[arch-commits] Commit in lib32-systemd/repos (4 files)
Christian Hesse
eworm at archlinux.org
Mon Oct 9 20:34:46 UTC 2017
Date: Monday, October 9, 2017 @ 20:34:45
Author: eworm
Revision: 262249
archrelease: copy trunk to community-testing-x86_64
Added:
lib32-systemd/repos/community-testing-x86_64/
lib32-systemd/repos/community-testing-x86_64/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch
(from rev 262248, lib32-systemd/trunk/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch)
lib32-systemd/repos/community-testing-x86_64/0001-disable-RestrictAddressFamilies-on-i686.patch
(from rev 262248, lib32-systemd/trunk/0001-disable-RestrictAddressFamilies-on-i686.patch)
lib32-systemd/repos/community-testing-x86_64/PKGBUILD
(from rev 262248, lib32-systemd/trunk/PKGBUILD)
-----------------------------------------------------------------+
0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch | 62 ++++
0001-disable-RestrictAddressFamilies-on-i686.patch | 30 ++
PKGBUILD | 139 ++++++++++
3 files changed, 231 insertions(+)
Copied: lib32-systemd/repos/community-testing-x86_64/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch (from rev 262248, lib32-systemd/trunk/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch)
===================================================================
--- community-testing-x86_64/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch (rev 0)
+++ community-testing-x86_64/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch 2017-10-09 20:34:45 UTC (rev 262249)
@@ -0,0 +1,62 @@
+From 481712d9ee88395042f0640f272c1f87142bc0a8 Mon Sep 17 00:00:00 2001
+From: Dave Reisner <dreisner at archlinux.org>
+Date: Wed, 9 Nov 2016 11:14:03 -0500
+Subject: [PATCH] Revert "nspawn: try to bind mount resolved's resolv.conf
+ snippet into the container"
+
+This reverts commit 3539724c26a1b2b00c4eb3c004b635a4b8647de6.
+---
+ src/nspawn/nspawn.c | 27 ++++++++-------------------
+ 1 file changed, 8 insertions(+), 19 deletions(-)
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index c8b18bc..93df7c6 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -1309,35 +1309,24 @@ static int setup_resolv_conf(const char *dest) {
+ /* Fix resolv.conf, if possible */
+ where = prefix_roota(dest, "/etc/resolv.conf");
+
+- if (access("/usr/lib/systemd/resolv.conf", F_OK) >= 0) {
+- /* resolved is enabled on the host. In this, case bind mount its static resolv.conf file into the
+- * container, so that the container can use the host's resolver. Given that network namespacing is
+- * disabled it's only natural of the container also uses the host's resolver. It also has the big
+- * advantage that the container will be able to follow the host's DNS server configuration changes
+- * transparently. */
+-
+- r = mount_verbose(LOG_WARNING, "/usr/lib/systemd/resolv.conf", where, NULL, MS_BIND, NULL);
+- if (r >= 0)
+- return mount_verbose(LOG_ERR, NULL, where, NULL,
+- MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NOSUID|MS_NODEV, NULL);
+- }
+-
+- /* If that didn't work, let's copy the file */
+ r = copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW, 0644, 0);
+ if (r < 0) {
+- /* If the file already exists as symlink, let's suppress the warning, under the assumption that
+- * resolved or something similar runs inside and the symlink points there.
++ /* If the file already exists as symlink, let's
++ * suppress the warning, under the assumption that
++ * resolved or something similar runs inside and the
++ * symlink points there.
+ *
+- * If the disk image is read-only, there's also no point in complaining.
++ * If the disk image is read-only, there's also no
++ * point in complaining.
+ */
+ log_full_errno(IN_SET(r, -ELOOP, -EROFS) ? LOG_DEBUG : LOG_WARNING, r,
+- "Failed to copy /etc/resolv.conf to %s, ignoring: %m", where);
++ "Failed to copy /etc/resolv.conf to %s: %m", where);
+ return 0;
+ }
+
+ r = userns_lchown(where, 0, 0);
+ if (r < 0)
+- log_warning_errno(r, "Failed to chown /etc/resolv.conf, ignoring: %m");
++ log_warning_errno(r, "Failed to chown /etc/resolv.conf: %m");
+
+ return 0;
+ }
+--
+2.10.2
+
Copied: lib32-systemd/repos/community-testing-x86_64/0001-disable-RestrictAddressFamilies-on-i686.patch (from rev 262248, lib32-systemd/trunk/0001-disable-RestrictAddressFamilies-on-i686.patch)
===================================================================
--- community-testing-x86_64/0001-disable-RestrictAddressFamilies-on-i686.patch (rev 0)
+++ community-testing-x86_64/0001-disable-RestrictAddressFamilies-on-i686.patch 2017-10-09 20:34:45 UTC (rev 262249)
@@ -0,0 +1,30 @@
+From ff59e06f9423af0532aaeedf931474823f764875 Mon Sep 17 00:00:00 2001
+From: Dave Reisner <dreisner at archlinux.org>
+Date: Wed, 9 Nov 2016 08:00:26 -0500
+Subject: [PATCH] disable RestrictAddressFamilies on i686
+
+Shit's broke, yo.
+
+https://github.com/systemd/systemd/issues/4575
+---
+ src/core/execute.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/core/execute.c b/src/core/execute.c
+index f666f7c..7d09154 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -1254,6 +1254,10 @@ static int apply_address_families(const Unit* u, const ExecContext *c) {
+ Iterator i;
+ int r;
+
++#if defined(__i386__)
++ return 0;
++#endif
++
+ assert(c);
+
+ if (skip_seccomp_unavailable(u, "RestrictAddressFamilies="))
+--
+2.10.2
+
Copied: lib32-systemd/repos/community-testing-x86_64/PKGBUILD (from rev 262248, lib32-systemd/trunk/PKGBUILD)
===================================================================
--- community-testing-x86_64/PKGBUILD (rev 0)
+++ community-testing-x86_64/PKGBUILD 2017-10-09 20:34:45 UTC (rev 262249)
@@ -0,0 +1,139 @@
+# $Id$
+# Maintainer: Christian Hesse <mail at eworm.de>
+# Maintainer: Dave Reisner <dreisner at archlinux.org>
+# Maintainer: Tom Gundersen <teg at jklm.no>
+
+pkgname=lib32-systemd
+_pkgbasename=systemd
+# latest commit on stable branch
+_commit='c1719d8bc924ed59448616bd748671c5c7a66d93'
+# Bump this to latest major release for signed tag verification,
+# the commit count is handled by pkgver() function.
+pkgver=235.0
+pkgrel=1
+pkgdesc="system and service manager (32-bit)"
+arch=('x86_64')
+url="https://www.github.com/systemd/systemd"
+license=('GPL2' 'LGPL2.1')
+depends=('lib32-libgcrypt' 'lib32-xz' 'lib32-libcap' 'lib32-gcc-libs' 'systemd')
+makedepends=('lib32-gcc-libs' 'gcc-multilib' 'lib32-libidn' 'lib32-glib2' 'intltool' 'gperf'
+ 'lib32-curl' 'lib32-bzip2' 'lib32-acl' 'lib32-gnutls' 'git' 'meson' 'libxslt')
+options=('strip')
+validpgpkeys=('63CDA1E5D3FC22B998D20DD6327F26951A015CC4') # Lennart Poettering <lennart at poettering.net>
+source=('git://github.com/systemd/systemd-stable.git'
+ 'git://github.com/systemd/systemd.git') # pull in for tags, backports & reverts
+sha256sums=('SKIP'
+ 'SKIP')
+
+_backports=(
+)
+
+_reverts=(
+)
+
+_validate_tag() {
+ local success fingerprint trusted status tag=v${pkgver%.*}
+
+ parse_gpg_statusfile /dev/stdin < <(git verify-tag --raw "$tag" 2>&1)
+
+ if (( ! success )); then
+ error 'failed to validate tag %s\n' "$tag"
+ return 1
+ fi
+
+ if ! in_array "$fingerprint" "${validpgpkeys[@]}" && (( ! trusted )); then
+ error 'unknown or untrusted public key: %s\n' "$fingerprint"
+ return 1
+ fi
+
+ case $status in
+ 'expired')
+ warning 'the signature has expired'
+ ;;
+ 'expiredkey')
+ warning 'the key has expired'
+ ;;
+ esac
+
+ return 0
+}
+
+pkgver() {
+ local version count
+
+ cd "$_pkgbasename-stable"
+
+ version="$(git describe --abbrev=0 --tags)"
+ count="$(git rev-list --count ${version}..)"
+ printf '%s.%s' "${version#v}" "${count}"
+}
+
+prepare() {
+ cd "$_pkgbasename-stable"
+
+ git remote add upstream ../systemd/
+ git fetch --all
+
+ git checkout "${_commit}"
+
+ _validate_tag || return
+
+ local _commit
+ for _commit in "${_backports[@]}"; do
+ git cherry-pick -n "$_commit"
+ done
+ for _commit in "${_reverts[@]}"; do
+ git revert -n "$_commit"
+ done
+}
+
+build() {
+ export CC="gcc -m32"
+ export CXX="g++ -m32"
+ export PKG_CONFIG_PATH="/usr/lib32/pkgconfig"
+
+ local timeservers=({0..3}.arch.pool.ntp.org)
+
+ local meson_options=(
+ --libexecdir /usr/lib32
+ --libdir /usr/lib32
+
+ -Daudit=false
+ -Dgnuefi=false
+ -Dima=false
+ -Dlz4=false
+ -Dblkid=false
+ -Dkmod=false
+ -Dlibcryptsetup=false
+ -Dlibiptc=false
+ -Dmanpages=false
+ -Dnetworkd=false
+ -Dpam=false
+ -Dpython=false
+ -Dseccomp=false
+ -Dman=false
+ -Dhtml=false
+
+ -Ddbuspolicydir=/usr/share/dbus-1/system.d
+ -Ddefault-dnssec=no
+ # TODO(dreisner): consider changing this to unified
+ -Ddefault-hierarchy=hybrid
+ -Ddefault-kill-user-processes=false
+ -Dfallback-hostname='archlinux'
+ -Dntp-servers="${timeservers[*]}"
+ -Drpmmacrosdir=no
+ -Dsysvinit-path=
+ -Dsysvrcnd-path=
+ )
+
+ arch-meson "$_pkgbasename-stable" build "${meson_options[@]}"
+
+ ninja -C build
+}
+
+package() {
+ DESTDIR="$pkgdir" ninja -C build install
+
+ rm -rf "${pkgdir}"/{etc,var}
+ rm -rf "${pkgdir}"/usr/{bin,include,lib,share}
+}
More information about the arch-commits
mailing list