Merge systemd-selinux 256.1-1 update

Merge AUR commit 70fa7f7: https://aur.archlinux.org/cgit/aur.git/commit/?h=systemd-selinux&id=70fa7f7f7d584b9d54643d43e448f1037dda57b9
archlinuxhardened · Jul 3, 2024 · 23814f3 · 23814f3
2 parents 2b4400a + 70fa7f7
commit 23814f3
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 40 deletions.
diff --git a/systemd-selinux/.SRCINFO b/systemd-selinux/.SRCINFO
@@ -1,5 +1,5 @@
 pkgbase = systemd-selinux
-	pkgver = 255.7
+	pkgver = 256.1
 	pkgrel = 1
 	url = https://www.github.com/systemd/systemd
 	arch = x86_64
@@ -55,8 +55,7 @@ pkgbase = systemd-selinux
 	makedepends = python-pefile
 	makedepends = libselinux
 	conflicts = mkinitcpio<38-1
-	source = git+https://github.com/systemd/systemd-stable#tag=v255.7?signed
-	source = git+https://github.com/systemd/systemd#tag=v255?signed
+	source = git+https://github.com/systemd/systemd#tag=v256.1?signed
 	source = 0001-Use-Arch-Linux-device-access-groups.patch
 	source = arch.conf
 	source = loader.conf
@@ -77,8 +76,7 @@ pkgbase = systemd-selinux
 	validpgpkeys = A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E
 	validpgpkeys = 9A774DB5DB996C154EBBFBFDA0099A18E29326E1
 	validpgpkeys = 5C251B5FC54EB2F80F407AAAC54CA336CFEB557E
-	sha512sums = 224648e176fe48d0cb96ac740b4f239e7ddbbb6aed6299976f1df2d5825757021c7be243d187446c274715214c8175bf925ebb27eece18a02ce1884bac2c1f20
-	sha512sums = d430427987309483c99062adb02741d25239ba5fbb97053ef817c0c5a0a935328af9c8b651de2b119b0e851dcf6623f01343859735ff81d7013ab0133e67c7ea
+	sha512sums = 1ba38dd45cd910c7a2b4c7f23f982c5b0e5b13cd5874571ebc9b609ff85c058cecdb61019141ef2010fd4882c3ffc5a13a2b0d6370db4067ad90c28b83de6760
 	sha512sums = 3ccf783c28f7a1c857120abac4002ca91ae1f92205dcd5a84aff515d57e706a3f9240d75a0a67cff5085716885e06e62597baa86897f298662ec36a940cf410e
 	sha512sums = 61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648
 	sha512sums = c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5
@@ -103,7 +101,7 @@ pkgname = systemd-selinux
 	license = CC0-1.0
 	license = GPL-2.0-or-later
 	license = MIT-0
-	depends = systemd-libs-selinux=255.7
+	depends = systemd-libs-selinux=256.1
 	depends = acl
 	depends = libacl.so
 	depends = bash
@@ -113,7 +111,6 @@ pkgname = systemd-selinux
 	depends = dbus-units
 	depends = kbd
 	depends = kmod
-	depends = libkmod.so
 	depends = hwdata
 	depends = libcap
 	depends = libcap.so
@@ -151,9 +148,9 @@ pkgname = systemd-selinux
 	optdepends = libp11-kit: support PKCS#11
 	optdepends = tpm2-tss: unlocking LUKS2 volumes with TPM2
 	provides = nss-myhostname
-	provides = systemd-tools=255.7
-	provides = udev=255.7
-	provides = systemd=255.7-1
+	provides = systemd-tools=256.1
+	provides = udev=256.1
+	provides = systemd=256.1-1
 	conflicts = nss-myhostname
 	conflicts = systemd-tools
 	conflicts = udev
@@ -194,37 +191,37 @@ pkgname = systemd-libs-selinux
 	provides = libsystemd.so
 	provides = libudev.so
 	provides = libsystemd-selinux
-	provides = systemd-libs=255.7-1
+	provides = systemd-libs=256.1-1
 	conflicts = libsystemd
 	conflicts = libsystemd-selinux
 	conflicts = systemd-libs
 	replaces = libsystemd-selinux
 
 pkgname = systemd-resolvconf-selinux
 	pkgdesc = systemd resolvconf replacement with SELinux support (for use with systemd-resolved)
-	depends = systemd-selinux=255.7
+	depends = systemd-selinux=256.1
 	provides = openresolv
 	provides = resolvconf
-	provides = systemd-resolvconf=255.7-1
+	provides = systemd-resolvconf=256.1-1
 	conflicts = resolvconf
-	conflicts = systemd-resolvconf=255.7-1
+	conflicts = systemd-resolvconf=256.1-1
 
 pkgname = systemd-sysvcompat-selinux
 	pkgdesc = sysvinit compat for systemd with SELinux support
-	depends = systemd-selinux=255.7
-	provides = systemd-sysvcompat=255.7-1
-	provides = selinux-systemd-sysvcompat=255.7-1
+	depends = systemd-selinux=256.1
+	provides = systemd-sysvcompat=256.1-1
+	provides = selinux-systemd-sysvcompat=256.1-1
 	conflicts = sysvinit
 	conflicts = systemd-sysvcompat
 	conflicts = selinux-systemd-sysvcompat
 
 pkgname = systemd-ukify-selinux
 	pkgdesc = Combine kernel and initrd into a signed Unified Kernel Image with SELinux support
-	depends = systemd-selinux=255.7
+	depends = systemd-selinux=256.1
 	depends = binutils
 	depends = python-cryptography
 	depends = python-pefile
 	optdepends = python-pillow: Show the size of splash image
 	optdepends = sbsigntools: Sign the embedded kernel
 	provides = ukify
-	provides = systemd-ukify=255.7-1
+	provides = systemd-ukify=256.1-1
diff --git a/systemd-selinux/PKGBUILD b/systemd-selinux/PKGBUILD
@@ -12,7 +12,7 @@ pkgname=('systemd-selinux'
          'systemd-resolvconf-selinux'
          'systemd-sysvcompat-selinux'
          'systemd-ukify-selinux')
-_tag='255.7'
+_tag='256.1'
 # Upstream versioning is incompatible with pacman's version comparisons, one
 # way or another. So we replace dashes and tildes with the empty string to
 # make sure pacman's version comparing does the right thing for rc versions:
@@ -35,8 +35,7 @@ validpgpkeys=('63CDA1E5D3FC22B998D20DD6327F26951A015CC4'  # Lennart Poettering <
               'A9EA9081724FFAE0484C35A1A81CEA22BC8C7E2E'  # Luca Boccassi <[email protected]>
               '9A774DB5DB996C154EBBFBFDA0099A18E29326E1'  # Yu Watanabe <[email protected]>
               '5C251B5FC54EB2F80F407AAAC54CA336CFEB557E') # Zbigniew Jędrzejewski-Szmek <[email protected]>
-source=("git+https://github.com/systemd/systemd-stable#tag=v${_tag}?signed"
-        "git+https://github.com/systemd/systemd#tag=v${_tag%.*}?signed"
+source=("git+https://github.com/systemd/systemd#tag=v${_tag}?signed"
         '0001-Use-Arch-Linux-device-access-groups.patch'
         # bootloader files
         'arch.conf'
@@ -56,8 +55,7 @@ source=("git+https://github.com/systemd/systemd-stable#tag=v${_tag}?signed"
         '30-systemd-tmpfiles.hook'
         '30-systemd-udev-reload.hook'
         '30-systemd-update.hook')
-sha512sums=('224648e176fe48d0cb96ac740b4f239e7ddbbb6aed6299976f1df2d5825757021c7be243d187446c274715214c8175bf925ebb27eece18a02ce1884bac2c1f20'
-            'd430427987309483c99062adb02741d25239ba5fbb97053ef817c0c5a0a935328af9c8b651de2b119b0e851dcf6623f01343859735ff81d7013ab0133e67c7ea'
+sha512sums=('1ba38dd45cd910c7a2b4c7f23f982c5b0e5b13cd5874571ebc9b609ff85c058cecdb61019141ef2010fd4882c3ffc5a13a2b0d6370db4067ad90c28b83de6760'
             '3ccf783c28f7a1c857120abac4002ca91ae1f92205dcd5a84aff515d57e706a3f9240d75a0a67cff5085716885e06e62597baa86897f298662ec36a940cf410e'
             '61032d29241b74a0f28446f8cf1be0e8ec46d0847a61dadb2a4f096e8686d5f57fe5c72bcf386003f6520bc4b5856c32d63bf3efe7eb0bc0deefc9f68159e648'
             'c416e2121df83067376bcaacb58c05b01990f4614ad9de657d74b6da3efa441af251d13bf21e3f0f71ddcb4c9ea658b81da3d915667dc5c309c87ec32a1cb5a5'
@@ -76,12 +74,14 @@ sha512sums=('224648e176fe48d0cb96ac740b4f239e7ddbbb6aed6299976f1df2d5825757021c7
             '825b9dd0167c072ba62cabe0677e7cd20f2b4b850328022540f122689d8b25315005fa98ce867cf6e7460b2b26df16b88bb3b5c9ebf721746dce4e2271af7b97')
 
 _meson_version="${pkgver}-${pkgrel}"
+_meson_vcs_tag='false'
 _meson_mode='release'
 _meson_compile=()
 _meson_install=()
 
 if ((_systemd_UPSTREAM)); then
   _meson_version="${pkgver}"
+  _meson_vcs_tag='true'
   _meson_mode='developer'
   pkgname+=('systemd-tests')
   makedepends+=('libarchive')
@@ -94,18 +94,13 @@ if ((_systemd_UPSTREAM)); then
 fi
 
 _backports=(
-  # 99-systemd.rules: rework SYSTEMD_READY logic for device mapper
-  'c072860593329293e19580b337504adb52248462'
 )
 
 _reverts=(
 )
 
 prepare() {
-  cd "${pkgbase/-selinux}-stable"
-
-  # add upstream repository for cherry-picking
-  git remote add -f upstream ../systemd
+  cd "${pkgbase/-selinux}"
 
   local _c _l
   for _c in "${_backports[@]}"; do
@@ -140,20 +135,21 @@ build() {
 
   local _meson_options=(
     -Dversion-tag="${_meson_version}-arch"
+    -Dvcs-tag="${_meson_vcs_tag}"
     -Dshared-lib-tag="${_meson_version}"
     -Dmode="${_meson_mode}"
 
-    -Dapparmor=false
-    -Dbootloader=true
-    -Dxenctrl=false
-    -Dbpf-framework=true
+    -Dapparmor=disabled
+    -Dbootloader=enabled
+    -Dxenctrl=disabled
+    -Dbpf-framework=enabled
     -Dima=false
     -Dinstall-tests=true
-    -Dlibidn2=true
-    -Dlz4=true
-    -Dman=true
+    -Dlibidn2=enabled
+    -Dlz4=enabled
+    -Dman=enabled
     -Dnscd=false
-    -Dselinux=true
+    -Dselinux=enabled
 
     # We disable DNSSEC by default, it still causes trouble:
     # https://github.com/systemd/systemd/issues/10579
@@ -180,7 +176,7 @@ build() {
     -Dsbat-distro-url="https://aur.archlinux.org/packages/${pkgname}/"
   )
 
-  arch-meson "${pkgbase/-selinux}-stable" build "${_meson_options[@]}" $MESON_EXTRA_CONFIGURE_OPTIONS
+  arch-meson "${pkgbase/-selinux}" build "${_meson_options[@]}" $MESON_EXTRA_CONFIGURE_OPTIONS
 
   meson compile -C build "${_meson_compile[@]}"
 }
@@ -198,7 +194,7 @@ package_systemd-selinux() {
   )
   depends=("systemd-libs-selinux=${pkgver}"
            'acl' 'libacl.so' 'bash' 'cryptsetup' 'libcryptsetup.so' 'dbus'
-           'dbus-units' 'kbd' 'kmod' 'libkmod.so' 'hwdata' 'libcap' 'libcap.so'
+           'dbus-units' 'kbd' 'kmod' 'hwdata' 'libcap' 'libcap.so'
            'libgcrypt' 'libxcrypt' 'libcrypt.so' 'libidn2' 'lz4' 'pam-selinux'
            'libelf' 'libseccomp' 'libseccomp.so' 'util-linux-selinux' 'libblkid.so'
            'libmount.so' 'xz' 'pcre2' 'audit' 'libaudit.so'

diff --git a/systemd-selinux/systemd.install b/systemd-selinux/systemd.install
@@ -13,6 +13,10 @@ add_journal_acls() {
 post_common() {
   systemd-sysusers
   journalctl --update-catalog
+
+  if ! grep -qe '^/usr/bin/systemd-home-fallback-shell$' etc/shells; then
+    echo '/usr/bin/systemd-home-fallback-shell' >> etc/shells
+  fi
 }
 
 post_install() {
@@ -41,6 +45,15 @@ post_upgrade() {
     systemctl kill --kill-whom='main' --signal='SIGRTMIN+25' 'user@*.service'
   fi
 
+  # show for feature release: 255 -> 256 -> 257 -> ...
+  if [ $(vercmp "${1%%[!0-9]*}" "${2%%[!0-9]*}") -ne 0 ]; then
+	cat <<-EOM
+	:: This is a systemd feature update. You may want to have a look at
+	   NEWS for what changed, or if you observe unexpected behavior:
+	     /usr/share/doc/systemd/NEWS
+	EOM
+  fi
+
   local v upgrades=(
   )
 
@@ -51,4 +64,8 @@ post_upgrade() {
   done
 }
 
+post_remove() {
+  sed -i -r '/^\/usr\/bin\/systemd-home-fallback-shell$/d' etc/shells
+}
+
 # vim:set ts=2 sw=2 et: