From 098dd7e0b58ad1f6f4dbce47e8d1cdce2f90f528 Mon Sep 17 00:00:00 2001 From: Juan RP Date: Tue, 4 Jun 2013 10:42:13 +0200 Subject: [PATCH] systemd: add 2 patches from git master to fix utmp and journal ACLs. --- srcpkgs/libudev/template | 14 +- ...lculate-the-ACL-mask-but-only-if-it-.patch | 87 ++++++ ...d-update-utmp-shutdown.service-into-.patch | 255 ++++++++++++++++++ srcpkgs/systemd/template | 14 +- 4 files changed, 358 insertions(+), 12 deletions(-) create mode 100644 srcpkgs/systemd/patches/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch create mode 100644 srcpkgs/systemd/patches/0001-utmp-turn-systemd-update-utmp-shutdown.service-into-.patch diff --git a/srcpkgs/libudev/template b/srcpkgs/libudev/template index 0ecd3b7d85..da84822d18 100644 --- a/srcpkgs/libudev/template +++ b/srcpkgs/libudev/template @@ -1,7 +1,7 @@ # Template file for 'libudev' pkgname=libudev version=204 -revision=2 +revision=5 wrksrc="systemd-${version}" build_style=gnu-configure configure_args="--libexecdir=/usr/lib --disable-selinux @@ -22,16 +22,18 @@ license="LGPL-2.1, GPL-2, MIT" distfiles="http://www.freedesktop.org/software/systemd/systemd-${version}.tar.xz" checksum=072c393503c7c1e55ca7acf3db659cbd28c7fe5fa94fab3db95360bafd96731b -hostmakedepends="pkg-config intltool gperf libxslt docbook-xsl" +hostmakedepends="pkg-config intltool gperf libxslt docbook-xsl + libtool automake gettext-devel" makedepends="attr-devel dbus-devel>=1.6.10_2 libcap-devel liblzma-devel libgcrypt-devel" if [ "$CROSS_BUILD" ]; then - hostmakedepends+=" libtool automake gettext-devel libgcrypt-devel" - pre_configure() { - autoreconf -fi - } + hostmakedepends+=" libgcrypt-devel" fi +pre_configure() { + autoreconf -fi +} + post_install() { # We are only interested in shlibs, headers and pc files. rm -rf ${DESTDIR}/{etc,var} diff --git a/srcpkgs/systemd/patches/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch b/srcpkgs/systemd/patches/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch new file mode 100644 index 0000000000..16bd6d8911 --- /dev/null +++ b/srcpkgs/systemd/patches/0001-journald-DO-recalculate-the-ACL-mask-but-only-if-it-.patch @@ -0,0 +1,87 @@ +From 23ad4dd8844c582929115a11ed2830a1371568d6 Mon Sep 17 00:00:00 2001 +From: "Jan Alexander Steffens (heftig)" +Date: Tue, 28 May 2013 20:45:34 +0200 +Subject: [PATCH] journald: DO recalculate the ACL mask, but only if it doesn't + exist + +Since 11ec7ce, journald isn't setting the ACLs properly anymore if +the files had no ACLs to begin with: acl_set_fd fails with EINVAL. + +An ACL with ACL_USER or ACL_GROUP entries but no ACL_MASK entry is +invalid, so make sure a mask exists before trying to set the ACL. +--- + src/journal/journald-server.c | 6 ++++-- + src/shared/acl-util.c | 28 ++++++++++++++++++++++++++++ + src/shared/acl-util.h | 1 + + 3 files changed, 33 insertions(+), 2 deletions(-) + +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index b717b92..da5b725 100644 +--- src/journal/journald-server.c ++++ src/journal/journald-server.c +@@ -227,9 +227,11 @@ void server_fix_perms(Server *s, JournalFile *f, uid_t uid) { + } + } + +- /* We do not recalculate the mask here, so that the fchmod() mask above stays intact. */ ++ /* We do not recalculate the mask unconditionally here, ++ * so that the fchmod() mask above stays intact. */ + if (acl_get_permset(entry, &permset) < 0 || +- acl_add_perm(permset, ACL_READ) < 0) { ++ acl_add_perm(permset, ACL_READ) < 0 || ++ calc_acl_mask_if_needed(&acl) < 0) { + log_warning("Failed to patch ACL on %s, ignoring: %m", f->path); + goto finish; + } +diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c +index 48bb12f..fb04e49 100644 +--- src/shared/acl-util.c ++++ src/shared/acl-util.c +@@ -69,6 +69,34 @@ int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry) { + return 0; + } + ++int calc_acl_mask_if_needed(acl_t *acl_p) { ++ acl_entry_t i; ++ int found; ++ ++ assert(acl_p); ++ ++ for (found = acl_get_entry(*acl_p, ACL_FIRST_ENTRY, &i); ++ found > 0; ++ found = acl_get_entry(*acl_p, ACL_NEXT_ENTRY, &i)) { ++ ++ acl_tag_t tag; ++ ++ if (acl_get_tag_type(i, &tag) < 0) ++ return -errno; ++ ++ if (tag == ACL_MASK) ++ return 0; ++ } ++ ++ if (found < 0) ++ return -errno; ++ ++ if (acl_calc_mask(acl_p) < 0) ++ return -errno; ++ ++ return 0; ++} ++ + int search_acl_groups(char*** dst, const char* path, bool* belong) { + acl_t acl; + +diff --git a/src/shared/acl-util.h b/src/shared/acl-util.h +index 23090d9..36ef490 100644 +--- src/shared/acl-util.h ++++ src/shared/acl-util.h +@@ -24,4 +24,5 @@ + #include + + int acl_find_uid(acl_t acl, uid_t uid, acl_entry_t *entry); ++int calc_acl_mask_if_needed(acl_t *acl_p); + int search_acl_groups(char*** dst, const char* path, bool* belong); +-- +1.8.3 + diff --git a/srcpkgs/systemd/patches/0001-utmp-turn-systemd-update-utmp-shutdown.service-into-.patch b/srcpkgs/systemd/patches/0001-utmp-turn-systemd-update-utmp-shutdown.service-into-.patch new file mode 100644 index 0000000000..711753a666 --- /dev/null +++ b/srcpkgs/systemd/patches/0001-utmp-turn-systemd-update-utmp-shutdown.service-into-.patch @@ -0,0 +1,255 @@ +From 3f92e4b4b61042391bd44de4dceb18177df0dd57 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 16 May 2013 00:19:03 +0200 +Subject: [PATCH] utmp: turn systemd-update-utmp-shutdown.service into a normal + runtime service + +With this change systemd-update-utmp-shutdown.service is replaced by +systemd-update-utmp.service which is started at boot and stays around +until shutdown. This allows us to properly order the unit against both +/var/log and auditd. + +https://bugzilla.redhat.com/show_bug.cgi?id=853104 +https://bugs.freedesktop.org/show_bug.cgi?id=64365 +--- + Makefile-man.am | 12 ++++++------ + Makefile.am | 8 ++++---- + ....service.xml => systemd-update-utmp.service.xml} | 16 ++++++++-------- + src/update-utmp/update-utmp.c | 2 +- + units/.gitignore | 2 +- + units/systemd-update-utmp-runlevel.service.in | 8 +++++--- + units/systemd-update-utmp-shutdown.service.in | 19 ------------------- + units/systemd-update-utmp.service.in | 21 +++++++++++++++++++++ + 8 files changed, 46 insertions(+), 42 deletions(-) + rename man/{systemd-update-utmp-runlevel.service.xml => systemd-update-utmp.service.xml} (82%) + delete mode 100644 units/systemd-update-utmp-shutdown.service.in + create mode 100644 units/systemd-update-utmp.service.in + +diff --git a/Makefile-man.am b/Makefile-man.am +index 7d62094..5888158 100644 +--- Makefile-man.am ++++ Makefile-man.am +@@ -72,7 +72,7 @@ MANPAGES += \ + man/systemd-tmpfiles.8 \ + man/systemd-tty-ask-password-agent.1 \ + man/systemd-udevd.service.8 \ +- man/systemd-update-utmp-runlevel.service.8 \ ++ man/systemd-update-utmp.service.8 \ + man/systemd.1 \ + man/systemd.automount.5 \ + man/systemd.device.5 \ +@@ -191,7 +191,7 @@ MANPAGES_ALIAS += \ + man/systemd-udevd-control.socket.8 \ + man/systemd-udevd-kernel.socket.8 \ + man/systemd-udevd.8 \ +- man/systemd-update-utmp-shutdown.service.8 \ ++ man/systemd-update-utmp-runlevel.service.8 \ + man/systemd-update-utmp.8 \ + man/systemd-user.conf.5 + man/SD_ALERT.3: man/sd-daemon.3 +@@ -289,8 +289,8 @@ man/systemd-tmpfiles-setup.service.8: man/systemd-tmpfiles.8 + man/systemd-udevd-control.socket.8: man/systemd-udevd.service.8 + man/systemd-udevd-kernel.socket.8: man/systemd-udevd.service.8 + man/systemd-udevd.8: man/systemd-udevd.service.8 +-man/systemd-update-utmp-shutdown.service.8: man/systemd-update-utmp-runlevel.service.8 +-man/systemd-update-utmp.8: man/systemd-update-utmp-runlevel.service.8 ++man/systemd-update-utmp-runlevel.service.8: man/systemd-update-utmp.service.8 ++man/systemd-update-utmp.8: man/systemd-update-utmp.service.8 + man/systemd-user.conf.5: man/systemd-system.conf.5 + man/SD_ALERT.html: man/sd-daemon.html + $(html-alias) +@@ -577,10 +577,10 @@ man/systemd-udevd-kernel.socket.html: man/systemd-udevd.service.html + man/systemd-udevd.html: man/systemd-udevd.service.html + $(html-alias) + +-man/systemd-update-utmp-shutdown.service.html: man/systemd-update-utmp-runlevel.service.html ++man/systemd-update-utmp-runlevel.service.html: man/systemd-update-utmp.service.html + $(html-alias) + +-man/systemd-update-utmp.html: man/systemd-update-utmp-runlevel.service.html ++man/systemd-update-utmp.html: man/systemd-update-utmp.service.html + $(html-alias) + + man/systemd-user.conf.html: man/systemd-system.conf.html +diff --git a/Makefile.am b/Makefile.am +index 8d8139c..4c5e6fc 100644 +--- Makefile.am ++++ Makefile.am +@@ -417,8 +417,8 @@ nodist_systemunit_DATA = \ + units/systemd-initctl.service \ + units/systemd-shutdownd.service \ + units/systemd-remount-fs.service \ ++ units/systemd-update-utmp.service \ + units/systemd-update-utmp-runlevel.service \ +- units/systemd-update-utmp-shutdown.service \ + units/systemd-tmpfiles-setup-dev.service \ + units/systemd-tmpfiles-setup.service \ + units/systemd-tmpfiles-clean.service \ +@@ -463,8 +463,8 @@ EXTRA_DIST += \ + units/systemd-initctl.service.in \ + units/systemd-shutdownd.service.in \ + units/systemd-remount-fs.service.in \ ++ units/systemd-update-utmp.service.in \ + units/systemd-update-utmp-runlevel.service.in \ +- units/systemd-update-utmp-shutdown.service.in \ + units/systemd-tmpfiles-setup-dev.service.in \ + units/systemd-tmpfiles-setup.service.in \ + units/systemd-tmpfiles-clean.service.in \ +@@ -4070,8 +4070,8 @@ RUNLEVEL4_TARGET_WANTS += \ + RUNLEVEL5_TARGET_WANTS += \ + systemd-update-utmp-runlevel.service + endif +-SHUTDOWN_TARGET_WANTS += \ +- systemd-update-utmp-shutdown.service ++SYSINIT_TARGET_WANTS += \ ++ systemd-update-utmp.service + LOCAL_FS_TARGET_WANTS += \ + systemd-remount-fs.service \ + systemd-fsck-root.service \ +diff --git a/man/systemd-update-utmp-runlevel.service.xml b/man/systemd-update-utmp.service.xml +similarity index 82% +rename from man/systemd-update-utmp-runlevel.service.xml +rename to man/systemd-update-utmp.service.xml +index 867b958..846fc95 100644 +--- man/systemd-update-utmp-runlevel.service.xml ++++ man/systemd-update-utmp.service.xml +@@ -19,10 +19,10 @@ + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see . + --> +- ++ + + +- systemd-update-utmp-runlevel.service ++ systemd-update-utmp.service + systemd + + +@@ -36,21 +36,21 @@ + + + +- systemd-update-utmp-runlevel.service ++ systemd-update-utmp.service + 8 + + + ++ systemd-update-utmp.service + systemd-update-utmp-runlevel.service +- systemd-update-utmp-shutdown.service + systemd-update-utmp +- Write audit and utmp updates at runlevel ++ Write audit and utmp updates at bootup, runlevel + changes and shutdown + + + ++ systemd-update-utmp.service + systemd-update-utmp-runlevel.service +- systemd-update-utmp-shutdown.service + /usr/lib/systemd/systemd-update-utmp + + +@@ -60,8 +60,8 @@ + systemd-update-utmp-runlevel.service + is a service that writes SysV runlevel changes to utmp + and wtmp, as well as the audit logs, as they +- occur. systemd-update-utmp-shutdown.service +- does the same for shut-down requests. ++ occur. systemd-update-utmp.service ++ does the same for system reboots and shut-down requests. + + + +diff --git a/src/update-utmp/update-utmp.c b/src/update-utmp/update-utmp.c +index 9184025..202aa98 100644 +--- src/update-utmp/update-utmp.c ++++ src/update-utmp/update-utmp.c +@@ -104,7 +104,7 @@ static int get_current_runlevel(Context *c) { + { '3', SPECIAL_RUNLEVEL3_TARGET }, + { '4', SPECIAL_RUNLEVEL4_TARGET }, + { '2', SPECIAL_RUNLEVEL2_TARGET }, +- { 'S', SPECIAL_RESCUE_TARGET }, ++ { '1', SPECIAL_RESCUE_TARGET }, + }; + const char + *interface = "org.freedesktop.systemd1.Unit", +diff --git a/units/systemd-update-utmp-runlevel.service.in b/units/systemd-update-utmp-runlevel.service.in +index 27fae2c..99783e2 100644 +--- units/systemd-update-utmp-runlevel.service.in ++++ units/systemd-update-utmp-runlevel.service.in +@@ -7,12 +7,14 @@ + + [Unit] + Description=Update UTMP about System Runlevel Changes +-Documentation=man:systemd-update-utmp-runlevel.service(8) man:utmp(5) ++Documentation=man:systemd-update-utmp.service(8) man:utmp(5) + DefaultDependencies=no + RequiresMountsFor=/var/log/wtmp +-After=systemd-remount-fs.service systemd-tmpfiles-setup.service auditd.service ++Conflicts=shutdown.target ++Requisite=systemd-update-utmp.service ++After=systemd-update-utmp.service + After=runlevel1.target runlevel2.target runlevel3.target runlevel4.target runlevel5.target +-Before=final.target ++Before=shutdown.target + + [Service] + Type=oneshot +diff --git a/units/systemd-update-utmp-shutdown.service.in b/units/systemd-update-utmp-shutdown.service.in +deleted file mode 100644 +index aa93562..0000000 +--- units/systemd-update-utmp-shutdown.service.in ++++ /dev/null +@@ -1,19 +0,0 @@ +-# This file is part of systemd. +-# +-# systemd is free software; you can redistribute it and/or modify it +-# under the terms of the GNU Lesser General Public License as published by +-# the Free Software Foundation; either version 2.1 of the License, or +-# (at your option) any later version. +- +-[Unit] +-Description=Update UTMP about System Shutdown +-Documentation=man:systemd-update-utmp-runlevel.service(8) man:utmp(5) +-DefaultDependencies=no +-RequiresMountsFor=/var/log/wtmp +-After=systemd-remount-fs.service systemd-tmpfiles-setup.service auditd.service +-After=systemd-update-utmp-runlevel.service +-Before=final.target +- +-[Service] +-Type=oneshot +-ExecStart=@rootlibexecdir@/systemd-update-utmp shutdown +diff --git a/units/systemd-update-utmp.service.in b/units/systemd-update-utmp.service.in +new file mode 100644 +index 0000000..e7c20a5 +--- /dev/null ++++ units/systemd-update-utmp.service.in +@@ -0,0 +1,21 @@ ++# This file is part of systemd. ++# ++# systemd is free software; you can redistribute it and/or modify it ++# under the terms of the GNU Lesser General Public License as published by ++# the Free Software Foundation; either version 2.1 of the License, or ++# (at your option) any later version. ++ ++[Unit] ++Description=Update UTMP about System Reboot/Shutdown ++Documentation=man:systemd-update-utmp.service(8) man:utmp(5) ++DefaultDependencies=no ++RequiresMountsFor=/var/log/wtmp ++Conflicts=shutdown.target ++After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-remount-fs.service systemd-tmpfiles-setup.service auditd.service ++Before=sysinit.target shutdown.target ++ ++[Service] ++Type=oneshot ++RemainAfterExit=yes ++ExecStart=@rootlibexecdir@/systemd-update-utmp reboot ++ExecStop=@rootlibexecdir@/systemd-update-utmp shutdown +-- +1.8.2.3 + diff --git a/srcpkgs/systemd/template b/srcpkgs/systemd/template index 32232f72ee..65bbf752ae 100644 --- a/srcpkgs/systemd/template +++ b/srcpkgs/systemd/template @@ -1,7 +1,7 @@ # Template file for 'systemd' pkgname=systemd version=204 -revision=4 +revision=5 short_desc="A system and service manager for Linux" maintainer="Juan RP " homepage="http://www.freedesktop.org/wiki/Software/systemd" @@ -14,7 +14,8 @@ configure_args="--libexecdir=/usr/lib --with-rootprefix=/usr --disable-selinux --with-sysvinit-path= --with-sysvrcnd-path= --disable-audit --disable-static --disable-ima" -hostmakedepends="which pkg-config intltool gperf libxslt docbook-xsl" +hostmakedepends="which pkg-config intltool gperf libxslt docbook-xsl + libtool automake gettext-devel" makedepends="acl-devel pam-devel dbus-devel>=1.6.10_2 libcap-devel libkmod-devel liblzma-devel cryptsetup-devel libblkid-devel libglib-devel libgcrypt-devel @@ -22,7 +23,7 @@ makedepends="acl-devel pam-devel dbus-devel>=1.6.10_2 libcap-devel libkmod-devel if [ "$CROSS_BUILD" ]; then # XXX add support to gudev, introspection and python. - hostmakedepends+=" libtool automake gettext-devel libgcrypt-devel" + hostmakedepends+=" libgcrypt-devel" makedepends="acl-devel pam-devel dbus-devel>=1.6.10_2 libcap-devel libkmod-devel liblzma-devel cryptsetup-devel libblkid-devel libgcrypt-devel libglib-devel @@ -31,11 +32,12 @@ if [ "$CROSS_BUILD" ]; then --enable-introspection=no ac_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes" - pre_configure() { - autoreconf -fi - } fi +pre_configure() { + autoreconf -fi +} + # Package build options build_options="efi microhttpd qrencode tcpwrappers" desc_option_efi="Enable support for EFI"