[arch-commits] Commit in lib32-systemd/repos (4 files)

Christian Hesse eworm at archlinux.org
Mon Oct 9 20:34:46 UTC 2017


    Date: Monday, October 9, 2017 @ 20:34:45
  Author: eworm
Revision: 262249

archrelease: copy trunk to community-testing-x86_64

Added:
  lib32-systemd/repos/community-testing-x86_64/
  lib32-systemd/repos/community-testing-x86_64/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch
    (from rev 262248, lib32-systemd/trunk/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch)
  lib32-systemd/repos/community-testing-x86_64/0001-disable-RestrictAddressFamilies-on-i686.patch
    (from rev 262248, lib32-systemd/trunk/0001-disable-RestrictAddressFamilies-on-i686.patch)
  lib32-systemd/repos/community-testing-x86_64/PKGBUILD
    (from rev 262248, lib32-systemd/trunk/PKGBUILD)

-----------------------------------------------------------------+
 0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch |   62 ++++
 0001-disable-RestrictAddressFamilies-on-i686.patch              |   30 ++
 PKGBUILD                                                        |  139 ++++++++++
 3 files changed, 231 insertions(+)

Copied: lib32-systemd/repos/community-testing-x86_64/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch (from rev 262248, lib32-systemd/trunk/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch)
===================================================================
--- community-testing-x86_64/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch	                        (rev 0)
+++ community-testing-x86_64/0001-Revert-nspawn-try-to-bind-mount-resolved-s-resolv.co.patch	2017-10-09 20:34:45 UTC (rev 262249)
@@ -0,0 +1,62 @@
+From 481712d9ee88395042f0640f272c1f87142bc0a8 Mon Sep 17 00:00:00 2001
+From: Dave Reisner <dreisner at archlinux.org>
+Date: Wed, 9 Nov 2016 11:14:03 -0500
+Subject: [PATCH] Revert "nspawn: try to bind mount resolved's resolv.conf
+ snippet into the container"
+
+This reverts commit 3539724c26a1b2b00c4eb3c004b635a4b8647de6.
+---
+ src/nspawn/nspawn.c | 27 ++++++++-------------------
+ 1 file changed, 8 insertions(+), 19 deletions(-)
+
+diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
+index c8b18bc..93df7c6 100644
+--- a/src/nspawn/nspawn.c
++++ b/src/nspawn/nspawn.c
+@@ -1309,35 +1309,24 @@ static int setup_resolv_conf(const char *dest) {
+         /* Fix resolv.conf, if possible */
+         where = prefix_roota(dest, "/etc/resolv.conf");
+ 
+-        if (access("/usr/lib/systemd/resolv.conf", F_OK) >= 0) {
+-                /* resolved is enabled on the host. In this, case bind mount its static resolv.conf file into the
+-                 * container, so that the container can use the host's resolver. Given that network namespacing is
+-                 * disabled it's only natural of the container also uses the host's resolver. It also has the big
+-                 * advantage that the container will be able to follow the host's DNS server configuration changes
+-                 * transparently. */
+-
+-                r = mount_verbose(LOG_WARNING, "/usr/lib/systemd/resolv.conf", where, NULL, MS_BIND, NULL);
+-                if (r >= 0)
+-                        return mount_verbose(LOG_ERR, NULL, where, NULL,
+-                                             MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NOSUID|MS_NODEV, NULL);
+-        }
+-
+-        /* If that didn't work, let's copy the file */
+         r = copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW, 0644, 0);
+         if (r < 0) {
+-                /* If the file already exists as symlink, let's suppress the warning, under the assumption that
+-                 * resolved or something similar runs inside and the symlink points there.
++                /* If the file already exists as symlink, let's
++                 * suppress the warning, under the assumption that
++                 * resolved or something similar runs inside and the
++                 * symlink points there.
+                  *
+-                 * If the disk image is read-only, there's also no point in complaining.
++                 * If the disk image is read-only, there's also no
++                 * point in complaining.
+                  */
+                 log_full_errno(IN_SET(r, -ELOOP, -EROFS) ? LOG_DEBUG : LOG_WARNING, r,
+-                               "Failed to copy /etc/resolv.conf to %s, ignoring: %m", where);
++                               "Failed to copy /etc/resolv.conf to %s: %m", where);
+                 return 0;
+         }
+ 
+         r = userns_lchown(where, 0, 0);
+         if (r < 0)
+-                log_warning_errno(r, "Failed to chown /etc/resolv.conf, ignoring: %m");
++                log_warning_errno(r, "Failed to chown /etc/resolv.conf: %m");
+ 
+         return 0;
+ }
+-- 
+2.10.2
+

Copied: lib32-systemd/repos/community-testing-x86_64/0001-disable-RestrictAddressFamilies-on-i686.patch (from rev 262248, lib32-systemd/trunk/0001-disable-RestrictAddressFamilies-on-i686.patch)
===================================================================
--- community-testing-x86_64/0001-disable-RestrictAddressFamilies-on-i686.patch	                        (rev 0)
+++ community-testing-x86_64/0001-disable-RestrictAddressFamilies-on-i686.patch	2017-10-09 20:34:45 UTC (rev 262249)
@@ -0,0 +1,30 @@
+From ff59e06f9423af0532aaeedf931474823f764875 Mon Sep 17 00:00:00 2001
+From: Dave Reisner <dreisner at archlinux.org>
+Date: Wed, 9 Nov 2016 08:00:26 -0500
+Subject: [PATCH] disable RestrictAddressFamilies on i686
+
+Shit's broke, yo.
+
+https://github.com/systemd/systemd/issues/4575
+---
+ src/core/execute.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/core/execute.c b/src/core/execute.c
+index f666f7c..7d09154 100644
+--- a/src/core/execute.c
++++ b/src/core/execute.c
+@@ -1254,6 +1254,10 @@ static int apply_address_families(const Unit* u, const ExecContext *c) {
+         Iterator i;
+         int r;
+ 
++#if defined(__i386__)
++        return 0;
++#endif
++
+         assert(c);
+ 
+         if (skip_seccomp_unavailable(u, "RestrictAddressFamilies="))
+-- 
+2.10.2
+

Copied: lib32-systemd/repos/community-testing-x86_64/PKGBUILD (from rev 262248, lib32-systemd/trunk/PKGBUILD)
===================================================================
--- community-testing-x86_64/PKGBUILD	                        (rev 0)
+++ community-testing-x86_64/PKGBUILD	2017-10-09 20:34:45 UTC (rev 262249)
@@ -0,0 +1,139 @@
+# $Id$
+# Maintainer: Christian Hesse <mail at eworm.de>
+# Maintainer: Dave Reisner <dreisner at archlinux.org>
+# Maintainer: Tom Gundersen <teg at jklm.no>
+
+pkgname=lib32-systemd
+_pkgbasename=systemd
+# latest commit on stable branch
+_commit='c1719d8bc924ed59448616bd748671c5c7a66d93'
+# Bump this to latest major release for signed tag verification,
+# the commit count is handled by pkgver() function.
+pkgver=235.0
+pkgrel=1
+pkgdesc="system and service manager (32-bit)"
+arch=('x86_64')
+url="https://www.github.com/systemd/systemd"
+license=('GPL2' 'LGPL2.1')
+depends=('lib32-libgcrypt' 'lib32-xz' 'lib32-libcap' 'lib32-gcc-libs' 'systemd')
+makedepends=('lib32-gcc-libs' 'gcc-multilib' 'lib32-libidn' 'lib32-glib2' 'intltool' 'gperf'
+             'lib32-curl' 'lib32-bzip2' 'lib32-acl' 'lib32-gnutls' 'git' 'meson' 'libxslt')
+options=('strip')
+validpgpkeys=('63CDA1E5D3FC22B998D20DD6327F26951A015CC4')  # Lennart Poettering <lennart at poettering.net>
+source=('git://github.com/systemd/systemd-stable.git'
+        'git://github.com/systemd/systemd.git') # pull in for tags, backports & reverts
+sha256sums=('SKIP'
+         'SKIP')
+
+_backports=(
+)
+
+_reverts=(
+)
+
+_validate_tag() {
+  local success fingerprint trusted status tag=v${pkgver%.*}
+
+  parse_gpg_statusfile /dev/stdin < <(git verify-tag --raw "$tag" 2>&1)
+
+  if (( ! success )); then
+    error 'failed to validate tag %s\n' "$tag"
+    return 1
+  fi
+
+  if ! in_array "$fingerprint" "${validpgpkeys[@]}" && (( ! trusted )); then
+    error 'unknown or untrusted public key: %s\n' "$fingerprint"
+    return 1
+  fi
+
+  case $status in
+    'expired')
+      warning 'the signature has expired'
+      ;;
+    'expiredkey')
+      warning 'the key has expired'
+      ;;
+  esac
+
+  return 0
+}
+
+pkgver() {
+  local version count
+
+  cd "$_pkgbasename-stable"
+
+  version="$(git describe --abbrev=0 --tags)"
+  count="$(git rev-list --count ${version}..)"
+  printf '%s.%s' "${version#v}" "${count}"
+}
+
+prepare() {
+  cd "$_pkgbasename-stable"
+
+  git remote add upstream ../systemd/
+  git fetch --all
+
+  git checkout "${_commit}"
+
+  _validate_tag || return
+
+  local _commit
+  for _commit in "${_backports[@]}"; do
+    git cherry-pick -n "$_commit"
+  done
+  for _commit in "${_reverts[@]}"; do
+    git revert -n "$_commit"
+  done
+}
+
+build() {
+  export CC="gcc -m32"
+  export CXX="g++ -m32"
+  export PKG_CONFIG_PATH="/usr/lib32/pkgconfig"
+
+  local timeservers=({0..3}.arch.pool.ntp.org)
+
+  local meson_options=(
+    --libexecdir	/usr/lib32
+    --libdir		/usr/lib32
+
+    -Daudit=false
+    -Dgnuefi=false
+    -Dima=false
+    -Dlz4=false
+    -Dblkid=false
+    -Dkmod=false
+    -Dlibcryptsetup=false
+    -Dlibiptc=false
+    -Dmanpages=false
+    -Dnetworkd=false
+    -Dpam=false
+    -Dpython=false
+    -Dseccomp=false
+    -Dman=false
+    -Dhtml=false
+
+    -Ddbuspolicydir=/usr/share/dbus-1/system.d
+    -Ddefault-dnssec=no
+    # TODO(dreisner): consider changing this to unified
+    -Ddefault-hierarchy=hybrid
+    -Ddefault-kill-user-processes=false
+    -Dfallback-hostname='archlinux'
+    -Dntp-servers="${timeservers[*]}"
+    -Drpmmacrosdir=no
+    -Dsysvinit-path=
+    -Dsysvrcnd-path=
+  )
+
+  arch-meson "$_pkgbasename-stable" build "${meson_options[@]}"
+
+  ninja -C build
+}
+
+package() {
+  DESTDIR="$pkgdir" ninja -C build install
+
+  rm -rf "${pkgdir}"/{etc,var}
+  rm -rf "${pkgdir}"/usr/{bin,include,lib,share}
+}



More information about the arch-commits mailing list