[arch-commits] Commit in lib32-systemd/trunk (3 files)
Laurent Carlier
lcarlier at archlinux.org
Mon Dec 5 20:33:44 UTC 2016
Date: Monday, December 5, 2016 @ 20:33:43
Author: lcarlier
Revision: 198071
upgpkg: lib32-systemd 232-1
upstream update 232
Added:
lib32-systemd/trunk/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch
lib32-systemd/trunk/0001-disable-RestrictAddressFamilies-on-i686.patch
Modified:
lib32-systemd/trunk/PKGBUILD
-----------------------------------------------------------------+
0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch | 62 ++++++++++
0001-disable-RestrictAddressFamilies-on-i686.patch | 30 ++++
PKGBUILD | 60 ++++++++-
3 files changed, 147 insertions(+), 5 deletions(-)
Added: 0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch
===================================================================
--- 0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch (rev 0)
+++ 0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch 2016-12-05 20:33:43 UTC (rev 198071)
@@ -0,0 +1,62 @@
+From 481712d9ee88395042f0640f272c1f87142bc0a8 Mon Sep 17 00:00:00 2001
+From: Dave Reisner <dreisner at archlinux.org>
+Date: Wed, 9 Nov 2016 11:14:03 -0500
+Subject: [PATCH] Revert "nspawn: try to bind mount resolved's resolv.conf
+ snippet into the container"
+
+This reverts commit 3539724c26a1b2b00c4eb3c004b635a4b8647de6.
+---
+ src/nspawn/nspawn.c | 27 ++++++++-------------------
+ 1 file changed, 8 insertions(+), 19 deletions(-)
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index c8b18bc..93df7c6 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -1309,35 +1309,24 @@ static int setup_resolv_conf(const char *dest) {
+ /* Fix resolv.conf, if possible */
+ where = prefix_roota(dest, "/etc/resolv.conf");
+
+- if (access("/usr/lib/systemd/resolv.conf", F_OK) >= 0) {
+- /* resolved is enabled on the host. In this, case bind mount its static resolv.conf file into the
+- * container, so that the container can use the host's resolver. Given that network namespacing is
+- * disabled it's only natural of the container also uses the host's resolver. It also has the big
+- * advantage that the container will be able to follow the host's DNS server configuration changes
+- * transparently. */
+-
+- r = mount_verbose(LOG_WARNING, "/usr/lib/systemd/resolv.conf", where, NULL, MS_BIND, NULL);
+- if (r >= 0)
+- return mount_verbose(LOG_ERR, NULL, where, NULL,
+- MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NOSUID|MS_NODEV, NULL);
+- }
+-
+- /* If that didn't work, let's copy the file */
+ r = copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW, 0644, 0);
+ if (r < 0) {
+- /* If the file already exists as symlink, let's suppress the warning, under the assumption that
+- * resolved or something similar runs inside and the symlink points there.
++ /* If the file already exists as symlink, let's
++ * suppress the warning, under the assumption that
++ * resolved or something similar runs inside and the
++ * symlink points there.
+ *
+- * If the disk image is read-only, there's also no point in complaining.
++ * If the disk image is read-only, there's also no
++ * point in complaining.
+ */
+ log_full_errno(IN_SET(r, -ELOOP, -EROFS) ? LOG_DEBUG : LOG_WARNING, r,
+- "Failed to copy /etc/resolv.conf to %s, ignoring: %m", where);
++ "Failed to copy /etc/resolv.conf to %s: %m", where);
+ return 0;
+ }
+
+ r = userns_lchown(where, 0, 0);
+ if (r < 0)
+- log_warning_errno(r, "Failed to chown /etc/resolv.conf, ignoring: %m");
++ log_warning_errno(r, "Failed to chown /etc/resolv.conf: %m");
+
+ return 0;
+ }
+--
+2.10.2
+
Added: 0001-disable-RestrictAddressFamilies-on-i686.patch
===================================================================
--- 0001-disable-RestrictAddressFamilies-on-i686.patch (rev 0)
+++ 0001-disable-RestrictAddressFamilies-on-i686.patch 2016-12-05 20:33:43 UTC (rev 198071)
@@ -0,0 +1,30 @@
+From ff59e06f9423af0532aaeedf931474823f764875 Mon Sep 17 00:00:00 2001
+From: Dave Reisner <dreisner at archlinux.org>
+Date: Wed, 9 Nov 2016 08:00:26 -0500
+Subject: [PATCH] disable RestrictAddressFamilies on i686
+
+Shit's broke, yo.
+
+https://github.com/systemd/systemd/issues/4575
+---
+ src/core/execute.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/core/execute.c b/src/core/execute.c
+index f666f7c..7d09154 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -1254,6 +1254,10 @@ static int apply_address_families(const Unit* u, const ExecContext *c) {
+ Iterator i;
+ int r;
+
++#if defined(__i386__)
++ return 0;
++#endif
++
+ assert(c);
+
+ if (skip_seccomp_unavailable(u, "RestrictAddressFamilies="))
+--
+2.10.2
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2016-12-05 20:12:03 UTC (rev 198070)
+++ PKGBUILD 2016-12-05 20:33:43 UTC (rev 198071)
@@ -4,28 +4,78 @@
pkgname=lib32-systemd
_pkgbasename=systemd
-pkgver=231
+pkgver=232
pkgrel=1
pkgdesc="system and service manager (32-bit)"
arch=('x86_64')
-url="http://www.freedesktop.org/wiki/Software/systemd"
+url="https://www.github.com/systemd/systemd"
license=('GPL2' 'LGPL2.1')
-depends=('lib32-libgcrypt' 'lib32-xz' 'lib32-libcap' 'lib32-acl' 'lib32-libidn' 'lib32-gcc-libs' 'systemd')
+depends=('lib32-libgcrypt' 'lib32-xz' 'lib32-libcap' 'lib32-gcc-libs' 'systemd')
makedepends=('lib32-gcc-libs' 'gcc-multilib' 'lib32-libidn' 'lib32-glib2' 'intltool' 'gperf'
'lib32-curl' 'lib32-bzip2' 'git')
-source=("git://github.com/systemd/systemd.git#tag=v$pkgver")
-md5sums=('SKIP')
+options=('strip')
+source=("git://github.com/systemd/systemd.git#tag=v$pkgver"
+ '0001-disable-RestrictAddressFamilies-on-i686.patch'
+ '0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch')
+md5sums=('SKIP'
+ '9536d399938a48fbf38c24e322f4f078'
+ '2f324d6ddd4fd78b73d453044292b9b1')
+validpgpkeys=(
+ '63CDA1E5D3FC22B998D20DD6327F26951A015CC4' # Lennart Poettering
+)
_backports=(
+ '843d5baf6aad6c53fc00ea8d95d83209a4f92de1' # core: don't use the unified hierarchy for the systemd cgroup yet (#4628)
+ 'abd67ce74858491565cde157c7b08fda43d3279c' # basic/virt: fix userns check on CONFIG_USER_NS=n kernel (#4651)
+ '4318abe8d26e969ebdb97744a63ab900233a0185' # build-sys: do not install ctrl-alt-del.target symlink twice
+ 'd112eae7da77899be245ab52aa1747d4675549f1' # device: Avoid calling unit_free(NULL) in device setup logic (#4748)
)
+_validate_tag() {
+ local success fingerprint trusted status tag=v$pkgver
+
+ parse_gpg_statusfile /dev/stdin < <(git verify-tag --raw "$tag" 2>&1)
+
+ if (( ! success )); then
+ error 'failed to validate tag %s\n' "$tag"
+ return 1
+ fi
+
+ if ! in_array "$fingerprint" "${validpgpkeys[@]}" && (( ! trusted )); then
+ error 'unknown or untrusted public key: %s\n' "$fingerprint"
+ return 1
+ fi
+
+ case $status in
+ 'expired')
+ warning 'the signature has expired'
+ ;;
+ 'expiredkey')
+ warning 'the key has expired'
+ ;;
+ esac
+
+ return 0
+}
+
prepare() {
cd systemd
+ _validate_tag || return
+
if (( ${#_backports[*]} > 0 )); then
git cherry-pick -n "${_backports[@]}"
fi
+ # these patches aren't upstream, but they make v232 more useable.
+
+ # https://github.com/systemd/systemd/issues/4575
+ patch -Np1 <../0001-disable-RestrictAddressFamilies-on-i686.patch
+
+ # https://github.com/systemd/systemd/issues/4595
+ # https://github.com/systemd/systemd/issues/3826
+ patch -Np1 <../0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch
+
./autogen.sh
}
More information about the arch-commits
mailing list