices-ens1.device</programlisting>
<para>Note that <option>--network-veth</option> is the default if the
<filename>[email protected]</filename> template unit file is used.</para>
@@ -605,7 +534,7 @@ index e7ceb94012..da11ab17c5 100644
container names may have a length up to 64 characters. As this option derives the host-side interface
name from the container name the name is possibly truncated. Thus, care needs to be taken to ensure
that interface names remain unique in this case, or even better container names are generally not
-@@ -1072,7 +1072,7 @@ After=sys-subsystem-net-devices-ens1.device</programlisting>
+@@ -1111,7 +1111,7 @@ After=sys-subsystem-net-devices-ens1.device</programlisting>
as argument. Note that <option>--network-bridge=</option> implies <option>--network-veth</option>. If
this option is used, the host side of the Ethernet link will use the <literal>vb-</literal> prefix
instead of <literal>ve-</literal>. Regardless of the used naming prefix the same network interface
@@ -615,7 +544,7 @@ index e7ceb94012..da11ab17c5 100644
<para>As with <option>--network-interface=</option>, the underlying bridge network interface must
diff --git a/man/systemd-nsresourced.service.xml b/man/systemd-nsresourced.service.xml
-index d0a561e492..d277da86ed 100644
+index 787312d858f..2fab6af6893 100644
--- a/man/systemd-nsresourced.service.xml
+++ b/man/systemd-nsresourced.service.xml
@@ -53,7 +53,7 @@
@@ -628,10 +557,10 @@ index d0a561e492..d277da86ed 100644
this is sufficient to implement fully unprivileged container environments, as implemented by
<citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>, fully
diff --git a/man/systemd-oomd.service.xml b/man/systemd-oomd.service.xml
-index 51a9377ea0..f73ea68255 100644
+index 9d04c9da98d..08c68d41fb6 100644
--- a/man/systemd-oomd.service.xml
+++ b/man/systemd-oomd.service.xml
-@@ -68,7 +68,7 @@
+@@ -74,7 +74,7 @@
is set to <constant>true</constant> in
<citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
@@ -641,7 +570,7 @@ index 51a9377ea0..f73ea68255 100644
<para>It is highly recommended for the system to have swap enabled for <command>systemd-oomd</command> to
function optimally. With swap enabled, the system spends enough time swapping pages to let
diff --git a/man/systemd-pstore.service.xml b/man/systemd-pstore.service.xml
-index 12c5459597..1e8722435f 100644
+index f3a879625f0..e9bb94ccd42 100644
--- a/man/systemd-pstore.service.xml
+++ b/man/systemd-pstore.service.xml
@@ -30,11 +30,11 @@
@@ -659,7 +588,7 @@ index 12c5459597..1e8722435f 100644
(currently the kernel stores the tail of the kernel log, which also contains a stack backtrace, into
pstore).</para>
diff --git a/man/systemd-resolved.service.xml b/man/systemd-resolved.service.xml
-index 13c0da987f..b87715c17d 100644
+index a5ab48d2fa0..c6f3d318721 100644
--- a/man/systemd-resolved.service.xml
+++ b/man/systemd-resolved.service.xml
@@ -55,7 +55,7 @@
@@ -680,7 +609,7 @@ index 13c0da987f..b87715c17d 100644
contains a list of search domains that are in use by <command>systemd-resolved</command>. The list of
search domains is always kept up-to-date. Note that
<filename>/run/systemd/resolve/stub-resolv.conf</filename> should not be used directly by applications,
-@@ -356,7 +356,7 @@ search foobar.com barbar.com
+@@ -358,7 +358,7 @@ search foobar.com barbar.com
</para></listitem>
<listitem><para><command>systemd-resolved</command> maintains the
@@ -690,10 +619,10 @@ index 13c0da987f..b87715c17d 100644
up-to-date, containing information about all known DNS servers. Note the file format's limitations: it
does not know a concept of per-interface DNS servers and hence only contains system-wide DNS server
diff --git a/man/systemd-sleep.conf.xml b/man/systemd-sleep.conf.xml
-index 623e614b6a..e42b3cc276 100644
+index dee442b01e8..9bb43b4f003 100644
--- a/man/systemd-sleep.conf.xml
+++ b/man/systemd-sleep.conf.xml
-@@ -246,7 +246,7 @@
+@@ -263,7 +263,7 @@
<title>Example: freeze</title>
<para>Example: to exploit the <quote>freeze</quote> mode added
@@ -703,10 +632,10 @@ index 623e614b6a..e42b3cc276 100644
<programlisting>[Sleep]
SuspendState=freeze</programlisting></para>
diff --git a/man/systemd-stub.xml b/man/systemd-stub.xml
-index 2724c57ef9..f7356b8d0f 100644
+index d098804dc10..96b0ff9013a 100644
--- a/man/systemd-stub.xml
+++ b/man/systemd-stub.xml
-@@ -48,7 +48,7 @@
+@@ -51,7 +51,7 @@
attached to a Linux kernel binary image, and is a piece of code that runs in the UEFI firmware
environment before transitioning into the Linux kernel environment. The UEFI boot stub ensures a Linux
kernel is executable as regular UEFI binary, and is able to do various preparations before switching the
@@ -714,12 +643,12 @@ index 2724c57ef9..f7356b8d0f 100644
+ system into the Linux kernel's world.</para>
<para>The UEFI boot stub looks for various resources for the kernel invocation inside the UEFI PE binary
- itself. This allows combining various resources inside a single PE binary image (usually called "Unified
+ itself. This allows combining various resources inside a single PE binary image (a "Unified Kernel Image"
diff --git a/man/systemd-sysext.xml b/man/systemd-sysext.xml
-index c9bbf49907..93f641850b 100644
+index 050e21fafcb..646874289c0 100644
--- a/man/systemd-sysext.xml
+++ b/man/systemd-sysext.xml
-@@ -84,7 +84,7 @@
+@@ -91,7 +91,7 @@
<listitem><para>Plain directories or btrfs subvolumes containing the OS tree</para></listitem>
<listitem><para>Disk images with a GPT disk label, following the <ulink
url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification";>Discoverable Partitions Specification</ulink></para></listitem>
@@ -729,10 +658,10 @@ index c9bbf49907..93f641850b 100644
</orderedlist>
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
-index ae5b61b149..2ba51f293a 100644
+index b7fe53dc9cf..d7f0f66e504 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
-@@ -580,7 +580,7 @@
+@@ -287,7 +287,7 @@
<varlistentry>
<term><varname>DefaultOOMPolicy=</varname></term>
@@ -742,7 +671,7 @@ index ae5b61b149..2ba51f293a 100644
<varname>OOMPolicy=</varname> setting. See
<citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
diff --git a/man/systemd.automount.xml b/man/systemd.automount.xml
-index 20ae3c76df..f4f590d6c9 100644
+index 20ae3c76df4..f4f590d6c98 100644
--- a/man/systemd.automount.xml
+++ b/man/systemd.automount.xml
@@ -60,7 +60,7 @@
@@ -755,7 +684,7 @@ index 20ae3c76df..f4f590d6c9 100644
managers.</para>
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
-index 21527f756d..2865ec133d 100644
+index b2e3ae369b6..daf591d4991 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -42,7 +42,7 @@
@@ -767,7 +696,7 @@ index 21527f756d..2865ec133d 100644
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
Those options complement options listed here.</para>
</refsect1>
-@@ -168,7 +168,7 @@
+@@ -173,7 +173,7 @@
to <varname>RootDirectory=</varname> however mounts a file system hierarchy from a block device node
or loopback file instead of a directory. The device node or file system image file needs to contain a
file system without a partition table, or a file system within an MBR/MS-DOS or GPT partition table
@@ -776,7 +705,7 @@ index 21527f756d..2865ec133d 100644
that follows the
<ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification";>
Discoverable Partitions Specification</ulink>.</para>
-@@ -408,7 +408,7 @@
+@@ -430,7 +430,7 @@
unit's processes. This controls the <literal>subset=</literal> mount option of the
<literal>procfs</literal> instance for the unit. For further details see <ulink
url="https://docs.kernel.org/filesystems/proc.html#mount-options";>The /proc
@@ -785,7 +714,7 @@ index 21527f756d..2865ec133d 100644
which are made unavailable with this setting. Since these APIs are used frequently this option is
useful only in a few, specific cases, and is not suitable for most non-trivial programs.</para>
-@@ -627,7 +627,7 @@
+@@ -671,7 +671,7 @@
<literal>-</literal>, except for the first character which must be one of a-z, A-Z and
<literal>_</literal> (i.e. digits and <literal>-</literal> are not permitted as first character). The
user/group name must have at least one character, and at most 31. These restrictions are made in
@@ -794,7 +723,7 @@ index 21527f756d..2865ec133d 100644
systems. For further details on the names accepted and the names warned about see <ulink
url="https://systemd.io/USER_NAMES";>User/Group Name Syntax</ulink>.</para>
-@@ -966,13 +966,13 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
+@@ -1023,13 +1023,13 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
enforcement. For example, time limits specified for <varname>LimitCPU=</varname> will be rounded up
implicitly to multiples of 1s. For <varname>LimitNICE=</varname> the value may be specified in two
syntaxes: if prefixed with <literal>+</literal> or <literal>-</literal>, the value is understood as
@@ -810,23 +739,23 @@ index 21527f756d..2865ec133d 100644
controls listed in
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
over these per-process limits, as they apply to services as a whole, may be altered dynamically at
-@@ -1056,13 +1056,13 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
+@@ -1113,13 +1113,13 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
<entry>LimitRSS=</entry>
<entry>ulimit -m</entry>
<entry>Bytes</entry>
-- <entry>Don't use. No effect on Linux.</entry>
-+ <entry>Don't use. No effect on the Linux kernel.</entry>
+- <entry>Do not use. No effect on Linux.</entry>
++ <entry>Do not use. No effect on the Linux kernel.</entry>
</row>
<row>
<entry>LimitNOFILE=</entry>
<entry>ulimit -n</entry>
<entry>Number of File Descriptors</entry>
-- <entry>Don't use. Be careful when raising the soft limit above 1024, since <citerefentry project='man-pages'><refentrytitle>select</refentrytitle><manvolnum>2</manvolnum></citerefentry> cannot function with file descriptors above 1023 on Linux. Nowadays, the hard limit defaults to 524288, a very high value compared to historical defaults. Typically applications should increase their soft limit to the hard limit on their own, if they are OK with working with file descriptors above 1023, i.e. do not use <citerefentry project='man-pages'><refentrytitle>select</refentrytitle><manvolnum>2</manvolnum></citerefentry>. Note that file descriptors are nowadays accounted like any other form of memory, thus there should not be any need to lower the hard limit. Use <varname>MemoryMax=</varname> to control overall service memory use, including file descriptor memory.</entry>
-+ <entry>Don't use. Be careful when raising the soft limit above 1024, since <citerefentry project='man-pages'><refentrytitle>select</refentrytitle><manvolnum>2</manvolnum></citerefentry> cannot function with file descriptors above 1023 on GNU/Linux. Nowadays, the hard limit defaults to 524288, a very high value compared to historical defaults. Typically applications should increase their soft limit to the hard limit on their own, if they are OK with working with file descriptors above 1023, i.e. do not use <citerefentry project='man-pages'><refentrytitle>select</refentrytitle><manvolnum>2</manvolnum></citerefentry>. Note that file descriptors are nowadays accounted like any other form of memory, thus there should not be any need to lower the hard limit. Use <varname>MemoryMax=</varname> to control overall service memory use, including file descriptor memory.</entry>
+- <entry>Do not use. Be careful when raising the soft limit above 1024, since <citerefentry project='man-pages'><refentrytitle>select</refentrytitle><manvolnum>2</manvolnum></citerefentry> cannot function with file descriptors above 1023 on Linux. Nowadays, the hard limit defaults to 524288, a very high value compared to historical defaults. Typically applications should increase their soft limit to the hard limit on their own, if they are OK with working with file descriptors above 1023, i.e. do not use <citerefentry project='man-pages'><refentrytitle>select</refentrytitle><manvolnum>2</manvolnum></citerefentry>. Note that file descriptors are nowadays accounted like any other form of memory, thus there should not be any need to lower the hard limit. Use <varname>MemoryMax=</varname> to control overall service memory use, including file descriptor memory.</entry>
++ <entry>Do not use. Be careful when raising the soft limit above 1024, since <citerefentry project='man-pages'><refentrytitle>select</refentrytitle><manvolnum>2</manvolnum></citerefentry> cannot function with file descriptors above 1023 on GNU/Linux. Nowadays, the hard limit defaults to 524288, a very high value compared to historical defaults. Typically applications should increase their soft limit to the hard limit on their own, if they are OK with working with file descriptors above 1023, i.e. do not use <citerefentry project='man-pages'><refentrytitle>select</refentrytitle><manvolnum>2</manvolnum></citerefentry>. Note that file descriptors are nowadays accounted like any other form of memory, thus there should not be any need to lower the hard limit. Use <varname>MemoryMax=</varname> to control overall service memory use, including file descriptor memory.</entry>
</row>
<row>
<entry>LimitAS=</entry>
-@@ -1318,7 +1318,7 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
+@@ -1375,7 +1375,7 @@ CapabilityBoundingSet=~CAP_B CAP_C</programlisting>
<option>local</option>. A list of NUMA nodes that should be associated with the policy must be specified
in <varname>NUMAMask=</varname>. For more details on each policy please see,
<citerefentry><refentrytitle>set_mempolicy</refentrytitle><manvolnum>2</manvolnum></citerefentry>. For overall
@@ -835,7 +764,7 @@ index 21527f756d..2865ec133d 100644
<citerefentry project='man-pages'><refentrytitle>numa</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
</para>
-@@ -1654,7 +1654,7 @@ StateDirectory=aaa/bbb ccc</programlisting>
+@@ -1768,7 +1768,7 @@ StateDirectory=aaa/bbb ccc</programlisting>
order to provide writable subdirectories within read-only directories. Use
<varname>ReadWritePaths=</varname> in order to allow-list specific paths for write access if
<varname>ProtectSystem=strict</varname> is used. Note that <varname>ReadWritePaths=</varname> cannot
@@ -844,7 +773,7 @@ index 21527f756d..2865ec133d 100644
each mount point write access is granted only if the mount point itself <emphasis>and</emphasis> the
file system superblock backing it are not marked read-only. <varname>ReadWritePaths=</varname> only
controls the former, not the latter, hence a read-only file system superblock remains
-@@ -1847,7 +1847,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
+@@ -2043,7 +2043,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
<varlistentry>
<term><varname>NetworkNamespacePath=</varname></term>
@@ -853,7 +782,7 @@ index 21527f756d..2865ec133d 100644
pseudo-file (i.e. a file like <filename>/proc/$PID/ns/net</filename> or a bind mount or symlink to
one). When set the invoked processes are added to the network namespace referenced by that path. The
path has to point to a valid namespace file at the moment the processes are forked off. If this
-@@ -1881,7 +1881,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
+@@ -2077,7 +2077,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
<para>Note that IPC namespacing does not have an effect on
<constant>AF_UNIX</constant> sockets, which are the most common
@@ -862,7 +791,7 @@ index 21527f756d..2865ec133d 100644
sockets in the file system are subject to mount namespacing, and
those in the abstract namespace are subject to network namespacing.
IPC namespacing only has an effect on SysV IPC (which is mostly
-@@ -1905,7 +1905,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
+@@ -2101,7 +2101,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
<varlistentry>
<term><varname>IPCNamespacePath=</varname></term>
@@ -871,7 +800,7 @@ index 21527f756d..2865ec133d 100644
pseudo-file (i.e. a file like <filename>/proc/$PID/ns/ipc</filename> or a bind mount or symlink to
one). When set the invoked processes are added to the network namespace referenced by that path. The
path has to point to a valid namespace file at the moment the processes are forked off. If this
-@@ -2161,7 +2161,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
+@@ -2327,7 +2327,7 @@ BindReadOnlyPaths=/var/lib/systemd</programlisting>
<term><varname>ProtectControlGroups=</varname></term>
<listitem><para>Takes a boolean argument or the special values <literal>private</literal> or
@@ -880,7 +809,7 @@ index 21527f756d..2865ec133d 100644
<refentrytitle>cgroups</refentrytitle><manvolnum>7</manvolnum></citerefentry>) hierarchies
accessible through <filename>/sys/fs/cgroup/</filename> will be made read-only to all processes of the
unit. If set to <literal>private</literal>, the unit will run in a cgroup namespace with a private
-@@ -2228,8 +2228,8 @@ RestrictFileSystems=ext4</programlisting>
+@@ -2491,8 +2491,8 @@ RestrictFileSystems=ext4</programlisting>
<varlistentry>
<term><varname>RestrictNamespaces=</varname></term>
@@ -891,7 +820,7 @@ index 21527f756d..2865ec133d 100644
project='man-pages'><refentrytitle>namespaces</refentrytitle><manvolnum>7</manvolnum></citerefentry>. Either
takes a boolean argument, or a space-separated list of namespace type identifiers. If false (the default), no
restrictions on namespace creation and switching are made. If true, access to any kind of namespacing is
-@@ -3224,7 +3224,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX
+@@ -3623,7 +3623,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
for details about journal namespaces.</para>
@@ -900,7 +829,7 @@ index 21527f756d..2865ec133d 100644
over-mounting the directory that contains the relevant <constant>AF_UNIX</constant> sockets used for
logging in the unit's mount namespace. Since mount namespaces are used this setting disconnects
propagation of mounts from the unit's processes to the host, similarly to how
-@@ -4485,7 +4485,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX
+@@ -4972,7 +4972,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX
</tgroup>
</table>
@@ -910,10 +839,10 @@ index 21527f756d..2865ec133d 100644
<table>
<title>BSD exit codes</title>
diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml
-index 4fba788950..71efbee6ac 100644
+index 415feea0466..85ca4ce40d1 100644
--- a/man/systemd.netdev.xml
+++ b/man/systemd.netdev.xml
-@@ -515,7 +515,7 @@
+@@ -545,7 +545,7 @@
<term><varname>EgressQOSMaps=</varname></term>
<term><varname>IngressQOSMaps=</varname></term>
<listitem>
@@ -923,10 +852,10 @@ index 4fba788950..71efbee6ac 100644
whitespace-separated list of integer pairs, where each integer must be in the range
1â¦4294967294, in the format <literal>from</literal>-<literal>to</literal>, e.g.,
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
-index 698c2b4..6705051 100644
+index bbfc9a7af09..e08ddd9b7d7 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
-@@ -1455,7 +1455,7 @@ DuplicateAddressDetection=none</programlisting></para>
+@@ -1512,7 +1512,7 @@ DuplicateAddressDetection=none</programlisting></para>
<para>Takes a boolean. Joining multicast group on ethernet level via
<command>ip maddr</command> command would not work if we have an Ethernet switch that does
IGMP snooping since the switch would not replicate multicast packets on ports that did not
@@ -935,7 +864,7 @@ index 698c2b4..6705051 100644
<command>ip link add vxlan</command> or <command>systemd-networkd</command>'s netdev kind vxlan
have the group option that enables them to do the required join. By extending
<command>ip address</command> command with option <literal>autojoin</literal> we can get similar
-@@ -1420,7 +1420,7 @@ Table=1234</programlisting></para>
+@@ -1528,7 +1528,7 @@ DuplicateAddressDetection=none</programlisting></para>
<listitem>
<para>This setting provides a method for integrating static and dynamic network configuration into
@@ -944,16 +873,16 @@ index 698c2b4..6705051 100644
used by <ulink url="https://en.wikipedia.org/wiki/Linux_Security_Modules";>Linux Security Modules
(LSMs)</ulink> for network access control. The label, with suitable LSM rules, can be used to
control connectivity of (for example) a service with peers in the local network. At least with
-@@ -1441,7 +1441,7 @@ Table=1234</programlisting></para>
+@@ -1549,7 +1549,7 @@ DuplicateAddressDetection=none</programlisting></para>
<warning>
<para>Once labeling is enabled for network traffic, a lot of LSM access control points in
- Linux networking stack go from dormant to active. Care should be taken to avoid getting into a
+ Linux kernel networking stack go from dormant to active. Care should be taken to avoid getting into a
- situation where for example remote connectivity is broken, when the security policy hasn't been
+ situation where for example remote connectivity is broken, when the security policy has not been
updated to consider LSM per-packet access controls and no rules would allow any network
traffic. Also note that additional configuration with <citerefentry
-@@ -2468,7 +2468,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
+@@ -2600,7 +2600,7 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
<varlistentry>
<term><varname>SocketPriority=</varname></term>
<listitem>
@@ -963,7 +892,7 @@ index 698c2b4..6705051 100644
More details about <constant>SO_PRIORITY</constant> socket option in
<citerefentry project='man-pages'><refentrytitle>socket</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
diff --git a/man/systemd.nspawn.xml b/man/systemd.nspawn.xml
-index 591933a10c..bcf83b9cd3 100644
+index 6492a8911aa..7592dda7b0c 100644
--- a/man/systemd.nspawn.xml
+++ b/man/systemd.nspawn.xml
@@ -191,7 +191,7 @@
@@ -985,7 +914,7 @@ index 591933a10c..bcf83b9cd3 100644
<citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details). The <varname>AmbientCapability=</varname> setting
diff --git a/man/systemd.resource-control.xml b/man/systemd.resource-control.xml
-index 3773a38d62..f269afb48e 100644
+index cb6f6db4841..18a06445c53 100644
--- a/man/systemd.resource-control.xml
+++ b/man/systemd.resource-control.xml
@@ -34,7 +34,7 @@
@@ -998,10 +927,10 @@ index 3773a38d62..f269afb48e 100644
resource management.</para>
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
-index 58439dfa6e..f0199ff37b 100644
+index 2ddeeafcec8..67ad14f211e 100644
--- a/man/systemd.service.xml
+++ b/man/systemd.service.xml
-@@ -1226,7 +1226,7 @@
+@@ -1273,7 +1273,7 @@
<listitem><para>Configure the out-of-memory (OOM) killing policy for the kernel and the userspace OOM
killer
<citerefentry><refentrytitle>systemd-oomd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
@@ -1010,7 +939,7 @@ index 58439dfa6e..f0199ff37b 100644
itself, it might decide to kill a running process in order to free up memory and reduce memory
pressure. Note that <filename>systemd-oomd.service</filename> is a more flexible solution that aims
to prevent out-of-memory situations for the userspace too, not just the kernel, by attempting to
-@@ -1248,7 +1248,7 @@
+@@ -1297,7 +1297,7 @@
<constant>continue</constant>.</para>
<para>Use the <varname>OOMScoreAdjust=</varname> setting to configure whether processes of the unit
@@ -1020,7 +949,7 @@ index 58439dfa6e..f0199ff37b 100644
<citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
details.</para>
diff --git a/man/systemd.slice.xml b/man/systemd.slice.xml
-index a5987a3a45..ecfa7c4af4 100644
+index 6990a27a98c..bea4c49af2e 100644
--- a/man/systemd.slice.xml
+++ b/man/systemd.slice.xml
@@ -28,7 +28,7 @@
@@ -1033,7 +962,7 @@ index a5987a3a45..ecfa7c4af4 100644
apply to all processes of all units contained in that slice. Slices are organized hierarchically in a tree. The
name of the slice encodes the location in the tree. The name consists of a dash-separated series of names, which
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
-index a944efad3b..061659c89b 100644
+index 213ceffcdbd..48772c1337b 100644
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@@ -294,7 +294,7 @@
@@ -1046,7 +975,7 @@ index a944efad3b..061659c89b 100644
</varlistentry>
diff --git a/man/systemd.swap.xml b/man/systemd.swap.xml
-index f5e3c0742b..889b55881e 100644
+index 2b65ba68f3f..cfa03470870 100644
--- a/man/systemd.swap.xml
+++ b/man/systemd.swap.xml
@@ -58,7 +58,7 @@
@@ -1059,10 +988,10 @@ index f5e3c0742b..889b55881e 100644
</refsect1>
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
-index 919e641c5c..1fe4ad9d5b 100644
+index 3d4707cb2ce..f584ab221c2 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
-@@ -1557,7 +1557,7 @@
+@@ -1582,7 +1582,7 @@
</row>
<row>
<entry>audit</entry>
@@ -1072,10 +1001,10 @@ index 919e641c5c..1fe4ad9d5b 100644
<row>
<entry>uefi-secureboot</entry>
diff --git a/man/systemd.xml b/man/systemd.xml
-index f4aa7e06ca..f44068046d 100644
+index 06d9102e475..aa3e5e3cc24 100644
--- a/man/systemd.xml
+++ b/man/systemd.xml
-@@ -37,7 +37,7 @@
+@@ -36,7 +36,7 @@
<refsect1>
<title>Description</title>
@@ -1084,7 +1013,7 @@ index f4aa7e06ca..f44068046d 100644
boot (as PID 1), it acts as init system that brings up and maintains userspace services. Separate
instances are started for logged-in users to start their services.</para>
-@@ -231,7 +231,7 @@
+@@ -215,7 +215,7 @@
memory its accounting data is flushed out too. However, this data is generally not lost, as a journal log record
is generated declaring the consumed resources whenever a unit shuts down.</para>
@@ -1093,7 +1022,7 @@ index f4aa7e06ca..f44068046d 100644
they belong to in the private systemd hierarchy. (see <ulink
url="https://docs.kernel.org/admin-guide/cgroup-v2.html";>Control Groups v2</ulink> for more information
about control groups, or short "cgroups"). systemd uses this to effectively keep track of
-@@ -789,7 +789,7 @@
+@@ -750,7 +750,7 @@
<para>When run as the system instance, systemd parses a number of options listed below. They can be
specified as kernel command line arguments which are parsed from a number of sources depending on the
@@ -1101,12 +1030,12 @@ index f4aa7e06ca..f44068046d 100644
+ environment in which systemd is executed. If run inside a container, these options are parsed from
the command line arguments passed to systemd itself, next to any of the command line options listed in
the Options section above. If run outside of Linux containers, these arguments are parsed from
- <filename>/proc/cmdline</filename> and from the <literal>SystemdOptions</literal> EFI variable
+ <filename>/proc/cmdline</filename> instead.</para>
diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
-index e0baf3824c..9f085f383d 100644
+index 39fcad850d7..70fa6b4218e 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
-@@ -415,7 +415,7 @@ L /tmp/foobar - - - - /dev/null</programlisting>
+@@ -413,7 +413,7 @@ L /tmp/foobar - - - - /dev/null</programlisting>
names. This can be useful for setting SMACK labels. Does not follow symlinks.</para>
<para>Please note that extended attributes settable with this line type are a different concept
@@ -1115,7 +1044,7 @@ index e0baf3824c..9f085f383d 100644
below.</para>
<xi:include href="version-info.xml" xpointer="v218"/></listitem>
-@@ -430,7 +430,7 @@ L /tmp/foobar - - - - /dev/null</programlisting>
+@@ -428,7 +428,7 @@ L /tmp/foobar - - - - /dev/null</programlisting>
<varlistentry>
<term><varname>h</varname></term>
@@ -1124,7 +1053,7 @@ index e0baf3824c..9f085f383d 100644
place of normal path names.</para>
<para>The format of the argument field is <varname>[+-=][aAcCdDeijPsStTu]</varname>. The prefix
-@@ -446,7 +446,7 @@ L /tmp/foobar - - - - /dev/null</programlisting>
+@@ -444,7 +444,7 @@ L /tmp/foobar - - - - /dev/null</programlisting>
corresponding to the letters listed here. All other attributes will be left untouched. Does not
follow symlinks.</para>
@@ -1134,10 +1063,10 @@ index e0baf3824c..9f085f383d 100644
see above.</para></listitem>
</varlistentry>
diff --git a/man/ukify.xml b/man/ukify.xml
-index 17bd2e7..6c00f38 100644
+index 0f953cd94db..4fed2e3a1ca 100644
--- a/man/ukify.xml
+++ b/man/ukify.xml
-@@ -478,7 +478,7 @@
+@@ -632,7 +632,7 @@
<term><option>--sign-kernel</option></term>
<term><option>--no-sign-kernel</option></term>
@@ -1146,15 +1075,12 @@ index 17bd2e7..6c00f38 100644
embedded in the combined image. If not specified, it will be signed if a SecureBoot signing key is
provided via the
<varname>SecureBootPrivateKey=</varname>/<option>--secureboot-private-key=</option> option and the
-@@ -684,7 +684,7 @@
+@@ -778,7 +778,7 @@
<constant>enter-initrd</constant> phase) with the key
- <filename index='false'>tpm2-pcr-private-key-initrd.pem</filename>, and for the main system (phases
+ <filename index='false'>tpm2-pcr-initrd-private-key.pem</filename>, and for the main system (phases
<constant>leave-initrd</constant>, <constant>sysinit</constant>, <constant>ready</constant>) with the
- key <filename index='false'>tpm2-pcr-private-key-system.pem</filename>. The Linux binary and the resulting
+ key <filename index='false'>tpm2-pcr-private-key-system.pem</filename>. The Linux-libre binary and the resulting
- combined image will be signed with the SecureBoot key <filename index='false'>sb.key</filename>.</para>
+ combined image will be signed with the SecureBoot key <filename index='false'>secureboot-private-key.pem</filename>.</para>
</example>
---
-2.45.2
-
diff --git a/libre/systemd/PKGBUILD b/libre/systemd/PKGBUILD
index 6fa862efb..872b61fe6 100644
--- a/libre/systemd/PKGBUILD
+++ b/libre/systemd/PKGBUILD
@@ -94,14 +94,14 @@ pkgname+=("${_systemd_libs[@]/#/systemd-}")
# Upstream versioning is incompatible with pacman's version comparisons, one
# way or another. We use proper version for pacman here (no dash for rc
# release!), and change in source array below.
-pkgver='257.5'
+pkgver='258.2'
pkgrel=2
pkgrel+=.parabola1
arch=('x86_64')
arch+=('armv7h' 'i686' 'ppc64le')
license=('LGPL-2.1-or-later')
url='https://www.github.com/systemd/systemd'
-makedepends=('acl' 'cryptsetup' 'docbook-xsl' 'gperf' 'lz4' 'xz' 'pam' 'libelf'
+makedepends=('acl' 'apparmor' 'cryptsetup' 'docbook-xsl' 'gperf' 'lz4' 'xz' 'pam' 'libelf'
'intltool' 'iptables' 'kmod' 'libarchive' 'libcap' 'libidn2' 'libgcrypt'
'libmicrohttpd' 'libxcrypt' 'libxslt' 'util-linux' 'linux-api-headers'
'python-jinja' 'python-lxml' 'quota-tools' 'shadow' 'git'
@@ -141,13 +141,13 @@ source=("git+https://github.com/systemd/systemd#tag=v${pkgver/rc/-rc}?signed";
'30-systemd-tmpfiles.hook'
'30-systemd-udev-reload.hook'
'30-systemd-update.hook')
-sha512sums=('41b3a09f710a7801cec2d89a245c7ac06977aa91e133b72464179ab74c682f0a10320483ea48ebe774e0dc8d57bc453198cf91915d74ceda672379a4c06e77f8'
- '78065bde708118b7d6e4ed492e096c763e4679a1c54bd98750d5d609d8cc2f1373023f308880f14fc923ae7f9fea34824917ef884c0f996b1f43d08ef022c0fb'
- '70b3f1d6aaa9cd4b6b34055a587554770c34194100b17b2ef3aaf4f16f68da0865f6b3ae443b3252d395e80efabd412b763259ffb76c902b60e23b6b522e3cc8' # DIFF: parabola.conf
- '6c6f579644ea2ebb6b46ee274ab15110718b0de40def8c30173ba8480b045d403f2aedd15b50ad9b96453f4ad56920d1350ff76563755bb9a80b10fa7f64f1d9' # DIFF: loader.conf
- 'a50bc85061a9a16d776235099867bc1a17c17dddb74c1ecf5614c849735a9779c5e34e5ddca8ca6af4b59a40f57c08ecf219b98cab09476ddb0f110e6a35e45c' # DIFF: splash-parabola.bmp
- 'b90c99d768dc2a4f020ba854edf45ccf1b86a09d2f66e475de21fe589ff7e32c33ef4aa0876d7f1864491488fd7edb2682fc0d68e83a6d4890a0778dc2d6fe19'
- '81baa1ae439b0f4d1f09371a82c02db06a97a4fc35545fc2654f7905b4422fc8cf085f70304919a4323f39e662df1e05aa8d977d1dde73507527abe3072c386b'
+sha512sums=('b1c75dca0e8da6b965b53b37ed0fceedc8d9b328aac0dae8dc025a50dc62cdb8f989c466057ee5ee94f19b3fb46ccbd334780193b70b25f706e21c1afc56b372'
+ 'beb15210d8afe69e1e47c99a81da5967428ccc64ece85b8a843333cb741eda061ae7a91a79cec8a1136a624e93e63140013986499589bf10edcc52d865729377'
+ '70b3f1d6aaa9cd4b6b34055a587554770c34194100b17b2ef3aaf4f16f68da0865f6b3ae443b3252d395e80efabd412b763259ffb76c902b60e23b6b522e3cc8'
+ '9743093b0ef4366907daa33f2ff28f54c99deba49d35b27867efcf808b3f023172457d7c5737a3878d63522f9e65581eda382826b503171861535ce380340e80'
+ 'a50bc85061a9a16d776235099867bc1a17c17dddb74c1ecf5614c849735a9779c5e34e5ddca8ca6af4b59a40f57c08ecf219b98cab09476ddb0f110e6a35e45c'
+ '32580b82e97573d3e499821e2ce415ff134c0ec52c9b44a3c0862c4007d347f55636d6afac3dfc6831a9b384c7448075bdf3a12f369b4d8b62b24dfdb9c8a76a'
+ '05a3b19a2132c8c3048a66f2d06a9f8790e9c84c9ebdacc358456e38c5ebc8c02c542838f6aca3301f19ae83bc9fda66e701c682624dd5cf9fb119e452338a56'
'299dcc7094ce53474521356647bdd2fb069731c08d14a872a425412fcd72da840727a23664b12d95465bf313e8e8297da31259508d1c62cc2dcea596160e21c5'
'0d6bc3d928cfafe4e4e0bc04dbb95c5d2b078573e4f9e0576e7f53a8fab08a7077202f575d74a3960248c4904b5f7f0661bf17dbe163c524ab51dd30e3cb80f7'
'2b50b25e8680878f7974fa9d519df7e141ca11c4bfe84a92a5d01bb193f034b1726ea05b3c0030bad1fbda8dbb78bf1dc7b73859053581b55ba813c39b27d9dc'
@@ -170,13 +170,13 @@ source+=('9001-FSDG-bootctl-Say-Systemd-Boot-Manager-instead-of-Lin.patch'
'9005-FSDG-systemd-resolved-Fallback-hostname-to-gnu-linux.patch'
'9006-FSDG-man-Mention-Parabola-instead-of-Arch.patch'
'9007-FSDG-man-Refer-to-the-operating-system-as-GNU-Linux.patch')
-sha512sums+=('072f96cd936281c8292faa800ff66cbf0ade595f388479993ecc78e515702dca1a07f40d79d68532f8a28bb6ef2c348049e690ddade670e8705a3d0bc2bb70fa'
- 'a92a37e41a611dfc63417c641347d1c1784373d8100f5e999de3c7bc0c2ae9d9034f3daa08741a271447b35c7b2b786715b4bd0156d3f177cc51d1d1c64f43a9'
- '6885e3a04e53d2cd40475e3853394b2a97795c55fa4c8c696aff1f33a5f55400ddffbed710d70591a8c4e3bd2f46417d76dcdc19bca386a8e88e604dbf0b473d'
- '846767c26613ebf91d8a25b69f92a50a056ae2908165c09af187159fae7da1617718ad23bd0b02ef08809630b5bd90c11cdb5f4bb8e7ec2c663156f68b18fa22'
- 'f3d77a2e66598e6b9875522e7541da4a3238234ad5beee134186ba230a352adb51a089709e949cde7d8ed4c6857680a4fea806f70c7d1cc15dd95bd8efe5c535'
- '437c42469341caf18d74dd86f19b940a029f225c59321b3081eadb7116e1c1a2fbf71ac245cdf78610bf816dc4afc933db94fbd0e005d9569442f52009329df6'
- '82599e2df099b2d2d2c4fc136785126487e33c6ff829ac0cf292c7a12292aecbe55f0ab52d6e8c9167a4b0abeb38afd9495ff92089060d4b0b5733fbf6a7209f')
+sha512sums+=('4ba01e683dada26de0651bfa86307ae9f7edd1718d65fe1389c8828cdb2be4a989c1ebee27924212fa862b39c8e053ba78dd7187d270b868b4bb3b168a6714ca'
+ 'c71b85afa433d1a93b609404a9ce908d655d4388eb0ca4d5dac8fbacc1d59741020182bffb2d5b129d0afda18729fcdd1fa6b895f228f661e5a1641545a04932'
+ 'bca778c82fa313978cd6e327440b4bf3b8df46b31175bd58391823e517e1e2d286d7620d94c4e0f47c980b3a2ca31e05d8f53180aa82c4f22eee9323de2eca83'
+ 'a7d9259ef7ef820221ad3995efe69a809017fa04070a37cc7344181087a4461464083d7d177fd76757a99b10e1e28ed98f95f1fad0cc9e4bc617912651732167'
+ '053b8c7b4e929e0656f8137805cbee2051386957b88d1f9a79d82b83bd979fac8269512dc93a38f6ee611fba2b31896285de35bccb60bcbb4c52e3c19daa8413'
+ '783a5850ef45ee6dc4a865bf4a7b0d19d6e5bf67c94e469d9baa77b5c1d8e8c68d1edf6841dccc75fa4929ba69ee5732590e6122606ed0ab428f8f79c5795458'
+ '05e293742dca6825b81e70d4c707e4fe560985f6a0763dc7faa52bf1a7da8f5a502b973083c9bc6c844da516161f0c260614109a12cd733c3c809bcc1a64c2a3')
_meson_version="${pkgver}-${pkgrel}"
@@ -196,8 +196,8 @@ if [ -f /.build/build.dist ] && [ -d /usr/src/packages/SOURCES ] && [ -d /usr/s
fi
_backports=(
- # fast-forward to current v257-stable
- "v${pkgver}..1fb1f637baa979fd58fef67ea72b3e7255a99e21"
+ # core: assign TTY to PAM context when TTYPath= is specified
+ 'f0fdb69a8d83b543841e5ae1879241619959d881'
)
_reverts=(
@@ -371,15 +371,16 @@ build() {
local _timeservers=({0..3}.arch.pool.ntp.org)
local _nameservers=(
# We use these public name services, ordered by their privacy policy (hopefully):
- # * Cloudflare (https://1.1.1.1/)
- # * Quad9 (https://www.quad9.net/)
- # * Google (https://developers.google.com/speed/public-dns/)
- '1.1.1.1#cloudflare-dns.com'
+ # * Quad9 (https://quad9.net/privacy/policy/)
'9.9.9.9#dns.quad9.net'
- '8.8.8.8#dns.google'
- '2606:4700:4700::1111#cloudflare-dns.com'
'2620:fe::9#dns.quad9.net'
+ # * Cloudflare (https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/)
+ '1.1.1.1#cloudflare-dns.com'
+ '2606:4700:4700::1111#cloudflare-dns.com'
+ # * Google (https://developers.google.com/speed/public-dns/privacy)
+ '8.8.8.8#dns.google'
'2001:4860:4860::8888#dns.google'
+ # You do not agree? Fine, change it in your local configuration.
)
local _meson_options=(
@@ -388,7 +389,7 @@ build() {
-Dshared-lib-tag="${_meson_version}"
-Dmode=release
- -Dapparmor=disabled
+ -Dapparmor=enabled
-Dbootloader=enabled
-Dxenctrl=disabled
-Dbpf-framework=enabled
@@ -402,9 +403,6 @@ build() {
-Dvmlinux-h=provided
-Dvmlinux-h-path=/usr/src/linux-libre-vanilla/vmlinux.h
- # We disable DNSSEC by default, it still causes trouble:
- # https://github.com/systemd/systemd/issues/10579
-
-Ddbuspolicydir=/usr/share/dbus-1/system.d
-Ddefault-dnssec=no
-Ddefault-kill-user-processes=false
@@ -478,6 +476,7 @@ package_systemd() {
replaces=('nss-myhostname' 'systemd-tools' 'udev')
conflicts=('nss-myhostname' 'systemd-tools' 'udev')
optdepends=('libmicrohttpd: systemd-journal-gatewayd and systemd-journal-remote'
+ 'apparmor: additional security features'
'quota-tools: kernel-level quota management'
'systemd-sysvcompat: symlink package to provide sysvinit binaries'
'systemd-ukify: combine kernel and initrd into a signed Unified Kernel Image'
@@ -492,8 +491,7 @@ package_systemd() {
'libfido2: unlocking LUKS2 volumes with FIDO2 token'
'libp11-kit: support PKCS#11'
'tpm2-tss: unlocking LUKS2 volumes with TPM2')
- backup=(etc/pam.d/systemd-user
- etc/systemd/coredump.conf
+ backup=(etc/systemd/coredump.conf
etc/systemd/homed.conf
etc/systemd/journald.conf
etc/systemd/journal-remote.conf
@@ -529,7 +527,7 @@ package_systemd() {
rm -rf systemd-boot systemd-ukify systemd-sysvcompat systemd-tests
# Yet, only if $pkgrel is unchanged, due to libsystemd-shared-${pkgver}-${pkgrel}.so
# TODO: do any built files depend on this? or needs only match the package DB deps?
- mv "$pkgdir"/usr/lib/systemd/libsystemd-shared-${pkgver}-{*,${pkgrel}}.so
+ #mv "$pkgdir"/usr/lib/systemd/libsystemd-shared-${pkgver}-{*,${pkgrel}}.so
cd "$pkgdir"
@@ -649,7 +647,7 @@ package_systemd() {
rm -- "$pkgdir"/usr/share/libalpm/hooks/*{udev,hwdb}* # Parabola: moved to 'systmed-udev'
# overwrite the systemd-user PAM configuration with our own
- install -D -m0644 systemd-user.pam "$pkgdir"/etc/pam.d/systemd-user
+ install -D -m0644 systemd-user.pam "$pkgdir"/usr/lib/pam.d/systemd-user
# create a directory for cryptsetup keys
install -d -m0700 "$pkgdir"/etc/cryptsetup-keys.d
diff --git a/libre/systemd/REUSE.toml b/libre/systemd/REUSE.toml
new file mode 100644
index 000000000..d7285be64
--- /dev/null
+++ b/libre/systemd/REUSE.toml
@@ -0,0 +1,33 @@
+version = 1
+
+[[annotations]]
+path = [
+ "PKGBUILD",
+ "README.md",
+ "arch.conf",
+ "keys/**",
+ "loader.conf",
+ "splash-arch.bmp",
+ "systemd-hook",
+ ".SRCINFO",
+ ".nvchecker.toml",
+ "*.install",
+ "*.sysusers",
+ "*.tmpfiles",
+ "*.logrotate",
+ "*.pam",
+ "*.service",
+ "*.socket",
+ "*.timer",
+ "*.desktop",
+ "*.hook",
+]
+SPDX-FileCopyrightText = "Arch Linux contributors"
+SPDX-License-Identifier = "0BSD"
+
+[[annotations]]
+path = [
+ "0001-Use-Arch-Linux-device-access-groups.patch",
+]
+SPDX-FileCopyrightText = "systemd contributors"
+SPDX-License-Identifier = "LGPL-2.1-or-later"
diff --git a/libre/systemd/loader.conf b/libre/systemd/loader.conf
index a064e3463..d48ce06dc 100644
--- a/libre/systemd/loader.conf
+++ b/libre/systemd/loader.conf
@@ -1 +1 @@
-default parabola
+default parabola.conf
diff --git a/libre/systemd/systemd-hook b/libre/systemd/systemd-hook
index 07f20e733..0a13f20a8 100644
--- a/libre/systemd/systemd-hook
+++ b/libre/systemd/systemd-hook
@@ -10,14 +10,14 @@ skip_chrooted() {
systemd_live() {
skip_chrooted
- if ! systemd-notify --booted >/dev/null 2>&1; then
+ if ! systemd-notify --booted; then
echo >&2 " Skipped: Current root is not booted."
exit 0
fi
}
udevd_live() {
- skip_chrooted
+ systemd_live
if [ ! -S /run/udev/control ]; then
echo >&2 " Skipped: Device manager is not running."
@@ -80,6 +80,12 @@ case "$op" in
/usr/bin/systemctl try-reload-or-restart "$@"
;;
+ # For use by other packages
+ restart)
+ systemd_live
+ /usr/bin/systemctl try-restart "$@"
+ ;;
+
*)
echo >&2 " Invalid operation '$op'"
exit 1
diff --git a/libre/systemd/systemd-user.pam b/libre/systemd/systemd-user.pam
index 83f762696..84426433d 100644
--- a/libre/systemd/systemd-user.pam
+++ b/libre/systemd/systemd-user.pam
@@ -1,5 +1,10 @@
# Used by systemd --user instances.
-account include system-login
-session required pam_loginuid.so
-session include system-login
+account include system-login
+
+session required pam_loginuid.so
+session optional pam_keyinit.so force revoke
+session include system-auth
+session optional pam_umask.so
+session optional pam_systemd.so
+session required pam_env.so
--
2.52.0
_______________________________________________
Dev mailing list
[email protected]
https://lists.parabola.nu/mailman/listinfo/dev
