[arch-commits] Commit in lib32-systemd/repos/multilib-x86_64 (6 files)
Laurent Carlier
lcarlier at archlinux.org
Thu Jul 6 10:06:56 UTC 2017
Date: Thursday, July 6, 2017 @ 10:06:55
Author: lcarlier
Revision: 242541
archrelease: copy trunk to multilib-x86_64
Added:
lib32-systemd/repos/multilib-x86_64/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch
(from rev 242540, lib32-systemd/trunk/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch)
lib32-systemd/repos/multilib-x86_64/0001-disable-RestrictAddressFamilies-on-i686.patch
(from rev 242540, lib32-systemd/trunk/0001-disable-RestrictAddressFamilies-on-i686.patch)
lib32-systemd/repos/multilib-x86_64/PKGBUILD
(from rev 242540, lib32-systemd/trunk/PKGBUILD)
Deleted:
lib32-systemd/repos/multilib-x86_64/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch
lib32-systemd/repos/multilib-x86_64/0001-disable-RestrictAddressFamilies-on-i686.patch
lib32-systemd/repos/multilib-x86_64/PKGBUILD
-----------------------------------------------------------------+
0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch | 124 ++--
0001-disable-RestrictAddressFamilies-on-i686.patch | 60 +-
PKGBUILD | 295 +++++-----
3 files changed, 256 insertions(+), 223 deletions(-)
Deleted: 0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch
===================================================================
--- 0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch 2017-07-06 10:06:49 UTC (rev 242540)
+++ 0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch 2017-07-06 10:06:55 UTC (rev 242541)
@@ -1,62 +0,0 @@
-From 481712d9ee88395042f0640f272c1f87142bc0a8 Mon Sep 17 00:00:00 2001
-From: Dave Reisner <dreisner at archlinux.org>
-Date: Wed, 9 Nov 2016 11:14:03 -0500
-Subject: [PATCH] Revert "nspawn: try to bind mount resolved's resolv.conf
- snippet into the container"
-
-This reverts commit 3539724c26a1b2b00c4eb3c004b635a4b8647de6.
----
- src/nspawn/nspawn.c | 27 ++++++++-------------------
- 1 file changed, 8 insertions(+), 19 deletions(-)
-
-diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
-index c8b18bc..93df7c6 100644
---- a/src/nspawn/nspawn.c
-+++ b/src/nspawn/nspawn.c
-@@ -1309,35 +1309,24 @@ static int setup_resolv_conf(const char *dest) {
- /* Fix resolv.conf, if possible */
- where = prefix_roota(dest, "/etc/resolv.conf");
-
-- if (access("/usr/lib/systemd/resolv.conf", F_OK) >= 0) {
-- /* resolved is enabled on the host. In this, case bind mount its static resolv.conf file into the
-- * container, so that the container can use the host's resolver. Given that network namespacing is
-- * disabled it's only natural of the container also uses the host's resolver. It also has the big
-- * advantage that the container will be able to follow the host's DNS server configuration changes
-- * transparently. */
--
-- r = mount_verbose(LOG_WARNING, "/usr/lib/systemd/resolv.conf", where, NULL, MS_BIND, NULL);
-- if (r >= 0)
-- return mount_verbose(LOG_ERR, NULL, where, NULL,
-- MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NOSUID|MS_NODEV, NULL);
-- }
--
-- /* If that didn't work, let's copy the file */
- r = copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW, 0644, 0);
- if (r < 0) {
-- /* If the file already exists as symlink, let's suppress the warning, under the assumption that
-- * resolved or something similar runs inside and the symlink points there.
-+ /* If the file already exists as symlink, let's
-+ * suppress the warning, under the assumption that
-+ * resolved or something similar runs inside and the
-+ * symlink points there.
- *
-- * If the disk image is read-only, there's also no point in complaining.
-+ * If the disk image is read-only, there's also no
-+ * point in complaining.
- */
- log_full_errno(IN_SET(r, -ELOOP, -EROFS) ? LOG_DEBUG : LOG_WARNING, r,
-- "Failed to copy /etc/resolv.conf to %s, ignoring: %m", where);
-+ "Failed to copy /etc/resolv.conf to %s: %m", where);
- return 0;
- }
-
- r = userns_lchown(where, 0, 0);
- if (r < 0)
-- log_warning_errno(r, "Failed to chown /etc/resolv.conf, ignoring: %m");
-+ log_warning_errno(r, "Failed to chown /etc/resolv.conf: %m");
-
- return 0;
- }
---
-2.10.2
-
Copied: lib32-systemd/repos/multilib-x86_64/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch (from rev 242540, lib32-systemd/trunk/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch)
===================================================================
--- 0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch (rev 0)
+++ 0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch 2017-07-06 10:06:55 UTC (rev 242541)
@@ -0,0 +1,62 @@
+From 481712d9ee88395042f0640f272c1f87142bc0a8 Mon Sep 17 00:00:00 2001
+From: Dave Reisner <dreisner at archlinux.org>
+Date: Wed, 9 Nov 2016 11:14:03 -0500
+Subject: [PATCH] Revert "nspawn: try to bind mount resolved's resolv.conf
+ snippet into the container"
+
+This reverts commit 3539724c26a1b2b00c4eb3c004b635a4b8647de6.
+---
+ src/nspawn/nspawn.c | 27 ++++++++-------------------
+ 1 file changed, 8 insertions(+), 19 deletions(-)
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index c8b18bc..93df7c6 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -1309,35 +1309,24 @@ static int setup_resolv_conf(const char *dest) {
+ /* Fix resolv.conf, if possible */
+ where = prefix_roota(dest, "/etc/resolv.conf");
+
+- if (access("/usr/lib/systemd/resolv.conf", F_OK) >= 0) {
+- /* resolved is enabled on the host. In this, case bind mount its static resolv.conf file into the
+- * container, so that the container can use the host's resolver. Given that network namespacing is
+- * disabled it's only natural of the container also uses the host's resolver. It also has the big
+- * advantage that the container will be able to follow the host's DNS server configuration changes
+- * transparently. */
+-
+- r = mount_verbose(LOG_WARNING, "/usr/lib/systemd/resolv.conf", where, NULL, MS_BIND, NULL);
+- if (r >= 0)
+- return mount_verbose(LOG_ERR, NULL, where, NULL,
+- MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NOSUID|MS_NODEV, NULL);
+- }
+-
+- /* If that didn't work, let's copy the file */
+ r = copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW, 0644, 0);
+ if (r < 0) {
+- /* If the file already exists as symlink, let's suppress the warning, under the assumption that
+- * resolved or something similar runs inside and the symlink points there.
++ /* If the file already exists as symlink, let's
++ * suppress the warning, under the assumption that
++ * resolved or something similar runs inside and the
++ * symlink points there.
+ *
+- * If the disk image is read-only, there's also no point in complaining.
++ * If the disk image is read-only, there's also no
++ * point in complaining.
+ */
+ log_full_errno(IN_SET(r, -ELOOP, -EROFS) ? LOG_DEBUG : LOG_WARNING, r,
+- "Failed to copy /etc/resolv.conf to %s, ignoring: %m", where);
++ "Failed to copy /etc/resolv.conf to %s: %m", where);
+ return 0;
+ }
+
+ r = userns_lchown(where, 0, 0);
+ if (r < 0)
+- log_warning_errno(r, "Failed to chown /etc/resolv.conf, ignoring: %m");
++ log_warning_errno(r, "Failed to chown /etc/resolv.conf: %m");
+
+ return 0;
+ }
+--
+2.10.2
+
Deleted: 0001-disable-RestrictAddressFamilies-on-i686.patch
===================================================================
--- 0001-disable-RestrictAddressFamilies-on-i686.patch 2017-07-06 10:06:49 UTC (rev 242540)
+++ 0001-disable-RestrictAddressFamilies-on-i686.patch 2017-07-06 10:06:55 UTC (rev 242541)
@@ -1,30 +0,0 @@
-From ff59e06f9423af0532aaeedf931474823f764875 Mon Sep 17 00:00:00 2001
-From: Dave Reisner <dreisner at archlinux.org>
-Date: Wed, 9 Nov 2016 08:00:26 -0500
-Subject: [PATCH] disable RestrictAddressFamilies on i686
-
-Shit's broke, yo.
-
-https://github.com/systemd/systemd/issues/4575
----
- src/core/execute.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/core/execute.c b/src/core/execute.c
-index f666f7c..7d09154 100644
---- a/src/core/execute.c
-+++ b/src/core/execute.c
-@@ -1254,6 +1254,10 @@ static int apply_address_families(const Unit* u, const ExecContext *c) {
- Iterator i;
- int r;
-
-+#if defined(__i386__)
-+ return 0;
-+#endif
-+
- assert(c);
-
- if (skip_seccomp_unavailable(u, "RestrictAddressFamilies="))
---
-2.10.2
-
Copied: lib32-systemd/repos/multilib-x86_64/0001-disable-RestrictAddressFamilies-on-i686.patch (from rev 242540, lib32-systemd/trunk/0001-disable-RestrictAddressFamilies-on-i686.patch)
===================================================================
--- 0001-disable-RestrictAddressFamilies-on-i686.patch (rev 0)
+++ 0001-disable-RestrictAddressFamilies-on-i686.patch 2017-07-06 10:06:55 UTC (rev 242541)
@@ -0,0 +1,30 @@
+From ff59e06f9423af0532aaeedf931474823f764875 Mon Sep 17 00:00:00 2001
+From: Dave Reisner <dreisner at archlinux.org>
+Date: Wed, 9 Nov 2016 08:00:26 -0500
+Subject: [PATCH] disable RestrictAddressFamilies on i686
+
+Shit's broke, yo.
+
+https://github.com/systemd/systemd/issues/4575
+---
+ src/core/execute.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/core/execute.c b/src/core/execute.c
+index f666f7c..7d09154 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -1254,6 +1254,10 @@ static int apply_address_families(const Unit* u, const ExecContext *c) {
+ Iterator i;
+ int r;
+
++#if defined(__i386__)
++ return 0;
++#endif
++
+ assert(c);
+
+ if (skip_seccomp_unavailable(u, "RestrictAddressFamilies="))
+--
+2.10.2
+
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2017-07-06 10:06:49 UTC (rev 242540)
+++ PKGBUILD 2017-07-06 10:06:55 UTC (rev 242541)
@@ -1,131 +0,0 @@
-# $Id$
-# Maintainer: Dave Reisner <dreisner at archlinux.org>
-# Maintainer: Tom Gundersen <teg at jklm.no>
-
-pkgname=lib32-systemd
-_pkgbasename=systemd
-pkgver=232
-pkgrel=1
-pkgdesc="system and service manager (32-bit)"
-arch=('x86_64')
-url="https://www.github.com/systemd/systemd"
-license=('GPL2' 'LGPL2.1')
-depends=('lib32-libgcrypt' 'lib32-xz' 'lib32-libcap' 'lib32-gcc-libs' 'systemd')
-makedepends=('lib32-gcc-libs' 'gcc-multilib' 'lib32-libidn' 'lib32-glib2' 'intltool' 'gperf'
- 'lib32-curl' 'lib32-bzip2' 'git')
-options=('strip')
-source=("git://github.com/systemd/systemd.git#tag=v$pkgver"
- '0001-disable-RestrictAddressFamilies-on-i686.patch'
- '0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch')
-md5sums=('SKIP'
- '9536d399938a48fbf38c24e322f4f078'
- '2f324d6ddd4fd78b73d453044292b9b1')
-validpgpkeys=(
- '63CDA1E5D3FC22B998D20DD6327F26951A015CC4' # Lennart Poettering
-)
-
-_backports=(
- '843d5baf6aad6c53fc00ea8d95d83209a4f92de1' # core: don't use the unified hierarchy for the systemd cgroup yet (#4628)
- 'abd67ce74858491565cde157c7b08fda43d3279c' # basic/virt: fix userns check on CONFIG_USER_NS=n kernel (#4651)
- '4318abe8d26e969ebdb97744a63ab900233a0185' # build-sys: do not install ctrl-alt-del.target symlink twice
- 'd112eae7da77899be245ab52aa1747d4675549f1' # device: Avoid calling unit_free(NULL) in device setup logic (#4748)
-)
-
-_validate_tag() {
- local success fingerprint trusted status tag=v$pkgver
-
- parse_gpg_statusfile /dev/stdin < <(git verify-tag --raw "$tag" 2>&1)
-
- if (( ! success )); then
- error 'failed to validate tag %s\n' "$tag"
- return 1
- fi
-
- if ! in_array "$fingerprint" "${validpgpkeys[@]}" && (( ! trusted )); then
- error 'unknown or untrusted public key: %s\n' "$fingerprint"
- return 1
- fi
-
- case $status in
- 'expired')
- warning 'the signature has expired'
- ;;
- 'expiredkey')
- warning 'the key has expired'
- ;;
- esac
-
- return 0
-}
-
-prepare() {
- cd systemd
-
- _validate_tag || return
-
- if (( ${#_backports[*]} > 0 )); then
- git cherry-pick -n "${_backports[@]}"
- fi
-
- # these patches aren't upstream, but they make v232 more useable.
-
- # https://github.com/systemd/systemd/issues/4575
- patch -Np1 <../0001-disable-RestrictAddressFamilies-on-i686.patch
-
- # https://github.com/systemd/systemd/issues/4595
- # https://github.com/systemd/systemd/issues/3826
- patch -Np1 <../0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch
-
- ./autogen.sh
-}
-
-build() {
- export CC="gcc -m32"
- export CXX="g++ -m32"
- export PKG_CONFIG_PATH="/usr/lib32/pkgconfig"
-
- cd systemd
-
- local timeservers=({0..3}.arch.pool.ntp.org)
-
- local configure_options=(
- --libexecdir=/usr/lib32
- --libdir=/usr/lib32
- --localstatedir=/var
- --sysconfdir=/etc
-
- --disable-audit
- --disable-tests
- --disable-ima
- --disable-seccomp
- --disable-pam
- --disable-kmod
- --disable-networkd
- --disable-blkid
- --disable-libiptc
- --disable-lz4
- --disable-manpages
- --without-python
-
- --with-sysvinit-path=
- --with-sysvrcnd-path=
- --with-ntp-servers="${timeservers[*]}"
- --with-default-dnssec=no
- --with-dbuspolicydir=/usr/share/dbus-1/system.d
- --without-kill-user-processes
- )
- # --disable-libcryptsetup
-
- ./configure "${configure_options[@]}"
-
- make
-}
-
-package() {
- cd systemd
-
- make DESTDIR="$pkgdir" install
-
- rm -rf "${pkgdir}"/{etc,var}
- rm -rf "${pkgdir}"/usr/{bin,include,lib,share}
-}
Copied: lib32-systemd/repos/multilib-x86_64/PKGBUILD (from rev 242540, lib32-systemd/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2017-07-06 10:06:55 UTC (rev 242541)
@@ -0,0 +1,164 @@
+# $Id$ Maintainer: Dave Reisner <dreisner at archlinux.org> Maintainer: Tom Gundersen <teg at jklm.no>
+
+pkgname=lib32-systemd
+_pkgbasename=systemd
+# latest commit on stable branch
+_commit='27c7bc970d9e7ffe060688a8dd77b7747503a564'
+# Bump this to latest major release for signed tag verification,
+# the commit count is handled by pkgver() function.
+pkgver=233.75
+pkgrel=2
+pkgdesc="system and service manager (32-bit)"
+arch=('x86_64')
+url="https://www.github.com/systemd/systemd"
+license=('GPL2' 'LGPL2.1')
+depends=('lib32-libgcrypt' 'lib32-xz' 'lib32-libcap' 'lib32-gcc-libs' 'systemd')
+makedepends=('lib32-gcc-libs' 'gcc-multilib' 'lib32-libidn' 'lib32-glib2' 'intltool' 'gperf'
+ 'lib32-curl' 'lib32-bzip2' 'lib32-acl' 'git')
+options=('strip')
+source=("git://github.com/systemd/systemd-stable.git#commit=${_commit}"
+ 'git://github.com/systemd/systemd.git') # pull in for tags
+md5sums=('SKIP'
+ 'SKIP')
+validpgpkeys=(
+ '63CDA1E5D3FC22B998D20DD6327F26951A015CC4' # Lennart Poettering
+)
+
+_backports=(
+ # build-sys: make RPM macros installation path configurable
+ 'ff2e33db54719bfe8feea833571652318c6d197c'
+ # resolved: do not start LLMNR or mDNS stack when no network enables them
+ '2c7ef56459bf6fe7761595585aa4eed5cd183f27^..2c7ef56459bf6fe7761595585aa4eed5cd183f27^2'
+ # networkd: RFC compliant autonomous prefix handling (#5636)
+ '6554550f35a7976f9110aff94743d3576d5f02dd'
+ # core: do not print color console message about gc-ed jobs
+ '047d7219fde661698d3487fc49e9878c61eefd77'
+)
+
+_reverts=(
+ # core: store the invocation ID in the per-service keyring
+ 'b3415f5daef49642be3d5f417b8880c078420ff7'
+ # core: run each system service with a fresh session keyring
+ '74dd6b515fa968c5710b396a7664cac335e25ca8'
+)
+
+_validate_tag() {
+ local success fingerprint trusted status tag=v${pkgver%.*}
+
+ parse_gpg_statusfile /dev/stdin < <(git verify-tag --raw "$tag" 2>&1)
+
+ if (( ! success )); then
+ error 'failed to validate tag %s\n' "$tag"
+ return 1
+ fi
+
+ if ! in_array "$fingerprint" "${validpgpkeys[@]}" && (( ! trusted )); then
+ error 'unknown or untrusted public key: %s\n' "$fingerprint"
+ return 1
+ fi
+
+ case $status in
+ 'expired')
+ warning 'the signature has expired'
+ ;;
+ 'expiredkey')
+ warning 'the key has expired'
+ ;;
+ esac
+
+ return 0
+}
+
+pkgver() {
+ local version count
+
+ cd "$_pkgbasename-stable"
+
+ version="$(git describe --abbrev=0 --tags)"
+ count="$(git rev-list --count ${version}..)"
+ printf '%s.%s' "${version#v}" "${count}"
+}
+
+prepare() {
+ cd "$_pkgbasename-stable"
+
+ git remote add upstream ../systemd/
+ git fetch --all
+
+ _validate_tag || return
+
+ local _commit
+ for _commit in "${_backports[@]}"; do
+ git cherry-pick -n "$_commit"
+ done
+ for _commit in "${_reverts[@]}"; do
+ git revert -n "$_commit"
+ done
+
+ # nss-resolve: drop the internal fallback to libnss_dns
+ git show '5486a31d287f26bcd7c0a4eb2abfa4c074b985f1' -- \
+ 'Makefile.am' 'src/nss-resolve/nss-resolve.c' | git apply --index
+
+ # Resolved packet size (#6214) (FS#54619, CVE-2017-9445)
+ git show '751ca3f1de316ca79b60001334dbdf54077e1d01' \
+ 'db848813bae4d28c524b3b6a7dad135e426659ce' \
+ '88795538726a5bbfd9efc13d441cb05e1d7fc139' \
+ '64a21fdaca7c93f1c30b21f6fdbd2261798b161a' \
+ -- . ':!src/resolve/meson.build' | git apply --index
+
+ ./autogen.sh
+}
+
+build() {
+ export CC="gcc -m32"
+ export CXX="g++ -m32"
+ export PKG_CONFIG_PATH="/usr/lib32/pkgconfig"
+
+ cd "$_pkgbasename-stable"
+
+ local timeservers=({0..3}.arch.pool.ntp.org)
+
+ local configure_options=(
+ --libexecdir=/usr/lib32
+ --libdir=/usr/lib32
+ --localstatedir=/var
+ --sysconfdir=/etc
+
+ --disable-audit
+ --disable-tests
+ --disable-ima
+ --disable-seccomp
+ --disable-pam
+ --disable-kmod
+ --disable-networkd
+ --disable-blkid
+ --disable-libiptc
+ --disable-lz4
+ --disable-manpages
+ --disable-libcryptsetup
+ --without-python
+
+ --with-sysvinit-path=
+ --with-sysvrcnd-path=
+ --with-ntp-servers="${timeservers[*]}"
+ --with-default-dnssec=no
+ --with-dbuspolicydir=/usr/share/dbus-1/system.d
+ --without-kill-user-processes
+ --with-rpmmacrosdir=no
+ # TODO(dreisner): consider changing this to unified
+ --with-default-hierarchy=hybrid
+ )
+
+ ./configure "${configure_options[@]}"
+
+ make
+}
+
+package() {
+ cd "$_pkgbasename-stable"
+
+ make DESTDIR="$pkgdir" install
+
+ rm -rf "${pkgdir}"/{etc,var}
+ rm -rf "${pkgdir}"/usr/{bin,include,lib,share}
+}
More information about the arch-commits
mailing list