From 8572e7fe13e6632d8b5de396e3235fefdb3c0701 Mon Sep 17 00:00:00 2001
From: Martin Pitt <mpitt@debian.org>
Date: Sun, 27 Jan 2019 21:33:07 +0000
Subject: [PATCH] Import Debian changes 240-5
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
systemd (240-5) unstable; urgency=medium
[ Felipe Sateler ]
* Revert interface renaming changes. (Closes: #919390)
[ Martin Pitt ]
* process-util: Fix memory leak (Closes: #920018)
systemd (240-4) unstable; urgency=medium
[ Benjamin Drung ]
* Fix shellcheck issues in initramfs-tools scripts
[ Michael Biebl ]
* Import patches from v240-stable branch (up to f02b5472c6)
- Fixes a problem in logind closing the controlling terminal when using
startx. (Closes: #918927)
- Fixes various journald vulnerabilities via attacker controlled alloca.
(CVE-2018-16864, CVE-2018-16865, Closes: #918841, Closes: #918848)
* sd-device-monitor: Fix ordering of setting buffer size.
Fixes an issue with uevents not being processed properly during coldplug
stage and some kernel modules not being loaded via "udevadm trigger".
(Closes: #917607)
* meson: Stop setting -fPIE globally.
Setting -fPIE globally can lead to miscompilations on certain
architectures. Instead use the b_pie=true build option, which was
introduced in meson 0.49. Bump the Build-Depends accordingly.
(Closes: #909396)
systemd (240-3) unstable; urgency=medium
* udev.init: Trigger add events for subsystems.
Update the SysV init script and mimic the behaviour of the initramfs and
systemd-udev-trigger.service which first trigger subsystems and then
devices during the coldplug stage.
* udevadm: Refuse to run trigger, control, settle and monitor commands in
chroot (Closes: #917633)
* network: Set link state configuring before setting addresses.
Fixes a crash in systemd-networkd caused by an assertion failure.
(Closes: #918658)
* libudev-util: Make util_replace_whitespace() read only len characters.
Fixes a regression where /dev/disk/by-id/ names had additional
underscores.
* man: Update color of journal logs in DEBUG level (Closes: #917948)
* Remove old state directory of systemd-timesyncd on upgrades.
Otherwise timesyncd will fail to update the clock file if it was created
as /var/lib/private/systemd/timesync/clock.
This was the case when the service was using DynamicUser=yes which it no
longer does in v240. (Closes: #918190)
systemd (240-2) unstable; urgency=medium
* Pass separate dev_t var to device_path_parse_major_minor.
Fixes FTBFS on mips/mipsel (MIPS/O32). (Closes: #917195)
* test-json: Check absolute and relative difference in floating point test.
Fixes FTBFS due to test-suite failures on armel, armhf and hppa.
(Closes: #917215)
* sd-device: Fix segfault when error occurs in device_new_from_{nulstr,strv}()
Fixes a segfault in systemd-udevd when debug logging is enabled.
* udev-event: Do not read stdout or stderr if the pipefd is not created.
This fixes problems with device-mapper symlinks no longer being created
or certain devices not being marked as ready. (Closes: #917124)
* Don't bump fs.nr_open in PID 1.
In v240, systemd bumped fs.nr_open in PID 1 to the highest possible
value. Processes that are spawned directly by systemd, will have
RLIMIT_NOFILE be set to 512K (hard).
pam_limits in Debian defaults to "set_all", i.e. for limits which are
not explicitly configured in /etc/security/limits.conf, the value from
PID 1 is taken, which means for login sessions, RLIMIT_NOFILE is set to
the highest possible value instead of 512K. Not every software is able
to deal with such an RLIMIT_NOFILE properly.
While this is arguably a questionable default in Debian's pam_limit,
work around this problem by not bumping fs.nr_open in PID 1.
(Closes: #917167)
systemd (240-1) unstable; urgency=medium
[ Michael Biebl ]
* New upstream version 240
- core: Skip cgroup_subtree_mask_valid update if UNIT_STUB
(Closes: #903011)
- machined: Rework referencing of machine scopes from machined
(Closes: #903288)
- timesync: Fix serialization of IP address
(Closes: #916516)
- core: Don't track jobs-finishing-during-reload explicitly
(Closes: #916678)
* Rebase patches
* Install new systemd-id128 binary
* Update symbols file for libsystemd0
* Update nss build options
[ Martin Pitt ]
* tests: Disable some flaky upstream tests.
See https://github.com/systemd/systemd/issues/11195
* tests: Disable flaky TEST-17-UDEV-WANTS upstream test.
See https://github.com/systemd/systemd/issues/11195
systemd (239-15) unstable; urgency=medium
[ Felipe Sateler ]
* Fix container check in udev init script.
Udev needs writable /sys, so the init script tried to check before
starting. Unfortunately, the check was inverted. Let's add the missing
'!' to negate the check.
(Closes: #915261)
* Add myself to uploaders
[ Michael Biebl ]
* Remove obsolete systemd-shim conffile on upgrades.
The D-Bus policy file was dropped from the systemd-shim package in
version 8-4, but apparently there are cases where users removed the
package before that cleanup happened. The D-Bus policy file that was
shipped by systemd-shim was much more restrictive and now prevents
calling GetDynamicUsers() and other recent APIs on systemd Manager.
(Closes: #914285)
systemd (239-14) unstable; urgency=medium
[ Michael Biebl ]
* autopkgtest: Drop test_custom_cgroup_cleanup from boot-and-services
* resolved: Increase size of TCP stub replies (Closes: #915049)
* meson: Unify linux/stat.h check with other checks and use _GNU_SOURCE.
Fixes a build failure with glibc 2.28.
* Drop procps dependency from systemd.
The systemd-exit.service user service no longer uses the "kill" binary.
* Simplify container check in udev SysV init script.
Instead of using "ps" to detect a container environment, simply test if
/sys is writable. This matches what's used in systemd-udevd.service via
ConditionPathIsReadWrite=/sys and follows
https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
This means we no longer need procps, so drop that dependency from the
udev package. (Closes: #915095)
[ Mert Dirik ]
* 40-systemd: Honour __init_d_script_name.
Make /lib/lsb/init-functions.d/40-systemd use __init_d_script_name
(if available) to figure out real script name. (Closes: #826214)
* 40-systemd: Improve heuristics for init-d-script.
Improve heuristics for scripts run via init-d-script so that the
redirection works even for older init-d-script versions without the
__init_d_script_name variable.
systemd (239-13) unstable; urgency=medium
* autopktest: Add e2fsprogs dependency to upstream test.
Some of the upstream tests require mkfs.ext4. (Closes: #887250)
* systemctl: Tell update-rc.d to skip creating any systemd symlinks.
When calling update-rc.d via systemd-sysv-install, tell it to skip
creating any systemd symlinks as we want to handle those directly in
systemctl. Older update-rc.d versions will ignore that request, but
that's ok. This means we don't need a versioned dependency against
init-system-helpers. (Closes: #743217)
* pam_systemd: Suppress LOG_DEBUG log messages if debugging is off
(Closes: #825949)
* Drop cgroup-don-t-trim-cgroup-trees-created-by-someone-el.patch.
The patch is no longer necessary as lxc.service now uses Delegate=yes.
* Remove obsolete Replaces from pre-jessie
systemd (239-12) unstable; urgency=high
[ Martin Pitt ]
* Enable QEMU on more architectures in "upstream" autopkgtest.
Taken from the Ubuntu package, so apparently QEMU works well enough on
these architectures now.
* autopkgtest: Avoid test bed reset for boot-smoke.
Make "boot-smoke"'s dependencies a strict superset of "upstream"'s, so
that autopkgtest doesn't have to provide a new testbed.
* Fix wrong "nobody" group from sysusers.d.
Fix our make-sysusers-basic sysusers.d generator to special-case the
nobody group. "nobody" user and "nogroup" group both have the same ID
65534, which is the only special case for Debian's static users/groups.
So specify the gid explicitly, to avoid systemd-sysusers creating a
dynamic system group for "nobody".
Also clean up the group on upgrades.
Thanks to Keh-Ming Luoh for the original patch! (Closes: #912525)
[ Michael Biebl ]
* autopkgtest: Use shutil.which() which is provided by Python 3
* Drop non-existing gnuefi=false build option.
This was mistakenly added when converting from autotools to meson.
* core: When deserializing state always use read_line(…, LONG_LINE_MAX, …)
Fixes a vulnerability in unit_deserialize which allows an attacker to
supply arbitrary state across systemd re-execution via NotifyAccess.
(CVE-2018-15686, Closes: #912005)
* meson: Use the host architecture compiler/linker for src/boot/efi.
Fixes cross build failure for arm64. (Closes: #905381)
* systemd: Do not pass .wants fragment path to manager_load_unit.
Fixes an issue with overridden units in /etc not being used due to a
.wants/ symlink pointing to /lib. (Closes: #907054)
* machined: When reading os-release file, join PID namespace too.
This ensures that we properly acquire the os-release file from containers.
(Closes: #911231)
systemd (239-11) unstable; urgency=high
[ Michael Biebl ]
* debian/tests/upstream: Clean up after each test run.
Otherwise the loopback images used by qemu are not properly released and
we might run out of disk space.
* dhcp6: Make sure we have enough space for the DHCP6 option header.
Fixes out-of-bounds heap write in systemd-networkd dhcpv6 option
handling.
(CVE-2018-15688, LP: #1795921, Closes: #912008)
* chown-recursive: Rework the recursive logic to use O_PATH.
Fixes a race condition in chown_one() which allows an attacker to cause
systemd to set arbitrary permissions on arbitrary files.
(CVE-2018-15687, LP: #1796692, Closes: #912007)
[ Martin Pitt ]
* debian/tests/boot-and-services: Use gdm instead of lightdm.
This seems to work more reliably, on Ubuntu CI's i386 instances lightdm
fails.
[ Manuel A. Fernandez Montecelo ]
* Run "meson test" instead of "ninja test"
Upstream developers of meson recommend to run it in this way, because
"ninja test" just calls "meson test", and by using meson directly and
using extra command line arguments it is possible to control aspects of
how the tests are run.
* Increase timeout for test in riscv64.
The buildds for the riscv64 arch used at the moment are slow, so increase
the timeouts for this arch by a factor of 10, for good measure.
(Closes: #906429)
systemd (239-10) unstable; urgency=medium
[ Michael Biebl ]
* meson: Rename -Ddebug to -Ddebug-extra.
Meson added -Doptimization and -Ddebug options, which obviously causes
a conflict with our -Ddebug options. Let's rename it.
(Closes: #909455)
* Add conflicts against consolekit.
Letting both ConsoleKit and logind manage dynamic device permissions
will only lead to inconsistent and unexpected results.
[ Felipe Sateler ]
* Link systemctl binary statically against libshared.
This reduces the Pre-Depends list considerably, and is more resilient
against borked installs.
systemd (239-9) unstable; urgency=medium
* autopkgtest: Remove needs-recommends runtime restriction.
This restriction has been deprecated and there are plans to remove it
altogether. The tests pass withouth needs-recommends, so it seems safe
to remove.
* test: Use installed catalogs when test-catalog is not located at build
dir.
This makes it possible to run test-catalog as installed test, so we no
longer need to mark it as EXFAIL in our root-unittests autopkgtest.
* test: Use "systemd-runtest.env" to set $SYSTEMD_TEST_DATA and
$SYSTEMD_CATALOG_DIR.
This avoids embedding ABS_{SRC,BUILD}_DIR into libsystemd-shared.so and
the test binaries and should make the build reproducible.
(Closes: #908365)
systemd (239-8) unstable; urgency=medium
[ Michael Biebl ]
* Clean up dbus-org.freedesktop.timesync1.service Alias on purge
(Closes: #904290)
* user-runtime-dir: Fix wrong SELinux context (Closes: #908026)
* core: Fix gid when DynamicUser=yes with static user (Closes: #904335)
* Remove udev control socket on shutdown under sysvinit.
The udev control socket is no longer removed automatically when the
daemon is stopped. As this can confuse other software, update the SysV
init script to remove the control socket manually and make sure the init
script is executed on shutdown (runlevel 0) and reboot (runlevel 6).
(Closes: #791944)
* Bump Standards-Version to 4.2.1
[ Martin Pitt ]
* timedated: Fix wrong PropertyChanged values and refcounting
systemd (239-7) unstable; urgency=medium
* autopkgtest: Add iputils-ping dependency to root-unittests.
The ping binary is required by test-bpf.
* autopkgtest: Add dbus-user-session and libpam-systemd dependency to
root-unittests.
Without a working D-Bus user session, a lot of the test-bus-* tests are
skipped.
* network/link: Fix logic error in matching devices by MAC (Closes: #904198)
systemd (239-6) unstable; urgency=medium
[ Martin Pitt ]
* autopkgtest: Install libnss-systemd.
Make sure that dynamic users can be resolved. This e. g. prevents a
startup failure for systemd-resolved.
* autopkgtest: Add missing python3 test dependency for udev test
[ Michael Biebl ]
* autopkgtest: Make AppArmor violator test work with merged-usr
* Make /dev/kvm accessible to local users and group kvm.
Re-add the uaccess tag to /dev/kvm to make it accessible to local
users. Access is also granted via group kvm, so create that in
udev.postinst. (Closes: #887852)
* Move a few man pages from systemd to systemd-journal-remote.
The systemd package shipped a few systemd-journal-remote and
systemd-journal-upload related man pages which really belong into the
systemd-journal-remote package. Move those man pages into the correct
package and add a Breaks/Replaces against systemd accordingly.
(Closes: #903557)
* autopkgtest: Drop no-longer needed workaround from upstream test
* Go back to statically allocate system users for timesyncd, networkd and
resolved.
There are currently too many open issues related to D-Bus and the usage
of DynamicUser. (Closes: #902971)
* Change python3-minimal dependency to python3.
While we strictly only need python3-minimal, the usage of
python3-minimal triggers a lintian error: depends-on-python-minimal
* test: Drop SKIP_INITRD for QEMU-based tests.
The Debian Linux kernel ships ext4 support as a module, so we require an
initrd to successfully start the QEMU images.
* debian/tests/localed-x11-keymap: Deal with absence of
/etc/default/keyboard more gracefully
* autopkgtest: Add various dependencies to make upstream test pass on Debian
- netcat-openbsd: Required by TEST-12-ISSUE-3171.
- busybox-static: Required by TEST-13-NSPAWN-SMOKE.
- plymouth: Required by TEST-15-DROPIN and TEST-22-TMPFILES.
* Drop seccomp system call filter for udev.
The seccomp based system call whitelist requires at least systemd 239 to
be the active init and during a dist-upgrade we can't guarantee that
systemd has been fully configured before udev is restarted.
The versioned systemd Breaks that was added to udev for #902185 didn't
really fix this issue, so revert that change again. (Closes: #903224)
systemd (239-5) unstable; urgency=medium
* Add inverse version restriction of the Breaks to the systemd-shim
alternative in libpam-systemd.
Otherwise apt will fail to find an installation path for libpam-systemd
in cases where libpam-systemd is an indirect dependency. (Closes: #902998)
systemd (239-4) unstable; urgency=medium
[ Michael Biebl ]
* Drop outdated section from README.Debian about switching back to SysV init
* sleep: Fix one more printf format of a fiemap field
* basic: Add missing comma in raw_clone assembly for sparc
* bus-util: Make log level lower in request_name_destroy_callback()
* tmpfiles: Specify access mode for /run/systemd/netif
* Add Breaks against python-dbusmock (<< 0.18) to systemd.
The logind and timedated tests in python-dbusmock were broken by the
latest systemd release and had to be adjusted to work with systemd 239.
See #902602
* Drop patches which try to support running systemd services without systemd
as pid 1.
No one is currently actively maintaining systemd-shim, which means that
e.g. running systemd-logind no longer works when systemd is not pid 1.
Thus drop our no longer working patches. Bump the Breaks against
systemd-shim accordingly.
See #895292, #901404, #901405
[ Martin Pitt ]
* test: fix networkd-test.py rate limiting and dynamic user
systemd (239-3) unstable; urgency=medium
* Revert "systemctl: when removing enablement or mask symlinks, cover both
/run and /etc"
We currently have packages in the archive which use
"systemctl --runtime unmask" and are broken by this change.
This is a intermediate step until it is clear whether upstream will
revert this commit or whether we will have to update affected packages
to deal with this changed behaviour.
See #902287 and https://github.com/systemd/systemd/issues/9393
systemd (239-2) unstable; urgency=medium
* sleep: Fix printf format of fiemap fields.
This should fix a FTBFS on ia64.
* timesync: Change type of drift_freq to int64_t.
This should fix a FTBFS on x32.
* Bump systemd Breaks to ensure it is upgraded in lockstep with udev.
The hardening features used by systemd-udevd.service require systemd 239
and udev will fail to start with older versions. (Closes: #902185)
systemd (239-1) unstable; urgency=medium
[ Michael Biebl ]
* New upstream version 239
* Drop alternative iptables-dev Build-Depends.
It is no longer needed as both Ubuntu and Debian now ship libiptc-dev in
their latest stable (LTS) release.
* Drop alternative btrfs-tools Recommends.
It is no longer needed as btrfs-progs is now available in both Debian
and Ubuntu and keeping the alternative around prevents the transitional
package from being autoremoved.
* Disable installation of RPM macros.
This avoids having to remove them manually later on.
* Drop cleanup rules for libtool .la files.
With the switch to Meson, libtool is no longer used.
* Drop fallback for older kernels when running the test suite.
We now assume that we have a kernel newer then 3.13.
* Stop cleaning up .busname units.
Those are gone upstream, so we no longer need to remove them manually.
* Update symbols file for libsystemd0
* Rebase patches
* Install new resolvectl tool.
Don't ship the /sbin/resolvconf compat symlink in the systemd package,
as this would cause a file conflict with the resolvconf and openresolv
package.
* Disable support for "Portable Services"
This is still an experimental feature.
* Disable pristine-tar in gbp.conf.
It is currently not possible to import the systemd v239 tarball using
pristine-tar due to #902115.
* Bump Build-Depends on meson to (>= 0.44)
* Stop setting the path for the kill binary, no longer necessary
* Stop creating systemd-network and systemd-resolve system user
systemd-networkd.service and systemd-resolved.service now use
DynamicUser=yes.
[ Dimitri John Ledkov ]
* Run all upstream tests, and then report all that failed.
systemd (238-5) unstable; urgency=medium
[ Evgeny Vereshchagin ]
* upstream autopkgtest: Copy journal subdirectories.
Otherwise logs are missing on failures.
[ Martin Pitt ]
* debian/tests/boot-and-services: Ignore cpi.service failure.
This is apparently a regression in Ubuntu 18.04, not in systemd, so
ignore it.
[ Michael Biebl ]
* sd-bus: Do not try to close already closed fd (Closes: #896781)
* Use dh_missing to act on uninstalled files.
The usage of dh_install --fail-missing has been deprecated.
* meson: Avoid warning about comparison of bool and string.
The result of this is undefined and will become a hard error in a future
Meson release.
* login: Respect --no-wall when cancelling a shutdown request
(Closes: #897938)
* Add dependencies of libsystemd-shared to Pre-Depends.
This is necessary so systemctl is functional at all times during a
dist-upgrade. (Closes: #897986)
* Drop dh_strip override, the dbgsym migration is done
[ Felipe Sateler ]
* Don't include libmount.h in a header file.
Kernel and glibc headers both use MS_* constants, but are not in sync, so
only one of them can be used at a time. Thus, only import them where
needed. Works around #898743.
systemd (238-4) unstable; urgency=medium
[ Michael Biebl ]
* udev/net-id: Fix check for address to keep interface names stable
* debian/copyright: Move global wildcard section to the top
[ Martin Pitt ]
* Fix daemon reload failures
[ Laurent Bigonville ]
* Fix /sys/fs/cgroup mount when using SELinux.
Since v236, all cgroups except /sys/fs/cgroup/systemd and
/sys/fs/cgroup/unified are not mounted when SELinux is enabled (even in
permissive mode). Disabling SELinux completely restores these cgroups.
This patch fixes that issue by no longer making the assumption that those
cgroups are mounted by initrd/dracut before systemd is started.
systemd (238-3) unstable; urgency=medium
[ Martin Pitt ]
* Enable systemd-sysusers unit and provide correct Debian static u/gids.
Add a helper script debian/extra/make-sysusers-basic which generates a
sysusers.d(5) file from Debian's static master passwd/group files.
systemd 238 now supports specifying different uid and gid and a
non-default login shell, so this is possible now. (Closes: #888126)
* udev README.Debian: Include initrd rebuild and some clarifications in
migration.
While initrd update is already being mentioned in the introductory
section, it is easy to miss when going through the migration steps, so
explicitly mention it again. Also add a warning about keeping a fallback
on misconfigurations, and the possibility to migrate one interface at a
time.
Thanks to Karl O. Pinc for the suggestions! (Closes: #881769)
[ Michael Biebl ]
* basic/macros: Rename noreturn into _noreturn_.
"noreturn" is reserved and can be used in other header files we include.
(Closes: #893426)
* units: Fix SuccessAction that belongs to [Unit] section not [Service]
section (Closes: #893282)
systemd (238-2) unstable; urgency=medium
[ Alf Gaida ]
* core: do not free stack-allocated strings.
Fixes a crash in systemd when the cpuacct cgroup controller is not
available. (Closes: #892360)
systemd (238-1) unstable; urgency=medium
[ Michael Biebl ]
* New upstream version 238
- Fixes systemd-tmpfiles to correctly handle symlinks present in
non-terminal path components. (CVE-2018-6954, Closes: #890779)
* Rebase patches
* Use compat symlinks as provided by upstream.
As the upstream build system now creates those symlinks for us, we no
longer have to create them manually.
* Update symbols file for libsystemd0
* test-cgroup-util: bail out when running under a buildd environment
[ Dimitri John Ledkov ]
* systemd-sysv-install: Fix name initialisation.
Only initialise NAME after --root optional argument has been parsed,
otherwise NAME is initialized to e.g. `enable`, instead of to the
`unit-name`, resulting in failures. (LP: #1752882)
systemd (237-4) unstable; urgency=medium
[ Gunnar Hjalmarsson ]
* Fix PO template creation.
Cherry-pick upstream patches to build a correct systemd.pot including
the polkit policy files even without policykit-1 being installed.
(LP: #1707898)
[ Michael Biebl ]
* Drop mask for fuse SysV init script.
The fuse package has removed its SysV init script a long time ago, so
the mask is no longer needed.
* Replace two Debian specific patches which cherry-picks from upstream
master
systemd (237-3) unstable; urgency=medium
[ Martin Pitt ]
* debian/tests/boot-smoke: More robust journal checking.
Also fail the test if calling journalctl fails, and avoid calling it
twice. See https://github.com/systemd/systemd/pull/8032
* Simplify PO template creation.
Use the existing upstream build system instead of a manual call to
`intltool-update` and `xgettext` to build systemd.pot. Remove the now
obsolete intltool build dependency, but still explicitly keep gettext.
(LP: #1707898)
* Make systemd-sysv-install robust against existing $ROOT.
Always initialize `$ROOT`, to avoid the script getting confused by an
existing outside env variable. Also fix the `--root` option to actually
work, the previous approach was conceptually broken due to how shell
quoting works. Make the work with `set -u`. (Closes: #890436)
[ Felipe Sateler ]
* Backport upstream patch fixing a wrong assert() call (Closes: #890423)
systemd (237-2) unstable; urgency=medium
* Drop debian/extra/rules/70-debian-uaccess.rules.
Up-to-date udev rules for U2F devices are shipped in libu2f-udev nowadays.
(Closes: #889665)
* service: relax PID file symlink chain checks a bit.
Let's read the PID file after all if there's a potentially unsafe symlink
chain in place. But if we do, then refuse taking the PID if its outside of
the cgroup. (Closes: #889144)
systemd (237-1) unstable; urgency=medium
* New upstream version 237
* Rebase patches
* Update symbols file for libsystemd0
* Update Vcs-* to point to https://salsa.debian.org
* Bump Standards-Version to 4.1.3
* Set Rules-Requires-Root to no
systemd (236-4) unstable; urgency=medium
[ Felipe Sateler ]
* Allow systemd-timesyncd to start when libnss-systemd is not installed.
Pick upstream patch requiring the existence of the systemd-timesync user
only when running as root, which is not the case for the system unit.
(Closes: #887343)
[ Nicolas Braud-Santoni ]
* debian/copyright: Refer to the CC0 license file (Closes: #882629)
[ Michael Biebl ]
* Add Build-Depends on python3-evdev <!nocheck>
This is used by hwdb/parse_hwdb.py to perform additional validation on
hwdb files.
systemd (236-3) unstable; urgency=medium
* Revert "core/execute: RuntimeDirectory= or friends requires mount
namespace"
This was making mounts from SSH sessions invisible to the system.
(Closes: #885325)
systemd (236-2) unstable; urgency=medium
* Downgrade priority of libudev1 to optional.
This makes it compliant with recent versions of debian-policy which
recommends to use priority optional for library packages.
* Clarify NEWS entry about removal of system users.
Mention in the recent NEWS entry that the associated system groups
should be removed as well. (Closes: #885061)
* cryptsetup-generator: Don't mistake NULL input as OOM.
Fixes systemd-cryptsetup-generator failing to run during boot.
(Closes: #885201)
* analyze: Use normal bus connection for "plot" verb.
Fixes "systemd-analyze plot" failing to run as root. (Closes: #884506)
* Stop re-enabling systemd services on every upgrade.
This was done so changes to the [Install] section would be applied on
upgrades. Forcefully re-enabling a service might overwrite local
modifications though and thus far, none of the affected services did
actually change its [Install] section. So remove this code from the
maintainer scripts as it was apparently doing more harm then good.
(Closes: #869354)
systemd (236-1) unstable; urgency=medium
[ Martin Pitt ]
* debian/tests/upstream: Only show ≥ warning in journal dumps.
Showing the entire debug log is too hard to scan visually, and most of
the time the warnings and errors are sufficient to explain a failure.
Put the journal files into the artifacts though, in case the debug
information is necessary.
[ Michael Biebl ]
* New upstream version 236
- nspawn: Adjust path to static resolv.conf to support split usr.
(Closes: #881310)
- networkd: Don't stop networkd if CONFIG_FIB_RULES=n in kernel.
(Closes: #881823)
- core: Fix segfault in compile_bind_mounts() when BindPaths= or
BindReadOnlyPaths= is set. (Closes: #883380)
- meson: Link NSS modules with -z nodelete to fix memory leak in
nss-systemd. (Closes: #883407)
- logind: Make sure we don't acces m->action_what if it's not initialized.
(Closes: #882270)
- systemctl: Ignore shutdown's "-t" argument. (Closes: #882245)
- core: Be more defensive if we can't determine per-connection socket
peer. (Closes: #879603)
- bpf-firewall: Actually invoke BPF_PROG_ATTACH to check whether
cgroup/bpf is available. (Closes: #878965)
* Rebase patches
* Update symbols file for libsystemd0
* Bump Standards-Version to 4.1.2
* Clean up old /var/lib/systemd/clock on upgrade.
The clock file used by systemd-timesyncd is now stored in
StateDirectory=systemd/timesync. (Closes: #883605)
* Stop creating systemd-timesync system user.
DynamicUser=yes has been enabled for systemd-timesyncd.service so
allocating a system user statically is no longer necessary.
* Document removal of systemd-{timesync,journal-gateway,journal-upload} user.
We no longer create those system users as the corresponding services now
use DynamicUser=yes. Removing those system users automatically is tricky,
as the relevant services might be running during upgrade. Add a NEWS
entry instead which documents this change.
* Revert "udev-rules: Permission changes for /dev/dri/renderD*"
This would introduce a new system group "render". As the name is rather
generic, this needs further discussion first, so revert this change for
now.
systemd (235-3) unstable; urgency=medium
[ Michael Biebl ]
* Switch from XC-Package-Type to Package-Type. As of dpkg-dev 1.15.7
Package-Type is recognized as an official field name.
* Install modprobe configuration file to /lib/modprobe.d.
Otherwise it is not read by kmod. (Closes: #879191)
[ Felipe Sateler ]
* Backport upstream (partial) fix for combined DynamicUser= + User=
UID was not allowed to be different to GID, which is normally the case in
debian, due to the group users being allocated the GID 100 without an
equivalent UID 100 being allocated.
* Backport upstream patches to fully make DynamicUser=yes + static,
pre-existing User= work.
[ Martin Pitt ]
* Add missing python3-minimal dependency to systemd-tests
* Drop long-obsolete systemd-bus-proxy system user
systemd-bus-proxy hasn't been shipped since before stretch and never
created any files. Thus clean up the obsolete system user on upgrades.
(Closes: #878182)
* Drop static systemd-journal-gateway system user
systemd-journal-gatewayd.service now uses DynamicUser=, so we don't need
to create this statically any more. Don't remove the user on upgrades
though, as there is likely still be a running process. (Closes: #878183)
* Use DynamicUser= for systemd-journal-upload.service.
* Add Recommends: libnss-systemd to systemd-sysv.
This is useful to actually be able to resolve dynamically created system
users with DynamicUser=true. This concept is going to be used much more
in future versions and (hopefully) third-party .services, so pulling it
into the default installation seems prudent now.
* resolved: Fix loop on packets with pseudo dns types.
(CVE-2017-15908, Closes: #880026, LP: #1725351)
* bpf-firewall: Properly handle kernels without BPF cgroup but with TRIE maps.
Fixes "Detaching egress BPF: Invalid argument" log spam. (Closes: #878965)
* Fix MemoryDenyWriteExecution= bypass with pkey_mprotect() (LP: #1725348)
systemd (235-2) unstable; urgency=medium
* Revert "tests: when running a manager object in a test, migrate to private
cgroup subroot first"
This was causing test suite failures when running inside a chroot.
systemd (235-1) unstable; urgency=medium
[ Michael Biebl ]
* New upstream version 235
- cryptsetup-generator: use remote-cryptsetup.target when _netdev is
present (Closes: #852534)
- tmpfiles: change btmp mode 0600 → 0660 (Closes: #870638)
- networkd: For IPv6 addresses do not treat IFA_F_DEPRECATED as not ready
(Closes: #869995)
- exec-util,conf-files: skip non-executable files in execute_directories()
(Closes: #867902)
- man: update udevadm -y/--sysname-match documentation (Closes: #865081)
- tmpfiles: silently ignore any path that passes through autofs
(Closes: #805553)
- shared: end string with % if one was found at the end of a expandible
string (Closes: #865450)
* Refresh patches
* Bump Build-Depends on libmount-dev to (>= 2.30)
* Install new modprobe.d config file
* Bump Standards-Version to 4.1.1
[ Martin Pitt ]
* Merge logind-kill-off autopkgtest into logind test.
This was horribly inefficient as a separate test (from commit
6bd0dab41e), as that cost two VM resets plus accompanying boots; and
this does not change any state thus does not require this kind of
isolation.
systemd (234-3) unstable; urgency=medium
[ Martin Pitt ]
* Various fixes for the upstream autopkgtest.
[ Felipe Sateler ]
* Add fdisk to the dependencies of the upstream autopkgtest.
The upstream autopkgtest uses sfdisk, which is now in the non-essential
fdisk package. (Closes: #872119)
* Disable nss-systemd on udeb builds
* Correctly disable resolved on udeb builds
* Help fix collisions in libsystemd-shared symbols by versioning them.
Backport upstream patch to version the symbols provided in the private
library, so that they cannot confuse unversioned pam modules or libraries
linked into them. (Closes: #873708)
[ Dimitri John Ledkov ]
* Cherrypick upstream networkd-test.py assertion/check fixes.
This resolves ADT test suite failures, when running tests under lxc/lxd
providers.
* Cherrypick arm* seccomp fixes.
This should resolve ADT test failures, on arm64, when running as root.
* Disable KillUserProcesses, yet again, with meson this time.
* initramfs-tools: trigger udevadm add actions with subsystems first.
This updates the initramfs-tools init-top udev script to trigger udevadm
actions with type specified. This mimics the systemd-udev-trigger.service.
Without type specified only devices are triggered, but triggering
subsystems may also be required and should happen before triggering the
devices. This is the case for example on s390x with zdev generated udev
rules. (LP: #1713536)
[ Michael Biebl ]
* (Re)add --quiet flag to addgroup calls.
This is now safe with adduser having been fixed to no longer suppress
fatal error messages if --quiet is used. (Closes: #837871)
* Switch back to default GCC (Closes: #873661)
* Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf.
All major NTP implementations ship a native service file nowadays with a
Conflicts=systemd-timesyncd.service so this drop-in is no longer
necessary. (Closes: #873185)
systemd (234-2.3) unstable; urgency=high
* Non-maintainer upload.
* Also switch to g++-6 temporarily (needed for some tests):
- Add g++-6 to Build-Depends
- Export CXX = g++-6
systemd (234-2.2) unstable; urgency=high
* Non-maintainer upload.
* Switch to gcc-6 on all architectures, working around an FTBFS on mips64el,
apparently due to a gcc-7 bug (See: #871514):
- Add gcc-6 to Build-Depends in debian/control
- Export CC = gcc-6 in debian/rules
systemd (234-2.1) unstable; urgency=high
* Non-maintainer upload.
* Fix missing 60-input-id.rules in udev-udeb, which breaks the graphical
version of the Debian Installer, as no key presses or mouse events get
processed (Closes: #872598).
systemd (234-2) unstable; urgency=medium
[ Martin Pitt ]
* udev README.Debian: Fix name of example *.link file
[ Felipe Sateler ]
* test-condition: Don't assume that all non-root users are normal users.
Automated builders may run under a dedicated system user, and this test
would fail that.
[ Michael Biebl ]
* Revert "units: Tell login to preserve environment"
Environment=LANG= LANGUAGE= LC_CTYPE= ... as used in the getty units is
not unsetting the variables but instead sets it to an empty var. Passing
that environment to login messes up the system locale settings and
breaks programs like gpg-agent.
(Closes: #868695)
systemd (234-1) unstable; urgency=medium
[ Michael Biebl ]
* New upstream version 234
- tmpfiles: Create /var/log/lastlog if it does not exist.
(Closes: #866313)
- network: Bridge vlan without PVID. (Closes: #859941)
* Rebase patches
* Switch build system from autotools to meson.
Update the Build-Depends accordingly.
* Update fsckd patch for meson
* udev autopkgtest: no longer install test-udev binary manually.
This is now done by the upstream build system.
* Update symbols file for libsystemd0
* Update lintian override for systemd-tests.
Upstream now installs manual and unsafe tests in subdirectories of
/usr/lib/systemd/tests/, so ignore those as well.
* Bump Standards-Version to 4.0.0
* Change priority of libnss-* packages from extra to optional.
* Use UTF-8 locale when building the package.
Otherwise meson will be pretty unhappy when trying to process files with
unicode characters. Use C.UTF-8 as this locale is pretty much guaranteed
to be available everywhere.
* Mark test-timesync as manual.
The test tries to setup inotify watches for /run/systemd/netif/links
which fails in a buildd environment where systemd is not active.
* Do not link udev against libsystemd-shared.
We ship udev in a separate binary package, so can't use
libsystemd-shared, which is part of the systemd binary package.
* Avoid requiring a "kvm" system group.
This group is not universally available and as a result generates a
warning during boot. As kvm is only really useful if the qemu package is
installed and this package already takes care of setting up the proper
permissions for /dev/kvm, drop this rule from 50-udev-default.rules.
[ Martin Pitt ]
* udev README.Debian: Update transitional rules and mention *.link files.
- 01-mac-for-usb.link got replaced with 73-usb-net-by-mac.rules
- /etc/systemd/network/50-virtio-kernel-names.link is an upgrade
transition for VMs with virtio
- Describe *.link files as a simpler/less error prone (but also less
flexible) way of customizing interface names. (Closes: #868002)
systemd (233-10) unstable; urgency=medium
[ Martin Pitt ]
* Adjust var-lib-machines.mount target.
Upstream PR #6095 changed the location to
{remote-fs,machines}.target.wants, so just install all available ones.
[ Dimitri John Ledkov ]
* Fix out-of-bounds write in systemd-resolved.
CVE-2017-9445 (Closes: #866147, LP: #1695546)
[ Michael Biebl ]
* Be truly quiet in systemctl -q is-enabled (Closes: #866579)
* Improve RLIMIT_NOFILE handling.
Use /proc/sys/fs/nr_open to find the current limit of open files
compiled into the kernel instead of using a hard-coded value of 65536
for RLIMIT_NOFILE. (Closes: #865449)
[ Nicolas Braud-Santoni ]
* debian/extra/rules: Use updated U2F ruleset.
This ruleset comes from Yubico's libu2f-host. (Closes: #824532)
systemd (233-9) unstable; urgency=medium
* hwdb: Use path_join() to generate the hwdb_bin path.
This ensures /lib/udev/hwdb.bin gets the correct SELinux context. Having
double slashes in the path makes selabel_lookup_raw() return the wrong
context. (Closes: #851933)
* Drop no longer needed Breaks against usb-modeswitch
* Drop Breaks for packages shipping rcS init scripts.
This transition was completed in stretch.
systemd (233-8) experimental; urgency=medium
* Bump debhelper compatibility level to 10
* Drop versioned Build-Depends on dpkg-dev.
It's no longer necessary as even Jessie ships a new enough version.
* timesyncd: don't use compiled-in list if FallbackNTP has been configured
explicitly (Closes: #861769)
* resolved: fix null pointer p->question dereferencing.
This fixes a bug which allowed a remote DoS (daemon crash) via a crafted
DNS response with an empty question section.
Fixes: CVE-2017-9217 (Closes: #863277)
systemd (233-7) experimental; urgency=medium
[ Michael Biebl ]
* basic/journal-importer: Fix unaligned access in get_data_size()
(Closes: #862062)
* ima: Ensure policy exists before asking the kernel to load it
(Closes: #863111)
* Add Depends: procps to systemd.
It's required by /usr/lib/systemd/user/systemd-exit.service which calls
/bin/kill to stop the systemd --user instance. (Closes: #862292)
* service: Serialize information about currently executing command
(Closes: #861157)
* seccomp: Add clone syscall definitions for mips (Closes: #861171)
[ Dimitri John Ledkov ]
* ubuntu: disable dnssec on any ubuntu releases (LP: #1690605)
[ Felipe Sateler ]
* Specify nobody user and group.
Otherwise nss-systemd will translate to group 'nobody', which doesn't
exist on debian systems.
systemd (233-6) experimental; urgency=medium
[ Felipe Sateler ]
* Backport upstream PR #5531.
This delays opening the mdns and llmnr sockets until a network has enabled
them. This silences annoying messages when networkd receives such packets
without expecting them: Got mDNS UDP packet on unknown scope.
[ Martin Pitt ]
* resolved: Disable DNSSEC by default on stretch and zesty.
Both Debian stretch and Ubuntu zesty are close to releasing, switch to
DNSSEC=off by default for those. Users can still turn it back on with
DNSSEC=allow-downgrade (or even "yes").
[ Michael Biebl ]
* Add Conflicts against hal.
Since v183, udev no longer supports RUN+="socket:". This feature is
still used by hal, but now generates vast amounts of errors in the
journal. Thus force the removal of hal by adding a Conflicts to the udev
package. This is safe, as hal is long dead and no longer useful.
* Drop systemd-ui Suggests
systemd-ui is unmaintained upstream and not particularly useful anymore.
* journal: fix up syslog facility when forwarding native messages.
Native journal messages (_TRANSPORT=journal) typically don't have a
syslog facility attached to it. As a result when forwarding the
messages to syslog they ended up with facility 0 (LOG_KERN).
Apply syslog_fixup_facility() so we use LOG_USER instead.
(Closes: #837893)
* Split upstream tests into systemd-tests binary package (Closes: #859152)
* Get PACKAGE_VERSION from config.h.
This also works with meson and is not autotools specific.
[ Sjoerd Simons ]
* init-functions Only call daemon-reload when planning to redirect
systemctl daemon-reload is a quite a heavy operation, it will re-parse
all configuration and re-run all generators. This should only be done
when strictly needed. (Closes: #861158)
systemd (233-5) experimental; urgency=medium
* Do not throw a warning in emergency and rescue mode if plymouth is not
installed.
Ideally, plymouth should only be referenced via dependencies, not
ExecStartPre. This at least avoids the confusing error message on
minimal installations that do not carry plymouth.
* rules: Allow SPARC vdisk devices when identifying CD drives
(Closes: #858014)
systemd (233-4) experimental; urgency=medium
[ Martin Pitt ]
* udev autopkgtest: Drop obsolete sys.tar.xz fallback.
This was only necessary for supporting 232 as well.
* root-unittest: Drop obsolete FIXME comment.
* Add libpolkit-gobject-1-dev build dep for polkit version detection.
* Move systemd.link(5) to udev package.
.link files are being handled by udev, so it should ship the
corresponding manpage. Bump Breaks/Replaces accordingly. (Closes: #857270)
[ Michael Biebl ]
* Restart journald on upgrades (Closes: #851438)
* Avoid strict DM API versioning.
Compiling against the dm-ioctl.h header as provided by the Linux kernel
will embed the DM interface version number. Running an older kernel can
lead to errors on shutdown when trying to detach DM devices.
As a workaround, build against a local copy of dm-ioctl.h based on 3.13,
which is the minimum required version to support DM_DEFERRED_REMOVE.
(Closes: #856337)
systemd (233-3) experimental; urgency=medium
[ Michael Biebl ]
* Install D-Bus policy files in /usr
* Drop no longer needed maintainer scripts migration code and simplify
various version checks
* Fix location of installed tests
* Override package-name-doesnt-match-sonames lintian warning for libnss-*
* Don't ship any symlinks in /etc/systemd/system.
Those should be created dynamically via "systemctl enable".
[ Martin Pitt ]
* root-unittests autopkgtest: Skip test-udev.
It has its own autopkgtest and needs some special preparation. At some
point that should be merged into root-unittests, but let's quickfix this
to unbreak upstream CI.
systemd (233-2) experimental; urgency=medium
* test: skip instead of fail if crypto kmods are not available.
The Debian buildds have module loading disabled, thus AF_ALG sockets are
not available during build. Skip the tests that cover those (khash and
id128) instead of failing them in this case.
https://github.com/systemd/systemd/issues/5524
systemd (233-1) experimental; urgency=medium
[ Martin Pitt ]
* New upstream release 233:
- udev: Remove /run/udev/control on stop to avoid sendsigs to kill
udevd. (Closes: #791944)
- nspawn: Handle container directory symlinks. (Closes: #805785)
- Fix mount units to not become "active" when NFS mounts time out.
(Closes: #835810)
- hwdb: Rework path/priority comparison when loading files from /etc/
vs. /lib. (Closes: #845442)
- machinectl: Fix "list" command when failing to determine OS version.
(Closes: #849316)
- Support tilegx architecture. (Closes: #856306)
- systemd-sleep(8): Point out inhibitor interface as better alternative
for suspend integration. (Closes: #758279)
- journalctl: Improve error message wording when specifying boot
offset with ephemeral journal. (Closes: #839291)
* Install new systemd-umount and /usr/lib/environment.d/
* Use "make install-tests" for shipped unit tests
* Switch back to gold linker on mips*
Bug #851736 got fixed now.
* debian/rules: Drop obsolete SETCAP path
[ Michael Biebl ]
* Drop upstart jobs for udev
* Drop /sbin/udevadm compat symlink from udev-udeb and initramfs
* Drop Breaks and Replaces from pre-jessie
systemd (232-19) unstable; urgency=medium
[ Martin Pitt ]
* debian/README.source: Update patch and changelog handling to current
reality.
* root-unittests autopkgtest: Blacklist test-journal-importer.
This got added in a recent PR, but running this requires using "make
install-tests" which hasn't landed yet.
* fsckd: Fix format specifiers on 32 bit architectures.
* resolved: Fix NSEC proofs for missing TLDs (Closes: #855479)
* boot-and-services autopkgtest: Skip CgroupsTest on unified hierarchy.
* boot-smoke autopkgtest: Run in containers, too.
* logind autopkgtest: Adjust to work in containers.
[ Dimitri John Ledkov ]
* Fix resolved failing to follow CNAMES for DNS stub replies (LP: #1647031)
* Fix emitting change signals with a sessions property in logind
(LP: #1661568)
[ Michael Biebl ]
* If an automount unit is masked, don't react to activation anymore.
Otherwise we'll hit an assert sooner or later. (Closes: #856035)
[ Felipe Sateler ]
* resolved: add the new KSK to the built-in resolved trust anchor.
The old root key will be discarded in early 2018, so get this into
stretch.
* Backport some zsh completion fixes from upstream (Closes: #847203)
systemd (232-18) unstable; urgency=medium
* udev autopkgtest: Adjust to script-based test /sys creation.
PR #5250 changes from the static sys.tar.xz to creating the test /sys
directory with a script. Get along with both cases until 233 gets
released and packaged.
* systemd-resolved.service.d/resolvconf.conf: Don't fail if resolvconf is
not installed. ReadWritePaths= fails by default if the referenced
directory does not exist. This happens if resolvconf is not installed, so
use '-' to ignore the absence. (Closes: #854814)
* Fix two more seccomp issues.
* Permit seeing process list of units whose unit files are missing.
* Fix systemctl --user enable/disable without $XDG_RUNTIME_DIR being set.
(Closes: #855050)
systemd (232-17) unstable; urgency=medium
* Add libcap2-bin build dependency for tests. This will make
test_exec_capabilityboundingset() actually run. (Closes: #854394)
* Add iproute2 build dependency for tests. This will make
test_exec_privatenetwork() actually run; it skips if "ip" is not present.
(Closes: #854396)
* autopkgtest: Run all upstream unit tests as root.
Ship all upstream unit tests in libsystemd-dev, and run them all as root
in autopkgtest. (Closes: #854392) This also fixes the FTBFS on non-seccomp
architectures.
* systemd-resolved.service.d/resolvconf.conf: Allow writing to
/run/resolvconf. Upstream PR #5283 will introduce permission restrictions
for systemd-resolved.service, including the lockdown to writing
/run/systemd/. This will then cause the resolvconf call in our drop-in to
fail as that needs to write to /run/resolvconf/. Add this to
ReadWritePaths=. (This is a no-op with the current unrestricted unit).
systemd (232-16) unstable; urgency=medium
[ Martin Pitt ]
* Add autopkgtest for test-seccomp
* udev: Fix by-id symlinks for devices whose IDs contain whitespace
(Closes: #851164, LP: #1647485)
* Add lintian overrides for binary-or-shlib-defines-rpath on shipped test
programs. This is apparently a new lintian warning on which uploads get
rejected. These are only test programs, not in $PATH, and they need to
link against systemd's internal library.
[ Michael Biebl ]
* Fix seccomp filtering. (Closes: #852811)
* Do not crash on daemon-reexec when /run is full (Closes: #850074)
systemd (232-15) unstable; urgency=medium
* Add missing Build-Depends on tzdata.
It is required to successfully run the test suite. (Closes: #852883)
* Bump systemd Breaks to ensure it is upgraded in lockstep with udev.
The sandboxing features used by systemd-udevd.service require systemd
(>= 232-11). (Closes: #853078)
* Bump priority of libpam-systemd to standard.
This reflects the changes that have been made in the archive a while
ago. See #803184
systemd (232-14) unstable; urgency=medium
* Deal with NULL pointers more gracefully in unit_free() (Closes: #852202)
* Fix issues in journald during startup
systemd (232-13) unstable; urgency=medium
* Re-add versioned Conflicts/Replaces against upstart.
In Debian the upstart package was never split into upstart and
upstart-sysv, so we need to keep that for switching from upstart to
systemd-sysv. (Closes: #852156)
* Update Vcs-* according to the latest recommendation
* Update Homepage and the URLs in debian/copyright to use https
systemd (232-12) unstable; urgency=medium
* Fix build if seccomp support is disabled
* Enable seccomp support on ppc64
systemd (232-11) unstable; urgency=medium
[ Martin Pitt ]
* Fix RestrictAddressFamilies=
Backport upstream fix for setting up seccomp filters to fix
RestrictAddressFamilies= on non-amd64 architectures. Drop the hack from
debian/rules to remove this property from unit files.
See #843160
* Use local machine-id for running tests during package build.
Since "init" and thus "systemd" are not part of debootstrap any more,
some buildd chroots don't have an /etc/machine-id any more. Port the old
Add-env-variable-for-machine-ID-path.patch to the current code, use a
local machine-id again, and always make test suite failures fatal.
(Closes: #851445)
[ Michael Biebl ]
* gpt-auto-generator: support LUKS encrypted root partitions
(Closes: #851475)
* Switch to bfd linker on mips*
The gold linker is currently producing broken libraries on mips*
resulting in segfaults for users of libsystemd. Switch to bfd until
binutils has been fixed. (Closes: #851412)
* Revert "core: turn on specifier expansion for more unit file settings"
The expansion of the % character broke the fstab-generator and
specifying the tmpfs size as percentage of physical RAM resulted in the
size being set to 4k. (Closes: #851492)
* Drop obsolete Conflicts, Breaks and Replaces
* Require systemd-shim version which supports v232.
See #844785
[ Ondřej Nový ]
* Redirect try-restart in init-functions hook (Closes: #851688)
systemd (232-10) unstable; urgency=medium
* Add NULL sentinel to strjoin.
We haven't cherry-picked upstream commit 605405c6c which introduced a
strjoin macro that adds the NULL sentinel automatically so we need to do
it manually. (Closes: #851210)
systemd (232-9) unstable; urgency=medium
* Use --disable-wheel-group configure switch.
Instead of mangling the tmpfiles via sed to remove the wheel group, use
the configure switch which was added upstream in v230.
See https://github.com/systemd/systemd/issues/2492
* Update debian/copyright.
Bob Jenkins released the lookup3.[ch] files as public domain which means
there is no copyright holder.
* Drop fallback for older reportbug versions when attaching files
* debian/extra/init-functions.d/40-systemd: Stop checking for init env var.
This env variable is no longer set when systemd executes a service so
it's pointless to check for it.
* debian/extra/init-functions.d/40-systemd: Stop setting
_SYSTEMCTL_SKIP_REDIRECT=true.
It seems we don't actually need it to detect recursive loops (PPID is
sufficient) and by exporting it we leak _SYSTEMCTL_SKIP_REDIRECT into
the runtime environment of the service. (Closes: #802018)
* debian/extra/init-functions.d/40-systemd: Rename _SYSTEMCTL_SKIP_REDIRECT.
Rename _SYSTEMCTL_SKIP_REDIRECT to SYSTEMCTL_SKIP_REDIRECT to be more
consistent with other environment variables which are used internally by
systemd, like SYSTEMCTL_SKIP_SYSV.
* Various specifier resolution fixes.
Turn on specifier expansion for more unit file settings.
See https://github.com/systemd/systemd/pull/4835 (Closes: #781730)
systemd (232-8) unstable; urgency=medium
[ Martin Pitt ]
* Drop systemd dependency from libnss-myhostname again.
This NSS module is completely independent from systemd, unlike the other
three.
* Install 71-seat.rules into the initrd.
This helps plymouth to detect applicable devices. (Closes: #756109)
* networkd: Fix crash when setting routes.
* resolved: Drop removal of resolvconf entry on stop.
This leads to timeouts on shutdown via the resolvconf hooks and does not
actually help much -- /etc/resolv.conf would then just be empty instead of
having a nonexisting 127.0.0.53 nameserver, so manually stopping resolved
in a running system is broken either way. (LP: #1648068)
* Keep RestrictAddressFamilies on amd64.
This option and libseccomp currently work on amd64 at least, so let's make
sure it does not break there as well, and benefit from the additional
protection at least on this architecture.
* Explicitly set D-Bus policy dir.
This is about to change upstream in
https://github.com/systemd/systemd/pull/4892, but as explained in commit
2edb1e16fb12f4 we need to keep the policies in /etc/ until stretch+1.
[ Michael Biebl ]
* doc: Clarify NoNewPrivileges in systemd.exec(5). (Closes: #756604)
* core: Rework logic to determine when we decide to add automatic deps for
mounts. This adds a concept of "extrinsic" mounts. If mounts are
extrinsic we consider them managed by something else and do not add
automatic ordering against umount.target, local-fs.target,
remote-fs.target. (Closes: #818978)
* rules: Add persistent links for nbd devices. (Closes: #837999)
systemd (232-7) unstable; urgency=medium
[ Michael Biebl ]
* Mark liblz4-tool build dependency as <!nocheck>
* udev: Try mount -n -o move first
initramfs-tools is not actually using util-linux mount (yet), so making
mount -n --move the first alternative would trigger an error message if
users have built their initramfs without busybox support.
[ Alexander Kurtz ]
* debian/extra/kernel-install.d/85-initrd.install: Remove an unnecessary
variable. (Closes: #845977)
[ Martin Pitt ]
* Drop systemd-networkd's "After=dbus.service" ordering, so that it can
start during early boot (for cloud-init.service). It will auto-connect to
D-Bus once it becomes available later, and transient (from DHCP) hostname
and timezone setting do not currently work anyway. (LP: #1636912)
* Run hwdb/parse_hwdb.py during package build.
* Package libnss-systemd
* Make libnss-* depend on the same systemd package version.
systemd (232-6) unstable; urgency=medium
* Add policykit-1 test dependency for networkd-test.py.
* debian/rules: Don't destroy unit symlinks with sed -i.
Commit 21711e74 introduced a "sed -i" to remove RestrictAddressFamilies=
from units. This also caused unit symlinks to get turned into real files,
causing D-Bus activated services like timedated to fail ("two units with
the same D-Bus name").
* Fall back to "mount -o move" in udev initramfs script
klibc's mount does not understand --move, so for the time being we need to
support both variants. (Closes: #845161)
* debian/README.Debian: Document how to generate a shutdown log.
Thanks ç©ä¸¹å°¼ Dan Jacobson. (Closes: #826297)
systemd (232-5) unstable; urgency=medium
* Add missing liblz4-tool build dependency.
Fixes test-compress failure during package build.
* systemd: Ship /var/lib.
This will soon contain a polkit pkla file.
systemd (232-4) unstable; urgency=medium
[ Martin Pitt ]
* debian/tests/unit-config: Query pkg-config for system unit dir.
This fixes confusion on merged-/usr systems where both /usr/lib/systemd and
/lib/systemd exist. It's actually useful to verify that systemd.pc says the
truth.
* debian/tests/upstream: Fix clobbering of merged-/usr symlinks
* debian/tests/systemd-fsckd: Create /etc/default/grub.d if necessary
* debian/rules: Drop check for linking to libs in /usr.
This was just an approximation, as booting without an initrd could still be
broken by library updates (e. g. #828991). With merged /usr now being the
default this is now completely moot.
* Move kernel-install initrd script to a later prefix.
60- does not leave much room for scripts that want to run before initrd
building (which is usually one of the latest things to do), so bump to 85.
Thanks to Sjoerd Simons for the suggestion.
* Disable 99-default.link instead of the udev rule for disabling persistent
interface names.
Disabling 80-net-setup-link.rules will also cause ID_NET_DRIVER to not be
set any more, which breaks 80-container-ve.network and matching on driver
name in general. So disable the actual default link policy instead. Still
keep testing for 80-net-setup-link.rules in the upgrade fix and
73-usb-net-by-mac.rules to keep the desired behaviour on systems which
already disabled ifnames via that udev rule.
See https://lists.freedesktop.org/archives/systemd-devel/2016-November/037805.html
* debian/tests/boot-and-services: Always run seccomp test
seccomp is now available on all architectures on which Debian and Ubuntu
run tests, so stop making this test silently skip if seccomp is disabled.
* Bump libseccomp build dependency as per configure.ac.
* Replace "Drop RestrictAddressFamilies=" patch with sed call.
With that it will also apply to upstream builds/CI, and it is structurally
simpler.
* Rebuild against libseccomp with fixed shlibs. (Closes: #844497)
[ Michael Biebl ]
* fstab-generator: add x-systemd.mount-timeout option. (Closes: #843989)
* build-sys: do not install ctrl-alt-del.target symlink twice.
(Closes: #844039)
* Enable lz4 support.
While the compression rate is not as good as XZ, it is much faster, so a
better default for the journal and especially systemd-coredump.
(Closes: #832010)
[ Felipe Sateler ]
* Enable machines.target by default. (Closes: #806787)
[ Evgeny Vereshchagin ]
* debian/tests/upstream: Print all journal files.
We don't print all journal files. This is misleading a bit:
https://github.com/systemd/systemd/pull/4331#issuecomment-252830790
https://github.com/systemd/systemd/pull/4395#discussion_r87948836
[ Luca Boccassi ]
* Use mount --move in initramfs-tools udev script.
Due to recent changes in busybox and initramfs-tools the mount
utility is no longer the one from busybox but from util-linux.
The latter does not support mount -o move.
The former supports both -o move and --move, so use it instead to be
compatible with both.
See this discussion for more details:
https://bugs.debian.org/823856 (Closes: #844775)
systemd (232-3) unstable; urgency=medium
[ Felipe Sateler ]
* Make systemd-delta less confused on merged-usr systems. (Closes: #843070)
* Fix wrong paths for /bin/mount when compiled on merged-usr system.
Then the build system finds /usr/bin/mount which won't exist on a
split-/usr system. Set the paths explicitly in debian/rules and drop
Use-different-default-paths-for-various-binaries.patch. (Closes: #843433)
[ Martin Pitt ]
* debian/tests/logind: Split out "pid in logind session" test
* debian/tests/logind: Adjust "in logind session" test for unified cgroup
hierarchy
* debian/tests/boot-and-services: Check common properties of CLI programs.
Verify that CLI programs have a sane behaviour and exit code when being
called with --help, --version, or an invalid option.
* nspawn: Fix exit code for --help and --version (Closes: #843544)
* core: Revert using the unified hierarchy for the systemd cgroup.
Too many things don't get along with it yet, like docker, LXC, or runc.
(Closes: #843509)
systemd (232-2) unstable; urgency=medium
* Drop RestrictAddressFamilies from service files.
RestrictAddressFamilies= is broken on 32bit architectures and causes
various services to fail with a timeout, including
systemd-udevd.service.
While this might actually be a libseccomp issue, remove this option for
now until a proper solution is found. (Closes: #843160)
systemd (232-1) unstable; urgency=medium
[ Martin Pitt ]
* New upstream release 232:
- Fix "systemctl start" when ReadWriteDirectories is a symlink
(Closes: ##792187)
- Fix "journalctl --setup-keys" output (Closes: #839097)
- Run run sysctl service if /proc/sys/net is writable, for containers
(Closes: #840529)
- resolved: Add d.f.ip6.arpa to the DNSSEC default negative trust anchors
(Closes: #834453)
* debian/tests/logind: Copy the current on-disk unit instead of the
on-memory one.
* Build sd-boot on arm64. gnu-efi is available on arm64 now.
(Closes: #842617)
* Link test-seccomp against seccomp libs to fix FTBFS
* debian/rules: Remove nss-systemd (until we package it)
* Install new systemd-mount
[ Michael Biebl ]
* Install new journal-upload.conf man pages in systemd-journal-remote
systemd (231-10) unstable; urgency=medium
[ Martin Pitt ]
* systemctl: Add --wait option to wait until started units terminate again.
* nss-resolve: return NOTFOUND instead of UNAVAIL on resolution errors.
This makes it possible to configure a fallback to "dns" without breaking
DNSSEC, with "resolve [!UNAVAIL=return] dns".
* libnss-resolve.postinst: Skip dns fallback if resolve is present.
Only fall back to "dns" if nss-resolve is not installed (for the
architecture of the calling program). Once it is, we never want to fall
back to "dns" as that breaks enforcing DNSSEC verification and also
pointlessly retries NXDOMAIN failures. (LP: #1624071)
* unit: sent change signal before removing the unit if necessary
(LP: #1632964)
* networkd: Fix assertion crash on adding VTI with IPv6 addresses
(LP: #1633274)
* debian/tests/upstream: Stop specifying initrd, it is autodetected now.
* debian/tests/upstream: Add gcc/libc-dev/make test dependencies,
so that the tests can build helper binaries.
[ Felipe Sateler ]
* Explicitly disable installing the upstream-provided PAM configuration.
* Register interest in the status of dracut and initramfs-tools in reportbug
template
[ Michael Biebl ]
* Stop creating systemd-update-utmp-runlevel.service symlinks manually
systemd (231-9) unstable; urgency=medium
* pid1: process zero-length notification messages again.
Just remove the assertion, the "n" value was not used anyway. This fixes
a local DoS due to unprocessed/unclosed fds which got introduced by the
previous fix. (Closes: #839171) (LP: #1628687)
* pid1: Robustify manager_dispatch_notify_fd()
* test/networkd-test.py: Add missing writeConfig() helper function.
systemd (231-8) unstable; urgency=medium
[ Martin Pitt ]
* Replace remaining systemctl --failed with --state=failed
"--failed" is deprecated in favor of --state.
* debian/shlibs.local.in: More precisely define version of internal shared
lib.
* debian/tests/upstream: Drop blacklisting
These tests now work fine without qemu.
* debian/tests/storage: Avoid rmmod scsi_debug (LP: #1626737)
* upstream build system: Install libudev, libsystemd, and nss modules to
${rootlibdir}. Drop downstream workaround from debian/rules.
* Ubuntu: Disable resolved's DNSSEC for the final 16.10 release.
Resolved's DNSSEC support is still not mature enough, and upstream
recommends to disable it in stable distro releases still.
* Fix abort/DoS on zero-length notify message triggers (LP: #1628687)
* resolved: don't query domain-limited DNS servers for other domains
(LP: #1588230)
[ Antonio Ospite ]
* Update systemd-user pam config to require pam_limits.so.
(Closes: #838191)
systemd (231-7) unstable; urgency=medium
[ Michael Biebl ]
* fsckd: Do not exit on idle timeout if there are still clients connected
(Closes: #788050, LP: #1547844)
[ Martin Pitt ]
* 73-usb-net-by-mac.rules: Split kernel command line import line.
Reportedly this makes the rule actually work on some platforms. Thanks Alp
Toker! (LP: #1593379)
* debian/tests/boot-smoke: Only run 5 iterations
* systemd.postinst: Drop obsolete setcap call for systemd-detect-virt.
Drop corresponding libcap2-bin dependency.
* debian/tests/systemd-fsckd: Robustify check for "unit was running"
(LP: #1624406)
* debian/extra/set-cpufreq: Use powersave with intel_pstate.
This is what we did on xenial, and apparently powersave is still actually
better than performance. Thanks to Doug Smythies for the measurements!
(LP: #1579278)
* Ubuntu: Move ondemand.service from static to runtime enablement.
This makes it easier to keep performance, by disabling ondemand.service.
Side issue in LP: #1579278
* Revert "networkd: remove route if carrier is lost"
This causes networkd to drop addresses from unmanaged interfaces in some
cases. (Closes: #837759)
* debian/tests/storage: Avoid stderr output of stopping systemd-cryptsetup@.service
* libnss-*.prerm: Remove possible [key=value] options from NSS modules as well.
(LP: #1625584)
systemd (231-6) unstable; urgency=medium
[ Martin Pitt ]
* Add alternative iptables-dev build dependencies
libiptc-dev is very new and not yet present in stable Debian/Ubuntu releases.
Add it as a fallback build dependency for backports and upstream tests.
* Detect if seccomp is enabled but seccomp filtering is disabled
(Closes: #832713)
* resolved: recognize DNS names with more than one trailing dot as invalid
(LP: #1600000)
* debian/tests/smoke: Store udev db dump artifact on failure
* networkd: limit the number of routes to the kernel limit
* systemctl: consider service running only when it is in active or reloading state
* networkd: remove route if carrier is lost
* Add Ref()/Unref() bus calls for units
[ Felipe Sateler ]
* git-cherry-pick: always recreate the patch-queue branch.
[ Dimitri John Ledkov ]
* Use idiomatic variables from dpkg include.
systemd (231-5) unstable; urgency=medium
[ Iain Lane ]
* Let graphical-session-pre.target be manually started (LP: #1615341)
[ Felipe Sateler ]
* Add basic version of git-cherry-pick
* Replace Revert-units-add-a-basic-SystemCallFilter-3471.patch with upstream
patch
* sysv-generator: better error reporting. (Closes: #830257)
[ Martin Pitt ]
* 73-usb-net-by-mac.rules: Test for disabling 80-net-setup-link.rules more
efficiently. Stop calling readlink at all and just test if
/etc/udev/rules.d/80-net-setup-link.rules exists -- a common way to
disable an udev rule is to just "touch" it in /etc/udev/rule.d/ (i. e.
empty file), and if the rule is customized we cannot really predict anyway
if the user wants MAC-based USB net names or not. (LP: #1615021)
* Ship kernel-install (Closes: #744301)
* Add debian/extra/kernel-install.d/60-initrd.install.
This kernel-install drop-in copies the initrd of the selected kernel to
the EFI partition.
* bootctl: Automatically detect ESP partition.
This makes bootctl work with Debian's /boot/efi/ mountpoint without having
to explicitly specify --path.
Patches cherry-picked from upstream master.
* systemd.NEWS: Point out that alternatively rcS scripts can be moved to
rc[2-5]. Thanks to Petter Reinholdtsen for the suggestion!
[ Michael Biebl ]
* Enable iptables support (Closes: #787480)
* Revert "logind: really handle *KeyIgnoreInhibited options in logind.conf"
The special 'key handling' inhibitors should always work regardless of
any *IgnoreInhibited settings – otherwise they're nearly useless.
Update man pages to clarify that *KeyIgnoreInhibited only apply to a
subset of locks (Closes: #834148)
systemd (231-4) unstable; urgency=medium
* Revert "pid1: reconnect to the console before being re-executed"
This unbreaks consoles after "daemon-reexec". (Closes: #834367)
systemd (231-3) unstable; urgency=medium
* resolved resolvconf integration: Run resolvconf without privilege
restrictions. On some architectures (at least ppc64el), running resolvconf
does not work with MemoryDenyWriteExecute=yes. (LP: #1609740)
* Revert unit usage of MemoryDenyWriteExecute=yes. This is implemented
through seccomp as well. (Closes: #832713)
systemd (231-2) unstable; urgency=medium
[ Martin Pitt ]
* debian/rules: Fix UPSTREAM_VERSION for upstream master builds
* Limit "link against /usr" check to some critical binaries only and add
generators
* debian/rules: Put back cleanup of *.busname (Closes: #833487)
* debian/tests/localed-x11-keymap: Robustify cleanup
* debian/tests/localed-x11-keymap: Check that localed works without
/etc/default/keyboard. This reproduces #833849.
* Revert "units: add a basic SystemCallFilter (#3471)"
This causes fatal failures on kernels that don't have seccomp enabled.
This can be reactivated once
https://github.com/systemd/systemd/issues/3882 is fixed.
(Closes: #832713, #832893)
[ Simon McVittie ]
* localed: tolerate absence of /etc/default/keyboard.
The debian-specific patch to read Debian config files was not tolerating
the absence of /etc/default/keyboard. This causes systemd-localed to
fail to start on systems where that file isn't populated (like embedded
systems without keyboards). (Closes: #833849)
systemd (231-1) unstable; urgency=low
[ Martin Pitt ]
* New upstream release 231:
- Fix "Failed to create directory /str/sys/fs/selinux: Read-only file
system" warning. (Closes: #830693)
* systemd.postinst: Remove systemd-networkd-resolvconf-update.path removal
leftover. (Closes: #830778)
* Drop support for rcS.d SysV init scripts.
These are prone to cause dependency loops, and almost all packages with
rcS scripts now ship a native systemd service.
* networkd: Handle router advertisements in userspace again.
Drop Revert-Revert-networkd-ndisc-revert-to-letting-the-k.patch.
Bug #814566/#815586 got fixed in 230, and #815884 and #815884 and #815793
are unreproducible and need more reporter feedback.
* debian/gbp.conf: Enable dch options "full" and "multimaint-merge"
* systemd-sysv: Add Conflicts: systemd-shim.
To avoid shim trying to claim the D-Bus interfaces.
* Add graphical-session.target user unit.
* Add graphical-session-pre.target user unit
* Add debian/extra/units-ubuntu/user@.service.d/timeout.conf.
This avoids long hangs during shutdown if user services fail/hang due to
X.org going away too early. This is mostly a workaround, so only install
for Ubuntu for now.
* Dynamically add upstream version to debian/shlibs.local
* Set Debian/Ubuntu downstream support URL in journal catalogs
(Closes: #769187)
[ Michael Biebl ]
* Restrict Conflicts: openrc to << 0.20.4-2.1.
Newer versions of openrc no longer ship conflicting implementations of
update-rc.d/invoke-rc.d.
* Add Depends: dbus to systemd-container.
This is required for systemd-machined and systemd-nspawn to work
properly. (Closes: #830575)
* Drop insserv.conf generator.
We no longer parse /etc/insserv.conf and /etc/insserv.conf.d/* and
augment services with that dependency information via runtime drop-in
files. Services which want to provide certain system facilities need to
pull in the corresponding targets themselves. Either directly in the
native service unit or by shipping a drop-in snippet for SysV init
scripts. (Closes: #825858)
* getty-static.service: Only start if we have a working VC subsystem.
Use ConditionPathExists=/dev/tty0, the same check as in getty@.service,
to determine whether we have a functional VC subsystem and we should
start any gettys. (Closes: #824779)
* Stop mentioning snapshot and restore in the package description.
Support for the .snapshot unit type has been removed upstream.
* Drop sigpwr-container-shutdown.service.
This is no longer necessary as lxc-stop has been fixed to use SIGRTMIN+3
to shut down systemd based LXC containers.
https://github.com/lxc/lxc/pull/1086
https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
[ Felipe Sateler ]
* Add versioned breaks for packages shipping rcS init scripts
systemd (230-7) unstable; urgency=medium
* Tell dh_shlibdeps to look in the systemd package for libraries. Otherwise
dpkg-shlibdeps fails to find libsystemd-shared as we no longer create a
shlibs file for it.
* Add Build-Depends-Package to libudev1.symbols and libsystemd0.symbols.
This ensures proper dependencies when a package has a Build-Depends on a
higher version of libudev-dev or libsystemd-dev then what it gets from the
used symbols.
systemd (230-6) unstable; urgency=medium
[ Martin Pitt ]
* debian/tests/boot-smoke: Stop running in containers again, too unreliable
on Ubuntu s390x right now.
[ Michael Biebl ]
* Bump Build-Depends on debhelper to (>= 9.20160114), required for
--dbgsym-migration support.
* Install test-udev binary into $libdir/udev/ not $libdir. Only libraries
should be installed directly into $libdir.
* Exclude libsystemd-shared from dh_makeshlibs.
[ Felipe Sateler ]
* Do not install libsystemd-shared.so symlink
* {machine,system}ctl: always pass &changes and &n_changes (Closes: #830144)
[ Michael Prokop ]
* debian/tests/logind: Ensure correct version of logind is running.
systemd (230-5) unstable; urgency=medium
[ Martin Pitt ]
* Sync test/networkd-test.py with current upstream master, and remove our
debian/tests/networkd copy. Directly run test/networkd-test.py in
autopkgtest.
* debian/extra/rules/73-usb-net-by-mac.rules: Disable when
/etc/udev/rules.d/80-net-setup-link.rules is a symlink to /dev/null, to be
consistent with the documented way to disable ifnames. (Closes: #824491,
LP: #1593379)
* debian/rules: Ignore libcap-ng.so in the "does anything link against /usr"
check, to work around libaudit1 recently gaining a new dependency against
that library (#828991). We have no influence on that ourselves. This fixes
the FTBFS in the meantime.
[ Felipe Sateler ]
* Convert common code into a private shared library. This saves about 9 MB
of installed size in the systemd package, and some more in systemd-*.
systemd (230-4) unstable; urgency=medium
[ Martin Pitt ]
* tmp.mount: Add nosuid and nodev mount options. This restores compatibility
with the original SysV int RAMTMP defaults. (Closes: #826377)
* debian/tests/upstream: Some tests fail on platforms without QEMU at the
moment due to upstream PR#3587; blacklist these for now if QEMU is not
available.
* debian/rules: Don't run the "anything links against /usr" check for
upstream tests, as those run on Ubuntu 16.04 LTS which does not yet have
libidn moved to /lib.
* debian/tests/upstream: Clean up old journals before running a test, to
avoid printing a wrong one on failure.
* debian/tests/upstream: Do not run the QEMU tests on i386. Nested QEMU on
i386 causes testbed hangs on Ubuntu's cloud infrastructure, which is the
only place where these actually run.
* resolved: Fix SERVFAIL handling and introduce a new "Cache=" option to
disable local caching.
* resolved: Support IPv6 zone indices in resolv.conf. (LP: #1587489)
* resolved: Update resolv.conf when calling SetLinkDNS().
* debian/tests/storage: Sync and settle udev after luksFormat, to reduce the
chance of seeing some half-written signatures.
* debian/tests/networkd: Stop skipping the two DHCP6 tests, this regression
seems to have been fixed now.
* resolved: respond to local resolver requests on 127.0.0.53:53. This
provides compatibility with clients that don't use NSS but do DNS queries
directly, such as Chrome.
* resolved: Don't add route-only domains to /etc/resolv.conf.
* systemd-resolve: Add --flush-caches and --status commands.
* Add debian/extra/units/systemd-resolved.service.d/resolvconf.conf to tell
resolvconf about resolved's builtin DNS server on 127.0.0.53. With that,
DNS servers picked up via networkd are respected when using resolvconf,
and software like Chrome that does not do NSS (libnss-resolve) still gets
proper DNS resolution. Drop the brittle and ugly
systemd-networkd-resolvconf-update.{path,service} hack instead.
* debian/tests/boot-smoke: Run in containers as well.
[ Laurent Bigonville ]
* Build with IDN support. (Closes: #814528)
systemd (230-3) unstable; urgency=medium
[ Martin Pitt ]
* debian/tests/boot-and-services: Adjust test_tmp_mount() for fixed
systemctl exit code for "unit not found" in upstream commit ca473d57.
* debian/tests/boot-and-services, test_no_failed(): Show journal of failed
units.
* debian/extra/init-functions.d/40-systemd: Adjust to changed systemctl
show behaviour in 231: now this fails for nonexisting units instead of
succeeding with "not-found". Make the code compatible to both for now.
* Fix networkd integration with resolvconf for domain-limited DNS servers,
so that these don't appear as global nameservers in resolv.conf. Thanks
Andy Whitcroft for the initial fix! Add corresponding test case to
debian/tests/networkd. (LP: #1587762)
* resolved: Fix comments in resolve.conf for search domain overflows.
(LP: #1588229)
* On Ubuntu, provide an "ondemand.service" that replaces
/etc/init.d/ondemand. The latter does not exist any more when
"initscripts" falls out of the default installation. (LP: #1584124) This
now does not do a fixed one-minute wait but uses "Type=idle" instead. This
also becomes a no-op when the CPU supports "intel_pstate" (≤ 5 years old),
as on these the ondemand/powersave schedulers are actually detrimental.
(LP: #1579278)
* debian/systemd-container.install: Drop *.busname installation, they are
going away upstream.
* debian/extra/init-functions.d/40-systemd: Do not call systemctl
daemon-reload if the script is called as user (like reportbug does). Also
make sure that daemon-reload will not invoke polkit.
* Install test-udeb from .libs, to avoid installing the automake shell
wrapper.
* Fix transaction restarting in resolved to avoid async processing of
free'd transactions.
(Closes: #817210, LP: #1587727, #1587740, #1587762, #1587740)
* Add "upstream" autopkgtest that runs the test/TEST* upstream integration
tests in QEMU and nspawn.
* Build systemd-sysusers binary, for using in rkt. Do not ship the
corresponding unit and sysusers.d/ files yet, as these need some
Debianization and an autopkgtest. (Closes: #823322)
* debian/tests/systemd-fsckd: Adjust was_running() to also work for version
230.
[ Michael Biebl ]
* Add "systemctl daemon-reload" to lsb init-functions hook if the LoadState
of a service is "not-found". This will run systemd-sysv-generator, so SysV
init scripts that aren't installed by the package manager should be picked
up automatically. (Closes: #825913)
* automount: handle expire_tokens when the mount unit changes its state.
(Closes: #826512)
* debian/systemd.preinst: Correctly determine whether a service is enabled.
Testing for the return code alone is not sufficient as we need to
differentiate between "generated" and "enabled" services.
(Closes: #825981)
[ Felipe Sateler ]
* Drop configure option --disable-compat-libs. It no longer exists.
* Add policykit-1 to Suggests. It is used to allow unprivileged users to
execute certain commands. (Closes: #827756)
systemd (230-2) unstable; urgency=medium
[ Martin Pitt ]
* Don't add a Breaks: against usb-modeswitch when building on Ubuntu; there
it does not use hotplug.functions and is a lower version.
* boot-and-services autopkgtest: Add missing xserver-xorg and
lightdm-greeter test dependencies, so that lightdm can start.
(See LP #1581106)
* Re-disable logind's KillUserProcesses option by default. (Closes: #825394)
[ Michael Biebl ]
* Drop --disable-silent-rules from debian/rules. This is now handled by dh
directly depending on whether the DH_QUIET environment variable is set.
systemd (230-1) unstable; urgency=medium
[ Martin Pitt ]
* New upstream release 230.
- Fix rare assertion failure in hashmaps. (Closes: #816612)
- Fix leaking scope units. (Closes: #805477)
- Fix wrong socket ownership after daemon-reload. (LP: #1577001)
- udev: Fix touch screen detection. (LP: #1530384)
* Drop cmdline-upstart-boot autopkgtest. It was still needed up to Ubuntu
16.04 LTS, but upstart-sysv is not supported any more in Debian and Ubuntu
now.
* udev: Drop hotplug.functions, now that the last remaining user of this got
fixed. Add appropriate versioned Breaks:.
* debian/extra/rules/70-debian-uaccess.rules: Add some more FIDO u2f devices
from different vendors. Thanks Atoyama Tokanawa.
* Remove "bootchart" autopkgtest, this upstream version does not ship
bootchart any more. It will be packaged separately.
[ Michael Biebl ]
* Drop obsolete --disable-bootchart configure switch from udeb build.
* Remove obsolete /etc/systemd/bootchart.conf conffile on upgrades.
systemd (229-6) unstable; urgency=medium
* systemd-container: Prefer renamed "btrfs-progs" package name over
"btrfs-tools". (Closes: #822629)
* systemd-container: Recommend libnss-mymachines. (Closes: #822615)
* Drop systemd-dbg, in favor of debhelpers' automatic -dbgsym packages.
* Drop Add-targets-for-compatibility-with-Debian-insserv-sy.patch; we don't
need $x-display-manager any more as most/all DMs ship native services, and
$mail-transport-agent is not widely used (not even by our default MTA
exim4).
* Unify our two patches for Debian specific configuration files.
* Drop udev-re-enable-mount-propagation-for-udevd.patch, i. e. run udevd in
its own slave mount name space again. laptop-mode-tools 1.68 fixed the
original bug (#762018), thus add a Breaks: to earlier versions.
* Ship fbdev-blacklist.conf in /lib/modprobe.d/ instead of /etc/modprobe.d/;
remove the conffile on upgrades.
* Replace util-Add-hidden-suffixes-for-ucf.patch with patch that got
committed upstream.
* Replace Stop-syslog.socket-when-entering-emergency-mode.patch with patch
that got committed upstream.
* debian/udev.README.Debian: Adjust documentation of MAC based naming for
USB network cards to the udev rule, where this was moved to in 229-5.
* debian/extra/init-functions.d/40-systemd: Invoke status command with
--no-pager, to avoid blocking scripts that call an init.d script with
"status" with an unexpected pager process. (Closes: #765175, LP: #1576409)
* Add debian/extra/rules/70-debian-uaccess.rules: Make FIDO U2F dongles
accessible to the user session. This avoids having to install libu2f-host0
(which isn't discoverable at all) to make those devices work.
(LP: #1387908)
* libnss-resolve: Enable systemd-resolved.service on package installation,
as this package makes little sense without resolved.
* Add a DHCP exit hook for pushing received NTP servers into timesyncd.
(LP: #1578663)
* debian/udev.postinst: Fix migration check from the old persistent-net
generator to not apply to chroots. (Closes: #813141)
* Revert "enable TasksMax= for all services by default, and set it to 512".
Introducing a default limit on number of threads broke a lot of software
which regularly needs more, such as MySQL and RabbitMQ, or services that
spawn off an indefinite number of subtasks that are not in a scope, like
LXC or cron. 512 is way too much for most "simple" services, and it's way
too little for the ones mentioned above. Effective (and much stricter)
limits should instead be put into units individually.
(Closes: #823530, LP: #1578080)
* Split out udev rule to name USB network interfaces by MAC address into
73-usb-net-by-mac.rules, so that it's easier to disable. (Closes: #824025)
* 73-usb-net-by-mac.rules: Disable when net.ifnames=0 is specified on the
kernel command line, to be consistent with disabling the *.link files.
* 73-special-net-names.rule: Name the IBM integrated management module
virtual USB network card "ibmimm". Thanks Marco d'Itri!
systemd (229-5) unstable; urgency=medium
* debian/tests/unit-config: Call "daemon-reload" to clean up generated units
in between tests.
* debian/tests/unit-config: Check that enable/disable commands are
idempotent.
* debian/tests/unit-config: Detect if system units are in /usr/, so that the
test works on systems with merged /usr.
* debian/tests/unit-config: Use systemd-sysv-install instead of update-rc.d
directly, so that the test works under Fedora too.
* debian/tests/unit-config: Check disabling of a "systemctl link"ed unit,
and check "systemctl enable" on a unit with full path which is not in the
standard directories.
* Rename debian/extra/rules/73-idrac.rules to 73-special-net-names.rules, as
it is going to get rules for other devices. Also install it into the
initramfs.
* debian/extra/rules/73-special-net-names.rules: Add DEVPATH number based
naming schema for ibmveth devices. (LP: #1561096)
* Don't set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 devmapper
devices with "change" events, as this causes spurious unmounting with
multipath devices. (LP: #1565969)
* Fix bogus "No [Install] section" warning when enabling a unit with full
path. (LP: #1563590)
* debian/tests/cmdline-upstart-boot: In test_rsyslog(), check for messages
from dbus instead of NetworkManager. NM 1.2 does not seem to log to syslog
by default any more.
* Bump Standards-Version to 3.9.8 (no changes necessary).
* debian/tests/boot-smoke: Add some extra debugging if there are pending
jobs after 10s, to figure out why lightdm is sometimes "restarting".
(for LP #1571673)
* debian/tests/boot-smoke: Configure dummy X.org driver (like in the
boot-and-services test), to avoid lightdm randomly fail. (LP: #1571673)
* Move Debian specific patches into debian/patches/debian (which translates
to "Gbp-Pq: Topic debian" with pq). This keeps upstream vs. Debian
patches separated without the comments in debian/patches/series (which
always get removed by "pq export").
* Don't ship an empty /etc/X11/xinit/xinitrc.d/ directory, this isn't
supported in Debian. (Closes: #822198)
* udev: Mark nbd as inactive until connected. (Closes: #812485)
* On shutdown, unmount /tmp before disabling swap. (Closes: #788303)
* debian/systemd-coredump.postinst: Do daemon-reload before starting
systemd-coredump, as the unit file may have changed on upgrades.
(Closes: #820325)
* Set MAC based name for USB network interfaces only for universally
administered (i. e. stable) MACs, not for locally administered (i. e.
randomly generated) ones. Drop /lib/systemd/network/90-mac-for-usb.link
(as link files don't currently support globs for MACAddress=) and replace
with an udev rule in /lib/udev/rules.d/73-special-net-names.rules.
(Closes: #812575, LP: #1574483)
systemd (229-4) unstable; urgency=medium
* Fix assertion crash when processing a (broken) device without a sysfs
path. (Closes: #819290, LP: #1560695)
* Fix crash when shutdown is issued from a non-tty. (LP: #1553040)
* networkd: Stay running while any non-loopback interface is up.
(Closes: #819414)
* Fix reading uint32 D-Bus properties on big-endian.
* Fix crash if an udev device has many tags or devlinks. (LP: #1564976)
* systemctl, loginctl, etc.: Don't start polkit agent when running as root.
(LP: #1565617)
* keymap: Add Add HP ZBook (LP: #1535219) and HP ProBook 440 G3.
* systemd.resource-control.5: Fix links to cgroup documentation on
kernel.org. (Closes: #819970)
* Install test-udev into libudev-dev, so that we have it available for
autopkgtests.
* Add "udev" autopkgtest for running the upstream test/udev-test.pl.
systemd (229-3) unstable; urgency=medium
[ Martin Pitt ]
* debian/tests/timedated: Add tests for "timedatectl set-local-rtc".
* Be more tolerant in parsing /etc/adjtime.
* debian/systemd.postinst: Don't fail package installation if systemctl
daemon-reload trigger fails. This does not fix the root cause of the
reload failures, but at least causes fewer packages to be in a broken
state after upgrade, so that a reboot or apt-get -f install have a much
higher chance in succeeding. (For bugs like LP #1502097 or LP #1447654)
* debian/tests/networkd: Skip test_hogplug_dhcp_ip6 when running against
upstream as well.
* debian/tests/boot-and-services: Wait for units to stop with a "systemctl
is-active" loop instead of static sleeps.
* debian/tests/networkd: Skip DHCPv6 tests for downstream packages too. This
is an actual regression in networkd-229, to be investigated. But this
shouldn't hold up reverse dependencies.
* Fix assertion in add_random(). (LP: #1554861)
* debian/tests/boot-and-services: Don't assert on "Stopped Container c1"
message in NspawnTests.test_service(), this is sometimes not present. Just
check that the unit did not fail.
* Add "adduser" dependency to systemd-coredump, to quiesce lintian.
* Bump Standards-Version to 3.9.7 (no changes necessary).
* Fix timespec parsing by correctly initializing microseconds.
(Closes: #818698, LP: #1559038)
* networkd: Add fallback if FIONREAD is not supported. (Closes: #818488)
* Cherry-pick various fixes from upstream master.
- Fixes logout when changing the current target. (Closes: #805442)
[ Evgeny Vereshchagin ]
* debian/tests/boot-and-services: Search systemd-coredump's output by
SYSLOG_IDENTIFIER.
* Add missing "Recommends: btrfs-tools" to systemd-container.
* Add systemd-coredump postinst/prerm to start/stop systemd-coredump.socket
without a reboot. (Closes: #816767)
[ Felipe Sateler ]
* Set the paths of loadkeys and setfont via configure arguments, not a patch
systemd (229-2) unstable; urgency=medium
* time-util: map ALARM clockids to non-ALARM clockids in now(), to work on
architectures which don't support CLOCK_BOOTTIME_ALARM. Fixes FTBFS on
many architectures.
* debian/systemd.postinst: Add missing newline to /etc/adjtime migration.
(See #699554)
* debian/systemd.postinst: Only try to enable tmp.mount if we actually
copied it to /etc. Don't try to enable a generated unit. (LP: #1545707)
* debian/tests/boot-and-services: Increase timeouts of test_bash_crash from
5 to 10 seconds, and sync the journal after every iteration.
* debian/extra/checkout-upstream: Try again after one minute if git checkout
fails, to avoid failures from transient network errors.
* debian/tests/systemd-fsckd: Use grub.d/50-cloudimg-settings.cfg as a
template for generating our custom one instead of 90-autopkgtest.cfg. The
latter does not exist on non-x86 architectures and is not relevant for
this test.
* debian/tests/boot-and-services: Skip journal test for test_bash_crash when
running against upstream, as this currently fails most of the time. To be
investigated.
* debian/tests/networkd: Skip test_coldplug_dhcp_ip6 when running against
upstream, as this is brittle there. To be investigated.
* debian/tests/bootchart: Skip test if bootchart is not available or
testing in upstream mode. bootchart got removed from master and will be
moved to a separate repository.
* debian/tests/boot-and-services: Show verbose journal output on failure in
nspawn test, and sync journal before.
* Move systemd-coredump socket and service into systemd-coredump binary
package.
* Revert changing the default core dump ulimit and core_pattern. This
completely breaks core dumps without systemd-coredump. It's also
contradicting core(8). (Closes: #815020)
* Fix addresses for type "sit" tunnels. (Closes: #816132)
* networkd: Go back to letting the kernel handle IPv6 router advertisements,
as networkd's own currently has too many regressions. Thanks to Stefan
Lippers-Hollmann for investigating this! (Closes: #814566,
#814667, #815586, #815884, #815793)
systemd (229-1) unstable; urgency=medium
* New upstream release 229.
- Fix systemctl behaviour in chroots. (Closes: #802780)
- Fix SELinux context of /run/user/$UID. (Closes: #775651)
- Add option to optionally turn of color output. (Closes: #783692)
- Don't git-ignore src/journal-remote/browse.html. (Closes: #805514)
- Do not warn about Wants depencencies on masked units. (LP: #1543282)
* debian/systemd.install: Ship the new systemd-resolve.
* libsystemd0.symbols: Add new symbols from this release.
* systemd-coredump.postinst: Create systemd-coredump system user.
* debian/tests/systemd-fsckd: Tame overly strict test for failed plymouth
unit, which is a race condition with plymouthd auto-stopping.
(LP: #1543144)
* Drop timedated-don-t-rely-on-usr-being-mounted-in-the-ini.patch.
initramfs-tools has mounted /usr since Jessie, and tzdata now creates
/etc/localtime as a symlink too (see #803144).
* Use-different-default-paths-for-various-binaries.patch: Drop path changes
for setcap (which is already a build dep and not used at all) and sulogin
(which is now in util-linux).
* Remove obsolete udev maintainer script checks:
- Drop check for kernel >= 2.6.32, which released in 2009.
- Drop restarting of some daemons due to the devtmpfs migration, which
happened before the above kernel even.
- Drop support for forcing upgrades on kernels known not to work via
/etc/udev/kernel-upgrade. Don't pretend that this would help, as users
could end up with a non-bootable system. Always fail early in preinst
when it's still possible to install a working kernel.
- Drop postinst test for "running in containers" -- it's actually possible
to run udev in containers if you mount /sys r/w and you know what you
are doing. Also, the init.d script and systemd service do that check
again.
- Keep the kernel feature and chroot checks, as these are still useful.
Simplify check_kernel_features() by eliminating some variables.
- Drop debconf templates. Two of them are obsolete, and having
CONFIG_SYSFS_DEPRECATED is now so implausible that this doesn't warrant
the overhead and translator efforts.
* Drop debian/tests/ifupdown-hotplug. The units moved into ifupdown, so the
test should go there too (see #814312).
* debian/tests/control: Reorder tests and add a comment which ones should
not be run for an upstream build.
* debian/tests/control: Rearrange tests and avoid removing test dependencies
to minimize testbed resets.
* Add debian/extra/checkout-upstream: Script to replace the current
source with a checkout of an upstream pull request, branch, or commit,
and remove debian/patches/. Call from debian/rules if $TEST_UPSTREAM is
set. This will be used for upstream CI.
* Enable seccomp support on powerpc, ppc64el, and s390x.
systemd (228-6) unstable; urgency=medium
* Make-run-lock-tmpfs-an-API-fs.patch: Drop /run/lock from
tmpfiles.d/legacy.conf to avoid the latter clobbering the permissions of
/run/lock. Fixes fallout from cleanup in -5 that resulted /run/lock to
have 0755 permissions instead of 1777. (LP: #1541775)
systemd (228-5) unstable; urgency=medium
[ Martin Pitt ]
* Drop systemd-vconsole-setup.service: It has never been installed/used in
Debian and is not necessary for Ubuntu any more.
* Drop halt-local.service. This has never been documented/used in Debian.
(LP: #1532553)
* debian/extra/initramfs-tools/scripts/init-bottom/udev: Prefer "nuke"
again, it comes from klibc-utils. But fall back to "rm" if it does not
exist.
* systemd-timesyncd.service.d/disable-with-time-daemon.conf: Also don't run
if /usr/sbin/VBoxService exists, as virtualbox-guest-utils already
provides time synchronization with the host. (Closes: #812522)
* Drop Michael Stapelberg from Uploaders:, he stopped maintenance long ago.
Thanks Michael for your great work in the past!
* Replace "sysv-rc" dependency with Conflicts: openrc, file-rc. The
rationale from #739679 still applies, but with the moving of
{invoke,update}-rc.d to init-system-helpers we don't actually need
anything from sysv-rc any more other than the assumption that SysV init
scripts are enabled in /etc/rc?.d/ for the SysV generator to work (and
file-rc and openrc don't do that).
* debian/tests/timedated: Verify /etc/localtime symlink. Skip verifying the
/etc/timezone file (which is Debian specific) if $TEST_UPSTREAM is set.
* debian/tests/localed-locale: Check /etc/locale.conf if $TEST_UPSTREAM is
set.
* debian/tests/localed-x11-keymap: Test /etc/X11/xorg.conf.d/00-keyboard.conf
if $TEST_UPSTREAM is set.
* debian/tests/boot-and-services: Check for reaching graphical.target
instead of default.target, as the latter is a session systemd state only.
* debian/tests/boot-and-services: Skip tests which are known to fail/not
applicable with testing upstream builds.
* Drop Fix-up-tmpfiles.d-permissions-properly.patch:
- /run/lock is already created differently by
Make-run-lock-tmpfs-an-API-fs.patch, and contradicts to that.
- /run/lock/lockdev/ isn't being used anywhere and got dropped
upstream; backport the patch (tmpfiles-drop-run-lock-lockdev.patch).
- Move dropping of "group:wheel" (which has never existed in Debian) into
debian/rules, to also catch occurrences in other parts of the file which
the static patch would overlook.
* Shorten persistent identifier for CCW network interfaces (on s390x only).
(LP: #1526808)
* debian/rules: If $TEST_UPSTREAM is set (when building/testing upstream
master instead of distro packages), don't fail on non-installed new files
or new library symbols.
* Add systemd-sysv conflict to upstart-sysv, and version the upstart
conflict. This works with both Debian's and Ubuntu's upstart packages.
[ Michael Biebl ]
* Drop support for the /etc/udev/disabled flag file. This was a workaround
for udev failing to install with debootstrap because it didn't use
invoke-rc.d and therefor was not compliant with policy-rc.d. See #520742
for further details. This is no longer the case, so supporting that file
only leads to confusion about its purpose.
* Retrigger cleanup of org.freedesktop.machine1.conf and
hwclock-save.service now that dpkg has been fixed to correctly pass the
old version to postinst on upgrade. (Closes: #802545)
* Only ship *.link files as part of the udev package. The *.network files
are solely used by systemd-networkd and should therefor be shipped by the
systemd package. (Closes: #808237)
* Cherry-pick a few fixes from upstream:
- Fix unaligned access in initialize_srand(). (Closes: #812928)
- Don't run kmod-static-nodes.service if module list is empty. This
requires kmod v23. (Closes: #810367)
- Fix typo in systemctl(1). (Closes: #807462)
- Fix systemd-nspawn --link-journal=host to not fail if the directory
already exists. (Closes: #808222)
- Fix a typo in logind-dbus.c. The polkit action is named
org.freedesktop.login1.power-off, not org.freedesktop.login1.poweroff.
- Don't log an EIO error in gpt-auto-generator if blkid finds something
which is not a partition table. (Closes: #765586)
- Apply ACLs to /var/log/journal and also set them explicitly for
system.journal.
* Only skip the filesystem check for /usr if the /run/initramfs/fsck-usr
flag file exists. Otherwise we break booting with dracut which uses
systemd inside the initramfs. (Closes: #810748)
* Update the instructions in README.Debian for creating /var/log/journal.
They are now in line with the documentation in the systemd-journald(8) man
page and ensure that ACLs and group permissions are properly set.
(Closes: #800947, #805617)
* Drop "systemctl daemon-reload" from lsb init-functions hook. This is no
longer necessary as invoke-rc.d and init-system-helpers take care of this
nowadays.
systemd (228-4) unstable; urgency=medium
* debian/udev.README.Debian: Add alternative way of disabling ifnames.
(Closes: #809339)
* Put back /lib/udev/hotplug.functions, until the three remaining packages
that use it stop doing so. (Closes: #810114)
* debian/udev.README.Debian: Point out that any change to interface naming
rules requires an initrd update.
systemd (228-3) unstable; urgency=medium
[ Martin Pitt ]
* debian/rules: Remove temporary debug output from test failures again. All
Debian buildd kernels are recent enough now, but add a check for kernels
older than 3.13 and ignore test failures for those.
* debian/tests/networkd: Factor out dnsmasq specific test "router" setup, so
that we can test against other implementations.
* debian/tests/networkd: Add router setup using an (isolated) networkd
process for configuring the veths and DHCP server.
* debian/tests/networkd: On failure, only show journal for current test.
* systemd-networkd-resolvconf-update.service: Wait for getting a name
server, not just for getting online.
* debian/tests/boot-and-services: Wait until bash crash stack trace is in
the journal before asserting on it. Also relax RE to work on non-x86
architectures.
* debian/tests/networkd: If /etc/resolv.conf already has three nameservers,
accept that too (as then the additional test one can't be added any more).
* Fix FTBFS on x32. Thanks Helmut Grohne! (Closes: #805910)
* debian/tests/networkd: For IPv6 tests, also wait for IPv4 address to
arrive; s-n-wait-online already exits after getting an IPv6 address, but
we verify both.
* debian/tests/boot-and-services: Don't check for "Requesting system
poweroff" log message in nspawn test, current upstream master does not
write that any more. Instead check for "Stopped Container c1".
* Add "storage" autopkgtest. Initially this covers some basic use cases with
LUKS cryptsetup devices.
* Add acl build dependency (for <!nocheck>). Current upstream master now
needs it for some test cases.
* debian/extra/initramfs-tools/scripts/init-bottom/udev: Use "rm -rf"
instead of "nuke". The latter does not exist any more in current
initramfs-tools.
* Ignore test failures during "make check" if /etc/machine-id is missing
(like in ancient local schroots). (Closes: #807884)
* debian/extra/rules/80-debian-compat.rules: Remember which device got the
"cdrw", "dvd", or "dvdrw" symlink to avoid changing links on device
events. (Closes: #774080). Drop the rule for the "cdrom" symlink as that
is already created in 60-cdrom_id.rules.
* Eliminate "hotplug.functions" udev helper and put the logging functions
directly into net.agent. This simplifies the migration of the latter to
ifupdown.
* Adjust manpages to keep /usr/lib/systemd/{user*,boot,ntp-units.d,modules*}
paths, only keep /lib/systemd/{system*,network}. (Closes: #808997)
* debian/udev.README.Debian: Fix typo and slight wording improvement.
(Closes: #809513)
* Drop net.agent, 80-networking.rules, and ifup@.service. These moved to
ifupdown 0.8.5 now. Add Breaks: to earlier versions.
[ Michael Biebl ]
* Bump Build-Depends on libdw-dev to (>= 0.158) as per configure.ac.
(Closes: #805631)
* Make sure all swap units are ordered before the swap target. This avoids
that swap devices are being stopped prematurely during shutdown.
(Closes: #805133)
* Drop unneeded /etc/X11/xinit/xinitrc.d/50-systemd-user.sh from the package
and clean up the conffile on upgrades. We have the dbus-user-session
package in Debian to properly enable the D-Bus user-session mode which
also takes care of updating the systemd --user environment.
(Closes: #795761)
* Stop testing for unknown arguments in udev maintainer scripts.
* Drop networking.service.d/systemd.conf. The ifupdown package now ships a
proper service file so this drop-in file is no longer necessary.
[ Andreas Henriksson ]
* Fix LSB init hook to not reload masked services. (Closes: #804882)
systemd (228-2) unstable; urgency=medium
* Remove wrong endianness conversion in test-siphash24 to fix FTBFS on
big-endian machines.
* Bump libseccomp-dev build dependency to indicate required versions for
backporting to jessie. (Closes: #805497)
systemd (228-1) unstable; urgency=medium
[ Martin Pitt ]
* New upstream release:
- Fix journald killing by watchdog. (Closes: #805042)
- Drop check for /etc/mtab. (Closes: #802025)
- Follow unit file symlinks in /usr, but not /etc when looking for
[Install] data, to avoid getting confused by Aliases. (Closes: #719695)
- journalctl: introduce short options for --since and --until.
(Closes: #801390)
- journald: Never accept fds from file systems with mandatory locking.
(LP: #1514141)
- Put nspawn containers in correct slice. (LP: #1455828)
* Cherry-pick some networkd fixes from trunk to fix regressions from 228.
* debian/rules: Configure with --as-needed to avoid unnecessary binary
dependencies.
* systemd-networkd-resolvconf-update.service: Increase StartLimitBurst, as
this might be legitimately called several times in quick succession. If
that part of the "networkd" autopkgtest fails, show the journal log for
that service for easier debugging.
* debian/tests/boot-and-services: Add test case for systemd-coredump.
* Add systemd-coredump postinst/prerm to enable/disable this without a
reboot.
* debian/tests/networkd: Check for systemd-networkd-wait-online in /usr as
well, for usage in other distros.
* debian/tests/logind: Skip suspend test if the kernel does not support
suspend.
* debian/tests/logind: Split tests into functions.
* debian/tests/boot-and-services: Ignore failures of console-setup.service,
to work around LP: #1516591.
* debian/tests/control: Restrict boot-smoke test to isolation-machine, it
does not currently work well in LXC.
* debian/tests/networkd: Add new test cases for "DHCP=all, IPv4 only,
disabling RA" (which should always be fast), "DHCP=all, IPv4 only" (which
will require a longer timeout due to waiting 12s for a potential IPv6 RA
reply), and "DHCP=ipv4" (with and without RA).
* debian/tests/networkd: Fix UnicodeDecodeError under 'C' locale.
* debian/tests/networkd: Show networkctl and journal output on failure.
* debian/tests/networkd: Fix bytes vs. string TypeError in the IPv6 polling.
(LP: #1516009)
* debian/tests/networkd: Show contents of test .network file on failure.
* debian/tests/networkd: Skip if networkd is already running (safer when
running on real systems), and add copyright header.
* Bump util-linux dependencies to >= 2.27.1 to ensure that the mount monitor
ignores /etc/mtab.
[ Felipe Sateler ]
* Enable elfutils support for getting stack traces for systemd-coredump.
* libnss-my{machines,hostname}.postrm: do not remove entries from
nsswitch.conf if there are packages from other architectures remaining.
[ Michael Biebl ]
* Drop systemd-setup-dgram-qlen.service. This has been made obsolete by
upstream commit 1985486 which bumps net.unix.max_dgram_qlen to 512 early
during boot.
* Various cleanups to the udev maintainer scripts:
- Remove unused tempdir() function.
- Properly stop udev daemon on remove.
- Stop killing udev daemon on failed upgrades and drop the corresponding
starts from preinst.
- Stop masking systemd-udevd.service and udev.service during upgrades. We
restart the udev daemon in postinst, so those masks seem unnecessary.
systemd (227-3) unstable; urgency=medium
[ Martin Pitt ]
* debian/tests/logind: Add tests for scheduled shutdown with and without
wall message.
* Import upstream fix for not unmounting system mounts (#801361) and drop
our revert patch.
* debian/tests/boot-smoke: Apply check for failed unmounts only to user
systemd processes, i. e. not to pid 1.
* Drop Fix-usr-remount-failure-for-split-usr.patch. Jessie has a new enough
initramfs-tools already, and this was just an error message, not breaking
the boot.
* Drop debian-fixup.service in favor of using a tmpfiles.d clause, which is
faster.
* Drop Order-remote-fs.target-after-local-fs.target.patch. It's mostly
academic and only applies to the already known-broken situation that rcS
init.d scripts depend on $remote_fs.
* Replace reversion of sd_pid_notify_with_fds() msg_controllen fix with
proper upstream fix to never block on sending messages on NOTIFY_SOCKET
socket.
* Drop check for missing /etc/machine-id on "make check" failure; this isn't
happening on current buildds any more.
* Drop Disable-tests-which-fail-on-buildds.patch, to re-evaluate what still
fails and needs fixing. On failure, show kernel version and /etc/hosts
to be able to debug them better. The next upload will make the necessary
adjustments to fix package builds again.
[ Michael Biebl ]
* Drop dependency on udev from the systemd package. We don't need udev
within a container, so this allows us to trim down the footprint by not
installing the udev package. As the udev package has Priority: important,
it is still installed by default though.
* Include the status of the udev package when filing a bug report against
systemd, and vice versa.
* Use filter instead of findstring, since findstring also matches
substrings and we only want direct matches.
* systemd.bug-script: Fix typo. (Closes: #804512)
* Re-add bits which call SELinux in systemd-user pam service.
(Closes: #804565)
[ Felipe Sateler ]
* Add libnss-resolve package. (Closes: #798905)
* Add systemd-coredump package. This Conflicts/Replaces/Provides a new
"core-dump-handler" virtual package. (Closes: #744964)
systemd (227-2) unstable; urgency=medium
* Revert "sd_pid_notify_with_fds: fix computing msg_controllen", it causes
connection errors from various services on boot. (Closes: #801354)
* debian/tests/boot-smoke: Check for failed unmounts. This reproduces
#801361 (but not in a minimal VM, just in a desktop one).
* Revert "core: add a "Requires=" dependency between units and the
slices they are located in". This causes user systemd instances to try and
unmount system mounts (and succeed if you login as root).
(Closes: #801361)
systemd (227-1) unstable; urgency=medium
* New upstream release.
- Bump watchdog timeout for shipped units to 3 min. (Closes: #776460)
- gpt-auto-generator: Check fstab for /boot entries. (Closes: #797326)
- Fix group of RuntimeDirectory dirs. (Closes: #798391)
- Support %i (and other macros) in RuntimeDirectory. (Closes: #799324)
- Bump util-linux/libmount-dev dependencies to >= 2.27.
* debian/libsystemd0.symbols: Add new symbols for this release.
* debian/extra/initramfs-tools/hooks/udev: Copy all
/etc/udev/rules.d/*.rules rules which are not merely overriding the one in
/lib/, not just 70-persistent-net.rules. They might contain network names
or other bits which are relevant for the initramfs. (Closes: #795494)
* ifup@.service: Drop PartOf=network.target; we don't want to stop these
units during shutdown. Stopping networking.service already shuts down the
interfaces, but contains the safeguard for NFS or other network file
systems. Isolating emergency.target still keeps working as before as well,
as this also stops networking.service. (Closes: #761909, LP: #1492546)
systemd (226-4) unstable; urgency=medium
* debian/tests/logind: Be more verbose on failures.
* Revert networkd calling if-{up,post-down}.d/ scripts. About half of the
existing hooks are not relevant or even actively detrimental when running
with networkd. For the relevant ones, a lot of them should be fixed in the
projects themselves (using IP_FREEBIND etc.). (Closes: #798625)
* Add systemd-networkd-resolvconf-update.{path,service} units to send DNS
server updates from networkd to resolvconf, if installed and enabled.
* Don't restart logind on upgrades any more. This kills X.org (#798097)
while logind doesn't save/restore its open fds (issue #1163), and also
gets confused about being idle in between (LP: #1473800)
systemd (226-3) unstable; urgency=medium
[ Martin Pitt ]
* README.Debian: Fix "other" typo. Thanks Salvatore Bonaccorso.
(Closes: #798737)
[ Michael Biebl ]
* Stop building the compat library packages and drop them for good.
* Update debian/copyright.
systemd (226-2) unstable; urgency=medium
* debian/udev.init: Mount /dev file system with nosuid. (LP: #1450960)
* udev.postinst: udev 226 introduced predictable interface names for virtio.
Create /etc/systemd/network/50-virtio-kernel-names.link on upgrade to
disable this, to avoid changing e. g. "eth0" to "ens3" in QEMU instances
and similar environments. (Closes: #799034)
systemd (226-1) unstable; urgency=medium
[ Martin Pitt ]
* New upstream release:
- Fix scheduled shutdown to not shut down immediately. (Closes: #797763)
- Fix description of CPE_NAME in os-release(5). (Closes: #797768)
* debian/libsystemd0.symbols: Add new symbols from this release.
* Enable libseccomp support for mips64, mips64el, and x32. (Closes: #797403)
* debian/tests/networkd: Add hotplug tests.
* Make networkd call if-up.d/ scripts when it brings up interfaces, to
become compatible with ifupdown and NetworkManager for packages shipping
hooks. (LP: #1492129)
- Add debian/extra/systemd-networkd-dispatcher.c: suid root wrapper for
calling if-up.d/ or if-post-down.d/ hook scripts. Install it as
root:systemd-networkd 4754 so that only networkd can run it.
- Add networkd-call-systemd-networkd-dispatcher-when-links.patch: Call the
above wrapper when links go up/down.
- debian/tests/networkd: Verify that if-up.d/ and if-post-down.d/ scripts
get run for a networkd managed interface.
- Note that if-pre-up.d/ and if-down.d/ scripts are *not* being called, as
they are often not applicable for networkd (if-pre-up.d) and unreliable
(if-down.d).
* Drop udev-finish. We needed this for the autogenerated CD and network
interface names, but both are gone now.
* Drop debian/udev.udev-fallback-graphics.upstart. The vesafb module has
been compiled into the kernel in both Debian and Ubuntu for a fair while,
this never had a systemd equivalent, and Debian never shipped the
accompanying rules for determining $PRIMARY_DEVICE_FOR_DISPLAY.
* debian/control: Remove some boilerplate from the long descriptions, to
more easily get to the point what a specific package actually does.
* debian/README.Debian: As systemd is the default init now, replace the
documentation how to switch to systemd with how to switch back
(temporarily or permanently) to SysV init. Also move that paragraph to the
bottom as it's now less important.
* debian/README.Debian: Add a hint why you may want to enable persistent
journal, and suggest to uninstall system-log-daemon to avoid duplicate
logging.
* debian/README.Debian: Add documentation about networkd integration.
* Rename 01-mac-for-usb.link to 90-mac-for-usb.link so that it becomes
easier to override.
* debian-fixup.service just has one purpose now (make /etc/mtab a symlink),
so drop the debian/extra/debian-fixup shell script and put the ln command
directly into debian-fixup.service. Update the description.
* debian/tests/networkd: Check that /etc/resolv.conf gets the DHCP's
nameserver in case it is a symlink (i. e. dynamically managed by
systemd-resolved or resolvconf).
* systemd-networkd-dispatcher: Also pass on the DNS server list to if-up.d/
as $IF_DNS_NAMESERVERS, so that resolvconf or similar programs work as
expected.
* Drop debian/systemd-journal-remote.postrm: Removing system users is
potentially dangerous (there might be a leftover process after purging).
[ Michael Biebl ]
* Drop libsystemd-login-dev. All reverse dependencies have been updated to
use libsystemd-dev directly.
* Update build instructions to use "gbp clone" instead of "gbp-clone" as all
gbp-* commands have been removed from git-buildpackage.
systemd (225-1) unstable; urgency=medium
[ Martin Pitt ]
* New upstream release.
- Fixes FTBFS on alpha. (Closes: #792551)
- Fixes machined state tracking logic. (Closes: #788269)
* Add better fix for "systemctl link/enable" breakage with full paths.
(LP: #1480310)
* debian/rules: Add missing $(dh_options) in overridden debhelper targets.
[ Felipe Sateler ]
* Move conffile from systemd to systemd-container package (Closes: #797048)
[ Michael Biebl ]
* Drop unnecessary Conflicts/Replaces from systemd-journal-remote.
None of the files in this package were previously shipped by systemd.
* Create system users for systemd-journal-{gateway,remote,upload} when
installing the systemd-journal-remote package.
* Explicitly turn off the features we don't want in a stage1 build.
Otherwise ./configure might enable them automatically if the build
dependencies are installed and "dh_install --fail-missing" will then fail
due to uninstalled files.
* Enable GnuTLS support as systemd-journal-remote makes sense mostly with
encryption enabled.
* Rely on build profiles to determine which packages should be skipped
during build and no longer specify that manually.
* Drop our patch which removes rc-local-generator.
rc-local.service acts as an ordering barrier even if its condition is
false, because conditions are evaluated when the service is about to be
started, not when it is enqueued. We don't want this ordering barrier on
systems that don't need/use /etc/rc.local.
systemd (224-2) unstable; urgency=medium
[ Martin Pitt ]
* Skip systemd-fsckd autopkgtest if /run/initramfs/fsck-root exists, i. e.
the initramfs already ran fsck.
* Fix broken ACL in tmpfiles.d/systemd.conf. (Closes: #794645, LP: #1480552)
* Add debian/tests/unit-config: Test "systemctl link"; reproduces LP#1480310.
* Add a hack to unbreak "systemctl link". (LP: #1480310)
* debian/extra/rules-ubuntu/40-hyperv-hotadd.rules: Also apply to Xen, and
rename to 40-vm-hotadd.rules.
* Fix networkd crash. (Closes: #796358)
* debian/rules: Remove all files/empty dirs in systemd which are already
shipped by systemd-* or udev, instead of an explicit list.
* Bump "mount" dependency to >= 2.26, to ensure "swapon -o" availability.
(Closes: #796389)
* Install /lib/systemd/network/* into udev instead of systemd, as it's
really udev which is evaluating these.
* Split out "systemd-container" package with machined and nspawn and enable
importd. Add new libbz2-dev, zlib1g-dev, and libcurl-dev build deps.
(LP: #1448900)
* Move transitional libgcrypt11-dev build dep to libgcrypt20-dev.
* debian/rules: Limit check for libraries in /usr to systemd and udev
packages, as other packages like systemd-containers can (and do) link to
/usr.
* Build-depend on dpkg-dev (>= 1.17.14) and bump debhelper version for build
profiles support.
* Drop "display-managers" autopkgtest, obsolete with dropped
default-display-manager-generator.
* boot-and-services autopkgtest: Add systemd-container test dependency for
the nspawn tests.
* Don't enable audit support when building with "stage1" profile, to avoid
circular build dep.
[ Helmut Grohne ]
* Improve support for cross-building and bootstrapping.
[ Michael Biebl ]
* Drop default-display-manager-generator. All major desktops now use a
display manager which support the new scheme and setup the
/etc/systemd/system/display-manager.service symlink correctly.
* Add new binary package "systemd-journal-remote" with tools for
sending/receiving remote journal logs:
systemd-journal-{remote,upload,gatewayd}. (Closes: #742802, LP: #1480952)
systemd (224-1) unstable; urgency=medium
* New upstream release.
* boot-and-services autopkgtest: Ignore thermald. Since 1.4.3-2 it starts by
default, but fails in most virtual envs.
systemd (223-2) unstable; urgency=medium
* Don't enable gnu-efi on ARM. It FTBFSes and cannot really be tested now as
there is no available hardware.
* debian/extra/initramfs-tools/hooks/udev: Don't fail if
/etc/systemd/network/ does not exist. (Closes: #794050)
systemd (223-1) unstable; urgency=medium
* New upstream release:
- Fix systemd-bootchart crash. (Closes: #792403)
- Trim list of files in /usr/share/doc/systemd/. (Closes: #791839)
- Fix "Invalid argument" failure with some journal files.
(Closes: #792090)
- tmpfiles: Don't recursively descend into journal directories in /var.
(Closes: #791897)
- Don't frequently wake up on disabled TimeoutIdleSec=, in particular in
automount timers. (LP: #1470845)
- tmpfiles: Don't delete lost+found/. (Closes: #788193)
[ Michael Biebl ]
* udev: Remove obsolete rm_conffile/mv_conffile functions from udev.preinst.
The udev package is using dpkg-maintscripts-helper now to remove obsolete
conffiles.
* systemd: Remove obsolete conffile clean up from pre-wheezy.
* udev-udeb: Remove scsi_wait_scan hack from the start-udev script as well.
[ Martin Pitt ]
* Enable GNU EFI support and add gnu-efi build dep. This enables/ships the
systemd EFI boot loader. (Closes: #787720, LP: #1472283)
* networkd autopkgtest: More robust/forceful killing of dnsmasq.
* ifup@.service: Drop "oneshot" to run ifup in the background during boot.
This avoids blocking network.target on boot with unavailable hotplug
interfaces in /etc/network/interfaces. (Closes: #790669, LP: #1425376)
* systemd.postinst: Avoid confusing error message about
/run/systemd/was-enabled not existing on reconfiguring.
* debian/extra/initramfs-tools/hooks/udev: Drop some redundant code.
* Fix networkd-wait-online -i to properly wait for the given interfaces
only.
* Drop debian/extra/base-installer.d/05udev: We use net.ifnames by default
now, thus we don't need to copy 70-persistent-*.rules any more.
* debian/extra/start-udev: Run d-i's udevd with "notice" log level, just
like we did in the initramfs in 219-10.
* Fix size explosion of networkd (post-223 patch from trunk).
[ Julian Wollrath ]
* Copy all .link interface naming definitions to initramfs. (Closes: #793374)
[ Felipe Sateler ]
* nss-my*.postinst: configure at the end of the hosts line, not before
files. (Closes: #789006)
systemd (222-2) unstable; urgency=medium
[ Adam Conrad ]
* debian/udev-udeb.install: Install new bits for net.ifnames (LP: #1473542)
* debian/extra/initramfs-tools/hooks/udev: Do the same for initramfs-tools.
[ Martin Pitt ]
* emergency.service: Wait for plymouth to shut down. Fixes invisible
emergency shell with plymouth running endlessly. (LP: #1471258)
* Add "networkd" autopkgtest. Covers basic DHCP on IPv4 and IPv4+6 on a veth
device.
[ Michael Biebl ]
* Bump package priorities of systemd and systemd-sysv to important to match
what has been used in the Debian archive since Jessie.
* Drop scsi_wait_scan hack from the udev initramfs-tools script. This Linux
kernel module has been broken since 2.6.30 and as a result was removed in
3.5. The Debian Jessie kernel no longer ships this module.
(Closes: #752775)
* Drop libsystemd-journald-dev and libsystemd-id128-dev. There are no
reverse dependencies left and we want to avoid new packages picking up
a build dependency on those obsolete transitional packages.
systemd (222-1) unstable; urgency=medium
[ Martin Pitt ]
* New upstream release:
- Fix reload killing BusName= units. (Closes: #746151)
- sysv-generator: detect invalid names and escape them. (Closes: #677075)
- Document removal of PIDFile on daemon shutdown. (Closes: #734006)
- Drop Revert-rules-fix-tests-for-removable-state.patch, the auto-suspend
rules now got dropped entirely.
* Add Revert-VT-reuse-patches.patch: Revert a couple of logind VT reuse
patches which alternately broke lightdm and gdm.
* debian/libsystemd0.symbols: Add new symbols from this release.
* Disable test-netlink during package build, fails on some buildds.
* udev.postinst: Don't call addgroup with --quiet, so that if the "input"
group already exists as a non-system group you get a sensible error
message. Some broken tutorials forget the --system option.
(Closes: #769948, LP: #1455956)
* systemd.postinst: Drop the --quiet from the addgroup calls as well, same
reason as above. (Closes: #762275)
* udev: Drop doc dir symlinking. It has caused too much trouble and only
marginally helps to avoid duplication. Such duplication should be dealt
with at the distro, not package level.
* debian/rules: Entirely ignore $LD_PRELOAD instead of just libfakeroot in
the link check, to also avoid libeatmydata. (Closes: #790546)
* boot-and-services, display-managers autopkgtests: Install and configure
dummy X.org driver, so that these work in headless machines/VMs.
* systemd-fsckd autopkgtest: Stop using/asserting on lightdm, just check
that default.target is active. lightdm is prone to fail in test
environments, and fiddling with it in two other autopkgtests is
sufficient.
* debian/watch: Adjust to new upstream release model of only providing the
github tag tarballs.
* Drop dsl-modem.agent. It hasn't been maintained/tested for many years, few
if any people actually use this, and this doesn't belong into udev.
[ Michael Biebl ]
* Stop building the Python 3 bindings. They were split into a separate
source package upstream and are now built from src:python-systemd. See
http://lists.freedesktop.org/archives/systemd-devel/2015-July/033443.html
* Remove obsolete --disable-chkconfig configure option.
* Move the man pages for libnss-myhostname, libnss-mymachines and udev.conf
from systemd into the correct package. Move the zsh completion file for
udevadm into the udev package as well. Add Breaks/Replaces accordingly.
(Closes: #790879)
* Drop rules which remove pre-generated files before build. The upstream
tarball no longer ships any pre-generated files so this is no longer
necessary.
* Fix cleanup rule for Python byte code files.
systemd (221-1) unstable; urgency=medium
* New upstream release 221:
- Fix persistent storage links for Xen devices. (LP: #1467151)
- Drop all backported patches and port the others to new upstream release.
- debian/rules: Drop workarounds for broken 220 tarball, 221 is fine.
[ Michael Biebl ]
* initramfs hook: Stop installing 55-dm.rules, 64-md-raid.rules,
60-persistent-storage-lvm.rules and 60-persistent-storage-dm.rules.
The mdadm, lvm2 and dmsetup package provide their own udev hooks nowadays
to make sure their udev rules files are installed into the initramfs.
Having the copy rules at two places is confusing and makes debugging
harder.
* Make it possible to skip building udeb packages via
DEB_BUILD_OPTIONS="noudeb". This allows quicker builds for local testing
and is benefical for derivatives that don't use d-i.
* Install API documentation for libudev and libsystemd in their respective
packages. Both libraries use man pages now, so we need to be explicit
about what is installed where.
[ Martin Pitt ]
* ifupdown-hotplug autopkgtest: Different cloud/desktop environments have
different ways of including /etc/network/interfaces.d/, try to get along
wit either and skip the test if interfaces.d/ does not get included at
all.
* Drop obsolete gtk-doc-tools build dependency, gtkdocize autoreconfig, and
./configure options.
* libudev-dev.install: Drop gtk-doc files, not built by upstream any more
and replaced with manpages.
* libsystemd0.symbols: Add new symbols for this release.
* debian/rules: Fix paths in manpages as we don't currently have a merged
/usr in Debian but have most systemd things in /lib. This replaces the
previous huge and maintenance-intense patch.
* Drop Accept-mountall-specific-fstab-options.patch. Replaced with
systemd.postinst migration code in Ubuntu.
* Revert overly aggressive USB autosuspend udev rules change which broke
various USB keyboards. (Closes: #789723)
* Have rc-local.service output also go to the console. /etc/rc.local often
contains status messages which users expect to see during boot.
(LP: #1468102)
* debian/rules: Install udev.NEWS into libudev1, to get along with Debian's
udev -> libudev1 doc dir symlinking. (Closes: #790042)
systemd (220-7) unstable; urgency=medium
[ Michael Biebl ]
* Enable seccomp support on arm64 as well.
* Replace the remainder of Fix-paths-in-man-pages.patch with an upstream
provided patch.
[ Martin Pitt ]
* Switch to net.ifnames persistent network interfaces (on new
installations/for new hardware), and deprecate the old
75-persistent-net-generator.rules. See the ML discussion for details:
https://lists.debian.org/debian-devel/2015/05/msg00170.html
https://lists.debian.org/debian-devel/2015/06/msg00018.html
- Drop Make-net.ifnames-opt-in-instead-of-opt-out.patch, to use
net.ifnames by default.
- Revert-udev-network-device-renaming-immediately-give.patch: Adjust
patch comment.
- Drop 75-persistent-net-generator.rules, write_net_rules helper and
rule_generator.functions.
- Adjust udev's README.Debian accordingly, and describe the migration.
This needs to happen manually as there is no robust way of doing this
automatically.
- Add udev NEWS file for announcing this change and pointing to udev's
README.
- udev.postinst: Drop write_interfaces_rules().
- udev.postinst: Disable net.ifnames on systems which did not support
75-persistent-net-generator.rules (most importantly, virtualized guests)
to avoid changing network interface names on upgrade.
- LP: #1454254
* fsckd-daemon-for-inter-fsckd-communication.patch: Add fsckd.c to
POTFILES.in.
* ifupdown-hotplug autopkgtest: Fix config name in interfaces.d/, it must
not have a suffix in Debian. Also clean up the file after the test.
* net.agent: When running under systemd, run everything in the foreground.
This avoids killing the forked child in the middle of its operation under
systemd when the parent exits.
* Check during build that systemd and systemd-journald don't link against
anything in /usr, to prevent bugs like #771652 and #788913 in the future.
* Drop Skip-99-systemd.rules-when-not-running-systemd-as-in.patch. The rules
mostly just attach tags systemd specific properties which are harmless
under other init systems, and systemd-sysctl also works there.
* 80-networking.rules: Only call agents for add|remove, as they don't handle
other events.
* Restore udev watches on block device changes. (Closes: #789060,
LP: #1466081)
systemd (220-6) unstable; urgency=medium
* Enable seccomp support on the architectures that provide libseccomp.
(Closes: #760299)
* boot-and-services autopkgtest: Add SeccompTest for the above.
* boot-and-services autopkgtest: Check that we don't get an unwanted
tmp.mount unless /etc/fstab explicitly specifies it.
* Bump libcap-dev build dep to the version that provides libcap2-udeb.
(Closes: #787542)
* Stop installing tmp.mount by default; there are still situations where it
becomes active through dependencies from other units, which is surprising,
hides existing data in /tmp during runtime, and it isn't safe to have a
tmpfs /tmp on every install scenario. (Closes: #783509)
- d/rules: Ship tmp.mount in /usr/share/systemd/ instead of
/lib/systemd/systemd.
- systemd.postinst: When tmp.mount already was enabled, install tmp.mount
into /etc and keep it enabled.
- systemd.postinst: When enabling tmp.mount because of RAMTMP=yes, copy it
from /usr/share.
- Drop Don-t-mount-tmp-as-tmpfs-by-default.patch and
PrivateTmp-shouldn-t-require-tmpfs.patch, not necessary any more.
systemd (220-5) unstable; urgency=medium
* debian/README.source: Upstream repository moved to github, adjust
cherry-picking instructions accordingly.
* debian/control: Replace obsolete Python2 version header with
X-Python3-Version.
* dracut: Fix path to systemd-fsck. (Closes: #787553)
* Ignore test failures during build if /etc/machine-id is missing (which is
the case in a few buildd chroots still). (Closes: #787258)
* debian/udev.README.Debian: Move network interface hotplug documentation
into separate section. Point out that "lo" does not need to be configured
in ifupdown under systemd.
* debian/udev.README.Debian: Document net.ifnames, and how to write udev
rules for custom network names.
* Add debian/extra/01-mac-for-usb.link: Use MAC based names for network
interfaces which are (directly or indirectly) on USB. Path based names
are inadequate for dynamic buses like USB.
* Fix another escape parsing regression in Exec*= lines. (Closes: #787256)
* Disable EFI support for udeb build.
* Refine detection of touch screen devices.
systemd (220-4) unstable; urgency=medium
[ Martin Pitt ]
* debian/extra/initramfs-tools/scripts/init-top/udev: Drop $ROOTDELAY wait.
This does not concern udev in particular, but is handled by
initramfs-tools itself (scripts/local). The intention of this parameter is
not to statically wait for the given time, but wait *up to* that time for
the root device to appear.
* Add debian/extra/units/rc-local.service.d/wait-online.conf: Make
rc-local.service wait for network-online.target (if it gets started). This
not specified by LSB, but has been behaving that way in Debian under SysV
init and upstart. (LP: #1451797)
* Fix parsing of escape characters in Exec*= lines. (Closes: #787256)
* Drop path_is_mount_point-handle-false-positive-on-some-fs.patch (it was
already not applied in 220-1). This needs to be re-thought and re-done
against the current code, and overlayfs in general. On overlayfs this
still reports false positives for files that changed in the upperdir, but
this does not break systemd-machine-id-commit any more.
* Add debian/extra/rules/80-debian-compat.rules, replacing three of our
patches. These are independent udev rules to change device permissions and
add CD/DVD symlinks for compatibility with earlier Debian releases.
[ Michael Biebl ]
* Bump Depends on util-linux to make sure we have a sulogin implementation
which properly cleans up its children when emergency.service is restarted.
(Closes: #784238)
* Stop using /sbin/udevd and drop the compat symlink.
* Remove any vestiges of /dev/.udev/. This directory has been replaced by
/run/udev/ since wheezy.
* Drop udev migration code from pre-wheezy.
systemd (220-3) unstable; urgency=medium
* Fix ProtectSystem=yes to actually protect /usr, not /home.
(Closes: #787343)
* sd-device: fix device_get_properties_strv(). Fixes environment for
processes spawned by udev, in particular "allow-hoplug" ifupdown
interfaces via ifup@.service. (Closes: #787263)
* Ignore test failures on mipsel; the three failures are not reproducible on
the porter box (different kernel?). (See #787258)
* Add ifupdown-hotplug autopkgtest. Reproduces #787263.
* udev: Bring back persistent storage symlinks for bcache. Thanks David
Mohr! (Closes: #787367)
* sd-device: Fix invalid property strv pointers. This unbreaks the
environment of udev callouts.
systemd (220-2) unstable; urgency=low
* 220-1 was meant to go to experimental, but was accidentally uploaded to
unstable. This was planned for next week anyway, just not on a Friday;
we don't revert, but keep an RC bug open for a few days to get broader
testing. Reupload 220-1 with its changelog actually pointing to unstable
and with all versions in the .changes.
systemd (220-1) unstable; urgency=medium
[ Martin Pitt ]
* New upstream release:
- Ship sdio.ids and ids-update.pl in upstream tarball. (Closes: #780650)
- Drop non-working "journalctl /dev/sda" example from manpage
(Closes: #781604)
- man systemd.network: Explain UseDomains a bit more (not used by
default). (Closes: #766413)
- Ignore comments in /etc/hostname (LP: #1053048)
- Drop all backported patches and port the others to new upstream release.
* Cherry-pick patch to fix udevd --daemon assertion regression.
* Cherry-pick patch to fix udevd worker hang.
* systemd.install: systemd.pc moved back into /usr/share/pkgconfig/.
* libsystemd0.symbols: Add new symbols from this release.
* Drop debian/extra/60-keyboard.hwdb for now. Upstream has a newer version,
and it's not nearly as often updated any more as it used to be.
* debian/rules: Remove shipped audit_type-to-name.h and
keyboard-keys-from-name.gperf and regenerate them during build (bug in
upstream 220 tarball).
* autopkgtest: Ship/use mock fsck from debian/tests, as it's missing in the
220 tarball.
* Add libnss-mymachines binary package. (Closes: #784858)
* Add libnss-myhostname binary package, taking over from the very old and
unmaintained standalone source package as per its maintainer's request.
(Closes: #760514)
* Drop buildsys-Don-t-default-to-gold-as-the-linker.patch and set LD in
debian/rules on sparc only. This can be dropped entirely once we build
GUdev from a separate source.
* bootchart autopkgtest: Skip test if /proc/schedstat does not exist, i. e.
the kernel is missing CONFIG_SCHEDSTAT. Bootchart requires this.
* systemd-fsckd autopkgtest: On Debian plymouth-start stays running, adjust
was_running() for that.
* systemd-fsckd autopkgtest: In test_systemd_fsck_with_plymouth_failure(),
fix plymouthd status check to work under both Debian and Ubuntu.
* Replace almost all of Fix-paths-in-man-pages.patch with upstreamed
patches. (The remainder is planned to get fixed upstream as well.)
* Remove our update-rc.d patches, replace them with upstream patches for
/lib/systemd/systemd-sysv-install abstraction, and provide one for
update-rc.d. Also implement "is-enabled" command by directly checking for
the presence of rcS or rc5 symlinks. (Closes: #760616)
* Fix path_is_mount_point for files (regression in 220).
* debian/control: Drop obsolete XS-Testsuite:, dpkg adds it automatically.
* Use Ubuntu's default NTP server for timesyncd when building on Ubuntu.
[ Michael Biebl ]
* Remove /var/run and /var/lock migration code from debian-fixup. The /run
migration was completed in wheezy so this is no longer necessary.
* Drop our versioned Depends on initscripts. This was initially added for
the /run migration and later to ensure we have a mountnfs hook which
doesn't cause a deadlock under systemd. The /run migration was completed
in wheezy and jessie ships a fixed mountnfs hook. In addition we now use
the ignore-dependencies job mode in our lsb init-functions hook, so it's
safe to drop this dependency.
* Stop building gudev packages. Upstream has moved the gudev code into a
separate repository which is now managed on gnome.org. The gudev packages
will be built from src:libgudev from now on. See also
http://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html
systemd (219-10) experimental; urgency=medium
* Fix assertion crash with empty Exec*= paths. (LP: #1454173)
* Drop Avoid-reload-and-re-start-requests-during-early-boot.patch
and Avoid-reloading-services-when-shutting-down.patch: This was fixed more
robustly in invoke-rc.d and service now, see #777113.
* debian/tests/boot-smoke: Allow 10 seconds for systemd jobs to settle down.
* Fix "tentative" state of devices which are not in /dev (mostly in
containers), and avoid overzealous cleanup unmounting of mounts from them.
(LP: #1444402)
* debian/extra/udev-helpers/net.agent: Eliminate cat and most grep calls.
* Drop Set-default-polling-interval-on-removable-devices-as.patch; it's long
obsolete, CD ejection with the hardware button works properly without it.
* Re-enable-journal-forwarding-to-syslog.patch: Update patch description,
journal.conf.d/ exists now.
* journal: Gracefully handle failure to bind to audit socket, which is known
to fail in namespaces (containers) with current kernels. Also
conditionalize systemd-journald-audit.socket on CAP_AUDIT_READ.
(LP: #1457054)
* Put back *.agent scripts and use net.agent in Ubuntu. This fixes escaping
of unit names, reduces the delta, and will make it easier to get a common
solution for integrating ifup.d/ scripts with networkd.
* When booting with "quiet", run the initramfs' udevd with "notice" log
level. (LP: #1432171)
* Add sigpwr-container-shutdown.service: Power off when receiving SIGPWR in
a container. This makes lxc-stop work for systemd containers.
(LP: #1457321)
* write_net_rules: Escape '{' and '}' characters as well, to make this work
with busybox grep. Thanks Faidon Liambotis! (Closes: #765577)
systemd (219-9) experimental; urgency=medium
* 75-persistent-net-generator.rules: Fix rules for ibmveth (it's a driver,
not a subsystem). (LP: #1437375)
* debian/tests/unit-config: Add tests for systemctl enable/disable on a
SysV-only unit. Reproduces LP #1447807.
* Fix systemctl enable for SysV scripts without a native unit. We must not
try and enable the nonexisting unit then. (LP: #1447807)
* Drop Add-env-variable-for-machine-ID-path.patch. systemd should always
be installed via the essential "init" in buildd schroots now.
* debian/README.source: Update git-buildpackage commands for the renames in
0.6.24.
* Make apparmor run before networking, to ensure that profiles apply to
e. g. dhclient (LP: #1438249):
- Rename networking.service.d/network-pre.conf to systemd.conf, and add
After=apparmor.service.
- ifup@.service: Add After=apparmor.service.
- Add Breaks: on apparmor << 2.9.2-1, which dropped its dependency to
$remote_fs.
* Drop login-don-t-overmount-run-user-UID-on-upgrades.patch and
login-don-t-overmount-run-user-UID-on-upgrades.patch, these were only
needed for upgrades from wheezy to jessie.
* systemd.{pre,post}inst: Clean up obsolete (pre-wheezy/jessie) upgrade
fixes.
* systemd-fsckd autopkgtest: Stop assuming that
/etc/default/grub.d/90-autopkgtest.cfg exists.
* systemd-fsckd autopkgtest: Add missing plymouth test dependency.
* Drop core-mount-ensure-that-we-parse-proc-self-mountinfo.patch, and bump
util-linux dependency to the version which enables
--enable-libmount-force-mountinfo.
systemd (219-8) experimental; urgency=medium
[ Michael Biebl ]
* Skip filesystem check if already done by the initramfs. (Closes: #782522)
* Drop hard-coded versioned dependency on libapparmor1. Bump the
Build-Depends on libapparmor-dev instead. This ensures a proper versioned
dependency via Build-Depends-Package.
* Revert "Make apparmor run before networking". This causes dependency
cycles while apparmor still depends on $remote_fs.
* Cleanup hwclock-save.service symlinks when upgrading from the jessie
version.
[ Martin Pitt ]
* cryptsetup: Implement offset and skip options. (Closes: #751707,
LP: #953875)
* logind autopkgtest: Add test for suspending on lid switch close.
This reproduces LP #1444166 (lid switch not working in the first few
minutes after boot).
* Reduce the initial suspend supression time from 3 minutes to 30 seconds,
and make it configurable. (LP: #1444166)
* Fix double free crash in "systemctl enable" when calling update-rc.d and
the latter fails. (Closes: #764613, LP: #1426588)
* hwdb: Fix wireless switch on Dell Latitude (LP: #1441849)
* Fix assertion crash when reading a service file with missing ' and
trailing space. (LP: #1447243)
* ifup@.service: Set IgnoreOnIsolate, so that "systemctl default" does not
shut down network interfaces. (Closes: #762953, LP: #1449380).
Add PartOf=network.target, so that stopping network.target also stops
network interfaces (so that isolating emergency.target and similar work as
before).
* Revert upstream commit 743970d which immediately SIGKILLs units during
shutdown. This leads to problems like bash not being able to write its
history, mosh not saving its state, and similar failed cleanup actions.
(Closes: #784720, LP: #1448259)
* Drop the reversion of "journald: allow restarting journald without losing
stream connections", and replace with proper upstream fix for
sd_pid_notify_with_fds(). (See Debian #778970, LP #1423811; LP: #1437896)
systemd (219-7) experimental; urgency=medium
[ Martin Pitt ]
* Make systemd-sysv's dependency to systemd unversioned. The package just
contains 6 symlinks and thus isn't sensitive at all against version
mismatches. This avoids running into circular dependencies when testing
local debs.
* Revert "udev: Drop hwdb-update dependency" and replace with upstream patch
which moves it to systemd-udev-trigger.service.
* display-managers autopkgtest: Properly wait until all jobs are finished.
* display-managers autopkgtest: Reset failed units between tests, to avoid
running into restart limits and for better test isolation.
* Enable timesyncd in virtual machines. (Closes: #762343)
[ Adam Conrad ]
* debian/systemd.{triggers,postinst}: Trigger a systemctl daemon-reload
when init scripts are installed or removed (Closes: #766429)
[ Didier Roche ]
* Squash all fsckd patches in one (as fsckd and such will be removed
soon upstream), containing various fixes from upstream git and refactor
the connection flow to upstream's suggestion. Modify the man pages to match
those modifications as well. Amongst others, this suppresses "Couldn't
connect to plymouth" errors if plymouth is not running.
(Closes: #782265, LP: #1429171)
* Keep plymouth localized messages in a separate patch for easier updates in
the future and refresh to latest upstream.
* display-managers autopkgtest: Use ExecStart=sleep instead of the actual
lightdm binary, to avoid errors from lightdm startup. Drop the now
unnecessary "needs-recommends" to speed up the test.
systemd (219-6) experimental; urgency=medium
[ Martin Pitt ]
* Import patches from v219-stable branch (up to 85a6fab).
* boot-and-services autopkgtest: Add missing python3 test dependency.
* Make apparmor run before networking, to ensure that profiles apply to
e. g. dhclient (LP: #1438249):
- Rename networking.service.d/network-pre.conf to systemd.conf, and add
After=apparmor.service.
- ifup@.service: Add After=apparmor.service.
* udev: Drop hwdb-update dependency, which got introduced by the above
v219-stable branch. This causes udev and plymouth to start too late and
isn't really needed in Debian yet as we don't support stateless systems
yet and handle hwdb.bin updates through dpkg triggers. (LP: #1439301)
[ Didier Roche ]
* Fix mount point detection on overlayfs and similar file systems without
name_to_handle_at() and st_dev support. (LP: #1411140)
[ Christian Seiler ]
* Make the journald to syslog forwarding more robust by increasing the
maximum datagram queue length from 10 to 512. (Closes: #762700)
[ Marco d'Itri ]
* Avoid writing duplicate entries in 70-persistent-net.rules by double
checking if the new udev rule has already been written for the given
interface. This happens if multiple add events are generated before the
write_net_rules script returns and udevd renames the interface.
(Closes: #765577)
systemd (219-5) experimental; urgency=medium
[ Didier Roche ]
* Add "systemd-fsckd" autopkgtest. (LP: #1427312)
* cmdline-upstart-boot autopkgtest: Update to Ubuntu's upstart-sysv split
(test gets skipped on Debian while upstart-sysv does not yet exist there).
* Cherry-pick a couple of upstream commits for adding transient state,
fixing a race where mounts become available before the device being
available.
* Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds
an After relationship. (Closes: #779902)
[ Martin Pitt ]
* journald: Suppress expected cases of "Failed to set file attributes"
errors. (LP: #1427899)
* Add systemd-sysv.postinst: Update grub on first installation, so that the
alternative init system boot entries get updated.
* debian/tests: Call /tmp/autopkgtest-reboot, to work with autopkgtest >=
3.11.1.
* Check for correct architecture identifiers for SuperH. (Closes: #779710)
* Fix tmpfiles.d to only apply the first match again (regression in 219).
(LP: #1428540)
* /lib/lsb/init-functions.d/40-systemd: Don't ignore systemd unit
dependencies in "degraded" mode. (LP: #1429734)
[ Michael Biebl ]
* debian/udev.init: Recognize '!' flag with static device lists, to work
with kmod 20. (Closes: #780263)
[ Craig Magina ]
* rules-ubuntu/71-power-switch-proliant.rules: Add support for HP ProLiant
m400 Server Cartridge soft powerdown on Linux 3.16. (LP: #1428811)
[ Scott Wakeling ]
* Rework package description to be more accurate. (Closes: #740372)
systemd (219-4) experimental; urgency=medium
* tmpfiles: Avoid creating duplicate ACL entries. Add postinst code to clean
them up on upgrade. (Closes: #778656)
* bootchart: Fix path to default init. (LP: #1423867)
* Add "bootchart" autopkgtest, to spot regressions like the above.
* autopkgtests: Factorize out "assert.sh" utility functions, and use them in
the tests for useful failure messages.
* Downgrade requirement for timedated, hostnamed, localed-locale, and
logind autopkgtests from machine to container isolation.
* boot-and-services and display-manager autopkgtest: Add systemd-sysv as
proper test dependency instead of apt-get installing it. This works now
also under Ubuntu 15.04.
* boot-and-services autopkgtest: Check cleanup of temporary files during
boot. Reproduces #779169.
* Clean up /tmp/ directory again. (Closes: #779169, LP: #1424992)
systemd (219-3) experimental; urgency=medium
* sysv-generator: fix wrong "Overwriting existing symlink" warnings.
(Closes: #778700)
* Add systemd-fsckd multiplexer and feed its output to plymouth. This
provides an aggregate progress report of running file system checks and
also allows cancelling them with ^C, in both text mode and Plymouth.
(Closes: #775093, #758902; LP: #1316796)
* Revert "journald: allow restarting journald without losing stream
connections". This was a new feature in 219, but currently causes boot
failures due to logind and other services not starting up properly.
(Closes: #778970; LP: #1423811)
* Add "boot-smoke" autopkgtest: Test 20 successful reboots in a row, and
that there are no connection timeouts or stalled jobs. This reproduces the
above regression.
* debian/tests/localed-locale: Set up locale and keyboard default files on a
minimal unconfigured testbed.
* Add missing python3 test dependency to cmdline-upstart-boot and
display-managers autopkgtests.
* debian/tests/boot-and-services: Skip AppArmor test if AppArmor is not
enabled.
* debian/tests/boot-and-services: Reboot also if lightdm was just installed
but isn't running yet.
systemd (219-2) experimental; urgency=medium
* Fix UTF-16 to UTF-8 conversion on big-endian machines. (Closes: #778654)
* Disable new new test-sigbus, it fails on some buildds due to too old
kernels. (part of #778654)
* debian/README.Debian, debian/systemd.postinst: Drop setfacl call for
/var/log/journal, this is now done automatically by tmpfiles.d/systemd.conf.
* Drop "acl" dependency, not necessary any more with the above.
* debian/tests/boot-and-services: Move to using /var/lib/machines/,
/var/lib/containers is deprecated.
systemd (219-1) experimental; urgency=medium
[ Martin Pitt ]
* New upstream release:
- Fix spelling mistake in systemd.unit(5). (Closes: #773302)
- Fix timeouts with D-Bus, leading to SIGFPE. (Closes: #774012)
- Fix load/save of multiple rfkill states. (Closes: #759489)
- Non-persistent journal (/run/log/journal) is now readable by group adm.
(Closes: #771980)
- Read netdev user mount option to correctly order network mounts after
network.target. (Closes: #769186)
- Fix 60-keyboard.hwdb documentation and whitespace handling.
(Closes: #757367)
- Fix ThinkPad X1 Carbon 20BT trackpad buttons (LP: #1414930)
- Drop all backported patches and port the others to new upstream release.
* Bump libblkid-dev build dependency as per upstream configure.ac.
* debian/systemd.install: Add new language-fallback-map file.
* debian/udev.install: Add new systemd-hwdb tool.
* debian/libsystemd0.symbols: Add new symbols from this release.
* tmpfiles.d/systemd.conf: Drop "wheel" ACL (that group does not exist in
Debian) to make the ACL for "adm" actually work.
* debian/rules: Explicitly disable importd for now; it should still mature a
bit. Explicitly enable hwdb support.
* /lib/lsb/init-functions.d/40-systemd: Call systemctl is-system-running
with --quiet. (LP: #1421058)
* debian/systemd.postrm: Clean getty@tty1.service and remote-fs.target
enablement symlinks on purge. (Closes: #778499)
* Move all Debian specific units in the systemd package into
debian/extra/units/ and simplify debian/systemd.install.
* Enable timesyncd by default. Add a config drop-in to not start if ntp,
openntpd, or chrony is installed. (Closes: #755722)
* debian/systemd.links: Drop obsolete hwclockfirst.service mask link, this
was dropped in wheezy's util-linux already.
* debian/udev.postinst: Call systemd-hwdb instead of udevadm hwdb.
[ Michael Biebl ]
* Stop removing firstboot man pages. They are now installed conditionally.
systemd (218-10) experimental; urgency=medium
* Pull latest keymaps from upstream git. (LP: #1334968, #1409721)
* rules: Fix by-path of mmc RPMB partitions and don't blkid them. Avoids
kernel buffer I/O errors and timeouts. (LP: #1333140)
* Clean up stale mounts when ejecting CD drives with the hardware eject
button. (LP: #1168742)
* Document systemctl --failed option. (Closes: #767267)
* Quiesce confusing and irrelevant "failed to reset devices.list" warning.
(LP: #1413193)
* When booting with systemd-bootchart, default to run systemd rather than
/sbin/init (which might not be systemd). (LP: #1417059)
* boot-and-services autopkgtest: Add CgroupsTest to check cgroup
creation/cleanup behaviour. This reproduces #777601 and verifies the fix
for it.
systemd (218-9) experimental; urgency=medium
[ Martin Pitt ]
* debian/tests/logind: With dropped systemd-logind-launch we don't have a
visible /sys/fs/cgroup/systemd/ any more under cgmanager. So adjust the
test to check /proc/self/cgroup instead.
* Add unit-config autopkgtest to check systemd unit/sysv init enabling and
disabling via systemctl. This also reproduces #777613.
* systemctl: Always install/enable/disable native units, even if there is a
corresponding SysV script and we call update-rc.d; while the latter
handles WantedBy=, it does not handle Alias=. (Closes: #777613)
* cgroup: Don't trim cgroup trees created by someone else, just the ones
that systemd itself created. This avoids cleaning up empty cgroups from
e.g. LXC. (Closes: #777601)
* Don't parse /etc/mtab for current mounts, but /proc/self/mountinfo. If the
former is a file, it's most likely outdated on boot, leading to race
conditions and unmounts during boot. (LP: #1419623)
[ Michael Biebl ]
* Explicitly disable the features we don't want to build for those with
autodetection. This ensures reliable build results in dirty build
environments.
* Disable AppArmor support in the udeb build.
* core: Don't fail to run services in --user instances if $HOME is missing.
(Closes: #759320)
[ Didier Roche ]
* default-display-manager-generator: Avoid unnecessary /dev/null symlink and
warning if there is no display-manager.service unit.
systemd (218-8) experimental; urgency=medium
[ Martin Pitt ]
* boot-and-services autopkgtest: Ensure that there are no failed units,
except possibly systemd-modules-load.service (as that notoriously fails
with cruft in /etc/modules).
* Revert "input" system group creation in systemd.postinst from 218-7. It's
already done in udev.postinst.
* ifup@.service: Revert checking for existance of ifupdown config for that
interface, net.agent already does that.
* Drop Also-redirect-to-update-rc.d-when-not-using-.service.patch; not
necessary any more with the current version (mangle_names() already takes
care of this).
* Merge into Add-support-for-rcS.d-init-scripts-to-the-sysv-gener.patch:
- Do-not-order-rcS.d-services-after-local-fs.target-if.patch, as it
partially reverts the above, and is just fixing it.
- Map-rcS.d-init-script-dependencies-to-their-systemd-.patch as it's just
adding some missing functionality for the same purpose.
* Merge Run-update-rc.d-defaults-before-update-rc.d-enable-d.patch into
Make-systemctl-enable-disable-call-update-rc.d-for-s.patch as the former
is fixing the latter and is not an independent change.
* Drop Launch-logind-via-a-shell-wrapper.patch and systemd-logind-launch
wrapper. The only remaining thing that we need from it is to create
/run/systemd/, move that into the D-BUS service file directly.
* /lib/lsb/init-functions.d/40-systemd: Avoid deadlocks during bootup and
shutdown. DHCP/ifupdown and similar hooks which call "/etc/init.d/foo
reload" can easily cause deadlocks, since the synchronous wait plus
systemd's normal behaviour of transactionally processing all dependencies
first easily causes dependency loops. Thus during boot/shutdown operate
only on the unit and not on its dependencies, just like SysV behaves.
(Closes: #777115, LP: #1417010)
* Only start logind if dbus is installed. This fixes the noisy startup
failure in environments without dbus, such as LXC containers or servers.
(part of #772700)
* Add getty-static.service unit which starts getty@.service on tty 2 to 6 if
dbus is not installed, and hence logind cannot auto-start them on demand.
(Closes: #772700)
[ Michael Biebl ]
* Update insserv-generator and map $x-display-manager to
display-manager.service, following the recent change in sysv-generator.
This avoids creating references to a no longer existing
x-display-manager.target unit.
systemd (218-7) experimental; urgency=medium
[ Martin Pitt ]
* Don't attempt to mount the same swap partition twice through different
device node aliases. (Closes: #772182, LP: #1399595)
* logind: handle closing sessions over daemon restarts. (Closes: #759515,
LP: #1415104)
* logind: Fix sd_eviocrevoke ioctl call, to make forced input device release
after log out actually work.
* debian/rules: Drop obsolete --disable-multi-seat-x and
--with-firmware-path configure options.
* debian/udev.README.Debian: Trim the parts which are obsolete, wrong, or
described in manpages. Only keep the Debian specific bits.
(Part of #776546)
* Actually install udev's README.Debian when building for Debian.
(Closes: #776546)
* Create system group "input" which was introduced in 215. (LP: #1414409)
* ifup@.service: Don't fail if the interface is not configured in
/etc/network/interfaces at all. (LP: #1414426)
[ Michael Biebl ]
* Update Vcs-Browser URL to use cgit and https.
* Map $x-display-manager LSB facility to display-manager.service instead of
making it a target. Using a target had the downside that multiple display
managers could hook into it at the same time which could lead to several
failed start attempts for the non-default display manager.
systemd (218-6) experimental; urgency=medium
[ Martin Pitt ]
* initramfs hook: Install 61-persistent-storage-android.rules if it exists.
* Generate POT file during package build, for translators.
* Pull latest keymaps from upstream git.
* Order ifup@.service and networking.service after network-pre.target.
(Closes: #766938)
* Tone down "Network interface NamePolicy= disabled on kernel commandline,
ignoring" info message to debug, as we expect this while we disable
net.ifnames by default. (Closes: #762101, LP: #1411992)
[ Michael Biebl ]
* Ship bash-completion for udevadm. (Closes: #776166)
* Drop rc-local generator in favor of statically enabling rc-local.service,
and drop halt-local.service which is unnecessary on Debian.
(Closes: #776170)
* Drop the obsolete libsystemd-* libraries, there are no reverse
dependencies left.
systemd (218-5) experimental; urgency=medium
* Drop logger.agent. It hasn't been called from any udev rule for a long
time, and looks obsolete.
* debian/rules: Configure with --disable-firstboot to replace some manual
file removals.
* debian/rules: Remove manual file installation, move them to
debian/*.install. Move all Debian specific installed files to
debian/extra/.
* Merge some changes from the Ubuntu package to reduce the delta; these only
apply when building on/for Ubuntu:
- Add 40-hyperv-hotadd.rules: Workaround for LP: #1233466.
- Add 61-persistent-storage-android.rules to create persistent symlinks
for partitions with PARTNAME. By Ricardo Salveti.
- Add 71-power-switch-proliant.rules for supporting the power switches of
ProLiant Server Cartridges. By Dann Frazier.
- Add 78-graphics-card.rules: Mark KMS capable graphics devices as
PRIMARY_DEVICE_FOR_DISPLAY so that we can wait for those in plymouth.
By Scott James Remnant.
- Don't install the Debian *.agent scripts. Instead, have Ubuntu's
80-networking.rules directly pull in ifup@.service, which is much easier
and more efficient.
* Make EPERM/EACCESS when applying OOM adjustment for forked processes
non-fatal. This happens in user namespaces like unprivileged LXC
containers.
* Fix assertion failure due to /dev/urandom being unmounted when shutting
down unprivileged containers. Thanks Stéphane Graber.
* Enable EFI support. This mostly auto-mounts /sys/firmware/efi/efivars, but
also provides a generator for auto-detecting the root and the /boot/efi
partition if they aren't in /etc/fstab. (Closes: #773533)
systemd (218-4) experimental; urgency=medium
[ Michael Biebl ]
* sysv-generator: handle Provides: for non-virtual facility names.
(Closes: #774335)
* Fix systemd-remount-fs.service to not fail on remounting /usr if /usr
isn't mounted yet. This happens with initramfs-tools < 0.118 which we
might not get into Jessie any more. (Closes: #742048)
[ Martin Pitt ]
* fstab-generator: Handle mountall's non-standard "nobootwait" and
"optional" options. ("bootwait" is already the systemd default behaviour,
and "showthrough" is irrelevant here, so both can be ignored).
* Add autopkgtest for one-time boot with upstart when systemd-sysv is
installed. This test only works under Ubuntu which has a split out
upstart-bin package, and will be skipped under Debian.
* debian/ifup@.service: Check if ifup succeeds by calling ifquery, to
work around ifup not failing on invalid interfaces (see #773539)
* debian/ifup@.service: Set proper service type (oneshot).
* sysv-generator: Handle .sh suffixes when translating Provides:.
(Closes: #775889)
* sysv-generator: Make real units overwrite symlinks generated by Provides:
from other units. Fixes failures due to presence of backup or old init.d
scripts. (Closes: #775404)
* Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN.
(Closes: #775067)
* Re-enable AppArmor support, now that libapparmor1 moved to /lib. Add
versioned dependency as long as this is still only in experimental.
(Closes: #775331)
* Add some missing dpkg and ucf temp files to the "hidden file" filter, to
e. g. avoid creating units for them through the sysv-generator.
(Closes: #775903)
* Silence useless warning about /etc/localtime not being a symlink. This is
deliberate in Debian with /usr (possibly) being on a separate partition.
(LP: #1409594)
[ Christian Kastner ]
* Use common-session-noninteractive in systemd-user's PAM config, instead of
common-session. The latter can include PAM modules like libpam-mount which
expect to be called just once and/or interactively, which already happens
for login, ssh, or the display-manager. Add pam_systemd.so explicitly, as
it's not included in -noninteractive, but is always required (and
idempotent). There is no net change on systemd which don't use manually
installed PAM modules. (Closes: #739676)
[ Michael Biebl ]
* Make sure we run debian-fixup.service after /var has been mounted if /var
is on a separate partition. Otherwise we might end up creating the
/var/lock and /var/run symlink in the underlying root filesystem.
(Closes: #768644)
systemd (218-3) experimental; urgency=medium
* build-logind autopkgtest: Re-enforce that sd_login_monitor_new() succeeds,
and restrict this test to isolation-container. (Reproduces LP #1400203)
* Bring back patch to make sd_login_monitor_new() work under other init
systems where /sys/fs/cgroup/systemd/machine does not exist.
(LP: #1400203)
* build-login autopkgtest: Build against libsystemd, not libsystemd-login
any more.
* Add debian/extra/systemd-vconsole-setup.service dependency shim for
the console-setup init script, to avoid breaking dependencies of
third-party packages. Install it for Ubuntu only for now, as in Debian
plymouth's unit got adjusted. (LP: #1392970, Debian #755194)
* Mark systemd{,-sysv} as M-A: foreign (thanks lintian).
* Quiesce maintainer-script-calls-systemctl lintian warning.
* Quiesce possibly-insecure-handling-of-tmp-files lintian warning, it's
wrong there (we are handling tmpfiles.d/ files which are not in a temp
dir).
* Use dh_installinit's --noscript instead of --no-start for the upstart
jobs without sysvinit scripts (thanks lintian).
* Put systemd.pc into arch specific pkgconfig dir, as it contains the arch
specific libdir value.
* Don't enable audit by default. It causes flooding of dmesg and syslog,
suppressing actually important messages. (Closes: #773528)
* Cherrypick various bug fixes in loopback device setup and netlink socket
communication. Fixes massive CPU usage due to tight retry loops in user
LXC containers.
systemd (218-2) experimental; urgency=medium
* boot-and-services AppArmor autopkgtest: Stop checking the dmesg log; it is
racy as sometimes message bursts are suppressed.
* Fix crash in timedatectl with Etc/UTC.
* Prefer-etc-X11-default-display-manager-if-present.patch: Drop wrong
copy&paste'd comment, fix log strings. Thanks Adam D. Barratt.
* boot-and-services: Robustify Nspawn tests, and show systemd-nspawn output
on failure.
* Disable tests which fail on buildds, presumably due to too old kernels,
misconfigured /etc/hosts, and similar problems. Make failures of the test
suite fatal now.
systemd (218-1) experimental; urgency=medium
* New upstream release. Drop all cherry-picked patches and port the Debian
specific ones.
- Create /etc/machine-id on boot if missing. (LP: #1387090)
* Add new libmount-dev build dependency.
* Configure with --enable-split-usr.
* Merge some permanent Ubuntu changes, using dpkg-vendor:
- Don't symlink udev doc directories.
- Add epoch to gudev packages; Ubuntu packaged the standalone gudev before
it got merged into udev.
- Add Apport hooks for udev and systemd.
* udev-fallback-graphics upstart job: Guard the modprobe with || true to
avoid a failure when vesafb is compiled in. (LP: #1367241)
systemd (217-4) experimental; urgency=medium
[ Martin Pitt ]
* Reinstate a debian/extra/rules/50-firmware.rules which immediately tells
the kernel that userspace firmware loading failed. Otherwise it tries for a
minute to call the userspace helper (if CONFIG_FW_LOADER_USER_HELPER is
enabled) in vain, which causes long delays with devices which have a range
of possible firmware versions. (LP: #1398458)
* debian/systemd.postinst: Don't always restart journald, as this currently
can't be done without losing the current journal and breaking attached
processes. So only restart it from upgrades < 215-3 (where the socket
location got moved) as an one-time upgrade path from wheezy.
(Closes: #771122)
* Revert "Modify insserv generator to mask sysvinit-only display managers".
This is still under dispute, a bit risky, and might get a different
implementation. Also, nodm really needs to be fixed properly, working
around it is both too risky and also too hard to get right.
[ Didier Roche ]
* Add display managers autopkgtests.
* Reset display-manager symlink to match /e/X/d-d-m even if
display-manager.service was removed. Adapt the autopkgtests for it.
(LP: #1400680)
systemd (217-3) experimental; urgency=medium
[ Martin Pitt ]
* systemd.bug-script: Really capture stderr of systemd-delta.
(Closes: #771498)
* boot-and-services autopkgtest: Give test apparmor job some time to
actually finish.
[ Didier Roche ]
* updated debian/patches/insserv.conf-generator.patch:
- if /etc/X11/default-display-manager doesn't match a systemd unit
(or doesn't exist), be less agressive about what to mask: we let
all sysvinit-only display-manager units enabled to fallback to previous
behavior and let them starting. (Closes: #771739)
systemd (217-2) experimental; urgency=medium
* Re-enable journal forwarding to syslog, until Debian's sysloggers
can/do all read from the journal directly.
* Fix hostnamectl exit code on success.
* Fix "diff failed with error code 1" spew with systemd-delta.
(Closes: #771397)
* Re-enable systemd-resolved. This wasn't meant to break the entire
networkd, just disable the new NSS module. Remove that one manually
instead. (Closes: #771423, LP: #1397361)
* Import v217-stable patches (up to commit bfb4c47 from 2014-11-07).
* Disable AppArmor again. This first requires moving libapparmor to /lib
(see #771667). (Closes: #771652)
* systemd.bug-script: Capture stderr of systemd-{delta,analyze}.
(Closes: #771498)
systemd (217-1) experimental; urgency=medium
[ Martin Pitt ]
* New upstream release. Drop all cherry-picked patches and port the Debian
specific ones.
* Disable systemd-resolved for now. It still needs to mature, and
integration into Debian should be discussed first.
* Bump util-linux dependency to >= 2.25 as per NEWS.
* Drop installation of 50-firmware.rules, not shipped upstream any more.
Firmware loading is now exclusively done by the kernel.
* Drop installation of readahead related services and code, readahead got
dropped in this version.
* Ship new networkctl CLI tool.
* debian/libsystemd0.symbols: Add new symbols from this release.
* debian/rules: Call dpkg-gensymbols with -c4 to immediately spot
changed/missing symbols during build.
* boot-and-services autopkgtest: Test AppArmor confined units (LP #1396270)
* Create new "systemd-journal-remote" system group, for
systemd-tmpfiles-setup.service.
[ Marc Deslauriers ]
* Build-depend on libapparmor-dev to enable AppArmor support. (LP: #1396270)
[ Didier Roche ]
* Handle display-manager transitions: (Closes: #748668)
- Add a generator to ensure /etc/X11/default-display-manager is controlling
which display-manager is started.
- Modify insserv generator to mask of sysvinit-only dms with insserv
$x-display-manager tag if they don't match
/etc/X11/default-display-manager. This avoids starting multiple dms at
boot.
* Cherry-pick Shared-add-readlink_value.patch as using that function in the
generator.
systemd (215-18) unstable; urgency=medium
[ Michael Biebl ]
* manager: Pass correct errno to strerror(), have_ask_password contains
negative error values which have to be negated when being passed to
strerror().
[ Martin Pitt ]
* Revert upstream commit 743970d which immediately SIGKILLs units during
shutdown. This leads to problems like bash not being able to write its
history, mosh not saving its state, and similar failed cleanup actions.
(Closes: #784720, LP: #1448259)
* write_net_rules: Escape '{' and '}' characters as well, to make this work
with busybox grep. Thanks Faidon Liambotis! (Closes: #765577)
systemd (215-17) unstable; urgency=high
* cryptsetup: Implement offset and skip options. (Closes: #751707,
LP: #953875)
systemd (215-16) unstable; urgency=medium
[ Christian Seiler ]
* Don't run hwclock-save.service in containers. (Closes: #782377)
[ Michael Biebl ]
* Do not print anything while passwords are being queried. This should make
password prompts without plymouth more usable. (Closes: #765013)
* Skip filesystem check if already done by the initramfs. (Closes: #782522)
systemd (215-15) unstable; urgency=medium
[ Adam Conrad ]
* debian/systemd.{triggers,postinst}: Trigger a systemctl daemon-reload
when init scripts are installed or removed (Closes: #766429)
[ Martin Pitt ]
* Fix getty restart loop when PTS device is gone. (Closes: #780711)
* Run timesyncd in virtual machines. (Closes: #762343)
* Make logind work in environments without CAP_SYS_ADMIN (mostly
containers). Thanks Christian Seiler for the backporting!
(Closes: #778608)
* Check for correct signatures when setting properties. Fixes systemd
getting stuck on trying to set invalid property types. (Closes: #781602)
systemd (215-14) unstable; urgency=medium
[ Michael Biebl ]
* Map $x-display-manager LSB facility to display-manager.service instead of
making it a target. Using a target had the downside that multiple display
managers could hook into it at the same time which could lead to several
failed start attempts for the non-default display manager.
* Update insserv-generator and map $x-display-manager to
display-manager.service, following the recent change in sysv-generator.
This avoids creating references to a no longer existing
x-display-manager.target unit.
* Cherry-pick upstream fix to increase the SendBuffer of /dev/log to 8M.
[ Martin Pitt ]
* scope: Make attachment of initial PIDs more robust. Fixes crash with
processes that get started by an init.d script with a different (aliased)
name when the cgroup becomes empty. (Closes: #781210)
* boot-and-services, display-managers autopkgtests: Add missing python3 test
dependency.
* Don't attempt to mount the same swap partition twice through different
device node aliases. (Closes: #772182, LP: #1399595)
[ Christian Seiler ]
* Make the journald to syslog forwarding more robust by increasing the
maximum datagram queue length from 10 to 512. (Closes: #762700)
[ Marco d'Itri ]
* Avoid writing duplicate entries in 70-persistent-net.rules by double
checking if the new udev rule has already been written for the given
interface. This happens if multiple add events are generated before the
write_net_rules script returns and udevd renames the interface.
(Closes: #765577)
systemd (215-13) unstable; urgency=medium
[ Martin Pitt ]
* Add hwclock-save.service to sync the system clock to the hardware clock on
shutdown, to provide monotonic time for reboots. (Note: this is a hack for
jessie; the next Debian release will enable timesyncd by default).
(Closes: #755722)
* Check for correct architecture identifiers for SuperH. (Closes: #779710)
* networkd: Fix stopping v4 dhcpclient when the carrier is lost. Thanks
Christos Trochalakis! (Closes: #779571)
* Fix segfault with units that depend on themselves. (Closes: #780675)
* tmpfiles-setup-dev: Call tmpfiles with --boot to allow unsafe device
creation. Fixes creation of static device nodes with kmod 20.
(Closes: #780263)
[ Christian Seiler ]
* core: Don't migrate PIDs for units that may contain subcgroups.
This stops messing up lxc/libvirt/other custom cgroup layouts after
daemon-reload. (Closes: #777164)
* sysv-generator: add support for /etc/insserv/overrides. (Closes: #759001)
[ Michael Biebl ]
* debian/udev.init: Recognize '!' flag with static device lists, to work
with kmod 20. (Closes: #780263)
[ Didier Roche ]
* Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds
an After relationship. (Closes: #779902)
systemd (215-12) unstable; urgency=medium
[ Martin Pitt ]
* debian/udev.README.Debian: Trim the parts which are obsolete, wrong, or
described in manpages. Only keep the Debian specific bits.
(Part of #776546)
* Actually install udev's README.Debian when building for Debian.
(Closes: #776546)
* Only start logind if dbus is installed. This fixes the noisy startup
failure in environments without dbus such as LXC containers or servers.
(part of #772700)
* Add getty-static.service unit which starts getty@.service on tty 2 to 6 if
dbus is not installed, and hence logind cannot auto-start them on demand.
(Closes: #772700)
* Add unit-config autopkgtest to check systemd unit/sysv init enabling and
disabling via systemctl. This avoids bugs like #777613 (did not affect
unstable).
* cgroup: Don't trim cgroup trees created by someone else, just the ones
that systemd itself created. This avoids cleaning up empty cgroups from
e.g. LXC. (Closes: #777601)
* boot-and-services autopkgtest: Add CgroupsTest to check cgroup
creation/cleanup behaviour. This reproduces #777601 and verifies the fix
for it.
* rules: Fix by-path of mmc RPMB partitions and don't blkid them. Avoids
kernel buffer I/O errors and timeouts. (LP: #1333140)
* Document systemctl --failed option. (Closes: #767267)
[ Michael Biebl ]
* core: Don't fail to run services in --user instances if $HOME is missing.
(Closes: #759320)
[ Didier Roche ]
* default-display-manager-generator: Avoid unnecessary /dev/null symlink and
warning if there is no display-manager.service unit.
systemd (215-11) unstable; urgency=medium
[ Martin Pitt ]
* escape-beef-up-new-systemd-escape-tool.patch: Avoid creating a dangling
symlink, to work around regression in recent patch (see #776257).
* Order ifup@.service and networking.service after network-pre.target.
(Closes: #766938)
* Tone down "Network interface NamePolicy= disabled on kernel commandline,
ignoring" info message to debug, as we expect this while we disable
net.ifnames by default. (Closes: #762101, LP: #1411992)
* logind: handle closing sessions over daemon restarts. (Closes: #759515,
LP: #1415104)
* logind: Fix sd_eviocrevoke ioctl call, to make forced input device release
after log out actually work.
* debian/patches/series: Move upstreamed patches into the appropriate
section.
[ Michael Biebl ]
* Make sure we run debian-fixup.service after /var has been mounted if /var
is on a separate partition. Otherwise we might end up creating the
/var/lock and /var/run symlink in the underlying root filesystem.
(Closes: #768644)
systemd (215-10) unstable; urgency=medium
[ Martin Pitt ]
* sysv-generator: Handle .sh suffixes when translating Provides:.
(Closes: #775889)
* sysv-generator: Make real units overwrite symlinks generated by Provides:
from other units. Fixes failures due to presence of backup or old init.d
scripts. (Closes: #775404)
* Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN.
(Closes: #775067)
[ Christian Kastner ]
* Use common-session-noninteractive in systemd-user's PAM config, instead of
common-session. The latter can include PAM modules like libpam-mount which
expect to be called just once and/or interactively, which already happens
for login, ssh, or the display-manager. Add pam_systemd.so explicitly, as
it's not included in -noninteractive, but is always required (and
idempotent). There is no net change on systemd which don't use manually
installed PAM modules. (Closes: #739676)
systemd (215-9) unstable; urgency=medium
[ Didier Roche ]
* Add display managers autopkgtests.
* Reset display-manager symlink to match /e/X/d-d-m even if
display-manager.service was removed. Adapt the autopkgtests for it.
[ Martin Pitt ]
* Prefer-etc-X11-default-display-manager-if-present.patch: Drop wrong
copy&paste'd comment, fix log strings. Thanks Adam D. Barratt.
* Log all members of cyclic dependencies (loops) even with quiet on the
kernel cmdline. (Closes: #770504)
* Don't auto-clean PrivateTmp dir in /var/tmp; in Debian we don't want to
clean /var/tmp/ automatically. (Closes: #773313)
[ Michael Biebl ]
* sysv-generator: handle Provides: for non-virtual facility names.
(Closes: #774335)
* Fix systemd-remount-fs.service to not fail on remounting /usr if /usr
isn't mounted yet. This happens with initramfs-tools < 0.118 which we
might not get into Jessie any more. (Closes: #742048)
systemd (215-8) unstable; urgency=medium
[ Didier Roche ]
* Cherry-pick shared-add-readlink_value.patch, we will use that function in
the generator.
* Cherry-pick util-allow-strappenda-to-take-any-number-of-args.patch, we
will use that function in the generator.
* Handle multiple display managers which don't ship a systemd unit or the
corresponding postinst logic for updating display-manager.service: Add a
generator to ensure /etc/X11/default-display-manager is controlling which
display-manager is started. (Closes: #771287)
[ Sjoerd Simons ]
* d/p/core-Fix-bind-error-message.patch:
+ Added. Fix error message on bind failure to print the full path
* d/p/core-Make-binding-notify-private-dbus-socket-more-ro.patch:
+ Added. Be more robust when binding private unix sockets (Based on current
upstream logic) (Closes: #761306)
[ Martin Pitt ]
* Clean up ...journal~ files from unclean shutdowns. (Closes: #771707)
* debian/systemd.postinst: Don't always restart journald, as this currently
can't be done without losing the current journal and breaking attached
processes. So only restart it from upgrades < 215-3 (where the socket
location got moved) as an one-time upgrade path from wheezy.
(Closes: #771122)
* journalctl: Fix help text for --until. (Closes: #766598)
* Bump systemd's udev dependency to >= 208-8, so that on partial upgrades we
make sure that the udev package has appropriate Breaks:. In particular,
this avoids installing current udev with kmod << 14. (Closes: #771726)
[ Michael Biebl ]
* systemd.postinst: Move unit enablement after restarting systemd, so that
we don't fail to enable units with keywords that wheezy's systemd does not
understand yet. Fixes enabling getty units on wheezy upgrades with
systemd. (Closes: #771204)
systemd (215-7) unstable; urgency=medium
[ Martin Pitt ]
* Add myself to Uploaders.
* Add boot-and-services autopkgtest: Check booting with systemd-sysv and
that the most crucial services behave as expected.
* logind autopkgtest: Fix stderr output in waiting loop for scsi_debug.
* Add nspawn test to boot-and-services autopkgtest.
* Make systemd-nspawn@.service work out of the box: (Closes: #770275)
- Pre-create /var/lib/container with a secure mode (0700) via tmpfiles.d.
- Add new try-{guest,host} modes for --link-journal to silently skip
setting up the guest journal if the host has no persistent journal.
- Extend boot-and-services autopkgtest to cover systemd-nspawn@.service.
* Cherry-pick upstream patch to fix SELinux unit access check (regression
in 215).
* sysv-generator: Avoid wrong dependencies for failing units. Thanks to
Michael Biebl for the patch! (Closes: #771118)
* Cherry-pick patches to recognize and respect the "discard" mount option
for swap devices. Thanks to Aurelien Jarno for finding and testing!
(Closes: #769734)
[ Jon Severinsson]
* Add /run/shm -> /dev/shm symlink in debian/tmpfiles.d/debian.conf. This
avoids breakage in Jessie for packages which still refer to /run/shm, and
while https://wiki.debian.org/ReleaseGoals/RunDirectory is still official.
(LP: #1320534, Closes: #674755).
systemd (215-6) unstable; urgency=medium
[ Martin Pitt ]
* Cherry-pick upstream patch to fix udev crash in link_config_get().
* Cherry-pick upstream patch to fix tests in limited schroot environments.
* Add d/p/Add-env-variable-for-machine-ID-path.patch: Allow specifying an
alternate /etc/machine-id location. This is necessary for running tests
as long as it isn't in our base images (see Debian #745876)
* Run tests during package build. For the first round don't make them fatal
for now (that will happen once we see results from all the architectures).
* Drop our Check-for-kmod-binary.patch as the upstream patch
units-conditionalize-static-device-node-logic-on-CAP.patch supersedes it.
* Drop Use-comment-systemd.-syntax-in-systemd.mount-man-pag.patch, as
our util-linux is now recent enough. Bump dependency to >= 2.21.
* Adjust timedated and hostnamed autopkgtests to current upstream version.
* Replace our Debian hwdb.bin location patch with what got committed
upstream. Run hwdb update with the new --usr option to keep current
behaviour.
* debian/README.Debian: Document how to debug boot or shutdown problems with
the debug shell. (Closes: #766039)
* Skip-99-systemd.rules-when-not-running-systemd-as-in.patch: Call path_id
under all init systems, to get consistent ID_PATH attributes. This is
required so that tools like systemd-rfkill can be used with SysVinit or
upstart scripts, too. (LP: #1387282)
* Switch libpam-systemd dependencies to prefer systemd-shim over
systemd-sysv, to implement the CTTE decision #746578. This is a no-op on
systems which already have systemd-sysv installed, but will prevent
installing that on upgrades. (Closes: #769747)
* Remove Tollef from Uploaders: as per his request. Thanks Tollef for all
you work!
* net.agent: Properly close stdout/err FDs, to avoid long hangs during udev
settle. Thanks to Ben Hutchings! (Closes: #754987)
* Bump Standards-Version to 3.9.6 (no changes necessary).
[ Didier Roche ]
* debian/ifup@.service: add a ConditionPath on /run/network, to avoid
failing the unit if /etc/init.d/networking is disabled. (Closes: #769528)
systemd (215-5) unstable; urgency=medium
[ Martin Pitt ]
* Unblacklist hyperv_fb again, it is needed for graphical support on Hyper-V
platforms. Thanks Andy Whitcroft! (LP: #1359933)
* Bump systemd-shim Depends/Breaks to 8-2 to ensure a lockstep upgrade.
(Closes: #761947)
[ Sjoerd Simons ]
* d/p/sd-bus-Accept-no-sender-as-the-destination-field.patch
+ Fix compatibility between systemctl v215 and v208. Resolves issue when
reloads of services is requested before systemd is re-execed
(Closes: #762146)
[ Michael Biebl ]
* Don't overmount existing /run/user/<UID> directories with a per-user tmpfs
on upgrades. (Closes: #762041)
* Re-enable mount propagation for udevd. This avoids that broken software
like laptop-mode-tools, which runs mount from within udev rules, causes
the root file system to end up read-only. (Closes: #762018)
systemd (215-4) unstable; urgency=medium
* Upload to unstable.
systemd (215-3) experimental; urgency=medium
[ Ben Howard ]
* 75-persistent-net-generator.rules: Fix matches of HyperV. (LP: #1361272)
[ Martin Pitt ]
* 75-persistent-net-generator.rules: Add new MS Azure MAC prefix 00:25:ae.
(LP: #1367883)
[ Michael Biebl ]
* Update upstream v215-stable patch series.
* The /dev/log socket and /dev/initctl FIFO have been moved to /run and
replaced by symlinks. Create the symlinks manually on upgrades as well.
(Closes: #761340)
* Fix incorrect paths in man pages. (LP: #1357782, Closes: #717491)
* Make systemd recommend dbus so it is installed on upgrades. The dbus
system bus is required to run systemd-logind and the autovt feature relies
on logind. (Closes: #758111)
* Bump dependency on systemd-shim to (>= 7-2) to ensure we have a version
which supports systemd >= 209.
* Rework bug-script to be more upfront about what kind of data is gathered
and ask the user for permission before attaching the information to the
bug report. (Closes: #756248)
[ Sjoerd Simons ]
* d/p/buildsys-Don-t-default-to-gold-as-the-linker.patch
+ Don't explicitly pick gold as the default linker. Fixes FTBFS on sparc
(Closes: #760879)
systemd (215-2) experimental; urgency=medium
* debian/patches/always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch
+ Added. Fix checking of system endianness. Fixes FTBFS on powerpc
* debian/patches/timesyncd-when-we-don-t-know-anything-about-the-netw.patch:
+ Let timesyncd go online even if networkd isn't running (from upstream
git) (Closes: #760087)
* debian/rules: add systemd-update-utmp-runlevel.service to
{poweroff, rescue, multi-user, graphical, reboot}.target.wants to trigger
the runlevel target to be loaded
systemd (215-1) experimental; urgency=medium
* New upstream release.
* Import upstream v215-stable patch series.
* Rebase remaining Debian patches on top of v215-stable.
* Drop our Debian-specific run-user.mount unit as upstream now creates a
per-user tmpfs via logind.
* Don't rely on new mount from experimental for now and re-add the patch
which updates the documentation accordingly.
* Cherry-pick upstream fix to use correct versions for the new symbols that
were introduced in libudev.
* Update symbols files
- Add two new symbols for libudev1.
- Remove private symbol from libgudev-1.0-0. This symbol was never part of
the public API and not used anywhere so we don't need a soname bump.
* Cherry-pick upstream commit to not install busname units if kdbus support
is disabled.
* Make /run/lock tmpfs an API fs so it is available during early boot.
(Closes: #751392)
* Install new systemd-path and systemd-escape binaries.
* Cherry-pick upstream commit which fixes the references to the systemctl
man page. (Closes: #760613)
* Use the new systemd-escape utility to properly escape the network
interface name when starting an ifup@.service instance for hotplugged
network interfaces. Make sure a recent enough systemd version is installed
by bumping the versioned Breaks accordingly. (Closes: #747044)
* Order ifup@.service after networking.service so we don't need to setup the
runtime directory ourselves and we have a defined point during boot when
hotplugged network interfaces are started.
* Disable factory-reset feature and remove files associated with it. This
feature needs more integration work first before it can be enabled in
Debian.
* Cherry-pick upstream commit to fix ProtectSystem=full and make the
ProtectSystem= option consider /bin, /sbin, /lib and /lib64 (if it exists)
on Debian systems. (Closes: #759689)
* Use adduser in quiet mode when creating the system users/groups to avoid
warning messages about the missing home directories. Those are created
dynamically during runtime. (Closes: #759175)
* Set the gecos field when creating the system users.
* Add systemd-bus-proxy system user so systemd-bus-proxyd can properly drop
its privileges.
* Re-exec systemd and restart services at the end of postinst.
* Cherry-pick upstream commit for sd-journal to properly convert
object->size on big endian which fixes a crash in journalctl --list-boots.
(Closes: #758392)
systemd (214-1) experimental; urgency=medium
* New upstream release v214.
(Closes: #750793, #749268, #747939)
[ Jon Severinsson ]
* Import upstream v214-stable patch series.
- Rebase remaining Debian patches on top of v214-stable.
- Drop modifications to the now-removed built-in sysvinit support.
* Install the new combined libsystemd0 library, this library combines all
functionality of the various libsystemd-* libraries.
- Deprecate the old libsystemd-* libraries as they've been bundled into
libsystemd0. The old -dev files now just carry a transitional .pc file.
- Add new symbols file for libsystemd0.
* Update symbols file for libgudev-1.0-0.
* Remove pre-generated rules and unit files in debian/rules clean target.
* Add new systemd service users in systemd postinst (systemd-timesync,
systemd-network, systemd-resolve)
* Add new system group "input" used by udev rules in udev postinst.
* Try-restart networkd, resolved, and timesyncd after an upgrade.
* Do not force-enable default-on services on every upgrade.
* Add support for rcS.d init scripts to the sysv-generator.
- Do not order rcS.d services after local-fs.target if they do not
explicitly depend on $local_fs.
- Map rcS.d init script dependencies to their systemd equivalent.
- Special-case some dependencies for sysv init scripts for better
backwards compatibility. (Closes: #726027, #738965).
* Add systemd depends on new mount. (Closes: #754411)
* Update /run/initctl symlink target in debian/tmpfiles.d/debian.conf.
* Remove stored backlog state, rfkill state, random-seed and clock
information from /var/lib/systemd on systemd purge.
[ Sjoerd Simons ]
* debian/patches/shared-include-stdbool.h-in-mkdir.h.patch
+ Added. Include stdbool before using bool in function prototypes. Fixes
build of the insserv generator
* Add python-lxml to build-depends for python-systemd
* Turn on parallel build support
* Install the new busctl binary and translations
* Explicitly disable microhttp so the package build doesn't fail if the
required dependencies for it happen to be installed.
* debian/control: Make udev break plymouth (<< 0.9.0-7) as older plymouths
assume udev implementation details that have changed slightly since v213
* debian/control: Remove b-d on librwap0-dev
* debian/control: Bump libkmod-dev b-d to >= 15
* debian/rules: Drop outdated --enable-tcpwrap
* debian/rules: Explicitly turn off rfkill, networkd, timesyncd and resolved
for the udeb build
* debian/rules: Use the debian ntp pool as default ntp servers
* debian/rules: explicitely configure the maximum system uid/gids instead of
relying on autodetection
systemd (208-8) unstable; urgency=medium
[ Martin Pitt ]
* Fix duplicate line in copyright. (Closes: #756899)
* Drop --disable-xattr configure option for udeb, does not exist any more.
* Add Turkish debconf translations. Thanks Mert Dirik! (Closes: #757498)
* Backport fix for lazy session-activation on non-seat0 seats.
(LP: #1355331)
[ Michael Biebl ]
* Use "kmod static-nodes --output=/proc/self/fd/1" in make_static_nodes() as
we can't rely on /dev/stdout to exist at this point during boot.
(Closes: #757830)
* Fix udev SysV init script and d-i start script to not write to
/sys/kernel/uevent_helper unconditionally to not fail on a kernel with
CONFIG_UEVENT_HELPER unset. (Closes: #756312)
* Add Breaks: kmod (<< 14) to udev to make sure we have a kmod version
supporting the static-nodes command.
* Add Breaks: systemd (<< 208) to udev to avoid partial upgrades. Newer udev
versions rely on kmod-static-nodes.service being provided by systemd.
(Closes: #757777)
* Updated upstream v208-stable patch series to 53b1b6c.
* Cherry-pick upstream fix to ignore temporary dpkg files. (Closes: #757302)
* Make emergency.service conflict with rescue.service.
Otherwise if rescue mode is selected during boot and the emergency mode
is triggered (e.g. via a broken fstab entry), we have two sulogin
processes fighting over the tty. (Closes: #757072)
* Stop syslog.socket when entering emergency mode as otherwise every log
message triggers the start of the syslog service and its dependencies
which conflicts with emergency.target. (Closes: #755581)
systemd (208-7) unstable; urgency=medium
[ Michael Biebl ]
* Mask remaining services provided by the initscripts package and document
in more detail why certain services have been masked. (Closes: #659264)
* Install zsh completions to the correct place. (Closes: #717540)
[ Jon Severinsson ]
* Cherry-pick upstream fix for journal file permissions. (Closes: #755062)
* Map some rcS.d init script dependencies to their systemd equivalent.
* Update Depends on initscripts to the version with a systemd-compatible
mountnfs ifup hook. (Closes: #746358)
* Add Breaks on lvm2 versions without native systemd support.
(Closes: #678438, #692120)
* Do not fail udev upgrades if the udev service is already runtime-masked
when the preinst script is run. (Closes: #755746)
* Add Pre-Depends on systemd to systemd-sysv, to avoid risking that the
sysv-compatible symlinks become dangling on a partial install.
* Ensure that systemctl is usable right after being unpacked, by adding the
required Pre-Depends to systemd and libsystemd-daemon0. (Closes: #753589)
* Add support for TuxOnIce hibernation. (Closes: #746463)
[ Martin Pitt ]
* Rename "api" autopkgtest to "build-login", and stop requiring that
sd_login_monitor_new() succeeds. It doesn't in many environments like
schroot or after upgrades from < 204, and the main point of the test is
to check that libsystemd-login-dev has correct contents and dependencies.
Drop "isolation-machine" requirement.
* Use glibc's xattr support instead of requiring libattr. Fixes FTBFS with
latest glibc and libattr. Cherrypicked from trunk. Drop libattr1-dev build
dependency. (Closes: #756097)
* Build python3-systemd for Python 3 bindings. Drop python-systemd; it does
not have any reverse dependencies, and we want to encourage moving to
Python 3. (LP: #1258089)
* Add simple autopkgtest for python3-systemd.
* Add dbus dependency to libpam-systemd. (Closes: #755968)
* Fix /dev/cdrom symlink to appear for all types of drives, not just for
pure CD-ROM ones. Also, fix the symlinks to stay after change events.
(LP: #1323777)
* 75-persistent-net-generator.rules: Adjust Ravello interfaces; they don't
violate the assignment schema, they should just not be persistent.
Thanks to Boris Figovsky. (Closes: #747475, LP: #1317776)
* Reinstate patches to make logind D-BUS activatable.
* Re-add systemd-shim alternative dependency to libpam-systemd. Version it
to ensure cgmanager support. (Closes: #754984, LP: #1343802)
* Convert udev-finish.upstart from a task to a job, to avoid hangs with
startpar. (Closes: #756631)
* Add debian/extra/60-keyboard.hwdb: Latest keymaps from upstream git.
This makes it trivial to backport keymap fixes to stable releases.
(Closes: #657809; LP: #1322770, #1339998)
* udev.init: Create static device nodes, as this moved out of udevd.
Thanks to Michael Biebl for the script! (Closes: #749021)
systemd (208-6) unstable; urgency=medium
[ Jon Severinsson ]
* Add v208-stable patch series.
- Update Debian patches to apply on top of v208-stable.
- Move new manpages to libsystemd-*-dev as appropriate.
[ Michael Biebl ]
* Upload to unstable.
systemd (208-5) experimental; urgency=medium
* Merge changes from unstable branch.
systemd (208-4) experimental; urgency=medium
* Merge changes from unstable branch.
* Drop alternative dependency on systemd-shim in libpam-systemd. The
systemd-shim package no longer provides an environment to run
systemd-logind standalone. See #752939 for further details.
systemd (208-3) experimental; urgency=medium
* Merge changes from unstable branch.
systemd (208-2) experimental; urgency=medium
[ Sjoerd Simons ]
* Don't stop a running user manager from garbage collecting the users. Fixes
long shutdown times when using a systemd user session
[ Michael Stapelberg ]
* Fix bug-script: “systemctl dump†is now “systemd-analyze dumpâ€
(Closes: #748311)
[ Michael Biebl ]
* Merge changes from unstable branch.
* Cherry-pick upstream fixes to make sd_session_get_vt() actually work.
systemd (208-1) experimental; urgency=medium
[ Michael Biebl ]
* New upstream release. (Closes: #729566)
* Update patches.
* Update symbols files for libsystemd-journal and libsystemd-login.
* Install new files and remove the ones we don't use.
* Install zsh completion files. (Closes: #717540)
* Create a compat symlink /etc/sysctl.d/99-sysctl.conf as systemd-sysctl no
longer reads /etc/sysctl.conf.
* Bump Build-Depends on kmod to (>= 14).
* Bump Build-Depends on libcryptsetup-dev to (>= 2:1.6.0) for tcrypt
support.
* Make kmod-static-nodes.service check for the kmod binary since we don't
want a hard dependency on kmod e.g. for container installations.
* Disable various features which aren't required for the udeb build.
* Move new sd_pid_get_slice and sd_session_get_vt man pages into
libsystemd-login-dev.
* Make no-patch-numbers the default for gbp-pq.
* Adjust systemd-user pam config file for Debian.
This pam config file is used by libpam-systemd/systemd-logind when
launching systemd user instances.
* Drop patches to make logind D-Bus activatable. The cgroup handling has
been reworked in v205 and logind no longer creates cgroup hierarchies on
its own. That means that the standalone logind is no longer functional
without support from systemd (or an equivalent cgroup manager).
[ Martin Pitt ]
* Explain patch management in debian/README.source.
systemd (204-14) unstable; urgency=medium
* Fix SIGABRT in insserv generator caused by incorrect usage of strcat().
(Closes: #752992)
* Mark -dev packages as Multi-Arch: same. (Closes: #720017)
systemd (204-13) unstable; urgency=medium
* Switch back to load the sg module via the kmod builtin. The problem was
not that the kmod builtin is faster then modprobe but rather the incorrect
usage of the "=" assignment operator. We need to use "+=" here, so the sg
module is loaded in addition to other scsi modules, which are loaded via
the modalias rule. Thanks to Tommaso Colombo for the analysis.
* Cherry-pick upstream fix which prevents systemd from entering an infinite
loop when trying to break an ordering cycle. (Closes: #752259)
* Update insserv generator to not create any drop-in files for services
where the corresponding SysV init script does not exist.
* Drop the check for /sys/kernel/uevent_helper from postinst and the SysV
init script and do not unconditionally overwrite it in the initramfs hook.
Since a long time now udev has been using the netlink interface to
communicate with the kernel and with Linux 3.16 it is possible to disable
CONFIG_UEVENT_HELPER completely. (Closes: #752742)
systemd (204-12) unstable; urgency=medium
[ Martin Pitt ]
* Change the sg loading rule (for Debian #657948) back to using modprobe.
kmod is too fast and then sg races with sd, causing the latter to not see
SCSI disks. (Closes: #752591, #752605)
[ Michael Biebl ]
* Update udev bug-script to attach instead of paste extra info if a new
enough reportbug version is available.
systemd (204-11) unstable; urgency=medium
[ Martin Pitt ]
* Explain patch management in debian/README.source. (Closes: #739113)
* Replace "Always probe cpu support drivers" patch with cherry-picked
upstream fix which is more general.
* Advertise hibernation only if there's enough free swap. Patches backported
from current upstream. (LP: #1313522)
* Fix typo in sg loading rule to make it actually work.
[ Michael Biebl ]
* Make no-patch-numbers the default for gbp-pq.
* Cherry-pick upstream fix to properly handle multiline syslog messages.
(Closes: #746351)
* Cherry-pick upstream fix for libudev which fixes a memleak in
parent_add_child().
* Drop "-b debian" from Vcs-Git since we use the master branch for
packaging now.
* Drop Conflicts: sysvinit (<< 2.88dsf-44~) from systemd-sysv since this
breaks dist-upgrades from wheezy when switching from sysvinit to
systemd-sysv as default init. While downgrading the Pre-Depends in
sysvinit would have been an alternative, dropping the Conflicts and only
keeping the Replaces was deemed the lesser evil. (Closes: #748355)
* Use Conflicts instead of Breaks against sysvinit-core. This avoids
/sbin/init going missing when switching from systemd-sysv to sysvinit.
While at it, add a Replaces: upstart. (Closes: #751589)
* Make the SysV compat tools try both /run/initctl and /dev/initctl. This
makes them usable under sysvinit as PID 1 without requiring any symlinks.
* Various ifupdown integration fixes
- Use DefaultDependencies=no in ifup@.service so the service can be
started as early as possible.
- Create the ifupdown runtime directory in ifup@.service as we can no
longer rely on the networking service to do that for us.
- Don't stop ifup@.service on shutdown but let the networking service take
care of stopping all hotplugged interfaces.
- Only start ifup@.service for interfaces configured as allow-hotplug.
[ Michael Stapelberg ]
* Clarify that “systemd†does not influence init whereas “systemd-sysv†does
(Closes: #747741)
[ Ansgar Burchardt ]
* Don't use "set +e; set +u" unconditionally in the lsb init-functions hook
as this might change the behaviour of existing SysV init scripts.
(Closes: #751472)
systemd (204-10) unstable; urgency=medium
* In the udeb's udev.startup, make sure that /dev/pts exists.
* systemd-logind-launch: Set the #files ulimit, for unprivileged LXC
containers.
* Drop udev.NEWS, it only applies to pre-squeeze.
* Remove /var/log/udev on purge.
* Always probe cpu support drivers. (LP #1207705)
* On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC
for management. Name this interface "idrac" to avoid confusion with "real"
network interfaces.
* Drop numerical prefixes from patches, to avoid future diff noise when
removing, cherry-picking, and merging patches. From now on, always use
"gbp-pq export --no-patch-numbers" to update them.
systemd (204-9) unstable; urgency=medium
* The "Flemish Beef and Beer Stew" release.
[ Steve Langasek ]
* Do proper refcounting of the PAM module package on prerm, so that we
don't drop the module from the PAM config when uninstalling a
foreign-arch package. Related to Ubuntu bug #1295521.
[ Martin Pitt ]
* debian/udev.udev-finish.upstart: Fix path to tmp-rules,
debian/extra/rule_generator.functions creates them in /run/udev/.
* rules: Remove the kernel-install bits; we don't want that in Debian and
thus it shouldn't appear in dh_install --list-missing output.
* Ship sd-shutdown.h in libsystemd-daemon-dev.
* Run dh_install with --fail-missing, to avoid forgetting files when we move
to new versions.
* Mount /dev/pts with the correct permissions in the udev, to avoid needing
pt_chown (not available on all architectures). Thanks Adam Conrad.
* Add new block of Windows Azure ethernet hardware address to
75-persistent-net-generator.rules. (LP: #1274348, Closes: #739018)
* Drop our Debian specific 60-persistent-storage{,-tape}.rules and use the
upstream rules. They are compatible and do a superset of the
functionality. (Closes: #645466)
* Drop our Debian specific 80-drivers.rules and use the upstream rules with
a patch for the sg module (see #657948). These now stop calling modprobe
and use the kmod builtin, giving some nice boot speed improvement.
(Closes: #717404)
* Drop our Debian specific 50-udev-default.rules and 91-permissions.rules
and use the upstream rules with a patch for the remaining Debian specific
default device permissions. Many thanks to Marco d'Itri for researching
which Debian-specific rules are obsolete! Amongst other things, this now
also reads the hwdb info for USB devices (Closes: #717405) and gets rid of
some syntax errors (Closes: #706221)
* Set default polling interval on removable devices as well, for kernels
which have "block" built in instead of being a module. (Closes: #713877)
* Make sd_login_monitor_new() work for logind without systemd.
* Cherry-pick upstream fix for polkit permissions for rebooting with
multiple sessions.
* Kill /etc/udev/links.conf, create_static_nodes, and associated code. It's
obsolete with devtmpfs (which is required now), and doesn't run with
systemd or upstart anyway.
* Drop unnecessary udev.dirs.
* Add autopkgtests for smoke-testing logind, hostnamed, timedated, localed,
and a compile/link/run test against libsystemd-login-dev.
[ Marco d'Itri ]
* preinst: check for all the system calls required by modern releases
of udev. (Closes: #648325)
* Updated fbdev-blacklist.conf for recent kernels.
* Do not blacklist viafb because it is required on the OLPC XO-1.5.
(Closes: #705792)
* Remove write_cd_rules and the associated rules which create "persistent"
symlinks for CD/DVD devices and replace them with more rules in
60-cdrom_id, which will create symlinks for one at random among the
devices installed. Since the common case is having a single device
then everything will work out just fine most of the times...
(Closes: #655924)
* Fix write_net_rules for systemd and sysvinit users by copying the
temporary rules from /run/udev/ to /etc/udev/. (Closes: #735563)
* Do not install sysctl.d/50-default.conf because the systemd package
should not change kernel policies, at least until it will become
the only supported init system.
[ Michael Stapelberg ]
* Add systemd-dbg package, thanks Daniel Schaal (Closes: #742724).
* Switch from gitpkg to git-buildpackage. Update README.source accordingly.
* Make libpam-systemd depend on systemd-sysv | systemd-shim. Packages that
need logind functionality should depend on libpam-systemd.
[ Michael Biebl ]
* Do not send potentially private fstab information without prior user
confirmation. (Closes: #743158)
* Add support for LSB facilities defined by insserv.
Parse /etc/insserv.conf.d content and /etc/insserv.conf and generate
systemd unit drop-in files to add corresponding dependencies. Also ship
targets for the Debian specific $x-display-manager and
$mail-transport-agent system facilities. (Closes: #690892)
* Do not accidentally re-enable /var/tmp cleaning when migrating the TMPTIME
setting from /etc/default/rcS. Fix up existing broken configurations.
(Closes: #738862)
systemd (204-8) unstable; urgency=low
[ Michael Stapelberg ]
* move manpages from systemd to libsystemd-*-dev as appropriate
(Closes: #738723)
* fix systemctl enable/disable/… error message “Failed to issue method call:
No such file or directory†(the previous upload did actually not contain
this fix due to a merge conflict) (Closes: #738843)
* add explicit “Depends: sysv-rc†so that initscript’s “Depends: sysv-rc |
file-rc†will not be satisfied with file-rc. We need the invoke-rc.d and
update-rc.d from sysv-rc, file-rc’s doesn’t have support for systemd.
(Closes: #739679)
* set capabilities cap_dac_override,cap_sys_ptrace=ep for
systemd-detect-virt, so that it works for unprivileged users.
(Closes: #739699)
* pam: Check $XDG_RUNTIME_DIR owner (Closes: #731300)
* Ignore chkconfig headers entirely, they are often broken in Debian
(Closes: #634472)
[ Michael Biebl ]
* do a one-time migration of RAMTMP= from /etc/default/rcS and
/etc/default/tmpfs, i.e. enable tmp.mount (Closes: #738687)
* Bump Standards-Version to 3.9.5.
systemd (204-7) unstable; urgency=low
* fix systemctl enable/disable/… error message “Failed to issue method call:
No such file or directory†(Closes: #734809)
* bug-script: attach instead of paste extra info with reportbug ≥ 6.5.0
(Closes: #722530)
* add stage1 bootstrap support to avoid Build-Depends cycles (Thanks Daniel
Schepler)
* cherry-pick:
order remote mounts from mountinfo before remote-fs.target (77009452cfd)
(Closes: #719945)
Fix CPUShares configuration option (ccd90a976dba) (Closes: #737156)
fix reference in systemd-inhibit(1) (07b4b9b) (Closes: #738316)
systemd (204-6) unstable; urgency=low
[ Michael Stapelberg ]
* Run update-rc.d defaults before update-rc.d <enable|disable>
(Closes: #722523)
* preinst: preserve var-{lock,run}.mount when upgrading from 44 to 204
(Closes: #723936)
* fstab-generator: don’t rely on /usr being mounted in the initrd
(Closes: #724797)
* systemctl: mangle names when avoiding dbus (Closes: #723855)
* allow group adm read access on /var/log/journal (Closes: #717386)
* add systemd-journal group (Thanks Guido Günther) (Closes: #724668)
* copy /etc/localtime instead of symlinking (Closes: #726256)
* don’t try to start autovt units when not running with systemd as pid 1
(Closes: #726466)
* Add breaks/replaces for the new sysvinit-core package (Thanks Alf Gaida)
(Closes: #733240)
* Add myself to uploaders
[ Tollef Fog Heen ]
* Make 99-systemd.rules check for /run/systemd/systemd instead of the
ill-named cgroups directory.
[ Martin Pitt ]
* debian/udev.upstart: Fix path to udevd, the /sbin/udevd compat symlink
should go away at some point.
* debian/udev-udeb.install: Add 64-btrfs.rules and 75-probe_mtd.rules, they
are potentially useful in a d-i environment.
* debian/shlibs.local: Drop libudev; this unnecessarily generates overly
strict dependencies, the libudev ABI is stable.
* debian/extra/rules/75-persistent-net-generator.rules: Add Ravello systems
(LP: #1099278)
systemd (204-5) unstable; urgency=high
* Cherry-pick 72fd713 from upstream which fixes insecure calling of polkit
by avoiding a race condition in scraping /proc (CVE-2013-4327).
Closes: #723713
systemd (204-4) unstable; urgency=low
* Add preinst check to abort udev upgrade if the currently running kernel
lacks devtmpfs support. Since udev 176, devtmpfs is mandatory as udev no
longer creates any device nodes itself. This only affects self-compiled
kernels which now need CONFIG_DEVTMPFS=y. Closes: #722580
* Fix SysV init script to correctly mount a devtmpfs instead of tmpfs. This
only affects users without an initramfs, which usually is responsible for
mounting the devtmpfs. Closes: #722604
* Drop pre-squeeze upgrade code from maintainer scripts and simplify the
various upgrade checks.
* Suppress errors about unknown hwdb builtin. udev 196 introduced a new
"hwdb" builtin which is not understood by the old udev daemon.
* Add missing udeb line to shlibs.local. This ensures that udev-udeb gets a
proper dependency on libudev1-udeb and not libudev1. Closes: #722939
* Remove udev-udeb dependency from libudev1-udeb to avoid a circular
dependency between the two packages. This dependency was copied over from
the old udev-gtk-udeb package and no longer makes any sense since
libudev1-udeb only contains a library nowadays.
systemd (204-3) unstable; urgency=low
[ Michael Biebl ]
* Upload to unstable.
* Use /bin/bash in debug-shell.service as Debian doesn't have /sbin/sushell.
* Only import net.ifaces cmdline property for network devices.
* Generate strict dependencies between the binary packages using a
shlibs.local file and add an explicit versioned dependency on
libsystemd-login0 to systemd to ensure packages are upgraded in sync.
Closes: #719444
* Drop obsolete Replaces: libudev0 from udev package.
* Use correct paths for various binaries, like /sbin/quotaon, which are
installed in / and not /usr in Debian. Closes: #721347
* Don't install kernel-install(8) man page since we don't install the
corresponding binary either. Closes: #722180
* Cherry-pick upstream fixes to make switching runlevels and starting
reboot via ctrl-alt-del more robust.
* Cherry-pick upstream fix to properly apply ACLs to Journal files.
Closes: #717863
[ Michael Stapelberg ]
* Make systemctl enable|disable call update-rc.d for SysV init scripts.
Closes: #709780
* Don't mount /tmp as tmpfs by default and make it possible to enable this
feature via "systemctl enable tmp.mount". Closes: #718906
[ Daniel Schaal ]
* Add bug-script to systemd and udev. Closes: #711245
[ Ondrej Balaz ]
* Recognize discard option in /etc/crypttab. Closes: #719167
systemd (204-2) experimental; urgency=low
[ Daniel Schaal ]
* Enable verbose build logs. Closes: #717465
* Add handling of Message Catalog files to provide additional information
for log entries. Closes: #717427
* Remove leftover symlink to debian-enable-units.service. Closes: #717349
[ Michael Stapelberg ]
* Install 50-firmware.rules in the initramfs and udeb. Closes: #717635
[ Michael Biebl ]
* Don't pass static start priorities to dh_installinit anymore.
* Switch the hwdb trigger to interest-noawait.
* Remove obsolete support for configurable udev root from initramfs.
* Bind ifup@.service to the network device. This ensures that ifdown is run
when the device is removed and the service is stopped.
Closes: #660861, #703033
* Bump Standards-Version to 3.9.4. No further changes.
* Add Breaks against consolekit (<< 0.4.6-1) for udev-acl. Closes: #717385
* Make all packages Priority: optional, with the exception of udev and
libudev1, which remain Priority: important, and systemd-sysv, which
remains Priority: extra due to the conflict with sysvinit.
Closes: #717365
* Restart systemd-logind.service on upgrades due to changes in the
CreateSession D-Bus API between v44 and v204. Closes: #717403
systemd (204-1) experimental; urgency=low
* New upstream release. Closes: #675175, #675177
- In v183 the udev sources have been merged into the systemd source tree.
As a result, the udev binary packages will now be built from the systemd
source package. To align the version numbers 139 releases were skipped.
- For a complete list of changes, please refer to the NEWS file.
* Add Marco to Uploaders.
* Drop Suggests on the various python packages from systemd. The
systemd-analyze tool has been reimplemented in C.
* Add binary packages as found in the udev 175-7.2 source package.
* Wrap dependencies for better readability.
* Drop hard-coded Depends on libglib2.0-0 from gir1.2-gudev-1.0.
* Drop old Conflicts, Replaces and Breaks, which are no longer necessary.
* Make libgudev-1.0-dev depend on gir1.2-gudev-1.0 as per GObject
introspection mini-policy. Closes: #691313
* The hwdb builtin has replaced pci-db and usb-db in udev. Drop the
Recommends on pciutils and usbutils accordingly.
* Drop our faketime hack. Upstream uses a custom xsl style sheet now to
generate the man pages which no longer embeds the build date.
* Add Depends on libpam-runtime (>= 1.0.1-6) to libpam-systemd as we are
using pam-auth-update.
* Explicitly set Section and Priority for the udev binary package.
* Update Build-Depends:
- Drop libudev-dev, no longer required.
- Add gtk-doc-tools and libglib2.0-doc for the API documentation in
libudev and libgudev.
- Add libgirepository1.0-dev and gobject-introspection for GObject
introspection support in libgudev.
- Add libgcrypt11-dev for encryption support in the journal.
- Add libblkid-dev for the blkid udev builtin.
* Use gir dh addon to ensure ${gir:Depends} is properly set.
* Rename libudev0 → libudev1 for the SONAME bump.
* Update symbols files. libudev now uses symbols versioning as the other
libsystemd libraries. The libgudev-1.0-0 symbols file has been copied from
the old udev package.
* Run gtkdocize on autoreconf.
* Enable python bindings for the systemd libraries and ship them in a new
package named python-systemd.
* Tighten Depends on libsystemd-id128-dev for libsystemd-journal-dev as per
libsystemd-journal.pc.
* Remove obsolete bash-completion scripts on upgrades. Nowadays they are
installed in /usr/share/bash-completion/completions.
* Rename conffiles for logind and journald.
* Rename udev-gtk-udeb → libudev1-udeb to better reflect its actual contents.
* Build two flavours: a regular build and one for the udev udebs with
reduced features/dependencies.
* Create a few compat symlinks for the udev package, most notably
/sbin/udevadm and /sbin/udevd.
* Remove the dpkg-triggered debian-enable-units script. This was a temporary
workaround for wheezy. Packages should use dh-systemd now to properly
integrate service files with systemd.
* Update debian/copyright using the machine-readable copyright format 1.0.
* Integrate changes from udev 175-7 and acknowledge the 175-7.1 and 175-7.2
non-maintainer uploads.
* Keep the old persistent network interface naming scheme for now and make
the new one opt-in via net.ifnames=1 on the kernel command line.
* Drop the obsolete udev-mtab SysV init script and properly clean up on
upgrades.
* Simplify the udev SysV init script and remove experimental and obsolete
features.
* Revert upstream commits which dropped support for distro specific
features and config files.
* Make logind, hostnamed, localed and timedated D-Bus activatable and
usable when systemd is not running.
* Store hwdb binary database in /lib/udev, not /etc/udev. Create the file on
install and upgrades.
* Provide a dpkg file trigger for hwdb, so the database is automatically
updated when packages install files into /lib/udev/hwdb.d.
systemd (44-12) unstable; urgency=low
* Cherry-pick e17187 from upstream to fix build failures with newer glibc
where the clock_* symbols have been moved from librt to libc.
Closes: #701364
* If the new init-system-helpers package is installed, make the
debian-enable-units script a no-op. The auto-enabler was meant as a
temporary workaround and will be removed once all packages use the new
helper.
* Update the checks which test if systemd is the active init. The
recommended check is [ -d /run/systemd/system ] as this will also work
with a standalone systemd-logind.
* Set Maintainer to pkg-systemd-maintainers@lists.alioth.debian.org. Add
Tollef and myself as Uploaders.
* Stop building the GUI bits. They have been split into a separate source
package called systemd-ui.
systemd (44-11) unstable; urgency=low
* Team upload.
* Run debian-enable-units.service after sysinit.target to ensure our tmp
files aren't nuked by systemd-tmpfiles.
* The mountoverflowtmp SysV init script no longer exists so remove that
from remount-rootfs.service to avoid an unnecessary diff to upstream.
* Do not fail on purge if /var/lib/systemd is empty and has been removed
by dpkg.
systemd (44-10) unstable; urgency=low
* Team upload.
* Using the return code of "systemctl is-enabled" to determine whether we
enable a service or not is unreliable since it also returns a non-zero
exit code for masked services. As we don't want to enable masked services,
grep for the string "disabled" instead.
systemd (44-9) unstable; urgency=low
* Team upload.
* Fix typo in systemd.socket man page. Closes: #700038
* Use color specification in "systemctl dot" which is actually
understood by dot. Closes: #643689
* Fix mounting of remote filesystems like NFS. Closes: #673309
* Use a file trigger to automatically enable service and socket units. A lot
of packages simply install systemd units but do not enable them. As a
result they will be inactive after the next boot. This is a workaround for
wheezy which will be removed again in jessie. Closes: #692150
systemd (44-8) unstable; urgency=low
* Team upload.
* Use comment=systemd.* syntax in systemd.mount man page. The
mount/util-linux version in wheezy is not recent enough to support the new
x-systemd* syntax. Closes: #697141
* Don't enable persistent storage of journal log files. The journal in v44
is not yet mature enough.
systemd (44-7) unstable; urgency=low
* Fix a regression in the init-functions hook wrt reload handling that was
introduced when dropping the X-Interactive hack. Closes: #696355
systemd (44-6) unstable; urgency=low
[ Michael Biebl ]
* No longer ship the /sys directory in the systemd package since it is
provided by base-files nowadays.
* Don't run udev rules if systemd is not active.
* Converting /var/run, /var/lock and /etc/mtab to symlinks is a one-time
migration so don't run the debian-fixup script on every boot.
[ Tollef Fog Heen ]
* Prevent the systemd package from being removed if it's the active init
system, since that doesn't work.
[ Michael Biebl ]
* Use a separate tmpfs for /run/lock (size 5M) and /run/user (size 100M).
Those directories are user-writable which could lead to DoS by filling up
/run. Closes: #635131
systemd (44-5) unstable; urgency=low
* Team upload.
[ Tollef Fog Heen ]
* disable killing on entering START_PRE, START, thanks to Michael
Stapelberg for patch. This avoids killing VMs run through libvirt
when restarting libvirtd. Closes: #688635.
* Avoid reloading services when shutting down, since that won't work and
makes no sense. Thanks to Michael Stapelberg for the patch.
Closes: #635777.
* Try to determine which init scripts support the reload action
heuristically. Closes: #686115, #650382.
[ Michael Biebl ]
* Update Vcs-* fields, the Git repository is hosted on alioth now. Set the
default branch to "debian".
* Avoid reload and (re)start requests during early boot which can lead to
deadlocks. Closes: #624599
* Make systemd-cgroup work even if not all cgroup mounts are available on
startup. Closes: #690916
* Fix typos in the systemd.path and systemd.unit man page. Closes: #668344
* Add watch file to track new upstream releases.
systemd (44-4) unstable; urgency=low
[ Michael Biebl ]
* Override timestamp for man page building, thereby avoiding skew
between architectures which caused problems for multi-arch.
Closes: #680011
[ Tollef Fog Heen ]
* Move diversion removal from postinst to preinst. Closes: #679728
* Prevent the journal from crashing when running out of disk space.
This is 499fb21 from upstream. Closes: #668047.
* Stop mounting a tmpfs on /media. Closes: #665943
systemd (44-3) unstable; urgency=low
[ Michael Biebl ]
* Bump to debhelper 9.
* Convert to Multi-Arch: same where possible. Closes: #676615
[ Tollef Fog Heen ]
* Cherry-pick d384c7 from upstream to stop journald from leaking
memory. Thanks to Andreas Henriksson for testing. Closes: #677701
* Ship lsb init script override/integration in /lib/lsb/init-functions.d
rather than diverting /lib/lsb/init-functions itself. Add appropriate
Breaks to ensure upgrades happen.
systemd (44-2) unstable; urgency=low
[ Michael Biebl ]
* Tighten the versions in the maintscript file
* Ship the /sys directory in the package
* Re-add workaround for non-interactive PAM sessions
* Mask checkroot-bootclean (Closes: #670591)
* Don't ignore errores in systemd-sysv postinst
[ Tollef Fog Heen ]
* Bring tmpfiles.d/tmp.conf in line with Debian defaults. Closes: #675422
* Make sure /run/sensigs.omit.d exists.
* Add python-dbus and python-cairo to Suggests, for systemd-analyze.
Closes: #672965
systemd (44-1) unstable; urgency=low
[ Tollef Fog Heen ]
* New upstream version.
- Backport 3492207: journal: PAGE_SIZE is not known on ppc and other
archs
- Backport 5a2a2a1: journal: react with immediate rotation to a couple
of more errors
- Backport 693ce21: util: never follow symlinks in rm_rf_children()
Fixes CVE-2012-1174, closes: #664364
* Drop output message from init-functions hook, it's pointless.
* Only rmdir /lib/init/rw if it exists.
* Explicitly order debian-fixup before sysinit.target to prevent a
possible race condition with the creation of sockets. Thanks to
Michael Biebl for debugging this.
* Always restart the initctl socket on upgrades, to mask sysvinit
removing it.
[ Michael Biebl ]
* Remove workaround for non-interactive sessions from pam config again.
* Create compat /dev/initctl symlink in case we are upgrading from a system
running a newer version of sysvinit (using /run/initctl) and sysvinit is
replaced with systemd-sysv during the upgrade. Closes: #663219
* Install new man pages.
* Build-Depend on valac (>= 0.12) instead of valac-0.12. Closes: #663323
systemd (43-1) experimental; urgency=low
[ Tollef Fog Heen ]
* Target upload at experimental due to libkmod dependency
* New upstream release
- Update bash-completion for new verbs and arguments. Closes: #650739
- Fixes local DoS (CVE-2012-1101). Closes: #662029
- No longer complains if the kernel lacks audit support. Closes: #642503
* Fix up git-to-source package conversion script which makes gitpkg
happier.
* Add libkmod-dev to build-depends
* Add symlink from /bin/systemd to /lib/systemd/systemd.
* Add --with-distro=debian to configure flags, due to no /etc/os-release
yet.
* Add new symbols for libsystemd-login0 to symbols file.
* Install a tmpfiles.d file for the /dev/initctl → /run/initctl
migration. Closes: #657979
* Disable coredump handling, it's not ready yet.
* If /run is a symlink, don't try to do the /var/run → /run migration.
Ditto for /var/lock → /run/lock. Closes: #647495
[ Michael Biebl ]
* Add Build-Depends on liblzma-dev for journal log compression.
* Add Build-Depends on libgee-dev, required to build systemadm.
* Bump Standards-Version to 3.9.2. No further changes.
* Add versioned Build-Depends on automake and autoconf to ensure we have
recent enough versions. Closes: #657284
* Add packages for libsystemd-journal and libsystemd-id128.
* Update symbols file for libsystemd-login.
* Update configure flags, use rootprefix instead of rootdir.
* Copy intltool files instead of symlinking them.
* Re-indent init-functions script.
* Remove workarounds for services using X-Interactive. The LSB X-Interactive
support turned out to be broken and has been removed upstream so we no
longer need any special handling for those type of services.
* Install new systemd-journalctl, systemd-cat and systemd-cgtop binaries.
* Install /var/lib/systemd directory.
* Install /var/log/journal directory where the journal files are stored
persistently.
* Setup systemd-journald to not read from /proc/kmsg (ImportKernel=no).
* Avoid error messages from systemctl in postinst if systemd is not running
by checking for /sys/fs/cgroup/systemd before executing systemctl.
Closes: #642749
* Stop installing lib-init-rw (auto)mount units and try to cleanup
/lib/init/rw in postinst. Bump dependency on initscripts accordingly.
Closes: #643699
* Disable pam_systemd for non-interactive sessions to work around an issue
with sudo.
* Use new dh_installdeb maintscript facility to handle obsolete conffiles.
Bump Build-Depends on debhelper accordingly.
* Rename bash completion file systemctl-bash-completion.sh →
systemd-bash-completion.sh.
* Update /sbin/init symlink. The systemd binary was moved to $pkglibdir.
systemd (37-1.1) unstable; urgency=low
* Non-maintainer upload with Tollef's consent.
* Remove --parallel to workaround a bug in automake 1.11.3 which doesn't
generate parallel-safe build rules. Closes: #661842
* Create a compat symlink /run/initctl → /dev/initctl to work with newer
versions of sysvinit. Closes: #657979
systemd (37-1) unstable; urgency=low
[ Tollef Fog Heen ]
* New upstream version
* Change the type of the debian-fixup service to oneshot.
Closes: #642961
* Add ConditionPathIsDirectory to lib-init-rw.automount and
lib-init-rw.mount so we only activate the unit if the directory
exists. Closes: #633059
* If a sysv service exists in both rcS and rcN.d runlevels, drop the
rcN.d ones to avoid loops. Closes: #637037
* Blacklist fuse init script, we do the same work already internally.
Closes: #643700
* Update README.Debian slightly for /run rather than /lib/init/rw
[ Josh Triplett ]
* Do a one-time migration of the $TMPTIME setting from /etc/default/rcS to
/etc/tmpfiles.d/tmp.conf. If /etc/default/rcS has a TMPTIME setting of
"infinite" or equivalent, migrate it to an /etc/tmpfiles.d/tmp.conf that
overrides the default /usr/lib/tmpfiles.d/tmp.conf and avoids clearing
/tmp. Closes: #643698
systemd (36-1) unstable; urgency=low
[ Tollef Fog Heen ]
* New upstream release. Closes: #634618
- Various man page fixes. Closes: #623521
* Add debian-fixup service that symlinks mtab to /proc/mounts and
migrates /var/run and /var/lock to symlinks to /run
[ Michael Biebl ]
* Build for libnotify 0.7.
* Bump Build-Depends on libudev to (>= 172).
* Add Build-Depends on libacl1-dev. Required for building systemd-logind
with ACL support.
* Split libsystemd-login and libsystemd-daemon into separate binary
packages.
* As autoreconf doesn't like intltool, override dh_autoreconf and call
intltoolize and autoreconf ourselves.
* Add Build-Depends on intltool.
* Do a one-time migration of the hwclock configuration. If UTC is set to
"no" in /etc/default/rcS, create /etc/adjtime and add the "LOCAL" setting.
* Remove /cgroup cleanup code from postinst.
* Add Build-Depends on gperf.
systemd (29-1) unstable; urgency=low
[ Tollef Fog Heen ]
* New upstream version, Closes: #630510
- Includes typo fixes in documentation. Closes: #623520
* Fall back to the init script reload function if a native .service file
doesn't know how to reload. Closes: #628186
* Add hard dependency on udev. Closes: #627921
[ Michael Biebl ]
* hwclock-load.service is no longer installed, so we don't need to remove it
anymore in debian/rules.
* Install /usr/lib directory for binfmt.d, modules-load.d, tmpfiles.d and
sysctl.d.
* Remove obsolete conffiles from /etc/tmpfiles.d on upgrades. Those files
are installed in /usr/lib/tmpfiles.d now.
* Depend on util-linux (>= 2.19.1-2) which provides whole-disk locking
support in fsck and remove our revert patch.
* Don't choke when systemd was compiled with a different CAP_LAST_CAP then
what it is run with. Patch cherry-picked from upstream Git.
Closes: #628081
* Enable dev-hugepages.automount and dev-mqueue.automount only when enabled
in kernel. Patch cherry-picked from upstream Git. Closes: #624522
systemd (25-2) experimental; urgency=low
* Handle downgrades more gracefully by removing diversion of
/lib/lsb/init-functions on downgrades to << 25-1.
* Cherry-pick a133bf10d09f788079b82f63faa7058a27ba310b from upstream,
avoids assert when dumping properties. Closes: #624094
* Remove "local" in non-function context in init-functions wrapper.
systemd (25-1) experimental; urgency=low
* New upstream release, target experimental due to initscripts
dependency.
- Fixes where to look for locale config. Closes: #619166
* Depend on initscripts >= 2.88dsf-13.4 for /run transition.
* Add Conflicts on klogd, since it doesn't work correctly with the
kmg→/dev/log bridge. Closes: #622555
* Add suggests on Python for systemd-analyze.
* Divert /lib/lsb/init-functions instead of (ab)using
/etc/lsb-base-logging.sh for diverting calls to /etc/init.d/*
* Remove obsolete conffile /etc/lsb-base-logging.sh. Closes: #619093
* Backport 3a90ae048233021833ae828c1fc6bf0eeab46197 from master:
mkdir /run/systemd/system when starting up
systemd (20-1) unstable; urgency=low
* New upstream version
* Install systemd-machine-id-setup
* Call systemd-machine-id-setup in postinst
* Cherry-pick b8a021c9e276adc9bed5ebfa39c3cab0077113c6 from upstream to
prevent dbus assert error.
* Enable TCP wrapper support. Closes: #618409
* Enable SELinux support. Closes: #618412
* Make getty start after Apache2 and OpenVPN (which are the only two
known users of X-Interactive: yes). Closes: #618419
systemd (19-1) experimental; urgency=low
* New upstream release
* Add systemd-tmpfiles to systemd package.
* Add ifup@.service for handling hotplugged interfaces from
udev. Closes: #610871
* Mask mtab.service and udev-mtab.service as they are pointless when
/etc/mtab is a symlink to /proc/mounts
* Add breaks on lvm2 (<< 2.02.84-1) since older versions have udev rules
that don't work well with systemd causing delays on bootup.
systemd (17-1) experimental; urgency=low
[ Tollef Fog Heen ]
* New upstream release
* Clarify ifupdown instructions in README.Debian somewhat.
Closes: #613320
* Silently skip masked services in lsb-base-logging.sh instead of
failing. Initial implementation by Michael Biebl. Closes: #612551
* Disable systemd-vconsole-setup.service for now.
[ Michael Biebl ]
* Bump build dependency on valac-0.10 to (>= 0.10.3).
* Improve regex in lsb-base-logging.sh for X-Interactive scripts.
Closes: #613325
systemd (16-1) experimental; urgency=low
[ Tollef Fog Heen ]
* New upstream release. Closes: #609611
* Get rid of now obsolete patches that are upstream.
* Use the built-in cryptsetup support in systemd, build-depend on
libcryptsetup-dev (>= 2:1.2.0-1) to get a libcryptsetup in /lib.
* Don't use systemctl redirect for init scripts with X-Interactive: true
[ Michael Biebl ]
* Update package description
* Use v8 debhelper syntax
* Make single-user mode work
* Run hwclock-save.service on shutdown
* Remove dependencies on legacy sysv mount scripts, as we use native
mounting.
systemd (15-1) UNRELEASED; urgency=low
[ Tollef Fog Heen ]
* New upstream version, thanks a lot to Michael Biebl for help with
preparing this version.
- This version handles cycle breaking better. Closes: #609225
* Add libaudit-dev to build-depends
* /usr/share/systemd/session has been renamed to /usr/share/systemd/user
upstream, adjust build system accordingly.
* Remove -s from getty serial console invocation.
* Add dependency on new util-linux to make sure /sbin/agetty exists
* Don't mount /var/lock with gid=lock (Debian has no such group).
* Document problem with ifupdown's /etc/network/run being a normal
directory.
[ Michael Biebl ]
* Revert upstream change which requires libnotify 0.7 (not yet available in
Debian).
* Use dh-autoreconf for updating the build system.
* Revert upstream commit which uses fsck -l (needs a newer version of
util-linux).
* Explicitly disable cryptsetup support to not accidentally pick up a
libcryptsetup dependency in a tainted build environment, as the library
is currently installed in /usr/lib.
* Remove autogenerated man pages and vala C sources, so they are rebuilt.
* Use native systemd mount support:
- Use MountAuto=yes and SwapAuto=yes (default) in system.conf
- Mask SysV init mount, check and cleanup scripts.
- Create an alias (symlink) for checkroot (→ remount-rootfs.service) as
synchronization point for SysV init scripts.
* Mask x11-common, rmnologin, hostname, bootmisc and bootlogd.
* Create an alias for procps (→ systemd-sysctl.service) and
urandom (→ systemd-random-seed-load.service).
* Create an alias for module-init-tools (→ systemd-modules-load.service) and
a symlink from /etc/modules-load.d/modules.conf → /etc/modules.
* Install lsb-base hook which redirects calls to SysV init scripts to
systemctl: /etc/init.d/<foo> <action> → systemctl <action> <foo.service>
* Install a (auto)mount unit to mount /lib/init/rw early during boot.
systemd (11-2) UNRELEASED; urgency=low
* Tighten depends from systemd-* on systemd to ensure they're upgraded
in lockstep. Thanks to Michael Biebl for the patch.
* Add missing #DEBHELPER# token to libpam-systemd
* Stop messing with runlevel5/multi-user.target symlink, this is handled
correctly upstream.
* Stop shipping /cgroup in the package.
* Remove tmpwatch services, Debian doesn't have or use tmpwatch.
* Make sure to enable GTK bits.
* Ship password agent
* Clean up cgroups properly on upgrades, thanks to Michael Biebl for the
patch. Closes: #599577
systemd (11-1) experimental; urgency=low
* New upstream version. Closes: #597284
* Add pam-auth-update calls to libpam-systemd's postinst and prerm
* Make systemd-sysv depend on systemd
* Now mounts the cgroup fs in /sys/fs/cgroup. Closes: #595966
* Add libnotify-dev to build-depends (needed for systemadm)
systemd (8-2) experimental; urgency=low
* Hardcode udev rules dir in configure call.
* Remove README.source as it's no longer accurate.
systemd (8-1) experimental; urgency=low
* New upstream release
* Only ship the top /cgroup
* Pass --with-rootdir= to configure, to make it think / is / rather
than //
* Add PAM module package
* Fix up dependencies in local-fs.target. Closes: #594420
* Move systemadm to its own package. Closes: #588451
* Update standards-version (no changes needed)
* Update README.Debian to explain how to use systemd.
* Add systemd-sysv package that provides /sbin/init and friends.
systemd (0~git+20100605+dfd8ee-1) experimental; urgency=low
* Initial release, upload to experimental. Closes: #580814
---
debian/README.Debian | 98 +
debian/README.source | 103 +
debian/changelog | 5498 +++++++++++++++++
debian/compat | 1 +
debian/control | 396 ++
debian/copyright | 195 +
debian/extra/checkout-upstream | 61 +
debian/extra/dhclient-exit-hooks.d/timesyncd | 42 +
debian/extra/fbdev-blacklist.conf | 20 +
debian/extra/init-functions.d/40-systemd | 101 +
debian/extra/initramfs-tools/hooks/udev | 54 +
.../initramfs-tools/scripts/init-bottom/udev | 29 +
.../initramfs-tools/scripts/init-top/udev | 31 +
.../extra/kernel-install.d/85-initrd.install | 29 +
debian/extra/make-fbdev-blacklist | 48 +
debian/extra/make-sysusers-basic | 18 +
debian/extra/pam-configs/systemd | 7 +
debian/extra/pam.d/systemd-user | 12 +
debian/extra/rules-ubuntu/40-vm-hotadd.rules | 14 +
.../61-persistent-storage-android.rules | 7 +
.../71-power-switch-proliant.rules | 2 +
.../extra/rules-ubuntu/78-graphics-card.rules | 30 +
debian/extra/rules/50-firmware.rules | 3 +
debian/extra/rules/73-special-net-names.rules | 14 +
debian/extra/rules/73-usb-net-by-mac.rules | 15 +
debian/extra/rules/80-debian-compat.rules | 30 +
debian/extra/set-cpufreq | 46 +
debian/extra/start-udev | 18 +
debian/extra/systemd-sysv-install | 56 +
debian/extra/systemd.py | 29 +
debian/extra/tmpfiles.d/debian.conf | 14 +
debian/extra/udev.py | 19 +
debian/extra/units-ubuntu/ondemand.service | 13 +
.../units-ubuntu/user@.service.d/timeout.conf | 4 +
debian/extra/units/getty-static.service | 10 +
.../units/rc-local.service.d/debian.conf | 10 +
.../resolvconf.conf | 8 +
debian/gbp.conf | 8 +
debian/git-cherry-pick | 55 +
debian/libnss-myhostname.install | 3 +
debian/libnss-myhostname.lintian-overrides | 2 +
debian/libnss-myhostname.postinst | 40 +
debian/libnss-myhostname.postrm | 28 +
debian/libnss-mymachines.install | 3 +
debian/libnss-mymachines.lintian-overrides | 2 +
debian/libnss-mymachines.postinst | 40 +
debian/libnss-mymachines.postrm | 28 +
debian/libnss-resolve.install | 3 +
debian/libnss-resolve.lintian-overrides | 2 +
debian/libnss-resolve.postinst | 55 +
debian/libnss-resolve.postrm | 32 +
debian/libnss-systemd.install | 3 +
debian/libnss-systemd.lintian-overrides | 2 +
debian/libnss-systemd.postinst | 38 +
debian/libnss-systemd.postrm | 28 +
debian/libpam-systemd.install | 3 +
debian/libpam-systemd.postinst | 7 +
debian/libpam-systemd.prerm | 20 +
debian/libsystemd-dev.install | 5 +
debian/libsystemd0.install | 1 +
debian/libsystemd0.symbols | 563 ++
debian/libudev-dev.install | 5 +
debian/libudev-dev.maintscript | 1 +
debian/libudev1-udeb.install | 1 +
debian/libudev1.install | 1 +
debian/libudev1.symbols | 97 +
...rver-if-it-is-already-runnning-11245.patch | 37 +
...Docs-Add-Missing-Space-Between-Words.patch | 23 +
...var-to-device_path_parse_major_minor.patch | 114 +
...an-interface-to-its-name-specified-i.patch | 61 +
...the-controlling-terminal-process-bef.patch | 91 +
...rop-setting-DBUS_SESSION_BUS_ADDRESS.patch | 100 +
...ce-ignore-bind-unbind-events-for-now.patch | 34 +
...e-a-child-process-name-for-worker-pr.patch | 25 +
...ot-call-ask_password_keyring-if-keyn.patch | 26 +
...mit-command-line-lengths-to-_SC_ARG_.patch | 157 +
.../core-free-lines-after-reading-them.patch | 29 +
..._setup_existing_unit-not-drop-MOUNT_.patch | 33 +
...when-we-fail-to-save-a-journald-core.patch | 30 +
...uplicate-MESSAGE-prefix-from-message.patch | 33 +
...Add-env-variable-for-machine-ID-path.patch | 77 +
...Add-support-for-TuxOnIce-hibernation.patch | 30 +
...-tmp.conf-in-line-with-Debian-defaul.patch | 24 +
.../Don-t-enable-audit-by-default.patch | 30 +
...-seccomp-system-call-filter-for-udev.patch | 31 +
...ssion-pre.target-be-manually-started.patch | 22 +
.../Make-run-lock-tmpfs-an-API-fs.patch | 42 +
...ly-start-logind-if-dbus-is-installed.patch | 24 +
...-enable-journal-forwarding-to-syslog.patch | 56 +
...sksMax-for-all-services-by-default-a.patch | 56 +
...step-back-again-for-nspawn-we-actual.patch | 37 +
...-RLIMIT_CORE-to-unlimited-by-default.patch | 43 +
...ork-device-renaming-immediately-give.patch | 89 +
...rmission-changes-for-dev-dri-renderD.patch | 82 +
...check-if-already-done-by-the-initram.patch | 57 +
.../Use-Debian-specific-config-files.patch | 428 ++
...daemon-for-inter-fsckd-communication.patch | 1055 ++++
...unction-to-call-MHD_destroy_response.patch | 192 +
...nup_free_-to-free-a-temporary-string.patch | 46 +
...limit-on-the-number-of-fields-in-a-m.patch | 75 +
...mote-verify-entry-length-from-header.patch | 111 +
...-the-iovec-entry-for-process-command.patch | 200 +
...ximum-entry-size-limit-to-for-non-se.patch | 32 +
.../patches/journald-remove-unnecessary.patch | 32 +
...t-a-limit-on-the-number-of-fields-1k.patch | 52 +
...ing-a-native-message-bail-more-quick.patch | 203 +
...-explicitly-in-json_variant_has_type.patch | 23 +
...l_replace_whitespace-read-only-len-c.patch | 93 +
...not-pass-negative-number-to-strerror.patch | 23 +
...color-of-journal-logs-in-DEBUG-level.patch | 26 +
.../meson-stop-setting-fPIE-globally.patch | 43 +
...-errors-on-link_request_set_neighbor.patch | 45 +
...et_routing_policy_rule-to-link_reque.patch | 34 +
...ed-flags-to-false-before-requesting-.patch | 63 +
...e-overly-large-buffer-to-store-proce.patch | 68 +
...t-when-error-occurs-in-device_new_fr.patch | 33 +
...-fix-ordering-of-setting-buffer-size.patch | 44 +
debian/patches/series | 60 +
.../switch-root-fix-error-message.patch | 25 +
...-sending-receiving-an-invalid-device.patch | 132 +
...ute-and-relative-difference-in-float.patch | 54 +
...d-stdout-or-stderr-if-the-pipefd-is-.patch | 41 +
...ind_prioritized-return-negative-valu.patch | 29 +
...-netlink-sockets-before-daemonizatio.patch | 171 +
...ndle-the-return-value-from-spawned-p.patch | 151 +
...-trigger-control-settle-and-monitor-.patch | 111 +
...ndant-call-to-sd_event_get_exit_code.patch | 54 +
debian/rules | 302 +
debian/shlibs.local.in | 3 +
debian/source/format | 1 +
debian/systemd-container.install | 30 +
debian/systemd-container.maintscript | 2 +
debian/systemd-container.postinst | 10 +
debian/systemd-container.postrm | 12 +
debian/systemd-coredump.install | 11 +
debian/systemd-coredump.postinst | 15 +
debian/systemd-coredump.prerm | 14 +
debian/systemd-journal-remote.install | 29 +
debian/systemd-journal-remote.postinst | 10 +
debian/systemd-sysv.install | 14 +
debian/systemd-sysv.postinst | 10 +
debian/systemd-tests.install | 1 +
debian/systemd-tests.lintian-overrides | 2 +
debian/systemd.NEWS | 28 +
debian/systemd.bug-control | 1 +
debian/systemd.bug-script | 43 +
debian/systemd.dirs | 1 +
debian/systemd.install | 72 +
debian/systemd.links | 83 +
debian/systemd.lintian-overrides | 2 +
debian/systemd.maintscript | 11 +
debian/systemd.postinst | 173 +
debian/systemd.postrm | 27 +
debian/systemd.prerm | 15 +
debian/systemd.triggers | 2 +
debian/tests/assert.sh | 25 +
debian/tests/boot-and-services | 539 ++
debian/tests/boot-smoke | 66 +
debian/tests/build-login | 38 +
debian/tests/control | 190 +
debian/tests/fsck | 27 +
debian/tests/hostnamed | 22 +
debian/tests/lidswitch.evemu | 34 +
debian/tests/localed-locale | 42 +
debian/tests/localed-x11-keymap | 52 +
debian/tests/logind | 204 +
debian/tests/process-killer | 9 +
debian/tests/root-unittests | 26 +
debian/tests/storage | 238 +
debian/tests/systemd-fsckd | 297 +
debian/tests/timedated | 136 +
debian/tests/udev | 13 +
debian/tests/unit-config | 369 ++
debian/tests/upstream | 51 +
debian/udev-udeb.dirs | 1 +
debian/udev-udeb.install | 20 +
debian/udev.NEWS | 15 +
debian/udev.README.Debian | 149 +
debian/udev.bug-control | 1 +
debian/udev.bug-script | 14 +
debian/udev.init | 254 +
debian/udev.install | 24 +
debian/udev.links | 2 +
debian/udev.maintscript | 8 +
debian/udev.postinst | 136 +
debian/udev.postrm | 12 +
debian/udev.preinst | 81 +
debian/udev.prerm | 30 +
debian/udev.triggers | 1 +
debian/watch | 3 +
190 files changed, 17456 insertions(+)
create mode 100644 debian/README.Debian
create mode 100644 debian/README.source
create mode 100644 debian/changelog
create mode 100644 debian/compat
create mode 100644 debian/control
create mode 100644 debian/copyright
create mode 100755 debian/extra/checkout-upstream
create mode 100644 debian/extra/dhclient-exit-hooks.d/timesyncd
create mode 100644 debian/extra/fbdev-blacklist.conf
create mode 100644 debian/extra/init-functions.d/40-systemd
create mode 100755 debian/extra/initramfs-tools/hooks/udev
create mode 100755 debian/extra/initramfs-tools/scripts/init-bottom/udev
create mode 100755 debian/extra/initramfs-tools/scripts/init-top/udev
create mode 100755 debian/extra/kernel-install.d/85-initrd.install
create mode 100644 debian/extra/make-fbdev-blacklist
create mode 100755 debian/extra/make-sysusers-basic
create mode 100644 debian/extra/pam-configs/systemd
create mode 100644 debian/extra/pam.d/systemd-user
create mode 100644 debian/extra/rules-ubuntu/40-vm-hotadd.rules
create mode 100644 debian/extra/rules-ubuntu/61-persistent-storage-android.rules
create mode 100644 debian/extra/rules-ubuntu/71-power-switch-proliant.rules
create mode 100644 debian/extra/rules-ubuntu/78-graphics-card.rules
create mode 100644 debian/extra/rules/50-firmware.rules
create mode 100644 debian/extra/rules/73-special-net-names.rules
create mode 100644 debian/extra/rules/73-usb-net-by-mac.rules
create mode 100644 debian/extra/rules/80-debian-compat.rules
create mode 100755 debian/extra/set-cpufreq
create mode 100755 debian/extra/start-udev
create mode 100755 debian/extra/systemd-sysv-install
create mode 100644 debian/extra/systemd.py
create mode 100644 debian/extra/tmpfiles.d/debian.conf
create mode 100644 debian/extra/udev.py
create mode 100644 debian/extra/units-ubuntu/ondemand.service
create mode 100644 debian/extra/units-ubuntu/user@.service.d/timeout.conf
create mode 100644 debian/extra/units/getty-static.service
create mode 100644 debian/extra/units/rc-local.service.d/debian.conf
create mode 100644 debian/extra/units/systemd-resolved.service.d/resolvconf.conf
create mode 100644 debian/gbp.conf
create mode 100755 debian/git-cherry-pick
create mode 100644 debian/libnss-myhostname.install
create mode 100644 debian/libnss-myhostname.lintian-overrides
create mode 100644 debian/libnss-myhostname.postinst
create mode 100644 debian/libnss-myhostname.postrm
create mode 100644 debian/libnss-mymachines.install
create mode 100644 debian/libnss-mymachines.lintian-overrides
create mode 100644 debian/libnss-mymachines.postinst
create mode 100644 debian/libnss-mymachines.postrm
create mode 100644 debian/libnss-resolve.install
create mode 100644 debian/libnss-resolve.lintian-overrides
create mode 100644 debian/libnss-resolve.postinst
create mode 100644 debian/libnss-resolve.postrm
create mode 100644 debian/libnss-systemd.install
create mode 100644 debian/libnss-systemd.lintian-overrides
create mode 100644 debian/libnss-systemd.postinst
create mode 100644 debian/libnss-systemd.postrm
create mode 100644 debian/libpam-systemd.install
create mode 100644 debian/libpam-systemd.postinst
create mode 100644 debian/libpam-systemd.prerm
create mode 100644 debian/libsystemd-dev.install
create mode 100644 debian/libsystemd0.install
create mode 100644 debian/libsystemd0.symbols
create mode 100644 debian/libudev-dev.install
create mode 100644 debian/libudev-dev.maintscript
create mode 100644 debian/libudev1-udeb.install
create mode 100644 debian/libudev1.install
create mode 100644 debian/libudev1.symbols
create mode 100644 debian/patches/Do-not-start-server-if-it-is-already-runnning-11245.patch
create mode 100644 debian/patches/Docs-Add-Missing-Space-Between-Words.patch
create mode 100644 debian/patches/Pass-separate-dev_t-var-to-device_path_parse_major_minor.patch
create mode 100644 debian/patches/Revert-Always-rename-an-interface-to-its-name-specified-i.patch
create mode 100644 debian/patches/Revert-logind-become-the-controlling-terminal-process-bef.patch
create mode 100644 debian/patches/Revert-pam_systemd-drop-setting-DBUS_SESSION_BUS_ADDRESS.patch
create mode 100644 debian/patches/Revert-sd-device-ignore-bind-unbind-events-for-now.patch
create mode 100644 debian/patches/Revert-udevd-configure-a-child-process-name-for-worker-pr.patch
create mode 100644 debian/patches/ask-password-api-do-not-call-ask_password_keyring-if-keyn.patch
create mode 100644 debian/patches/basic-process-util-limit-command-line-lengths-to-_SC_ARG_.patch
create mode 100644 debian/patches/core-free-lines-after-reading-them.patch
create mode 100644 debian/patches/core-mount-make-mount_setup_existing_unit-not-drop-MOUNT_.patch
create mode 100644 debian/patches/coredump-fix-message-when-we-fail-to-save-a-journald-core.patch
create mode 100644 debian/patches/coredump-remove-duplicate-MESSAGE-prefix-from-message.patch
create mode 100644 debian/patches/debian/Add-env-variable-for-machine-ID-path.patch
create mode 100644 debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch
create mode 100644 debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
create mode 100644 debian/patches/debian/Don-t-enable-audit-by-default.patch
create mode 100644 debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch
create mode 100644 debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch
create mode 100644 debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch
create mode 100644 debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch
create mode 100644 debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch
create mode 100644 debian/patches/debian/Revert-core-enable-TasksMax-for-all-services-by-default-a.patch
create mode 100644 debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch
create mode 100644 debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch
create mode 100644 debian/patches/debian/Revert-udev-network-device-renaming-immediately-give.patch
create mode 100644 debian/patches/debian/Revert-udev-rules-Permission-changes-for-dev-dri-renderD.patch
create mode 100644 debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch
create mode 100644 debian/patches/debian/Use-Debian-specific-config-files.patch
create mode 100644 debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch
create mode 100644 debian/patches/httpd-use-a-cleanup-function-to-call-MHD_destroy_response.patch
create mode 100644 debian/patches/journal-rely-on-_cleanup_free_-to-free-a-temporary-string.patch
create mode 100644 debian/patches/journal-remote-set-a-limit-on-the-number-of-fields-in-a-m.patch
create mode 100644 debian/patches/journal-remote-verify-entry-length-from-header.patch
create mode 100644 debian/patches/journald-do-not-store-the-iovec-entry-for-process-command.patch
create mode 100644 debian/patches/journald-lower-the-maximum-entry-size-limit-to-for-non-se.patch
create mode 100644 debian/patches/journald-remove-unnecessary.patch
create mode 100644 debian/patches/journald-set-a-limit-on-the-number-of-fields-1k.patch
create mode 100644 debian/patches/journald-when-processing-a-native-message-bail-more-quick.patch
create mode 100644 debian/patches/json-handle-NULL-explicitly-in-json_variant_has_type.patch
create mode 100644 debian/patches/libudev-util-make-util_replace_whitespace-read-only-len-c.patch
create mode 100644 debian/patches/logind-do-not-pass-negative-number-to-strerror.patch
create mode 100644 debian/patches/man-update-color-of-journal-logs-in-DEBUG-level.patch
create mode 100644 debian/patches/meson-stop-setting-fPIE-globally.patch
create mode 100644 debian/patches/network-do-not-ignore-errors-on-link_request_set_neighbor.patch
create mode 100644 debian/patches/network-rename-link_set_routing_policy_rule-to-link_reque.patch
create mode 100644 debian/patches/network-set-_configured-flags-to-false-before-requesting-.patch
create mode 100644 debian/patches/process-util-don-t-use-overly-large-buffer-to-store-proce.patch
create mode 100644 debian/patches/sd-device-fix-segfault-when-error-occurs-in-device_new_fr.patch
create mode 100644 debian/patches/sd-device-monitor-fix-ordering-of-setting-buffer-size.patch
create mode 100644 debian/patches/series
create mode 100644 debian/patches/switch-root-fix-error-message.patch
create mode 100644 debian/patches/test-add-test-for-sending-receiving-an-invalid-device.patch
create mode 100644 debian/patches/test-json-check-absolute-and-relative-difference-in-float.patch
create mode 100644 debian/patches/udev-event-do-not-read-stdout-or-stderr-if-the-pipefd-is-.patch
create mode 100644 debian/patches/udev-node-make-link_find_prioritized-return-negative-valu.patch
create mode 100644 debian/patches/udev-open-control-and-netlink-sockets-before-daemonizatio.patch
create mode 100644 debian/patches/udev-rework-how-we-handle-the-return-value-from-spawned-p.patch
create mode 100644 debian/patches/udevadm-refuse-to-run-trigger-control-settle-and-monitor-.patch
create mode 100644 debian/patches/udevd-drop-redundant-call-to-sd_event_get_exit_code.patch
create mode 100755 debian/rules
create mode 100644 debian/shlibs.local.in
create mode 100644 debian/source/format
create mode 100644 debian/systemd-container.install
create mode 100644 debian/systemd-container.maintscript
create mode 100644 debian/systemd-container.postinst
create mode 100644 debian/systemd-container.postrm
create mode 100644 debian/systemd-coredump.install
create mode 100644 debian/systemd-coredump.postinst
create mode 100644 debian/systemd-coredump.prerm
create mode 100644 debian/systemd-journal-remote.install
create mode 100644 debian/systemd-journal-remote.postinst
create mode 100644 debian/systemd-sysv.install
create mode 100644 debian/systemd-sysv.postinst
create mode 100644 debian/systemd-tests.install
create mode 100644 debian/systemd-tests.lintian-overrides
create mode 100644 debian/systemd.NEWS
create mode 100644 debian/systemd.bug-control
create mode 100644 debian/systemd.bug-script
create mode 100644 debian/systemd.dirs
create mode 100644 debian/systemd.install
create mode 100644 debian/systemd.links
create mode 100644 debian/systemd.lintian-overrides
create mode 100644 debian/systemd.maintscript
create mode 100644 debian/systemd.postinst
create mode 100644 debian/systemd.postrm
create mode 100644 debian/systemd.prerm
create mode 100644 debian/systemd.triggers
create mode 100644 debian/tests/assert.sh
create mode 100755 debian/tests/boot-and-services
create mode 100755 debian/tests/boot-smoke
create mode 100755 debian/tests/build-login
create mode 100644 debian/tests/control
create mode 100755 debian/tests/fsck
create mode 100755 debian/tests/hostnamed
create mode 100644 debian/tests/lidswitch.evemu
create mode 100755 debian/tests/localed-locale
create mode 100755 debian/tests/localed-x11-keymap
create mode 100755 debian/tests/logind
create mode 100755 debian/tests/process-killer
create mode 100644 debian/tests/root-unittests
create mode 100755 debian/tests/storage
create mode 100755 debian/tests/systemd-fsckd
create mode 100755 debian/tests/timedated
create mode 100755 debian/tests/udev
create mode 100755 debian/tests/unit-config
create mode 100755 debian/tests/upstream
create mode 100644 debian/udev-udeb.dirs
create mode 100644 debian/udev-udeb.install
create mode 100644 debian/udev.NEWS
create mode 100644 debian/udev.README.Debian
create mode 100644 debian/udev.bug-control
create mode 100644 debian/udev.bug-script
create mode 100644 debian/udev.init
create mode 100644 debian/udev.install
create mode 100644 debian/udev.links
create mode 100644 debian/udev.maintscript
create mode 100644 debian/udev.postinst
create mode 100644 debian/udev.postrm
create mode 100644 debian/udev.preinst
create mode 100644 debian/udev.prerm
create mode 100644 debian/udev.triggers
create mode 100644 debian/watch
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 00000000..e6dd9bc2
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,98 @@
+Enabling persistent logging in journald
+=======================================
+
+To enable persistent logging, create /var/log/journal:
+
+ mkdir -p /var/log/journal
+ systemd-tmpfiles --create --prefix /var/log/journal
+
+systemd will make the journal files owned by the "systemd-journal" group and
+add an ACL for read permissions for users in the "adm" group.
+To grant a user read access to the system journal, add them to one of the two
+groups.
+
+This will allow you to look at previous boot logs with e. g.
+"journalctl -b -1".
+
+If you enable persistent logging, consider uninstalling rsyslog or any other
+system-log-daemon, to avoid logging everything twice.
+
+Debugging boot/shutdown problems
+================================
+
+The "debug-shell" service starts a root shell on VT 9 which is available very
+early during boot and very late during shutdown. You can temporarily enable
+this when booting the system does not get sufficiently far to get a desktop or
+even the text console logins (getty), or when shutdown hangs eternally.
+
+For boot problems the recommended way is to append "systemd.debug-shell" to the
+kernel command line in the bootloader.
+For shutdown problems, run "systemctl start debug-shell" as root, then shut
+down.
+
+WARNING: Please avoid "systemctl enable debug-shell" as this will start the
+debug shell permanently which is a SECURITY HOLE as it allows unauthenticated
+and unrestricted root access to your computer if you forget to disable it!
+Please only enable it if you cannot pass "systemd.debug-shell" to the boot
+loader for some reason, and then immediately run "systemctl disable debug-shell"
+after booting.
+
+Once the boot/shutdown problem happened, switch to VT9 (Ctrl+Alt+F9). There you
+can use the usual systemctl or journalctl commands, or any other Linux shell
+command to list or kill processes. For example, run "systemctl list-jobs" to
+see what's currently being run, or "systemctl" to find units which are not in
+the expected state (e. g. "failed" for boot or still "active" during shutdown),
+and then get more detailed information with "systemctl status -l foo.service"
+to get a service "foo"'s status and recent logging.
+
+In situations where the debug shell is not available, you can generate a
+/shutdown-log.txt file instead:
+1. Boot with these kernel command line options:
+ systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M
+2. Save the following script as /lib/systemd/system-shutdown/debug.sh and make it executable:
+ #!/bin/sh
+ mount -o remount,rw /
+ dmesg > /shutdown-log.txt
+ mount -o remount,ro /
+3. Reboot
+
+Enable and use networkd
+=======================
+networkd is a small and lean service to configure network interfaces, designed
+mostly for server use cases in a world with hotplugged and virtualized
+networking. Its configuration is similar in spirit and abstraction level to
+ifupdown, but you don't need any extra packages to configure bridges, bonds,
+vlan etc. It is not very suitable for managing WLANs yet; NetworkManager is
+still much more appropriate for such Desktop use cases.
+
+networkd is not enabled by default; run
+
+ systemctl enable systemd-networkd
+
+if you want to use it. After that you need to create some *.network
+configuration files. In the simplest case you just want to run DHCP on all
+available Ethernet interfaces:
+
+--- /etc/systemd/network/all-eth.network ---
+[Match]
+Name=e*
+[Network]
+DHCP=yes
+
+This will match on both the kernel "ethN" as well as the predictable interface
+names "en*". Please see man systemd.network(5) for all available configuration
+options and examples.
+
+You need to make sure that interfaces handled by networkd are not handled by
+ifupdown (/etc/network/interfaces) and NetworkManager.
+
+Note that interfaces brought up/down will *not* run hooks in
+/etc/network/if-*.d/.
+
+It is recommended to use networkd together with systemd-resolved(8) to
+dynamically manage /etc/resolv.conf:
+
+ systemctl enable systemd-resolved
+ ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
+
+Debian's networkd has been modified to also work with the resolvconf package.
diff --git a/debian/README.source b/debian/README.source
new file mode 100644
index 00000000..e3ba8cf4
--- /dev/null
+++ b/debian/README.source
@@ -0,0 +1,103 @@
+Building from source
+--------------------
+Install “git-buildpackage†and run the following steps:
+
+ gbp clone git+ssh://git.debian.org/git/pkg-systemd/systemd.git
+ cd systemd
+ gbp buildpackage
+
+We recommend you use pbuilder to make sure you build in a clean environment:
+
+ gbp buildpackage --git-pbuilder
+
+Changelog
+---------
+The systemd package uses gbp dch for automatically generating
+debian/changelog entries from the corresponding git commits. This makes
+cherry-picking, merging, and rebasing much simpler.
+
+Thus, for any packaging change *don't* modify debian/changelog, just write a
+meaningful git commit log with proper bug references (such as "Closes: #12345"
+on the last line). For doing a release, run
+
+ gbp dch --auto
+
+then beautify the generated debian/changelog, then run the usual "dch -r" and
+"debcommit -ar --sign-tags".
+
+Patch handling
+--------------
+The systemd package uses gbp pq for maintaining patches with a git-like
+workflow in a "patch-queue/<branch>" local branch and then exporting them as
+quilt series. For working on patches you run
+
+ gbp pq import --force
+
+Then you are in the patch-queue branch and can git log, commit, cherry-pick
+upstream commits, rebase, etc. there. After you are done, run
+
+ gbp pq export
+
+which will put you back into master and update debian/patches/ (including
+series). You need to git add etc. new patches, possibly other
+packaging changes, and then git commit as usual.
+
+systemd uses gbp pq's "topic" branches for organizing patches; for simplicity
+(as this is the most common operation), upstream cherry-picks go into the
+"empty" topic (i. e. directly into debian/patches/), while Debian specific
+patches go into "Gbp-Pq: Topic debian" (i. e. debian/patches/debian/).
+
+Rebasing patches to a new upstream version
+------------------------------------------
+gbp pq's "rebase" command does not work very conveniently as it fails on merge
+conflicts. First, ensure you are in the master branch:
+
+ git checkout master # in case you aren't already
+
+Now, do one of
+
+ (1) To import a new upstream release into the existing master branch for unstable,
+do:
+
+ gbp pq import --force
+ gbp pq switch # switch back to master from patch-queue/master
+ gbp import-orig [...]
+ gbp pq switch # switch to patch-queue/master
+ git rebase master
+
+ (2) To import a new upstream release into a new branch for Debian experimental, do:
+
+ git branch experimental
+ git checkout experimental
+ editor debian/gbp.conf # set "debian-branch=experimental"
+ gbp import-orig [...]
+ git branch patch-queue/experimental patch-queue/master
+ git checkout patch-queue/experimental
+ git rebase experimental
+
+Now resolve all the conflicts, skip obsolete patches, etc. When you are done, run
+
+ gbp pq export
+
+Note that our debian/gbp.conf disables patch numbers.
+
+Cherry-picking upstream patches
+-------------------------------
+You can add the systemd upstream branch as an additional remote to the Debian
+packaging branch. Call it "github" or similar to avoid confusing it with the
+already existing "upstream" branch from git-buildpackage:
+
+ git remote add github https://github.com/systemd/systemd.git
+ git fetch github -n
+
+Now you can look at the upstream log and cherry-pick patches into the
+patch-queue branch:
+
+ gbp pq import --force
+ git log github/master
+ git cherry-pick 123DEADBEEF
+
+debian/git-cherry-pick is a nice tool to automate all that:
+
+ debian/git-cherry-pick 123DEADBEEF 987654 AFFE99
+ git checkout master # switch back from patch-queue branch
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 00000000..3a62cfba
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5498 @@
+systemd (240-5) unstable; urgency=medium
+
+ [ Felipe Sateler ]
+ * Revert interface renaming changes. (Closes: #919390)
+
+ [ Martin Pitt ]
+ * process-util: Fix memory leak (Closes: #920018)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 27 Jan 2019 21:33:07 +0000
+
+systemd (240-4) unstable; urgency=medium
+
+ [ Benjamin Drung ]
+ * Fix shellcheck issues in initramfs-tools scripts
+
+ [ Michael Biebl ]
+ * Import patches from v240-stable branch (up to f02b5472c6)
+ - Fixes a problem in logind closing the controlling terminal when using
+ startx. (Closes: #918927)
+ - Fixes various journald vulnerabilities via attacker controlled alloca.
+ (CVE-2018-16864, CVE-2018-16865, Closes: #918841, Closes: #918848)
+ * sd-device-monitor: Fix ordering of setting buffer size.
+ Fixes an issue with uevents not being processed properly during coldplug
+ stage and some kernel modules not being loaded via "udevadm trigger".
+ (Closes: #917607)
+ * meson: Stop setting -fPIE globally.
+ Setting -fPIE globally can lead to miscompilations on certain
+ architectures. Instead use the b_pie=true build option, which was
+ introduced in meson 0.49. Bump the Build-Depends accordingly.
+ (Closes: #909396)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 12 Jan 2019 21:49:44 +0100
+
+systemd (240-3) unstable; urgency=medium
+
+ * udev.init: Trigger add events for subsystems.
+ Update the SysV init script and mimic the behaviour of the initramfs and
+ systemd-udev-trigger.service which first trigger subsystems and then
+ devices during the coldplug stage.
+ * udevadm: Refuse to run trigger, control, settle and monitor commands in
+ chroot (Closes: #917633)
+ * network: Set link state configuring before setting addresses.
+ Fixes a crash in systemd-networkd caused by an assertion failure.
+ (Closes: #918658)
+ * libudev-util: Make util_replace_whitespace() read only len characters.
+ Fixes a regression where /dev/disk/by-id/ names had additional
+ underscores.
+ * man: Update color of journal logs in DEBUG level (Closes: #917948)
+ * Remove old state directory of systemd-timesyncd on upgrades.
+ Otherwise timesyncd will fail to update the clock file if it was created
+ as /var/lib/private/systemd/timesync/clock.
+ This was the case when the service was using DynamicUser=yes which it no
+ longer does in v240. (Closes: #918190)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 09 Jan 2019 18:40:57 +0100
+
+systemd (240-2) unstable; urgency=medium
+
+ * Pass separate dev_t var to device_path_parse_major_minor.
+ Fixes FTBFS on mips/mipsel (MIPS/O32). (Closes: #917195)
+ * test-json: Check absolute and relative difference in floating point test.
+ Fixes FTBFS due to test-suite failures on armel, armhf and hppa.
+ (Closes: #917215)
+ * sd-device: Fix segfault when error occurs in device_new_from_{nulstr,strv}()
+ Fixes a segfault in systemd-udevd when debug logging is enabled.
+ * udev-event: Do not read stdout or stderr if the pipefd is not created.
+ This fixes problems with device-mapper symlinks no longer being created
+ or certain devices not being marked as ready. (Closes: #917124)
+ * Don't bump fs.nr_open in PID 1.
+ In v240, systemd bumped fs.nr_open in PID 1 to the highest possible
+ value. Processes that are spawned directly by systemd, will have
+ RLIMIT_NOFILE be set to 512K (hard).
+ pam_limits in Debian defaults to "set_all", i.e. for limits which are
+ not explicitly configured in /etc/security/limits.conf, the value from
+ PID 1 is taken, which means for login sessions, RLIMIT_NOFILE is set to
+ the highest possible value instead of 512K. Not every software is able
+ to deal with such an RLIMIT_NOFILE properly.
+ While this is arguably a questionable default in Debian's pam_limit,
+ work around this problem by not bumping fs.nr_open in PID 1.
+ (Closes: #917167)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 27 Dec 2018 14:03:57 +0100
+
+systemd (240-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 240
+ - core: Skip cgroup_subtree_mask_valid update if UNIT_STUB
+ (Closes: #903011)
+ - machined: Rework referencing of machine scopes from machined
+ (Closes: #903288)
+ - timesync: Fix serialization of IP address
+ (Closes: #916516)
+ - core: Don't track jobs-finishing-during-reload explicitly
+ (Closes: #916678)
+ * Rebase patches
+ * Install new systemd-id128 binary
+ * Update symbols file for libsystemd0
+ * Update nss build options
+
+ [ Martin Pitt ]
+ * tests: Disable some flaky upstream tests.
+ See https://github.com/systemd/systemd/issues/11195
+ * tests: Disable flaky TEST-17-UDEV-WANTS upstream test.
+ See https://github.com/systemd/systemd/issues/11195
+
+ -- Michael Biebl <biebl@debian.org> Sat, 22 Dec 2018 16:01:43 +0100
+
+systemd (239-15) unstable; urgency=medium
+
+ [ Felipe Sateler ]
+ * Fix container check in udev init script.
+ Udev needs writable /sys, so the init script tried to check before
+ starting. Unfortunately, the check was inverted. Let's add the missing
+ '!' to negate the check.
+ (Closes: #915261)
+ * Add myself to uploaders
+
+ [ Michael Biebl ]
+ * Remove obsolete systemd-shim conffile on upgrades.
+ The D-Bus policy file was dropped from the systemd-shim package in
+ version 8-4, but apparently there are cases where users removed the
+ package before that cleanup happened. The D-Bus policy file that was
+ shipped by systemd-shim was much more restrictive and now prevents
+ calling GetDynamicUsers() and other recent APIs on systemd Manager.
+ (Closes: #914285)
+
+ -- Felipe Sateler <fsateler@debian.org> Wed, 05 Dec 2018 21:03:34 -0300
+
+systemd (239-14) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * autopkgtest: Drop test_custom_cgroup_cleanup from boot-and-services
+ * resolved: Increase size of TCP stub replies (Closes: #915049)
+ * meson: Unify linux/stat.h check with other checks and use _GNU_SOURCE.
+ Fixes a build failure with glibc 2.28.
+ * Drop procps dependency from systemd.
+ The systemd-exit.service user service no longer uses the "kill" binary.
+ * Simplify container check in udev SysV init script.
+ Instead of using "ps" to detect a container environment, simply test if
+ /sys is writable. This matches what's used in systemd-udevd.service via
+ ConditionPathIsReadWrite=/sys and follows
+ https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
+ This means we no longer need procps, so drop that dependency from the
+ udev package. (Closes: #915095)
+
+ [ Mert Dirik ]
+ * 40-systemd: Honour __init_d_script_name.
+ Make /lib/lsb/init-functions.d/40-systemd use __init_d_script_name
+ (if available) to figure out real script name. (Closes: #826214)
+ * 40-systemd: Improve heuristics for init-d-script.
+ Improve heuristics for scripts run via init-d-script so that the
+ redirection works even for older init-d-script versions without the
+ __init_d_script_name variable.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 02 Dec 2018 01:00:01 +0100
+
+systemd (239-13) unstable; urgency=medium
+
+ * autopktest: Add e2fsprogs dependency to upstream test.
+ Some of the upstream tests require mkfs.ext4. (Closes: #887250)
+ * systemctl: Tell update-rc.d to skip creating any systemd symlinks.
+ When calling update-rc.d via systemd-sysv-install, tell it to skip
+ creating any systemd symlinks as we want to handle those directly in
+ systemctl. Older update-rc.d versions will ignore that request, but
+ that's ok. This means we don't need a versioned dependency against
+ init-system-helpers. (Closes: #743217)
+ * pam_systemd: Suppress LOG_DEBUG log messages if debugging is off
+ (Closes: #825949)
+ * Drop cgroup-don-t-trim-cgroup-trees-created-by-someone-el.patch.
+ The patch is no longer necessary as lxc.service now uses Delegate=yes.
+ * Remove obsolete Replaces from pre-jessie
+
+ -- Michael Biebl <biebl@debian.org> Tue, 20 Nov 2018 19:44:39 +0100
+
+systemd (239-12) unstable; urgency=high
+
+ [ Martin Pitt ]
+ * Enable QEMU on more architectures in "upstream" autopkgtest.
+ Taken from the Ubuntu package, so apparently QEMU works well enough on
+ these architectures now.
+ * autopkgtest: Avoid test bed reset for boot-smoke.
+ Make "boot-smoke"'s dependencies a strict superset of "upstream"'s, so
+ that autopkgtest doesn't have to provide a new testbed.
+ * Fix wrong "nobody" group from sysusers.d.
+ Fix our make-sysusers-basic sysusers.d generator to special-case the
+ nobody group. "nobody" user and "nogroup" group both have the same ID
+ 65534, which is the only special case for Debian's static users/groups.
+ So specify the gid explicitly, to avoid systemd-sysusers creating a
+ dynamic system group for "nobody".
+ Also clean up the group on upgrades.
+ Thanks to Keh-Ming Luoh for the original patch! (Closes: #912525)
+
+ [ Michael Biebl ]
+ * autopkgtest: Use shutil.which() which is provided by Python 3
+ * Drop non-existing gnuefi=false build option.
+ This was mistakenly added when converting from autotools to meson.
+ * core: When deserializing state always use read_line(…, LONG_LINE_MAX, …)
+ Fixes a vulnerability in unit_deserialize which allows an attacker to
+ supply arbitrary state across systemd re-execution via NotifyAccess.
+ (CVE-2018-15686, Closes: #912005)
+ * meson: Use the host architecture compiler/linker for src/boot/efi.
+ Fixes cross build failure for arm64. (Closes: #905381)
+ * systemd: Do not pass .wants fragment path to manager_load_unit.
+ Fixes an issue with overridden units in /etc not being used due to a
+ .wants/ symlink pointing to /lib. (Closes: #907054)
+ * machined: When reading os-release file, join PID namespace too.
+ This ensures that we properly acquire the os-release file from containers.
+ (Closes: #911231)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 17 Nov 2018 18:39:21 +0100
+
+systemd (239-11) unstable; urgency=high
+
+ [ Michael Biebl ]
+ * debian/tests/upstream: Clean up after each test run.
+ Otherwise the loopback images used by qemu are not properly released and
+ we might run out of disk space.
+ * dhcp6: Make sure we have enough space for the DHCP6 option header.
+ Fixes out-of-bounds heap write in systemd-networkd dhcpv6 option
+ handling.
+ (CVE-2018-15688, LP: #1795921, Closes: #912008)
+ * chown-recursive: Rework the recursive logic to use O_PATH.
+ Fixes a race condition in chown_one() which allows an attacker to cause
+ systemd to set arbitrary permissions on arbitrary files.
+ (CVE-2018-15687, LP: #1796692, Closes: #912007)
+
+ [ Martin Pitt ]
+ * debian/tests/boot-and-services: Use gdm instead of lightdm.
+ This seems to work more reliably, on Ubuntu CI's i386 instances lightdm
+ fails.
+
+ [ Manuel A. Fernandez Montecelo ]
+ * Run "meson test" instead of "ninja test"
+ Upstream developers of meson recommend to run it in this way, because
+ "ninja test" just calls "meson test", and by using meson directly and
+ using extra command line arguments it is possible to control aspects of
+ how the tests are run.
+ * Increase timeout for test in riscv64.
+ The buildds for the riscv64 arch used at the moment are slow, so increase
+ the timeouts for this arch by a factor of 10, for good measure.
+ (Closes: #906429)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 28 Oct 2018 13:02:18 +0100
+
+systemd (239-10) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * meson: Rename -Ddebug to -Ddebug-extra.
+ Meson added -Doptimization and -Ddebug options, which obviously causes
+ a conflict with our -Ddebug options. Let's rename it.
+ (Closes: #909455)
+ * Add conflicts against consolekit.
+ Letting both ConsoleKit and logind manage dynamic device permissions
+ will only lead to inconsistent and unexpected results.
+
+ [ Felipe Sateler ]
+ * Link systemctl binary statically against libshared.
+ This reduces the Pre-Depends list considerably, and is more resilient
+ against borked installs.
+
+ -- Michael Biebl <biebl@debian.org> Tue, 25 Sep 2018 16:11:12 +0200
+
+systemd (239-9) unstable; urgency=medium
+
+ * autopkgtest: Remove needs-recommends runtime restriction.
+ This restriction has been deprecated and there are plans to remove it
+ altogether. The tests pass withouth needs-recommends, so it seems safe
+ to remove.
+ * test: Use installed catalogs when test-catalog is not located at build
+ dir.
+ This makes it possible to run test-catalog as installed test, so we no
+ longer need to mark it as EXFAIL in our root-unittests autopkgtest.
+ * test: Use "systemd-runtest.env" to set $SYSTEMD_TEST_DATA and
+ $SYSTEMD_CATALOG_DIR.
+ This avoids embedding ABS_{SRC,BUILD}_DIR into libsystemd-shared.so and
+ the test binaries and should make the build reproducible.
+ (Closes: #908365)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 12 Sep 2018 19:07:38 +0200
+
+systemd (239-8) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Clean up dbus-org.freedesktop.timesync1.service Alias on purge
+ (Closes: #904290)
+ * user-runtime-dir: Fix wrong SELinux context (Closes: #908026)
+ * core: Fix gid when DynamicUser=yes with static user (Closes: #904335)
+ * Remove udev control socket on shutdown under sysvinit.
+ The udev control socket is no longer removed automatically when the
+ daemon is stopped. As this can confuse other software, update the SysV
+ init script to remove the control socket manually and make sure the init
+ script is executed on shutdown (runlevel 0) and reboot (runlevel 6).
+ (Closes: #791944)
+ * Bump Standards-Version to 4.2.1
+
+ [ Martin Pitt ]
+ * timedated: Fix wrong PropertyChanged values and refcounting
+
+ -- Michael Biebl <biebl@debian.org> Fri, 07 Sep 2018 08:41:12 +0200
+
+systemd (239-7) unstable; urgency=medium
+
+ * autopkgtest: Add iputils-ping dependency to root-unittests.
+ The ping binary is required by test-bpf.
+ * autopkgtest: Add dbus-user-session and libpam-systemd dependency to
+ root-unittests.
+ Without a working D-Bus user session, a lot of the test-bus-* tests are
+ skipped.
+ * network/link: Fix logic error in matching devices by MAC (Closes: #904198)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 22 Jul 2018 13:40:15 +0200
+
+systemd (239-6) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * autopkgtest: Install libnss-systemd.
+ Make sure that dynamic users can be resolved. This e. g. prevents a
+ startup failure for systemd-resolved.
+ * autopkgtest: Add missing python3 test dependency for udev test
+
+ [ Michael Biebl ]
+ * autopkgtest: Make AppArmor violator test work with merged-usr
+ * Make /dev/kvm accessible to local users and group kvm.
+ Re-add the uaccess tag to /dev/kvm to make it accessible to local
+ users. Access is also granted via group kvm, so create that in
+ udev.postinst. (Closes: #887852)
+ * Move a few man pages from systemd to systemd-journal-remote.
+ The systemd package shipped a few systemd-journal-remote and
+ systemd-journal-upload related man pages which really belong into the
+ systemd-journal-remote package. Move those man pages into the correct
+ package and add a Breaks/Replaces against systemd accordingly.
+ (Closes: #903557)
+ * autopkgtest: Drop no-longer needed workaround from upstream test
+ * Go back to statically allocate system users for timesyncd, networkd and
+ resolved.
+ There are currently too many open issues related to D-Bus and the usage
+ of DynamicUser. (Closes: #902971)
+ * Change python3-minimal dependency to python3.
+ While we strictly only need python3-minimal, the usage of
+ python3-minimal triggers a lintian error: depends-on-python-minimal
+ * test: Drop SKIP_INITRD for QEMU-based tests.
+ The Debian Linux kernel ships ext4 support as a module, so we require an
+ initrd to successfully start the QEMU images.
+ * debian/tests/localed-x11-keymap: Deal with absence of
+ /etc/default/keyboard more gracefully
+ * autopkgtest: Add various dependencies to make upstream test pass on Debian
+ - netcat-openbsd: Required by TEST-12-ISSUE-3171.
+ - busybox-static: Required by TEST-13-NSPAWN-SMOKE.
+ - plymouth: Required by TEST-15-DROPIN and TEST-22-TMPFILES.
+ * Drop seccomp system call filter for udev.
+ The seccomp based system call whitelist requires at least systemd 239 to
+ be the active init and during a dist-upgrade we can't guarantee that
+ systemd has been fully configured before udev is restarted.
+ The versioned systemd Breaks that was added to udev for #902185 didn't
+ really fix this issue, so revert that change again. (Closes: #903224)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 19 Jul 2018 00:04:54 +0200
+
+systemd (239-5) unstable; urgency=medium
+
+ * Add inverse version restriction of the Breaks to the systemd-shim
+ alternative in libpam-systemd.
+ Otherwise apt will fail to find an installation path for libpam-systemd
+ in cases where libpam-systemd is an indirect dependency. (Closes: #902998)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 05 Jul 2018 11:50:10 +0200
+
+systemd (239-4) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Drop outdated section from README.Debian about switching back to SysV init
+ * sleep: Fix one more printf format of a fiemap field
+ * basic: Add missing comma in raw_clone assembly for sparc
+ * bus-util: Make log level lower in request_name_destroy_callback()
+ * tmpfiles: Specify access mode for /run/systemd/netif
+ * Add Breaks against python-dbusmock (<< 0.18) to systemd.
+ The logind and timedated tests in python-dbusmock were broken by the
+ latest systemd release and had to be adjusted to work with systemd 239.
+ See #902602
+ * Drop patches which try to support running systemd services without systemd
+ as pid 1.
+ No one is currently actively maintaining systemd-shim, which means that
+ e.g. running systemd-logind no longer works when systemd is not pid 1.
+ Thus drop our no longer working patches. Bump the Breaks against
+ systemd-shim accordingly.
+ See #895292, #901404, #901405
+
+ [ Martin Pitt ]
+ * test: fix networkd-test.py rate limiting and dynamic user
+
+ -- Michael Biebl <biebl@debian.org> Tue, 03 Jul 2018 23:36:28 +0200
+
+systemd (239-3) unstable; urgency=medium
+
+ * Revert "systemctl: when removing enablement or mask symlinks, cover both
+ /run and /etc"
+ We currently have packages in the archive which use
+ "systemctl --runtime unmask" and are broken by this change.
+ This is a intermediate step until it is clear whether upstream will
+ revert this commit or whether we will have to update affected packages
+ to deal with this changed behaviour.
+ See #902287 and https://github.com/systemd/systemd/issues/9393
+
+ -- Michael Biebl <biebl@debian.org> Wed, 27 Jun 2018 14:46:06 +0200
+
+systemd (239-2) unstable; urgency=medium
+
+ * sleep: Fix printf format of fiemap fields.
+ This should fix a FTBFS on ia64.
+ * timesync: Change type of drift_freq to int64_t.
+ This should fix a FTBFS on x32.
+ * Bump systemd Breaks to ensure it is upgraded in lockstep with udev.
+ The hardening features used by systemd-udevd.service require systemd 239
+ and udev will fail to start with older versions. (Closes: #902185)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 27 Jun 2018 13:59:24 +0200
+
+systemd (239-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 239
+ * Drop alternative iptables-dev Build-Depends.
+ It is no longer needed as both Ubuntu and Debian now ship libiptc-dev in
+ their latest stable (LTS) release.
+ * Drop alternative btrfs-tools Recommends.
+ It is no longer needed as btrfs-progs is now available in both Debian
+ and Ubuntu and keeping the alternative around prevents the transitional
+ package from being autoremoved.
+ * Disable installation of RPM macros.
+ This avoids having to remove them manually later on.
+ * Drop cleanup rules for libtool .la files.
+ With the switch to Meson, libtool is no longer used.
+ * Drop fallback for older kernels when running the test suite.
+ We now assume that we have a kernel newer then 3.13.
+ * Stop cleaning up .busname units.
+ Those are gone upstream, so we no longer need to remove them manually.
+ * Update symbols file for libsystemd0
+ * Rebase patches
+ * Install new resolvectl tool.
+ Don't ship the /sbin/resolvconf compat symlink in the systemd package,
+ as this would cause a file conflict with the resolvconf and openresolv
+ package.
+ * Disable support for "Portable Services"
+ This is still an experimental feature.
+ * Disable pristine-tar in gbp.conf.
+ It is currently not possible to import the systemd v239 tarball using
+ pristine-tar due to #902115.
+ * Bump Build-Depends on meson to (>= 0.44)
+ * Stop setting the path for the kill binary, no longer necessary
+ * Stop creating systemd-network and systemd-resolve system user
+ systemd-networkd.service and systemd-resolved.service now use
+ DynamicUser=yes.
+
+ [ Dimitri John Ledkov ]
+ * Run all upstream tests, and then report all that failed.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 23 Jun 2018 00:18:08 +0200
+
+systemd (238-5) unstable; urgency=medium
+
+ [ Evgeny Vereshchagin ]
+ * upstream autopkgtest: Copy journal subdirectories.
+ Otherwise logs are missing on failures.
+
+ [ Martin Pitt ]
+ * debian/tests/boot-and-services: Ignore cpi.service failure.
+ This is apparently a regression in Ubuntu 18.04, not in systemd, so
+ ignore it.
+
+ [ Michael Biebl ]
+ * sd-bus: Do not try to close already closed fd (Closes: #896781)
+ * Use dh_missing to act on uninstalled files.
+ The usage of dh_install --fail-missing has been deprecated.
+ * meson: Avoid warning about comparison of bool and string.
+ The result of this is undefined and will become a hard error in a future
+ Meson release.
+ * login: Respect --no-wall when cancelling a shutdown request
+ (Closes: #897938)
+ * Add dependencies of libsystemd-shared to Pre-Depends.
+ This is necessary so systemctl is functional at all times during a
+ dist-upgrade. (Closes: #897986)
+ * Drop dh_strip override, the dbgsym migration is done
+
+ [ Felipe Sateler ]
+ * Don't include libmount.h in a header file.
+ Kernel and glibc headers both use MS_* constants, but are not in sync, so
+ only one of them can be used at a time. Thus, only import them where
+ needed. Works around #898743.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 26 May 2018 10:31:29 +0200
+
+systemd (238-4) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * udev/net-id: Fix check for address to keep interface names stable
+ * debian/copyright: Move global wildcard section to the top
+
+ [ Martin Pitt ]
+ * Fix daemon reload failures
+
+ [ Laurent Bigonville ]
+ * Fix /sys/fs/cgroup mount when using SELinux.
+ Since v236, all cgroups except /sys/fs/cgroup/systemd and
+ /sys/fs/cgroup/unified are not mounted when SELinux is enabled (even in
+ permissive mode). Disabling SELinux completely restores these cgroups.
+ This patch fixes that issue by no longer making the assumption that those
+ cgroups are mounted by initrd/dracut before systemd is started.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 01 Apr 2018 13:02:57 +0200
+
+systemd (238-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Enable systemd-sysusers unit and provide correct Debian static u/gids.
+ Add a helper script debian/extra/make-sysusers-basic which generates a
+ sysusers.d(5) file from Debian's static master passwd/group files.
+ systemd 238 now supports specifying different uid and gid and a
+ non-default login shell, so this is possible now. (Closes: #888126)
+ * udev README.Debian: Include initrd rebuild and some clarifications in
+ migration.
+ While initrd update is already being mentioned in the introductory
+ section, it is easy to miss when going through the migration steps, so
+ explicitly mention it again. Also add a warning about keeping a fallback
+ on misconfigurations, and the possibility to migrate one interface at a
+ time.
+ Thanks to Karl O. Pinc for the suggestions! (Closes: #881769)
+
+ [ Michael Biebl ]
+ * basic/macros: Rename noreturn into _noreturn_.
+ "noreturn" is reserved and can be used in other header files we include.
+ (Closes: #893426)
+ * units: Fix SuccessAction that belongs to [Unit] section not [Service]
+ section (Closes: #893282)
+
+ -- Michael Biebl <biebl@debian.org> Tue, 20 Mar 2018 23:22:57 +0100
+
+systemd (238-2) unstable; urgency=medium
+
+ [ Alf Gaida ]
+ * core: do not free stack-allocated strings.
+ Fixes a crash in systemd when the cpuacct cgroup controller is not
+ available. (Closes: #892360)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 10 Mar 2018 01:12:47 +0100
+
+systemd (238-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 238
+ - Fixes systemd-tmpfiles to correctly handle symlinks present in
+ non-terminal path components. (CVE-2018-6954, Closes: #890779)
+ * Rebase patches
+ * Use compat symlinks as provided by upstream.
+ As the upstream build system now creates those symlinks for us, we no
+ longer have to create them manually.
+ * Update symbols file for libsystemd0
+ * test-cgroup-util: bail out when running under a buildd environment
+
+ [ Dimitri John Ledkov ]
+ * systemd-sysv-install: Fix name initialisation.
+ Only initialise NAME after --root optional argument has been parsed,
+ otherwise NAME is initialized to e.g. `enable`, instead of to the
+ `unit-name`, resulting in failures. (LP: #1752882)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 07 Mar 2018 23:21:53 +0100
+
+systemd (237-4) unstable; urgency=medium
+
+ [ Gunnar Hjalmarsson ]
+ * Fix PO template creation.
+ Cherry-pick upstream patches to build a correct systemd.pot including
+ the polkit policy files even without policykit-1 being installed.
+ (LP: #1707898)
+
+ [ Michael Biebl ]
+ * Drop mask for fuse SysV init script.
+ The fuse package has removed its SysV init script a long time ago, so
+ the mask is no longer needed.
+ * Replace two Debian specific patches which cherry-picks from upstream
+ master
+
+ -- Michael Biebl <biebl@debian.org> Wed, 28 Feb 2018 19:18:34 +0100
+
+systemd (237-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/boot-smoke: More robust journal checking.
+ Also fail the test if calling journalctl fails, and avoid calling it
+ twice. See https://github.com/systemd/systemd/pull/8032
+ * Simplify PO template creation.
+ Use the existing upstream build system instead of a manual call to
+ `intltool-update` and `xgettext` to build systemd.pot. Remove the now
+ obsolete intltool build dependency, but still explicitly keep gettext.
+ (LP: #1707898)
+ * Make systemd-sysv-install robust against existing $ROOT.
+ Always initialize `$ROOT`, to avoid the script getting confused by an
+ existing outside env variable. Also fix the `--root` option to actually
+ work, the previous approach was conceptually broken due to how shell
+ quoting works. Make the work with `set -u`. (Closes: #890436)
+
+ [ Felipe Sateler ]
+ * Backport upstream patch fixing a wrong assert() call (Closes: #890423)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 14 Feb 2018 23:07:17 +0100
+
+systemd (237-2) unstable; urgency=medium
+
+ * Drop debian/extra/rules/70-debian-uaccess.rules.
+ Up-to-date udev rules for U2F devices are shipped in libu2f-udev nowadays.
+ (Closes: #889665)
+ * service: relax PID file symlink chain checks a bit.
+ Let's read the PID file after all if there's a potentially unsafe symlink
+ chain in place. But if we do, then refuse taking the PID if its outside of
+ the cgroup. (Closes: #889144)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 09 Feb 2018 23:35:31 +0100
+
+systemd (237-1) unstable; urgency=medium
+
+ * New upstream version 237
+ * Rebase patches
+ * Update symbols file for libsystemd0
+ * Update Vcs-* to point to https://salsa.debian.org
+ * Bump Standards-Version to 4.1.3
+ * Set Rules-Requires-Root to no
+
+ -- Michael Biebl <biebl@debian.org> Tue, 30 Jan 2018 01:55:24 +0100
+
+systemd (236-4) unstable; urgency=medium
+
+ [ Felipe Sateler ]
+ * Allow systemd-timesyncd to start when libnss-systemd is not installed.
+ Pick upstream patch requiring the existence of the systemd-timesync user
+ only when running as root, which is not the case for the system unit.
+ (Closes: #887343)
+
+ [ Nicolas Braud-Santoni ]
+ * debian/copyright: Refer to the CC0 license file (Closes: #882629)
+
+ [ Michael Biebl ]
+ * Add Build-Depends on python3-evdev <!nocheck>
+ This is used by hwdb/parse_hwdb.py to perform additional validation on
+ hwdb files.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 28 Jan 2018 22:29:32 +0100
+
+systemd (236-3) unstable; urgency=medium
+
+ * Revert "core/execute: RuntimeDirectory= or friends requires mount
+ namespace"
+ This was making mounts from SSH sessions invisible to the system.
+ (Closes: #885325)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 11 Jan 2018 16:46:04 +0100
+
+systemd (236-2) unstable; urgency=medium
+
+ * Downgrade priority of libudev1 to optional.
+ This makes it compliant with recent versions of debian-policy which
+ recommends to use priority optional for library packages.
+ * Clarify NEWS entry about removal of system users.
+ Mention in the recent NEWS entry that the associated system groups
+ should be removed as well. (Closes: #885061)
+ * cryptsetup-generator: Don't mistake NULL input as OOM.
+ Fixes systemd-cryptsetup-generator failing to run during boot.
+ (Closes: #885201)
+ * analyze: Use normal bus connection for "plot" verb.
+ Fixes "systemd-analyze plot" failing to run as root. (Closes: #884506)
+ * Stop re-enabling systemd services on every upgrade.
+ This was done so changes to the [Install] section would be applied on
+ upgrades. Forcefully re-enabling a service might overwrite local
+ modifications though and thus far, none of the affected services did
+ actually change its [Install] section. So remove this code from the
+ maintainer scripts as it was apparently doing more harm then good.
+ (Closes: #869354)
+
+ -- Michael Biebl <biebl@debian.org> Tue, 02 Jan 2018 00:35:14 +0100
+
+systemd (236-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/upstream: Only show ≥ warning in journal dumps.
+ Showing the entire debug log is too hard to scan visually, and most of
+ the time the warnings and errors are sufficient to explain a failure.
+ Put the journal files into the artifacts though, in case the debug
+ information is necessary.
+
+ [ Michael Biebl ]
+ * New upstream version 236
+ - nspawn: Adjust path to static resolv.conf to support split usr.
+ (Closes: #881310)
+ - networkd: Don't stop networkd if CONFIG_FIB_RULES=n in kernel.
+ (Closes: #881823)
+ - core: Fix segfault in compile_bind_mounts() when BindPaths= or
+ BindReadOnlyPaths= is set. (Closes: #883380)
+ - meson: Link NSS modules with -z nodelete to fix memory leak in
+ nss-systemd. (Closes: #883407)
+ - logind: Make sure we don't acces m->action_what if it's not initialized.
+ (Closes: #882270)
+ - systemctl: Ignore shutdown's "-t" argument. (Closes: #882245)
+ - core: Be more defensive if we can't determine per-connection socket
+ peer. (Closes: #879603)
+ - bpf-firewall: Actually invoke BPF_PROG_ATTACH to check whether
+ cgroup/bpf is available. (Closes: #878965)
+ * Rebase patches
+ * Update symbols file for libsystemd0
+ * Bump Standards-Version to 4.1.2
+ * Clean up old /var/lib/systemd/clock on upgrade.
+ The clock file used by systemd-timesyncd is now stored in
+ StateDirectory=systemd/timesync. (Closes: #883605)
+ * Stop creating systemd-timesync system user.
+ DynamicUser=yes has been enabled for systemd-timesyncd.service so
+ allocating a system user statically is no longer necessary.
+ * Document removal of systemd-{timesync,journal-gateway,journal-upload} user.
+ We no longer create those system users as the corresponding services now
+ use DynamicUser=yes. Removing those system users automatically is tricky,
+ as the relevant services might be running during upgrade. Add a NEWS
+ entry instead which documents this change.
+ * Revert "udev-rules: Permission changes for /dev/dri/renderD*"
+ This would introduce a new system group "render". As the name is rather
+ generic, this needs further discussion first, so revert this change for
+ now.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 17 Dec 2017 21:45:51 +0100
+
+systemd (235-3) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Switch from XC-Package-Type to Package-Type. As of dpkg-dev 1.15.7
+ Package-Type is recognized as an official field name.
+ * Install modprobe configuration file to /lib/modprobe.d.
+ Otherwise it is not read by kmod. (Closes: #879191)
+
+ [ Felipe Sateler ]
+ * Backport upstream (partial) fix for combined DynamicUser= + User=
+ UID was not allowed to be different to GID, which is normally the case in
+ debian, due to the group users being allocated the GID 100 without an
+ equivalent UID 100 being allocated.
+ * Backport upstream patches to fully make DynamicUser=yes + static,
+ pre-existing User= work.
+
+ [ Martin Pitt ]
+ * Add missing python3-minimal dependency to systemd-tests
+ * Drop long-obsolete systemd-bus-proxy system user
+ systemd-bus-proxy hasn't been shipped since before stretch and never
+ created any files. Thus clean up the obsolete system user on upgrades.
+ (Closes: #878182)
+ * Drop static systemd-journal-gateway system user
+ systemd-journal-gatewayd.service now uses DynamicUser=, so we don't need
+ to create this statically any more. Don't remove the user on upgrades
+ though, as there is likely still be a running process. (Closes: #878183)
+ * Use DynamicUser= for systemd-journal-upload.service.
+ * Add Recommends: libnss-systemd to systemd-sysv.
+ This is useful to actually be able to resolve dynamically created system
+ users with DynamicUser=true. This concept is going to be used much more
+ in future versions and (hopefully) third-party .services, so pulling it
+ into the default installation seems prudent now.
+ * resolved: Fix loop on packets with pseudo dns types.
+ (CVE-2017-15908, Closes: #880026, LP: #1725351)
+ * bpf-firewall: Properly handle kernels without BPF cgroup but with TRIE maps.
+ Fixes "Detaching egress BPF: Invalid argument" log spam. (Closes: #878965)
+ * Fix MemoryDenyWriteExecution= bypass with pkey_mprotect() (LP: #1725348)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 15 Nov 2017 09:34:00 +0100
+
+systemd (235-2) unstable; urgency=medium
+
+ * Revert "tests: when running a manager object in a test, migrate to private
+ cgroup subroot first"
+ This was causing test suite failures when running inside a chroot.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 11 Oct 2017 00:46:07 +0200
+
+systemd (235-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 235
+ - cryptsetup-generator: use remote-cryptsetup.target when _netdev is
+ present (Closes: #852534)
+ - tmpfiles: change btmp mode 0600 → 0660 (Closes: #870638)
+ - networkd: For IPv6 addresses do not treat IFA_F_DEPRECATED as not ready
+ (Closes: #869995)
+ - exec-util,conf-files: skip non-executable files in execute_directories()
+ (Closes: #867902)
+ - man: update udevadm -y/--sysname-match documentation (Closes: #865081)
+ - tmpfiles: silently ignore any path that passes through autofs
+ (Closes: #805553)
+ - shared: end string with % if one was found at the end of a expandible
+ string (Closes: #865450)
+ * Refresh patches
+ * Bump Build-Depends on libmount-dev to (>= 2.30)
+ * Install new modprobe.d config file
+ * Bump Standards-Version to 4.1.1
+
+ [ Martin Pitt ]
+ * Merge logind-kill-off autopkgtest into logind test.
+ This was horribly inefficient as a separate test (from commit
+ 6bd0dab41e), as that cost two VM resets plus accompanying boots; and
+ this does not change any state thus does not require this kind of
+ isolation.
+
+ -- Michael Biebl <biebl@debian.org> Tue, 10 Oct 2017 18:29:28 +0200
+
+systemd (234-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Various fixes for the upstream autopkgtest.
+
+ [ Felipe Sateler ]
+ * Add fdisk to the dependencies of the upstream autopkgtest.
+ The upstream autopkgtest uses sfdisk, which is now in the non-essential
+ fdisk package. (Closes: #872119)
+ * Disable nss-systemd on udeb builds
+ * Correctly disable resolved on udeb builds
+ * Help fix collisions in libsystemd-shared symbols by versioning them.
+ Backport upstream patch to version the symbols provided in the private
+ library, so that they cannot confuse unversioned pam modules or libraries
+ linked into them. (Closes: #873708)
+
+ [ Dimitri John Ledkov ]
+ * Cherrypick upstream networkd-test.py assertion/check fixes.
+ This resolves ADT test suite failures, when running tests under lxc/lxd
+ providers.
+ * Cherrypick arm* seccomp fixes.
+ This should resolve ADT test failures, on arm64, when running as root.
+ * Disable KillUserProcesses, yet again, with meson this time.
+ * initramfs-tools: trigger udevadm add actions with subsystems first.
+ This updates the initramfs-tools init-top udev script to trigger udevadm
+ actions with type specified. This mimics the systemd-udev-trigger.service.
+ Without type specified only devices are triggered, but triggering
+ subsystems may also be required and should happen before triggering the
+ devices. This is the case for example on s390x with zdev generated udev
+ rules. (LP: #1713536)
+
+ [ Michael Biebl ]
+ * (Re)add --quiet flag to addgroup calls.
+ This is now safe with adduser having been fixed to no longer suppress
+ fatal error messages if --quiet is used. (Closes: #837871)
+ * Switch back to default GCC (Closes: #873661)
+ * Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf.
+ All major NTP implementations ship a native service file nowadays with a
+ Conflicts=systemd-timesyncd.service so this drop-in is no longer
+ necessary. (Closes: #873185)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 04 Sep 2017 00:17:00 +0200
+
+systemd (234-2.3) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Also switch to g++-6 temporarily (needed for some tests):
+ - Add g++-6 to Build-Depends
+ - Export CXX = g++-6
+
+ -- Cyril Brulebois <kibi@debian.org> Thu, 24 Aug 2017 02:40:53 +0200
+
+systemd (234-2.2) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Switch to gcc-6 on all architectures, working around an FTBFS on mips64el,
+ apparently due to a gcc-7 bug (See: #871514):
+ - Add gcc-6 to Build-Depends in debian/control
+ - Export CC = gcc-6 in debian/rules
+
+ -- Cyril Brulebois <kibi@debian.org> Wed, 23 Aug 2017 22:53:09 +0000
+
+systemd (234-2.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix missing 60-input-id.rules in udev-udeb, which breaks the graphical
+ version of the Debian Installer, as no key presses or mouse events get
+ processed (Closes: #872598).
+
+ -- Cyril Brulebois <kibi@debian.org> Wed, 23 Aug 2017 20:41:33 +0200
+
+systemd (234-2) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * udev README.Debian: Fix name of example *.link file
+
+ [ Felipe Sateler ]
+ * test-condition: Don't assume that all non-root users are normal users.
+ Automated builders may run under a dedicated system user, and this test
+ would fail that.
+
+ [ Michael Biebl ]
+ * Revert "units: Tell login to preserve environment"
+ Environment=LANG= LANGUAGE= LC_CTYPE= ... as used in the getty units is
+ not unsetting the variables but instead sets it to an empty var. Passing
+ that environment to login messes up the system locale settings and
+ breaks programs like gpg-agent.
+ (Closes: #868695)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 20 Jul 2017 15:13:42 +0200
+
+systemd (234-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 234
+ - tmpfiles: Create /var/log/lastlog if it does not exist.
+ (Closes: #866313)
+ - network: Bridge vlan without PVID. (Closes: #859941)
+ * Rebase patches
+ * Switch build system from autotools to meson.
+ Update the Build-Depends accordingly.
+ * Update fsckd patch for meson
+ * udev autopkgtest: no longer install test-udev binary manually.
+ This is now done by the upstream build system.
+ * Update symbols file for libsystemd0
+ * Update lintian override for systemd-tests.
+ Upstream now installs manual and unsafe tests in subdirectories of
+ /usr/lib/systemd/tests/, so ignore those as well.
+ * Bump Standards-Version to 4.0.0
+ * Change priority of libnss-* packages from extra to optional.
+ * Use UTF-8 locale when building the package.
+ Otherwise meson will be pretty unhappy when trying to process files with
+ unicode characters. Use C.UTF-8 as this locale is pretty much guaranteed
+ to be available everywhere.
+ * Mark test-timesync as manual.
+ The test tries to setup inotify watches for /run/systemd/netif/links
+ which fails in a buildd environment where systemd is not active.
+ * Do not link udev against libsystemd-shared.
+ We ship udev in a separate binary package, so can't use
+ libsystemd-shared, which is part of the systemd binary package.
+ * Avoid requiring a "kvm" system group.
+ This group is not universally available and as a result generates a
+ warning during boot. As kvm is only really useful if the qemu package is
+ installed and this package already takes care of setting up the proper
+ permissions for /dev/kvm, drop this rule from 50-udev-default.rules.
+
+ [ Martin Pitt ]
+ * udev README.Debian: Update transitional rules and mention *.link files.
+ - 01-mac-for-usb.link got replaced with 73-usb-net-by-mac.rules
+ - /etc/systemd/network/50-virtio-kernel-names.link is an upgrade
+ transition for VMs with virtio
+ - Describe *.link files as a simpler/less error prone (but also less
+ flexible) way of customizing interface names. (Closes: #868002)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 13 Jul 2017 17:38:28 +0200
+
+systemd (233-10) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Adjust var-lib-machines.mount target.
+ Upstream PR #6095 changed the location to
+ {remote-fs,machines}.target.wants, so just install all available ones.
+
+ [ Dimitri John Ledkov ]
+ * Fix out-of-bounds write in systemd-resolved.
+ CVE-2017-9445 (Closes: #866147, LP: #1695546)
+
+ [ Michael Biebl ]
+ * Be truly quiet in systemctl -q is-enabled (Closes: #866579)
+ * Improve RLIMIT_NOFILE handling.
+ Use /proc/sys/fs/nr_open to find the current limit of open files
+ compiled into the kernel instead of using a hard-coded value of 65536
+ for RLIMIT_NOFILE. (Closes: #865449)
+
+ [ Nicolas Braud-Santoni ]
+ * debian/extra/rules: Use updated U2F ruleset.
+ This ruleset comes from Yubico's libu2f-host. (Closes: #824532)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 03 Jul 2017 18:51:58 +0200
+
+systemd (233-9) unstable; urgency=medium
+
+ * hwdb: Use path_join() to generate the hwdb_bin path.
+ This ensures /lib/udev/hwdb.bin gets the correct SELinux context. Having
+ double slashes in the path makes selabel_lookup_raw() return the wrong
+ context. (Closes: #851933)
+ * Drop no longer needed Breaks against usb-modeswitch
+ * Drop Breaks for packages shipping rcS init scripts.
+ This transition was completed in stretch.
+
+ -- Michael Biebl <biebl@debian.org> Mon, 19 Jun 2017 15:10:14 +0200
+
+systemd (233-8) experimental; urgency=medium
+
+ * Bump debhelper compatibility level to 10
+ * Drop versioned Build-Depends on dpkg-dev.
+ It's no longer necessary as even Jessie ships a new enough version.
+ * timesyncd: don't use compiled-in list if FallbackNTP has been configured
+ explicitly (Closes: #861769)
+ * resolved: fix null pointer p->question dereferencing.
+ This fixes a bug which allowed a remote DoS (daemon crash) via a crafted
+ DNS response with an empty question section.
+ Fixes: CVE-2017-9217 (Closes: #863277)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 29 May 2017 14:12:08 +0200
+
+systemd (233-7) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * basic/journal-importer: Fix unaligned access in get_data_size()
+ (Closes: #862062)
+ * ima: Ensure policy exists before asking the kernel to load it
+ (Closes: #863111)
+ * Add Depends: procps to systemd.
+ It's required by /usr/lib/systemd/user/systemd-exit.service which calls
+ /bin/kill to stop the systemd --user instance. (Closes: #862292)
+ * service: Serialize information about currently executing command
+ (Closes: #861157)
+ * seccomp: Add clone syscall definitions for mips (Closes: #861171)
+
+ [ Dimitri John Ledkov ]
+ * ubuntu: disable dnssec on any ubuntu releases (LP: #1690605)
+
+ [ Felipe Sateler ]
+ * Specify nobody user and group.
+ Otherwise nss-systemd will translate to group 'nobody', which doesn't
+ exist on debian systems.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 24 May 2017 12:26:18 +0200
+
+systemd (233-6) experimental; urgency=medium
+
+ [ Felipe Sateler ]
+ * Backport upstream PR #5531.
+ This delays opening the mdns and llmnr sockets until a network has enabled
+ them. This silences annoying messages when networkd receives such packets
+ without expecting them: Got mDNS UDP packet on unknown scope.
+
+ [ Martin Pitt ]
+ * resolved: Disable DNSSEC by default on stretch and zesty.
+ Both Debian stretch and Ubuntu zesty are close to releasing, switch to
+ DNSSEC=off by default for those. Users can still turn it back on with
+ DNSSEC=allow-downgrade (or even "yes").
+
+ [ Michael Biebl ]
+ * Add Conflicts against hal.
+ Since v183, udev no longer supports RUN+="socket:". This feature is
+ still used by hal, but now generates vast amounts of errors in the
+ journal. Thus force the removal of hal by adding a Conflicts to the udev
+ package. This is safe, as hal is long dead and no longer useful.
+ * Drop systemd-ui Suggests
+ systemd-ui is unmaintained upstream and not particularly useful anymore.
+ * journal: fix up syslog facility when forwarding native messages.
+ Native journal messages (_TRANSPORT=journal) typically don't have a
+ syslog facility attached to it. As a result when forwarding the
+ messages to syslog they ended up with facility 0 (LOG_KERN).
+ Apply syslog_fixup_facility() so we use LOG_USER instead.
+ (Closes: #837893)
+ * Split upstream tests into systemd-tests binary package (Closes: #859152)
+ * Get PACKAGE_VERSION from config.h.
+ This also works with meson and is not autotools specific.
+
+ [ Sjoerd Simons ]
+ * init-functions Only call daemon-reload when planning to redirect
+ systemctl daemon-reload is a quite a heavy operation, it will re-parse
+ all configuration and re-run all generators. This should only be done
+ when strictly needed. (Closes: #861158)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 28 Apr 2017 21:47:14 +0200
+
+systemd (233-5) experimental; urgency=medium
+
+ * Do not throw a warning in emergency and rescue mode if plymouth is not
+ installed.
+ Ideally, plymouth should only be referenced via dependencies, not
+ ExecStartPre. This at least avoids the confusing error message on
+ minimal installations that do not carry plymouth.
+ * rules: Allow SPARC vdisk devices when identifying CD drives
+ (Closes: #858014)
+
+ -- Michael Biebl <biebl@debian.org> Tue, 21 Mar 2017 21:00:08 +0100
+
+systemd (233-4) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * udev autopkgtest: Drop obsolete sys.tar.xz fallback.
+ This was only necessary for supporting 232 as well.
+ * root-unittest: Drop obsolete FIXME comment.
+ * Add libpolkit-gobject-1-dev build dep for polkit version detection.
+ * Move systemd.link(5) to udev package.
+ .link files are being handled by udev, so it should ship the
+ corresponding manpage. Bump Breaks/Replaces accordingly. (Closes: #857270)
+
+ [ Michael Biebl ]
+ * Restart journald on upgrades (Closes: #851438)
+ * Avoid strict DM API versioning.
+ Compiling against the dm-ioctl.h header as provided by the Linux kernel
+ will embed the DM interface version number. Running an older kernel can
+ lead to errors on shutdown when trying to detach DM devices.
+ As a workaround, build against a local copy of dm-ioctl.h based on 3.13,
+ which is the minimum required version to support DM_DEFERRED_REMOVE.
+ (Closes: #856337)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 16 Mar 2017 18:40:16 +0100
+
+systemd (233-3) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * Install D-Bus policy files in /usr
+ * Drop no longer needed maintainer scripts migration code and simplify
+ various version checks
+ * Fix location of installed tests
+ * Override package-name-doesnt-match-sonames lintian warning for libnss-*
+ * Don't ship any symlinks in /etc/systemd/system.
+ Those should be created dynamically via "systemctl enable".
+
+ [ Martin Pitt ]
+ * root-unittests autopkgtest: Skip test-udev.
+ It has its own autopkgtest and needs some special preparation. At some
+ point that should be merged into root-unittests, but let's quickfix this
+ to unbreak upstream CI.
+
+ -- Michael Biebl <biebl@debian.org> Fri, 03 Mar 2017 19:49:44 +0100
+
+systemd (233-2) experimental; urgency=medium
+
+ * test: skip instead of fail if crypto kmods are not available.
+ The Debian buildds have module loading disabled, thus AF_ALG sockets are
+ not available during build. Skip the tests that cover those (khash and
+ id128) instead of failing them in this case.
+ https://github.com/systemd/systemd/issues/5524
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 03 Mar 2017 11:51:25 +0100
+
+systemd (233-1) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release 233:
+ - udev: Remove /run/udev/control on stop to avoid sendsigs to kill
+ udevd. (Closes: #791944)
+ - nspawn: Handle container directory symlinks. (Closes: #805785)
+ - Fix mount units to not become "active" when NFS mounts time out.
+ (Closes: #835810)
+ - hwdb: Rework path/priority comparison when loading files from /etc/
+ vs. /lib. (Closes: #845442)
+ - machinectl: Fix "list" command when failing to determine OS version.
+ (Closes: #849316)
+ - Support tilegx architecture. (Closes: #856306)
+ - systemd-sleep(8): Point out inhibitor interface as better alternative
+ for suspend integration. (Closes: #758279)
+ - journalctl: Improve error message wording when specifying boot
+ offset with ephemeral journal. (Closes: #839291)
+ * Install new systemd-umount and /usr/lib/environment.d/
+ * Use "make install-tests" for shipped unit tests
+ * Switch back to gold linker on mips*
+ Bug #851736 got fixed now.
+ * debian/rules: Drop obsolete SETCAP path
+
+ [ Michael Biebl ]
+ * Drop upstart jobs for udev
+ * Drop /sbin/udevadm compat symlink from udev-udeb and initramfs
+ * Drop Breaks and Replaces from pre-jessie
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 02 Mar 2017 17:10:09 +0100
+
+systemd (232-19) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/README.source: Update patch and changelog handling to current
+ reality.
+ * root-unittests autopkgtest: Blacklist test-journal-importer.
+ This got added in a recent PR, but running this requires using "make
+ install-tests" which hasn't landed yet.
+ * fsckd: Fix format specifiers on 32 bit architectures.
+ * resolved: Fix NSEC proofs for missing TLDs (Closes: #855479)
+ * boot-and-services autopkgtest: Skip CgroupsTest on unified hierarchy.
+ * boot-smoke autopkgtest: Run in containers, too.
+ * logind autopkgtest: Adjust to work in containers.
+
+ [ Dimitri John Ledkov ]
+ * Fix resolved failing to follow CNAMES for DNS stub replies (LP: #1647031)
+ * Fix emitting change signals with a sessions property in logind
+ (LP: #1661568)
+
+ [ Michael Biebl ]
+ * If an automount unit is masked, don't react to activation anymore.
+ Otherwise we'll hit an assert sooner or later. (Closes: #856035)
+
+ [ Felipe Sateler ]
+ * resolved: add the new KSK to the built-in resolved trust anchor.
+ The old root key will be discarded in early 2018, so get this into
+ stretch.
+ * Backport some zsh completion fixes from upstream (Closes: #847203)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 02 Mar 2017 09:21:12 +0100
+
+systemd (232-18) unstable; urgency=medium
+
+ * udev autopkgtest: Adjust to script-based test /sys creation.
+ PR #5250 changes from the static sys.tar.xz to creating the test /sys
+ directory with a script. Get along with both cases until 233 gets
+ released and packaged.
+ * systemd-resolved.service.d/resolvconf.conf: Don't fail if resolvconf is
+ not installed. ReadWritePaths= fails by default if the referenced
+ directory does not exist. This happens if resolvconf is not installed, so
+ use '-' to ignore the absence. (Closes: #854814)
+ * Fix two more seccomp issues.
+ * Permit seeing process list of units whose unit files are missing.
+ * Fix systemctl --user enable/disable without $XDG_RUNTIME_DIR being set.
+ (Closes: #855050)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 13 Feb 2017 17:36:12 +0100
+
+systemd (232-17) unstable; urgency=medium
+
+ * Add libcap2-bin build dependency for tests. This will make
+ test_exec_capabilityboundingset() actually run. (Closes: #854394)
+ * Add iproute2 build dependency for tests. This will make
+ test_exec_privatenetwork() actually run; it skips if "ip" is not present.
+ (Closes: #854396)
+ * autopkgtest: Run all upstream unit tests as root.
+ Ship all upstream unit tests in libsystemd-dev, and run them all as root
+ in autopkgtest. (Closes: #854392) This also fixes the FTBFS on non-seccomp
+ architectures.
+ * systemd-resolved.service.d/resolvconf.conf: Allow writing to
+ /run/resolvconf. Upstream PR #5283 will introduce permission restrictions
+ for systemd-resolved.service, including the lockdown to writing
+ /run/systemd/. This will then cause the resolvconf call in our drop-in to
+ fail as that needs to write to /run/resolvconf/. Add this to
+ ReadWritePaths=. (This is a no-op with the current unrestricted unit).
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 10 Feb 2017 11:52:46 +0100
+
+systemd (232-16) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Add autopkgtest for test-seccomp
+ * udev: Fix by-id symlinks for devices whose IDs contain whitespace
+ (Closes: #851164, LP: #1647485)
+ * Add lintian overrides for binary-or-shlib-defines-rpath on shipped test
+ programs. This is apparently a new lintian warning on which uploads get
+ rejected. These are only test programs, not in $PATH, and they need to
+ link against systemd's internal library.
+
+ [ Michael Biebl ]
+ * Fix seccomp filtering. (Closes: #852811)
+ * Do not crash on daemon-reexec when /run is full (Closes: #850074)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 09 Feb 2017 16:22:43 +0100
+
+systemd (232-15) unstable; urgency=medium
+
+ * Add missing Build-Depends on tzdata.
+ It is required to successfully run the test suite. (Closes: #852883)
+ * Bump systemd Breaks to ensure it is upgraded in lockstep with udev.
+ The sandboxing features used by systemd-udevd.service require systemd
+ (>= 232-11). (Closes: #853078)
+ * Bump priority of libpam-systemd to standard.
+ This reflects the changes that have been made in the archive a while
+ ago. See #803184
+
+ -- Michael Biebl <biebl@debian.org> Wed, 01 Feb 2017 22:45:35 +0100
+
+systemd (232-14) unstable; urgency=medium
+
+ * Deal with NULL pointers more gracefully in unit_free() (Closes: #852202)
+ * Fix issues in journald during startup
+
+ -- Michael Biebl <biebl@debian.org> Mon, 23 Jan 2017 14:52:46 +0100
+
+systemd (232-13) unstable; urgency=medium
+
+ * Re-add versioned Conflicts/Replaces against upstart.
+ In Debian the upstart package was never split into upstart and
+ upstart-sysv, so we need to keep that for switching from upstart to
+ systemd-sysv. (Closes: #852156)
+ * Update Vcs-* according to the latest recommendation
+ * Update Homepage and the URLs in debian/copyright to use https
+
+ -- Michael Biebl <biebl@debian.org> Sun, 22 Jan 2017 08:19:28 +0100
+
+systemd (232-12) unstable; urgency=medium
+
+ * Fix build if seccomp support is disabled
+ * Enable seccomp support on ppc64
+
+ -- Michael Biebl <biebl@debian.org> Wed, 18 Jan 2017 19:43:51 +0100
+
+systemd (232-11) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Fix RestrictAddressFamilies=
+ Backport upstream fix for setting up seccomp filters to fix
+ RestrictAddressFamilies= on non-amd64 architectures. Drop the hack from
+ debian/rules to remove this property from unit files.
+ See #843160
+ * Use local machine-id for running tests during package build.
+ Since "init" and thus "systemd" are not part of debootstrap any more,
+ some buildd chroots don't have an /etc/machine-id any more. Port the old
+ Add-env-variable-for-machine-ID-path.patch to the current code, use a
+ local machine-id again, and always make test suite failures fatal.
+ (Closes: #851445)
+
+ [ Michael Biebl ]
+ * gpt-auto-generator: support LUKS encrypted root partitions
+ (Closes: #851475)
+ * Switch to bfd linker on mips*
+ The gold linker is currently producing broken libraries on mips*
+ resulting in segfaults for users of libsystemd. Switch to bfd until
+ binutils has been fixed. (Closes: #851412)
+ * Revert "core: turn on specifier expansion for more unit file settings"
+ The expansion of the % character broke the fstab-generator and
+ specifying the tmpfs size as percentage of physical RAM resulted in the
+ size being set to 4k. (Closes: #851492)
+ * Drop obsolete Conflicts, Breaks and Replaces
+ * Require systemd-shim version which supports v232.
+ See #844785
+
+ [ Ondřej Nový ]
+ * Redirect try-restart in init-functions hook (Closes: #851688)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 18 Jan 2017 12:38:54 +0100
+
+systemd (232-10) unstable; urgency=medium
+
+ * Add NULL sentinel to strjoin.
+ We haven't cherry-picked upstream commit 605405c6c which introduced a
+ strjoin macro that adds the NULL sentinel automatically so we need to do
+ it manually. (Closes: #851210)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 13 Jan 2017 05:08:55 +0100
+
+systemd (232-9) unstable; urgency=medium
+
+ * Use --disable-wheel-group configure switch.
+ Instead of mangling the tmpfiles via sed to remove the wheel group, use
+ the configure switch which was added upstream in v230.
+ See https://github.com/systemd/systemd/issues/2492
+ * Update debian/copyright.
+ Bob Jenkins released the lookup3.[ch] files as public domain which means
+ there is no copyright holder.
+ * Drop fallback for older reportbug versions when attaching files
+ * debian/extra/init-functions.d/40-systemd: Stop checking for init env var.
+ This env variable is no longer set when systemd executes a service so
+ it's pointless to check for it.
+ * debian/extra/init-functions.d/40-systemd: Stop setting
+ _SYSTEMCTL_SKIP_REDIRECT=true.
+ It seems we don't actually need it to detect recursive loops (PPID is
+ sufficient) and by exporting it we leak _SYSTEMCTL_SKIP_REDIRECT into
+ the runtime environment of the service. (Closes: #802018)
+ * debian/extra/init-functions.d/40-systemd: Rename _SYSTEMCTL_SKIP_REDIRECT.
+ Rename _SYSTEMCTL_SKIP_REDIRECT to SYSTEMCTL_SKIP_REDIRECT to be more
+ consistent with other environment variables which are used internally by
+ systemd, like SYSTEMCTL_SKIP_SYSV.
+ * Various specifier resolution fixes.
+ Turn on specifier expansion for more unit file settings.
+ See https://github.com/systemd/systemd/pull/4835 (Closes: #781730)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 12 Jan 2017 16:59:22 +0100
+
+systemd (232-8) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Drop systemd dependency from libnss-myhostname again.
+ This NSS module is completely independent from systemd, unlike the other
+ three.
+ * Install 71-seat.rules into the initrd.
+ This helps plymouth to detect applicable devices. (Closes: #756109)
+ * networkd: Fix crash when setting routes.
+ * resolved: Drop removal of resolvconf entry on stop.
+ This leads to timeouts on shutdown via the resolvconf hooks and does not
+ actually help much -- /etc/resolv.conf would then just be empty instead of
+ having a nonexisting 127.0.0.53 nameserver, so manually stopping resolved
+ in a running system is broken either way. (LP: #1648068)
+ * Keep RestrictAddressFamilies on amd64.
+ This option and libseccomp currently work on amd64 at least, so let's make
+ sure it does not break there as well, and benefit from the additional
+ protection at least on this architecture.
+ * Explicitly set D-Bus policy dir.
+ This is about to change upstream in
+ https://github.com/systemd/systemd/pull/4892, but as explained in commit
+ 2edb1e16fb12f4 we need to keep the policies in /etc/ until stretch+1.
+
+ [ Michael Biebl ]
+ * doc: Clarify NoNewPrivileges in systemd.exec(5). (Closes: #756604)
+ * core: Rework logic to determine when we decide to add automatic deps for
+ mounts. This adds a concept of "extrinsic" mounts. If mounts are
+ extrinsic we consider them managed by something else and do not add
+ automatic ordering against umount.target, local-fs.target,
+ remote-fs.target. (Closes: #818978)
+ * rules: Add persistent links for nbd devices. (Closes: #837999)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 17 Dec 2016 01:54:18 +0100
+
+systemd (232-7) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Mark liblz4-tool build dependency as <!nocheck>
+ * udev: Try mount -n -o move first
+ initramfs-tools is not actually using util-linux mount (yet), so making
+ mount -n --move the first alternative would trigger an error message if
+ users have built their initramfs without busybox support.
+
+ [ Alexander Kurtz ]
+ * debian/extra/kernel-install.d/85-initrd.install: Remove an unnecessary
+ variable. (Closes: #845977)
+
+ [ Martin Pitt ]
+ * Drop systemd-networkd's "After=dbus.service" ordering, so that it can
+ start during early boot (for cloud-init.service). It will auto-connect to
+ D-Bus once it becomes available later, and transient (from DHCP) hostname
+ and timezone setting do not currently work anyway. (LP: #1636912)
+ * Run hwdb/parse_hwdb.py during package build.
+ * Package libnss-systemd
+ * Make libnss-* depend on the same systemd package version.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 30 Nov 2016 14:38:36 +0100
+
+systemd (232-6) unstable; urgency=medium
+
+ * Add policykit-1 test dependency for networkd-test.py.
+ * debian/rules: Don't destroy unit symlinks with sed -i.
+ Commit 21711e74 introduced a "sed -i" to remove RestrictAddressFamilies=
+ from units. This also caused unit symlinks to get turned into real files,
+ causing D-Bus activated services like timedated to fail ("two units with
+ the same D-Bus name").
+ * Fall back to "mount -o move" in udev initramfs script
+ klibc's mount does not understand --move, so for the time being we need to
+ support both variants. (Closes: #845161)
+ * debian/README.Debian: Document how to generate a shutdown log.
+ Thanks ç©ä¸¹å°¼ Dan Jacobson. (Closes: #826297)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 21 Nov 2016 10:39:57 +0100
+
+systemd (232-5) unstable; urgency=medium
+
+ * Add missing liblz4-tool build dependency.
+ Fixes test-compress failure during package build.
+ * systemd: Ship /var/lib.
+ This will soon contain a polkit pkla file.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 20 Nov 2016 12:22:52 +0100
+
+systemd (232-4) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/unit-config: Query pkg-config for system unit dir.
+ This fixes confusion on merged-/usr systems where both /usr/lib/systemd and
+ /lib/systemd exist. It's actually useful to verify that systemd.pc says the
+ truth.
+ * debian/tests/upstream: Fix clobbering of merged-/usr symlinks
+ * debian/tests/systemd-fsckd: Create /etc/default/grub.d if necessary
+ * debian/rules: Drop check for linking to libs in /usr.
+ This was just an approximation, as booting without an initrd could still be
+ broken by library updates (e. g. #828991). With merged /usr now being the
+ default this is now completely moot.
+ * Move kernel-install initrd script to a later prefix.
+ 60- does not leave much room for scripts that want to run before initrd
+ building (which is usually one of the latest things to do), so bump to 85.
+ Thanks to Sjoerd Simons for the suggestion.
+ * Disable 99-default.link instead of the udev rule for disabling persistent
+ interface names.
+ Disabling 80-net-setup-link.rules will also cause ID_NET_DRIVER to not be
+ set any more, which breaks 80-container-ve.network and matching on driver
+ name in general. So disable the actual default link policy instead. Still
+ keep testing for 80-net-setup-link.rules in the upgrade fix and
+ 73-usb-net-by-mac.rules to keep the desired behaviour on systems which
+ already disabled ifnames via that udev rule.
+ See https://lists.freedesktop.org/archives/systemd-devel/2016-November/037805.html
+ * debian/tests/boot-and-services: Always run seccomp test
+ seccomp is now available on all architectures on which Debian and Ubuntu
+ run tests, so stop making this test silently skip if seccomp is disabled.
+ * Bump libseccomp build dependency as per configure.ac.
+ * Replace "Drop RestrictAddressFamilies=" patch with sed call.
+ With that it will also apply to upstream builds/CI, and it is structurally
+ simpler.
+ * Rebuild against libseccomp with fixed shlibs. (Closes: #844497)
+
+ [ Michael Biebl ]
+ * fstab-generator: add x-systemd.mount-timeout option. (Closes: #843989)
+ * build-sys: do not install ctrl-alt-del.target symlink twice.
+ (Closes: #844039)
+ * Enable lz4 support.
+ While the compression rate is not as good as XZ, it is much faster, so a
+ better default for the journal and especially systemd-coredump.
+ (Closes: #832010)
+
+ [ Felipe Sateler ]
+ * Enable machines.target by default. (Closes: #806787)
+
+ [ Evgeny Vereshchagin ]
+ * debian/tests/upstream: Print all journal files.
+ We don't print all journal files. This is misleading a bit:
+ https://github.com/systemd/systemd/pull/4331#issuecomment-252830790
+ https://github.com/systemd/systemd/pull/4395#discussion_r87948836
+
+ [ Luca Boccassi ]
+ * Use mount --move in initramfs-tools udev script.
+ Due to recent changes in busybox and initramfs-tools the mount
+ utility is no longer the one from busybox but from util-linux.
+ The latter does not support mount -o move.
+ The former supports both -o move and --move, so use it instead to be
+ compatible with both.
+ See this discussion for more details:
+ https://bugs.debian.org/823856 (Closes: #844775)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 20 Nov 2016 03:34:58 +0100
+
+systemd (232-3) unstable; urgency=medium
+
+ [ Felipe Sateler ]
+ * Make systemd-delta less confused on merged-usr systems. (Closes: #843070)
+ * Fix wrong paths for /bin/mount when compiled on merged-usr system.
+ Then the build system finds /usr/bin/mount which won't exist on a
+ split-/usr system. Set the paths explicitly in debian/rules and drop
+ Use-different-default-paths-for-various-binaries.patch. (Closes: #843433)
+
+ [ Martin Pitt ]
+ * debian/tests/logind: Split out "pid in logind session" test
+ * debian/tests/logind: Adjust "in logind session" test for unified cgroup
+ hierarchy
+ * debian/tests/boot-and-services: Check common properties of CLI programs.
+ Verify that CLI programs have a sane behaviour and exit code when being
+ called with --help, --version, or an invalid option.
+ * nspawn: Fix exit code for --help and --version (Closes: #843544)
+ * core: Revert using the unified hierarchy for the systemd cgroup.
+ Too many things don't get along with it yet, like docker, LXC, or runc.
+ (Closes: #843509)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 09 Nov 2016 09:34:45 +0100
+
+systemd (232-2) unstable; urgency=medium
+
+ * Drop RestrictAddressFamilies from service files.
+ RestrictAddressFamilies= is broken on 32bit architectures and causes
+ various services to fail with a timeout, including
+ systemd-udevd.service.
+ While this might actually be a libseccomp issue, remove this option for
+ now until a proper solution is found. (Closes: #843160)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 05 Nov 2016 22:43:27 +0100
+
+systemd (232-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release 232:
+ - Fix "systemctl start" when ReadWriteDirectories is a symlink
+ (Closes: ##792187)
+ - Fix "journalctl --setup-keys" output (Closes: #839097)
+ - Run run sysctl service if /proc/sys/net is writable, for containers
+ (Closes: #840529)
+ - resolved: Add d.f.ip6.arpa to the DNSSEC default negative trust anchors
+ (Closes: #834453)
+ * debian/tests/logind: Copy the current on-disk unit instead of the
+ on-memory one.
+ * Build sd-boot on arm64. gnu-efi is available on arm64 now.
+ (Closes: #842617)
+ * Link test-seccomp against seccomp libs to fix FTBFS
+ * debian/rules: Remove nss-systemd (until we package it)
+ * Install new systemd-mount
+
+ [ Michael Biebl ]
+ * Install new journal-upload.conf man pages in systemd-journal-remote
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 04 Nov 2016 07:18:10 +0200
+
+systemd (231-10) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * systemctl: Add --wait option to wait until started units terminate again.
+ * nss-resolve: return NOTFOUND instead of UNAVAIL on resolution errors.
+ This makes it possible to configure a fallback to "dns" without breaking
+ DNSSEC, with "resolve [!UNAVAIL=return] dns".
+ * libnss-resolve.postinst: Skip dns fallback if resolve is present.
+ Only fall back to "dns" if nss-resolve is not installed (for the
+ architecture of the calling program). Once it is, we never want to fall
+ back to "dns" as that breaks enforcing DNSSEC verification and also
+ pointlessly retries NXDOMAIN failures. (LP: #1624071)
+ * unit: sent change signal before removing the unit if necessary
+ (LP: #1632964)
+ * networkd: Fix assertion crash on adding VTI with IPv6 addresses
+ (LP: #1633274)
+ * debian/tests/upstream: Stop specifying initrd, it is autodetected now.
+ * debian/tests/upstream: Add gcc/libc-dev/make test dependencies,
+ so that the tests can build helper binaries.
+
+ [ Felipe Sateler ]
+ * Explicitly disable installing the upstream-provided PAM configuration.
+ * Register interest in the status of dracut and initramfs-tools in reportbug
+ template
+
+ [ Michael Biebl ]
+ * Stop creating systemd-update-utmp-runlevel.service symlinks manually
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 26 Oct 2016 13:24:37 +0200
+
+systemd (231-9) unstable; urgency=medium
+
+ * pid1: process zero-length notification messages again.
+ Just remove the assertion, the "n" value was not used anyway. This fixes
+ a local DoS due to unprocessed/unclosed fds which got introduced by the
+ previous fix. (Closes: #839171) (LP: #1628687)
+ * pid1: Robustify manager_dispatch_notify_fd()
+ * test/networkd-test.py: Add missing writeConfig() helper function.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 29 Sep 2016 23:39:24 +0200
+
+systemd (231-8) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Replace remaining systemctl --failed with --state=failed
+ "--failed" is deprecated in favor of --state.
+ * debian/shlibs.local.in: More precisely define version of internal shared
+ lib.
+ * debian/tests/upstream: Drop blacklisting
+ These tests now work fine without qemu.
+ * debian/tests/storage: Avoid rmmod scsi_debug (LP: #1626737)
+ * upstream build system: Install libudev, libsystemd, and nss modules to
+ ${rootlibdir}. Drop downstream workaround from debian/rules.
+ * Ubuntu: Disable resolved's DNSSEC for the final 16.10 release.
+ Resolved's DNSSEC support is still not mature enough, and upstream
+ recommends to disable it in stable distro releases still.
+ * Fix abort/DoS on zero-length notify message triggers (LP: #1628687)
+ * resolved: don't query domain-limited DNS servers for other domains
+ (LP: #1588230)
+
+ [ Antonio Ospite ]
+ * Update systemd-user pam config to require pam_limits.so.
+ (Closes: #838191)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 29 Sep 2016 13:40:21 +0200
+
+systemd (231-7) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * fsckd: Do not exit on idle timeout if there are still clients connected
+ (Closes: #788050, LP: #1547844)
+
+ [ Martin Pitt ]
+ * 73-usb-net-by-mac.rules: Split kernel command line import line.
+ Reportedly this makes the rule actually work on some platforms. Thanks Alp
+ Toker! (LP: #1593379)
+ * debian/tests/boot-smoke: Only run 5 iterations
+ * systemd.postinst: Drop obsolete setcap call for systemd-detect-virt.
+ Drop corresponding libcap2-bin dependency.
+ * debian/tests/systemd-fsckd: Robustify check for "unit was running"
+ (LP: #1624406)
+ * debian/extra/set-cpufreq: Use powersave with intel_pstate.
+ This is what we did on xenial, and apparently powersave is still actually
+ better than performance. Thanks to Doug Smythies for the measurements!
+ (LP: #1579278)
+ * Ubuntu: Move ondemand.service from static to runtime enablement.
+ This makes it easier to keep performance, by disabling ondemand.service.
+ Side issue in LP: #1579278
+ * Revert "networkd: remove route if carrier is lost"
+ This causes networkd to drop addresses from unmanaged interfaces in some
+ cases. (Closes: #837759)
+ * debian/tests/storage: Avoid stderr output of stopping systemd-cryptsetup@.service
+ * libnss-*.prerm: Remove possible [key=value] options from NSS modules as well.
+ (LP: #1625584)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 20 Sep 2016 15:03:06 +0200
+
+systemd (231-6) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Add alternative iptables-dev build dependencies
+ libiptc-dev is very new and not yet present in stable Debian/Ubuntu releases.
+ Add it as a fallback build dependency for backports and upstream tests.
+ * Detect if seccomp is enabled but seccomp filtering is disabled
+ (Closes: #832713)
+ * resolved: recognize DNS names with more than one trailing dot as invalid
+ (LP: #1600000)
+ * debian/tests/smoke: Store udev db dump artifact on failure
+ * networkd: limit the number of routes to the kernel limit
+ * systemctl: consider service running only when it is in active or reloading state
+ * networkd: remove route if carrier is lost
+ * Add Ref()/Unref() bus calls for units
+
+ [ Felipe Sateler ]
+ * git-cherry-pick: always recreate the patch-queue branch.
+
+ [ Dimitri John Ledkov ]
+ * Use idiomatic variables from dpkg include.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 11 Sep 2016 15:00:55 +0200
+
+systemd (231-5) unstable; urgency=medium
+
+ [ Iain Lane ]
+ * Let graphical-session-pre.target be manually started (LP: #1615341)
+
+ [ Felipe Sateler ]
+ * Add basic version of git-cherry-pick
+ * Replace Revert-units-add-a-basic-SystemCallFilter-3471.patch with upstream
+ patch
+ * sysv-generator: better error reporting. (Closes: #830257)
+
+ [ Martin Pitt ]
+ * 73-usb-net-by-mac.rules: Test for disabling 80-net-setup-link.rules more
+ efficiently. Stop calling readlink at all and just test if
+ /etc/udev/rules.d/80-net-setup-link.rules exists -- a common way to
+ disable an udev rule is to just "touch" it in /etc/udev/rule.d/ (i. e.
+ empty file), and if the rule is customized we cannot really predict anyway
+ if the user wants MAC-based USB net names or not. (LP: #1615021)
+ * Ship kernel-install (Closes: #744301)
+ * Add debian/extra/kernel-install.d/60-initrd.install.
+ This kernel-install drop-in copies the initrd of the selected kernel to
+ the EFI partition.
+ * bootctl: Automatically detect ESP partition.
+ This makes bootctl work with Debian's /boot/efi/ mountpoint without having
+ to explicitly specify --path.
+ Patches cherry-picked from upstream master.
+ * systemd.NEWS: Point out that alternatively rcS scripts can be moved to
+ rc[2-5]. Thanks to Petter Reinholdtsen for the suggestion!
+
+ [ Michael Biebl ]
+ * Enable iptables support (Closes: #787480)
+ * Revert "logind: really handle *KeyIgnoreInhibited options in logind.conf"
+ The special 'key handling' inhibitors should always work regardless of
+ any *IgnoreInhibited settings – otherwise they're nearly useless.
+ Update man pages to clarify that *KeyIgnoreInhibited only apply to a
+ subset of locks (Closes: #834148)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 26 Aug 2016 10:58:07 +0200
+
+systemd (231-4) unstable; urgency=medium
+
+ * Revert "pid1: reconnect to the console before being re-executed"
+ This unbreaks consoles after "daemon-reexec". (Closes: #834367)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 18 Aug 2016 07:03:13 +0200
+
+systemd (231-3) unstable; urgency=medium
+
+ * resolved resolvconf integration: Run resolvconf without privilege
+ restrictions. On some architectures (at least ppc64el), running resolvconf
+ does not work with MemoryDenyWriteExecute=yes. (LP: #1609740)
+ * Revert unit usage of MemoryDenyWriteExecute=yes. This is implemented
+ through seccomp as well. (Closes: #832713)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 15 Aug 2016 09:58:09 +0200
+
+systemd (231-2) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/rules: Fix UPSTREAM_VERSION for upstream master builds
+ * Limit "link against /usr" check to some critical binaries only and add
+ generators
+ * debian/rules: Put back cleanup of *.busname (Closes: #833487)
+ * debian/tests/localed-x11-keymap: Robustify cleanup
+ * debian/tests/localed-x11-keymap: Check that localed works without
+ /etc/default/keyboard. This reproduces #833849.
+ * Revert "units: add a basic SystemCallFilter (#3471)"
+ This causes fatal failures on kernels that don't have seccomp enabled.
+ This can be reactivated once
+ https://github.com/systemd/systemd/issues/3882 is fixed.
+ (Closes: #832713, #832893)
+
+ [ Simon McVittie ]
+ * localed: tolerate absence of /etc/default/keyboard.
+ The debian-specific patch to read Debian config files was not tolerating
+ the absence of /etc/default/keyboard. This causes systemd-localed to
+ fail to start on systems where that file isn't populated (like embedded
+ systems without keyboards). (Closes: #833849)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 14 Aug 2016 10:54:57 +0200
+
+systemd (231-1) unstable; urgency=low
+
+ [ Martin Pitt ]
+ * New upstream release 231:
+ - Fix "Failed to create directory /str/sys/fs/selinux: Read-only file
+ system" warning. (Closes: #830693)
+ * systemd.postinst: Remove systemd-networkd-resolvconf-update.path removal
+ leftover. (Closes: #830778)
+ * Drop support for rcS.d SysV init scripts.
+ These are prone to cause dependency loops, and almost all packages with
+ rcS scripts now ship a native systemd service.
+ * networkd: Handle router advertisements in userspace again.
+ Drop Revert-Revert-networkd-ndisc-revert-to-letting-the-k.patch.
+ Bug #814566/#815586 got fixed in 230, and #815884 and #815884 and #815793
+ are unreproducible and need more reporter feedback.
+ * debian/gbp.conf: Enable dch options "full" and "multimaint-merge"
+ * systemd-sysv: Add Conflicts: systemd-shim.
+ To avoid shim trying to claim the D-Bus interfaces.
+ * Add graphical-session.target user unit.
+ * Add graphical-session-pre.target user unit
+ * Add debian/extra/units-ubuntu/user@.service.d/timeout.conf.
+ This avoids long hangs during shutdown if user services fail/hang due to
+ X.org going away too early. This is mostly a workaround, so only install
+ for Ubuntu for now.
+ * Dynamically add upstream version to debian/shlibs.local
+ * Set Debian/Ubuntu downstream support URL in journal catalogs
+ (Closes: #769187)
+
+ [ Michael Biebl ]
+ * Restrict Conflicts: openrc to << 0.20.4-2.1.
+ Newer versions of openrc no longer ship conflicting implementations of
+ update-rc.d/invoke-rc.d.
+ * Add Depends: dbus to systemd-container.
+ This is required for systemd-machined and systemd-nspawn to work
+ properly. (Closes: #830575)
+ * Drop insserv.conf generator.
+ We no longer parse /etc/insserv.conf and /etc/insserv.conf.d/* and
+ augment services with that dependency information via runtime drop-in
+ files. Services which want to provide certain system facilities need to
+ pull in the corresponding targets themselves. Either directly in the
+ native service unit or by shipping a drop-in snippet for SysV init
+ scripts. (Closes: #825858)
+ * getty-static.service: Only start if we have a working VC subsystem.
+ Use ConditionPathExists=/dev/tty0, the same check as in getty@.service,
+ to determine whether we have a functional VC subsystem and we should
+ start any gettys. (Closes: #824779)
+ * Stop mentioning snapshot and restore in the package description.
+ Support for the .snapshot unit type has been removed upstream.
+ * Drop sigpwr-container-shutdown.service.
+ This is no longer necessary as lxc-stop has been fixed to use SIGRTMIN+3
+ to shut down systemd based LXC containers.
+ https://github.com/lxc/lxc/pull/1086
+ https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
+
+ [ Felipe Sateler ]
+ * Add versioned breaks for packages shipping rcS init scripts
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 26 Jul 2016 12:17:14 +0200
+
+systemd (230-7) unstable; urgency=medium
+
+ * Tell dh_shlibdeps to look in the systemd package for libraries. Otherwise
+ dpkg-shlibdeps fails to find libsystemd-shared as we no longer create a
+ shlibs file for it.
+ * Add Build-Depends-Package to libudev1.symbols and libsystemd0.symbols.
+ This ensures proper dependencies when a package has a Build-Depends on a
+ higher version of libudev-dev or libsystemd-dev then what it gets from the
+ used symbols.
+
+ -- Michael Biebl <biebl@debian.org> Fri, 08 Jul 2016 13:04:33 +0200
+
+systemd (230-6) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/boot-smoke: Stop running in containers again, too unreliable
+ on Ubuntu s390x right now.
+
+ [ Michael Biebl ]
+ * Bump Build-Depends on debhelper to (>= 9.20160114), required for
+ --dbgsym-migration support.
+ * Install test-udev binary into $libdir/udev/ not $libdir. Only libraries
+ should be installed directly into $libdir.
+ * Exclude libsystemd-shared from dh_makeshlibs.
+
+ [ Felipe Sateler ]
+ * Do not install libsystemd-shared.so symlink
+ * {machine,system}ctl: always pass &changes and &n_changes (Closes: #830144)
+
+ [ Michael Prokop ]
+ * debian/tests/logind: Ensure correct version of logind is running.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 07 Jul 2016 15:22:16 +0200
+
+systemd (230-5) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Sync test/networkd-test.py with current upstream master, and remove our
+ debian/tests/networkd copy. Directly run test/networkd-test.py in
+ autopkgtest.
+ * debian/extra/rules/73-usb-net-by-mac.rules: Disable when
+ /etc/udev/rules.d/80-net-setup-link.rules is a symlink to /dev/null, to be
+ consistent with the documented way to disable ifnames. (Closes: #824491,
+ LP: #1593379)
+ * debian/rules: Ignore libcap-ng.so in the "does anything link against /usr"
+ check, to work around libaudit1 recently gaining a new dependency against
+ that library (#828991). We have no influence on that ourselves. This fixes
+ the FTBFS in the meantime.
+
+ [ Felipe Sateler ]
+ * Convert common code into a private shared library. This saves about 9 MB
+ of installed size in the systemd package, and some more in systemd-*.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 01 Jul 2016 09:15:12 +0200
+
+systemd (230-4) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * tmp.mount: Add nosuid and nodev mount options. This restores compatibility
+ with the original SysV int RAMTMP defaults. (Closes: #826377)
+ * debian/tests/upstream: Some tests fail on platforms without QEMU at the
+ moment due to upstream PR#3587; blacklist these for now if QEMU is not
+ available.
+ * debian/rules: Don't run the "anything links against /usr" check for
+ upstream tests, as those run on Ubuntu 16.04 LTS which does not yet have
+ libidn moved to /lib.
+ * debian/tests/upstream: Clean up old journals before running a test, to
+ avoid printing a wrong one on failure.
+ * debian/tests/upstream: Do not run the QEMU tests on i386. Nested QEMU on
+ i386 causes testbed hangs on Ubuntu's cloud infrastructure, which is the
+ only place where these actually run.
+ * resolved: Fix SERVFAIL handling and introduce a new "Cache=" option to
+ disable local caching.
+ * resolved: Support IPv6 zone indices in resolv.conf. (LP: #1587489)
+ * resolved: Update resolv.conf when calling SetLinkDNS().
+ * debian/tests/storage: Sync and settle udev after luksFormat, to reduce the
+ chance of seeing some half-written signatures.
+ * debian/tests/networkd: Stop skipping the two DHCP6 tests, this regression
+ seems to have been fixed now.
+ * resolved: respond to local resolver requests on 127.0.0.53:53. This
+ provides compatibility with clients that don't use NSS but do DNS queries
+ directly, such as Chrome.
+ * resolved: Don't add route-only domains to /etc/resolv.conf.
+ * systemd-resolve: Add --flush-caches and --status commands.
+ * Add debian/extra/units/systemd-resolved.service.d/resolvconf.conf to tell
+ resolvconf about resolved's builtin DNS server on 127.0.0.53. With that,
+ DNS servers picked up via networkd are respected when using resolvconf,
+ and software like Chrome that does not do NSS (libnss-resolve) still gets
+ proper DNS resolution. Drop the brittle and ugly
+ systemd-networkd-resolvconf-update.{path,service} hack instead.
+ * debian/tests/boot-smoke: Run in containers as well.
+
+ [ Laurent Bigonville ]
+ * Build with IDN support. (Closes: #814528)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 29 Jun 2016 15:23:32 +0200
+
+systemd (230-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/boot-and-services: Adjust test_tmp_mount() for fixed
+ systemctl exit code for "unit not found" in upstream commit ca473d57.
+ * debian/tests/boot-and-services, test_no_failed(): Show journal of failed
+ units.
+ * debian/extra/init-functions.d/40-systemd: Adjust to changed systemctl
+ show behaviour in 231: now this fails for nonexisting units instead of
+ succeeding with "not-found". Make the code compatible to both for now.
+ * Fix networkd integration with resolvconf for domain-limited DNS servers,
+ so that these don't appear as global nameservers in resolv.conf. Thanks
+ Andy Whitcroft for the initial fix! Add corresponding test case to
+ debian/tests/networkd. (LP: #1587762)
+ * resolved: Fix comments in resolve.conf for search domain overflows.
+ (LP: #1588229)
+ * On Ubuntu, provide an "ondemand.service" that replaces
+ /etc/init.d/ondemand. The latter does not exist any more when
+ "initscripts" falls out of the default installation. (LP: #1584124) This
+ now does not do a fixed one-minute wait but uses "Type=idle" instead. This
+ also becomes a no-op when the CPU supports "intel_pstate" (≤ 5 years old),
+ as on these the ondemand/powersave schedulers are actually detrimental.
+ (LP: #1579278)
+ * debian/systemd-container.install: Drop *.busname installation, they are
+ going away upstream.
+ * debian/extra/init-functions.d/40-systemd: Do not call systemctl
+ daemon-reload if the script is called as user (like reportbug does). Also
+ make sure that daemon-reload will not invoke polkit.
+ * Install test-udeb from .libs, to avoid installing the automake shell
+ wrapper.
+ * Fix transaction restarting in resolved to avoid async processing of
+ free'd transactions.
+ (Closes: #817210, LP: #1587727, #1587740, #1587762, #1587740)
+ * Add "upstream" autopkgtest that runs the test/TEST* upstream integration
+ tests in QEMU and nspawn.
+ * Build systemd-sysusers binary, for using in rkt. Do not ship the
+ corresponding unit and sysusers.d/ files yet, as these need some
+ Debianization and an autopkgtest. (Closes: #823322)
+ * debian/tests/systemd-fsckd: Adjust was_running() to also work for version
+ 230.
+
+ [ Michael Biebl ]
+ * Add "systemctl daemon-reload" to lsb init-functions hook if the LoadState
+ of a service is "not-found". This will run systemd-sysv-generator, so SysV
+ init scripts that aren't installed by the package manager should be picked
+ up automatically. (Closes: #825913)
+ * automount: handle expire_tokens when the mount unit changes its state.
+ (Closes: #826512)
+ * debian/systemd.preinst: Correctly determine whether a service is enabled.
+ Testing for the return code alone is not sufficient as we need to
+ differentiate between "generated" and "enabled" services.
+ (Closes: #825981)
+
+ [ Felipe Sateler ]
+ * Drop configure option --disable-compat-libs. It no longer exists.
+ * Add policykit-1 to Suggests. It is used to allow unprivileged users to
+ execute certain commands. (Closes: #827756)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 21 Jun 2016 23:51:07 +0200
+
+systemd (230-2) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Don't add a Breaks: against usb-modeswitch when building on Ubuntu; there
+ it does not use hotplug.functions and is a lower version.
+ * boot-and-services autopkgtest: Add missing xserver-xorg and
+ lightdm-greeter test dependencies, so that lightdm can start.
+ (See LP #1581106)
+ * Re-disable logind's KillUserProcesses option by default. (Closes: #825394)
+
+ [ Michael Biebl ]
+ * Drop --disable-silent-rules from debian/rules. This is now handled by dh
+ directly depending on whether the DH_QUIET environment variable is set.
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 31 May 2016 12:02:14 +0200
+
+systemd (230-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release 230.
+ - Fix rare assertion failure in hashmaps. (Closes: #816612)
+ - Fix leaking scope units. (Closes: #805477)
+ - Fix wrong socket ownership after daemon-reload. (LP: #1577001)
+ - udev: Fix touch screen detection. (LP: #1530384)
+ * Drop cmdline-upstart-boot autopkgtest. It was still needed up to Ubuntu
+ 16.04 LTS, but upstart-sysv is not supported any more in Debian and Ubuntu
+ now.
+ * udev: Drop hotplug.functions, now that the last remaining user of this got
+ fixed. Add appropriate versioned Breaks:.
+ * debian/extra/rules/70-debian-uaccess.rules: Add some more FIDO u2f devices
+ from different vendors. Thanks Atoyama Tokanawa.
+ * Remove "bootchart" autopkgtest, this upstream version does not ship
+ bootchart any more. It will be packaged separately.
+
+ [ Michael Biebl ]
+ * Drop obsolete --disable-bootchart configure switch from udeb build.
+ * Remove obsolete /etc/systemd/bootchart.conf conffile on upgrades.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 23 May 2016 09:42:51 +0200
+
+systemd (229-6) unstable; urgency=medium
+
+ * systemd-container: Prefer renamed "btrfs-progs" package name over
+ "btrfs-tools". (Closes: #822629)
+ * systemd-container: Recommend libnss-mymachines. (Closes: #822615)
+ * Drop systemd-dbg, in favor of debhelpers' automatic -dbgsym packages.
+ * Drop Add-targets-for-compatibility-with-Debian-insserv-sy.patch; we don't
+ need $x-display-manager any more as most/all DMs ship native services, and
+ $mail-transport-agent is not widely used (not even by our default MTA
+ exim4).
+ * Unify our two patches for Debian specific configuration files.
+ * Drop udev-re-enable-mount-propagation-for-udevd.patch, i. e. run udevd in
+ its own slave mount name space again. laptop-mode-tools 1.68 fixed the
+ original bug (#762018), thus add a Breaks: to earlier versions.
+ * Ship fbdev-blacklist.conf in /lib/modprobe.d/ instead of /etc/modprobe.d/;
+ remove the conffile on upgrades.
+ * Replace util-Add-hidden-suffixes-for-ucf.patch with patch that got
+ committed upstream.
+ * Replace Stop-syslog.socket-when-entering-emergency-mode.patch with patch
+ that got committed upstream.
+ * debian/udev.README.Debian: Adjust documentation of MAC based naming for
+ USB network cards to the udev rule, where this was moved to in 229-5.
+ * debian/extra/init-functions.d/40-systemd: Invoke status command with
+ --no-pager, to avoid blocking scripts that call an init.d script with
+ "status" with an unexpected pager process. (Closes: #765175, LP: #1576409)
+ * Add debian/extra/rules/70-debian-uaccess.rules: Make FIDO U2F dongles
+ accessible to the user session. This avoids having to install libu2f-host0
+ (which isn't discoverable at all) to make those devices work.
+ (LP: #1387908)
+ * libnss-resolve: Enable systemd-resolved.service on package installation,
+ as this package makes little sense without resolved.
+ * Add a DHCP exit hook for pushing received NTP servers into timesyncd.
+ (LP: #1578663)
+ * debian/udev.postinst: Fix migration check from the old persistent-net
+ generator to not apply to chroots. (Closes: #813141)
+ * Revert "enable TasksMax= for all services by default, and set it to 512".
+ Introducing a default limit on number of threads broke a lot of software
+ which regularly needs more, such as MySQL and RabbitMQ, or services that
+ spawn off an indefinite number of subtasks that are not in a scope, like
+ LXC or cron. 512 is way too much for most "simple" services, and it's way
+ too little for the ones mentioned above. Effective (and much stricter)
+ limits should instead be put into units individually.
+ (Closes: #823530, LP: #1578080)
+ * Split out udev rule to name USB network interfaces by MAC address into
+ 73-usb-net-by-mac.rules, so that it's easier to disable. (Closes: #824025)
+ * 73-usb-net-by-mac.rules: Disable when net.ifnames=0 is specified on the
+ kernel command line, to be consistent with disabling the *.link files.
+ * 73-special-net-names.rule: Name the IBM integrated management module
+ virtual USB network card "ibmimm". Thanks Marco d'Itri!
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 12 May 2016 09:40:19 +0200
+
+systemd (229-5) unstable; urgency=medium
+
+ * debian/tests/unit-config: Call "daemon-reload" to clean up generated units
+ in between tests.
+ * debian/tests/unit-config: Check that enable/disable commands are
+ idempotent.
+ * debian/tests/unit-config: Detect if system units are in /usr/, so that the
+ test works on systems with merged /usr.
+ * debian/tests/unit-config: Use systemd-sysv-install instead of update-rc.d
+ directly, so that the test works under Fedora too.
+ * debian/tests/unit-config: Check disabling of a "systemctl link"ed unit,
+ and check "systemctl enable" on a unit with full path which is not in the
+ standard directories.
+ * Rename debian/extra/rules/73-idrac.rules to 73-special-net-names.rules, as
+ it is going to get rules for other devices. Also install it into the
+ initramfs.
+ * debian/extra/rules/73-special-net-names.rules: Add DEVPATH number based
+ naming schema for ibmveth devices. (LP: #1561096)
+ * Don't set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 devmapper
+ devices with "change" events, as this causes spurious unmounting with
+ multipath devices. (LP: #1565969)
+ * Fix bogus "No [Install] section" warning when enabling a unit with full
+ path. (LP: #1563590)
+ * debian/tests/cmdline-upstart-boot: In test_rsyslog(), check for messages
+ from dbus instead of NetworkManager. NM 1.2 does not seem to log to syslog
+ by default any more.
+ * Bump Standards-Version to 3.9.8 (no changes necessary).
+ * debian/tests/boot-smoke: Add some extra debugging if there are pending
+ jobs after 10s, to figure out why lightdm is sometimes "restarting".
+ (for LP #1571673)
+ * debian/tests/boot-smoke: Configure dummy X.org driver (like in the
+ boot-and-services test), to avoid lightdm randomly fail. (LP: #1571673)
+ * Move Debian specific patches into debian/patches/debian (which translates
+ to "Gbp-Pq: Topic debian" with pq). This keeps upstream vs. Debian
+ patches separated without the comments in debian/patches/series (which
+ always get removed by "pq export").
+ * Don't ship an empty /etc/X11/xinit/xinitrc.d/ directory, this isn't
+ supported in Debian. (Closes: #822198)
+ * udev: Mark nbd as inactive until connected. (Closes: #812485)
+ * On shutdown, unmount /tmp before disabling swap. (Closes: #788303)
+ * debian/systemd-coredump.postinst: Do daemon-reload before starting
+ systemd-coredump, as the unit file may have changed on upgrades.
+ (Closes: #820325)
+ * Set MAC based name for USB network interfaces only for universally
+ administered (i. e. stable) MACs, not for locally administered (i. e.
+ randomly generated) ones. Drop /lib/systemd/network/90-mac-for-usb.link
+ (as link files don't currently support globs for MACAddress=) and replace
+ with an udev rule in /lib/udev/rules.d/73-special-net-names.rules.
+ (Closes: #812575, LP: #1574483)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 25 Apr 2016 11:08:11 +0200
+
+systemd (229-4) unstable; urgency=medium
+
+ * Fix assertion crash when processing a (broken) device without a sysfs
+ path. (Closes: #819290, LP: #1560695)
+ * Fix crash when shutdown is issued from a non-tty. (LP: #1553040)
+ * networkd: Stay running while any non-loopback interface is up.
+ (Closes: #819414)
+ * Fix reading uint32 D-Bus properties on big-endian.
+ * Fix crash if an udev device has many tags or devlinks. (LP: #1564976)
+ * systemctl, loginctl, etc.: Don't start polkit agent when running as root.
+ (LP: #1565617)
+ * keymap: Add Add HP ZBook (LP: #1535219) and HP ProBook 440 G3.
+ * systemd.resource-control.5: Fix links to cgroup documentation on
+ kernel.org. (Closes: #819970)
+ * Install test-udev into libudev-dev, so that we have it available for
+ autopkgtests.
+ * Add "udev" autopkgtest for running the upstream test/udev-test.pl.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 07 Apr 2016 08:11:10 +0200
+
+systemd (229-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/timedated: Add tests for "timedatectl set-local-rtc".
+ * Be more tolerant in parsing /etc/adjtime.
+ * debian/systemd.postinst: Don't fail package installation if systemctl
+ daemon-reload trigger fails. This does not fix the root cause of the
+ reload failures, but at least causes fewer packages to be in a broken
+ state after upgrade, so that a reboot or apt-get -f install have a much
+ higher chance in succeeding. (For bugs like LP #1502097 or LP #1447654)
+ * debian/tests/networkd: Skip test_hogplug_dhcp_ip6 when running against
+ upstream as well.
+ * debian/tests/boot-and-services: Wait for units to stop with a "systemctl
+ is-active" loop instead of static sleeps.
+ * debian/tests/networkd: Skip DHCPv6 tests for downstream packages too. This
+ is an actual regression in networkd-229, to be investigated. But this
+ shouldn't hold up reverse dependencies.
+ * Fix assertion in add_random(). (LP: #1554861)
+ * debian/tests/boot-and-services: Don't assert on "Stopped Container c1"
+ message in NspawnTests.test_service(), this is sometimes not present. Just
+ check that the unit did not fail.
+ * Add "adduser" dependency to systemd-coredump, to quiesce lintian.
+ * Bump Standards-Version to 3.9.7 (no changes necessary).
+ * Fix timespec parsing by correctly initializing microseconds.
+ (Closes: #818698, LP: #1559038)
+ * networkd: Add fallback if FIONREAD is not supported. (Closes: #818488)
+ * Cherry-pick various fixes from upstream master.
+ - Fixes logout when changing the current target. (Closes: #805442)
+
+ [ Evgeny Vereshchagin ]
+ * debian/tests/boot-and-services: Search systemd-coredump's output by
+ SYSLOG_IDENTIFIER.
+ * Add missing "Recommends: btrfs-tools" to systemd-container.
+ * Add systemd-coredump postinst/prerm to start/stop systemd-coredump.socket
+ without a reboot. (Closes: #816767)
+
+ [ Felipe Sateler ]
+ * Set the paths of loadkeys and setfont via configure arguments, not a patch
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 21 Mar 2016 14:11:44 +0100
+
+systemd (229-2) unstable; urgency=medium
+
+ * time-util: map ALARM clockids to non-ALARM clockids in now(), to work on
+ architectures which don't support CLOCK_BOOTTIME_ALARM. Fixes FTBFS on
+ many architectures.
+ * debian/systemd.postinst: Add missing newline to /etc/adjtime migration.
+ (See #699554)
+ * debian/systemd.postinst: Only try to enable tmp.mount if we actually
+ copied it to /etc. Don't try to enable a generated unit. (LP: #1545707)
+ * debian/tests/boot-and-services: Increase timeouts of test_bash_crash from
+ 5 to 10 seconds, and sync the journal after every iteration.
+ * debian/extra/checkout-upstream: Try again after one minute if git checkout
+ fails, to avoid failures from transient network errors.
+ * debian/tests/systemd-fsckd: Use grub.d/50-cloudimg-settings.cfg as a
+ template for generating our custom one instead of 90-autopkgtest.cfg. The
+ latter does not exist on non-x86 architectures and is not relevant for
+ this test.
+ * debian/tests/boot-and-services: Skip journal test for test_bash_crash when
+ running against upstream, as this currently fails most of the time. To be
+ investigated.
+ * debian/tests/networkd: Skip test_coldplug_dhcp_ip6 when running against
+ upstream, as this is brittle there. To be investigated.
+ * debian/tests/bootchart: Skip test if bootchart is not available or
+ testing in upstream mode. bootchart got removed from master and will be
+ moved to a separate repository.
+ * debian/tests/boot-and-services: Show verbose journal output on failure in
+ nspawn test, and sync journal before.
+ * Move systemd-coredump socket and service into systemd-coredump binary
+ package.
+ * Revert changing the default core dump ulimit and core_pattern. This
+ completely breaks core dumps without systemd-coredump. It's also
+ contradicting core(8). (Closes: #815020)
+ * Fix addresses for type "sit" tunnels. (Closes: #816132)
+ * networkd: Go back to letting the kernel handle IPv6 router advertisements,
+ as networkd's own currently has too many regressions. Thanks to Stefan
+ Lippers-Hollmann for investigating this! (Closes: #814566,
+ #814667, #815586, #815884, #815793)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 28 Feb 2016 22:16:12 +0100
+
+systemd (229-1) unstable; urgency=medium
+
+ * New upstream release 229.
+ - Fix systemctl behaviour in chroots. (Closes: #802780)
+ - Fix SELinux context of /run/user/$UID. (Closes: #775651)
+ - Add option to optionally turn of color output. (Closes: #783692)
+ - Don't git-ignore src/journal-remote/browse.html. (Closes: #805514)
+ - Do not warn about Wants depencencies on masked units. (LP: #1543282)
+ * debian/systemd.install: Ship the new systemd-resolve.
+ * libsystemd0.symbols: Add new symbols from this release.
+ * systemd-coredump.postinst: Create systemd-coredump system user.
+ * debian/tests/systemd-fsckd: Tame overly strict test for failed plymouth
+ unit, which is a race condition with plymouthd auto-stopping.
+ (LP: #1543144)
+ * Drop timedated-don-t-rely-on-usr-being-mounted-in-the-ini.patch.
+ initramfs-tools has mounted /usr since Jessie, and tzdata now creates
+ /etc/localtime as a symlink too (see #803144).
+ * Use-different-default-paths-for-various-binaries.patch: Drop path changes
+ for setcap (which is already a build dep and not used at all) and sulogin
+ (which is now in util-linux).
+ * Remove obsolete udev maintainer script checks:
+ - Drop check for kernel >= 2.6.32, which released in 2009.
+ - Drop restarting of some daemons due to the devtmpfs migration, which
+ happened before the above kernel even.
+ - Drop support for forcing upgrades on kernels known not to work via
+ /etc/udev/kernel-upgrade. Don't pretend that this would help, as users
+ could end up with a non-bootable system. Always fail early in preinst
+ when it's still possible to install a working kernel.
+ - Drop postinst test for "running in containers" -- it's actually possible
+ to run udev in containers if you mount /sys r/w and you know what you
+ are doing. Also, the init.d script and systemd service do that check
+ again.
+ - Keep the kernel feature and chroot checks, as these are still useful.
+ Simplify check_kernel_features() by eliminating some variables.
+ - Drop debconf templates. Two of them are obsolete, and having
+ CONFIG_SYSFS_DEPRECATED is now so implausible that this doesn't warrant
+ the overhead and translator efforts.
+ * Drop debian/tests/ifupdown-hotplug. The units moved into ifupdown, so the
+ test should go there too (see #814312).
+ * debian/tests/control: Reorder tests and add a comment which ones should
+ not be run for an upstream build.
+ * debian/tests/control: Rearrange tests and avoid removing test dependencies
+ to minimize testbed resets.
+ * Add debian/extra/checkout-upstream: Script to replace the current
+ source with a checkout of an upstream pull request, branch, or commit,
+ and remove debian/patches/. Call from debian/rules if $TEST_UPSTREAM is
+ set. This will be used for upstream CI.
+ * Enable seccomp support on powerpc, ppc64el, and s390x.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 11 Feb 2016 21:02:39 +0100
+
+systemd (228-6) unstable; urgency=medium
+
+ * Make-run-lock-tmpfs-an-API-fs.patch: Drop /run/lock from
+ tmpfiles.d/legacy.conf to avoid the latter clobbering the permissions of
+ /run/lock. Fixes fallout from cleanup in -5 that resulted /run/lock to
+ have 0755 permissions instead of 1777. (LP: #1541775)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 04 Feb 2016 11:46:54 +0100
+
+systemd (228-5) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Drop systemd-vconsole-setup.service: It has never been installed/used in
+ Debian and is not necessary for Ubuntu any more.
+ * Drop halt-local.service. This has never been documented/used in Debian.
+ (LP: #1532553)
+ * debian/extra/initramfs-tools/scripts/init-bottom/udev: Prefer "nuke"
+ again, it comes from klibc-utils. But fall back to "rm" if it does not
+ exist.
+ * systemd-timesyncd.service.d/disable-with-time-daemon.conf: Also don't run
+ if /usr/sbin/VBoxService exists, as virtualbox-guest-utils already
+ provides time synchronization with the host. (Closes: #812522)
+ * Drop Michael Stapelberg from Uploaders:, he stopped maintenance long ago.
+ Thanks Michael for your great work in the past!
+ * Replace "sysv-rc" dependency with Conflicts: openrc, file-rc. The
+ rationale from #739679 still applies, but with the moving of
+ {invoke,update}-rc.d to init-system-helpers we don't actually need
+ anything from sysv-rc any more other than the assumption that SysV init
+ scripts are enabled in /etc/rc?.d/ for the SysV generator to work (and
+ file-rc and openrc don't do that).
+ * debian/tests/timedated: Verify /etc/localtime symlink. Skip verifying the
+ /etc/timezone file (which is Debian specific) if $TEST_UPSTREAM is set.
+ * debian/tests/localed-locale: Check /etc/locale.conf if $TEST_UPSTREAM is
+ set.
+ * debian/tests/localed-x11-keymap: Test /etc/X11/xorg.conf.d/00-keyboard.conf
+ if $TEST_UPSTREAM is set.
+ * debian/tests/boot-and-services: Check for reaching graphical.target
+ instead of default.target, as the latter is a session systemd state only.
+ * debian/tests/boot-and-services: Skip tests which are known to fail/not
+ applicable with testing upstream builds.
+ * Drop Fix-up-tmpfiles.d-permissions-properly.patch:
+ - /run/lock is already created differently by
+ Make-run-lock-tmpfs-an-API-fs.patch, and contradicts to that.
+ - /run/lock/lockdev/ isn't being used anywhere and got dropped
+ upstream; backport the patch (tmpfiles-drop-run-lock-lockdev.patch).
+ - Move dropping of "group:wheel" (which has never existed in Debian) into
+ debian/rules, to also catch occurrences in other parts of the file which
+ the static patch would overlook.
+ * Shorten persistent identifier for CCW network interfaces (on s390x only).
+ (LP: #1526808)
+ * debian/rules: If $TEST_UPSTREAM is set (when building/testing upstream
+ master instead of distro packages), don't fail on non-installed new files
+ or new library symbols.
+ * Add systemd-sysv conflict to upstart-sysv, and version the upstart
+ conflict. This works with both Debian's and Ubuntu's upstart packages.
+
+ [ Michael Biebl ]
+ * Drop support for the /etc/udev/disabled flag file. This was a workaround
+ for udev failing to install with debootstrap because it didn't use
+ invoke-rc.d and therefor was not compliant with policy-rc.d. See #520742
+ for further details. This is no longer the case, so supporting that file
+ only leads to confusion about its purpose.
+ * Retrigger cleanup of org.freedesktop.machine1.conf and
+ hwclock-save.service now that dpkg has been fixed to correctly pass the
+ old version to postinst on upgrade. (Closes: #802545)
+ * Only ship *.link files as part of the udev package. The *.network files
+ are solely used by systemd-networkd and should therefor be shipped by the
+ systemd package. (Closes: #808237)
+ * Cherry-pick a few fixes from upstream:
+ - Fix unaligned access in initialize_srand(). (Closes: #812928)
+ - Don't run kmod-static-nodes.service if module list is empty. This
+ requires kmod v23. (Closes: #810367)
+ - Fix typo in systemctl(1). (Closes: #807462)
+ - Fix systemd-nspawn --link-journal=host to not fail if the directory
+ already exists. (Closes: #808222)
+ - Fix a typo in logind-dbus.c. The polkit action is named
+ org.freedesktop.login1.power-off, not org.freedesktop.login1.poweroff.
+ - Don't log an EIO error in gpt-auto-generator if blkid finds something
+ which is not a partition table. (Closes: #765586)
+ - Apply ACLs to /var/log/journal and also set them explicitly for
+ system.journal.
+ * Only skip the filesystem check for /usr if the /run/initramfs/fsck-usr
+ flag file exists. Otherwise we break booting with dracut which uses
+ systemd inside the initramfs. (Closes: #810748)
+ * Update the instructions in README.Debian for creating /var/log/journal.
+ They are now in line with the documentation in the systemd-journald(8) man
+ page and ensure that ACLs and group permissions are properly set.
+ (Closes: #800947, #805617)
+ * Drop "systemctl daemon-reload" from lsb init-functions hook. This is no
+ longer necessary as invoke-rc.d and init-system-helpers take care of this
+ nowadays.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 03 Feb 2016 10:09:46 +0100
+
+systemd (228-4) unstable; urgency=medium
+
+ * debian/udev.README.Debian: Add alternative way of disabling ifnames.
+ (Closes: #809339)
+ * Put back /lib/udev/hotplug.functions, until the three remaining packages
+ that use it stop doing so. (Closes: #810114)
+ * debian/udev.README.Debian: Point out that any change to interface naming
+ rules requires an initrd update.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 11 Jan 2016 07:12:40 +0100
+
+systemd (228-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/rules: Remove temporary debug output from test failures again. All
+ Debian buildd kernels are recent enough now, but add a check for kernels
+ older than 3.13 and ignore test failures for those.
+ * debian/tests/networkd: Factor out dnsmasq specific test "router" setup, so
+ that we can test against other implementations.
+ * debian/tests/networkd: Add router setup using an (isolated) networkd
+ process for configuring the veths and DHCP server.
+ * debian/tests/networkd: On failure, only show journal for current test.
+ * systemd-networkd-resolvconf-update.service: Wait for getting a name
+ server, not just for getting online.
+ * debian/tests/boot-and-services: Wait until bash crash stack trace is in
+ the journal before asserting on it. Also relax RE to work on non-x86
+ architectures.
+ * debian/tests/networkd: If /etc/resolv.conf already has three nameservers,
+ accept that too (as then the additional test one can't be added any more).
+ * Fix FTBFS on x32. Thanks Helmut Grohne! (Closes: #805910)
+ * debian/tests/networkd: For IPv6 tests, also wait for IPv4 address to
+ arrive; s-n-wait-online already exits after getting an IPv6 address, but
+ we verify both.
+ * debian/tests/boot-and-services: Don't check for "Requesting system
+ poweroff" log message in nspawn test, current upstream master does not
+ write that any more. Instead check for "Stopped Container c1".
+ * Add "storage" autopkgtest. Initially this covers some basic use cases with
+ LUKS cryptsetup devices.
+ * Add acl build dependency (for <!nocheck>). Current upstream master now
+ needs it for some test cases.
+ * debian/extra/initramfs-tools/scripts/init-bottom/udev: Use "rm -rf"
+ instead of "nuke". The latter does not exist any more in current
+ initramfs-tools.
+ * Ignore test failures during "make check" if /etc/machine-id is missing
+ (like in ancient local schroots). (Closes: #807884)
+ * debian/extra/rules/80-debian-compat.rules: Remember which device got the
+ "cdrw", "dvd", or "dvdrw" symlink to avoid changing links on device
+ events. (Closes: #774080). Drop the rule for the "cdrom" symlink as that
+ is already created in 60-cdrom_id.rules.
+ * Eliminate "hotplug.functions" udev helper and put the logging functions
+ directly into net.agent. This simplifies the migration of the latter to
+ ifupdown.
+ * Adjust manpages to keep /usr/lib/systemd/{user*,boot,ntp-units.d,modules*}
+ paths, only keep /lib/systemd/{system*,network}. (Closes: #808997)
+ * debian/udev.README.Debian: Fix typo and slight wording improvement.
+ (Closes: #809513)
+ * Drop net.agent, 80-networking.rules, and ifup@.service. These moved to
+ ifupdown 0.8.5 now. Add Breaks: to earlier versions.
+
+ [ Michael Biebl ]
+ * Bump Build-Depends on libdw-dev to (>= 0.158) as per configure.ac.
+ (Closes: #805631)
+ * Make sure all swap units are ordered before the swap target. This avoids
+ that swap devices are being stopped prematurely during shutdown.
+ (Closes: #805133)
+ * Drop unneeded /etc/X11/xinit/xinitrc.d/50-systemd-user.sh from the package
+ and clean up the conffile on upgrades. We have the dbus-user-session
+ package in Debian to properly enable the D-Bus user-session mode which
+ also takes care of updating the systemd --user environment.
+ (Closes: #795761)
+ * Stop testing for unknown arguments in udev maintainer scripts.
+ * Drop networking.service.d/systemd.conf. The ifupdown package now ships a
+ proper service file so this drop-in file is no longer necessary.
+
+ [ Andreas Henriksson ]
+ * Fix LSB init hook to not reload masked services. (Closes: #804882)
+
+ -- Martin Pitt <mpitt@debian.org> Sat, 02 Jan 2016 17:42:56 +0100
+
+systemd (228-2) unstable; urgency=medium
+
+ * Remove wrong endianness conversion in test-siphash24 to fix FTBFS on
+ big-endian machines.
+ * Bump libseccomp-dev build dependency to indicate required versions for
+ backporting to jessie. (Closes: #805497)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 19 Nov 2015 11:37:45 +0100
+
+systemd (228-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Fix journald killing by watchdog. (Closes: #805042)
+ - Drop check for /etc/mtab. (Closes: #802025)
+ - Follow unit file symlinks in /usr, but not /etc when looking for
+ [Install] data, to avoid getting confused by Aliases. (Closes: #719695)
+ - journalctl: introduce short options for --since and --until.
+ (Closes: #801390)
+ - journald: Never accept fds from file systems with mandatory locking.
+ (LP: #1514141)
+ - Put nspawn containers in correct slice. (LP: #1455828)
+ * Cherry-pick some networkd fixes from trunk to fix regressions from 228.
+ * debian/rules: Configure with --as-needed to avoid unnecessary binary
+ dependencies.
+ * systemd-networkd-resolvconf-update.service: Increase StartLimitBurst, as
+ this might be legitimately called several times in quick succession. If
+ that part of the "networkd" autopkgtest fails, show the journal log for
+ that service for easier debugging.
+ * debian/tests/boot-and-services: Add test case for systemd-coredump.
+ * Add systemd-coredump postinst/prerm to enable/disable this without a
+ reboot.
+ * debian/tests/networkd: Check for systemd-networkd-wait-online in /usr as
+ well, for usage in other distros.
+ * debian/tests/logind: Skip suspend test if the kernel does not support
+ suspend.
+ * debian/tests/logind: Split tests into functions.
+ * debian/tests/boot-and-services: Ignore failures of console-setup.service,
+ to work around LP: #1516591.
+ * debian/tests/control: Restrict boot-smoke test to isolation-machine, it
+ does not currently work well in LXC.
+ * debian/tests/networkd: Add new test cases for "DHCP=all, IPv4 only,
+ disabling RA" (which should always be fast), "DHCP=all, IPv4 only" (which
+ will require a longer timeout due to waiting 12s for a potential IPv6 RA
+ reply), and "DHCP=ipv4" (with and without RA).
+ * debian/tests/networkd: Fix UnicodeDecodeError under 'C' locale.
+ * debian/tests/networkd: Show networkctl and journal output on failure.
+ * debian/tests/networkd: Fix bytes vs. string TypeError in the IPv6 polling.
+ (LP: #1516009)
+ * debian/tests/networkd: Show contents of test .network file on failure.
+ * debian/tests/networkd: Skip if networkd is already running (safer when
+ running on real systems), and add copyright header.
+ * Bump util-linux dependencies to >= 2.27.1 to ensure that the mount monitor
+ ignores /etc/mtab.
+
+ [ Felipe Sateler ]
+ * Enable elfutils support for getting stack traces for systemd-coredump.
+ * libnss-my{machines,hostname}.postrm: do not remove entries from
+ nsswitch.conf if there are packages from other architectures remaining.
+
+ [ Michael Biebl ]
+ * Drop systemd-setup-dgram-qlen.service. This has been made obsolete by
+ upstream commit 1985486 which bumps net.unix.max_dgram_qlen to 512 early
+ during boot.
+ * Various cleanups to the udev maintainer scripts:
+ - Remove unused tempdir() function.
+ - Properly stop udev daemon on remove.
+ - Stop killing udev daemon on failed upgrades and drop the corresponding
+ starts from preinst.
+ - Stop masking systemd-udevd.service and udev.service during upgrades. We
+ restart the udev daemon in postinst, so those masks seem unnecessary.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 18 Nov 2015 16:11:59 +0100
+
+systemd (227-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/logind: Add tests for scheduled shutdown with and without
+ wall message.
+ * Import upstream fix for not unmounting system mounts (#801361) and drop
+ our revert patch.
+ * debian/tests/boot-smoke: Apply check for failed unmounts only to user
+ systemd processes, i. e. not to pid 1.
+ * Drop Fix-usr-remount-failure-for-split-usr.patch. Jessie has a new enough
+ initramfs-tools already, and this was just an error message, not breaking
+ the boot.
+ * Drop debian-fixup.service in favor of using a tmpfiles.d clause, which is
+ faster.
+ * Drop Order-remote-fs.target-after-local-fs.target.patch. It's mostly
+ academic and only applies to the already known-broken situation that rcS
+ init.d scripts depend on $remote_fs.
+ * Replace reversion of sd_pid_notify_with_fds() msg_controllen fix with
+ proper upstream fix to never block on sending messages on NOTIFY_SOCKET
+ socket.
+ * Drop check for missing /etc/machine-id on "make check" failure; this isn't
+ happening on current buildds any more.
+ * Drop Disable-tests-which-fail-on-buildds.patch, to re-evaluate what still
+ fails and needs fixing. On failure, show kernel version and /etc/hosts
+ to be able to debug them better. The next upload will make the necessary
+ adjustments to fix package builds again.
+
+ [ Michael Biebl ]
+ * Drop dependency on udev from the systemd package. We don't need udev
+ within a container, so this allows us to trim down the footprint by not
+ installing the udev package. As the udev package has Priority: important,
+ it is still installed by default though.
+ * Include the status of the udev package when filing a bug report against
+ systemd, and vice versa.
+ * Use filter instead of findstring, since findstring also matches
+ substrings and we only want direct matches.
+ * systemd.bug-script: Fix typo. (Closes: #804512)
+ * Re-add bits which call SELinux in systemd-user pam service.
+ (Closes: #804565)
+
+ [ Felipe Sateler ]
+ * Add libnss-resolve package. (Closes: #798905)
+ * Add systemd-coredump package. This Conflicts/Replaces/Provides a new
+ "core-dump-handler" virtual package. (Closes: #744964)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 11 Nov 2015 15:04:26 +0100
+
+systemd (227-2) unstable; urgency=medium
+
+ * Revert "sd_pid_notify_with_fds: fix computing msg_controllen", it causes
+ connection errors from various services on boot. (Closes: #801354)
+ * debian/tests/boot-smoke: Check for failed unmounts. This reproduces
+ #801361 (but not in a minimal VM, just in a desktop one).
+ * Revert "core: add a "Requires=" dependency between units and the
+ slices they are located in". This causes user systemd instances to try and
+ unmount system mounts (and succeed if you login as root).
+ (Closes: #801361)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 09 Oct 2015 12:34:27 +0200
+
+systemd (227-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Bump watchdog timeout for shipped units to 3 min. (Closes: #776460)
+ - gpt-auto-generator: Check fstab for /boot entries. (Closes: #797326)
+ - Fix group of RuntimeDirectory dirs. (Closes: #798391)
+ - Support %i (and other macros) in RuntimeDirectory. (Closes: #799324)
+ - Bump util-linux/libmount-dev dependencies to >= 2.27.
+ * debian/libsystemd0.symbols: Add new symbols for this release.
+ * debian/extra/initramfs-tools/hooks/udev: Copy all
+ /etc/udev/rules.d/*.rules rules which are not merely overriding the one in
+ /lib/, not just 70-persistent-net.rules. They might contain network names
+ or other bits which are relevant for the initramfs. (Closes: #795494)
+ * ifup@.service: Drop PartOf=network.target; we don't want to stop these
+ units during shutdown. Stopping networking.service already shuts down the
+ interfaces, but contains the safeguard for NFS or other network file
+ systems. Isolating emergency.target still keeps working as before as well,
+ as this also stops networking.service. (Closes: #761909, LP: #1492546)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 08 Oct 2015 11:34:35 +0200
+
+systemd (226-4) unstable; urgency=medium
+
+ * debian/tests/logind: Be more verbose on failures.
+ * Revert networkd calling if-{up,post-down}.d/ scripts. About half of the
+ existing hooks are not relevant or even actively detrimental when running
+ with networkd. For the relevant ones, a lot of them should be fixed in the
+ projects themselves (using IP_FREEBIND etc.). (Closes: #798625)
+ * Add systemd-networkd-resolvconf-update.{path,service} units to send DNS
+ server updates from networkd to resolvconf, if installed and enabled.
+ * Don't restart logind on upgrades any more. This kills X.org (#798097)
+ while logind doesn't save/restore its open fds (issue #1163), and also
+ gets confused about being idle in between (LP: #1473800)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 02 Oct 2015 13:44:28 +0200
+
+systemd (226-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * README.Debian: Fix "other" typo. Thanks Salvatore Bonaccorso.
+ (Closes: #798737)
+
+ [ Michael Biebl ]
+ * Stop building the compat library packages and drop them for good.
+ * Update debian/copyright.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 19 Sep 2015 19:06:51 +0200
+
+systemd (226-2) unstable; urgency=medium
+
+ * debian/udev.init: Mount /dev file system with nosuid. (LP: #1450960)
+ * udev.postinst: udev 226 introduced predictable interface names for virtio.
+ Create /etc/systemd/network/50-virtio-kernel-names.link on upgrade to
+ disable this, to avoid changing e. g. "eth0" to "ens3" in QEMU instances
+ and similar environments. (Closes: #799034)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 15 Sep 2015 15:21:09 +0200
+
+systemd (226-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Fix scheduled shutdown to not shut down immediately. (Closes: #797763)
+ - Fix description of CPE_NAME in os-release(5). (Closes: #797768)
+ * debian/libsystemd0.symbols: Add new symbols from this release.
+ * Enable libseccomp support for mips64, mips64el, and x32. (Closes: #797403)
+ * debian/tests/networkd: Add hotplug tests.
+ * Make networkd call if-up.d/ scripts when it brings up interfaces, to
+ become compatible with ifupdown and NetworkManager for packages shipping
+ hooks. (LP: #1492129)
+ - Add debian/extra/systemd-networkd-dispatcher.c: suid root wrapper for
+ calling if-up.d/ or if-post-down.d/ hook scripts. Install it as
+ root:systemd-networkd 4754 so that only networkd can run it.
+ - Add networkd-call-systemd-networkd-dispatcher-when-links.patch: Call the
+ above wrapper when links go up/down.
+ - debian/tests/networkd: Verify that if-up.d/ and if-post-down.d/ scripts
+ get run for a networkd managed interface.
+ - Note that if-pre-up.d/ and if-down.d/ scripts are *not* being called, as
+ they are often not applicable for networkd (if-pre-up.d) and unreliable
+ (if-down.d).
+ * Drop udev-finish. We needed this for the autogenerated CD and network
+ interface names, but both are gone now.
+ * Drop debian/udev.udev-fallback-graphics.upstart. The vesafb module has
+ been compiled into the kernel in both Debian and Ubuntu for a fair while,
+ this never had a systemd equivalent, and Debian never shipped the
+ accompanying rules for determining $PRIMARY_DEVICE_FOR_DISPLAY.
+ * debian/control: Remove some boilerplate from the long descriptions, to
+ more easily get to the point what a specific package actually does.
+ * debian/README.Debian: As systemd is the default init now, replace the
+ documentation how to switch to systemd with how to switch back
+ (temporarily or permanently) to SysV init. Also move that paragraph to the
+ bottom as it's now less important.
+ * debian/README.Debian: Add a hint why you may want to enable persistent
+ journal, and suggest to uninstall system-log-daemon to avoid duplicate
+ logging.
+ * debian/README.Debian: Add documentation about networkd integration.
+ * Rename 01-mac-for-usb.link to 90-mac-for-usb.link so that it becomes
+ easier to override.
+ * debian-fixup.service just has one purpose now (make /etc/mtab a symlink),
+ so drop the debian/extra/debian-fixup shell script and put the ln command
+ directly into debian-fixup.service. Update the description.
+ * debian/tests/networkd: Check that /etc/resolv.conf gets the DHCP's
+ nameserver in case it is a symlink (i. e. dynamically managed by
+ systemd-resolved or resolvconf).
+ * systemd-networkd-dispatcher: Also pass on the DNS server list to if-up.d/
+ as $IF_DNS_NAMESERVERS, so that resolvconf or similar programs work as
+ expected.
+ * Drop debian/systemd-journal-remote.postrm: Removing system users is
+ potentially dangerous (there might be a leftover process after purging).
+
+ [ Michael Biebl ]
+ * Drop libsystemd-login-dev. All reverse dependencies have been updated to
+ use libsystemd-dev directly.
+ * Update build instructions to use "gbp clone" instead of "gbp-clone" as all
+ gbp-* commands have been removed from git-buildpackage.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 10 Sep 2015 16:53:53 +0200
+
+systemd (225-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release.
+ - Fixes FTBFS on alpha. (Closes: #792551)
+ - Fixes machined state tracking logic. (Closes: #788269)
+ * Add better fix for "systemctl link/enable" breakage with full paths.
+ (LP: #1480310)
+ * debian/rules: Add missing $(dh_options) in overridden debhelper targets.
+
+ [ Felipe Sateler ]
+ * Move conffile from systemd to systemd-container package (Closes: #797048)
+
+ [ Michael Biebl ]
+ * Drop unnecessary Conflicts/Replaces from systemd-journal-remote.
+ None of the files in this package were previously shipped by systemd.
+ * Create system users for systemd-journal-{gateway,remote,upload} when
+ installing the systemd-journal-remote package.
+ * Explicitly turn off the features we don't want in a stage1 build.
+ Otherwise ./configure might enable them automatically if the build
+ dependencies are installed and "dh_install --fail-missing" will then fail
+ due to uninstalled files.
+ * Enable GnuTLS support as systemd-journal-remote makes sense mostly with
+ encryption enabled.
+ * Rely on build profiles to determine which packages should be skipped
+ during build and no longer specify that manually.
+ * Drop our patch which removes rc-local-generator.
+ rc-local.service acts as an ordering barrier even if its condition is
+ false, because conditions are evaluated when the service is about to be
+ started, not when it is enqueued. We don't want this ordering barrier on
+ systems that don't need/use /etc/rc.local.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 30 Aug 2015 21:18:59 +0200
+
+systemd (224-2) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Skip systemd-fsckd autopkgtest if /run/initramfs/fsck-root exists, i. e.
+ the initramfs already ran fsck.
+ * Fix broken ACL in tmpfiles.d/systemd.conf. (Closes: #794645, LP: #1480552)
+ * Add debian/tests/unit-config: Test "systemctl link"; reproduces LP#1480310.
+ * Add a hack to unbreak "systemctl link". (LP: #1480310)
+ * debian/extra/rules-ubuntu/40-hyperv-hotadd.rules: Also apply to Xen, and
+ rename to 40-vm-hotadd.rules.
+ * Fix networkd crash. (Closes: #796358)
+ * debian/rules: Remove all files/empty dirs in systemd which are already
+ shipped by systemd-* or udev, instead of an explicit list.
+ * Bump "mount" dependency to >= 2.26, to ensure "swapon -o" availability.
+ (Closes: #796389)
+ * Install /lib/systemd/network/* into udev instead of systemd, as it's
+ really udev which is evaluating these.
+ * Split out "systemd-container" package with machined and nspawn and enable
+ importd. Add new libbz2-dev, zlib1g-dev, and libcurl-dev build deps.
+ (LP: #1448900)
+ * Move transitional libgcrypt11-dev build dep to libgcrypt20-dev.
+ * debian/rules: Limit check for libraries in /usr to systemd and udev
+ packages, as other packages like systemd-containers can (and do) link to
+ /usr.
+ * Build-depend on dpkg-dev (>= 1.17.14) and bump debhelper version for build
+ profiles support.
+ * Drop "display-managers" autopkgtest, obsolete with dropped
+ default-display-manager-generator.
+ * boot-and-services autopkgtest: Add systemd-container test dependency for
+ the nspawn tests.
+ * Don't enable audit support when building with "stage1" profile, to avoid
+ circular build dep.
+
+ [ Helmut Grohne ]
+ * Improve support for cross-building and bootstrapping.
+
+ [ Michael Biebl ]
+ * Drop default-display-manager-generator. All major desktops now use a
+ display manager which support the new scheme and setup the
+ /etc/systemd/system/display-manager.service symlink correctly.
+ * Add new binary package "systemd-journal-remote" with tools for
+ sending/receiving remote journal logs:
+ systemd-journal-{remote,upload,gatewayd}. (Closes: #742802, LP: #1480952)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 25 Aug 2015 12:40:35 +0200
+
+systemd (224-1) unstable; urgency=medium
+
+ * New upstream release.
+ * boot-and-services autopkgtest: Ignore thermald. Since 1.4.3-2 it starts by
+ default, but fails in most virtual envs.
+
+ -- Martin Pitt <mpitt@debian.org> Sat, 01 Aug 2015 13:38:57 +0200
+
+systemd (223-2) unstable; urgency=medium
+
+ * Don't enable gnu-efi on ARM. It FTBFSes and cannot really be tested now as
+ there is no available hardware.
+ * debian/extra/initramfs-tools/hooks/udev: Don't fail if
+ /etc/systemd/network/ does not exist. (Closes: #794050)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 30 Jul 2015 08:25:51 +0200
+
+systemd (223-1) unstable; urgency=medium
+
+ * New upstream release:
+ - Fix systemd-bootchart crash. (Closes: #792403)
+ - Trim list of files in /usr/share/doc/systemd/. (Closes: #791839)
+ - Fix "Invalid argument" failure with some journal files.
+ (Closes: #792090)
+ - tmpfiles: Don't recursively descend into journal directories in /var.
+ (Closes: #791897)
+ - Don't frequently wake up on disabled TimeoutIdleSec=, in particular in
+ automount timers. (LP: #1470845)
+ - tmpfiles: Don't delete lost+found/. (Closes: #788193)
+
+ [ Michael Biebl ]
+ * udev: Remove obsolete rm_conffile/mv_conffile functions from udev.preinst.
+ The udev package is using dpkg-maintscripts-helper now to remove obsolete
+ conffiles.
+ * systemd: Remove obsolete conffile clean up from pre-wheezy.
+ * udev-udeb: Remove scsi_wait_scan hack from the start-udev script as well.
+
+ [ Martin Pitt ]
+ * Enable GNU EFI support and add gnu-efi build dep. This enables/ships the
+ systemd EFI boot loader. (Closes: #787720, LP: #1472283)
+ * networkd autopkgtest: More robust/forceful killing of dnsmasq.
+ * ifup@.service: Drop "oneshot" to run ifup in the background during boot.
+ This avoids blocking network.target on boot with unavailable hotplug
+ interfaces in /etc/network/interfaces. (Closes: #790669, LP: #1425376)
+ * systemd.postinst: Avoid confusing error message about
+ /run/systemd/was-enabled not existing on reconfiguring.
+ * debian/extra/initramfs-tools/hooks/udev: Drop some redundant code.
+ * Fix networkd-wait-online -i to properly wait for the given interfaces
+ only.
+ * Drop debian/extra/base-installer.d/05udev: We use net.ifnames by default
+ now, thus we don't need to copy 70-persistent-*.rules any more.
+ * debian/extra/start-udev: Run d-i's udevd with "notice" log level, just
+ like we did in the initramfs in 219-10.
+ * Fix size explosion of networkd (post-223 patch from trunk).
+
+ [ Julian Wollrath ]
+ * Copy all .link interface naming definitions to initramfs. (Closes: #793374)
+
+ [ Felipe Sateler ]
+ * nss-my*.postinst: configure at the end of the hosts line, not before
+ files. (Closes: #789006)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 30 Jul 2015 00:02:26 +0200
+
+systemd (222-2) unstable; urgency=medium
+
+ [ Adam Conrad ]
+ * debian/udev-udeb.install: Install new bits for net.ifnames (LP: #1473542)
+ * debian/extra/initramfs-tools/hooks/udev: Do the same for initramfs-tools.
+
+ [ Martin Pitt ]
+ * emergency.service: Wait for plymouth to shut down. Fixes invisible
+ emergency shell with plymouth running endlessly. (LP: #1471258)
+ * Add "networkd" autopkgtest. Covers basic DHCP on IPv4 and IPv4+6 on a veth
+ device.
+
+ [ Michael Biebl ]
+ * Bump package priorities of systemd and systemd-sysv to important to match
+ what has been used in the Debian archive since Jessie.
+ * Drop scsi_wait_scan hack from the udev initramfs-tools script. This Linux
+ kernel module has been broken since 2.6.30 and as a result was removed in
+ 3.5. The Debian Jessie kernel no longer ships this module.
+ (Closes: #752775)
+ * Drop libsystemd-journald-dev and libsystemd-id128-dev. There are no
+ reverse dependencies left and we want to avoid new packages picking up
+ a build dependency on those obsolete transitional packages.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 15 Jul 2015 23:51:15 +0200
+
+systemd (222-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Fix reload killing BusName= units. (Closes: #746151)
+ - sysv-generator: detect invalid names and escape them. (Closes: #677075)
+ - Document removal of PIDFile on daemon shutdown. (Closes: #734006)
+ - Drop Revert-rules-fix-tests-for-removable-state.patch, the auto-suspend
+ rules now got dropped entirely.
+ * Add Revert-VT-reuse-patches.patch: Revert a couple of logind VT reuse
+ patches which alternately broke lightdm and gdm.
+ * debian/libsystemd0.symbols: Add new symbols from this release.
+ * Disable test-netlink during package build, fails on some buildds.
+ * udev.postinst: Don't call addgroup with --quiet, so that if the "input"
+ group already exists as a non-system group you get a sensible error
+ message. Some broken tutorials forget the --system option.
+ (Closes: #769948, LP: #1455956)
+ * systemd.postinst: Drop the --quiet from the addgroup calls as well, same
+ reason as above. (Closes: #762275)
+ * udev: Drop doc dir symlinking. It has caused too much trouble and only
+ marginally helps to avoid duplication. Such duplication should be dealt
+ with at the distro, not package level.
+ * debian/rules: Entirely ignore $LD_PRELOAD instead of just libfakeroot in
+ the link check, to also avoid libeatmydata. (Closes: #790546)
+ * boot-and-services, display-managers autopkgtests: Install and configure
+ dummy X.org driver, so that these work in headless machines/VMs.
+ * systemd-fsckd autopkgtest: Stop using/asserting on lightdm, just check
+ that default.target is active. lightdm is prone to fail in test
+ environments, and fiddling with it in two other autopkgtests is
+ sufficient.
+ * debian/watch: Adjust to new upstream release model of only providing the
+ github tag tarballs.
+ * Drop dsl-modem.agent. It hasn't been maintained/tested for many years, few
+ if any people actually use this, and this doesn't belong into udev.
+
+ [ Michael Biebl ]
+ * Stop building the Python 3 bindings. They were split into a separate
+ source package upstream and are now built from src:python-systemd. See
+ http://lists.freedesktop.org/archives/systemd-devel/2015-July/033443.html
+ * Remove obsolete --disable-chkconfig configure option.
+ * Move the man pages for libnss-myhostname, libnss-mymachines and udev.conf
+ from systemd into the correct package. Move the zsh completion file for
+ udevadm into the udev package as well. Add Breaks/Replaces accordingly.
+ (Closes: #790879)
+ * Drop rules which remove pre-generated files before build. The upstream
+ tarball no longer ships any pre-generated files so this is no longer
+ necessary.
+ * Fix cleanup rule for Python byte code files.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 08 Jul 2015 18:56:07 +0200
+
+systemd (221-1) unstable; urgency=medium
+
+ * New upstream release 221:
+ - Fix persistent storage links for Xen devices. (LP: #1467151)
+ - Drop all backported patches and port the others to new upstream release.
+ - debian/rules: Drop workarounds for broken 220 tarball, 221 is fine.
+
+ [ Michael Biebl ]
+ * initramfs hook: Stop installing 55-dm.rules, 64-md-raid.rules,
+ 60-persistent-storage-lvm.rules and 60-persistent-storage-dm.rules.
+ The mdadm, lvm2 and dmsetup package provide their own udev hooks nowadays
+ to make sure their udev rules files are installed into the initramfs.
+ Having the copy rules at two places is confusing and makes debugging
+ harder.
+ * Make it possible to skip building udeb packages via
+ DEB_BUILD_OPTIONS="noudeb". This allows quicker builds for local testing
+ and is benefical for derivatives that don't use d-i.
+ * Install API documentation for libudev and libsystemd in their respective
+ packages. Both libraries use man pages now, so we need to be explicit
+ about what is installed where.
+
+ [ Martin Pitt ]
+ * ifupdown-hotplug autopkgtest: Different cloud/desktop environments have
+ different ways of including /etc/network/interfaces.d/, try to get along
+ wit either and skip the test if interfaces.d/ does not get included at
+ all.
+ * Drop obsolete gtk-doc-tools build dependency, gtkdocize autoreconfig, and
+ ./configure options.
+ * libudev-dev.install: Drop gtk-doc files, not built by upstream any more
+ and replaced with manpages.
+ * libsystemd0.symbols: Add new symbols for this release.
+ * debian/rules: Fix paths in manpages as we don't currently have a merged
+ /usr in Debian but have most systemd things in /lib. This replaces the
+ previous huge and maintenance-intense patch.
+ * Drop Accept-mountall-specific-fstab-options.patch. Replaced with
+ systemd.postinst migration code in Ubuntu.
+ * Revert overly aggressive USB autosuspend udev rules change which broke
+ various USB keyboards. (Closes: #789723)
+ * Have rc-local.service output also go to the console. /etc/rc.local often
+ contains status messages which users expect to see during boot.
+ (LP: #1468102)
+ * debian/rules: Install udev.NEWS into libudev1, to get along with Debian's
+ udev -> libudev1 doc dir symlinking. (Closes: #790042)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 28 Jun 2015 12:05:36 +0200
+
+systemd (220-7) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Enable seccomp support on arm64 as well.
+ * Replace the remainder of Fix-paths-in-man-pages.patch with an upstream
+ provided patch.
+
+ [ Martin Pitt ]
+ * Switch to net.ifnames persistent network interfaces (on new
+ installations/for new hardware), and deprecate the old
+ 75-persistent-net-generator.rules. See the ML discussion for details:
+ https://lists.debian.org/debian-devel/2015/05/msg00170.html
+ https://lists.debian.org/debian-devel/2015/06/msg00018.html
+ - Drop Make-net.ifnames-opt-in-instead-of-opt-out.patch, to use
+ net.ifnames by default.
+ - Revert-udev-network-device-renaming-immediately-give.patch: Adjust
+ patch comment.
+ - Drop 75-persistent-net-generator.rules, write_net_rules helper and
+ rule_generator.functions.
+ - Adjust udev's README.Debian accordingly, and describe the migration.
+ This needs to happen manually as there is no robust way of doing this
+ automatically.
+ - Add udev NEWS file for announcing this change and pointing to udev's
+ README.
+ - udev.postinst: Drop write_interfaces_rules().
+ - udev.postinst: Disable net.ifnames on systems which did not support
+ 75-persistent-net-generator.rules (most importantly, virtualized guests)
+ to avoid changing network interface names on upgrade.
+ - LP: #1454254
+ * fsckd-daemon-for-inter-fsckd-communication.patch: Add fsckd.c to
+ POTFILES.in.
+ * ifupdown-hotplug autopkgtest: Fix config name in interfaces.d/, it must
+ not have a suffix in Debian. Also clean up the file after the test.
+ * net.agent: When running under systemd, run everything in the foreground.
+ This avoids killing the forked child in the middle of its operation under
+ systemd when the parent exits.
+ * Check during build that systemd and systemd-journald don't link against
+ anything in /usr, to prevent bugs like #771652 and #788913 in the future.
+ * Drop Skip-99-systemd.rules-when-not-running-systemd-as-in.patch. The rules
+ mostly just attach tags systemd specific properties which are harmless
+ under other init systems, and systemd-sysctl also works there.
+ * 80-networking.rules: Only call agents for add|remove, as they don't handle
+ other events.
+ * Restore udev watches on block device changes. (Closes: #789060,
+ LP: #1466081)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 17 Jun 2015 22:48:53 +0200
+
+systemd (220-6) unstable; urgency=medium
+
+ * Enable seccomp support on the architectures that provide libseccomp.
+ (Closes: #760299)
+ * boot-and-services autopkgtest: Add SeccompTest for the above.
+ * boot-and-services autopkgtest: Check that we don't get an unwanted
+ tmp.mount unless /etc/fstab explicitly specifies it.
+ * Bump libcap-dev build dep to the version that provides libcap2-udeb.
+ (Closes: #787542)
+ * Stop installing tmp.mount by default; there are still situations where it
+ becomes active through dependencies from other units, which is surprising,
+ hides existing data in /tmp during runtime, and it isn't safe to have a
+ tmpfs /tmp on every install scenario. (Closes: #783509)
+ - d/rules: Ship tmp.mount in /usr/share/systemd/ instead of
+ /lib/systemd/systemd.
+ - systemd.postinst: When tmp.mount already was enabled, install tmp.mount
+ into /etc and keep it enabled.
+ - systemd.postinst: When enabling tmp.mount because of RAMTMP=yes, copy it
+ from /usr/share.
+ - Drop Don-t-mount-tmp-as-tmpfs-by-default.patch and
+ PrivateTmp-shouldn-t-require-tmpfs.patch, not necessary any more.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 11 Jun 2015 09:25:49 +0200
+
+systemd (220-5) unstable; urgency=medium
+
+ * debian/README.source: Upstream repository moved to github, adjust
+ cherry-picking instructions accordingly.
+ * debian/control: Replace obsolete Python2 version header with
+ X-Python3-Version.
+ * dracut: Fix path to systemd-fsck. (Closes: #787553)
+ * Ignore test failures during build if /etc/machine-id is missing (which is
+ the case in a few buildd chroots still). (Closes: #787258)
+ * debian/udev.README.Debian: Move network interface hotplug documentation
+ into separate section. Point out that "lo" does not need to be configured
+ in ifupdown under systemd.
+ * debian/udev.README.Debian: Document net.ifnames, and how to write udev
+ rules for custom network names.
+ * Add debian/extra/01-mac-for-usb.link: Use MAC based names for network
+ interfaces which are (directly or indirectly) on USB. Path based names
+ are inadequate for dynamic buses like USB.
+ * Fix another escape parsing regression in Exec*= lines. (Closes: #787256)
+ * Disable EFI support for udeb build.
+ * Refine detection of touch screen devices.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 07 Jun 2015 16:52:33 +0200
+
+systemd (220-4) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/extra/initramfs-tools/scripts/init-top/udev: Drop $ROOTDELAY wait.
+ This does not concern udev in particular, but is handled by
+ initramfs-tools itself (scripts/local). The intention of this parameter is
+ not to statically wait for the given time, but wait *up to* that time for
+ the root device to appear.
+ * Add debian/extra/units/rc-local.service.d/wait-online.conf: Make
+ rc-local.service wait for network-online.target (if it gets started). This
+ not specified by LSB, but has been behaving that way in Debian under SysV
+ init and upstart. (LP: #1451797)
+ * Fix parsing of escape characters in Exec*= lines. (Closes: #787256)
+ * Drop path_is_mount_point-handle-false-positive-on-some-fs.patch (it was
+ already not applied in 220-1). This needs to be re-thought and re-done
+ against the current code, and overlayfs in general. On overlayfs this
+ still reports false positives for files that changed in the upperdir, but
+ this does not break systemd-machine-id-commit any more.
+ * Add debian/extra/rules/80-debian-compat.rules, replacing three of our
+ patches. These are independent udev rules to change device permissions and
+ add CD/DVD symlinks for compatibility with earlier Debian releases.
+
+ [ Michael Biebl ]
+ * Bump Depends on util-linux to make sure we have a sulogin implementation
+ which properly cleans up its children when emergency.service is restarted.
+ (Closes: #784238)
+ * Stop using /sbin/udevd and drop the compat symlink.
+ * Remove any vestiges of /dev/.udev/. This directory has been replaced by
+ /run/udev/ since wheezy.
+ * Drop udev migration code from pre-wheezy.
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 02 Jun 2015 08:16:36 +0200
+
+systemd (220-3) unstable; urgency=medium
+
+ * Fix ProtectSystem=yes to actually protect /usr, not /home.
+ (Closes: #787343)
+ * sd-device: fix device_get_properties_strv(). Fixes environment for
+ processes spawned by udev, in particular "allow-hoplug" ifupdown
+ interfaces via ifup@.service. (Closes: #787263)
+ * Ignore test failures on mipsel; the three failures are not reproducible on
+ the porter box (different kernel?). (See #787258)
+ * Add ifupdown-hotplug autopkgtest. Reproduces #787263.
+ * udev: Bring back persistent storage symlinks for bcache. Thanks David
+ Mohr! (Closes: #787367)
+ * sd-device: Fix invalid property strv pointers. This unbreaks the
+ environment of udev callouts.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 01 Jun 2015 12:58:20 +0200
+
+systemd (220-2) unstable; urgency=low
+
+ * 220-1 was meant to go to experimental, but was accidentally uploaded to
+ unstable. This was planned for next week anyway, just not on a Friday;
+ we don't revert, but keep an RC bug open for a few days to get broader
+ testing. Reupload 220-1 with its changelog actually pointing to unstable
+ and with all versions in the .changes.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 29 May 2015 18:54:09 +0200
+
+systemd (220-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Ship sdio.ids and ids-update.pl in upstream tarball. (Closes: #780650)
+ - Drop non-working "journalctl /dev/sda" example from manpage
+ (Closes: #781604)
+ - man systemd.network: Explain UseDomains a bit more (not used by
+ default). (Closes: #766413)
+ - Ignore comments in /etc/hostname (LP: #1053048)
+ - Drop all backported patches and port the others to new upstream release.
+ * Cherry-pick patch to fix udevd --daemon assertion regression.
+ * Cherry-pick patch to fix udevd worker hang.
+ * systemd.install: systemd.pc moved back into /usr/share/pkgconfig/.
+ * libsystemd0.symbols: Add new symbols from this release.
+ * Drop debian/extra/60-keyboard.hwdb for now. Upstream has a newer version,
+ and it's not nearly as often updated any more as it used to be.
+ * debian/rules: Remove shipped audit_type-to-name.h and
+ keyboard-keys-from-name.gperf and regenerate them during build (bug in
+ upstream 220 tarball).
+ * autopkgtest: Ship/use mock fsck from debian/tests, as it's missing in the
+ 220 tarball.
+ * Add libnss-mymachines binary package. (Closes: #784858)
+ * Add libnss-myhostname binary package, taking over from the very old and
+ unmaintained standalone source package as per its maintainer's request.
+ (Closes: #760514)
+ * Drop buildsys-Don-t-default-to-gold-as-the-linker.patch and set LD in
+ debian/rules on sparc only. This can be dropped entirely once we build
+ GUdev from a separate source.
+ * bootchart autopkgtest: Skip test if /proc/schedstat does not exist, i. e.
+ the kernel is missing CONFIG_SCHEDSTAT. Bootchart requires this.
+ * systemd-fsckd autopkgtest: On Debian plymouth-start stays running, adjust
+ was_running() for that.
+ * systemd-fsckd autopkgtest: In test_systemd_fsck_with_plymouth_failure(),
+ fix plymouthd status check to work under both Debian and Ubuntu.
+ * Replace almost all of Fix-paths-in-man-pages.patch with upstreamed
+ patches. (The remainder is planned to get fixed upstream as well.)
+ * Remove our update-rc.d patches, replace them with upstream patches for
+ /lib/systemd/systemd-sysv-install abstraction, and provide one for
+ update-rc.d. Also implement "is-enabled" command by directly checking for
+ the presence of rcS or rc5 symlinks. (Closes: #760616)
+ * Fix path_is_mount_point for files (regression in 220).
+ * debian/control: Drop obsolete XS-Testsuite:, dpkg adds it automatically.
+ * Use Ubuntu's default NTP server for timesyncd when building on Ubuntu.
+
+ [ Michael Biebl ]
+ * Remove /var/run and /var/lock migration code from debian-fixup. The /run
+ migration was completed in wheezy so this is no longer necessary.
+ * Drop our versioned Depends on initscripts. This was initially added for
+ the /run migration and later to ensure we have a mountnfs hook which
+ doesn't cause a deadlock under systemd. The /run migration was completed
+ in wheezy and jessie ships a fixed mountnfs hook. In addition we now use
+ the ignore-dependencies job mode in our lsb init-functions hook, so it's
+ safe to drop this dependency.
+ * Stop building gudev packages. Upstream has moved the gudev code into a
+ separate repository which is now managed on gnome.org. The gudev packages
+ will be built from src:libgudev from now on. See also
+ http://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 29 May 2015 10:37:40 +0200
+
+systemd (219-10) experimental; urgency=medium
+
+ * Fix assertion crash with empty Exec*= paths. (LP: #1454173)
+ * Drop Avoid-reload-and-re-start-requests-during-early-boot.patch
+ and Avoid-reloading-services-when-shutting-down.patch: This was fixed more
+ robustly in invoke-rc.d and service now, see #777113.
+ * debian/tests/boot-smoke: Allow 10 seconds for systemd jobs to settle down.
+ * Fix "tentative" state of devices which are not in /dev (mostly in
+ containers), and avoid overzealous cleanup unmounting of mounts from them.
+ (LP: #1444402)
+ * debian/extra/udev-helpers/net.agent: Eliminate cat and most grep calls.
+ * Drop Set-default-polling-interval-on-removable-devices-as.patch; it's long
+ obsolete, CD ejection with the hardware button works properly without it.
+ * Re-enable-journal-forwarding-to-syslog.patch: Update patch description,
+ journal.conf.d/ exists now.
+ * journal: Gracefully handle failure to bind to audit socket, which is known
+ to fail in namespaces (containers) with current kernels. Also
+ conditionalize systemd-journald-audit.socket on CAP_AUDIT_READ.
+ (LP: #1457054)
+ * Put back *.agent scripts and use net.agent in Ubuntu. This fixes escaping
+ of unit names, reduces the delta, and will make it easier to get a common
+ solution for integrating ifup.d/ scripts with networkd.
+ * When booting with "quiet", run the initramfs' udevd with "notice" log
+ level. (LP: #1432171)
+ * Add sigpwr-container-shutdown.service: Power off when receiving SIGPWR in
+ a container. This makes lxc-stop work for systemd containers.
+ (LP: #1457321)
+ * write_net_rules: Escape '{' and '}' characters as well, to make this work
+ with busybox grep. Thanks Faidon Liambotis! (Closes: #765577)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 21 May 2015 09:43:52 +0200
+
+systemd (219-9) experimental; urgency=medium
+
+ * 75-persistent-net-generator.rules: Fix rules for ibmveth (it's a driver,
+ not a subsystem). (LP: #1437375)
+ * debian/tests/unit-config: Add tests for systemctl enable/disable on a
+ SysV-only unit. Reproduces LP #1447807.
+ * Fix systemctl enable for SysV scripts without a native unit. We must not
+ try and enable the nonexisting unit then. (LP: #1447807)
+ * Drop Add-env-variable-for-machine-ID-path.patch. systemd should always
+ be installed via the essential "init" in buildd schroots now.
+ * debian/README.source: Update git-buildpackage commands for the renames in
+ 0.6.24.
+ * Make apparmor run before networking, to ensure that profiles apply to
+ e. g. dhclient (LP: #1438249):
+ - Rename networking.service.d/network-pre.conf to systemd.conf, and add
+ After=apparmor.service.
+ - ifup@.service: Add After=apparmor.service.
+ - Add Breaks: on apparmor << 2.9.2-1, which dropped its dependency to
+ $remote_fs.
+ * Drop login-don-t-overmount-run-user-UID-on-upgrades.patch and
+ login-don-t-overmount-run-user-UID-on-upgrades.patch, these were only
+ needed for upgrades from wheezy to jessie.
+ * systemd.{pre,post}inst: Clean up obsolete (pre-wheezy/jessie) upgrade
+ fixes.
+ * systemd-fsckd autopkgtest: Stop assuming that
+ /etc/default/grub.d/90-autopkgtest.cfg exists.
+ * systemd-fsckd autopkgtest: Add missing plymouth test dependency.
+ * Drop core-mount-ensure-that-we-parse-proc-self-mountinfo.patch, and bump
+ util-linux dependency to the version which enables
+ --enable-libmount-force-mountinfo.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 13 May 2015 12:27:21 +0200
+
+systemd (219-8) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * Skip filesystem check if already done by the initramfs. (Closes: #782522)
+ * Drop hard-coded versioned dependency on libapparmor1. Bump the
+ Build-Depends on libapparmor-dev instead. This ensures a proper versioned
+ dependency via Build-Depends-Package.
+ * Revert "Make apparmor run before networking". This causes dependency
+ cycles while apparmor still depends on $remote_fs.
+ * Cleanup hwclock-save.service symlinks when upgrading from the jessie
+ version.
+
+ [ Martin Pitt ]
+ * cryptsetup: Implement offset and skip options. (Closes: #751707,
+ LP: #953875)
+ * logind autopkgtest: Add test for suspending on lid switch close.
+ This reproduces LP #1444166 (lid switch not working in the first few
+ minutes after boot).
+ * Reduce the initial suspend supression time from 3 minutes to 30 seconds,
+ and make it configurable. (LP: #1444166)
+ * Fix double free crash in "systemctl enable" when calling update-rc.d and
+ the latter fails. (Closes: #764613, LP: #1426588)
+ * hwdb: Fix wireless switch on Dell Latitude (LP: #1441849)
+ * Fix assertion crash when reading a service file with missing ' and
+ trailing space. (LP: #1447243)
+ * ifup@.service: Set IgnoreOnIsolate, so that "systemctl default" does not
+ shut down network interfaces. (Closes: #762953, LP: #1449380).
+ Add PartOf=network.target, so that stopping network.target also stops
+ network interfaces (so that isolating emergency.target and similar work as
+ before).
+ * Revert upstream commit 743970d which immediately SIGKILLs units during
+ shutdown. This leads to problems like bash not being able to write its
+ history, mosh not saving its state, and similar failed cleanup actions.
+ (Closes: #784720, LP: #1448259)
+ * Drop the reversion of "journald: allow restarting journald without losing
+ stream connections", and replace with proper upstream fix for
+ sd_pid_notify_with_fds(). (See Debian #778970, LP #1423811; LP: #1437896)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 29 Apr 2015 17:13:41 +0200
+
+systemd (219-7) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * Make systemd-sysv's dependency to systemd unversioned. The package just
+ contains 6 symlinks and thus isn't sensitive at all against version
+ mismatches. This avoids running into circular dependencies when testing
+ local debs.
+ * Revert "udev: Drop hwdb-update dependency" and replace with upstream patch
+ which moves it to systemd-udev-trigger.service.
+ * display-managers autopkgtest: Properly wait until all jobs are finished.
+ * display-managers autopkgtest: Reset failed units between tests, to avoid
+ running into restart limits and for better test isolation.
+ * Enable timesyncd in virtual machines. (Closes: #762343)
+
+ [ Adam Conrad ]
+ * debian/systemd.{triggers,postinst}: Trigger a systemctl daemon-reload
+ when init scripts are installed or removed (Closes: #766429)
+
+ [ Didier Roche ]
+ * Squash all fsckd patches in one (as fsckd and such will be removed
+ soon upstream), containing various fixes from upstream git and refactor
+ the connection flow to upstream's suggestion. Modify the man pages to match
+ those modifications as well. Amongst others, this suppresses "Couldn't
+ connect to plymouth" errors if plymouth is not running.
+ (Closes: #782265, LP: #1429171)
+ * Keep plymouth localized messages in a separate patch for easier updates in
+ the future and refresh to latest upstream.
+ * display-managers autopkgtest: Use ExecStart=sleep instead of the actual
+ lightdm binary, to avoid errors from lightdm startup. Drop the now
+ unnecessary "needs-recommends" to speed up the test.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 10 Apr 2015 11:08:33 +0200
+
+systemd (219-6) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * Import patches from v219-stable branch (up to 85a6fab).
+ * boot-and-services autopkgtest: Add missing python3 test dependency.
+ * Make apparmor run before networking, to ensure that profiles apply to
+ e. g. dhclient (LP: #1438249):
+ - Rename networking.service.d/network-pre.conf to systemd.conf, and add
+ After=apparmor.service.
+ - ifup@.service: Add After=apparmor.service.
+ * udev: Drop hwdb-update dependency, which got introduced by the above
+ v219-stable branch. This causes udev and plymouth to start too late and
+ isn't really needed in Debian yet as we don't support stateless systems
+ yet and handle hwdb.bin updates through dpkg triggers. (LP: #1439301)
+
+ [ Didier Roche ]
+ * Fix mount point detection on overlayfs and similar file systems without
+ name_to_handle_at() and st_dev support. (LP: #1411140)
+
+ [ Christian Seiler ]
+ * Make the journald to syslog forwarding more robust by increasing the
+ maximum datagram queue length from 10 to 512. (Closes: #762700)
+
+ [ Marco d'Itri ]
+ * Avoid writing duplicate entries in 70-persistent-net.rules by double
+ checking if the new udev rule has already been written for the given
+ interface. This happens if multiple add events are generated before the
+ write_net_rules script returns and udevd renames the interface.
+ (Closes: #765577)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 02 Apr 2015 09:14:48 +0200
+
+systemd (219-5) experimental; urgency=medium
+
+ [ Didier Roche ]
+ * Add "systemd-fsckd" autopkgtest. (LP: #1427312)
+ * cmdline-upstart-boot autopkgtest: Update to Ubuntu's upstart-sysv split
+ (test gets skipped on Debian while upstart-sysv does not yet exist there).
+ * Cherry-pick a couple of upstream commits for adding transient state,
+ fixing a race where mounts become available before the device being
+ available.
+ * Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds
+ an After relationship. (Closes: #779902)
+
+ [ Martin Pitt ]
+ * journald: Suppress expected cases of "Failed to set file attributes"
+ errors. (LP: #1427899)
+ * Add systemd-sysv.postinst: Update grub on first installation, so that the
+ alternative init system boot entries get updated.
+ * debian/tests: Call /tmp/autopkgtest-reboot, to work with autopkgtest >=
+ 3.11.1.
+ * Check for correct architecture identifiers for SuperH. (Closes: #779710)
+ * Fix tmpfiles.d to only apply the first match again (regression in 219).
+ (LP: #1428540)
+ * /lib/lsb/init-functions.d/40-systemd: Don't ignore systemd unit
+ dependencies in "degraded" mode. (LP: #1429734)
+
+ [ Michael Biebl ]
+ * debian/udev.init: Recognize '!' flag with static device lists, to work
+ with kmod 20. (Closes: #780263)
+
+ [ Craig Magina ]
+ * rules-ubuntu/71-power-switch-proliant.rules: Add support for HP ProLiant
+ m400 Server Cartridge soft powerdown on Linux 3.16. (LP: #1428811)
+
+ [ Scott Wakeling ]
+ * Rework package description to be more accurate. (Closes: #740372)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 26 Mar 2015 16:31:04 +0100
+
+systemd (219-4) experimental; urgency=medium
+
+ * tmpfiles: Avoid creating duplicate ACL entries. Add postinst code to clean
+ them up on upgrade. (Closes: #778656)
+ * bootchart: Fix path to default init. (LP: #1423867)
+ * Add "bootchart" autopkgtest, to spot regressions like the above.
+ * autopkgtests: Factorize out "assert.sh" utility functions, and use them in
+ the tests for useful failure messages.
+ * Downgrade requirement for timedated, hostnamed, localed-locale, and
+ logind autopkgtests from machine to container isolation.
+ * boot-and-services and display-manager autopkgtest: Add systemd-sysv as
+ proper test dependency instead of apt-get installing it. This works now
+ also under Ubuntu 15.04.
+ * boot-and-services autopkgtest: Check cleanup of temporary files during
+ boot. Reproduces #779169.
+ * Clean up /tmp/ directory again. (Closes: #779169, LP: #1424992)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 27 Feb 2015 07:02:09 +0100
+
+systemd (219-3) experimental; urgency=medium
+
+ * sysv-generator: fix wrong "Overwriting existing symlink" warnings.
+ (Closes: #778700)
+ * Add systemd-fsckd multiplexer and feed its output to plymouth. This
+ provides an aggregate progress report of running file system checks and
+ also allows cancelling them with ^C, in both text mode and Plymouth.
+ (Closes: #775093, #758902; LP: #1316796)
+ * Revert "journald: allow restarting journald without losing stream
+ connections". This was a new feature in 219, but currently causes boot
+ failures due to logind and other services not starting up properly.
+ (Closes: #778970; LP: #1423811)
+ * Add "boot-smoke" autopkgtest: Test 20 successful reboots in a row, and
+ that there are no connection timeouts or stalled jobs. This reproduces the
+ above regression.
+ * debian/tests/localed-locale: Set up locale and keyboard default files on a
+ minimal unconfigured testbed.
+ * Add missing python3 test dependency to cmdline-upstart-boot and
+ display-managers autopkgtests.
+ * debian/tests/boot-and-services: Skip AppArmor test if AppArmor is not
+ enabled.
+ * debian/tests/boot-and-services: Reboot also if lightdm was just installed
+ but isn't running yet.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 23 Feb 2015 09:52:12 +0100
+
+systemd (219-2) experimental; urgency=medium
+
+ * Fix UTF-16 to UTF-8 conversion on big-endian machines. (Closes: #778654)
+ * Disable new new test-sigbus, it fails on some buildds due to too old
+ kernels. (part of #778654)
+ * debian/README.Debian, debian/systemd.postinst: Drop setfacl call for
+ /var/log/journal, this is now done automatically by tmpfiles.d/systemd.conf.
+ * Drop "acl" dependency, not necessary any more with the above.
+ * debian/tests/boot-and-services: Move to using /var/lib/machines/,
+ /var/lib/containers is deprecated.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 18 Feb 2015 15:29:42 +0100
+
+systemd (219-1) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Fix spelling mistake in systemd.unit(5). (Closes: #773302)
+ - Fix timeouts with D-Bus, leading to SIGFPE. (Closes: #774012)
+ - Fix load/save of multiple rfkill states. (Closes: #759489)
+ - Non-persistent journal (/run/log/journal) is now readable by group adm.
+ (Closes: #771980)
+ - Read netdev user mount option to correctly order network mounts after
+ network.target. (Closes: #769186)
+ - Fix 60-keyboard.hwdb documentation and whitespace handling.
+ (Closes: #757367)
+ - Fix ThinkPad X1 Carbon 20BT trackpad buttons (LP: #1414930)
+ - Drop all backported patches and port the others to new upstream release.
+ * Bump libblkid-dev build dependency as per upstream configure.ac.
+ * debian/systemd.install: Add new language-fallback-map file.
+ * debian/udev.install: Add new systemd-hwdb tool.
+ * debian/libsystemd0.symbols: Add new symbols from this release.
+ * tmpfiles.d/systemd.conf: Drop "wheel" ACL (that group does not exist in
+ Debian) to make the ACL for "adm" actually work.
+ * debian/rules: Explicitly disable importd for now; it should still mature a
+ bit. Explicitly enable hwdb support.
+ * /lib/lsb/init-functions.d/40-systemd: Call systemctl is-system-running
+ with --quiet. (LP: #1421058)
+ * debian/systemd.postrm: Clean getty@tty1.service and remote-fs.target
+ enablement symlinks on purge. (Closes: #778499)
+ * Move all Debian specific units in the systemd package into
+ debian/extra/units/ and simplify debian/systemd.install.
+ * Enable timesyncd by default. Add a config drop-in to not start if ntp,
+ openntpd, or chrony is installed. (Closes: #755722)
+ * debian/systemd.links: Drop obsolete hwclockfirst.service mask link, this
+ was dropped in wheezy's util-linux already.
+ * debian/udev.postinst: Call systemd-hwdb instead of udevadm hwdb.
+
+ [ Michael Biebl ]
+ * Stop removing firstboot man pages. They are now installed conditionally.
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 17 Feb 2015 15:51:38 +0100
+
+systemd (218-10) experimental; urgency=medium
+
+ * Pull latest keymaps from upstream git. (LP: #1334968, #1409721)
+ * rules: Fix by-path of mmc RPMB partitions and don't blkid them. Avoids
+ kernel buffer I/O errors and timeouts. (LP: #1333140)
+ * Clean up stale mounts when ejecting CD drives with the hardware eject
+ button. (LP: #1168742)
+ * Document systemctl --failed option. (Closes: #767267)
+ * Quiesce confusing and irrelevant "failed to reset devices.list" warning.
+ (LP: #1413193)
+ * When booting with systemd-bootchart, default to run systemd rather than
+ /sbin/init (which might not be systemd). (LP: #1417059)
+ * boot-and-services autopkgtest: Add CgroupsTest to check cgroup
+ creation/cleanup behaviour. This reproduces #777601 and verifies the fix
+ for it.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 13 Feb 2015 12:25:06 +0100
+
+systemd (218-9) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/logind: With dropped systemd-logind-launch we don't have a
+ visible /sys/fs/cgroup/systemd/ any more under cgmanager. So adjust the
+ test to check /proc/self/cgroup instead.
+ * Add unit-config autopkgtest to check systemd unit/sysv init enabling and
+ disabling via systemctl. This also reproduces #777613.
+ * systemctl: Always install/enable/disable native units, even if there is a
+ corresponding SysV script and we call update-rc.d; while the latter
+ handles WantedBy=, it does not handle Alias=. (Closes: #777613)
+ * cgroup: Don't trim cgroup trees created by someone else, just the ones
+ that systemd itself created. This avoids cleaning up empty cgroups from
+ e.g. LXC. (Closes: #777601)
+ * Don't parse /etc/mtab for current mounts, but /proc/self/mountinfo. If the
+ former is a file, it's most likely outdated on boot, leading to race
+ conditions and unmounts during boot. (LP: #1419623)
+
+ [ Michael Biebl ]
+ * Explicitly disable the features we don't want to build for those with
+ autodetection. This ensures reliable build results in dirty build
+ environments.
+ * Disable AppArmor support in the udeb build.
+ * core: Don't fail to run services in --user instances if $HOME is missing.
+ (Closes: #759320)
+
+ [ Didier Roche ]
+ * default-display-manager-generator: Avoid unnecessary /dev/null symlink and
+ warning if there is no display-manager.service unit.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 12 Feb 2015 18:45:12 +0100
+
+systemd (218-8) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * boot-and-services autopkgtest: Ensure that there are no failed units,
+ except possibly systemd-modules-load.service (as that notoriously fails
+ with cruft in /etc/modules).
+ * Revert "input" system group creation in systemd.postinst from 218-7. It's
+ already done in udev.postinst.
+ * ifup@.service: Revert checking for existance of ifupdown config for that
+ interface, net.agent already does that.
+ * Drop Also-redirect-to-update-rc.d-when-not-using-.service.patch; not
+ necessary any more with the current version (mangle_names() already takes
+ care of this).
+ * Merge into Add-support-for-rcS.d-init-scripts-to-the-sysv-gener.patch:
+ - Do-not-order-rcS.d-services-after-local-fs.target-if.patch, as it
+ partially reverts the above, and is just fixing it.
+ - Map-rcS.d-init-script-dependencies-to-their-systemd-.patch as it's just
+ adding some missing functionality for the same purpose.
+ * Merge Run-update-rc.d-defaults-before-update-rc.d-enable-d.patch into
+ Make-systemctl-enable-disable-call-update-rc.d-for-s.patch as the former
+ is fixing the latter and is not an independent change.
+ * Drop Launch-logind-via-a-shell-wrapper.patch and systemd-logind-launch
+ wrapper. The only remaining thing that we need from it is to create
+ /run/systemd/, move that into the D-BUS service file directly.
+ * /lib/lsb/init-functions.d/40-systemd: Avoid deadlocks during bootup and
+ shutdown. DHCP/ifupdown and similar hooks which call "/etc/init.d/foo
+ reload" can easily cause deadlocks, since the synchronous wait plus
+ systemd's normal behaviour of transactionally processing all dependencies
+ first easily causes dependency loops. Thus during boot/shutdown operate
+ only on the unit and not on its dependencies, just like SysV behaves.
+ (Closes: #777115, LP: #1417010)
+ * Only start logind if dbus is installed. This fixes the noisy startup
+ failure in environments without dbus, such as LXC containers or servers.
+ (part of #772700)
+ * Add getty-static.service unit which starts getty@.service on tty 2 to 6 if
+ dbus is not installed, and hence logind cannot auto-start them on demand.
+ (Closes: #772700)
+
+ [ Michael Biebl ]
+ * Update insserv-generator and map $x-display-manager to
+ display-manager.service, following the recent change in sysv-generator.
+ This avoids creating references to a no longer existing
+ x-display-manager.target unit.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 09 Feb 2015 18:07:22 +0100
+
+systemd (218-7) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * Don't attempt to mount the same swap partition twice through different
+ device node aliases. (Closes: #772182, LP: #1399595)
+ * logind: handle closing sessions over daemon restarts. (Closes: #759515,
+ LP: #1415104)
+ * logind: Fix sd_eviocrevoke ioctl call, to make forced input device release
+ after log out actually work.
+ * debian/rules: Drop obsolete --disable-multi-seat-x and
+ --with-firmware-path configure options.
+ * debian/udev.README.Debian: Trim the parts which are obsolete, wrong, or
+ described in manpages. Only keep the Debian specific bits.
+ (Part of #776546)
+ * Actually install udev's README.Debian when building for Debian.
+ (Closes: #776546)
+ * Create system group "input" which was introduced in 215. (LP: #1414409)
+ * ifup@.service: Don't fail if the interface is not configured in
+ /etc/network/interfaces at all. (LP: #1414426)
+
+ [ Michael Biebl ]
+ * Update Vcs-Browser URL to use cgit and https.
+ * Map $x-display-manager LSB facility to display-manager.service instead of
+ making it a target. Using a target had the downside that multiple display
+ managers could hook into it at the same time which could lead to several
+ failed start attempts for the non-default display manager.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 01 Feb 2015 20:48:49 +0100
+
+systemd (218-6) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * initramfs hook: Install 61-persistent-storage-android.rules if it exists.
+ * Generate POT file during package build, for translators.
+ * Pull latest keymaps from upstream git.
+ * Order ifup@.service and networking.service after network-pre.target.
+ (Closes: #766938)
+ * Tone down "Network interface NamePolicy= disabled on kernel commandline,
+ ignoring" info message to debug, as we expect this while we disable
+ net.ifnames by default. (Closes: #762101, LP: #1411992)
+
+ [ Michael Biebl ]
+ * Ship bash-completion for udevadm. (Closes: #776166)
+ * Drop rc-local generator in favor of statically enabling rc-local.service,
+ and drop halt-local.service which is unnecessary on Debian.
+ (Closes: #776170)
+ * Drop the obsolete libsystemd-* libraries, there are no reverse
+ dependencies left.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 26 Jan 2015 15:45:45 +0100
+
+systemd (218-5) experimental; urgency=medium
+
+ * Drop logger.agent. It hasn't been called from any udev rule for a long
+ time, and looks obsolete.
+ * debian/rules: Configure with --disable-firstboot to replace some manual
+ file removals.
+ * debian/rules: Remove manual file installation, move them to
+ debian/*.install. Move all Debian specific installed files to
+ debian/extra/.
+ * Merge some changes from the Ubuntu package to reduce the delta; these only
+ apply when building on/for Ubuntu:
+ - Add 40-hyperv-hotadd.rules: Workaround for LP: #1233466.
+ - Add 61-persistent-storage-android.rules to create persistent symlinks
+ for partitions with PARTNAME. By Ricardo Salveti.
+ - Add 71-power-switch-proliant.rules for supporting the power switches of
+ ProLiant Server Cartridges. By Dann Frazier.
+ - Add 78-graphics-card.rules: Mark KMS capable graphics devices as
+ PRIMARY_DEVICE_FOR_DISPLAY so that we can wait for those in plymouth.
+ By Scott James Remnant.
+ - Don't install the Debian *.agent scripts. Instead, have Ubuntu's
+ 80-networking.rules directly pull in ifup@.service, which is much easier
+ and more efficient.
+ * Make EPERM/EACCESS when applying OOM adjustment for forked processes
+ non-fatal. This happens in user namespaces like unprivileged LXC
+ containers.
+ * Fix assertion failure due to /dev/urandom being unmounted when shutting
+ down unprivileged containers. Thanks Stéphane Graber.
+ * Enable EFI support. This mostly auto-mounts /sys/firmware/efi/efivars, but
+ also provides a generator for auto-detecting the root and the /boot/efi
+ partition if they aren't in /etc/fstab. (Closes: #773533)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 22 Jan 2015 16:13:46 +0100
+
+systemd (218-4) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * sysv-generator: handle Provides: for non-virtual facility names.
+ (Closes: #774335)
+ * Fix systemd-remount-fs.service to not fail on remounting /usr if /usr
+ isn't mounted yet. This happens with initramfs-tools < 0.118 which we
+ might not get into Jessie any more. (Closes: #742048)
+
+ [ Martin Pitt ]
+ * fstab-generator: Handle mountall's non-standard "nobootwait" and
+ "optional" options. ("bootwait" is already the systemd default behaviour,
+ and "showthrough" is irrelevant here, so both can be ignored).
+ * Add autopkgtest for one-time boot with upstart when systemd-sysv is
+ installed. This test only works under Ubuntu which has a split out
+ upstart-bin package, and will be skipped under Debian.
+ * debian/ifup@.service: Check if ifup succeeds by calling ifquery, to
+ work around ifup not failing on invalid interfaces (see #773539)
+ * debian/ifup@.service: Set proper service type (oneshot).
+ * sysv-generator: Handle .sh suffixes when translating Provides:.
+ (Closes: #775889)
+ * sysv-generator: Make real units overwrite symlinks generated by Provides:
+ from other units. Fixes failures due to presence of backup or old init.d
+ scripts. (Closes: #775404)
+ * Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN.
+ (Closes: #775067)
+ * Re-enable AppArmor support, now that libapparmor1 moved to /lib. Add
+ versioned dependency as long as this is still only in experimental.
+ (Closes: #775331)
+ * Add some missing dpkg and ucf temp files to the "hidden file" filter, to
+ e. g. avoid creating units for them through the sysv-generator.
+ (Closes: #775903)
+ * Silence useless warning about /etc/localtime not being a symlink. This is
+ deliberate in Debian with /usr (possibly) being on a separate partition.
+ (LP: #1409594)
+
+ [ Christian Kastner ]
+ * Use common-session-noninteractive in systemd-user's PAM config, instead of
+ common-session. The latter can include PAM modules like libpam-mount which
+ expect to be called just once and/or interactively, which already happens
+ for login, ssh, or the display-manager. Add pam_systemd.so explicitly, as
+ it's not included in -noninteractive, but is always required (and
+ idempotent). There is no net change on systemd which don't use manually
+ installed PAM modules. (Closes: #739676)
+
+ [ Michael Biebl ]
+ * Make sure we run debian-fixup.service after /var has been mounted if /var
+ is on a separate partition. Otherwise we might end up creating the
+ /var/lock and /var/run symlink in the underlying root filesystem.
+ (Closes: #768644)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 21 Jan 2015 15:57:50 +0100
+
+systemd (218-3) experimental; urgency=medium
+
+ * build-logind autopkgtest: Re-enforce that sd_login_monitor_new() succeeds,
+ and restrict this test to isolation-container. (Reproduces LP #1400203)
+ * Bring back patch to make sd_login_monitor_new() work under other init
+ systems where /sys/fs/cgroup/systemd/machine does not exist.
+ (LP: #1400203)
+ * build-login autopkgtest: Build against libsystemd, not libsystemd-login
+ any more.
+ * Add debian/extra/systemd-vconsole-setup.service dependency shim for
+ the console-setup init script, to avoid breaking dependencies of
+ third-party packages. Install it for Ubuntu only for now, as in Debian
+ plymouth's unit got adjusted. (LP: #1392970, Debian #755194)
+ * Mark systemd{,-sysv} as M-A: foreign (thanks lintian).
+ * Quiesce maintainer-script-calls-systemctl lintian warning.
+ * Quiesce possibly-insecure-handling-of-tmp-files lintian warning, it's
+ wrong there (we are handling tmpfiles.d/ files which are not in a temp
+ dir).
+ * Use dh_installinit's --noscript instead of --no-start for the upstart
+ jobs without sysvinit scripts (thanks lintian).
+ * Put systemd.pc into arch specific pkgconfig dir, as it contains the arch
+ specific libdir value.
+ * Don't enable audit by default. It causes flooding of dmesg and syslog,
+ suppressing actually important messages. (Closes: #773528)
+ * Cherrypick various bug fixes in loopback device setup and netlink socket
+ communication. Fixes massive CPU usage due to tight retry loops in user
+ LXC containers.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 29 Dec 2014 14:55:35 +0100
+
+systemd (218-2) experimental; urgency=medium
+
+ * boot-and-services AppArmor autopkgtest: Stop checking the dmesg log; it is
+ racy as sometimes message bursts are suppressed.
+ * Fix crash in timedatectl with Etc/UTC.
+ * Prefer-etc-X11-default-display-manager-if-present.patch: Drop wrong
+ copy&paste'd comment, fix log strings. Thanks Adam D. Barratt.
+ * boot-and-services: Robustify Nspawn tests, and show systemd-nspawn output
+ on failure.
+ * Disable tests which fail on buildds, presumably due to too old kernels,
+ misconfigured /etc/hosts, and similar problems. Make failures of the test
+ suite fatal now.
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 16 Dec 2014 08:24:38 +0100
+
+systemd (218-1) experimental; urgency=medium
+
+ * New upstream release. Drop all cherry-picked patches and port the Debian
+ specific ones.
+ - Create /etc/machine-id on boot if missing. (LP: #1387090)
+ * Add new libmount-dev build dependency.
+ * Configure with --enable-split-usr.
+ * Merge some permanent Ubuntu changes, using dpkg-vendor:
+ - Don't symlink udev doc directories.
+ - Add epoch to gudev packages; Ubuntu packaged the standalone gudev before
+ it got merged into udev.
+ - Add Apport hooks for udev and systemd.
+ * udev-fallback-graphics upstart job: Guard the modprobe with || true to
+ avoid a failure when vesafb is compiled in. (LP: #1367241)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 14 Dec 2014 13:58:39 +0100
+
+systemd (217-4) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * Reinstate a debian/extra/rules/50-firmware.rules which immediately tells
+ the kernel that userspace firmware loading failed. Otherwise it tries for a
+ minute to call the userspace helper (if CONFIG_FW_LOADER_USER_HELPER is
+ enabled) in vain, which causes long delays with devices which have a range
+ of possible firmware versions. (LP: #1398458)
+ * debian/systemd.postinst: Don't always restart journald, as this currently
+ can't be done without losing the current journal and breaking attached
+ processes. So only restart it from upgrades < 215-3 (where the socket
+ location got moved) as an one-time upgrade path from wheezy.
+ (Closes: #771122)
+ * Revert "Modify insserv generator to mask sysvinit-only display managers".
+ This is still under dispute, a bit risky, and might get a different
+ implementation. Also, nodm really needs to be fixed properly, working
+ around it is both too risky and also too hard to get right.
+
+ [ Didier Roche ]
+ * Add display managers autopkgtests.
+ * Reset display-manager symlink to match /e/X/d-d-m even if
+ display-manager.service was removed. Adapt the autopkgtests for it.
+ (LP: #1400680)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 11 Dec 2014 18:06:54 +0200
+
+systemd (217-3) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * systemd.bug-script: Really capture stderr of systemd-delta.
+ (Closes: #771498)
+ * boot-and-services autopkgtest: Give test apparmor job some time to
+ actually finish.
+
+ [ Didier Roche ]
+ * updated debian/patches/insserv.conf-generator.patch:
+ - if /etc/X11/default-display-manager doesn't match a systemd unit
+ (or doesn't exist), be less agressive about what to mask: we let
+ all sysvinit-only display-manager units enabled to fallback to previous
+ behavior and let them starting. (Closes: #771739)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 02 Dec 2014 16:53:36 +0100
+
+systemd (217-2) experimental; urgency=medium
+
+ * Re-enable journal forwarding to syslog, until Debian's sysloggers
+ can/do all read from the journal directly.
+ * Fix hostnamectl exit code on success.
+ * Fix "diff failed with error code 1" spew with systemd-delta.
+ (Closes: #771397)
+ * Re-enable systemd-resolved. This wasn't meant to break the entire
+ networkd, just disable the new NSS module. Remove that one manually
+ instead. (Closes: #771423, LP: #1397361)
+ * Import v217-stable patches (up to commit bfb4c47 from 2014-11-07).
+ * Disable AppArmor again. This first requires moving libapparmor to /lib
+ (see #771667). (Closes: #771652)
+ * systemd.bug-script: Capture stderr of systemd-{delta,analyze}.
+ (Closes: #771498)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 01 Dec 2014 15:09:09 +0100
+
+systemd (217-1) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release. Drop all cherry-picked patches and port the Debian
+ specific ones.
+ * Disable systemd-resolved for now. It still needs to mature, and
+ integration into Debian should be discussed first.
+ * Bump util-linux dependency to >= 2.25 as per NEWS.
+ * Drop installation of 50-firmware.rules, not shipped upstream any more.
+ Firmware loading is now exclusively done by the kernel.
+ * Drop installation of readahead related services and code, readahead got
+ dropped in this version.
+ * Ship new networkctl CLI tool.
+ * debian/libsystemd0.symbols: Add new symbols from this release.
+ * debian/rules: Call dpkg-gensymbols with -c4 to immediately spot
+ changed/missing symbols during build.
+ * boot-and-services autopkgtest: Test AppArmor confined units (LP #1396270)
+ * Create new "systemd-journal-remote" system group, for
+ systemd-tmpfiles-setup.service.
+
+ [ Marc Deslauriers ]
+ * Build-depend on libapparmor-dev to enable AppArmor support. (LP: #1396270)
+
+ [ Didier Roche ]
+ * Handle display-manager transitions: (Closes: #748668)
+ - Add a generator to ensure /etc/X11/default-display-manager is controlling
+ which display-manager is started.
+ - Modify insserv generator to mask of sysvinit-only dms with insserv
+ $x-display-manager tag if they don't match
+ /etc/X11/default-display-manager. This avoids starting multiple dms at
+ boot.
+ * Cherry-pick Shared-add-readlink_value.patch as using that function in the
+ generator.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 28 Nov 2014 10:53:58 +0100
+
+systemd (215-18) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * manager: Pass correct errno to strerror(), have_ask_password contains
+ negative error values which have to be negated when being passed to
+ strerror().
+
+ [ Martin Pitt ]
+ * Revert upstream commit 743970d which immediately SIGKILLs units during
+ shutdown. This leads to problems like bash not being able to write its
+ history, mosh not saving its state, and similar failed cleanup actions.
+ (Closes: #784720, LP: #1448259)
+ * write_net_rules: Escape '{' and '}' characters as well, to make this work
+ with busybox grep. Thanks Faidon Liambotis! (Closes: #765577)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 21 May 2015 15:49:30 +0200
+
+systemd (215-17) unstable; urgency=high
+
+ * cryptsetup: Implement offset and skip options. (Closes: #751707,
+ LP: #953875)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 16 Apr 2015 10:26:46 -0500
+
+systemd (215-16) unstable; urgency=medium
+
+ [ Christian Seiler ]
+ * Don't run hwclock-save.service in containers. (Closes: #782377)
+
+ [ Michael Biebl ]
+ * Do not print anything while passwords are being queried. This should make
+ password prompts without plymouth more usable. (Closes: #765013)
+ * Skip filesystem check if already done by the initramfs. (Closes: #782522)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 13 Apr 2015 19:42:32 +0200
+
+systemd (215-15) unstable; urgency=medium
+
+ [ Adam Conrad ]
+ * debian/systemd.{triggers,postinst}: Trigger a systemctl daemon-reload
+ when init scripts are installed or removed (Closes: #766429)
+
+ [ Martin Pitt ]
+ * Fix getty restart loop when PTS device is gone. (Closes: #780711)
+ * Run timesyncd in virtual machines. (Closes: #762343)
+ * Make logind work in environments without CAP_SYS_ADMIN (mostly
+ containers). Thanks Christian Seiler for the backporting!
+ (Closes: #778608)
+ * Check for correct signatures when setting properties. Fixes systemd
+ getting stuck on trying to set invalid property types. (Closes: #781602)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 09 Apr 2015 10:12:37 +0200
+
+systemd (215-14) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Map $x-display-manager LSB facility to display-manager.service instead of
+ making it a target. Using a target had the downside that multiple display
+ managers could hook into it at the same time which could lead to several
+ failed start attempts for the non-default display manager.
+ * Update insserv-generator and map $x-display-manager to
+ display-manager.service, following the recent change in sysv-generator.
+ This avoids creating references to a no longer existing
+ x-display-manager.target unit.
+ * Cherry-pick upstream fix to increase the SendBuffer of /dev/log to 8M.
+
+ [ Martin Pitt ]
+ * scope: Make attachment of initial PIDs more robust. Fixes crash with
+ processes that get started by an init.d script with a different (aliased)
+ name when the cgroup becomes empty. (Closes: #781210)
+ * boot-and-services, display-managers autopkgtests: Add missing python3 test
+ dependency.
+ * Don't attempt to mount the same swap partition twice through different
+ device node aliases. (Closes: #772182, LP: #1399595)
+
+ [ Christian Seiler ]
+ * Make the journald to syslog forwarding more robust by increasing the
+ maximum datagram queue length from 10 to 512. (Closes: #762700)
+
+ [ Marco d'Itri ]
+ * Avoid writing duplicate entries in 70-persistent-net.rules by double
+ checking if the new udev rule has already been written for the given
+ interface. This happens if multiple add events are generated before the
+ write_net_rules script returns and udevd renames the interface.
+ (Closes: #765577)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 30 Mar 2015 13:26:52 +0200
+
+systemd (215-13) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Add hwclock-save.service to sync the system clock to the hardware clock on
+ shutdown, to provide monotonic time for reboots. (Note: this is a hack for
+ jessie; the next Debian release will enable timesyncd by default).
+ (Closes: #755722)
+ * Check for correct architecture identifiers for SuperH. (Closes: #779710)
+ * networkd: Fix stopping v4 dhcpclient when the carrier is lost. Thanks
+ Christos Trochalakis! (Closes: #779571)
+ * Fix segfault with units that depend on themselves. (Closes: #780675)
+ * tmpfiles-setup-dev: Call tmpfiles with --boot to allow unsafe device
+ creation. Fixes creation of static device nodes with kmod 20.
+ (Closes: #780263)
+
+ [ Christian Seiler ]
+ * core: Don't migrate PIDs for units that may contain subcgroups.
+ This stops messing up lxc/libvirt/other custom cgroup layouts after
+ daemon-reload. (Closes: #777164)
+ * sysv-generator: add support for /etc/insserv/overrides. (Closes: #759001)
+
+ [ Michael Biebl ]
+ * debian/udev.init: Recognize '!' flag with static device lists, to work
+ with kmod 20. (Closes: #780263)
+
+ [ Didier Roche ]
+ * Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds
+ an After relationship. (Closes: #779902)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 26 Mar 2015 14:23:35 +0100
+
+systemd (215-12) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/udev.README.Debian: Trim the parts which are obsolete, wrong, or
+ described in manpages. Only keep the Debian specific bits.
+ (Part of #776546)
+ * Actually install udev's README.Debian when building for Debian.
+ (Closes: #776546)
+ * Only start logind if dbus is installed. This fixes the noisy startup
+ failure in environments without dbus such as LXC containers or servers.
+ (part of #772700)
+ * Add getty-static.service unit which starts getty@.service on tty 2 to 6 if
+ dbus is not installed, and hence logind cannot auto-start them on demand.
+ (Closes: #772700)
+ * Add unit-config autopkgtest to check systemd unit/sysv init enabling and
+ disabling via systemctl. This avoids bugs like #777613 (did not affect
+ unstable).
+ * cgroup: Don't trim cgroup trees created by someone else, just the ones
+ that systemd itself created. This avoids cleaning up empty cgroups from
+ e.g. LXC. (Closes: #777601)
+ * boot-and-services autopkgtest: Add CgroupsTest to check cgroup
+ creation/cleanup behaviour. This reproduces #777601 and verifies the fix
+ for it.
+ * rules: Fix by-path of mmc RPMB partitions and don't blkid them. Avoids
+ kernel buffer I/O errors and timeouts. (LP: #1333140)
+ * Document systemctl --failed option. (Closes: #767267)
+
+ [ Michael Biebl ]
+ * core: Don't fail to run services in --user instances if $HOME is missing.
+ (Closes: #759320)
+
+ [ Didier Roche ]
+ * default-display-manager-generator: Avoid unnecessary /dev/null symlink and
+ warning if there is no display-manager.service unit.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 13 Feb 2015 12:08:31 +0100
+
+systemd (215-11) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * escape-beef-up-new-systemd-escape-tool.patch: Avoid creating a dangling
+ symlink, to work around regression in recent patch (see #776257).
+ * Order ifup@.service and networking.service after network-pre.target.
+ (Closes: #766938)
+ * Tone down "Network interface NamePolicy= disabled on kernel commandline,
+ ignoring" info message to debug, as we expect this while we disable
+ net.ifnames by default. (Closes: #762101, LP: #1411992)
+ * logind: handle closing sessions over daemon restarts. (Closes: #759515,
+ LP: #1415104)
+ * logind: Fix sd_eviocrevoke ioctl call, to make forced input device release
+ after log out actually work.
+ * debian/patches/series: Move upstreamed patches into the appropriate
+ section.
+
+ [ Michael Biebl ]
+ * Make sure we run debian-fixup.service after /var has been mounted if /var
+ is on a separate partition. Otherwise we might end up creating the
+ /var/lock and /var/run symlink in the underlying root filesystem.
+ (Closes: #768644)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 29 Jan 2015 09:01:54 +0100
+
+systemd (215-10) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * sysv-generator: Handle .sh suffixes when translating Provides:.
+ (Closes: #775889)
+ * sysv-generator: Make real units overwrite symlinks generated by Provides:
+ from other units. Fixes failures due to presence of backup or old init.d
+ scripts. (Closes: #775404)
+ * Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN.
+ (Closes: #775067)
+
+ [ Christian Kastner ]
+ * Use common-session-noninteractive in systemd-user's PAM config, instead of
+ common-session. The latter can include PAM modules like libpam-mount which
+ expect to be called just once and/or interactively, which already happens
+ for login, ssh, or the display-manager. Add pam_systemd.so explicitly, as
+ it's not included in -noninteractive, but is always required (and
+ idempotent). There is no net change on systemd which don't use manually
+ installed PAM modules. (Closes: #739676)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 21 Jan 2015 13:18:05 +0100
+
+systemd (215-9) unstable; urgency=medium
+
+ [ Didier Roche ]
+ * Add display managers autopkgtests.
+ * Reset display-manager symlink to match /e/X/d-d-m even if
+ display-manager.service was removed. Adapt the autopkgtests for it.
+
+ [ Martin Pitt ]
+ * Prefer-etc-X11-default-display-manager-if-present.patch: Drop wrong
+ copy&paste'd comment, fix log strings. Thanks Adam D. Barratt.
+ * Log all members of cyclic dependencies (loops) even with quiet on the
+ kernel cmdline. (Closes: #770504)
+ * Don't auto-clean PrivateTmp dir in /var/tmp; in Debian we don't want to
+ clean /var/tmp/ automatically. (Closes: #773313)
+
+ [ Michael Biebl ]
+ * sysv-generator: handle Provides: for non-virtual facility names.
+ (Closes: #774335)
+ * Fix systemd-remount-fs.service to not fail on remounting /usr if /usr
+ isn't mounted yet. This happens with initramfs-tools < 0.118 which we
+ might not get into Jessie any more. (Closes: #742048)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 13 Jan 2015 11:24:43 +0100
+
+systemd (215-8) unstable; urgency=medium
+
+ [ Didier Roche ]
+ * Cherry-pick shared-add-readlink_value.patch, we will use that function in
+ the generator.
+ * Cherry-pick util-allow-strappenda-to-take-any-number-of-args.patch, we
+ will use that function in the generator.
+ * Handle multiple display managers which don't ship a systemd unit or the
+ corresponding postinst logic for updating display-manager.service: Add a
+ generator to ensure /etc/X11/default-display-manager is controlling which
+ display-manager is started. (Closes: #771287)
+
+ [ Sjoerd Simons ]
+ * d/p/core-Fix-bind-error-message.patch:
+ + Added. Fix error message on bind failure to print the full path
+ * d/p/core-Make-binding-notify-private-dbus-socket-more-ro.patch:
+ + Added. Be more robust when binding private unix sockets (Based on current
+ upstream logic) (Closes: #761306)
+
+ [ Martin Pitt ]
+ * Clean up ...journal~ files from unclean shutdowns. (Closes: #771707)
+ * debian/systemd.postinst: Don't always restart journald, as this currently
+ can't be done without losing the current journal and breaking attached
+ processes. So only restart it from upgrades < 215-3 (where the socket
+ location got moved) as an one-time upgrade path from wheezy.
+ (Closes: #771122)
+ * journalctl: Fix help text for --until. (Closes: #766598)
+ * Bump systemd's udev dependency to >= 208-8, so that on partial upgrades we
+ make sure that the udev package has appropriate Breaks:. In particular,
+ this avoids installing current udev with kmod << 14. (Closes: #771726)
+
+ [ Michael Biebl ]
+ * systemd.postinst: Move unit enablement after restarting systemd, so that
+ we don't fail to enable units with keywords that wheezy's systemd does not
+ understand yet. Fixes enabling getty units on wheezy upgrades with
+ systemd. (Closes: #771204)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 05 Dec 2014 10:01:24 +0100
+
+systemd (215-7) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Add myself to Uploaders.
+ * Add boot-and-services autopkgtest: Check booting with systemd-sysv and
+ that the most crucial services behave as expected.
+ * logind autopkgtest: Fix stderr output in waiting loop for scsi_debug.
+ * Add nspawn test to boot-and-services autopkgtest.
+ * Make systemd-nspawn@.service work out of the box: (Closes: #770275)
+ - Pre-create /var/lib/container with a secure mode (0700) via tmpfiles.d.
+ - Add new try-{guest,host} modes for --link-journal to silently skip
+ setting up the guest journal if the host has no persistent journal.
+ - Extend boot-and-services autopkgtest to cover systemd-nspawn@.service.
+ * Cherry-pick upstream patch to fix SELinux unit access check (regression
+ in 215).
+ * sysv-generator: Avoid wrong dependencies for failing units. Thanks to
+ Michael Biebl for the patch! (Closes: #771118)
+ * Cherry-pick patches to recognize and respect the "discard" mount option
+ for swap devices. Thanks to Aurelien Jarno for finding and testing!
+ (Closes: #769734)
+
+ [ Jon Severinsson]
+ * Add /run/shm -> /dev/shm symlink in debian/tmpfiles.d/debian.conf. This
+ avoids breakage in Jessie for packages which still refer to /run/shm, and
+ while https://wiki.debian.org/ReleaseGoals/RunDirectory is still official.
+ (LP: #1320534, Closes: #674755).
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 28 Nov 2014 06:43:15 +0100
+
+systemd (215-6) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Cherry-pick upstream patch to fix udev crash in link_config_get().
+ * Cherry-pick upstream patch to fix tests in limited schroot environments.
+ * Add d/p/Add-env-variable-for-machine-ID-path.patch: Allow specifying an
+ alternate /etc/machine-id location. This is necessary for running tests
+ as long as it isn't in our base images (see Debian #745876)
+ * Run tests during package build. For the first round don't make them fatal
+ for now (that will happen once we see results from all the architectures).
+ * Drop our Check-for-kmod-binary.patch as the upstream patch
+ units-conditionalize-static-device-node-logic-on-CAP.patch supersedes it.
+ * Drop Use-comment-systemd.-syntax-in-systemd.mount-man-pag.patch, as
+ our util-linux is now recent enough. Bump dependency to >= 2.21.
+ * Adjust timedated and hostnamed autopkgtests to current upstream version.
+ * Replace our Debian hwdb.bin location patch with what got committed
+ upstream. Run hwdb update with the new --usr option to keep current
+ behaviour.
+ * debian/README.Debian: Document how to debug boot or shutdown problems with
+ the debug shell. (Closes: #766039)
+ * Skip-99-systemd.rules-when-not-running-systemd-as-in.patch: Call path_id
+ under all init systems, to get consistent ID_PATH attributes. This is
+ required so that tools like systemd-rfkill can be used with SysVinit or
+ upstart scripts, too. (LP: #1387282)
+ * Switch libpam-systemd dependencies to prefer systemd-shim over
+ systemd-sysv, to implement the CTTE decision #746578. This is a no-op on
+ systems which already have systemd-sysv installed, but will prevent
+ installing that on upgrades. (Closes: #769747)
+ * Remove Tollef from Uploaders: as per his request. Thanks Tollef for all
+ you work!
+ * net.agent: Properly close stdout/err FDs, to avoid long hangs during udev
+ settle. Thanks to Ben Hutchings! (Closes: #754987)
+ * Bump Standards-Version to 3.9.6 (no changes necessary).
+
+ [ Didier Roche ]
+ * debian/ifup@.service: add a ConditionPath on /run/network, to avoid
+ failing the unit if /etc/init.d/networking is disabled. (Closes: #769528)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 18 Nov 2014 12:37:22 +0100
+
+systemd (215-5) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Unblacklist hyperv_fb again, it is needed for graphical support on Hyper-V
+ platforms. Thanks Andy Whitcroft! (LP: #1359933)
+ * Bump systemd-shim Depends/Breaks to 8-2 to ensure a lockstep upgrade.
+ (Closes: #761947)
+
+ [ Sjoerd Simons ]
+ * d/p/sd-bus-Accept-no-sender-as-the-destination-field.patch
+ + Fix compatibility between systemctl v215 and v208. Resolves issue when
+ reloads of services is requested before systemd is re-execed
+ (Closes: #762146)
+
+ [ Michael Biebl ]
+ * Don't overmount existing /run/user/<UID> directories with a per-user tmpfs
+ on upgrades. (Closes: #762041)
+ * Re-enable mount propagation for udevd. This avoids that broken software
+ like laptop-mode-tools, which runs mount from within udev rules, causes
+ the root file system to end up read-only. (Closes: #762018)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 27 Sep 2014 17:49:47 +0200
+
+systemd (215-4) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Michael Biebl <biebl@debian.org> Mon, 15 Sep 2014 17:38:30 +0200
+
+systemd (215-3) experimental; urgency=medium
+
+ [ Ben Howard ]
+ * 75-persistent-net-generator.rules: Fix matches of HyperV. (LP: #1361272)
+
+ [ Martin Pitt ]
+ * 75-persistent-net-generator.rules: Add new MS Azure MAC prefix 00:25:ae.
+ (LP: #1367883)
+
+ [ Michael Biebl ]
+ * Update upstream v215-stable patch series.
+ * The /dev/log socket and /dev/initctl FIFO have been moved to /run and
+ replaced by symlinks. Create the symlinks manually on upgrades as well.
+ (Closes: #761340)
+ * Fix incorrect paths in man pages. (LP: #1357782, Closes: #717491)
+ * Make systemd recommend dbus so it is installed on upgrades. The dbus
+ system bus is required to run systemd-logind and the autovt feature relies
+ on logind. (Closes: #758111)
+ * Bump dependency on systemd-shim to (>= 7-2) to ensure we have a version
+ which supports systemd >= 209.
+ * Rework bug-script to be more upfront about what kind of data is gathered
+ and ask the user for permission before attaching the information to the
+ bug report. (Closes: #756248)
+
+ [ Sjoerd Simons ]
+ * d/p/buildsys-Don-t-default-to-gold-as-the-linker.patch
+ + Don't explicitly pick gold as the default linker. Fixes FTBFS on sparc
+ (Closes: #760879)
+
+ -- Sjoerd Simons <sjoerd@debian.org> Sun, 14 Sep 2014 20:14:49 +0200
+
+systemd (215-2) experimental; urgency=medium
+
+ * debian/patches/always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch
+ + Added. Fix checking of system endianness. Fixes FTBFS on powerpc
+ * debian/patches/timesyncd-when-we-don-t-know-anything-about-the-netw.patch:
+ + Let timesyncd go online even if networkd isn't running (from upstream
+ git) (Closes: #760087)
+ * debian/rules: add systemd-update-utmp-runlevel.service to
+ {poweroff, rescue, multi-user, graphical, reboot}.target.wants to trigger
+ the runlevel target to be loaded
+
+ -- Sjoerd Simons <sjoerd@debian.org> Sun, 07 Sep 2014 23:46:02 +0200
+
+systemd (215-1) experimental; urgency=medium
+
+ * New upstream release.
+ * Import upstream v215-stable patch series.
+ * Rebase remaining Debian patches on top of v215-stable.
+ * Drop our Debian-specific run-user.mount unit as upstream now creates a
+ per-user tmpfs via logind.
+ * Don't rely on new mount from experimental for now and re-add the patch
+ which updates the documentation accordingly.
+ * Cherry-pick upstream fix to use correct versions for the new symbols that
+ were introduced in libudev.
+ * Update symbols files
+ - Add two new symbols for libudev1.
+ - Remove private symbol from libgudev-1.0-0. This symbol was never part of
+ the public API and not used anywhere so we don't need a soname bump.
+ * Cherry-pick upstream commit to not install busname units if kdbus support
+ is disabled.
+ * Make /run/lock tmpfs an API fs so it is available during early boot.
+ (Closes: #751392)
+ * Install new systemd-path and systemd-escape binaries.
+ * Cherry-pick upstream commit which fixes the references to the systemctl
+ man page. (Closes: #760613)
+ * Use the new systemd-escape utility to properly escape the network
+ interface name when starting an ifup@.service instance for hotplugged
+ network interfaces. Make sure a recent enough systemd version is installed
+ by bumping the versioned Breaks accordingly. (Closes: #747044)
+ * Order ifup@.service after networking.service so we don't need to setup the
+ runtime directory ourselves and we have a defined point during boot when
+ hotplugged network interfaces are started.
+ * Disable factory-reset feature and remove files associated with it. This
+ feature needs more integration work first before it can be enabled in
+ Debian.
+ * Cherry-pick upstream commit to fix ProtectSystem=full and make the
+ ProtectSystem= option consider /bin, /sbin, /lib and /lib64 (if it exists)
+ on Debian systems. (Closes: #759689)
+ * Use adduser in quiet mode when creating the system users/groups to avoid
+ warning messages about the missing home directories. Those are created
+ dynamically during runtime. (Closes: #759175)
+ * Set the gecos field when creating the system users.
+ * Add systemd-bus-proxy system user so systemd-bus-proxyd can properly drop
+ its privileges.
+ * Re-exec systemd and restart services at the end of postinst.
+ * Cherry-pick upstream commit for sd-journal to properly convert
+ object->size on big endian which fixes a crash in journalctl --list-boots.
+ (Closes: #758392)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 07 Sep 2014 09:58:48 +0200
+
+systemd (214-1) experimental; urgency=medium
+
+ * New upstream release v214.
+ (Closes: #750793, #749268, #747939)
+
+ [ Jon Severinsson ]
+ * Import upstream v214-stable patch series.
+ - Rebase remaining Debian patches on top of v214-stable.
+ - Drop modifications to the now-removed built-in sysvinit support.
+ * Install the new combined libsystemd0 library, this library combines all
+ functionality of the various libsystemd-* libraries.
+ - Deprecate the old libsystemd-* libraries as they've been bundled into
+ libsystemd0. The old -dev files now just carry a transitional .pc file.
+ - Add new symbols file for libsystemd0.
+ * Update symbols file for libgudev-1.0-0.
+ * Remove pre-generated rules and unit files in debian/rules clean target.
+ * Add new systemd service users in systemd postinst (systemd-timesync,
+ systemd-network, systemd-resolve)
+ * Add new system group "input" used by udev rules in udev postinst.
+ * Try-restart networkd, resolved, and timesyncd after an upgrade.
+ * Do not force-enable default-on services on every upgrade.
+ * Add support for rcS.d init scripts to the sysv-generator.
+ - Do not order rcS.d services after local-fs.target if they do not
+ explicitly depend on $local_fs.
+ - Map rcS.d init script dependencies to their systemd equivalent.
+ - Special-case some dependencies for sysv init scripts for better
+ backwards compatibility. (Closes: #726027, #738965).
+ * Add systemd depends on new mount. (Closes: #754411)
+ * Update /run/initctl symlink target in debian/tmpfiles.d/debian.conf.
+ * Remove stored backlog state, rfkill state, random-seed and clock
+ information from /var/lib/systemd on systemd purge.
+
+ [ Sjoerd Simons ]
+ * debian/patches/shared-include-stdbool.h-in-mkdir.h.patch
+ + Added. Include stdbool before using bool in function prototypes. Fixes
+ build of the insserv generator
+ * Add python-lxml to build-depends for python-systemd
+ * Turn on parallel build support
+ * Install the new busctl binary and translations
+ * Explicitly disable microhttp so the package build doesn't fail if the
+ required dependencies for it happen to be installed.
+ * debian/control: Make udev break plymouth (<< 0.9.0-7) as older plymouths
+ assume udev implementation details that have changed slightly since v213
+ * debian/control: Remove b-d on librwap0-dev
+ * debian/control: Bump libkmod-dev b-d to >= 15
+ * debian/rules: Drop outdated --enable-tcpwrap
+ * debian/rules: Explicitly turn off rfkill, networkd, timesyncd and resolved
+ for the udeb build
+ * debian/rules: Use the debian ntp pool as default ntp servers
+ * debian/rules: explicitely configure the maximum system uid/gids instead of
+ relying on autodetection
+
+ -- Sjoerd Simons <sjoerd@debian.org> Sun, 24 Aug 2014 14:54:27 +0200
+
+systemd (208-8) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Fix duplicate line in copyright. (Closes: #756899)
+ * Drop --disable-xattr configure option for udeb, does not exist any more.
+ * Add Turkish debconf translations. Thanks Mert Dirik! (Closes: #757498)
+ * Backport fix for lazy session-activation on non-seat0 seats.
+ (LP: #1355331)
+
+ [ Michael Biebl ]
+ * Use "kmod static-nodes --output=/proc/self/fd/1" in make_static_nodes() as
+ we can't rely on /dev/stdout to exist at this point during boot.
+ (Closes: #757830)
+ * Fix udev SysV init script and d-i start script to not write to
+ /sys/kernel/uevent_helper unconditionally to not fail on a kernel with
+ CONFIG_UEVENT_HELPER unset. (Closes: #756312)
+ * Add Breaks: kmod (<< 14) to udev to make sure we have a kmod version
+ supporting the static-nodes command.
+ * Add Breaks: systemd (<< 208) to udev to avoid partial upgrades. Newer udev
+ versions rely on kmod-static-nodes.service being provided by systemd.
+ (Closes: #757777)
+ * Updated upstream v208-stable patch series to 53b1b6c.
+ * Cherry-pick upstream fix to ignore temporary dpkg files. (Closes: #757302)
+ * Make emergency.service conflict with rescue.service.
+ Otherwise if rescue mode is selected during boot and the emergency mode
+ is triggered (e.g. via a broken fstab entry), we have two sulogin
+ processes fighting over the tty. (Closes: #757072)
+ * Stop syslog.socket when entering emergency mode as otherwise every log
+ message triggers the start of the syslog service and its dependencies
+ which conflicts with emergency.target. (Closes: #755581)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 21 Aug 2014 00:14:21 +0200
+
+systemd (208-7) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Mask remaining services provided by the initscripts package and document
+ in more detail why certain services have been masked. (Closes: #659264)
+ * Install zsh completions to the correct place. (Closes: #717540)
+
+ [ Jon Severinsson ]
+ * Cherry-pick upstream fix for journal file permissions. (Closes: #755062)
+ * Map some rcS.d init script dependencies to their systemd equivalent.
+ * Update Depends on initscripts to the version with a systemd-compatible
+ mountnfs ifup hook. (Closes: #746358)
+ * Add Breaks on lvm2 versions without native systemd support.
+ (Closes: #678438, #692120)
+ * Do not fail udev upgrades if the udev service is already runtime-masked
+ when the preinst script is run. (Closes: #755746)
+ * Add Pre-Depends on systemd to systemd-sysv, to avoid risking that the
+ sysv-compatible symlinks become dangling on a partial install.
+ * Ensure that systemctl is usable right after being unpacked, by adding the
+ required Pre-Depends to systemd and libsystemd-daemon0. (Closes: #753589)
+ * Add support for TuxOnIce hibernation. (Closes: #746463)
+
+ [ Martin Pitt ]
+ * Rename "api" autopkgtest to "build-login", and stop requiring that
+ sd_login_monitor_new() succeeds. It doesn't in many environments like
+ schroot or after upgrades from < 204, and the main point of the test is
+ to check that libsystemd-login-dev has correct contents and dependencies.
+ Drop "isolation-machine" requirement.
+ * Use glibc's xattr support instead of requiring libattr. Fixes FTBFS with
+ latest glibc and libattr. Cherrypicked from trunk. Drop libattr1-dev build
+ dependency. (Closes: #756097)
+ * Build python3-systemd for Python 3 bindings. Drop python-systemd; it does
+ not have any reverse dependencies, and we want to encourage moving to
+ Python 3. (LP: #1258089)
+ * Add simple autopkgtest for python3-systemd.
+ * Add dbus dependency to libpam-systemd. (Closes: #755968)
+ * Fix /dev/cdrom symlink to appear for all types of drives, not just for
+ pure CD-ROM ones. Also, fix the symlinks to stay after change events.
+ (LP: #1323777)
+ * 75-persistent-net-generator.rules: Adjust Ravello interfaces; they don't
+ violate the assignment schema, they should just not be persistent.
+ Thanks to Boris Figovsky. (Closes: #747475, LP: #1317776)
+ * Reinstate patches to make logind D-BUS activatable.
+ * Re-add systemd-shim alternative dependency to libpam-systemd. Version it
+ to ensure cgmanager support. (Closes: #754984, LP: #1343802)
+ * Convert udev-finish.upstart from a task to a job, to avoid hangs with
+ startpar. (Closes: #756631)
+ * Add debian/extra/60-keyboard.hwdb: Latest keymaps from upstream git.
+ This makes it trivial to backport keymap fixes to stable releases.
+ (Closes: #657809; LP: #1322770, #1339998)
+ * udev.init: Create static device nodes, as this moved out of udevd.
+ Thanks to Michael Biebl for the script! (Closes: #749021)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 06 Aug 2014 13:33:22 +0200
+
+systemd (208-6) unstable; urgency=medium
+
+ [ Jon Severinsson ]
+ * Add v208-stable patch series.
+ - Update Debian patches to apply on top of v208-stable.
+ - Move new manpages to libsystemd-*-dev as appropriate.
+
+ [ Michael Biebl ]
+ * Upload to unstable.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 16 Jul 2014 00:44:15 +0200
+
+systemd (208-5) experimental; urgency=medium
+
+ * Merge changes from unstable branch.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 13:41:32 +0200
+
+systemd (208-4) experimental; urgency=medium
+
+ * Merge changes from unstable branch.
+ * Drop alternative dependency on systemd-shim in libpam-systemd. The
+ systemd-shim package no longer provides an environment to run
+ systemd-logind standalone. See #752939 for further details.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 01:22:11 +0200
+
+systemd (208-3) experimental; urgency=medium
+
+ * Merge changes from unstable branch.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 25 Jun 2014 11:29:07 +0200
+
+systemd (208-2) experimental; urgency=medium
+
+ [ Sjoerd Simons ]
+ * Don't stop a running user manager from garbage collecting the users. Fixes
+ long shutdown times when using a systemd user session
+
+ [ Michael Stapelberg ]
+ * Fix bug-script: “systemctl dump†is now “systemd-analyze dumpâ€
+ (Closes: #748311)
+
+ [ Michael Biebl ]
+ * Merge changes from unstable branch.
+ * Cherry-pick upstream fixes to make sd_session_get_vt() actually work.
+
+ -- Michael Biebl <biebl@debian.org> Tue, 24 Jun 2014 17:45:26 +0200
+
+systemd (208-1) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream release. (Closes: #729566)
+ * Update patches.
+ * Update symbols files for libsystemd-journal and libsystemd-login.
+ * Install new files and remove the ones we don't use.
+ * Install zsh completion files. (Closes: #717540)
+ * Create a compat symlink /etc/sysctl.d/99-sysctl.conf as systemd-sysctl no
+ longer reads /etc/sysctl.conf.
+ * Bump Build-Depends on kmod to (>= 14).
+ * Bump Build-Depends on libcryptsetup-dev to (>= 2:1.6.0) for tcrypt
+ support.
+ * Make kmod-static-nodes.service check for the kmod binary since we don't
+ want a hard dependency on kmod e.g. for container installations.
+ * Disable various features which aren't required for the udeb build.
+ * Move new sd_pid_get_slice and sd_session_get_vt man pages into
+ libsystemd-login-dev.
+ * Make no-patch-numbers the default for gbp-pq.
+ * Adjust systemd-user pam config file for Debian.
+ This pam config file is used by libpam-systemd/systemd-logind when
+ launching systemd user instances.
+ * Drop patches to make logind D-Bus activatable. The cgroup handling has
+ been reworked in v205 and logind no longer creates cgroup hierarchies on
+ its own. That means that the standalone logind is no longer functional
+ without support from systemd (or an equivalent cgroup manager).
+
+ [ Martin Pitt ]
+ * Explain patch management in debian/README.source.
+
+ -- Michael Biebl <biebl@debian.org> Mon, 28 Apr 2014 00:22:57 +0200
+
+systemd (204-14) unstable; urgency=medium
+
+ * Fix SIGABRT in insserv generator caused by incorrect usage of strcat().
+ (Closes: #752992)
+ * Mark -dev packages as Multi-Arch: same. (Closes: #720017)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 13:22:43 +0200
+
+systemd (204-13) unstable; urgency=medium
+
+ * Switch back to load the sg module via the kmod builtin. The problem was
+ not that the kmod builtin is faster then modprobe but rather the incorrect
+ usage of the "=" assignment operator. We need to use "+=" here, so the sg
+ module is loaded in addition to other scsi modules, which are loaded via
+ the modalias rule. Thanks to Tommaso Colombo for the analysis.
+ * Cherry-pick upstream fix which prevents systemd from entering an infinite
+ loop when trying to break an ordering cycle. (Closes: #752259)
+ * Update insserv generator to not create any drop-in files for services
+ where the corresponding SysV init script does not exist.
+ * Drop the check for /sys/kernel/uevent_helper from postinst and the SysV
+ init script and do not unconditionally overwrite it in the initramfs hook.
+ Since a long time now udev has been using the netlink interface to
+ communicate with the kernel and with Linux 3.16 it is possible to disable
+ CONFIG_UEVENT_HELPER completely. (Closes: #752742)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 00:01:16 +0200
+
+systemd (204-12) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Change the sg loading rule (for Debian #657948) back to using modprobe.
+ kmod is too fast and then sg races with sd, causing the latter to not see
+ SCSI disks. (Closes: #752591, #752605)
+
+ [ Michael Biebl ]
+ * Update udev bug-script to attach instead of paste extra info if a new
+ enough reportbug version is available.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 25 Jun 2014 10:55:12 +0200
+
+systemd (204-11) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Explain patch management in debian/README.source. (Closes: #739113)
+ * Replace "Always probe cpu support drivers" patch with cherry-picked
+ upstream fix which is more general.
+ * Advertise hibernation only if there's enough free swap. Patches backported
+ from current upstream. (LP: #1313522)
+ * Fix typo in sg loading rule to make it actually work.
+
+ [ Michael Biebl ]
+ * Make no-patch-numbers the default for gbp-pq.
+ * Cherry-pick upstream fix to properly handle multiline syslog messages.
+ (Closes: #746351)
+ * Cherry-pick upstream fix for libudev which fixes a memleak in
+ parent_add_child().
+ * Drop "-b debian" from Vcs-Git since we use the master branch for
+ packaging now.
+ * Drop Conflicts: sysvinit (<< 2.88dsf-44~) from systemd-sysv since this
+ breaks dist-upgrades from wheezy when switching from sysvinit to
+ systemd-sysv as default init. While downgrading the Pre-Depends in
+ sysvinit would have been an alternative, dropping the Conflicts and only
+ keeping the Replaces was deemed the lesser evil. (Closes: #748355)
+ * Use Conflicts instead of Breaks against sysvinit-core. This avoids
+ /sbin/init going missing when switching from systemd-sysv to sysvinit.
+ While at it, add a Replaces: upstart. (Closes: #751589)
+ * Make the SysV compat tools try both /run/initctl and /dev/initctl. This
+ makes them usable under sysvinit as PID 1 without requiring any symlinks.
+ * Various ifupdown integration fixes
+ - Use DefaultDependencies=no in ifup@.service so the service can be
+ started as early as possible.
+ - Create the ifupdown runtime directory in ifup@.service as we can no
+ longer rely on the networking service to do that for us.
+ - Don't stop ifup@.service on shutdown but let the networking service take
+ care of stopping all hotplugged interfaces.
+ - Only start ifup@.service for interfaces configured as allow-hotplug.
+
+ [ Michael Stapelberg ]
+ * Clarify that “systemd†does not influence init whereas “systemd-sysv†does
+ (Closes: #747741)
+
+ [ Ansgar Burchardt ]
+ * Don't use "set +e; set +u" unconditionally in the lsb init-functions hook
+ as this might change the behaviour of existing SysV init scripts.
+ (Closes: #751472)
+
+ -- Michael Biebl <biebl@debian.org> Tue, 24 Jun 2014 17:03:43 +0200
+
+systemd (204-10) unstable; urgency=medium
+
+ * In the udeb's udev.startup, make sure that /dev/pts exists.
+ * systemd-logind-launch: Set the #files ulimit, for unprivileged LXC
+ containers.
+ * Drop udev.NEWS, it only applies to pre-squeeze.
+ * Remove /var/log/udev on purge.
+ * Always probe cpu support drivers. (LP #1207705)
+ * On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC
+ for management. Name this interface "idrac" to avoid confusion with "real"
+ network interfaces.
+ * Drop numerical prefixes from patches, to avoid future diff noise when
+ removing, cherry-picking, and merging patches. From now on, always use
+ "gbp-pq export --no-patch-numbers" to update them.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 27 Apr 2014 11:53:52 +0200
+
+systemd (204-9) unstable; urgency=medium
+
+ * The "Flemish Beef and Beer Stew" release.
+
+ [ Steve Langasek ]
+ * Do proper refcounting of the PAM module package on prerm, so that we
+ don't drop the module from the PAM config when uninstalling a
+ foreign-arch package. Related to Ubuntu bug #1295521.
+
+ [ Martin Pitt ]
+ * debian/udev.udev-finish.upstart: Fix path to tmp-rules,
+ debian/extra/rule_generator.functions creates them in /run/udev/.
+ * rules: Remove the kernel-install bits; we don't want that in Debian and
+ thus it shouldn't appear in dh_install --list-missing output.
+ * Ship sd-shutdown.h in libsystemd-daemon-dev.
+ * Run dh_install with --fail-missing, to avoid forgetting files when we move
+ to new versions.
+ * Mount /dev/pts with the correct permissions in the udev, to avoid needing
+ pt_chown (not available on all architectures). Thanks Adam Conrad.
+ * Add new block of Windows Azure ethernet hardware address to
+ 75-persistent-net-generator.rules. (LP: #1274348, Closes: #739018)
+ * Drop our Debian specific 60-persistent-storage{,-tape}.rules and use the
+ upstream rules. They are compatible and do a superset of the
+ functionality. (Closes: #645466)
+ * Drop our Debian specific 80-drivers.rules and use the upstream rules with
+ a patch for the sg module (see #657948). These now stop calling modprobe
+ and use the kmod builtin, giving some nice boot speed improvement.
+ (Closes: #717404)
+ * Drop our Debian specific 50-udev-default.rules and 91-permissions.rules
+ and use the upstream rules with a patch for the remaining Debian specific
+ default device permissions. Many thanks to Marco d'Itri for researching
+ which Debian-specific rules are obsolete! Amongst other things, this now
+ also reads the hwdb info for USB devices (Closes: #717405) and gets rid of
+ some syntax errors (Closes: #706221)
+ * Set default polling interval on removable devices as well, for kernels
+ which have "block" built in instead of being a module. (Closes: #713877)
+ * Make sd_login_monitor_new() work for logind without systemd.
+ * Cherry-pick upstream fix for polkit permissions for rebooting with
+ multiple sessions.
+ * Kill /etc/udev/links.conf, create_static_nodes, and associated code. It's
+ obsolete with devtmpfs (which is required now), and doesn't run with
+ systemd or upstart anyway.
+ * Drop unnecessary udev.dirs.
+ * Add autopkgtests for smoke-testing logind, hostnamed, timedated, localed,
+ and a compile/link/run test against libsystemd-login-dev.
+
+ [ Marco d'Itri ]
+ * preinst: check for all the system calls required by modern releases
+ of udev. (Closes: #648325)
+ * Updated fbdev-blacklist.conf for recent kernels.
+ * Do not blacklist viafb because it is required on the OLPC XO-1.5.
+ (Closes: #705792)
+ * Remove write_cd_rules and the associated rules which create "persistent"
+ symlinks for CD/DVD devices and replace them with more rules in
+ 60-cdrom_id, which will create symlinks for one at random among the
+ devices installed. Since the common case is having a single device
+ then everything will work out just fine most of the times...
+ (Closes: #655924)
+ * Fix write_net_rules for systemd and sysvinit users by copying the
+ temporary rules from /run/udev/ to /etc/udev/. (Closes: #735563)
+ * Do not install sysctl.d/50-default.conf because the systemd package
+ should not change kernel policies, at least until it will become
+ the only supported init system.
+
+ [ Michael Stapelberg ]
+ * Add systemd-dbg package, thanks Daniel Schaal (Closes: #742724).
+ * Switch from gitpkg to git-buildpackage. Update README.source accordingly.
+ * Make libpam-systemd depend on systemd-sysv | systemd-shim. Packages that
+ need logind functionality should depend on libpam-systemd.
+
+ [ Michael Biebl ]
+ * Do not send potentially private fstab information without prior user
+ confirmation. (Closes: #743158)
+ * Add support for LSB facilities defined by insserv.
+ Parse /etc/insserv.conf.d content and /etc/insserv.conf and generate
+ systemd unit drop-in files to add corresponding dependencies. Also ship
+ targets for the Debian specific $x-display-manager and
+ $mail-transport-agent system facilities. (Closes: #690892)
+ * Do not accidentally re-enable /var/tmp cleaning when migrating the TMPTIME
+ setting from /etc/default/rcS. Fix up existing broken configurations.
+ (Closes: #738862)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 26 Apr 2014 21:37:29 +0200
+
+systemd (204-8) unstable; urgency=low
+
+ [ Michael Stapelberg ]
+ * move manpages from systemd to libsystemd-*-dev as appropriate
+ (Closes: #738723)
+ * fix systemctl enable/disable/… error message “Failed to issue method call:
+ No such file or directory†(the previous upload did actually not contain
+ this fix due to a merge conflict) (Closes: #738843)
+ * add explicit “Depends: sysv-rc†so that initscript’s “Depends: sysv-rc |
+ file-rc†will not be satisfied with file-rc. We need the invoke-rc.d and
+ update-rc.d from sysv-rc, file-rc’s doesn’t have support for systemd.
+ (Closes: #739679)
+ * set capabilities cap_dac_override,cap_sys_ptrace=ep for
+ systemd-detect-virt, so that it works for unprivileged users.
+ (Closes: #739699)
+ * pam: Check $XDG_RUNTIME_DIR owner (Closes: #731300)
+ * Ignore chkconfig headers entirely, they are often broken in Debian
+ (Closes: #634472)
+
+ [ Michael Biebl ]
+ * do a one-time migration of RAMTMP= from /etc/default/rcS and
+ /etc/default/tmpfs, i.e. enable tmp.mount (Closes: #738687)
+ * Bump Standards-Version to 3.9.5.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 19 Mar 2014 18:57:35 +0100
+
+systemd (204-7) unstable; urgency=low
+
+ * fix systemctl enable/disable/… error message “Failed to issue method call:
+ No such file or directory†(Closes: #734809)
+ * bug-script: attach instead of paste extra info with reportbug ≥ 6.5.0
+ (Closes: #722530)
+ * add stage1 bootstrap support to avoid Build-Depends cycles (Thanks Daniel
+ Schepler)
+ * cherry-pick:
+ order remote mounts from mountinfo before remote-fs.target (77009452cfd)
+ (Closes: #719945)
+ Fix CPUShares configuration option (ccd90a976dba) (Closes: #737156)
+ fix reference in systemd-inhibit(1) (07b4b9b) (Closes: #738316)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 11 Feb 2014 23:34:42 +0100
+
+systemd (204-6) unstable; urgency=low
+
+ [ Michael Stapelberg ]
+ * Run update-rc.d defaults before update-rc.d <enable|disable>
+ (Closes: #722523)
+ * preinst: preserve var-{lock,run}.mount when upgrading from 44 to 204
+ (Closes: #723936)
+ * fstab-generator: don’t rely on /usr being mounted in the initrd
+ (Closes: #724797)
+ * systemctl: mangle names when avoiding dbus (Closes: #723855)
+ * allow group adm read access on /var/log/journal (Closes: #717386)
+ * add systemd-journal group (Thanks Guido Günther) (Closes: #724668)
+ * copy /etc/localtime instead of symlinking (Closes: #726256)
+ * don’t try to start autovt units when not running with systemd as pid 1
+ (Closes: #726466)
+ * Add breaks/replaces for the new sysvinit-core package (Thanks Alf Gaida)
+ (Closes: #733240)
+ * Add myself to uploaders
+
+ [ Tollef Fog Heen ]
+ * Make 99-systemd.rules check for /run/systemd/systemd instead of the
+ ill-named cgroups directory.
+
+ [ Martin Pitt ]
+ * debian/udev.upstart: Fix path to udevd, the /sbin/udevd compat symlink
+ should go away at some point.
+ * debian/udev-udeb.install: Add 64-btrfs.rules and 75-probe_mtd.rules, they
+ are potentially useful in a d-i environment.
+ * debian/shlibs.local: Drop libudev; this unnecessarily generates overly
+ strict dependencies, the libudev ABI is stable.
+ * debian/extra/rules/75-persistent-net-generator.rules: Add Ravello systems
+ (LP: #1099278)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 31 Dec 2013 14:39:44 +0100
+
+systemd (204-5) unstable; urgency=high
+
+ * Cherry-pick 72fd713 from upstream which fixes insecure calling of polkit
+ by avoiding a race condition in scraping /proc (CVE-2013-4327).
+ Closes: #723713
+
+ -- Michael Biebl <biebl@debian.org> Mon, 23 Sep 2013 11:59:53 +0200
+
+systemd (204-4) unstable; urgency=low
+
+ * Add preinst check to abort udev upgrade if the currently running kernel
+ lacks devtmpfs support. Since udev 176, devtmpfs is mandatory as udev no
+ longer creates any device nodes itself. This only affects self-compiled
+ kernels which now need CONFIG_DEVTMPFS=y. Closes: #722580
+ * Fix SysV init script to correctly mount a devtmpfs instead of tmpfs. This
+ only affects users without an initramfs, which usually is responsible for
+ mounting the devtmpfs. Closes: #722604
+ * Drop pre-squeeze upgrade code from maintainer scripts and simplify the
+ various upgrade checks.
+ * Suppress errors about unknown hwdb builtin. udev 196 introduced a new
+ "hwdb" builtin which is not understood by the old udev daemon.
+ * Add missing udeb line to shlibs.local. This ensures that udev-udeb gets a
+ proper dependency on libudev1-udeb and not libudev1. Closes: #722939
+ * Remove udev-udeb dependency from libudev1-udeb to avoid a circular
+ dependency between the two packages. This dependency was copied over from
+ the old udev-gtk-udeb package and no longer makes any sense since
+ libudev1-udeb only contains a library nowadays.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 18 Sep 2013 00:05:21 +0200
+
+systemd (204-3) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * Upload to unstable.
+ * Use /bin/bash in debug-shell.service as Debian doesn't have /sbin/sushell.
+ * Only import net.ifaces cmdline property for network devices.
+ * Generate strict dependencies between the binary packages using a
+ shlibs.local file and add an explicit versioned dependency on
+ libsystemd-login0 to systemd to ensure packages are upgraded in sync.
+ Closes: #719444
+ * Drop obsolete Replaces: libudev0 from udev package.
+ * Use correct paths for various binaries, like /sbin/quotaon, which are
+ installed in / and not /usr in Debian. Closes: #721347
+ * Don't install kernel-install(8) man page since we don't install the
+ corresponding binary either. Closes: #722180
+ * Cherry-pick upstream fixes to make switching runlevels and starting
+ reboot via ctrl-alt-del more robust.
+ * Cherry-pick upstream fix to properly apply ACLs to Journal files.
+ Closes: #717863
+
+ [ Michael Stapelberg ]
+ * Make systemctl enable|disable call update-rc.d for SysV init scripts.
+ Closes: #709780
+ * Don't mount /tmp as tmpfs by default and make it possible to enable this
+ feature via "systemctl enable tmp.mount". Closes: #718906
+
+ [ Daniel Schaal ]
+ * Add bug-script to systemd and udev. Closes: #711245
+
+ [ Ondrej Balaz ]
+ * Recognize discard option in /etc/crypttab. Closes: #719167
+
+ -- Michael Biebl <biebl@debian.org> Thu, 12 Sep 2013 00:13:11 +0200
+
+systemd (204-2) experimental; urgency=low
+
+ [ Daniel Schaal ]
+ * Enable verbose build logs. Closes: #717465
+ * Add handling of Message Catalog files to provide additional information
+ for log entries. Closes: #717427
+ * Remove leftover symlink to debian-enable-units.service. Closes: #717349
+
+ [ Michael Stapelberg ]
+ * Install 50-firmware.rules in the initramfs and udeb. Closes: #717635
+
+ [ Michael Biebl ]
+ * Don't pass static start priorities to dh_installinit anymore.
+ * Switch the hwdb trigger to interest-noawait.
+ * Remove obsolete support for configurable udev root from initramfs.
+ * Bind ifup@.service to the network device. This ensures that ifdown is run
+ when the device is removed and the service is stopped.
+ Closes: #660861, #703033
+ * Bump Standards-Version to 3.9.4. No further changes.
+ * Add Breaks against consolekit (<< 0.4.6-1) for udev-acl. Closes: #717385
+ * Make all packages Priority: optional, with the exception of udev and
+ libudev1, which remain Priority: important, and systemd-sysv, which
+ remains Priority: extra due to the conflict with sysvinit.
+ Closes: #717365
+ * Restart systemd-logind.service on upgrades due to changes in the
+ CreateSession D-Bus API between v44 and v204. Closes: #717403
+
+ -- Michael Biebl <biebl@debian.org> Wed, 24 Jul 2013 23:47:59 +0200
+
+systemd (204-1) experimental; urgency=low
+
+ * New upstream release. Closes: #675175, #675177
+ - In v183 the udev sources have been merged into the systemd source tree.
+ As a result, the udev binary packages will now be built from the systemd
+ source package. To align the version numbers 139 releases were skipped.
+ - For a complete list of changes, please refer to the NEWS file.
+ * Add Marco to Uploaders.
+ * Drop Suggests on the various python packages from systemd. The
+ systemd-analyze tool has been reimplemented in C.
+ * Add binary packages as found in the udev 175-7.2 source package.
+ * Wrap dependencies for better readability.
+ * Drop hard-coded Depends on libglib2.0-0 from gir1.2-gudev-1.0.
+ * Drop old Conflicts, Replaces and Breaks, which are no longer necessary.
+ * Make libgudev-1.0-dev depend on gir1.2-gudev-1.0 as per GObject
+ introspection mini-policy. Closes: #691313
+ * The hwdb builtin has replaced pci-db and usb-db in udev. Drop the
+ Recommends on pciutils and usbutils accordingly.
+ * Drop our faketime hack. Upstream uses a custom xsl style sheet now to
+ generate the man pages which no longer embeds the build date.
+ * Add Depends on libpam-runtime (>= 1.0.1-6) to libpam-systemd as we are
+ using pam-auth-update.
+ * Explicitly set Section and Priority for the udev binary package.
+ * Update Build-Depends:
+ - Drop libudev-dev, no longer required.
+ - Add gtk-doc-tools and libglib2.0-doc for the API documentation in
+ libudev and libgudev.
+ - Add libgirepository1.0-dev and gobject-introspection for GObject
+ introspection support in libgudev.
+ - Add libgcrypt11-dev for encryption support in the journal.
+ - Add libblkid-dev for the blkid udev builtin.
+ * Use gir dh addon to ensure ${gir:Depends} is properly set.
+ * Rename libudev0 → libudev1 for the SONAME bump.
+ * Update symbols files. libudev now uses symbols versioning as the other
+ libsystemd libraries. The libgudev-1.0-0 symbols file has been copied from
+ the old udev package.
+ * Run gtkdocize on autoreconf.
+ * Enable python bindings for the systemd libraries and ship them in a new
+ package named python-systemd.
+ * Tighten Depends on libsystemd-id128-dev for libsystemd-journal-dev as per
+ libsystemd-journal.pc.
+ * Remove obsolete bash-completion scripts on upgrades. Nowadays they are
+ installed in /usr/share/bash-completion/completions.
+ * Rename conffiles for logind and journald.
+ * Rename udev-gtk-udeb → libudev1-udeb to better reflect its actual contents.
+ * Build two flavours: a regular build and one for the udev udebs with
+ reduced features/dependencies.
+ * Create a few compat symlinks for the udev package, most notably
+ /sbin/udevadm and /sbin/udevd.
+ * Remove the dpkg-triggered debian-enable-units script. This was a temporary
+ workaround for wheezy. Packages should use dh-systemd now to properly
+ integrate service files with systemd.
+ * Update debian/copyright using the machine-readable copyright format 1.0.
+ * Integrate changes from udev 175-7 and acknowledge the 175-7.1 and 175-7.2
+ non-maintainer uploads.
+ * Keep the old persistent network interface naming scheme for now and make
+ the new one opt-in via net.ifnames=1 on the kernel command line.
+ * Drop the obsolete udev-mtab SysV init script and properly clean up on
+ upgrades.
+ * Simplify the udev SysV init script and remove experimental and obsolete
+ features.
+ * Revert upstream commits which dropped support for distro specific
+ features and config files.
+ * Make logind, hostnamed, localed and timedated D-Bus activatable and
+ usable when systemd is not running.
+ * Store hwdb binary database in /lib/udev, not /etc/udev. Create the file on
+ install and upgrades.
+ * Provide a dpkg file trigger for hwdb, so the database is automatically
+ updated when packages install files into /lib/udev/hwdb.d.
+
+ -- Michael Biebl <biebl@debian.org> Fri, 19 Jul 2013 00:32:36 +0200
+
+systemd (44-12) unstable; urgency=low
+
+ * Cherry-pick e17187 from upstream to fix build failures with newer glibc
+ where the clock_* symbols have been moved from librt to libc.
+ Closes: #701364
+ * If the new init-system-helpers package is installed, make the
+ debian-enable-units script a no-op. The auto-enabler was meant as a
+ temporary workaround and will be removed once all packages use the new
+ helper.
+ * Update the checks which test if systemd is the active init. The
+ recommended check is [ -d /run/systemd/system ] as this will also work
+ with a standalone systemd-logind.
+ * Set Maintainer to pkg-systemd-maintainers@lists.alioth.debian.org. Add
+ Tollef and myself as Uploaders.
+ * Stop building the GUI bits. They have been split into a separate source
+ package called systemd-ui.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 20 Jun 2013 01:32:16 +0200
+
+systemd (44-11) unstable; urgency=low
+
+ * Team upload.
+ * Run debian-enable-units.service after sysinit.target to ensure our tmp
+ files aren't nuked by systemd-tmpfiles.
+ * The mountoverflowtmp SysV init script no longer exists so remove that
+ from remount-rootfs.service to avoid an unnecessary diff to upstream.
+ * Do not fail on purge if /var/lib/systemd is empty and has been removed
+ by dpkg.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 13 Mar 2013 08:03:06 +0100
+
+systemd (44-10) unstable; urgency=low
+
+ * Team upload.
+ * Using the return code of "systemctl is-enabled" to determine whether we
+ enable a service or not is unreliable since it also returns a non-zero
+ exit code for masked services. As we don't want to enable masked services,
+ grep for the string "disabled" instead.
+
+ -- Michael Biebl <biebl@debian.org> Fri, 15 Feb 2013 17:01:24 +0100
+
+systemd (44-9) unstable; urgency=low
+
+ * Team upload.
+ * Fix typo in systemd.socket man page. Closes: #700038
+ * Use color specification in "systemctl dot" which is actually
+ understood by dot. Closes: #643689
+ * Fix mounting of remote filesystems like NFS. Closes: #673309
+ * Use a file trigger to automatically enable service and socket units. A lot
+ of packages simply install systemd units but do not enable them. As a
+ result they will be inactive after the next boot. This is a workaround for
+ wheezy which will be removed again in jessie. Closes: #692150
+
+ -- Michael Biebl <biebl@debian.org> Fri, 15 Feb 2013 13:35:39 +0100
+
+systemd (44-8) unstable; urgency=low
+
+ * Team upload.
+ * Use comment=systemd.* syntax in systemd.mount man page. The
+ mount/util-linux version in wheezy is not recent enough to support the new
+ x-systemd* syntax. Closes: #697141
+ * Don't enable persistent storage of journal log files. The journal in v44
+ is not yet mature enough.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 19 Jan 2013 20:05:05 +0100
+
+systemd (44-7) unstable; urgency=low
+
+ * Fix a regression in the init-functions hook wrt reload handling that was
+ introduced when dropping the X-Interactive hack. Closes: #696355
+
+ -- Michael Biebl <biebl@debian.org> Fri, 21 Dec 2012 00:00:12 +0100
+
+systemd (44-6) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * No longer ship the /sys directory in the systemd package since it is
+ provided by base-files nowadays.
+ * Don't run udev rules if systemd is not active.
+ * Converting /var/run, /var/lock and /etc/mtab to symlinks is a one-time
+ migration so don't run the debian-fixup script on every boot.
+
+ [ Tollef Fog Heen ]
+ * Prevent the systemd package from being removed if it's the active init
+ system, since that doesn't work.
+
+ [ Michael Biebl ]
+ * Use a separate tmpfs for /run/lock (size 5M) and /run/user (size 100M).
+ Those directories are user-writable which could lead to DoS by filling up
+ /run. Closes: #635131
+
+ -- Michael Biebl <biebl@debian.org> Sun, 16 Dec 2012 21:58:37 +0100
+
+systemd (44-5) unstable; urgency=low
+
+ * Team upload.
+
+ [ Tollef Fog Heen ]
+ * disable killing on entering START_PRE, START, thanks to Michael
+ Stapelberg for patch. This avoids killing VMs run through libvirt
+ when restarting libvirtd. Closes: #688635.
+ * Avoid reloading services when shutting down, since that won't work and
+ makes no sense. Thanks to Michael Stapelberg for the patch.
+ Closes: #635777.
+ * Try to determine which init scripts support the reload action
+ heuristically. Closes: #686115, #650382.
+
+ [ Michael Biebl ]
+ * Update Vcs-* fields, the Git repository is hosted on alioth now. Set the
+ default branch to "debian".
+ * Avoid reload and (re)start requests during early boot which can lead to
+ deadlocks. Closes: #624599
+ * Make systemd-cgroup work even if not all cgroup mounts are available on
+ startup. Closes: #690916
+ * Fix typos in the systemd.path and systemd.unit man page. Closes: #668344
+ * Add watch file to track new upstream releases.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 25 Oct 2012 21:41:23 +0200
+
+systemd (44-4) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * Override timestamp for man page building, thereby avoiding skew
+ between architectures which caused problems for multi-arch.
+ Closes: #680011
+
+ [ Tollef Fog Heen ]
+ * Move diversion removal from postinst to preinst. Closes: #679728
+ * Prevent the journal from crashing when running out of disk space.
+ This is 499fb21 from upstream. Closes: #668047.
+ * Stop mounting a tmpfs on /media. Closes: #665943
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sun, 01 Jul 2012 08:17:50 +0200
+
+systemd (44-3) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * Bump to debhelper 9.
+ * Convert to Multi-Arch: same where possible. Closes: #676615
+
+ [ Tollef Fog Heen ]
+ * Cherry-pick d384c7 from upstream to stop journald from leaking
+ memory. Thanks to Andreas Henriksson for testing. Closes: #677701
+ * Ship lsb init script override/integration in /lib/lsb/init-functions.d
+ rather than diverting /lib/lsb/init-functions itself. Add appropriate
+ Breaks to ensure upgrades happen.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Fri, 29 Jun 2012 22:34:16 +0200
+
+systemd (44-2) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * Tighten the versions in the maintscript file
+ * Ship the /sys directory in the package
+ * Re-add workaround for non-interactive PAM sessions
+ * Mask checkroot-bootclean (Closes: #670591)
+ * Don't ignore errores in systemd-sysv postinst
+
+ [ Tollef Fog Heen ]
+ * Bring tmpfiles.d/tmp.conf in line with Debian defaults. Closes: #675422
+ * Make sure /run/sensigs.omit.d exists.
+ * Add python-dbus and python-cairo to Suggests, for systemd-analyze.
+ Closes: #672965
+
+ -- Tollef Fog Heen <tfheen@debian.org> Tue, 08 May 2012 18:04:22 +0200
+
+systemd (44-1) unstable; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream version.
+ - Backport 3492207: journal: PAGE_SIZE is not known on ppc and other
+ archs
+ - Backport 5a2a2a1: journal: react with immediate rotation to a couple
+ of more errors
+ - Backport 693ce21: util: never follow symlinks in rm_rf_children()
+ Fixes CVE-2012-1174, closes: #664364
+ * Drop output message from init-functions hook, it's pointless.
+ * Only rmdir /lib/init/rw if it exists.
+ * Explicitly order debian-fixup before sysinit.target to prevent a
+ possible race condition with the creation of sockets. Thanks to
+ Michael Biebl for debugging this.
+ * Always restart the initctl socket on upgrades, to mask sysvinit
+ removing it.
+
+ [ Michael Biebl ]
+ * Remove workaround for non-interactive sessions from pam config again.
+ * Create compat /dev/initctl symlink in case we are upgrading from a system
+ running a newer version of sysvinit (using /run/initctl) and sysvinit is
+ replaced with systemd-sysv during the upgrade. Closes: #663219
+ * Install new man pages.
+ * Build-Depend on valac (>= 0.12) instead of valac-0.12. Closes: #663323
+
+ -- Tollef Fog Heen <tfheen@debian.org> Tue, 03 Apr 2012 19:59:17 +0200
+
+systemd (43-1) experimental; urgency=low
+
+ [ Tollef Fog Heen ]
+ * Target upload at experimental due to libkmod dependency
+ * New upstream release
+ - Update bash-completion for new verbs and arguments. Closes: #650739
+ - Fixes local DoS (CVE-2012-1101). Closes: #662029
+ - No longer complains if the kernel lacks audit support. Closes: #642503
+ * Fix up git-to-source package conversion script which makes gitpkg
+ happier.
+ * Add libkmod-dev to build-depends
+ * Add symlink from /bin/systemd to /lib/systemd/systemd.
+ * Add --with-distro=debian to configure flags, due to no /etc/os-release
+ yet.
+ * Add new symbols for libsystemd-login0 to symbols file.
+ * Install a tmpfiles.d file for the /dev/initctl → /run/initctl
+ migration. Closes: #657979
+ * Disable coredump handling, it's not ready yet.
+ * If /run is a symlink, don't try to do the /var/run → /run migration.
+ Ditto for /var/lock → /run/lock. Closes: #647495
+
+ [ Michael Biebl ]
+ * Add Build-Depends on liblzma-dev for journal log compression.
+ * Add Build-Depends on libgee-dev, required to build systemadm.
+ * Bump Standards-Version to 3.9.2. No further changes.
+ * Add versioned Build-Depends on automake and autoconf to ensure we have
+ recent enough versions. Closes: #657284
+ * Add packages for libsystemd-journal and libsystemd-id128.
+ * Update symbols file for libsystemd-login.
+ * Update configure flags, use rootprefix instead of rootdir.
+ * Copy intltool files instead of symlinking them.
+ * Re-indent init-functions script.
+ * Remove workarounds for services using X-Interactive. The LSB X-Interactive
+ support turned out to be broken and has been removed upstream so we no
+ longer need any special handling for those type of services.
+ * Install new systemd-journalctl, systemd-cat and systemd-cgtop binaries.
+ * Install /var/lib/systemd directory.
+ * Install /var/log/journal directory where the journal files are stored
+ persistently.
+ * Setup systemd-journald to not read from /proc/kmsg (ImportKernel=no).
+ * Avoid error messages from systemctl in postinst if systemd is not running
+ by checking for /sys/fs/cgroup/systemd before executing systemctl.
+ Closes: #642749
+ * Stop installing lib-init-rw (auto)mount units and try to cleanup
+ /lib/init/rw in postinst. Bump dependency on initscripts accordingly.
+ Closes: #643699
+ * Disable pam_systemd for non-interactive sessions to work around an issue
+ with sudo.
+ * Use new dh_installdeb maintscript facility to handle obsolete conffiles.
+ Bump Build-Depends on debhelper accordingly.
+ * Rename bash completion file systemctl-bash-completion.sh →
+ systemd-bash-completion.sh.
+ * Update /sbin/init symlink. The systemd binary was moved to $pkglibdir.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Tue, 07 Feb 2012 21:36:34 +0100
+
+systemd (37-1.1) unstable; urgency=low
+
+ * Non-maintainer upload with Tollef's consent.
+ * Remove --parallel to workaround a bug in automake 1.11.3 which doesn't
+ generate parallel-safe build rules. Closes: #661842
+ * Create a compat symlink /run/initctl → /dev/initctl to work with newer
+ versions of sysvinit. Closes: #657979
+
+ -- Michael Biebl <biebl@debian.org> Sat, 03 Mar 2012 17:42:10 +0100
+
+systemd (37-1) unstable; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream version
+ * Change the type of the debian-fixup service to oneshot.
+ Closes: #642961
+ * Add ConditionPathIsDirectory to lib-init-rw.automount and
+ lib-init-rw.mount so we only activate the unit if the directory
+ exists. Closes: #633059
+ * If a sysv service exists in both rcS and rcN.d runlevels, drop the
+ rcN.d ones to avoid loops. Closes: #637037
+ * Blacklist fuse init script, we do the same work already internally.
+ Closes: #643700
+ * Update README.Debian slightly for /run rather than /lib/init/rw
+
+ [ Josh Triplett ]
+ * Do a one-time migration of the $TMPTIME setting from /etc/default/rcS to
+ /etc/tmpfiles.d/tmp.conf. If /etc/default/rcS has a TMPTIME setting of
+ "infinite" or equivalent, migrate it to an /etc/tmpfiles.d/tmp.conf that
+ overrides the default /usr/lib/tmpfiles.d/tmp.conf and avoids clearing
+ /tmp. Closes: #643698
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 28 Sep 2011 20:04:13 +0200
+
+systemd (36-1) unstable; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream release. Closes: #634618
+ - Various man page fixes. Closes: #623521
+ * Add debian-fixup service that symlinks mtab to /proc/mounts and
+ migrates /var/run and /var/lock to symlinks to /run
+
+ [ Michael Biebl ]
+ * Build for libnotify 0.7.
+ * Bump Build-Depends on libudev to (>= 172).
+ * Add Build-Depends on libacl1-dev. Required for building systemd-logind
+ with ACL support.
+ * Split libsystemd-login and libsystemd-daemon into separate binary
+ packages.
+ * As autoreconf doesn't like intltool, override dh_autoreconf and call
+ intltoolize and autoreconf ourselves.
+ * Add Build-Depends on intltool.
+ * Do a one-time migration of the hwclock configuration. If UTC is set to
+ "no" in /etc/default/rcS, create /etc/adjtime and add the "LOCAL" setting.
+ * Remove /cgroup cleanup code from postinst.
+ * Add Build-Depends on gperf.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 14 Sep 2011 08:25:17 +0200
+
+systemd (29-1) unstable; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream version, Closes: #630510
+ - Includes typo fixes in documentation. Closes: #623520
+ * Fall back to the init script reload function if a native .service file
+ doesn't know how to reload. Closes: #628186
+ * Add hard dependency on udev. Closes: #627921
+
+ [ Michael Biebl ]
+ * hwclock-load.service is no longer installed, so we don't need to remove it
+ anymore in debian/rules.
+ * Install /usr/lib directory for binfmt.d, modules-load.d, tmpfiles.d and
+ sysctl.d.
+ * Remove obsolete conffiles from /etc/tmpfiles.d on upgrades. Those files
+ are installed in /usr/lib/tmpfiles.d now.
+ * Depend on util-linux (>= 2.19.1-2) which provides whole-disk locking
+ support in fsck and remove our revert patch.
+ * Don't choke when systemd was compiled with a different CAP_LAST_CAP then
+ what it is run with. Patch cherry-picked from upstream Git.
+ Closes: #628081
+ * Enable dev-hugepages.automount and dev-mqueue.automount only when enabled
+ in kernel. Patch cherry-picked from upstream Git. Closes: #624522
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 08 Jun 2011 16:14:31 +0200
+
+systemd (25-2) experimental; urgency=low
+
+ * Handle downgrades more gracefully by removing diversion of
+ /lib/lsb/init-functions on downgrades to << 25-1.
+ * Cherry-pick a133bf10d09f788079b82f63faa7058a27ba310b from upstream,
+ avoids assert when dumping properties. Closes: #624094
+ * Remove "local" in non-function context in init-functions wrapper.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 27 Apr 2011 22:20:04 +0200
+
+systemd (25-1) experimental; urgency=low
+
+ * New upstream release, target experimental due to initscripts
+ dependency.
+ - Fixes where to look for locale config. Closes: #619166
+ * Depend on initscripts >= 2.88dsf-13.4 for /run transition.
+ * Add Conflicts on klogd, since it doesn't work correctly with the
+ kmg→/dev/log bridge. Closes: #622555
+ * Add suggests on Python for systemd-analyze.
+ * Divert /lib/lsb/init-functions instead of (ab)using
+ /etc/lsb-base-logging.sh for diverting calls to /etc/init.d/*
+ * Remove obsolete conffile /etc/lsb-base-logging.sh. Closes: #619093
+ * Backport 3a90ae048233021833ae828c1fc6bf0eeab46197 from master:
+ mkdir /run/systemd/system when starting up
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sun, 24 Apr 2011 09:02:04 +0200
+
+systemd (20-1) unstable; urgency=low
+
+ * New upstream version
+ * Install systemd-machine-id-setup
+ * Call systemd-machine-id-setup in postinst
+ * Cherry-pick b8a021c9e276adc9bed5ebfa39c3cab0077113c6 from upstream to
+ prevent dbus assert error.
+ * Enable TCP wrapper support. Closes: #618409
+ * Enable SELinux support. Closes: #618412
+ * Make getty start after Apache2 and OpenVPN (which are the only two
+ known users of X-Interactive: yes). Closes: #618419
+
+ -- Tollef Fog Heen <tfheen@debian.org> Fri, 11 Mar 2011 19:14:21 +0100
+
+systemd (19-1) experimental; urgency=low
+
+ * New upstream release
+ * Add systemd-tmpfiles to systemd package.
+ * Add ifup@.service for handling hotplugged interfaces from
+ udev. Closes: #610871
+ * Mask mtab.service and udev-mtab.service as they are pointless when
+ /etc/mtab is a symlink to /proc/mounts
+ * Add breaks on lvm2 (<< 2.02.84-1) since older versions have udev rules
+ that don't work well with systemd causing delays on bootup.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Thu, 17 Feb 2011 07:36:22 +0100
+
+systemd (17-1) experimental; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream release
+ * Clarify ifupdown instructions in README.Debian somewhat.
+ Closes: #613320
+ * Silently skip masked services in lsb-base-logging.sh instead of
+ failing. Initial implementation by Michael Biebl. Closes: #612551
+ * Disable systemd-vconsole-setup.service for now.
+
+ [ Michael Biebl ]
+ * Bump build dependency on valac-0.10 to (>= 0.10.3).
+ * Improve regex in lsb-base-logging.sh for X-Interactive scripts.
+ Closes: #613325
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 16 Feb 2011 21:06:16 +0100
+
+systemd (16-1) experimental; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream release. Closes: #609611
+ * Get rid of now obsolete patches that are upstream.
+ * Use the built-in cryptsetup support in systemd, build-depend on
+ libcryptsetup-dev (>= 2:1.2.0-1) to get a libcryptsetup in /lib.
+ * Don't use systemctl redirect for init scripts with X-Interactive: true
+
+ [ Michael Biebl ]
+ * Update package description
+ * Use v8 debhelper syntax
+ * Make single-user mode work
+ * Run hwclock-save.service on shutdown
+ * Remove dependencies on legacy sysv mount scripts, as we use native
+ mounting.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sun, 16 Jan 2011 11:04:13 +0100
+
+systemd (15-1) UNRELEASED; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream version, thanks a lot to Michael Biebl for help with
+ preparing this version.
+ - This version handles cycle breaking better. Closes: #609225
+ * Add libaudit-dev to build-depends
+ * /usr/share/systemd/session has been renamed to /usr/share/systemd/user
+ upstream, adjust build system accordingly.
+ * Remove -s from getty serial console invocation.
+ * Add dependency on new util-linux to make sure /sbin/agetty exists
+ * Don't mount /var/lock with gid=lock (Debian has no such group).
+ * Document problem with ifupdown's /etc/network/run being a normal
+ directory.
+
+ [ Michael Biebl ]
+ * Revert upstream change which requires libnotify 0.7 (not yet available in
+ Debian).
+ * Use dh-autoreconf for updating the build system.
+ * Revert upstream commit which uses fsck -l (needs a newer version of
+ util-linux).
+ * Explicitly disable cryptsetup support to not accidentally pick up a
+ libcryptsetup dependency in a tainted build environment, as the library
+ is currently installed in /usr/lib.
+ * Remove autogenerated man pages and vala C sources, so they are rebuilt.
+ * Use native systemd mount support:
+ - Use MountAuto=yes and SwapAuto=yes (default) in system.conf
+ - Mask SysV init mount, check and cleanup scripts.
+ - Create an alias (symlink) for checkroot (→ remount-rootfs.service) as
+ synchronization point for SysV init scripts.
+ * Mask x11-common, rmnologin, hostname, bootmisc and bootlogd.
+ * Create an alias for procps (→ systemd-sysctl.service) and
+ urandom (→ systemd-random-seed-load.service).
+ * Create an alias for module-init-tools (→ systemd-modules-load.service) and
+ a symlink from /etc/modules-load.d/modules.conf → /etc/modules.
+ * Install lsb-base hook which redirects calls to SysV init scripts to
+ systemctl: /etc/init.d/<foo> <action> → systemctl <action> <foo.service>
+ * Install a (auto)mount unit to mount /lib/init/rw early during boot.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sat, 20 Nov 2010 09:28:01 +0100
+
+systemd (11-2) UNRELEASED; urgency=low
+
+ * Tighten depends from systemd-* on systemd to ensure they're upgraded
+ in lockstep. Thanks to Michael Biebl for the patch.
+ * Add missing #DEBHELPER# token to libpam-systemd
+ * Stop messing with runlevel5/multi-user.target symlink, this is handled
+ correctly upstream.
+ * Stop shipping /cgroup in the package.
+ * Remove tmpwatch services, Debian doesn't have or use tmpwatch.
+ * Make sure to enable GTK bits.
+ * Ship password agent
+ * Clean up cgroups properly on upgrades, thanks to Michael Biebl for the
+ patch. Closes: #599577
+
+ -- Tollef Fog Heen <tfheen@debian.org> Tue, 02 Nov 2010 21:47:10 +0100
+
+systemd (11-1) experimental; urgency=low
+
+ * New upstream version. Closes: #597284
+ * Add pam-auth-update calls to libpam-systemd's postinst and prerm
+ * Make systemd-sysv depend on systemd
+ * Now mounts the cgroup fs in /sys/fs/cgroup. Closes: #595966
+ * Add libnotify-dev to build-depends (needed for systemadm)
+
+ -- Tollef Fog Heen <tfheen@debian.org> Thu, 07 Oct 2010 22:01:19 +0200
+
+systemd (8-2) experimental; urgency=low
+
+ * Hardcode udev rules dir in configure call.
+ * Remove README.source as it's no longer accurate.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Mon, 30 Aug 2010 21:10:26 +0200
+
+systemd (8-1) experimental; urgency=low
+
+ * New upstream release
+ * Only ship the top /cgroup
+ * Pass --with-rootdir= to configure, to make it think / is / rather
+ than //
+ * Add PAM module package
+ * Fix up dependencies in local-fs.target. Closes: #594420
+ * Move systemadm to its own package. Closes: #588451
+ * Update standards-version (no changes needed)
+ * Update README.Debian to explain how to use systemd.
+ * Add systemd-sysv package that provides /sbin/init and friends.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sat, 07 Aug 2010 07:31:38 +0200
+
+systemd (0~git+20100605+dfd8ee-1) experimental; urgency=low
+
+ * Initial release, upload to experimental. Closes: #580814
+
+ -- Tollef Fog Heen <tfheen@debian.org> Fri, 30 Apr 2010 21:02:25 +0200
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 00000000..f599e28b
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+10
diff --git a/debian/control b/debian/control
new file mode 100644
index 00000000..f6930a26
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,396 @@
+Source: systemd
+Section: admin
+Priority: optional
+Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
+Uploaders: Michael Biebl <biebl@debian.org>,
+ Marco d'Itri <md@linux.it>,
+ Sjoerd Simons <sjoerd@debian.org>,
+ Martin Pitt <mpitt@debian.org>,
+ Felipe Sateler <fsateler@debian.org>
+Standards-Version: 4.2.1
+Rules-Requires-Root: no
+Vcs-Git: https://salsa.debian.org/systemd-team/systemd.git
+Vcs-Browser: https://salsa.debian.org/systemd-team/systemd
+Homepage: https://www.freedesktop.org/wiki/Software/systemd
+Build-Depends: debhelper (>= 10.4~),
+ pkg-config,
+ xsltproc,
+ docbook-xsl,
+ docbook-xml,
+ m4,
+ meson (>= 0.49),
+ gettext,
+ gperf,
+ gnu-efi [amd64 i386 arm64],
+ libcap-dev (>= 1:2.24-9~),
+ libpam0g-dev,
+ libapparmor-dev (>= 2.9.0-3+exp2) <!stage1>,
+ libidn11-dev <!stage1>,
+ libiptc-dev <!stage1>,
+ libaudit-dev <!stage1>,
+ libdbus-1-dev (>= 1.3.2) <!nocheck>,
+ libcryptsetup-dev (>= 2:1.6.0) <!stage1>,
+ libselinux1-dev (>= 2.1.9),
+ libacl1-dev,
+ liblzma-dev,
+ liblz4-dev (>= 0.0~r125),
+ liblz4-tool <!nocheck>,
+ libbz2-dev <!stage1>,
+ zlib1g-dev <!stage1> | libz-dev <!stage1>,
+ libcurl4-gnutls-dev <!stage1> | libcurl-dev <!stage1>,
+ libmicrohttpd-dev <!stage1>,
+ libgnutls28-dev <!stage1>,
+ libgcrypt20-dev,
+ libkmod-dev (>= 15),
+ libblkid-dev (>= 2.24),
+ libmount-dev (>= 2.30),
+ libseccomp-dev (>= 2.3.1) [amd64 arm64 armel armhf i386 mips mipsel mips64 mips64el x32 powerpc ppc64 ppc64el s390x],
+ libdw-dev (>= 0.158) <!stage1>,
+ libpolkit-gobject-1-dev <!stage1>,
+ linux-base <!nocheck>,
+ acl <!nocheck>,
+ python3:native,
+ python3-lxml:native,
+ python3-pyparsing <!nocheck>,
+ python3-evdev <!nocheck>,
+ tzdata <!nocheck>,
+ libcap2-bin <!nocheck>,
+ iproute2 <!nocheck>,
+
+Package: systemd
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: important
+Recommends: libpam-systemd,
+ dbus
+Suggests: systemd-container,
+ policykit-1
+Pre-Depends: ${shlibs:Pre-Depends},
+ ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ libsystemd0 (= ${binary:Version}),
+ util-linux (>= 2.27.1),
+ mount (>= 2.26),
+ adduser,
+Conflicts: consolekit,
+ libpam-ck-connector,
+Breaks: apparmor (<< 2.9.2-1),
+ systemd-shim (<< 10-4~),
+ ifupdown (<< 0.8.5~),
+ udev (<< 228-5),
+ laptop-mode-tools (<< 1.68~),
+ python-dbusmock (<< 0.18),
+ python3-dbusmock (<< 0.18),
+Replaces: udev (<< 228-5),
+Description: system and service manager
+ systemd is a system and service manager for Linux. It provides aggressive
+ parallelization capabilities, uses socket and D-Bus activation for starting
+ services, offers on-demand starting of daemons, keeps track of processes using
+ Linux control groups, maintains mount and automount points and implements an
+ elaborate transactional dependency-based service control logic.
+ .
+ systemd is compatible with SysV and LSB init scripts and can work as a
+ drop-in replacement for sysvinit.
+ .
+ Installing the systemd package will not switch your init system unless you
+ boot with init=/bin/systemd or install systemd-sysv in addition.
+
+Package: systemd-sysv
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: important
+Conflicts: sysvinit-core,
+ upstart (<< 1.13.2-0ubuntu10~),
+ upstart-sysv,
+ openrc (<< 0.20.4-2.1),
+ file-rc,
+ systemd-shim,
+Replaces: sysvinit-core,
+ upstart (<< 1.13.2-0ubuntu10~),
+ upstart-sysv,
+Pre-Depends: systemd
+Depends: ${shlibs:Depends},
+ ${misc:Depends}
+Recommends: libnss-systemd
+Description: system and service manager - SysV links
+ systemd is a system and service manager for Linux. It provides aggressive
+ parallelization capabilities, uses socket and D-Bus activation for starting
+ services, offers on-demand starting of daemons, keeps track of processes using
+ Linux control groups, maintains mount and automount points and implements an
+ elaborate transactional dependency-based service control logic.
+ .
+ systemd is compatible with SysV and LSB init scripts and can work as a
+ drop-in replacement for sysvinit.
+ .
+ This package provides the manual pages and links needed for systemd
+ to replace sysvinit. Installing systemd-sysv will overwrite /sbin/init with a
+ link to systemd.
+
+Package: systemd-container
+Build-Profiles: <!stage1>
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd,
+ dbus
+Recommends: btrfs-progs,
+ libnss-mymachines,
+Breaks: systemd (<< 224-2)
+Replaces: systemd (<< 224-2)
+Description: systemd container/nspawn tools
+ This package provides systemd's tools for nspawn and container/VM management:
+ * systemd-nspawn
+ * systemd-machined and machinectl
+ * systemd-importd
+
+Package: systemd-journal-remote
+Build-Profiles: <!stage1>
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd,
+ adduser
+Breaks: systemd (<< 239-6)
+Replaces: systemd (<< 239-6)
+Description: tools for sending and receiving remote journal logs
+ This package provides tools for sending and receiving remote journal logs:
+ * systemd-journal-remote
+ * systemd-journal-upload
+ * systemd-journal-gatewayd
+
+Package: systemd-coredump
+Build-Profiles: <!stage1>
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ adduser,
+ systemd
+Conflicts: core-dump-handler
+Replaces: core-dump-handler, systemd (<< 229-2)
+Provides: core-dump-handler
+Breaks: systemd (<< 229-2)
+Description: tools for storing and retrieving coredumps
+ This package provides systemd tools for storing and retrieving coredumps:
+ * systemd-coredump
+ * coredumpctl
+
+Package: systemd-tests
+Architecture: linux-any
+Section: admin
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd (= ${binary:Version}),
+ python3,
+Description: tests for systemd
+ This package contains the test binaries. Those binaries are primarily used
+ for autopkgtest and not meant to be installed on regular user systems.
+
+Package: libpam-systemd
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: standard
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd (= ${binary:Version}),
+ libpam-runtime (>= 1.0.1-6),
+ dbus,
+ systemd-shim (>= 10-4~) | systemd-sysv
+Description: system and service manager - PAM module
+ This package contains the PAM module which registers user sessions in
+ the systemd control group hierarchy for logind.
+ .
+ If in doubt, do install this package.
+ .
+ Packages that depend on logind functionality need to depend on libpam-systemd.
+
+Package: libnss-myhostname
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: optional
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+Breaks: systemd (<< 222-1)
+Replaces: systemd (<< 222-1)
+Description: nss module providing fallback resolution for the current hostname
+ This package contains a plugin for the Name Service Switch, providing host
+ name resolution for the locally configured system hostname as returned by
+ gethostname(2). It returns all locally configured public IP addresses or -- if
+ none are configured, the IPv4 address 127.0.1.1 (which is on the local
+ loopback) and the IPv6 address ::1 (which is the local host).
+ .
+ A lot of software relies on that the local host name is resolvable. This
+ package provides an alternative to the fragile and error-prone manual editing
+ of /etc/hosts.
+ .
+ Installing this package automatically adds myhostname to /etc/nsswitch.conf.
+
+Package: libnss-mymachines
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: optional
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd-container (= ${binary:Version}),
+Breaks: systemd (<< 222-1)
+Replaces: systemd (<< 222-1)
+Description: nss module to resolve hostnames for local container instances
+ nss-mymachines is a plugin for the GNU Name Service Switch (NSS) functionality
+ of the GNU C Library (glibc) providing hostname resolution for local containers
+ that are registered with systemd-machined.service(8). The container names are
+ resolved to IP addresses of the specific container, ordered by their scope.
+ .
+ Installing this package automatically adds mymachines to /etc/nsswitch.conf.
+
+Package: libnss-resolve
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: optional
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd (= ${binary:Version}),
+Breaks: systemd (<< 227-3)
+Replaces: systemd (<< 227-3)
+Description: nss module to resolve names via systemd-resolved
+ nss-resolve is a plugin for the GNU Name Service Switch (NSS) functionality
+ of the GNU C Library (glibc) providing DNS and LLMNR resolution to programs via
+ the systemd-resolved daemon (provided in the systemd package).
+ .
+ Installing this package automatically adds resolve to /etc/nsswitch.conf.
+
+Package: libnss-systemd
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: optional
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd (= ${binary:Version}),
+Description: nss module providing dynamic user and group name resolution
+ nss-systemd is a plug-in module for the GNU Name Service Switch (NSS)
+ functionality of the GNU C Library (glibc), providing UNIX user and group name
+ resolution for dynamic users and groups allocated through the DynamicUser=
+ option in systemd unit files. See systemd.exec(5) for details on this
+ option.
+ .
+ Installing this package automatically adds the module to /etc/nsswitch.conf.
+
+Package: libsystemd0
+Architecture: linux-any
+Multi-Arch: same
+Section: libs
+Priority: optional
+Pre-Depends: ${shlibs:Depends},
+ ${misc:Pre-Depends}
+Depends: ${misc:Depends}
+Description: systemd utility library
+ The libsystemd0 library provides interfaces to various systemd components.
+
+Package: libsystemd-dev
+Architecture: linux-any
+Multi-Arch: same
+Section: libdevel
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ libsystemd0 (= ${binary:Version})
+Description: systemd utility library - development files
+ The libsystemd0 library provides interfaces to various systemd components.
+ .
+ This package contains the development files.
+
+Package: udev
+Section: admin
+Priority: important
+Architecture: linux-any
+Multi-Arch: foreign
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ adduser,
+ libudev1 (= ${binary:Version}),
+ lsb-base (>= 3.0-6),
+ util-linux (>= 2.27.1),
+ s390-tools (>> 1.6.2) [s390],
+Conflicts: hal
+Breaks: systemd (<< 233-4),
+ ifupdown (<< 0.8.5~),
+ ifplugd (<< 0.28-19.1~),
+ joystick (<< 1:1.4.9-1~),
+Replaces: systemd (<< 233-4)
+Description: /dev/ and hotplug management daemon
+ udev is a daemon which dynamically creates and removes device nodes from
+ /dev/, handles hotplug events and loads drivers at boot time.
+
+Package: libudev1
+Section: libs
+Priority: optional
+Architecture: linux-any
+Multi-Arch: same
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends}
+Description: libudev shared library
+ This library provides access to udev device information.
+
+Package: libudev-dev
+Section: libdevel
+Priority: optional
+Architecture: linux-any
+Multi-Arch: same
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ libudev1 (= ${binary:Version})
+Description: libudev development files
+ This package contains the files needed for developing applications that
+ use libudev.
+
+Package: udev-udeb
+Build-Profiles: <!noudeb>
+Package-Type: udeb
+Section: debian-installer
+Priority: optional
+Architecture: linux-any
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ util-linux-udeb
+Description: /dev/ and hotplug management daemon
+ udev is a daemon which dynamically creates and removes device nodes from
+ /dev/, handles hotplug events and loads drivers at boot time.
+ .
+ This is a minimal version, only for use in the installation system.
+
+Package: libudev1-udeb
+Build-Profiles: <!noudeb>
+Package-Type: udeb
+Section: debian-installer
+Priority: optional
+Architecture: linux-any
+Depends: ${shlibs:Depends},
+ ${misc:Depends}
+Description: libudev shared library
+ This library provides access to udev device information.
+ .
+ This is a minimal version, only for use in the installation system.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 00000000..1f66c205
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,195 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: systemd
+Upstream-Contact: systemd-devel@lists.freedesktop.org
+Source: https://www.freedesktop.org/wiki/Software/systemd/
+
+Files: *
+Copyright: 2008-2015 Kay Sievers <kay@vrfy.org>
+ 2010-2015 Lennart Poettering
+ 2012-2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+ 2013-2015 Tom Gundersen <teg@jklm.no>
+ 2013-2015 Daniel Mack
+ 2010-2015 Harald Hoyer
+ 2013-2015 David Herrmann
+ 2013, 2014 Thomas H.P. Andersen
+ 2013, 2014 Daniel Buch
+ 2014 Susant Sahani
+ 2009-2015 Intel Corporation
+ 2000, 2005 Red Hat, Inc.
+ 2009 Alan Jenkins <alan-jenkins@tuffmail.co.uk>
+ 2010 ProFUSION embedded systems
+ 2010 Maarten Lankhorst
+ 1995-2004 Miquel van Smoorenburg
+ 1999 Tom Tromey
+ 2011 Michal Schmidt
+ 2012 B. Poettering
+ 2012 Holger Hans Peter Freyther
+ 2012 Dan Walsh
+ 2012 Roberto Sassu
+ 2013 David Strauss
+ 2013 Marius Vollmer
+ 2013 Jan Janssen
+ 2013 Simon Peeters
+License: LGPL-2.1+
+
+Files: src/basic/siphash24.h
+ src/basic/siphash24.c
+Copyright: 2012 Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>
+ 2012 Daniel J. Bernstein <djb@cr.yp.to>
+License: CC0-1.0
+
+Files: src/basic/securebits.h
+Copyright: Linus Torvalds <torvalds@athlon.transmeta.com>
+License: GPL-2
+
+Files: src/basic/ioprio.h
+Copyright: Jens Axboe <axboe@suse.de>
+License: GPL-2
+
+Files: src/shared/linux/auto_dev-ioctl.h
+Copyright: 2008 Red Hat, Inc.
+ 2008 Ian Kent <raven@themaw.net>
+License: GPL-2+
+
+Files: src/basic/sparse-endian.h
+Copyright: 2012 Josh Triplett <josh@joshtriplett.org>
+License: Expat
+
+Files: src/journal/lookup3.c
+ src/journal/lookup3.h
+Copyright: none
+License: public-domain
+ You can use this free for any purpose. It's in the public domain. It has no
+ warranty.
+
+Files: src/udev/*
+Copyright: 2003-2012 Kay Sievers <kay@vrfy.org>
+ 2003-2004 Greg Kroah-Hartman <greg@kroah.com>
+ 2004 Chris Friesen <chris_friesen@sympatico.ca>
+ 2004, 2009, 2010 David Zeuthen <david@fubar.dk>
+ 2005, 2006 SUSE Linux Products GmbH
+ 2003 IBM Corp.
+ 2007 Hannes Reinecke <hare@suse.de>
+ 2009 Canonical Ltd.
+ 2009 Scott James Remnant <scott@netsplit.com>
+ 2009 Martin Pitt <martin.pitt@ubuntu.com>
+ 2009 Piter Punk <piterpunk@slackware.com>
+ 2009, 2010 Lennart Poettering
+ 2009 Filippo Argiolas <filippo.argiolas@gmail.com>
+ 2010 Maxim Levitsky
+ 2011 ProFUSION embedded systems
+ 2011 Karel Zak <kzak@redhat.com>
+ 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+ 2014 David Herrmann <dh.herrmann@gmail.com>
+ 2014 Carlos Garnacho <carlosg@gnome.org>
+License: GPL-2+
+
+Files: src/udev/udev-ctrl.c
+ src/udev/udevadm-hwdb.c
+ src/udev/udev-builtin.c
+ src/udev/udev-builtin-net_id.c
+ src/udev/udev-builtin-net_setup_link.c
+ src/udev/udev-builtin-hwdb.c
+ src/udev/udev-builtin-btrfs.c
+ src/udev/udev-builtin-keyboard.c
+ src/udev/net/link-config.h
+ src/udev/net/link-config.c
+ src/udev/net/ethtool-util.c
+ src/udev/net/ethtool-util.h
+Copyright: 2007-2013 Kay Sievers <kay@vrfy.org>
+ 2013 Tom Gundersen <teg@jklm.no>
+License: LGPL-2.1+
+
+Files: src/udev/scsi_id/scsi.h
+Copyright: 2003 IBM Corp.
+License: GPL-2
+
+Files: debian/*
+Copyright: 2010-2013 Tollef Fog Heen <tfheen@debian.org>
+ 2013-2018 Michael Biebl <biebl@debian.org>
+ 2013 Michael Stapelberg <stapelberg@debian.org>
+License: LGPL-2.1+
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to
+ deal in the Software without restriction, including without limitation the
+ rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ sell copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ IN THE SOFTWARE.
+
+License: GPL-2
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+ .
+ On Debian and systems the full text of the GNU General Public
+ License version 2 can be found in the file
+ `/usr/share/common-licenses/GPL-2`
+
+License: GPL-2+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 2 can be found in ‘/usr/share/common-licenses/GPL-2’.
+
+License: LGPL-2.1+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+ .
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ .
+ On Debian systems, the complete text of the GNU Lesser General Public
+ License version 2.1 can be found in ‘/usr/share/common-licenses/LGPL-2.1’.
+
+License: CC0-1.0
+ To the extent possible under law, the author(s) have dedicated all copyright
+ and related and neighboring rights to this software to the public domain
+ worldwide. This software is distributed without any warranty.
+ .
+ You should have received a copy of the CC0 Public Domain Dedication along with
+ this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+ .
+ On Debian systems, the complete text of the CC0 1.0 Universal license can be
+ found in ‘/usr/share/common-licenses/CC0-1.0’.
diff --git a/debian/extra/checkout-upstream b/debian/extra/checkout-upstream
new file mode 100755
index 00000000..561082ea
--- /dev/null
+++ b/debian/extra/checkout-upstream
@@ -0,0 +1,61 @@
+#!/bin/sh
+# Prepare systemd source package in current directory for testing an upstream
+# commit, branch, or PR, without Debian patches. This replaces everything
+# except the debian/ directory with an upstream checkout.
+# NEVER run this in your actual packaging work directory! This is only meant
+# for upstream CI.
+#
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+set -eu
+test -x debian/rules
+if [ -z "${TEST_UPSTREAM:-}" ]; then
+ echo "Not in upstream testing mode. Do *not* run this script unless you know what you are doing." >&2
+ exit 1
+fi
+if [ -n "${UPSTREAM_PULL_REQUEST:-}" ]; then
+ FETCH="git fetch -fu origin refs/pull/$UPSTREAM_PULL_REQUEST/head:pr"
+ CO='git checkout pr'
+ DESC="PR #$UPSTREAM_PULL_REQUEST"
+elif [ -n "${UPSTREAM_HEAD:-}" ]; then
+ FETCH=''
+ CO="git checkout $UPSTREAM_HEAD"
+ DESC="$UPSTREAM_HEAD"
+else
+ echo "WARNING: $0: Neither UPSTREAM_PULL_REQUEST nor UPSTREAM_HEAD set, ignoring" >&2
+ exit 0
+fi
+
+mkdir -p debian/tmp
+(cd debian/tmp
+ git clone https://github.com/systemd/systemd.git upstream || (rm -rf upstream; sleep 60; git clone https://github.com/systemd/systemd.git upstream)
+ cd upstream
+ $FETCH
+ $CO
+ git config user.email "invalid@example.com"
+ git config user.name "Merge dummy user"
+ git rebase master)
+UPSTREAM_VER=$(cd debian/tmp/upstream; git describe | sed 's/^v//')
+
+# clean out original upstream sources and patches
+find -mindepth 1 -maxdepth 1 -name debian -prune -o -print0 | xargs -0n1 rm -rf
+rm -rf debian/patches
+
+# replace with checkout
+mv debian/tmp/upstream/* .
+rm -rf debian/tmp
+
+# craft changelog
+cat << EOF > debian/changelog.new
+systemd (${UPSTREAM_VER}-0) UNRELEASED; urgency=low
+
+ * Automatic build from upstream $DESC
+
+ -- systemd test <pkg-systemd-maintainers@lists.alioth.debian.org> $(date -R)
+
+EOF
+cat debian/changelog >> debian/changelog.new
+mv debian/changelog.new debian/changelog
+
+# disable tests which are not for upstream
+sed -i '/# NOUPSTREAM/ q' debian/tests/control
diff --git a/debian/extra/dhclient-exit-hooks.d/timesyncd b/debian/extra/dhclient-exit-hooks.d/timesyncd
new file mode 100644
index 00000000..3cde9929
--- /dev/null
+++ b/debian/extra/dhclient-exit-hooks.d/timesyncd
@@ -0,0 +1,42 @@
+TIMESYNCD_CONF=/run/systemd/timesyncd.conf.d/01-dhclient.conf
+
+timesyncd_servers_setup_remove() {
+ if [ -e $TIMESYNCD_CONF ]; then
+ rm -f $TIMESYNCD_CONF
+ systemctl try-restart systemd-timesyncd.service || true
+ fi
+}
+
+timesyncd_servers_setup_add() {
+ if [ ! -d /run/systemd/system ]; then
+ return
+ fi
+
+ if [ -e $TIMESYNCD_CONF ] && [ "$new_ntp_servers" = "$old_ntp_servers" ]; then
+ return
+ fi
+
+ if [ -z "$new_ntp_servers" ]; then
+ timesyncd_servers_setup_remove
+ return
+ fi
+
+ mkdir -p $(dirname $TIMESYNCD_CONF)
+ cat <<EOF > ${TIMESYNCD_CONF}.new
+# NTP server entries received from DHCP server
+[Time]
+NTP=$new_ntp_servers
+EOF
+ mv ${TIMESYNCD_CONF}.new ${TIMESYNCD_CONF}
+ systemctl try-restart systemd-timesyncd.service || true
+}
+
+
+case $reason in
+ BOUND|RENEW|REBIND|REBOOT)
+ timesyncd_servers_setup_add
+ ;;
+ EXPIRE|FAIL|RELEASE|STOP)
+ timesyncd_servers_setup_remove
+ ;;
+esac
diff --git a/debian/extra/fbdev-blacklist.conf b/debian/extra/fbdev-blacklist.conf
new file mode 100644
index 00000000..00a91706
--- /dev/null
+++ b/debian/extra/fbdev-blacklist.conf
@@ -0,0 +1,20 @@
+# This file blacklists most old-style PCI framebuffer drivers.
+
+blacklist arkfb
+blacklist aty128fb
+blacklist atyfb
+blacklist radeonfb
+blacklist cirrusfb
+blacklist cyber2000fb
+blacklist kyrofb
+blacklist matroxfb_base
+blacklist mb862xxfb
+blacklist neofb
+blacklist pm2fb
+blacklist pm3fb
+blacklist s3fb
+blacklist savagefb
+blacklist sisfb
+blacklist tdfxfb
+blacklist tridentfb
+blacklist vt8623fb
diff --git a/debian/extra/init-functions.d/40-systemd b/debian/extra/init-functions.d/40-systemd
new file mode 100644
index 00000000..4fa9b9c6
--- /dev/null
+++ b/debian/extra/init-functions.d/40-systemd
@@ -0,0 +1,101 @@
+# -*-Shell-script-*-
+# /lib/lsb/init-functions
+
+_use_systemctl=0
+if [ -d /run/systemd/system ]; then
+
+ if [ -n "${__init_d_script_name:-}" ]; then # scripts run with new init-d-script
+ executable="$__init_d_script_name"
+ argument="$1"
+ elif [ "${0##*/}" = "init-d-script" ] ||
+ [ "${0##*/}" = "${1##*/}" ]; then # scripts run with old init-d-script
+ executable="$1"
+ argument="$2"
+ else # plain old scripts
+ executable="$0"
+ argument="$1"
+ fi
+
+ prog=${executable##*/}
+ service="${prog%.sh}.service"
+
+ # Don't try to run masked services. systemctl <= 230 always succeeds here,
+ # but later systemctls fail on nonexisting units; be compatible with both
+ state=$(systemctl -p LoadState --value show $service 2>/dev/null) || state="not-found"
+ [ "$state" = "masked" ] && exit 0
+
+ # Redirect SysV init scripts when executed by the user
+ if [ $PPID -ne 1 ] && [ -z "${SYSTEMCTL_SKIP_REDIRECT:-}" ]; then
+ case $(readlink -f "$executable") in
+ /etc/init.d/*)
+ # If the state is not-found, this might be a newly installed SysV init
+ # script where systemd-sysv-generator has not been run yet.
+ [ "$state" != "not-found" ] || [ "$(id -u)" != 0 ] || systemctl --no-ask-password daemon-reload
+
+ _use_systemctl=1
+ # Some services can't reload through the .service file,
+ # but can through the init script.
+ if [ "$(systemctl -p CanReload --value show $service 2>/dev/null)" = "no" ] && [ "${argument:-}" = "reload" ]; then
+ _use_systemctl=0
+ fi
+ ;;
+ esac
+ fi
+fi
+
+systemctl_redirect () {
+ local s
+ local rc
+ local prog=${1##*/}
+ local command=$2
+
+ case "$command" in
+ start)
+ s="Starting $prog (via systemctl)"
+ ;;
+ stop)
+ s="Stopping $prog (via systemctl)"
+ ;;
+ reload|force-reload)
+ s="Reloading $prog configuration (via systemctl)"
+ ;;
+ try-restart)
+ s="Restarting $prog if running (via systemctl)"
+ ;;
+ restart)
+ s="Restarting $prog (via systemctl)"
+ ;;
+ esac
+
+ service="${prog%.sh}.service"
+
+ # avoid deadlocks during bootup and shutdown from units/hooks
+ # which call "invoke-rc.d service reload" and similar, since
+ # the synchronous wait plus systemd's normal behaviour of
+ # transactionally processing all dependencies first easily
+ # causes dependency loops
+ if ! OUT=$(systemctl is-system-running 2>/dev/null) && [ "$OUT" != "degraded" ]; then
+ sctl_args="--job-mode=ignore-dependencies"
+ fi
+
+ [ "$command" = status ] || log_daemon_msg "$s" "$service"
+ /bin/systemctl --no-pager $sctl_args $command "$service"
+ rc=$?
+ [ "$command" = status ] || log_end_msg $rc
+
+ return $rc
+}
+
+if [ "$_use_systemctl" = "1" ]; then
+ # Some init scripts use "set -e" and "set -u", we don't want that
+ # here
+ set +e
+ set +u
+
+ case "$argument" in
+ start|stop|restart|reload|force-reload|try-restart|status)
+ systemctl_redirect $executable $argument
+ exit $?
+ ;;
+ esac
+fi
diff --git a/debian/extra/initramfs-tools/hooks/udev b/debian/extra/initramfs-tools/hooks/udev
new file mode 100755
index 00000000..6305d097
--- /dev/null
+++ b/debian/extra/initramfs-tools/hooks/udev
@@ -0,0 +1,54 @@
+#!/bin/sh -e
+
+PREREQS=""
+
+prereqs() { echo "$PREREQS"; }
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+mkdir -p "$DESTDIR/lib/systemd"
+copy_exec /lib/systemd/systemd-udevd /lib/systemd
+copy_exec /bin/udevadm /bin
+
+mkdir -p "$DESTDIR/etc/udev"
+cp -p /etc/udev/udev.conf "$DESTDIR/etc/udev/"
+
+# copy .link files containing interface naming definitions
+mkdir -p "$DESTDIR/lib/systemd/network/"
+find /lib/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' +
+if [ -d /etc/systemd/network ]; then
+ find /etc/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' +
+fi
+
+mkdir -p "$DESTDIR/lib/udev/rules.d/"
+for rules in 50-firmware.rules 50-udev-default.rules 60-persistent-storage.rules \
+ 61-persistent-storage-android.rules 71-seat.rules 73-special-net-names.rules \
+ 73-usb-net-by-mac.rules 75-net-description.rules \
+ 80-net-setup-link.rules 80-drivers.rules; do
+ if [ -e /etc/udev/rules.d/$rules ]; then
+ cp -p /etc/udev/rules.d/$rules "$DESTDIR/lib/udev/rules.d/"
+ elif [ -e /lib/udev/rules.d/$rules ]; then
+ cp -p /lib/udev/rules.d/$rules "$DESTDIR/lib/udev/rules.d/"
+ fi
+done
+
+# now copy all custom udev rules which don't have an equivalent in /lib (e. g.
+# 70-persistent-net.rules or similar); They might contain network names or
+# other bits which are relevant for the initramfs.
+for rules in /etc/udev/rules.d/*.rules; do
+ if [ -e "$rules" ] && [ ! -e "/lib/${rules#/etc/}" ]; then
+ cp -p "$rules" "$DESTDIR/lib/udev/rules.d/"
+ fi
+done
+
+for program in ata_id scsi_id; do
+ copy_exec /lib/udev/$program /lib/udev
+done
+copy_exec /sbin/blkid /sbin
diff --git a/debian/extra/initramfs-tools/scripts/init-bottom/udev b/debian/extra/initramfs-tools/scripts/init-bottom/udev
new file mode 100755
index 00000000..a69d4921
--- /dev/null
+++ b/debian/extra/initramfs-tools/scripts/init-bottom/udev
@@ -0,0 +1,29 @@
+#!/bin/sh -e
+
+PREREQS=""
+
+prereqs() { echo "$PREREQS"; }
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+# Stop udevd, we'll miss a few events while we run init, but we catch up
+udevadm control --exit
+
+# move the /dev tmpfs to the rootfs; fall back to util-linux mount that does
+# not understand -o move
+mount -n -o move /dev "${rootmnt:?}/dev" || mount -n --move /dev "${rootmnt}/dev"
+
+# create a temporary symlink to the final /dev for other initramfs scripts
+if command -v nuke >/dev/null; then
+ nuke /dev
+else
+ # shellcheck disable=SC2114
+ rm -rf /dev
+fi
+ln -s "${rootmnt}/dev" /dev
+
diff --git a/debian/extra/initramfs-tools/scripts/init-top/udev b/debian/extra/initramfs-tools/scripts/init-top/udev
new file mode 100755
index 00000000..9bdfe864
--- /dev/null
+++ b/debian/extra/initramfs-tools/scripts/init-top/udev
@@ -0,0 +1,31 @@
+#!/bin/sh -e
+
+PREREQS=""
+
+prereqs() { echo "$PREREQS"; }
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+if [ -w /sys/kernel/uevent_helper ]; then
+ echo > /sys/kernel/uevent_helper
+fi
+
+if [ "${quiet:-n}" = "y" ]; then
+ log_level=notice
+else
+ log_level=info
+fi
+
+SYSTEMD_LOG_LEVEL=$log_level /lib/systemd/systemd-udevd --daemon --resolve-names=never
+
+udevadm trigger --type=subsystems --action=add
+udevadm trigger --type=devices --action=add
+udevadm settle || true
+
+# Leave udev running to process events that come in out-of-band (like USB
+# connections)
diff --git a/debian/extra/kernel-install.d/85-initrd.install b/debian/extra/kernel-install.d/85-initrd.install
new file mode 100755
index 00000000..ee6974d2
--- /dev/null
+++ b/debian/extra/kernel-install.d/85-initrd.install
@@ -0,0 +1,29 @@
+#!/bin/sh
+set -eu
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+COMMAND="$1"
+KERNEL_VERSION="$2"
+BOOT_DIR_ABS="$3"
+
+INITRD_SRC="/boot/initrd.img-$KERNEL_VERSION"
+INITRD_DEST="$BOOT_DIR_ABS/initrd"
+
+if [ "$COMMAND" = remove ]; then
+ rm -f "$INITRD_DEST"
+ exit 0
+fi
+
+if [ "$COMMAND" != add ]; then
+ echo "Invalid command $COMMAND" >&2
+ exit 1
+fi
+
+if [ -e "$INITRD_SRC" ];then
+ cp "$INITRD_SRC" "$INITRD_DEST"
+else
+ echo "$INITRD_SRC does not exist, not installing an initrd"
+fi
+
+exit 0
diff --git a/debian/extra/make-fbdev-blacklist b/debian/extra/make-fbdev-blacklist
new file mode 100644
index 00000000..826e2d55
--- /dev/null
+++ b/debian/extra/make-fbdev-blacklist
@@ -0,0 +1,48 @@
+#!/bin/sh
+# This script should be run before building the package every time a new
+# kernel is released.
+#
+# You should pass the name of the modules directory for a 486 flavour
+# kernel, as that has the most framebuffer modules.
+#
+# Also, obsolete modules should not be removed from the list until after
+# at least one stable release.
+
+set -e
+
+if [ $# = 0 ]; then
+ MODULES_DIR=/lib/modules/$(uname -r)
+else
+ MODULES_DIR="$1"
+fi
+
+BL='fbdev-blacklist.conf'
+
+if [ -e extra/$BL ]; then cd extra; fi
+
+{
+printf "# This file blacklists most old-style PCI framebuffer drivers.\n\n"
+
+find "$MODULES_DIR"/kernel/drivers/video -type f | sort | \
+while read file; do
+ name="$(basename $file .ko)"
+ case $name in
+ lxfb)
+ # This is needed for text consoles on OLPC XO-1, and it used to be
+ # built-in anyway.
+ ;;
+ viafb) ;; # Needed by OLPC XO-1.5
+ *)
+ /sbin/modinfo $file | grep -q '^alias: *pci:' \
+ && echo blacklist $name || true
+ ;;
+ esac
+done
+} > $BL.tmp
+
+if diff --unified=0 $BL $BL.tmp; then
+ rm $BL.tmp
+else
+ printf "\n\n\n$BL.tmp has changes!\n\n\n\n"
+fi
+
diff --git a/debian/extra/make-sysusers-basic b/debian/extra/make-sysusers-basic
new file mode 100755
index 00000000..8ff1b159
--- /dev/null
+++ b/debian/extra/make-sysusers-basic
@@ -0,0 +1,18 @@
+#!/bin/sh
+# generate a sysusers.d(5) file from Debian's static master passwd/group files
+set -eu
+
+echo '# generated from /usr/share/base-passwd/{passwd,group}.master'
+
+# only take groups whose name+gid != the corresponding user in passwd.master
+export IFS=:
+while read name _ id _; do
+ if ! grep -q "^$name:\*:$id:$id:" /usr/share/base-passwd/passwd.master; then
+ printf "g %-10s %-5s -\n" $name $id
+ fi
+done < /usr/share/base-passwd/group.master
+
+echo
+
+# treat "nobody:nogroup" specially: same ID, but different name, so prevent creating a "nobody" group
+awk -F: '{ i = ($3 == $4 && $4 != 65534) ? $3 : $3":"$4; printf("u %-10s %-7s - %-20s %s\n", $1,i,$6,$7) }' < /usr/share/base-passwd/passwd.master
diff --git a/debian/extra/pam-configs/systemd b/debian/extra/pam-configs/systemd
new file mode 100644
index 00000000..5b56996a
--- /dev/null
+++ b/debian/extra/pam-configs/systemd
@@ -0,0 +1,7 @@
+Name: Register user sessions in the systemd control group hierarchy
+Default: yes
+Priority: 0
+Session-Interactive-Only: yes
+Session-Type: Additional
+Session:
+ optional pam_systemd.so
diff --git a/debian/extra/pam.d/systemd-user b/debian/extra/pam.d/systemd-user
new file mode 100644
index 00000000..45b2e5e8
--- /dev/null
+++ b/debian/extra/pam.d/systemd-user
@@ -0,0 +1,12 @@
+# This file is part of systemd.
+#
+# Used by systemd --user instances.
+
+@include common-account
+
+session required pam_selinux.so close
+session required pam_selinux.so nottys open
+session required pam_loginuid.so
+session required pam_limits.so
+@include common-session-noninteractive
+session optional pam_systemd.so
diff --git a/debian/extra/rules-ubuntu/40-vm-hotadd.rules b/debian/extra/rules-ubuntu/40-vm-hotadd.rules
new file mode 100644
index 00000000..62a5a62b
--- /dev/null
+++ b/debian/extra/rules-ubuntu/40-vm-hotadd.rules
@@ -0,0 +1,14 @@
+# On Hyper-V and Xen Virtual Machines we want to add memory and cpus as soon as they appear
+ATTR{[dmi/id]sys_vendor}=="Microsoft Corporation", ATTR{[dmi/id]product_name}=="Virtual Machine", GOTO="vm_hotadd_apply"
+ATTR{[dmi/id]sys_vendor}=="Xen", GOTO="vm_hotadd_apply"
+GOTO="vm_hotadd_end"
+
+LABEL="vm_hotadd_apply"
+
+# Memory hotadd request
+SUBSYSTEM=="memory", ACTION=="add", DEVPATH=="/devices/system/memory/memory[0-9]*", TEST=="state", ATTR{state}="online"
+
+# CPU hotadd request
+SUBSYSTEM=="cpu", ACTION=="add", DEVPATH=="/devices/system/cpu/cpu[0-9]*", TEST=="online", ATTR{online}="1"
+
+LABEL="vm_hotadd_end"
diff --git a/debian/extra/rules-ubuntu/61-persistent-storage-android.rules b/debian/extra/rules-ubuntu/61-persistent-storage-android.rules
new file mode 100644
index 00000000..6f4ac42d
--- /dev/null
+++ b/debian/extra/rules-ubuntu/61-persistent-storage-android.rules
@@ -0,0 +1,7 @@
+# Android based kernel exports the uevent property PARTNAME, which can be
+# used to find out at run time the named partitions (e.g. boot) for the
+# device. This is specially useful for the Touch based images and flash-kernel,
+# to automatically update the kernel by writing at the correct partition
+# (independently of the hardware revision).
+ACTION!="remove", KERNEL=="mmcblk[0-9]p[0-9]", ENV{PARTNAME}=="?*", SYMLINK+="disk/by-partlabel/$env{PARTNAME}"
+
diff --git a/debian/extra/rules-ubuntu/71-power-switch-proliant.rules b/debian/extra/rules-ubuntu/71-power-switch-proliant.rules
new file mode 100644
index 00000000..022baebf
--- /dev/null
+++ b/debian/extra/rules-ubuntu/71-power-switch-proliant.rules
@@ -0,0 +1,2 @@
+ACTION!="remove", SUBSYSTEM=="input", KERNEL=="event*", SUBSYSTEMS=="platform", KERNELS=="gpio_keys.6|soc:gpio_keys", PROGRAM="/bin/cat /proc/device-tree/model", RESULT=="HP ProLiant m400 Server Cartridge", TAG+="power-switch"
+ACTION!="remove", SUBSYSTEM=="input", KERNEL=="event*", SUBSYSTEMS=="platform", KERNELS=="gpio_keys.12", ATTRS{keys}=="116", PROGRAM="/bin/cat /proc/device-tree/model", RESULT=="HP ProLiant m800 Server Cartridge", TAG+="power-switch"
diff --git a/debian/extra/rules-ubuntu/78-graphics-card.rules b/debian/extra/rules-ubuntu/78-graphics-card.rules
new file mode 100644
index 00000000..b3b906cd
--- /dev/null
+++ b/debian/extra/rules-ubuntu/78-graphics-card.rules
@@ -0,0 +1,30 @@
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add", GOTO="graphics_end"
+
+# Tag the drm device for KMS-supporting drivers as the primary device for
+# the display; for non-KMS drivers tag the framebuffer device instead.
+
+SUBSYSTEM!="drm", GOTO="drm_end"
+KERNEL!="card[0-9]*", GOTO="drm_end"
+ENV{DEVTYPE}!="drm_minor", GOTO="drm_end"
+
+DRIVERS=="i915", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+DRIVERS=="radeon", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+DRIVERS=="nouveau", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+DRIVERS=="vmwgfx", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+
+LABEL="drm_end"
+
+SUBSYSTEM!="graphics", GOTO="graphics_end"
+
+DRIVERS=="i915", GOTO="graphics_end"
+DRIVERS=="radeon", GOTO="graphics_end"
+DRIVERS=="nouveau", GOTO="graphics_end"
+DRIVERS=="efifb", GOTO="graphics_end"
+DRIVERS=="efi-framebuffer", GOTO="graphics_end"
+DRIVERS=="vesa-framebuffer", GOTO="graphics_end"
+
+KERNEL=="fb[0-9]*", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+
+LABEL="graphics_end"
diff --git a/debian/extra/rules/50-firmware.rules b/debian/extra/rules/50-firmware.rules
new file mode 100644
index 00000000..f7a08ce9
--- /dev/null
+++ b/debian/extra/rules/50-firmware.rules
@@ -0,0 +1,3 @@
+# stub for immediately telling the kernel that userspace firmware loading
+# failed; necessary to avoid long timeouts with CONFIG_FW_LOADER_USER_HELPER=y
+SUBSYSTEM=="firmware", ACTION=="add", ATTR{loading}="-1"
diff --git a/debian/extra/rules/73-special-net-names.rules b/debian/extra/rules/73-special-net-names.rules
new file mode 100644
index 00000000..5e470a34
--- /dev/null
+++ b/debian/extra/rules/73-special-net-names.rules
@@ -0,0 +1,14 @@
+# On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC
+# which terminates in the iDRAC. Help identify this with 'idrac'
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", ATTRS{idVendor}=="413c", ATTRS{idProduct}=="a102", NAME="idrac"
+
+# On IBM systems the Integrated Management Module is reachable using a
+# # USB Virtual NIC.
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", \
+ ATTRS{idVendor}=="04b3", ATTRS{idProduct}=="0325", NAME="ibmimm"
+
+# ibmveth devices' $DEVPATH number is tied to (virtual) hardware (slot id
+# selected in the HMC), thus this provides a reliable naming (e. g.
+# "/devices/vio/30000002/net/eth1"); we ignore the bus number, as
+# there should only ever be one bus, and then remove leading zeros
+ACTION=="add", SUBSYSTEM=="net", NAME=="", DRIVERS=="ibmveth", PROGRAM="/bin/sh -ec 'D=${DEVPATH#*/vio/}; D=${D%%%%/*}; D=${D#????}; D=${D#0}; D=${D#0}; D=${D#0}; D=${D#0}; echo ${D:-0}'", NAME="ibmveth$result"
diff --git a/debian/extra/rules/73-usb-net-by-mac.rules b/debian/extra/rules/73-usb-net-by-mac.rules
new file mode 100644
index 00000000..8969f591
--- /dev/null
+++ b/debian/extra/rules/73-usb-net-by-mac.rules
@@ -0,0 +1,15 @@
+# Use MAC based names for network interfaces which are directly or indirectly
+# on USB and have an universally administered (stable) MAC address (second bit
+# is 0). Don't do this when ifnames is disabled via kernel command line or
+# customizing/disabling 99-default.link (or previously 80-net-setup-link.rules).
+
+IMPORT{cmdline}="net.ifnames"
+ENV{net.ifnames}=="0", GOTO="usb_net_by_mac_end"
+
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", NAME=="", \
+ ATTR{address}=="?[014589cd]:*", \
+ TEST!="/etc/udev/rules.d/80-net-setup-link.rules", \
+ TEST!="/etc/systemd/network/99-default.link", \
+ IMPORT{builtin}="net_id", NAME="$env{ID_NET_NAME_MAC}"
+
+LABEL="usb_net_by_mac_end"
diff --git a/debian/extra/rules/80-debian-compat.rules b/debian/extra/rules/80-debian-compat.rules
new file mode 100644
index 00000000..fb8477ff
--- /dev/null
+++ b/debian/extra/rules/80-debian-compat.rules
@@ -0,0 +1,30 @@
+# Debian specific udev rules for backwards compatibility
+
+# needed for old tape drivers, http://bugs.debian.org/657948
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN{builtin}+="kmod load sg"
+
+# device permissions
+KERNEL=="mISDNtimer", GROUP="dialout"
+KERNEL=="mwave", GROUP="dialout"
+KERNEL=="nvram", GROUP="kmem", MODE="0640"
+KERNEL=="pktcdvd", GROUP="cdrom", MODE="0644"
+KERNEL=="lirc[0-9]*", GROUP="video"
+KERNEL=="legousbtower*", MODE="0666"
+KERNEL=="sonypi", MODE="0666"
+KERNEL=="mmtimer", MODE="0644"
+KERNEL=="sgi_*", MODE="0666"
+KERNEL=="z90crypt", MODE="0666"
+
+# These rules will create symlinks for CD/DVD drives, to help old
+# programs which are unable to automatically discover the devices.
+# The first detected device gets the symlink, but this is not stable across
+# reboots.
+ENV{ID_CDROM_CD_RW}=="?*", \
+ PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.cdrw 2>/dev/null; [ `readlink /run/udev/link.cdrw` = %k ]", \
+ SYMLINK+="cdrw", OPTIONS+="link_priority=-100"
+ENV{ID_CDROM_DVD}=="?*", \
+ PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.dvd 2>/dev/null; [ `readlink /run/udev/link.dvd` = %k ]", \
+ SYMLINK+="dvd", OPTIONS+="link_priority=-100"
+ENV{ID_CDROM_DVD_RW}=="?*", \
+ PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.dvdrw 2>/dev/null; [ `readlink /run/udev/link.dvdrw` = %k ]", \
+ SYMLINK+="dvdrw", OPTIONS+="link_priority=-100"
diff --git a/debian/extra/set-cpufreq b/debian/extra/set-cpufreq
new file mode 100755
index 00000000..4ffe126d
--- /dev/null
+++ b/debian/extra/set-cpufreq
@@ -0,0 +1,46 @@
+#! /bin/sh
+# Set the CPU Frequency Scaling governor to "ondemand"/"powersave" where available
+set -eu
+
+FIRSTCPU=`cut -f1 -d- /sys/devices/system/cpu/online`
+AVAILABLE="/sys/devices/system/cpu/cpu$FIRSTCPU/cpufreq/scaling_available_governors"
+DOWN_FACTOR="/sys/devices/system/cpu/cpufreq/ondemand/sampling_down_factor"
+
+[ -f $AVAILABLE ] || exit 0
+
+read governors < $AVAILABLE
+case $governors in
+ *interactive*)
+ GOVERNOR="interactive"
+ break
+ ;;
+ *ondemand*)
+ GOVERNOR="ondemand"
+ case $(uname -m) in
+ ppc64*)
+ SAMPLING=100
+ ;;
+ esac
+ break
+ ;;
+ *powersave*)
+ GOVERNOR="powersave"
+ break
+ ;;
+ *)
+ exit 0
+ ;;
+esac
+
+[ -n "${GOVERNOR:-}" ] || exit 0
+
+echo "Setting $GOVERNOR scheduler for all CPUs"
+
+for CPUFREQ in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
+do
+ [ -f $CPUFREQ ] || continue
+ echo -n $GOVERNOR > $CPUFREQ
+done
+if [ -n "${SAMPLING:-}" ] && [ -f $DOWN_FACTOR ]; then
+ echo -n $SAMPLING > $DOWN_FACTOR
+fi
diff --git a/debian/extra/start-udev b/debian/extra/start-udev
new file mode 100755
index 00000000..60489258
--- /dev/null
+++ b/debian/extra/start-udev
@@ -0,0 +1,18 @@
+#!/bin/sh -e
+
+if [ -w /sys/kernel/uevent_helper ]; then
+ echo > /sys/kernel/uevent_helper
+fi
+
+if ! grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then
+ mount -n -o mode=0755 -t devtmpfs devtmpfs /dev
+fi
+
+SYSTEMD_LOG_LEVEL=notice /lib/systemd/systemd-udevd --daemon --resolve-names=never
+
+udevadm trigger --action=add
+
+mkdir -p /dev/pts
+mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts
+
+udevadm settle || true
diff --git a/debian/extra/systemd-sysv-install b/debian/extra/systemd-sysv-install
new file mode 100755
index 00000000..7e90dc2b
--- /dev/null
+++ b/debian/extra/systemd-sysv-install
@@ -0,0 +1,56 @@
+#!/bin/sh
+# This script is called by "systemctl enable/disable" when the given unit is a
+# SysV init.d script. It needs to call the distribution's mechanism for
+# enabling/disabling those, such as chkconfig, update-rc.d, or similar. This
+# can optionally take a --root argument for enabling a SysV init script
+# in a chroot or similar.
+set -eu
+
+usage() {
+ echo "Usage: $0 [--root=path] enable|disable|is-enabled <sysv script name>" >&2
+ exit 1
+}
+
+ROOT=
+
+# parse options
+eval set -- "$(getopt -o r: --long root: -- "$@")"
+while true; do
+ case "$1" in
+ -r|--root)
+ ROOT="$2"
+ shift 2 ;;
+ --) shift ; break ;;
+ *) usage ;;
+ esac
+done
+
+NAME="${2:-}"
+
+run() {
+ if [ -n "$ROOT" ] && [ "$ROOT" != "/" ]; then
+ _SKIP_SYSTEMD_NATIVE=1 chroot "$ROOT" /usr/sbin/update-rc.d "$@"
+ else
+ _SKIP_SYSTEMD_NATIVE=1 /usr/sbin/update-rc.d "$@"
+ fi
+}
+
+[ -n "$NAME" ] || usage
+
+case "$1" in
+ enable)
+ # call the command to enable SysV init script $NAME here..
+ run "$NAME" defaults
+ run "$NAME" enable
+ ;;
+ disable)
+ run "$NAME" defaults
+ run "$NAME" disable
+ ;;
+ is-enabled)
+ # exit with 0 if $NAME is enabled, non-zero if it is disabled
+ ls "$ROOT"/etc/rc[S5].d/S??"$NAME" >/dev/null 2>&1
+ ;;
+ *)
+ usage ;;
+esac
diff --git a/debian/extra/systemd.py b/debian/extra/systemd.py
new file mode 100644
index 00000000..108e896e
--- /dev/null
+++ b/debian/extra/systemd.py
@@ -0,0 +1,29 @@
+'''apport package hook for systemd
+
+(c) 2014 Canonical Ltd.
+Author: Martin Pitt <martin.pitt@ubuntu.com>
+'''
+
+import os.path
+import apport.hookutils
+
+def add_info(report):
+ apport.hookutils.attach_hardware(report)
+
+ report['SystemdDelta'] = apport.hookutils.command_output(['systemd-delta'])
+
+ if not os.path.exists('/run/systemd/system'):
+ return
+
+ # Add details about all failed units, if any
+ out = apport.hookutils.command_output(['systemctl', '--state=failed', '--full',
+ '--no-legend']).strip()
+ if out:
+ failed = ''
+ for line in out.splitlines():
+ unit = line.split()[0]
+ if failed:
+ failed += '------\n'
+ failed += apport.hookutils.command_output(['systemctl', 'status', '--full', unit])
+ report['SystemdFailedUnits'] = failed
+
diff --git a/debian/extra/tmpfiles.d/debian.conf b/debian/extra/tmpfiles.d/debian.conf
new file mode 100644
index 00000000..90610844
--- /dev/null
+++ b/debian/extra/tmpfiles.d/debian.conf
@@ -0,0 +1,14 @@
+# This file is part of the debianisation of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+# See tmpfiles.d(5) for details
+
+# Type Path Mode UID GID Age Argument
+L /run/shm - - - - /dev/shm
+d /run/sendsigs.omit.d 0755 root root -
+
+L+ /etc/mtab - - - - ../proc/self/mounts
diff --git a/debian/extra/udev.py b/debian/extra/udev.py
new file mode 100644
index 00000000..d8bc76f7
--- /dev/null
+++ b/debian/extra/udev.py
@@ -0,0 +1,19 @@
+'''apport package hook for udev
+
+(c) 2009 Canonical Ltd.
+Author: Martin Pitt <martin.pitt@ubuntu.com>
+'''
+
+import os
+import apport.hookutils
+
+def add_info(report):
+ apport.hookutils.attach_hardware(report)
+
+ user_rules = []
+ for f in os.listdir('/etc/udev/rules.d'):
+ if not f.startswith('70-persistent-') and f != 'README':
+ user_rules.append(f)
+
+ if user_rules:
+ report['CustomUdevRuleFiles'] = ' '.join(user_rules)
diff --git a/debian/extra/units-ubuntu/ondemand.service b/debian/extra/units-ubuntu/ondemand.service
new file mode 100644
index 00000000..7edf8408
--- /dev/null
+++ b/debian/extra/units-ubuntu/ondemand.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Set the CPU Frequency Scaling governor
+ConditionVirtualization=no
+ConditionPathExists=/sys/devices/system/cpu/online
+# Don't run if we're going to start an Android LXC container on Ubuntu Touch
+ConditionPathExists=!/etc/init/lxc-android-config.conf
+
+[Service]
+Type=idle
+ExecStart=/lib/systemd/set-cpufreq
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/extra/units-ubuntu/user@.service.d/timeout.conf b/debian/extra/units-ubuntu/user@.service.d/timeout.conf
new file mode 100644
index 00000000..213eb651
--- /dev/null
+++ b/debian/extra/units-ubuntu/user@.service.d/timeout.conf
@@ -0,0 +1,4 @@
+# Avoid long hangs during shutdown if user services fail/hang due to X.org
+# going away too early
+[Service]
+TimeoutStopSec=5
diff --git a/debian/extra/units/getty-static.service b/debian/extra/units/getty-static.service
new file mode 100644
index 00000000..0a1203f0
--- /dev/null
+++ b/debian/extra/units/getty-static.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=getty on tty2-tty6 if dbus and logind are not available
+ConditionPathExists=/dev/tty0
+ConditionPathExists=!/lib/systemd/system/dbus.service
+
+[Service]
+Type=oneshot
+ExecStart=/bin/systemctl --no-block start getty@tty2.service getty@tty3.service getty@tty4.service getty@tty5.service getty@tty6.service
+RemainAfterExit=true
+
diff --git a/debian/extra/units/rc-local.service.d/debian.conf b/debian/extra/units/rc-local.service.d/debian.conf
new file mode 100644
index 00000000..ec77220a
--- /dev/null
+++ b/debian/extra/units/rc-local.service.d/debian.conf
@@ -0,0 +1,10 @@
+[Unit]
+# not specified by LSB, but has been behaving that way in Debian under SysV
+# init and upstart
+After=network-online.target
+
+# Often contains status messages which users expect to see on the console
+# during boot
+[Service]
+StandardOutput=journal+console
+StandardError=journal+console
diff --git a/debian/extra/units/systemd-resolved.service.d/resolvconf.conf b/debian/extra/units/systemd-resolved.service.d/resolvconf.conf
new file mode 100644
index 00000000..98a7017d
--- /dev/null
+++ b/debian/extra/units/systemd-resolved.service.d/resolvconf.conf
@@ -0,0 +1,8 @@
+# tell resolvconf about resolved's builtin DNS server, so that DNS servers
+# picked up via networkd are respected when using resolvconf, and that software
+# like Chrome that does not do NSS (libnss-resolve) still gets proper DNS
+# resolution; do not remove the entry after stop though, as that leads to
+# timeouts on shutdown via the resolvconf hooks (see LP: #1648068)
+[Service]
+ExecStartPost=+/bin/sh -c '[ ! -e /run/resolvconf/enable-updates ] || echo "nameserver 127.0.0.53" | /sbin/resolvconf -a systemd-resolved'
+ReadWritePaths=-/run/resolvconf
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 00000000..d2c6eb7d
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,8 @@
+[DEFAULT]
+pristine-tar = False
+patch-numbers = False
+debian-branch = master
+
+[dch]
+full = True
+multimaint-merge = True
diff --git a/debian/git-cherry-pick b/debian/git-cherry-pick
new file mode 100755
index 00000000..bb39ce8c
--- /dev/null
+++ b/debian/git-cherry-pick
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+set -e
+
+if [ -z "$*" ] ; then
+ echo "Usage: $0 [commit [commit ..]]"
+ exit 1
+fi
+
+
+curbranch=$(git rev-parse --abbrev-ref HEAD)
+
+# assert we got a branch
+[ -n "$curbranch" ]
+
+if [ $curbranch = HEAD ] ; then
+ echo "You are not currently on a branch, cannot cherry-pick"
+ exit 1
+fi
+
+case $curbranch in
+ patch-queue/*)
+ debbranch=${curbranch/patch-queue\/}
+ pqbranch=$curbranch
+ ;;
+ *)
+ debbranch=$curbranch
+ pqbranch=patch-queue/$curbranch
+ ;;
+esac
+
+commits=$(git rev-parse "$@")
+
+if git rev-parse $pqbranch &>/dev/null ; then
+ echo
+ echo "Will recreate patch-queue branch $pqbranch"
+ echo "It was pointing to" $(git rev-parse $pqbranch)
+ echo
+fi
+
+gbp pq import --force
+
+echo "Cherry-picking the following commits:"
+echo "$commits"
+
+picks=$(echo "$commits" | xargs echo exec git cherry-pick -x --no-edit --commit)
+
+# find the first debian commit
+firstdebian=$(git log -i --grep "topic.*debian" --pretty=%h --reverse $debbranch..$pqbranch | head -1)
+
+sedexpr="/$firstdebian/i$picks"
+
+GIT_EDITOR="sed -i -e '$sedexpr'" git rebase --interactive --no-autosquash $debbranch
+
+
diff --git a/debian/libnss-myhostname.install b/debian/libnss-myhostname.install
new file mode 100644
index 00000000..3db91045
--- /dev/null
+++ b/debian/libnss-myhostname.install
@@ -0,0 +1,3 @@
+lib/*/libnss_myhostname*.so.*
+usr/share/man/man8/libnss_myhostname.so.2.8
+usr/share/man/man8/nss-myhostname.8
diff --git a/debian/libnss-myhostname.lintian-overrides b/debian/libnss-myhostname.lintian-overrides
new file mode 100644
index 00000000..ff4d266a
--- /dev/null
+++ b/debian/libnss-myhostname.lintian-overrides
@@ -0,0 +1,2 @@
+# package is a NSS module, not a system library
+libnss-myhostname: package-name-doesnt-match-sonames
diff --git a/debian/libnss-myhostname.postinst b/debian/libnss-myhostname.postinst
new file mode 100644
index 00000000..9fec7a35
--- /dev/null
+++ b/debian/libnss-myhostname.postinst
@@ -0,0 +1,40 @@
+#!/bin/sh
+set -e
+
+# This code was taken from libnss-myhostname
+
+# try to insert myhostname entries to the "hosts" line in /etc/nsswitch.conf to
+# automatically enable libnss-myhostname support; do not change the
+# configuration if the "hosts" line already references some myhostname lookups
+insert_nss_entry() {
+ echo "Checking NSS setup..."
+ # abort if /etc/nsswitch.conf does not exist
+ if ! [ -e /etc/nsswitch.conf ]; then
+ echo "Could not find /etc/nsswitch.conf."
+ return
+ fi
+ perl -i -pe '
+ sub insert {
+ my $line = shift;
+ # this also splits on tab
+ my @bits=split(" ", $line);
+ # do not break configuration if the "hosts" line already references
+ # myhostname
+ if (grep { $_ eq "myhostname"} @bits) {
+ return $line;
+ }
+ # add myhostname at the end
+ return $line . " myhostname";
+ }
+ s/^(hosts:\s+)(.*)/$1.insert($2)/e;
+ ' /etc/nsswitch.conf
+}
+
+if [ "$1" = configure ] && [ -z "$2" ]; then
+ echo "First installation detected..."
+ # first install: setup the recommended configuration (unless
+ # nsswitch.conf already contains myhostname entries)
+ insert_nss_entry
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-myhostname.postrm b/debian/libnss-myhostname.postrm
new file mode 100644
index 00000000..0a6d0f2e
--- /dev/null
+++ b/debian/libnss-myhostname.postrm
@@ -0,0 +1,28 @@
+#!/bin/sh
+set -e
+
+remove_nss_entry() {
+ local file=$1
+ local pkg=$2
+ local module=$3
+ refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \
+ -W $pkg | grep '^i' | wc -l)
+ if [ "$refcount" -gt 0 ] ; then
+ # package is installed for other architectures still, do nothing
+ return
+ fi
+ echo "Checking NSS setup..."
+ # abort if file does not exist
+ if ! [ -e $file ]; then
+ echo "Could not find ${file}."
+ return
+ fi
+ # we must remove possible [foo=bar] options as well
+ sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file
+}
+
+if [ "$1" = remove ]; then
+ remove_nss_entry /etc/nsswitch.conf libnss-myhostname myhostname
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-mymachines.install b/debian/libnss-mymachines.install
new file mode 100644
index 00000000..55301149
--- /dev/null
+++ b/debian/libnss-mymachines.install
@@ -0,0 +1,3 @@
+lib/*/libnss_mymachines*.so.*
+usr/share/man/man8/libnss_mymachines.so.2.8
+usr/share/man/man8/nss-mymachines.8
diff --git a/debian/libnss-mymachines.lintian-overrides b/debian/libnss-mymachines.lintian-overrides
new file mode 100644
index 00000000..c9661e8b
--- /dev/null
+++ b/debian/libnss-mymachines.lintian-overrides
@@ -0,0 +1,2 @@
+# package is a NSS module, not a system library
+libnss-mymachines: package-name-doesnt-match-sonames
diff --git a/debian/libnss-mymachines.postinst b/debian/libnss-mymachines.postinst
new file mode 100644
index 00000000..f4b3f5ca
--- /dev/null
+++ b/debian/libnss-mymachines.postinst
@@ -0,0 +1,40 @@
+#!/bin/sh
+set -e
+
+# This code was taken from libnss-myhostname
+
+# try to insert mymachines entries to the "hosts" line in /etc/nsswitch.conf to
+# automatically enable libnss-mymachines support; do not change the
+# configuration if the "hosts" line already references some mymachines lookups
+insert_nss_entry() {
+ echo "Checking NSS setup..."
+ # abort if /etc/nsswitch.conf does not exist
+ if ! [ -e /etc/nsswitch.conf ]; then
+ echo "Could not find /etc/nsswitch.conf."
+ return
+ fi
+ perl -i -pe '
+ sub insert {
+ my $line = shift;
+ # this also splits on tab
+ my @bits=split(" ", $line);
+ # do not break configuration if the "hosts" line already references
+ # mymachines
+ if (grep { $_ eq "mymachines"} @bits) {
+ return $line;
+ }
+ # add mymachines at the end
+ return $line . " mymachines";
+ }
+ s/^(hosts:\s+)(.*)/$1.insert($2)/e;
+ ' /etc/nsswitch.conf
+}
+
+if [ "$1" = configure ] && [ -z "$2" ]; then
+ echo "First installation detected..."
+ # first install: setup the recommended configuration (unless
+ # nsswitch.conf already contains mymachines entries)
+ insert_nss_entry
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-mymachines.postrm b/debian/libnss-mymachines.postrm
new file mode 100644
index 00000000..1318f218
--- /dev/null
+++ b/debian/libnss-mymachines.postrm
@@ -0,0 +1,28 @@
+#!/bin/sh
+set -e
+
+remove_nss_entry() {
+ local file=$1
+ local pkg=$2
+ local module=$3
+ refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \
+ -W $pkg | grep '^i' | wc -l)
+ if [ "$refcount" -gt 0 ] ; then
+ # package is installed for other architectures still, do nothing
+ return
+ fi
+ echo "Checking NSS setup..."
+ # abort if file does not exist
+ if ! [ -e $file ]; then
+ echo "Could not find ${file}."
+ return
+ fi
+ # we must remove possible [foo=bar] options as well
+ sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file
+}
+
+if [ "$1" = remove ]; then
+ remove_nss_entry /etc/nsswitch.conf libnss-mymachines mymachines
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-resolve.install b/debian/libnss-resolve.install
new file mode 100644
index 00000000..3ecf8344
--- /dev/null
+++ b/debian/libnss-resolve.install
@@ -0,0 +1,3 @@
+lib/*/libnss_resolve*.so.*
+usr/share/man/man8/libnss_resolve.so.2.8
+usr/share/man/man8/nss-resolve.8
diff --git a/debian/libnss-resolve.lintian-overrides b/debian/libnss-resolve.lintian-overrides
new file mode 100644
index 00000000..dfd9ec41
--- /dev/null
+++ b/debian/libnss-resolve.lintian-overrides
@@ -0,0 +1,2 @@
+# package is a NSS module, not a system library
+libnss-resolve: package-name-doesnt-match-sonames
diff --git a/debian/libnss-resolve.postinst b/debian/libnss-resolve.postinst
new file mode 100644
index 00000000..21b19c86
--- /dev/null
+++ b/debian/libnss-resolve.postinst
@@ -0,0 +1,55 @@
+#!/bin/sh
+set -e
+
+# This code was taken from libnss-myhostname
+
+# try to insert resolve entries to the "hosts" line in /etc/nsswitch.conf to
+# automatically enable libnss-resolve support; do not change the
+# configuration if the "hosts" line already references some resolve lookups
+insert_nss_entry() {
+ echo "Checking NSS setup..."
+ # abort if /etc/nsswitch.conf does not exist
+ if ! [ -e /etc/nsswitch.conf ]; then
+ echo "Could not find /etc/nsswitch.conf."
+ return
+ fi
+ perl -i -pe '
+ sub insert {
+ my $line = shift;
+ # this also splits on tab
+ my @bits=split(" ", $line);
+ # do not break configuration if the "hosts" line already references
+ # resolve
+ if (grep { $_ eq "resolve"} @bits) {
+ return $line;
+ }
+ # add resolve before dns
+ return join " ", map {
+ $_ eq "dns" ? ("resolve [!UNAVAIL=return]", "$_") : $_
+ } @bits;
+ }
+ s/^(hosts:\s+)(.*)/$1.insert($2)/e;
+ ' /etc/nsswitch.conf
+}
+
+if [ "$1" = configure ] && [ -z "$2" ]; then
+ echo "First installation detected..."
+ # first install: setup the recommended configuration (unless
+ # nsswitch.conf already contains resolve entries)
+ insert_nss_entry
+ # ... and enable resolved
+ systemctl enable systemd-resolved.service
+ if [ -d /run/systemd/system ]; then
+ deb-systemd-invoke start systemd-resolved.service || true
+ fi
+fi
+
+# Fix nsswitch action on upgrades
+if [ "$1" = configure ] && dpkg --compare-versions "$2" lt-nl "231-10"; then
+ if ! grep -q '^hosts:.*resolve[[:space:]]*\[' /etc/nsswitch.conf; then
+ echo "Adjusting 'resolv' entry in /etc/nsswitch.conf.."
+ sed -i '/^hosts:/ { s/resolve/& [!UNAVAIL=return]/}' /etc/nsswitch.conf
+ fi
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-resolve.postrm b/debian/libnss-resolve.postrm
new file mode 100644
index 00000000..6f0f787f
--- /dev/null
+++ b/debian/libnss-resolve.postrm
@@ -0,0 +1,32 @@
+#!/bin/sh
+set -e
+
+remove_nss_entry() {
+ local file=$1
+ local pkg=$2
+ local module=$3
+ refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \
+ -W $pkg | grep '^i' | wc -l)
+ if [ "$refcount" -gt 0 ] ; then
+ # package is installed for other architectures still, do nothing
+ return
+ fi
+ echo "Checking NSS setup..."
+ # abort if file does not exist
+ if ! [ -e $file ]; then
+ echo "Could not find ${file}."
+ return
+ fi
+ # we must remove possible [foo=bar] options as well
+ sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file
+}
+
+if [ "$1" = remove ]; then
+ remove_nss_entry /etc/nsswitch.conf libnss-resolve resolve
+ systemctl disable systemd-resolved.service
+ if [ -d /run/systemd/system ]; then
+ deb-systemd-invoke stop systemd-resolved.service || true
+ fi
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-systemd.install b/debian/libnss-systemd.install
new file mode 100644
index 00000000..ade3da44
--- /dev/null
+++ b/debian/libnss-systemd.install
@@ -0,0 +1,3 @@
+lib/*/libnss_systemd*.so.*
+usr/share/man/man8/libnss_systemd*
+usr/share/man/man8/nss-systemd*
diff --git a/debian/libnss-systemd.lintian-overrides b/debian/libnss-systemd.lintian-overrides
new file mode 100644
index 00000000..8e9c4cb9
--- /dev/null
+++ b/debian/libnss-systemd.lintian-overrides
@@ -0,0 +1,2 @@
+# package is a NSS module, not a system library
+libnss-systemd: package-name-doesnt-match-sonames
diff --git a/debian/libnss-systemd.postinst b/debian/libnss-systemd.postinst
new file mode 100644
index 00000000..1dc3c4f2
--- /dev/null
+++ b/debian/libnss-systemd.postinst
@@ -0,0 +1,38 @@
+#!/bin/sh
+set -e
+
+# try to insert the systemd entry to the "passwd" and "group" lines in
+# /etc/nsswitch.conf to automatically enable libnss-systemd support; do not
+# change the configuration if the lines already contain "systemd"
+insert_nss_entry() {
+ echo "Checking NSS setup..."
+ # abort if /etc/nsswitch.conf does not exist
+ if ! [ -e /etc/nsswitch.conf ]; then
+ echo "Could not find /etc/nsswitch.conf."
+ return
+ fi
+ perl -i -pe '
+ sub insert {
+ my $line = shift;
+ # this also splits on tab
+ my @bits=split(" ", $line);
+ # do not break configuration if the line already references
+ # systemd
+ if (grep { $_ eq "systemd"} @bits) {
+ return $line;
+ }
+ # add systemd at the end
+ return $line . " systemd";
+ }
+ s/^(passwd:\s+)(.*)/$1.insert($2)/e;
+ s/^(group:\s+)(.*)/$1.insert($2)/e;
+ ' /etc/nsswitch.conf
+}
+
+if [ "$1" = configure ] && [ -z "$2" ]; then
+ echo "First installation detected..."
+ # first install: setup the recommended configuration
+ insert_nss_entry
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-systemd.postrm b/debian/libnss-systemd.postrm
new file mode 100644
index 00000000..744cc359
--- /dev/null
+++ b/debian/libnss-systemd.postrm
@@ -0,0 +1,28 @@
+#!/bin/sh
+set -e
+
+remove_nss_entry() {
+ local file=$1
+ local pkg=$2
+ local module=$3
+ refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \
+ -W $pkg | grep '^i' | wc -l)
+ if [ "$refcount" -gt 0 ] ; then
+ # package is installed for other architectures still, do nothing
+ return
+ fi
+ echo "Checking NSS setup..."
+ # abort if file does not exist
+ if ! [ -e $file ]; then
+ echo "Could not find ${file}."
+ return
+ fi
+ # we must remove possible [foo=bar] options as well
+ sed -i -r "/(passwd|group):/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file
+}
+
+if [ "$1" = remove ]; then
+ remove_nss_entry /etc/nsswitch.conf libnss-systemd systemd
+fi
+
+#DEBHELPER#
diff --git a/debian/libpam-systemd.install b/debian/libpam-systemd.install
new file mode 100644
index 00000000..df749da9
--- /dev/null
+++ b/debian/libpam-systemd.install
@@ -0,0 +1,3 @@
+lib/*/security/pam_systemd.so
+usr/share/man/man8/pam_systemd.8
+../../extra/pam-configs usr/share/
diff --git a/debian/libpam-systemd.postinst b/debian/libpam-systemd.postinst
new file mode 100644
index 00000000..c6177d8c
--- /dev/null
+++ b/debian/libpam-systemd.postinst
@@ -0,0 +1,7 @@
+#! /bin/sh
+
+set -e
+
+pam-auth-update --package
+
+#DEBHELPER#
diff --git a/debian/libpam-systemd.prerm b/debian/libpam-systemd.prerm
new file mode 100644
index 00000000..f51c1088
--- /dev/null
+++ b/debian/libpam-systemd.prerm
@@ -0,0 +1,20 @@
+#! /bin/sh
+
+set -e
+
+# pam-auth-update --remove removes the named profile from the active config.
+# It arguably should be called during deconfigure as well, but deconfigure
+# can happen in some cases during a dist-upgrade and we don't want to
+# deconfigure all PAM modules in the middle of a dist-upgrade by accident.
+#
+# More importantly, with the current implementation, --remove also removes
+# all local preferences for the named config (such as whether it's enabled
+# or disabled), which we don't want to do on deconfigure.
+#
+# This may need to change later as pam-auth-update evolves.
+
+if [ "$1" = remove ] && [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then
+ pam-auth-update --package --remove systemd
+fi
+
+#DEBHELPER#
diff --git a/debian/libsystemd-dev.install b/debian/libsystemd-dev.install
new file mode 100644
index 00000000..1ca8036e
--- /dev/null
+++ b/debian/libsystemd-dev.install
@@ -0,0 +1,5 @@
+lib/*/libsystemd.so
+usr/lib/*/pkgconfig/libsystemd.pc
+usr/include/systemd/
+usr/share/man/man3/sd*
+usr/share/man/man3/SD*
diff --git a/debian/libsystemd0.install b/debian/libsystemd0.install
new file mode 100644
index 00000000..9cd022d6
--- /dev/null
+++ b/debian/libsystemd0.install
@@ -0,0 +1 @@
+lib/*/libsystemd.so.*
diff --git a/debian/libsystemd0.symbols b/debian/libsystemd0.symbols
new file mode 100644
index 00000000..8852a01a
--- /dev/null
+++ b/debian/libsystemd0.symbols
@@ -0,0 +1,563 @@
+libsystemd.so.0 libsystemd0 #MINVER#
+* Build-Depends-Package: libsystemd-dev
+ LIBSYSTEMD_209@LIBSYSTEMD_209 0
+ LIBSYSTEMD_211@LIBSYSTEMD_211 211
+ LIBSYSTEMD_213@LIBSYSTEMD_213 213
+ LIBSYSTEMD_214@LIBSYSTEMD_214 214
+ LIBSYSTEMD_216@LIBSYSTEMD_216 217
+ LIBSYSTEMD_217@LIBSYSTEMD_217 217
+ LIBSYSTEMD_219@LIBSYSTEMD_219 219
+ LIBSYSTEMD_220@LIBSYSTEMD_220 220
+ LIBSYSTEMD_221@LIBSYSTEMD_221 221
+ LIBSYSTEMD_222@LIBSYSTEMD_222 222
+ LIBSYSTEMD_226@LIBSYSTEMD_226 226
+ LIBSYSTEMD_227@LIBSYSTEMD_227 227
+ LIBSYSTEMD_229@LIBSYSTEMD_229 229
+ LIBSYSTEMD_230@LIBSYSTEMD_230 230
+ LIBSYSTEMD_231@LIBSYSTEMD_231 231
+ LIBSYSTEMD_232@LIBSYSTEMD_232 232
+ LIBSYSTEMD_233@LIBSYSTEMD_233 233
+ LIBSYSTEMD_234@LIBSYSTEMD_234 234
+ LIBSYSTEMD_236@LIBSYSTEMD_236 236
+ LIBSYSTEMD_237@LIBSYSTEMD_237 237
+ LIBSYSTEMD_238@LIBSYSTEMD_238 238
+ LIBSYSTEMD_239@LIBSYSTEMD_239 239
+ LIBSYSTEMD_240@LIBSYSTEMD_240 240
+ sd_booted@LIBSYSTEMD_209 0
+ sd_bus_add_fallback@LIBSYSTEMD_221 221
+ sd_bus_add_fallback_vtable@LIBSYSTEMD_221 221
+ sd_bus_add_filter@LIBSYSTEMD_221 221
+ sd_bus_add_match@LIBSYSTEMD_221 221
+ sd_bus_add_match_async@LIBSYSTEMD_237 237
+ sd_bus_add_node_enumerator@LIBSYSTEMD_221 221
+ sd_bus_add_object@LIBSYSTEMD_221 221
+ sd_bus_add_object_manager@LIBSYSTEMD_221 221
+ sd_bus_add_object_vtable@LIBSYSTEMD_221 221
+ sd_bus_attach_event@LIBSYSTEMD_221 221
+ sd_bus_call@LIBSYSTEMD_221 221
+ sd_bus_call_async@LIBSYSTEMD_221 221
+ sd_bus_call_method@LIBSYSTEMD_221 221
+ sd_bus_call_method_async@LIBSYSTEMD_221 221
+ sd_bus_can_send@LIBSYSTEMD_221 221
+ sd_bus_close@LIBSYSTEMD_221 221
+ sd_bus_creds_get_audit_login_uid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_audit_session_id@LIBSYSTEMD_221 221
+ sd_bus_creds_get_augmented_mask@LIBSYSTEMD_221 221
+ sd_bus_creds_get_cgroup@LIBSYSTEMD_221 221
+ sd_bus_creds_get_cmdline@LIBSYSTEMD_221 221
+ sd_bus_creds_get_comm@LIBSYSTEMD_221 221
+ sd_bus_creds_get_description@LIBSYSTEMD_221 221
+ sd_bus_creds_get_egid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_euid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_exe@LIBSYSTEMD_221 221
+ sd_bus_creds_get_fsgid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_fsuid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_gid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_mask@LIBSYSTEMD_221 221
+ sd_bus_creds_get_owner_uid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_pid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_ppid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_selinux_context@LIBSYSTEMD_221 221
+ sd_bus_creds_get_session@LIBSYSTEMD_221 221
+ sd_bus_creds_get_sgid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_slice@LIBSYSTEMD_221 221
+ sd_bus_creds_get_suid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_supplementary_gids@LIBSYSTEMD_221 221
+ sd_bus_creds_get_tid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_tid_comm@LIBSYSTEMD_221 221
+ sd_bus_creds_get_tty@LIBSYSTEMD_221 221
+ sd_bus_creds_get_uid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_unique_name@LIBSYSTEMD_221 221
+ sd_bus_creds_get_unit@LIBSYSTEMD_221 221
+ sd_bus_creds_get_user_slice@LIBSYSTEMD_221 221
+ sd_bus_creds_get_user_unit@LIBSYSTEMD_221 221
+ sd_bus_creds_get_well_known_names@LIBSYSTEMD_221 221
+ sd_bus_creds_has_bounding_cap@LIBSYSTEMD_221 221
+ sd_bus_creds_has_effective_cap@LIBSYSTEMD_221 221
+ sd_bus_creds_has_inheritable_cap@LIBSYSTEMD_221 221
+ sd_bus_creds_has_permitted_cap@LIBSYSTEMD_221 221
+ sd_bus_creds_new_from_pid@LIBSYSTEMD_221 221
+ sd_bus_creds_ref@LIBSYSTEMD_221 221
+ sd_bus_creds_unref@LIBSYSTEMD_221 221
+ sd_bus_default@LIBSYSTEMD_221 221
+ sd_bus_default_flush_close@LIBSYSTEMD_227 227
+ sd_bus_default_system@LIBSYSTEMD_221 221
+ sd_bus_default_user@LIBSYSTEMD_221 221
+ sd_bus_detach_event@LIBSYSTEMD_221 221
+ sd_bus_emit_interfaces_added@LIBSYSTEMD_221 221
+ sd_bus_emit_interfaces_added_strv@LIBSYSTEMD_221 221
+ sd_bus_emit_interfaces_removed@LIBSYSTEMD_221 221
+ sd_bus_emit_interfaces_removed_strv@LIBSYSTEMD_221 221
+ sd_bus_emit_object_added@LIBSYSTEMD_222 222
+ sd_bus_emit_object_removed@LIBSYSTEMD_222 222
+ sd_bus_emit_properties_changed@LIBSYSTEMD_221 221
+ sd_bus_emit_properties_changed_strv@LIBSYSTEMD_221 221
+ sd_bus_emit_signal@LIBSYSTEMD_221 221
+ sd_bus_error_add_map@LIBSYSTEMD_221 221
+ sd_bus_error_copy@LIBSYSTEMD_221 221
+ sd_bus_error_free@LIBSYSTEMD_221 221
+ sd_bus_error_get_errno@LIBSYSTEMD_221 221
+ sd_bus_error_has_name@LIBSYSTEMD_221 221
+ sd_bus_error_is_set@LIBSYSTEMD_221 221
+ sd_bus_error_move@LIBSYSTEMD_240 240
+ sd_bus_error_set@LIBSYSTEMD_221 221
+ sd_bus_error_set_const@LIBSYSTEMD_221 221
+ sd_bus_error_set_errno@LIBSYSTEMD_221 221
+ sd_bus_error_set_errnof@LIBSYSTEMD_221 221
+ sd_bus_error_set_errnofv@LIBSYSTEMD_221 221
+ sd_bus_error_setf@LIBSYSTEMD_221 221
+ sd_bus_flush@LIBSYSTEMD_221 221
+ sd_bus_flush_close_unref@LIBSYSTEMD_222 222
+ sd_bus_get_address@LIBSYSTEMD_221 221
+ sd_bus_get_allow_interactive_authorization@LIBSYSTEMD_221 221
+ sd_bus_get_bus_id@LIBSYSTEMD_221 221
+ sd_bus_get_close_on_exit@LIBSYSTEMD_240 240
+ sd_bus_get_connected_signal@LIBSYSTEMD_237 237
+ sd_bus_get_creds_mask@LIBSYSTEMD_221 221
+ sd_bus_get_current_handler@LIBSYSTEMD_221 221
+ sd_bus_get_current_message@LIBSYSTEMD_221 221
+ sd_bus_get_current_slot@LIBSYSTEMD_221 221
+ sd_bus_get_current_userdata@LIBSYSTEMD_221 221
+ sd_bus_get_description@LIBSYSTEMD_221 221
+ sd_bus_get_event@LIBSYSTEMD_221 221
+ sd_bus_get_events@LIBSYSTEMD_221 221
+ sd_bus_get_exit_on_disconnect@LIBSYSTEMD_232 232
+ sd_bus_get_fd@LIBSYSTEMD_221 221
+ sd_bus_get_method_call_timeout@LIBSYSTEMD_240 240
+ sd_bus_get_n_queued_read@LIBSYSTEMD_238 238
+ sd_bus_get_n_queued_write@LIBSYSTEMD_238 238
+ sd_bus_get_name_creds@LIBSYSTEMD_221 221
+ sd_bus_get_name_machine_id@LIBSYSTEMD_221 221
+ sd_bus_get_owner_creds@LIBSYSTEMD_221 221
+ sd_bus_get_property@LIBSYSTEMD_221 221
+ sd_bus_get_property_string@LIBSYSTEMD_221 221
+ sd_bus_get_property_strv@LIBSYSTEMD_221 221
+ sd_bus_get_property_trivial@LIBSYSTEMD_221 221
+ sd_bus_get_scope@LIBSYSTEMD_221 221
+ sd_bus_get_sender@LIBSYSTEMD_237 237
+ sd_bus_get_tid@LIBSYSTEMD_221 221
+ sd_bus_get_timeout@LIBSYSTEMD_221 221
+ sd_bus_get_unique_name@LIBSYSTEMD_221 221
+ sd_bus_get_watch_bind@LIBSYSTEMD_237 237
+ sd_bus_is_anonymous@LIBSYSTEMD_221 221
+ sd_bus_is_bus_client@LIBSYSTEMD_221 221
+ sd_bus_is_monitor@LIBSYSTEMD_221 221
+ sd_bus_is_open@LIBSYSTEMD_221 221
+ sd_bus_is_ready@LIBSYSTEMD_237 237
+ sd_bus_is_server@LIBSYSTEMD_221 221
+ sd_bus_is_trusted@LIBSYSTEMD_221 221
+ sd_bus_list_names@LIBSYSTEMD_221 221
+ sd_bus_match_signal@LIBSYSTEMD_237 237
+ sd_bus_match_signal_async@LIBSYSTEMD_237 237
+ sd_bus_message_append@LIBSYSTEMD_221 221
+ sd_bus_message_append_array@LIBSYSTEMD_221 221
+ sd_bus_message_append_array_iovec@LIBSYSTEMD_221 221
+ sd_bus_message_append_array_memfd@LIBSYSTEMD_221 221
+ sd_bus_message_append_array_space@LIBSYSTEMD_221 221
+ sd_bus_message_append_basic@LIBSYSTEMD_221 221
+ sd_bus_message_append_string_iovec@LIBSYSTEMD_221 221
+ sd_bus_message_append_string_memfd@LIBSYSTEMD_221 221
+ sd_bus_message_append_string_space@LIBSYSTEMD_221 221
+ sd_bus_message_append_strv@LIBSYSTEMD_221 221
+ sd_bus_message_appendv@LIBSYSTEMD_234 234
+ sd_bus_message_at_end@LIBSYSTEMD_221 221
+ sd_bus_message_close_container@LIBSYSTEMD_221 221
+ sd_bus_message_copy@LIBSYSTEMD_221 221
+ sd_bus_message_enter_container@LIBSYSTEMD_221 221
+ sd_bus_message_exit_container@LIBSYSTEMD_221 221
+ sd_bus_message_get_allow_interactive_authorization@LIBSYSTEMD_221 221
+ sd_bus_message_get_auto_start@LIBSYSTEMD_221 221
+ sd_bus_message_get_bus@LIBSYSTEMD_221 221
+ sd_bus_message_get_cookie@LIBSYSTEMD_221 221
+ sd_bus_message_get_creds@LIBSYSTEMD_221 221
+ sd_bus_message_get_destination@LIBSYSTEMD_221 221
+ sd_bus_message_get_errno@LIBSYSTEMD_221 221
+ sd_bus_message_get_error@LIBSYSTEMD_221 221
+ sd_bus_message_get_expect_reply@LIBSYSTEMD_221 221
+ sd_bus_message_get_interface@LIBSYSTEMD_221 221
+ sd_bus_message_get_member@LIBSYSTEMD_221 221
+ sd_bus_message_get_monotonic_usec@LIBSYSTEMD_221 221
+ sd_bus_message_get_path@LIBSYSTEMD_221 221
+ sd_bus_message_get_priority@LIBSYSTEMD_221 221
+ sd_bus_message_get_realtime_usec@LIBSYSTEMD_221 221
+ sd_bus_message_get_reply_cookie@LIBSYSTEMD_221 221
+ sd_bus_message_get_sender@LIBSYSTEMD_221 221
+ sd_bus_message_get_seqnum@LIBSYSTEMD_221 221
+ sd_bus_message_get_signature@LIBSYSTEMD_221 221
+ sd_bus_message_get_type@LIBSYSTEMD_221 221
+ sd_bus_message_has_signature@LIBSYSTEMD_221 221
+ sd_bus_message_is_empty@LIBSYSTEMD_221 221
+ sd_bus_message_is_method_call@LIBSYSTEMD_221 221
+ sd_bus_message_is_method_error@LIBSYSTEMD_221 221
+ sd_bus_message_is_signal@LIBSYSTEMD_221 221
+ sd_bus_message_new@LIBSYSTEMD_236 236
+ sd_bus_message_new_method_call@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_errno@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_errnof@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_error@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_errorf@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_return@LIBSYSTEMD_221 221
+ sd_bus_message_new_signal@LIBSYSTEMD_221 221
+ sd_bus_message_open_container@LIBSYSTEMD_221 221
+ sd_bus_message_peek_type@LIBSYSTEMD_221 221
+ sd_bus_message_read@LIBSYSTEMD_221 221
+ sd_bus_message_read_array@LIBSYSTEMD_221 221
+ sd_bus_message_read_basic@LIBSYSTEMD_221 221
+ sd_bus_message_read_strv@LIBSYSTEMD_221 221
+ sd_bus_message_readv@LIBSYSTEMD_240 240
+ sd_bus_message_ref@LIBSYSTEMD_221 221
+ sd_bus_message_rewind@LIBSYSTEMD_221 221
+ sd_bus_message_seal@LIBSYSTEMD_236 236
+ sd_bus_message_set_allow_interactive_authorization@LIBSYSTEMD_221 221
+ sd_bus_message_set_auto_start@LIBSYSTEMD_221 221
+ sd_bus_message_set_destination@LIBSYSTEMD_221 221
+ sd_bus_message_set_expect_reply@LIBSYSTEMD_221 221
+ sd_bus_message_set_priority@LIBSYSTEMD_221 221
+ sd_bus_message_set_sender@LIBSYSTEMD_237 237
+ sd_bus_message_skip@LIBSYSTEMD_221 221
+ sd_bus_message_unref@LIBSYSTEMD_221 221
+ sd_bus_message_verify_type@LIBSYSTEMD_221 221
+ sd_bus_negotiate_creds@LIBSYSTEMD_221 221
+ sd_bus_negotiate_fds@LIBSYSTEMD_221 221
+ sd_bus_negotiate_timestamp@LIBSYSTEMD_221 221
+ sd_bus_new@LIBSYSTEMD_221 221
+ sd_bus_open@LIBSYSTEMD_221 221
+ sd_bus_open_system@LIBSYSTEMD_221 221
+ sd_bus_open_system_machine@LIBSYSTEMD_221 221
+ sd_bus_open_system_remote@LIBSYSTEMD_221 221
+ sd_bus_open_system_with_description@LIBSYSTEMD_239 239
+ sd_bus_open_user@LIBSYSTEMD_221 221
+ sd_bus_open_user_with_description@LIBSYSTEMD_239 239
+ sd_bus_open_with_description@LIBSYSTEMD_239 239
+ sd_bus_path_decode@LIBSYSTEMD_221 221
+ sd_bus_path_decode_many@LIBSYSTEMD_227 227
+ sd_bus_path_encode@LIBSYSTEMD_221 221
+ sd_bus_path_encode_many@LIBSYSTEMD_227 227
+ sd_bus_process@LIBSYSTEMD_221 221
+ sd_bus_process_priority@LIBSYSTEMD_221 221
+ sd_bus_query_sender_creds@LIBSYSTEMD_221 221
+ sd_bus_query_sender_privilege@LIBSYSTEMD_221 221
+ sd_bus_ref@LIBSYSTEMD_221 221
+ sd_bus_release_name@LIBSYSTEMD_221 221
+ sd_bus_release_name_async@LIBSYSTEMD_237 237
+ sd_bus_reply_method_errno@LIBSYSTEMD_221 221
+ sd_bus_reply_method_errnof@LIBSYSTEMD_221 221
+ sd_bus_reply_method_error@LIBSYSTEMD_221 221
+ sd_bus_reply_method_errorf@LIBSYSTEMD_221 221
+ sd_bus_reply_method_return@LIBSYSTEMD_221 221
+ sd_bus_request_name@LIBSYSTEMD_221 221
+ sd_bus_request_name_async@LIBSYSTEMD_237 237
+ sd_bus_send@LIBSYSTEMD_221 221
+ sd_bus_send_to@LIBSYSTEMD_221 221
+ sd_bus_set_address@LIBSYSTEMD_221 221
+ sd_bus_set_allow_interactive_authorization@LIBSYSTEMD_221 221
+ sd_bus_set_anonymous@LIBSYSTEMD_221 221
+ sd_bus_set_bus_client@LIBSYSTEMD_221 221
+ sd_bus_set_close_on_exit@LIBSYSTEMD_240 240
+ sd_bus_set_connected_signal@LIBSYSTEMD_237 237
+ sd_bus_set_description@LIBSYSTEMD_221 221
+ sd_bus_set_exec@LIBSYSTEMD_221 221
+ sd_bus_set_exit_on_disconnect@LIBSYSTEMD_232 232
+ sd_bus_set_fd@LIBSYSTEMD_221 221
+ sd_bus_set_method_call_timeout@LIBSYSTEMD_240 240
+ sd_bus_set_monitor@LIBSYSTEMD_221 221
+ sd_bus_set_property@LIBSYSTEMD_221 221
+ sd_bus_set_sender@LIBSYSTEMD_237 237
+ sd_bus_set_server@LIBSYSTEMD_221 221
+ sd_bus_set_trusted@LIBSYSTEMD_221 221
+ sd_bus_set_watch_bind@LIBSYSTEMD_237 237
+ sd_bus_slot_get_bus@LIBSYSTEMD_221 221
+ sd_bus_slot_get_current_handler@LIBSYSTEMD_221 221
+ sd_bus_slot_get_current_message@LIBSYSTEMD_221 221
+ sd_bus_slot_get_current_userdata@LIBSYSTEMD_221 221
+ sd_bus_slot_get_description@LIBSYSTEMD_221 221
+ sd_bus_slot_get_destroy_callback@LIBSYSTEMD_239 239
+ sd_bus_slot_get_floating@LIBSYSTEMD_239 239
+ sd_bus_slot_get_userdata@LIBSYSTEMD_221 221
+ sd_bus_slot_ref@LIBSYSTEMD_221 221
+ sd_bus_slot_set_description@LIBSYSTEMD_221 221
+ sd_bus_slot_set_destroy_callback@LIBSYSTEMD_239 239
+ sd_bus_slot_set_floating@LIBSYSTEMD_239 239
+ sd_bus_slot_set_userdata@LIBSYSTEMD_221 221
+ sd_bus_slot_unref@LIBSYSTEMD_221 221
+ sd_bus_start@LIBSYSTEMD_221 221
+ sd_bus_track_add_name@LIBSYSTEMD_221 221
+ sd_bus_track_add_sender@LIBSYSTEMD_221 221
+ sd_bus_track_contains@LIBSYSTEMD_221 221
+ sd_bus_track_count@LIBSYSTEMD_221 221
+ sd_bus_track_count_name@LIBSYSTEMD_232 232
+ sd_bus_track_count_sender@LIBSYSTEMD_232 232
+ sd_bus_track_first@LIBSYSTEMD_221 221
+ sd_bus_track_get_bus@LIBSYSTEMD_221 221
+ sd_bus_track_get_destroy_callback@LIBSYSTEMD_239 239
+ sd_bus_track_get_recursive@LIBSYSTEMD_232 232
+ sd_bus_track_get_userdata@LIBSYSTEMD_221 221
+ sd_bus_track_new@LIBSYSTEMD_221 221
+ sd_bus_track_next@LIBSYSTEMD_221 221
+ sd_bus_track_ref@LIBSYSTEMD_221 221
+ sd_bus_track_remove_name@LIBSYSTEMD_221 221
+ sd_bus_track_remove_sender@LIBSYSTEMD_221 221
+ sd_bus_track_set_destroy_callback@LIBSYSTEMD_239 239
+ sd_bus_track_set_recursive@LIBSYSTEMD_232 232
+ sd_bus_track_set_userdata@LIBSYSTEMD_221 221
+ sd_bus_track_unref@LIBSYSTEMD_221 221
+ sd_bus_try_close@LIBSYSTEMD_221 221
+ sd_bus_unref@LIBSYSTEMD_221 221
+ sd_bus_wait@LIBSYSTEMD_221 221
+ sd_device_enumerator_add_match_parent@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_property@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_subsystem@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_sysattr@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_sysname@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_tag@LIBSYSTEMD_240 240
+ sd_device_enumerator_allow_uninitialized@LIBSYSTEMD_240 240
+ sd_device_enumerator_get_device_first@LIBSYSTEMD_240 240
+ sd_device_enumerator_get_device_next@LIBSYSTEMD_240 240
+ sd_device_enumerator_get_subsystem_first@LIBSYSTEMD_240 240
+ sd_device_enumerator_get_subsystem_next@LIBSYSTEMD_240 240
+ sd_device_enumerator_new@LIBSYSTEMD_240 240
+ sd_device_enumerator_ref@LIBSYSTEMD_240 240
+ sd_device_enumerator_unref@LIBSYSTEMD_240 240
+ sd_device_get_devlink_first@LIBSYSTEMD_240 240
+ sd_device_get_devlink_next@LIBSYSTEMD_240 240
+ sd_device_get_devname@LIBSYSTEMD_240 240
+ sd_device_get_devnum@LIBSYSTEMD_240 240
+ sd_device_get_devpath@LIBSYSTEMD_240 240
+ sd_device_get_devtype@LIBSYSTEMD_240 240
+ sd_device_get_driver@LIBSYSTEMD_240 240
+ sd_device_get_ifindex@LIBSYSTEMD_240 240
+ sd_device_get_is_initialized@LIBSYSTEMD_240 240
+ sd_device_get_parent@LIBSYSTEMD_240 240
+ sd_device_get_parent_with_subsystem_devtype@LIBSYSTEMD_240 240
+ sd_device_get_property_first@LIBSYSTEMD_240 240
+ sd_device_get_property_next@LIBSYSTEMD_240 240
+ sd_device_get_property_value@LIBSYSTEMD_240 240
+ sd_device_get_subsystem@LIBSYSTEMD_240 240
+ sd_device_get_sysattr_first@LIBSYSTEMD_240 240
+ sd_device_get_sysattr_next@LIBSYSTEMD_240 240
+ sd_device_get_sysattr_value@LIBSYSTEMD_240 240
+ sd_device_get_sysname@LIBSYSTEMD_240 240
+ sd_device_get_sysnum@LIBSYSTEMD_240 240
+ sd_device_get_syspath@LIBSYSTEMD_240 240
+ sd_device_get_tag_first@LIBSYSTEMD_240 240
+ sd_device_get_tag_next@LIBSYSTEMD_240 240
+ sd_device_get_usec_since_initialized@LIBSYSTEMD_240 240
+ sd_device_has_tag@LIBSYSTEMD_240 240
+ sd_device_monitor_attach_event@LIBSYSTEMD_240 240
+ sd_device_monitor_detach_event@LIBSYSTEMD_240 240
+ sd_device_monitor_filter_add_match_subsystem_devtype@LIBSYSTEMD_240 240
+ sd_device_monitor_filter_add_match_tag@LIBSYSTEMD_240 240
+ sd_device_monitor_filter_remove@LIBSYSTEMD_240 240
+ sd_device_monitor_filter_update@LIBSYSTEMD_240 240
+ sd_device_monitor_get_event@LIBSYSTEMD_240 240
+ sd_device_monitor_get_event_source@LIBSYSTEMD_240 240
+ sd_device_monitor_new@LIBSYSTEMD_240 240
+ sd_device_monitor_ref@LIBSYSTEMD_240 240
+ sd_device_monitor_set_receive_buffer_size@LIBSYSTEMD_240 240
+ sd_device_monitor_start@LIBSYSTEMD_240 240
+ sd_device_monitor_stop@LIBSYSTEMD_240 240
+ sd_device_monitor_unref@LIBSYSTEMD_240 240
+ sd_device_new_from_device_id@LIBSYSTEMD_240 240
+ sd_device_new_from_devnum@LIBSYSTEMD_240 240
+ sd_device_new_from_subsystem_sysname@LIBSYSTEMD_240 240
+ sd_device_new_from_syspath@LIBSYSTEMD_240 240
+ sd_device_ref@LIBSYSTEMD_240 240
+ sd_device_set_sysattr_value@LIBSYSTEMD_240 240
+ sd_device_unref@LIBSYSTEMD_240 240
+ sd_event_add_child@LIBSYSTEMD_221 221
+ sd_event_add_defer@LIBSYSTEMD_221 221
+ sd_event_add_exit@LIBSYSTEMD_221 221
+ sd_event_add_inotify@LIBSYSTEMD_239 239
+ sd_event_add_io@LIBSYSTEMD_221 221
+ sd_event_add_post@LIBSYSTEMD_221 221
+ sd_event_add_signal@LIBSYSTEMD_221 221
+ sd_event_add_time@LIBSYSTEMD_221 221
+ sd_event_default@LIBSYSTEMD_221 221
+ sd_event_dispatch@LIBSYSTEMD_221 221
+ sd_event_exit@LIBSYSTEMD_221 221
+ sd_event_get_exit_code@LIBSYSTEMD_221 221
+ sd_event_get_fd@LIBSYSTEMD_221 221
+ sd_event_get_iteration@LIBSYSTEMD_231 231
+ sd_event_get_state@LIBSYSTEMD_221 221
+ sd_event_get_tid@LIBSYSTEMD_221 221
+ sd_event_get_watchdog@LIBSYSTEMD_221 221
+ sd_event_loop@LIBSYSTEMD_221 221
+ sd_event_new@LIBSYSTEMD_221 221
+ sd_event_now@LIBSYSTEMD_221 221
+ sd_event_prepare@LIBSYSTEMD_221 221
+ sd_event_ref@LIBSYSTEMD_221 221
+ sd_event_run@LIBSYSTEMD_221 221
+ sd_event_set_watchdog@LIBSYSTEMD_221 221
+ sd_event_source_get_child_pid@LIBSYSTEMD_221 221
+ sd_event_source_get_description@LIBSYSTEMD_221 221
+ sd_event_source_get_destroy_callback@LIBSYSTEMD_239 239
+ sd_event_source_get_enabled@LIBSYSTEMD_221 221
+ sd_event_source_get_event@LIBSYSTEMD_221 221
+ sd_event_source_get_floating@LIBSYSTEMD_240 240
+ sd_event_source_get_inotify_mask@LIBSYSTEMD_239 239
+ sd_event_source_get_io_events@LIBSYSTEMD_221 221
+ sd_event_source_get_io_fd@LIBSYSTEMD_221 221
+ sd_event_source_get_io_fd_own@LIBSYSTEMD_237 237
+ sd_event_source_get_io_revents@LIBSYSTEMD_221 221
+ sd_event_source_get_pending@LIBSYSTEMD_221 221
+ sd_event_source_get_priority@LIBSYSTEMD_221 221
+ sd_event_source_get_signal@LIBSYSTEMD_221 221
+ sd_event_source_get_time@LIBSYSTEMD_221 221
+ sd_event_source_get_time_accuracy@LIBSYSTEMD_221 221
+ sd_event_source_get_time_clock@LIBSYSTEMD_221 221
+ sd_event_source_get_userdata@LIBSYSTEMD_221 221
+ sd_event_source_ref@LIBSYSTEMD_221 221
+ sd_event_source_set_description@LIBSYSTEMD_221 221
+ sd_event_source_set_destroy_callback@LIBSYSTEMD_239 239
+ sd_event_source_set_enabled@LIBSYSTEMD_221 221
+ sd_event_source_set_floating@LIBSYSTEMD_240 240
+ sd_event_source_set_io_events@LIBSYSTEMD_221 221
+ sd_event_source_set_io_fd@LIBSYSTEMD_221 221
+ sd_event_source_set_io_fd_own@LIBSYSTEMD_237 237
+ sd_event_source_set_prepare@LIBSYSTEMD_221 221
+ sd_event_source_set_priority@LIBSYSTEMD_221 221
+ sd_event_source_set_time@LIBSYSTEMD_221 221
+ sd_event_source_set_time_accuracy@LIBSYSTEMD_221 221
+ sd_event_source_set_userdata@LIBSYSTEMD_221 221
+ sd_event_source_unref@LIBSYSTEMD_221 221
+ sd_event_unref@LIBSYSTEMD_221 221
+ sd_event_wait@LIBSYSTEMD_221 221
+ sd_get_machine_names@LIBSYSTEMD_209 0
+ sd_get_seats@LIBSYSTEMD_209 0
+ sd_get_sessions@LIBSYSTEMD_209 0
+ sd_get_uids@LIBSYSTEMD_209 0
+ sd_hwdb_enumerate@LIBSYSTEMD_240 240
+ sd_hwdb_get@LIBSYSTEMD_240 240
+ sd_hwdb_new@LIBSYSTEMD_240 240
+ sd_hwdb_ref@LIBSYSTEMD_240 240
+ sd_hwdb_seek@LIBSYSTEMD_240 240
+ sd_hwdb_unref@LIBSYSTEMD_240 240
+ sd_id128_from_string@LIBSYSTEMD_209 0
+ sd_id128_get_boot@LIBSYSTEMD_209 0
+ sd_id128_get_boot_app_specific@LIBSYSTEMD_240 240
+ sd_id128_get_invocation@LIBSYSTEMD_232 232
+ sd_id128_get_machine@LIBSYSTEMD_209 0
+ sd_id128_get_machine_app_specific@LIBSYSTEMD_233 233
+ sd_id128_randomize@LIBSYSTEMD_209 0
+ sd_id128_to_string@LIBSYSTEMD_209 0
+ sd_is_fifo@LIBSYSTEMD_209 0
+ sd_is_mq@LIBSYSTEMD_209 0
+ sd_is_socket@LIBSYSTEMD_209 0
+ sd_is_socket_inet@LIBSYSTEMD_209 0
+ sd_is_socket_sockaddr@LIBSYSTEMD_233 233
+ sd_is_socket_unix@LIBSYSTEMD_209 0
+ sd_is_special@LIBSYSTEMD_209 0
+ sd_journal_add_conjunction@LIBSYSTEMD_209 0
+ sd_journal_add_disjunction@LIBSYSTEMD_209 0
+ sd_journal_add_match@LIBSYSTEMD_209 0
+ sd_journal_close@LIBSYSTEMD_209 0
+ sd_journal_enumerate_data@LIBSYSTEMD_209 0
+ sd_journal_enumerate_fields@LIBSYSTEMD_229 229
+ sd_journal_enumerate_unique@LIBSYSTEMD_209 0
+ sd_journal_flush_matches@LIBSYSTEMD_209 0
+ sd_journal_get_catalog@LIBSYSTEMD_209 0
+ sd_journal_get_catalog_for_message_id@LIBSYSTEMD_209 0
+ sd_journal_get_cursor@LIBSYSTEMD_209 0
+ sd_journal_get_cutoff_monotonic_usec@LIBSYSTEMD_209 0
+ sd_journal_get_cutoff_realtime_usec@LIBSYSTEMD_209 0
+ sd_journal_get_data@LIBSYSTEMD_209 0
+ sd_journal_get_data_threshold@LIBSYSTEMD_209 0
+ sd_journal_get_events@LIBSYSTEMD_209 0
+ sd_journal_get_fd@LIBSYSTEMD_209 0
+ sd_journal_get_monotonic_usec@LIBSYSTEMD_209 0
+ sd_journal_get_realtime_usec@LIBSYSTEMD_209 0
+ sd_journal_get_timeout@LIBSYSTEMD_209 0
+ sd_journal_get_usage@LIBSYSTEMD_209 0
+ sd_journal_has_persistent_files@LIBSYSTEMD_229 229
+ sd_journal_has_runtime_files@LIBSYSTEMD_229 229
+ sd_journal_next@LIBSYSTEMD_209 0
+ sd_journal_next_skip@LIBSYSTEMD_209 0
+ sd_journal_open@LIBSYSTEMD_209 0
+ sd_journal_open_container@LIBSYSTEMD_209 0
+ sd_journal_open_directory@LIBSYSTEMD_209 0
+ sd_journal_open_directory_fd@LIBSYSTEMD_230 230
+ sd_journal_open_files@LIBSYSTEMD_209 0
+ sd_journal_open_files_fd@LIBSYSTEMD_230 230
+ sd_journal_perror@LIBSYSTEMD_209 0
+ sd_journal_perror_with_location@LIBSYSTEMD_209 0
+ sd_journal_previous@LIBSYSTEMD_209 0
+ sd_journal_previous_skip@LIBSYSTEMD_209 0
+ sd_journal_print@LIBSYSTEMD_209 0
+ sd_journal_print_with_location@LIBSYSTEMD_209 0
+ sd_journal_printv@LIBSYSTEMD_209 0
+ sd_journal_printv_with_location@LIBSYSTEMD_209 0
+ sd_journal_process@LIBSYSTEMD_209 0
+ sd_journal_query_unique@LIBSYSTEMD_209 0
+ sd_journal_reliable_fd@LIBSYSTEMD_209 0
+ sd_journal_restart_data@LIBSYSTEMD_209 0
+ sd_journal_restart_fields@LIBSYSTEMD_229 229
+ sd_journal_restart_unique@LIBSYSTEMD_209 0
+ sd_journal_seek_cursor@LIBSYSTEMD_209 0
+ sd_journal_seek_head@LIBSYSTEMD_209 0
+ sd_journal_seek_monotonic_usec@LIBSYSTEMD_209 0
+ sd_journal_seek_realtime_usec@LIBSYSTEMD_209 0
+ sd_journal_seek_tail@LIBSYSTEMD_209 0
+ sd_journal_send@LIBSYSTEMD_209 0
+ sd_journal_send_with_location@LIBSYSTEMD_209 0
+ sd_journal_sendv@LIBSYSTEMD_209 0
+ sd_journal_sendv_with_location@LIBSYSTEMD_209 0
+ sd_journal_set_data_threshold@LIBSYSTEMD_209 0
+ sd_journal_stream_fd@LIBSYSTEMD_209 0
+ sd_journal_test_cursor@LIBSYSTEMD_209 0
+ sd_journal_wait@LIBSYSTEMD_209 0
+ sd_listen_fds@LIBSYSTEMD_209 0
+ sd_listen_fds_with_names@LIBSYSTEMD_227 227
+ sd_login_monitor_flush@LIBSYSTEMD_209 0
+ sd_login_monitor_get_events@LIBSYSTEMD_209 0
+ sd_login_monitor_get_fd@LIBSYSTEMD_209 0
+ sd_login_monitor_get_timeout@LIBSYSTEMD_209 0
+ sd_login_monitor_new@LIBSYSTEMD_209 0
+ sd_login_monitor_unref@LIBSYSTEMD_209 0
+ sd_machine_get_class@LIBSYSTEMD_211 211
+ sd_machine_get_ifindices@LIBSYSTEMD_216 217
+ sd_notify@LIBSYSTEMD_209 0
+ sd_notifyf@LIBSYSTEMD_209 0
+ sd_peer_get_cgroup@LIBSYSTEMD_226 226
+ sd_peer_get_machine_name@LIBSYSTEMD_211 211
+ sd_peer_get_owner_uid@LIBSYSTEMD_211 211
+ sd_peer_get_session@LIBSYSTEMD_211 211
+ sd_peer_get_slice@LIBSYSTEMD_211 211
+ sd_peer_get_unit@LIBSYSTEMD_211 211
+ sd_peer_get_user_slice@LIBSYSTEMD_220 220
+ sd_peer_get_user_unit@LIBSYSTEMD_211 211
+ sd_pid_get_cgroup@LIBSYSTEMD_226 226
+ sd_pid_get_machine_name@LIBSYSTEMD_209 0
+ sd_pid_get_owner_uid@LIBSYSTEMD_209 0
+ sd_pid_get_session@LIBSYSTEMD_209 0
+ sd_pid_get_slice@LIBSYSTEMD_209 0
+ sd_pid_get_unit@LIBSYSTEMD_209 0
+ sd_pid_get_user_slice@LIBSYSTEMD_220 220
+ sd_pid_get_user_unit@LIBSYSTEMD_209 0
+ sd_pid_notify@LIBSYSTEMD_214 214
+ sd_pid_notify_with_fds@LIBSYSTEMD_219 219
+ sd_pid_notifyf@LIBSYSTEMD_214 214
+ sd_seat_can_graphical@LIBSYSTEMD_209 0
+ sd_seat_can_multi_session@LIBSYSTEMD_209 0
+ sd_seat_can_tty@LIBSYSTEMD_209 0
+ sd_seat_get_active@LIBSYSTEMD_209 0
+ sd_seat_get_sessions@LIBSYSTEMD_209 0
+ sd_session_get_class@LIBSYSTEMD_209 0
+ sd_session_get_desktop@LIBSYSTEMD_217 217
+ sd_session_get_display@LIBSYSTEMD_209 0
+ sd_session_get_remote_host@LIBSYSTEMD_209 0
+ sd_session_get_remote_user@LIBSYSTEMD_209 0
+ sd_session_get_seat@LIBSYSTEMD_209 0
+ sd_session_get_service@LIBSYSTEMD_209 0
+ sd_session_get_state@LIBSYSTEMD_209 0
+ sd_session_get_tty@LIBSYSTEMD_209 0
+ sd_session_get_type@LIBSYSTEMD_209 0
+ sd_session_get_uid@LIBSYSTEMD_209 0
+ sd_session_get_vt@LIBSYSTEMD_209 0
+ sd_session_is_active@LIBSYSTEMD_209 0
+ sd_session_is_remote@LIBSYSTEMD_209 0
+ sd_uid_get_display@LIBSYSTEMD_213 213
+ sd_uid_get_seats@LIBSYSTEMD_209 0
+ sd_uid_get_sessions@LIBSYSTEMD_209 0
+ sd_uid_get_state@LIBSYSTEMD_209 0
+ sd_uid_is_on_seat@LIBSYSTEMD_209 0
+ sd_watchdog_enabled@LIBSYSTEMD_209 0
diff --git a/debian/libudev-dev.install b/debian/libudev-dev.install
new file mode 100644
index 00000000..4ce781e6
--- /dev/null
+++ b/debian/libudev-dev.install
@@ -0,0 +1,5 @@
+lib/*/libudev.so
+usr/include/libudev.h
+usr/lib/*/pkgconfig/libudev.pc
+usr/share/man/man3/udev*
+usr/share/man/man3/libudev*
diff --git a/debian/libudev-dev.maintscript b/debian/libudev-dev.maintscript
new file mode 100644
index 00000000..b2a4042c
--- /dev/null
+++ b/debian/libudev-dev.maintscript
@@ -0,0 +1 @@
+symlink_to_dir /usr/share/doc/libudev-dev libudev1 221-2~
diff --git a/debian/libudev1-udeb.install b/debian/libudev1-udeb.install
new file mode 100644
index 00000000..cead438b
--- /dev/null
+++ b/debian/libudev1-udeb.install
@@ -0,0 +1 @@
+lib/*/libudev.so.*
diff --git a/debian/libudev1.install b/debian/libudev1.install
new file mode 100644
index 00000000..cead438b
--- /dev/null
+++ b/debian/libudev1.install
@@ -0,0 +1 @@
+lib/*/libudev.so.*
diff --git a/debian/libudev1.symbols b/debian/libudev1.symbols
new file mode 100644
index 00000000..b1978935
--- /dev/null
+++ b/debian/libudev1.symbols
@@ -0,0 +1,97 @@
+libudev.so.1 libudev1 #MINVER#
+* Build-Depends-Package: libudev-dev
+ LIBUDEV_183@LIBUDEV_183 183
+ LIBUDEV_189@LIBUDEV_189 189
+ LIBUDEV_196@LIBUDEV_196 196
+ LIBUDEV_199@LIBUDEV_199 199
+ LIBUDEV_215@LIBUDEV_215 215
+ udev_device_get_action@LIBUDEV_183 183
+ udev_device_get_devlinks_list_entry@LIBUDEV_183 183
+ udev_device_get_devnode@LIBUDEV_183 183
+ udev_device_get_devnum@LIBUDEV_183 183
+ udev_device_get_devpath@LIBUDEV_183 183
+ udev_device_get_devtype@LIBUDEV_183 183
+ udev_device_get_driver@LIBUDEV_183 183
+ udev_device_get_is_initialized@LIBUDEV_183 183
+ udev_device_get_parent@LIBUDEV_183 183
+ udev_device_get_parent_with_subsystem_devtype@LIBUDEV_183 183
+ udev_device_get_properties_list_entry@LIBUDEV_183 183
+ udev_device_get_property_value@LIBUDEV_183 183
+ udev_device_get_seqnum@LIBUDEV_183 183
+ udev_device_get_subsystem@LIBUDEV_183 183
+ udev_device_get_sysattr_list_entry@LIBUDEV_183 183
+ udev_device_get_sysattr_value@LIBUDEV_183 183
+ udev_device_get_sysname@LIBUDEV_183 183
+ udev_device_get_sysnum@LIBUDEV_183 183
+ udev_device_get_syspath@LIBUDEV_183 183
+ udev_device_get_tags_list_entry@LIBUDEV_183 183
+ udev_device_get_udev@LIBUDEV_183 183
+ udev_device_get_usec_since_initialized@LIBUDEV_183 183
+ udev_device_has_tag@LIBUDEV_183 183
+ udev_device_new_from_device_id@LIBUDEV_189 189
+ udev_device_new_from_devnum@LIBUDEV_183 183
+ udev_device_new_from_environment@LIBUDEV_183 183
+ udev_device_new_from_subsystem_sysname@LIBUDEV_183 183
+ udev_device_new_from_syspath@LIBUDEV_183 183
+ udev_device_ref@LIBUDEV_183 183
+ udev_device_set_sysattr_value@LIBUDEV_199 199
+ udev_device_unref@LIBUDEV_183 183
+ udev_enumerate_add_match_is_initialized@LIBUDEV_183 183
+ udev_enumerate_add_match_parent@LIBUDEV_183 183
+ udev_enumerate_add_match_property@LIBUDEV_183 183
+ udev_enumerate_add_match_subsystem@LIBUDEV_183 183
+ udev_enumerate_add_match_sysattr@LIBUDEV_183 183
+ udev_enumerate_add_match_sysname@LIBUDEV_183 183
+ udev_enumerate_add_match_tag@LIBUDEV_183 183
+ udev_enumerate_add_nomatch_subsystem@LIBUDEV_183 183
+ udev_enumerate_add_nomatch_sysattr@LIBUDEV_183 183
+ udev_enumerate_add_syspath@LIBUDEV_183 183
+ udev_enumerate_get_list_entry@LIBUDEV_183 183
+ udev_enumerate_get_udev@LIBUDEV_183 183
+ udev_enumerate_new@LIBUDEV_183 183
+ udev_enumerate_ref@LIBUDEV_183 183
+ udev_enumerate_scan_devices@LIBUDEV_183 183
+ udev_enumerate_scan_subsystems@LIBUDEV_183 183
+ udev_enumerate_unref@LIBUDEV_183 183
+ udev_get_log_priority@LIBUDEV_183 183
+ udev_get_userdata@LIBUDEV_183 183
+ udev_hwdb_get_properties_list_entry@LIBUDEV_196 196
+ udev_hwdb_new@LIBUDEV_196 196
+ udev_hwdb_ref@LIBUDEV_196 196
+ udev_hwdb_unref@LIBUDEV_196 196
+ udev_list_entry_get_by_name@LIBUDEV_183 183
+ udev_list_entry_get_name@LIBUDEV_183 183
+ udev_list_entry_get_next@LIBUDEV_183 183
+ udev_list_entry_get_value@LIBUDEV_183 183
+ udev_monitor_enable_receiving@LIBUDEV_183 183
+ udev_monitor_filter_add_match_subsystem_devtype@LIBUDEV_183 183
+ udev_monitor_filter_add_match_tag@LIBUDEV_183 183
+ udev_monitor_filter_remove@LIBUDEV_183 183
+ udev_monitor_filter_update@LIBUDEV_183 183
+ udev_monitor_get_fd@LIBUDEV_183 183
+ udev_monitor_get_udev@LIBUDEV_183 183
+ udev_monitor_new_from_netlink@LIBUDEV_183 183
+ udev_monitor_receive_device@LIBUDEV_183 183
+ udev_monitor_ref@LIBUDEV_183 183
+ udev_monitor_set_receive_buffer_size@LIBUDEV_183 183
+ udev_monitor_unref@LIBUDEV_183 183
+ udev_new@LIBUDEV_183 183
+ udev_queue_flush@LIBUDEV_215 215
+ udev_queue_get_fd@LIBUDEV_215 215
+ udev_queue_get_kernel_seqnum@LIBUDEV_183 183
+ udev_queue_get_queue_is_empty@LIBUDEV_183 183
+ udev_queue_get_queued_list_entry@LIBUDEV_183 183
+ udev_queue_get_seqnum_is_finished@LIBUDEV_183 183
+ udev_queue_get_seqnum_sequence_is_finished@LIBUDEV_183 183
+ udev_queue_get_udev@LIBUDEV_183 183
+ udev_queue_get_udev_is_active@LIBUDEV_183 183
+ udev_queue_get_udev_seqnum@LIBUDEV_183 183
+ udev_queue_new@LIBUDEV_183 183
+ udev_queue_ref@LIBUDEV_183 183
+ udev_queue_unref@LIBUDEV_183 183
+ udev_ref@LIBUDEV_183 183
+ udev_set_log_fn@LIBUDEV_183 183
+ udev_set_log_priority@LIBUDEV_183 183
+ udev_set_userdata@LIBUDEV_183 183
+ udev_unref@LIBUDEV_183 183
+ udev_util_encode_string@LIBUDEV_183 183
diff --git a/debian/patches/Do-not-start-server-if-it-is-already-runnning-11245.patch b/debian/patches/Do-not-start-server-if-it-is-already-runnning-11245.patch
new file mode 100644
index 00000000..fbcba778
--- /dev/null
+++ b/debian/patches/Do-not-start-server-if-it-is-already-runnning-11245.patch
@@ -0,0 +1,37 @@
+From: rogerjames99 <roger@beardandsandals.co.uk>
+Date: Fri, 28 Dec 2018 06:34:43 +0000
+Subject: Do not start server if it is already runnning (#11245)
+
+(cherry picked from commit 7da7340afdd4760fb2dd9d000105c324a77aff4b)
+---
+ src/network/networkd-link.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index e2851df..cadf7f8 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -1207,15 +1207,16 @@ static int link_request_set_addresses(Link *link) {
+ return r;
+ }
+ }
++ if (!sd_dhcp_server_is_running(link->dhcp_server)) {
++ r = sd_dhcp_server_start(link->dhcp_server);
++ if (r < 0) {
++ log_link_warning_errno(link, r, "Could not start DHCPv4 server instance: %m");
+
+- r = sd_dhcp_server_start(link->dhcp_server);
+- if (r < 0) {
+- log_link_warning_errno(link, r, "Could not start DHCPv4 server instance: %m");
+-
+- link_enter_failed(link);
++ link_enter_failed(link);
+
+- return 0;
+- }
++ return 0;
++ }
++ }
+
+ log_link_debug(link, "Offering DHCPv4 leases");
+ }
diff --git a/debian/patches/Docs-Add-Missing-Space-Between-Words.patch b/debian/patches/Docs-Add-Missing-Space-Between-Words.patch
new file mode 100644
index 00000000..5e69b647
--- /dev/null
+++ b/debian/patches/Docs-Add-Missing-Space-Between-Words.patch
@@ -0,0 +1,23 @@
+From: Alex Mayer <amayer5125@gmail.com>
+Date: Wed, 2 Jan 2019 12:53:47 -0500
+Subject: Docs: Add Missing Space Between Words
+
+(cherry picked from commit 8d7fac92f07cc662e51dcda7c9f3a322454895c7)
+(cherry picked from commit e60c80a908a2c8c6036e41d083134c9e095aa268)
+---
+ man/systemd.exec.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
+index 6419bee..46aa473 100644
+--- a/man/systemd.exec.xml
++++ b/man/systemd.exec.xml
+@@ -1810,7 +1810,7 @@ SystemCallErrorNumber=EPERM</programlisting>
+ <option>syslog</option>, <option>kmsg</option>, <option>journal+console</option>,
+ <option>syslog+console</option>, <option>kmsg+console</option>,
+ <option>file:<replaceable>path</replaceable></option>, <option>append:<replaceable>path</replaceable></option>,
+- <option>socket</option> or<option>fd:<replaceable>name</replaceable></option>.</para>
++ <option>socket</option> or <option>fd:<replaceable>name</replaceable></option>.</para>
+
+ <para><option>inherit</option> duplicates the file descriptor of standard input for standard output.</para>
+
diff --git a/debian/patches/Pass-separate-dev_t-var-to-device_path_parse_major_minor.patch b/debian/patches/Pass-separate-dev_t-var-to-device_path_parse_major_minor.patch
new file mode 100644
index 00000000..0b2adadc
--- /dev/null
+++ b/debian/patches/Pass-separate-dev_t-var-to-device_path_parse_major_minor.patch
@@ -0,0 +1,114 @@
+From: YunQiang Su <syq@debian.org>
+Date: Tue, 25 Dec 2018 19:01:17 +0800
+Subject: Pass separate dev_t var to device_path_parse_major_minor
+
+MIPS/O32's st_rdev member of struct stat is unsigned long, which
+is 32bit, while dev_t is defined as 64bit, which make some problems
+in device_path_parse_major_minor.
+
+Don't pass st.st_rdev, st_mode to device_path_parse_major_minor,
+while pass 2 seperate variables. The result of stat is alos copied
+out into these 2 variables. Fixes: #11247
+
+(cherry picked from commit f5855697aa19fb92637e72ab02e4623abe77f288)
+(cherry picked from commit a0d4edf0e7fe6674c44258a73e0722494d659976)
+---
+ src/core/cgroup.c | 35 ++++++++++++++++++++++-------------
+ 1 file changed, 22 insertions(+), 13 deletions(-)
+
+diff --git a/src/core/cgroup.c b/src/core/cgroup.c
+index a7ce3fc..52324f8 100644
+--- a/src/core/cgroup.c
++++ b/src/core/cgroup.c
+@@ -396,26 +396,31 @@ static void cgroup_xattr_apply(Unit *u) {
+ }
+
+ static int lookup_block_device(const char *p, dev_t *ret) {
+- struct stat st = {};
++ dev_t rdev, dev = 0;
++ mode_t mode;
+ int r;
+
+ assert(p);
+ assert(ret);
+
+- r = device_path_parse_major_minor(p, &st.st_mode, &st.st_rdev);
++ r = device_path_parse_major_minor(p, &mode, &rdev);
+ if (r == -ENODEV) { /* not a parsable device node, need to go to disk */
++ struct stat st;
+ if (stat(p, &st) < 0)
+ return log_warning_errno(errno, "Couldn't stat device '%s': %m", p);
++ rdev = (dev_t)st.st_rdev;
++ dev = (dev_t)st.st_dev;
++ mode = st.st_mode;
+ } else if (r < 0)
+ return log_warning_errno(r, "Failed to parse major/minor from path '%s': %m", p);
+
+- if (S_ISCHR(st.st_mode)) {
++ if (S_ISCHR(mode)) {
+ log_warning("Device node '%s' is a character device, but block device needed.", p);
+ return -ENOTBLK;
+- } else if (S_ISBLK(st.st_mode))
+- *ret = st.st_rdev;
+- else if (major(st.st_dev) != 0)
+- *ret = st.st_dev; /* If this is not a device node then use the block device this file is stored on */
++ } else if (S_ISBLK(mode))
++ *ret = rdev;
++ else if (major(dev) != 0)
++ *ret = dev; /* If this is not a device node then use the block device this file is stored on */
+ else {
+ /* If this is btrfs, getting the backing block device is a bit harder */
+ r = btrfs_get_block_device(p, ret);
+@@ -436,7 +441,8 @@ static int lookup_block_device(const char *p, dev_t *ret) {
+ }
+
+ static int whitelist_device(BPFProgram *prog, const char *path, const char *node, const char *acc) {
+- struct stat st = {};
++ dev_t rdev;
++ mode_t mode;
+ int r;
+
+ assert(path);
+@@ -445,11 +451,12 @@ static int whitelist_device(BPFProgram *prog, const char *path, const char *node
+ /* Some special handling for /dev/block/%u:%u, /dev/char/%u:%u, /run/systemd/inaccessible/chr and
+ * /run/systemd/inaccessible/blk paths. Instead of stat()ing these we parse out the major/minor directly. This
+ * means clients can use these path without the device node actually around */
+- r = device_path_parse_major_minor(node, &st.st_mode, &st.st_rdev);
++ r = device_path_parse_major_minor(node, &mode, &rdev);
+ if (r < 0) {
+ if (r != -ENODEV)
+ return log_warning_errno(r, "Couldn't parse major/minor from device path '%s': %m", node);
+
++ struct stat st;
+ if (stat(node, &st) < 0)
+ return log_warning_errno(errno, "Couldn't stat device %s: %m", node);
+
+@@ -457,22 +464,24 @@ static int whitelist_device(BPFProgram *prog, const char *path, const char *node
+ log_warning("%s is not a device.", node);
+ return -ENODEV;
+ }
++ rdev = (dev_t) st.st_rdev;
++ mode = st.st_mode;
+ }
+
+ if (cg_all_unified() > 0) {
+ if (!prog)
+ return 0;
+
+- return cgroup_bpf_whitelist_device(prog, S_ISCHR(st.st_mode) ? BPF_DEVCG_DEV_CHAR : BPF_DEVCG_DEV_BLOCK,
+- major(st.st_rdev), minor(st.st_rdev), acc);
++ return cgroup_bpf_whitelist_device(prog, S_ISCHR(mode) ? BPF_DEVCG_DEV_CHAR : BPF_DEVCG_DEV_BLOCK,
++ major(rdev), minor(rdev), acc);
+
+ } else {
+ char buf[2+DECIMAL_STR_MAX(dev_t)*2+2+4];
+
+ sprintf(buf,
+ "%c %u:%u %s",
+- S_ISCHR(st.st_mode) ? 'c' : 'b',
+- major(st.st_rdev), minor(st.st_rdev),
++ S_ISCHR(mode) ? 'c' : 'b',
++ major(rdev), minor(rdev),
+ acc);
+
+ /* Changing the devices list of a populated cgroup might result in EINVAL, hence ignore EINVAL here. */
diff --git a/debian/patches/Revert-Always-rename-an-interface-to-its-name-specified-i.patch b/debian/patches/Revert-Always-rename-an-interface-to-its-name-specified-i.patch
new file mode 100644
index 00000000..2540378d
--- /dev/null
+++ b/debian/patches/Revert-Always-rename-an-interface-to-its-name-specified-i.patch
@@ -0,0 +1,61 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 16 Jan 2019 13:28:41 +0100
+Subject: Revert "Always rename an interface to its name specified in config
+ if no NamePolicy= is specified"
+
+This reverts commit 55b6530baacf4658a183b15b010a8cf3483fde08.
+
+This commit description says "Always rename an interface to its name specified
+in config if no NamePolicy= is specified", but it does much more:
+1. It completely changes the meaning of NamePolicy=kernel. Before, it meant that an interface
+ with type==NAMEPOLICY_KERNEL would not be renamed. After, the kernel name only works as
+ a fallback, if no policy matches.
+2. The "if no NamePolicy= is specified" part is not true at all, the interface will be renamed
+ according to the specified NamePolicy=.
+
+After 55b6530baacf, the should_rename() function is named very misleadingly: it is only used
+to mean "respect kernel predictable name if no naming policy matches".
+
+Let's revert, and start with a clean slate. This fixes #11436.
+
+(cherry picked from commit ed30802324365dde6c05d0b7c3ce1a0eff3bf571)
+---
+ src/udev/net/link-config.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
+index ac66ffd..07d8b92 100644
+--- a/src/udev/net/link-config.c
++++ b/src/udev/net/link-config.c
+@@ -312,11 +312,16 @@ static bool should_rename(sd_device *device, bool respect_predictable) {
+ return true;
+
+ switch (type) {
++ case NET_NAME_USER:
++ case NET_NAME_RENAMED:
++ /* these were already named by userspace, do not touch again */
++ return false;
+ case NET_NAME_PREDICTABLE:
+ /* the kernel claims to have given a predictable name */
+ if (respect_predictable)
+ return false;
+ _fallthrough_;
++ case NET_NAME_ENUM:
+ default:
+ /* the name is known to be bad, or of an unknown type */
+ return true;
+@@ -437,8 +442,12 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
+ }
+ }
+
+- if (!new_name && should_rename(device, respect_predictable))
+- new_name = config->name;
++ if (should_rename(device, respect_predictable)) {
++ /* if not set by policy, fall back manually set name */
++ if (!new_name)
++ new_name = config->name;
++ } else
++ new_name = NULL;
+
+ switch (config->mac_policy) {
+ case MACPOLICY_PERSISTENT:
diff --git a/debian/patches/Revert-logind-become-the-controlling-terminal-process-bef.patch b/debian/patches/Revert-logind-become-the-controlling-terminal-process-bef.patch
new file mode 100644
index 00000000..8a8d838c
--- /dev/null
+++ b/debian/patches/Revert-logind-become-the-controlling-terminal-process-bef.patch
@@ -0,0 +1,91 @@
+From: Franck Bui <fbui@suse.com>
+Date: Thu, 10 Jan 2019 12:17:51 +0100
+Subject: Revert "logind: become the controlling terminal process before
+ restoring VT"
+
+This reverts commit ad96887a1205bad9656d280c5681f482e6d04838.
+
+Commit adb8688 alone should be enough to fix issue #9754.
+
+Fixes #11269
+
+(cherry picked from commit c0f34168d4c5691fccb62e81d6d49dd2f730a17b)
+(cherry picked from commit f02b5472c6f0c41e5dc8dc2c84590866baf937ff)
+---
+ src/login/logind-session.c | 58 ++++++++++++----------------------------------
+ 1 file changed, 15 insertions(+), 43 deletions(-)
+
+diff --git a/src/login/logind-session.c b/src/login/logind-session.c
+index 4b4dd4c..90a9108 100644
+--- a/src/login/logind-session.c
++++ b/src/login/logind-session.c
+@@ -1227,54 +1227,26 @@ error:
+ }
+
+ static void session_restore_vt(Session *s) {
+- pid_t pid;
+- int r;
+-
+- if (s->vtnr < 1)
+- return;
++ int r, vt, old_fd;
+
+- if (s->vtfd < 0)
+- return;
+-
+- /* The virtual terminal can potentially be entering in hung-up state at any time
+- * depending on when the controlling process exits.
+- *
+- * If the controlling process exits while we're restoring the virtual terminal,
+- * the VT will enter in hung-up state and we'll fail at restoring it. To prevent
+- * this case, we kick off the current controlling process (if any) in a child
+- * process so logind doesn't play around with tty ownership.
+- *
+- * If the controlling process already exited, getting a fresh handle to the
+- * virtual terminal reset the hung-up state. */
+- r = safe_fork("(logind)", FORK_REOPEN_LOG|FORK_CLOSE_ALL_FDS|FORK_RESET_SIGNALS|FORK_WAIT|FORK_LOG, &pid);
+- if (r == 0) {
+- char path[sizeof("/dev/tty") + DECIMAL_STR_MAX(s->vtnr)];
+- int vt;
+-
+- /* We must be a session leader in order to become the controlling process. */
+- pid = setsid();
+- if (pid < 0) {
+- log_error_errno(errno, "Failed to become session leader: %m");
+- _exit(EXIT_FAILURE);
+- }
++ /* We need to get a fresh handle to the virtual terminal,
++ * since the old file-descriptor is potentially in a hung-up
++ * state after the controlling process exited; we do a
++ * little dance to avoid having the terminal be available
++ * for reuse before we've cleaned it up.
++ */
++ old_fd = TAKE_FD(s->vtfd);
+
+- sprintf(path, "/dev/tty%u", s->vtnr);
+- vt = acquire_terminal(path, ACQUIRE_TERMINAL_FORCE, USEC_INFINITY);
+- if (vt < 0) {
+- log_error_errno(vt, "Cannot acquire VT %s of session %s: %m", path, s->id);
+- _exit(EXIT_FAILURE);
+- }
++ vt = session_open_vt(s);
++ safe_close(old_fd);
+
+- r = vt_restore(vt);
+- if (r < 0)
+- log_warning_errno(r, "Failed to restore VT, ignoring: %m");
++ if (vt < 0)
++ return;
+
+- /* Give up and release the controlling terminal. */
+- safe_close(vt);
+- _exit(EXIT_SUCCESS);
+- }
++ r = vt_restore(vt);
++ if (r < 0)
++ log_warning_errno(r, "Failed to restore VT, ignoring: %m");
+
+- /* Close the fd in any cases. */
+ s->vtfd = safe_close(s->vtfd);
+ }
+
diff --git a/debian/patches/Revert-pam_systemd-drop-setting-DBUS_SESSION_BUS_ADDRESS.patch b/debian/patches/Revert-pam_systemd-drop-setting-DBUS_SESSION_BUS_ADDRESS.patch
new file mode 100644
index 00000000..cbffd70f
--- /dev/null
+++ b/debian/patches/Revert-pam_systemd-drop-setting-DBUS_SESSION_BUS_ADDRESS.patch
@@ -0,0 +1,100 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 4 Jan 2019 11:19:10 +0100
+Subject: Revert "pam_systemd: drop setting DBUS_SESSION_BUS_ADDRESS"
+
+This reverts commit 2b2b7228bffef626fe8e9f131095995f3d50ee3b.
+
+Fixes #11293.
+
+Removing the environment variable causes problems, e.g. Xfce and Chromium and
+... don't communicate with the running dbus instance. If they attempt to start their
+own instance, things become even more confusing. Those packages could be fixed
+one by one, but removing the variable right now is causing too many problems.
+
+(cherry picked from commit 00efd4988b8e4a147f96337de32e54925640f0b7)
+(cherry picked from commit 6c44e6c681e55f8291078b51c72cbfd81cc21a94)
+---
+ README | 2 +-
+ src/login/pam_systemd.c | 42 ++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 43 insertions(+), 1 deletion(-)
+
+diff --git a/README b/README
+index 4439be1..baabf69 100644
+--- a/README
++++ b/README
+@@ -170,7 +170,7 @@ REQUIREMENTS:
+ dependencies:
+
+ util-linux >= v2.27.1 required
+- dbus >= 1.9.14 (strictly speaking optional, but recommended)
++ dbus >= 1.4.0 (strictly speaking optional, but recommended)
+ NOTE: If using dbus < 1.9.18, you should override the default
+ policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
+ dracut (optional)
+diff --git a/src/login/pam_systemd.c b/src/login/pam_systemd.c
+index c7d9dcf..cdec102 100644
+--- a/src/login/pam_systemd.c
++++ b/src/login/pam_systemd.c
+@@ -190,6 +190,40 @@ static int get_seat_from_display(const char *display, const char **seat, uint32_
+ return 0;
+ }
+
++static int export_legacy_dbus_address(
++ pam_handle_t *handle,
++ uid_t uid,
++ const char *runtime) {
++
++ _cleanup_free_ char *s = NULL;
++ int r = PAM_BUF_ERR;
++
++ /* FIXME: We *really* should move the access() check into the
++ * daemons that spawn dbus-daemon, instead of forcing
++ * DBUS_SESSION_BUS_ADDRESS= here. */
++
++ s = strjoin(runtime, "/bus");
++ if (!s)
++ goto error;
++
++ if (access(s, F_OK) < 0)
++ return PAM_SUCCESS;
++
++ s = mfree(s);
++ if (asprintf(&s, DEFAULT_USER_BUS_ADDRESS_FMT, runtime) < 0)
++ goto error;
++
++ r = pam_misc_setenv(handle, "DBUS_SESSION_BUS_ADDRESS", s, 0);
++ if (r != PAM_SUCCESS)
++ goto error;
++
++ return PAM_SUCCESS;
++
++error:
++ pam_syslog(handle, LOG_ERR, "Failed to set bus variable.");
++ return r;
++}
++
+ static int append_session_memory_max(pam_handle_t *handle, sd_bus_message *m, const char *limit) {
+ uint64_t val;
+ int r;
+@@ -405,6 +439,10 @@ _public_ PAM_EXTERN int pam_sm_open_session(
+ }
+ }
+
++ r = export_legacy_dbus_address(handle, pw->pw_uid, rt);
++ if (r != PAM_SUCCESS)
++ return r;
++
+ return PAM_SUCCESS;
+ }
+
+@@ -613,6 +651,10 @@ _public_ PAM_EXTERN int pam_sm_open_session(
+ if (r != PAM_SUCCESS)
+ return r;
+ }
++
++ r = export_legacy_dbus_address(handle, pw->pw_uid, runtime_path);
++ if (r != PAM_SUCCESS)
++ return r;
+ }
+
+ /* Most likely we got the session/type/class from environment variables, but might have gotten the data
diff --git a/debian/patches/Revert-sd-device-ignore-bind-unbind-events-for-now.patch b/debian/patches/Revert-sd-device-ignore-bind-unbind-events-for-now.patch
new file mode 100644
index 00000000..1a76e85f
--- /dev/null
+++ b/debian/patches/Revert-sd-device-ignore-bind-unbind-events-for-now.patch
@@ -0,0 +1,34 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 2 Jan 2019 04:00:14 +0900
+Subject: Revert "sd-device: ignore bind/unbind events for now"
+
+This reverts commit 56c886dc7ed5b2bb0882ba85136f4070545bfc1b.
+
+Fixes #11277 and #11299.
+
+(cherry picked from commit b261494128e60dd3168e0ea961606ec4f39c5739)
+(cherry picked from commit ff2145bfe5aac524c5870a295293b8e3cc74e27a)
+---
+ src/libsystemd/sd-device/device-private.c | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+diff --git a/src/libsystemd/sd-device/device-private.c b/src/libsystemd/sd-device/device-private.c
+index 01a5aa3..36beb3e 100644
+--- a/src/libsystemd/sd-device/device-private.c
++++ b/src/libsystemd/sd-device/device-private.c
+@@ -326,15 +326,6 @@ static int device_append(sd_device *device, char *key, const char **_major, cons
+ action = device_action_from_string(value);
+ if (action == _DEVICE_ACTION_INVALID)
+ return -EINVAL;
+- /* FIXME: remove once we no longer flush previuos state for each action */
+- if (action == DEVICE_ACTION_BIND || action == DEVICE_ACTION_UNBIND) {
+- static bool warned;
+- if (!warned) {
+- log_device_debug(device, "sd-device: ignoring actions 'bind' and 'unbind'");
+- warned = true;
+- }
+- return -EINVAL;
+- }
+ } else if (streq(key, "SEQNUM")) {
+ r = safe_atou64(value, &seqnum);
+ if (r < 0)
diff --git a/debian/patches/Revert-udevd-configure-a-child-process-name-for-worker-pr.patch b/debian/patches/Revert-udevd-configure-a-child-process-name-for-worker-pr.patch
new file mode 100644
index 00000000..540d4c46
--- /dev/null
+++ b/debian/patches/Revert-udevd-configure-a-child-process-name-for-worker-pr.patch
@@ -0,0 +1,25 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 22 Dec 2018 19:49:47 +0900
+Subject: Revert "udevd: configure a child process name for worker processes"
+
+This reverts commit 49f3ee7e74c714f55aab395c080b1099fc17f7fd.
+
+(cherry picked from commit ff86c92e3043f71fc801cf687600a480ee8f6778)
+(cherry picked from commit 77421020c9ab36c1e701901d7e72747ca98d3133)
+---
+ src/udev/udevd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/udev/udevd.c b/src/udev/udevd.c
+index fb8724e..ec77bd4 100644
+--- a/src/udev/udevd.c
++++ b/src/udev/udevd.c
+@@ -534,7 +534,7 @@ static int worker_spawn(Manager *manager, struct event *event) {
+ if (r < 0)
+ return log_error_errno(r, "Worker: Failed to enable receiving of device: %m");
+
+- r = safe_fork("(worker)", FORK_DEATHSIG, &pid);
++ r = safe_fork(NULL, FORK_DEATHSIG, &pid);
+ if (r < 0) {
+ event->state = EVENT_QUEUED;
+ return log_error_errno(r, "Failed to fork() worker: %m");
diff --git a/debian/patches/ask-password-api-do-not-call-ask_password_keyring-if-keyn.patch b/debian/patches/ask-password-api-do-not-call-ask_password_keyring-if-keyn.patch
new file mode 100644
index 00000000..22b2f42b
--- /dev/null
+++ b/debian/patches/ask-password-api-do-not-call-ask_password_keyring-if-keyn.patch
@@ -0,0 +1,26 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 30 Dec 2018 21:13:43 +0900
+Subject: ask-password-api: do not call ask_password_keyring() if keyname ==
+ NULL
+
+Fixes #11295.
+
+(cherry picked from commit 1f00998c8739ac6adc2b7623cc1e5a8f67d95d7d)
+(cherry picked from commit 095a38313daf043413c863634378c8ea7e5f6a09)
+---
+ src/shared/ask-password-api.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
+index 246e27a..6a51c2e 100644
+--- a/src/shared/ask-password-api.c
++++ b/src/shared/ask-password-api.c
+@@ -341,7 +341,7 @@ int ask_password_tty(
+ goto finish;
+ }
+
+- if (notify >= 0 && pollfd[POLL_INOTIFY].revents != 0) {
++ if (notify >= 0 && pollfd[POLL_INOTIFY].revents != 0 && keyname) {
+ (void) flush_fd(notify);
+
+ r = ask_password_keyring(keyname, flags, ret);
diff --git a/debian/patches/basic-process-util-limit-command-line-lengths-to-_SC_ARG_.patch b/debian/patches/basic-process-util-limit-command-line-lengths-to-_SC_ARG_.patch
new file mode 100644
index 00000000..231af188
--- /dev/null
+++ b/debian/patches/basic-process-util-limit-command-line-lengths-to-_SC_ARG_.patch
@@ -0,0 +1,157 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 18:48:23 +0100
+Subject: basic/process-util: limit command line lengths to _SC_ARG_MAX
+
+This affects systemd-journald and systemd-coredump.
+
+Example entry:
+$ journalctl -o export -n1 'MESSAGE=Something logged'
+__CURSOR=s=976542d120c649f494471be317829ef9;i=34e;b=4871e4c474574ce4a462dfe3f1c37f06;m=c7d0c37dd2;t=57c4ac58f3b98;x=67598e942bd23dc0
+__REALTIME_TIMESTAMP=1544035467475864
+__MONOTONIC_TIMESTAMP=858200964562
+_BOOT_ID=4871e4c474574ce4a462dfe3f1c37f06
+PRIORITY=6
+_UID=1000
+_GID=1000
+_CAP_EFFECTIVE=0
+_SELINUX_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
+_AUDIT_SESSION=1
+_AUDIT_LOGINUID=1000
+_SYSTEMD_OWNER_UID=1000
+_SYSTEMD_UNIT=user@1000.service
+_SYSTEMD_SLICE=user-1000.slice
+_SYSTEMD_USER_SLICE=-.slice
+_SYSTEMD_INVOCATION_ID=1c4a469986d448719cb0f9141a10810e
+_MACHINE_ID=08a5690a2eed47cf92ac0a5d2e3cf6b0
+_HOSTNAME=krowka
+_TRANSPORT=syslog
+SYSLOG_FACILITY=17
+SYSLOG_IDENTIFIER=syslog-caller
+MESSAGE=Something logged
+_COMM=poc
+_EXE=/home/zbyszek/src/systemd-work3/poc
+_SYSTEMD_CGROUP=/user.slice/user-1000.slice/user@1000.service/gnome-terminal-server.service
+_SYSTEMD_USER_UNIT=gnome-terminal-server.service
+SYSLOG_PID=4108
+SYSLOG_TIMESTAMP=Dec 5 19:44:27
+_PID=4108
+_CMDLINE=./poc AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA>
+_SOURCE_REALTIME_TIMESTAMP=1544035467475848
+
+$ journalctl -o export -n1 'MESSAGE=Something logged' --output-fields=_CMDLINE|wc
+ 6 2053 2097410
+
+2MB might be hard for some clients to use meaningfully, but OTOH, it is
+important to log the full commandline sometimes. For example, when the program
+is crashing, the exact argument list is useful.
+
+(cherry picked from commit 2d5d2e0cc5171c6795d2a485841474345d9e30ab)
+(cherry picked from commit bcada1eb2f148e0712716d6095bb3a96e8153ec5)
+---
+ src/basic/process-util.c | 73 +++++++++++++++++-------------------------------
+ 1 file changed, 25 insertions(+), 48 deletions(-)
+
+diff --git a/src/basic/process-util.c b/src/basic/process-util.c
+index 4485034..31fdbd9 100644
+--- a/src/basic/process-util.c
++++ b/src/basic/process-util.c
+@@ -129,6 +129,13 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
+
+ (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
+
++ if (max_length == 0) {
++ /* This is supposed to be a safety guard against runaway command lines. */
++ long l = sysconf(_SC_ARG_MAX);
++ assert(l > 0);
++ max_length = l;
++ }
++
+ if (max_length == 1) {
+
+ /* If there's only room for one byte, return the empty string */
+@@ -139,32 +146,6 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
+ *line = ans;
+ return 0;
+
+- } else if (max_length == 0) {
+- size_t len = 0, allocated = 0;
+-
+- while ((c = getc(f)) != EOF) {
+-
+- if (!GREEDY_REALLOC(ans, allocated, len+3)) {
+- free(ans);
+- return -ENOMEM;
+- }
+-
+- if (isprint(c)) {
+- if (space) {
+- ans[len++] = ' ';
+- space = false;
+- }
+-
+- ans[len++] = c;
+- } else if (len > 0)
+- space = true;
+- }
+-
+- if (len > 0)
+- ans[len] = '\0';
+- else
+- ans = mfree(ans);
+-
+ } else {
+ bool dotdotdot = false;
+ size_t left;
+@@ -236,34 +217,30 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
+ if (h < 0)
+ return h;
+
+- if (max_length == 0)
+- ans = strjoin("[", t, "]");
+- else {
+- size_t l;
++ size_t l = strlen(t);
+
+- l = strlen(t);
+-
+- if (l + 3 <= max_length)
+- ans = strjoin("[", t, "]");
+- else if (max_length <= 6) {
++ if (l + 3 <= max_length) {
++ ans = strjoin("[", t, "]");
++ if (!ans)
++ return -ENOMEM;
+
+- ans = new(char, max_length);
+- if (!ans)
+- return -ENOMEM;
++ } else if (max_length <= 6) {
++ ans = new(char, max_length);
++ if (!ans)
++ return -ENOMEM;
+
+- memcpy(ans, "[...]", max_length-1);
+- ans[max_length-1] = 0;
+- } else {
+- t[max_length - 6] = 0;
++ memcpy(ans, "[...]", max_length-1);
++ ans[max_length-1] = 0;
++ } else {
++ t[max_length - 6] = 0;
+
+- /* Chop off final spaces */
+- delete_trailing_chars(t, WHITESPACE);
++ /* Chop off final spaces */
++ delete_trailing_chars(t, WHITESPACE);
+
+- ans = strjoin("[", t, "...]");
+- }
++ ans = strjoin("[", t, "...]");
++ if (!ans)
++ return -ENOMEM;
+ }
+- if (!ans)
+- return -ENOMEM;
+ }
+
+ *line = ans;
diff --git a/debian/patches/core-free-lines-after-reading-them.patch b/debian/patches/core-free-lines-after-reading-them.patch
new file mode 100644
index 00000000..fde1a928
--- /dev/null
+++ b/debian/patches/core-free-lines-after-reading-them.patch
@@ -0,0 +1,29 @@
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Sun, 23 Dec 2018 15:01:03 +0100
+Subject: core: free lines after reading them
+
+Closes https://github.com/systemd/systemd/issues/11251.
+
+(cherry picked from commit 7334ade4a7e103b1a01d1c8fe1ea7c7a854a1c31)
+(cherry picked from commit 5fa79ab2eb900fc58824060e3dcf9508276c9047)
+---
+ src/core/manager.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index 35d9753..6086531 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -3243,11 +3243,11 @@ static int manager_deserialize_one_unit(Manager *m, const char *name, FILE *f, F
+ }
+
+ static int manager_deserialize_units(Manager *m, FILE *f, FDSet *fds) {
+- _cleanup_free_ char *line = NULL;
+ const char *unit_name;
+ int r;
+
+ for (;;) {
++ _cleanup_free_ char *line = NULL;
+ /* Start marker */
+ r = read_line(f, LONG_LINE_MAX, &line);
+ if (r < 0)
diff --git a/debian/patches/core-mount-make-mount_setup_existing_unit-not-drop-MOUNT_.patch b/debian/patches/core-mount-make-mount_setup_existing_unit-not-drop-MOUNT_.patch
new file mode 100644
index 00000000..6ae9994a
--- /dev/null
+++ b/debian/patches/core-mount-make-mount_setup_existing_unit-not-drop-MOUNT_.patch
@@ -0,0 +1,33 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 9 Jan 2019 03:35:55 +0900
+Subject: core/mount: make mount_setup_existing_unit() not drop
+ MOUNT_PROC_JUST_MOUNTED flag from units
+
+This fixes a bug introduced by ec88d1ea0591beccab97d9096fd3fd7b09bc823c.
+
+Fixes #11362.
+
+(cherry picked from commit d253a45e1c147f5174265d71d7419da7bd52a88b)
+(cherry picked from commit 27492fe33697c88b5452602604b0b28771bfd39f)
+---
+ src/core/mount.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/mount.c b/src/core/mount.c
+index ead9bc1..4c5a029 100644
+--- a/src/core/mount.c
++++ b/src/core/mount.c
+@@ -1528,10 +1528,10 @@ static int mount_setup_existing_unit(
+ if (r > 0)
+ flags |= MOUNT_PROC_JUST_CHANGED;
+
+- if (!MOUNT(u)->from_proc_self_mountinfo) {
++ if (!MOUNT(u)->from_proc_self_mountinfo || FLAGS_SET(MOUNT(u)->proc_flags, MOUNT_PROC_JUST_MOUNTED))
+ flags |= MOUNT_PROC_JUST_MOUNTED;
+- MOUNT(u)->from_proc_self_mountinfo = true;
+- }
++
++ MOUNT(u)->from_proc_self_mountinfo = true;
+
+ if (IN_SET(u->load_state, UNIT_NOT_FOUND, UNIT_BAD_SETTING, UNIT_ERROR)) {
+ /* The unit was previously not found or otherwise not loaded. Now that the unit shows up in
diff --git a/debian/patches/coredump-fix-message-when-we-fail-to-save-a-journald-core.patch b/debian/patches/coredump-fix-message-when-we-fail-to-save-a-journald-core.patch
new file mode 100644
index 00000000..6646c928
--- /dev/null
+++ b/debian/patches/coredump-fix-message-when-we-fail-to-save-a-journald-core.patch
@@ -0,0 +1,30 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 21:34:24 +0100
+Subject: coredump: fix message when we fail to save a journald coredump
+
+If creation of the message failed, we'd write a bogus entry:
+systemd-coredump[1400]: Cannot store coredump of 416 (systemd-journal): No space left on device
+systemd-coredump[1400]: MESSAGE=Process 416 (systemd-journal) of user 0 dumped core.
+systemd-coredump[1400]: Coredump diverted to
+
+(cherry picked from commit f0136e09221364f931c3a3b715da4e4d3ee9f2ac)
+(cherry picked from commit 3f11736ae9f336ddbc34ad395c9fe5c99139af39)
+---
+ src/coredump/coredump.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
+index db2cf64..516f63d 100644
+--- a/src/coredump/coredump.c
++++ b/src/coredump/coredump.c
+@@ -794,8 +794,8 @@ log:
+ core_message = strjoin("MESSAGE=Process ", context[CONTEXT_PID],
+ " (", context[CONTEXT_COMM], ") of user ",
+ context[CONTEXT_UID], " dumped core.",
+- journald_crash ? "\nCoredump diverted to " : NULL,
+- journald_crash ? filename : NULL);
++ journald_crash && filename ? "\nCoredump diverted to " : NULL,
++ journald_crash && filename ? filename : NULL);
+ if (!core_message)
+ return log_oom();
+
diff --git a/debian/patches/coredump-remove-duplicate-MESSAGE-prefix-from-message.patch b/debian/patches/coredump-remove-duplicate-MESSAGE-prefix-from-message.patch
new file mode 100644
index 00000000..0c076f49
--- /dev/null
+++ b/debian/patches/coredump-remove-duplicate-MESSAGE-prefix-from-message.patch
@@ -0,0 +1,33 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 17:33:15 +0100
+Subject: coredump: remove duplicate MESSAGE= prefix from message
+
+systemd-coredump[9982]: MESSAGE=Process 771 (systemd-journal) of user 0 dumped core.
+systemd-coredump[9982]: Coredump diverted to /var/lib/systemd/coredump/core...
+
+log_dispatch() calls log_dispatch_internal() which calls write_to_journal()
+which appends MESSAGE= on its own.
+
+(cherry picked from commit 4f62556d71206ac814a020a954b397d4940e14c3)
+(cherry picked from commit 9f564b3f45008c1a178a186f944ddc7485614cd2)
+---
+ src/coredump/coredump.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
+index 0c888b2..20c1fb0 100644
+--- a/src/coredump/coredump.c
++++ b/src/coredump/coredump.c
+@@ -800,9 +800,10 @@ log:
+ return log_oom();
+
+ if (journald_crash) {
+- /* We cannot log to the journal, so just print the MESSAGE.
++ /* We cannot log to the journal, so just print the message.
+ * The target was set previously to something safe. */
+- log_dispatch(LOG_ERR, 0, core_message);
++ assert(startswith(core_message, "MESSAGE="));
++ log_dispatch(LOG_ERR, 0, core_message + strlen("MESSAGE="));
+ return 0;
+ }
+
diff --git a/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch b/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch
new file mode 100644
index 00000000..4794e9d3
--- /dev/null
+++ b/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch
@@ -0,0 +1,77 @@
+From: Martin Pitt <mpitt@debian.org>
+Date: Wed, 18 Jan 2017 11:21:35 +0100
+Subject: Add env variable for machine ID path
+
+During package build, in minimal chroots, or other systems which do not already
+have an /etc/machine-id we get six test failures. Introduce a
+$SYSTEMD_MACHINE_ID_PATH environment variable which can specify a location
+other than /etc/machine-id, so that the unit tests are independent from the
+environment.
+
+Also adjust test-fs-util to not assume that /etc/machine-id exists. Use
+/etc/passwd instead which is created by base-files.
+
+Closes: #851445
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62344
+---
+ src/libsystemd/sd-id128/sd-id128.c | 2 +-
+ src/test/test-fs-util.c | 11 +++++++----
+ 2 files changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/src/libsystemd/sd-id128/sd-id128.c b/src/libsystemd/sd-id128/sd-id128.c
+index 3593a71..ba61c45 100644
+--- a/src/libsystemd/sd-id128/sd-id128.c
++++ b/src/libsystemd/sd-id128/sd-id128.c
+@@ -88,7 +88,7 @@ _public_ int sd_id128_get_machine(sd_id128_t *ret) {
+ assert_return(ret, -EINVAL);
+
+ if (sd_id128_is_null(saved_machine_id)) {
+- r = id128_read("/etc/machine-id", ID128_PLAIN, &saved_machine_id);
++ r = id128_read(getenv("SYSTEMD_MACHINE_ID_PATH") ?: "/etc/machine-id", ID128_PLAIN, &saved_machine_id);
+ if (r < 0)
+ return r;
+
+diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
+index b3a4b17..5408892 100644
+--- a/src/test/test-fs-util.c
++++ b/src/test/test-fs-util.c
+@@ -185,7 +185,7 @@ static void test_chase_symlinks(void) {
+ assert_se(streq(result, "/test-chase.fsldajfl"));
+ result = mfree(result);
+
+- r = chase_symlinks("/etc/machine-id/foo", NULL, 0, &result);
++ r = chase_symlinks("/etc/passwd/foo", NULL, 0, &result);
+ assert_se(r == -ENOTDIR);
+ result = mfree(result);
+
+@@ -258,23 +258,26 @@ static void test_chase_symlinks(void) {
+ assert_se(chase_symlinks(q, NULL, CHASE_SAFE, NULL) >= 0);
+ }
+
+- p = strjoina(temp, "/machine-id-test");
+- assert_se(symlink("/usr/../etc/./machine-id", p) >= 0);
++ p = strjoina(temp, "/passwd-test");
++ assert_se(symlink("/usr/../etc/./passwd", p) >= 0);
+
+ pfd = chase_symlinks(p, NULL, CHASE_OPEN, NULL);
+ if (pfd != -ENOENT) {
+ _cleanup_close_ int fd = -1;
++/*
+ sd_id128_t a, b;
++*/
+
+ assert_se(pfd >= 0);
+
+ fd = fd_reopen(pfd, O_RDONLY|O_CLOEXEC);
+ assert_se(fd >= 0);
+ safe_close(pfd);
+-
++/*
+ assert_se(id128_read_fd(fd, ID128_PLAIN, &a) >= 0);
+ assert_se(sd_id128_get_machine(&b) >= 0);
+ assert_se(sd_id128_equal(a, b));
++*/
+ }
+
+ /* Test CHASE_NOFOLLOW */
diff --git a/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch b/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch
new file mode 100644
index 00000000..6ac1c00b
--- /dev/null
+++ b/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch
@@ -0,0 +1,30 @@
+From: Julien Muchembled <jm@jmuchemb.eu>
+Date: Tue, 29 Apr 2014 11:40:50 +0200
+Subject: Add support for TuxOnIce hibernation
+
+systemd does not support non-mainline kernel features so upstream rejected this
+patch.
+It is however required for systemd integration by tuxonice-userui package.
+
+Forwarded: http://lists.freedesktop.org/archives/systemd-devel/2014-April/018960.html
+---
+ src/shared/sleep-config.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c
+index 2e22bd0..b5050ea 100644
+--- a/src/shared/sleep-config.c
++++ b/src/shared/sleep-config.c
+@@ -267,6 +267,12 @@ static bool enough_swap_for_hibernation(void) {
+ if (getenv_bool("SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK") > 0)
+ return true;
+
++ /* TuxOnIce is an alternate implementation for hibernation.
++ * It can be configured to compress the image to a file or an inactive
++ * swap partition, so there's nothing more we can do here. */
++ if (access("/sys/power/tuxonice", F_OK) == 0)
++ return true;
++
+ r = find_hibernate_location(NULL, NULL, &size, &used);
+ if (r < 0)
+ return false;
diff --git a/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch b/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
new file mode 100644
index 00000000..085bafd1
--- /dev/null
+++ b/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
@@ -0,0 +1,24 @@
+From: Tollef Fog Heen <tfheen@err.no>
+Date: Tue, 5 Jun 2012 20:59:36 +0200
+Subject: Bring tmpfiles.d/tmp.conf in line with Debian defaults
+
+Closes: #675422
+---
+ tmpfiles.d/tmp.conf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
+index 22555a0..8fb117f 100644
+--- a/tmpfiles.d/tmp.conf
++++ b/tmpfiles.d/tmp.conf
+@@ -8,8 +8,8 @@
+ # See tmpfiles.d(5) for details
+
+ # Clear tmp directories separately, to make them easier to override
+-q /tmp 1777 root root 10d
+-q /var/tmp 1777 root root 30d
++D /tmp 1777 root root -
++#q /var/tmp 1777 root root 30d
+
+ # Exclude namespace mountpoints created with PrivateTmp=yes
+ x /tmp/systemd-private-%b-*
diff --git a/debian/patches/debian/Don-t-enable-audit-by-default.patch b/debian/patches/debian/Don-t-enable-audit-by-default.patch
new file mode 100644
index 00000000..3776dc8a
--- /dev/null
+++ b/debian/patches/debian/Don-t-enable-audit-by-default.patch
@@ -0,0 +1,30 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Sun, 28 Dec 2014 12:49:35 +0100
+Subject: Don't enable audit by default
+
+It causes flooding of dmesg and syslog, suppressing actually important
+messages.
+
+Don't enable it for now, until a better solution is found:
+http://lists.freedesktop.org/archives/systemd-devel/2014-December/026591.html
+
+Bug-Debian: https://bugs.debian.org/773528
+---
+ src/journal/journald-audit.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/src/journal/journald-audit.c b/src/journal/journald-audit.c
+index 345e43e..057b13f 100644
+--- a/src/journal/journald-audit.c
++++ b/src/journal/journald-audit.c
+@@ -536,10 +536,5 @@ int server_open_audit(Server *s) {
+ if (r < 0)
+ return log_error_errno(r, "Failed to add audit fd to event loop: %m");
+
+- /* We are listening now, try to enable audit */
+- r = enable_audit(s->audit_fd, true);
+- if (r < 0)
+- log_warning_errno(r, "Failed to issue audit enable call: %m");
+-
+ return 0;
+ }
diff --git a/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch b/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch
new file mode 100644
index 00000000..3ac8c831
--- /dev/null
+++ b/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch
@@ -0,0 +1,31 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Wed, 18 Jul 2018 23:49:16 +0200
+Subject: Drop seccomp system call filter for udev
+
+The seccomp based system call whitelist requires at least systemd 239 to
+be the active init and during a dist-upgrade we can't guarantee that
+systemd has been fully configured before udev is restarted.
+
+This partially reverts upstream commit
+ee8f26180d01e3ddd4e5f20b03b81e5e737657ae.
+
+Once buster is released, this patch can be dropped.
+
+Closes: #903224
+---
+ units/systemd-udevd.service.in | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
+index 6a3814e..2b9fa69 100644
+--- a/units/systemd-udevd.service.in
++++ b/units/systemd-udevd.service.in
+@@ -29,8 +29,6 @@ PrivateMounts=yes
+ MemoryDenyWriteExecute=yes
+ RestrictRealtime=yes
+ RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
+-SystemCallFilter=@system-service @module @raw-io
+-SystemCallErrorNumber=EPERM
+ SystemCallArchitectures=native
+ LockPersonality=yes
+ IPAddressDeny=any
diff --git a/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch b/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch
new file mode 100644
index 00000000..d48d61c4
--- /dev/null
+++ b/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch
@@ -0,0 +1,22 @@
+From: Iain Lane <iain@orangesquash.org.uk>
+Date: Mon, 22 Aug 2016 07:03:27 +0200
+Subject: Let graphical-session-pre.target be manually started
+
+This is needed until https://github.com/systemd/systemd/issues/3750 is fixed.
+
+Forwarded: not-needed
+Bug-Ubuntu: https://launchpad.net/bugs/1615341
+---
+ units/user/graphical-session-pre.target | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/units/user/graphical-session-pre.target b/units/user/graphical-session-pre.target
+index 3adfc5a..c4e1001 100644
+--- a/units/user/graphical-session-pre.target
++++ b/units/user/graphical-session-pre.target
+@@ -12,5 +12,4 @@ Description=Session services which should run early before the graphical session
+ Documentation=man:systemd.special(7)
+ Requires=basic.target
+ Before=graphical-session.target
+-RefuseManualStart=yes
+ StopWhenUnneeded=yes
diff --git a/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch b/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch
new file mode 100644
index 00000000..f53f723b
--- /dev/null
+++ b/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch
@@ -0,0 +1,42 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Fri, 5 Sep 2014 01:15:16 +0200
+Subject: Make /run/lock tmpfs an API fs
+
+The /run/lock directory is world-writable in Debian due to historic
+reasons. To avoid user processes filling up /run, we mount a separate
+tmpfs for /run/lock. As this directory needs to be available during
+early boot, we make it an API fs.
+
+Drop it from tmpfiles.d/legacy.conf to not clobber the permissions.
+
+Closes: #751392
+---
+ src/core/mount-setup.c | 2 ++
+ tmpfiles.d/legacy.conf | 1 -
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
+index 3ce6164..3aae4c8 100644
+--- a/src/core/mount-setup.c
++++ b/src/core/mount-setup.c
+@@ -83,6 +83,8 @@ static const MountPoint mount_table[] = {
+ #endif
+ { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
+ NULL, MNT_FATAL|MNT_IN_CONTAINER },
++ { "tmpfs", "/run/lock", "tmpfs", "mode=1777,size=5242880", MS_NOSUID|MS_NODEV|MS_NOEXEC,
++ NULL, MNT_FATAL|MNT_IN_CONTAINER },
+ { "cgroup2", "/sys/fs/cgroup", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ cg_is_unified_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE },
+ { "cgroup2", "/sys/fs/cgroup", "cgroup2", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
+diff --git a/tmpfiles.d/legacy.conf b/tmpfiles.d/legacy.conf
+index 62e2ae0..ea5e735 100644
+--- a/tmpfiles.d/legacy.conf
++++ b/tmpfiles.d/legacy.conf
+@@ -10,7 +10,6 @@
+ # These files are considered legacy and are unnecessary on legacy-free
+ # systems.
+
+-d /run/lock 0755 root root -
+ L /var/lock - - - - ../run/lock
+
+ # /run/lock/subsys is used for serializing SysV service execution, and
diff --git a/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch b/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch
new file mode 100644
index 00000000..7b1103e1
--- /dev/null
+++ b/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch
@@ -0,0 +1,24 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Mon, 9 Feb 2015 10:53:43 +0100
+Subject: Only start logind if dbus is installed
+
+logind fails to start in environments without dbus, such as LXC containers or
+servers. Add a startup condition to avoid the very noisy startup failure.
+
+Part of #772700
+---
+ units/systemd-logind.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
+index 38a7f26..16f1d9d 100644
+--- a/units/systemd-logind.service.in
++++ b/units/systemd-logind.service.in
+@@ -14,6 +14,7 @@ Documentation=https://www.freedesktop.org/wiki/Software/systemd/logind
+ Documentation=https://www.freedesktop.org/wiki/Software/systemd/multiseat
+ Wants=user.slice
+ After=nss-user-lookup.target user.slice
++ConditionPathExists=/lib/systemd/system/dbus.service
+
+ # Ask for the dbus socket.
+ Wants=dbus.socket
diff --git a/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch b/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch
new file mode 100644
index 00000000..56c69ea9
--- /dev/null
+++ b/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch
@@ -0,0 +1,56 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Fri, 28 Nov 2014 14:43:25 +0100
+Subject: Re-enable journal forwarding to syslog
+
+Revert upstream commit 46b131574fdd7d77 for now, until Debian's sysloggers
+can/do all read from the journal directly. See
+
+ http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html
+
+for details. Once we grow a journal.conf.d/ directory, sysloggers can be moved
+to pulling from the journal one by one and disable forwarding again in such a
+conf.d snippet.
+---
+ man/journald.conf.xml | 2 +-
+ src/journal/journald-server.c | 1 +
+ src/journal/journald.conf | 2 +-
+ 3 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/man/journald.conf.xml b/man/journald.conf.xml
+index ed874aa..6bb0605 100644
+--- a/man/journald.conf.xml
++++ b/man/journald.conf.xml
+@@ -296,7 +296,7 @@
+ the system console, or sent as wall messages to all logged-in users. These
+ options take boolean arguments. If forwarding to syslog is enabled but nothing
+ reads messages from the socket, forwarding to syslog has no effect. By default,
+- only forwarding to wall is enabled. These settings may be overridden at boot time
++ only forwarding to syslog and wall is enabled. These settings may be overridden at boot time
+ with the kernel command line options
+ <literal>systemd.journald.forward_to_syslog</literal>,
+ <literal>systemd.journald.forward_to_kmsg</literal>,
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index 2a960eb..7fe0f82 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -1835,6 +1835,7 @@ int server_init(Server *s) {
+ s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
+ s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
+
++ s->forward_to_syslog = true;
+ s->forward_to_wall = true;
+
+ s->max_file_usec = DEFAULT_MAX_FILE_USEC;
+diff --git a/src/journal/journald.conf b/src/journal/journald.conf
+index 2f1c661..8951d9e 100644
+--- a/src/journal/journald.conf
++++ b/src/journal/journald.conf
+@@ -29,7 +29,7 @@
+ #RuntimeMaxFiles=100
+ #MaxRetentionSec=
+ #MaxFileSec=1month
+-#ForwardToSyslog=no
++#ForwardToSyslog=yes
+ #ForwardToKMsg=no
+ #ForwardToConsole=no
+ #ForwardToWall=yes
diff --git a/debian/patches/debian/Revert-core-enable-TasksMax-for-all-services-by-default-a.patch b/debian/patches/debian/Revert-core-enable-TasksMax-for-all-services-by-default-a.patch
new file mode 100644
index 00000000..4e9940d6
--- /dev/null
+++ b/debian/patches/debian/Revert-core-enable-TasksMax-for-all-services-by-default-a.patch
@@ -0,0 +1,56 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Mon, 9 May 2016 21:24:38 +0200
+Subject: Revert "core: enable TasksMax= for all services by default,
+ and set it to 512"
+
+This reverts commit 9ded9cd14cc03c67291b10a5c42ce5094ba0912f.
+
+Introducing a default limit on number of threads broke a lot of software which
+regularly needs more, such as MySQL and RabbitMQ, or services that spawn off an
+indefinite number of subtasks that are not in a scope, like LXC or cron.
+
+15% is way too much for most "simple" services, and it's too little for others
+such as the ones mentioned above. There is also no particular rationale about
+any particular global limit, so even if we'd bump it higher we'd just make the
+limit even less useful while still breaking software.
+
+It is both much safer and also much more effective in terms of guarding against
+berserk programs/bugs/unintended fork bombs etc. to set limits in units
+individually. Once someone looks at one, this is then a great time to also flip
+on the other resource and privilege limitations that systemd offers.
+
+Bug: https://github.com/systemd/systemd/issues/3211
+Bug-Debian: https://bugs.debian.org/823530
+Bug-Ubuntu: https://launchpad.net/bugs/1578080
+---
+ man/systemd-system.conf.xml | 3 +--
+ src/core/system.conf.in | 2 +-
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
+index 35da82a..daf3d15 100644
+--- a/man/systemd-system.conf.xml
++++ b/man/systemd-system.conf.xml
+@@ -318,8 +318,7 @@
+ <listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
+ <citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details. This setting applies to all unit types that support resource control settings, with the exception
+- of slice units. Defaults to 15%, which equals 4915 with the kernel's defaults on the host, but might be smaller
+- in OS containers.</para></listitem>
++ of slice units.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+diff --git a/src/core/system.conf.in b/src/core/system.conf.in
+index 0a58737..97ecd75 100644
+--- a/src/core/system.conf.in
++++ b/src/core/system.conf.in
+@@ -45,7 +45,7 @@
+ #DefaultBlockIOAccounting=no
+ #DefaultMemoryAccounting=@MEMORY_ACCOUNTING_DEFAULT@
+ #DefaultTasksAccounting=yes
+-#DefaultTasksMax=15%
++#DefaultTasksMax=
+ #DefaultLimitCPU=
+ #DefaultLimitFSIZE=
+ #DefaultLimitDATA=
diff --git a/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch b/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch
new file mode 100644
index 00000000..c8c61f4a
--- /dev/null
+++ b/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch
@@ -0,0 +1,37 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Mon, 27 Apr 2015 15:29:13 +0200
+Subject: Revert "core: one step back again,
+ for nspawn we actually can't wait for cgroups running empty since systemd
+ will get exactly zero notifications about it"
+
+This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7.
+
+Bug-Debian: https://bugs.debian.org/784720
+Bug-Ubuntu: https://launchpad.net/bugs/1448259
+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1141137
+---
+ src/core/unit.c | 11 +----------
+ 1 file changed, 1 insertion(+), 10 deletions(-)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 24b14fb..694df72 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -4553,16 +4553,7 @@ int unit_kill_context(
+
+ } else if (r > 0) {
+
+- /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if
+- * we are running in a container or if this is a delegation unit, simply because cgroup
+- * notification is unreliable in these cases. It doesn't work at all in containers, and outside
+- * of containers it can be confused easily by left-over directories in the cgroup — which
+- * however should not exist in non-delegated units. On the unified hierarchy that's different,
+- * there we get proper events. Hence rely on them. */
+-
+- if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 ||
+- (detect_container() == 0 && !unit_cgroup_delegate(u)))
+- wait_for_exit = true;
++ wait_for_exit = true;
+
+ if (send_sighup) {
+ set_free(pid_set);
diff --git a/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch b/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch
new file mode 100644
index 00000000..3c30bdb3
--- /dev/null
+++ b/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch
@@ -0,0 +1,43 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Sat, 27 Feb 2016 12:27:06 +0100
+Subject: Revert "core: set RLIMIT_CORE to unlimited by default"
+
+Partially revert commit 15a900327ab as this completely breaks core dumps
+without systemd-coredump. It's also contradicting core(8), and it's not
+systemd's place to redefine the kernel definitions of core files.
+
+Commit bdfd7b2c now honours the process' RLIMIT_CORE for systemd-coredump. This
+isn't what RLIMIT_CORE is supposed to do (it limits the size of the core
+*file*, but the kernel deliberately ignores it for piping), so set a static
+2^63 core size limit for systemd-coredump to go back to the previous behaviour
+(otherwise the change above would break systemd-coredump).
+
+Bug-Debian: https://bugs.debian.org/815020
+---
+ src/core/main.c | 2 --
+ sysctl.d/50-coredump.conf.in | 2 +-
+ 2 files changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/core/main.c b/src/core/main.c
+index 839dc06..77b03f1 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -2401,8 +2401,6 @@ int main(int argc, char *argv[]) {
+ kernel_timestamp = DUAL_TIMESTAMP_NULL;
+ }
+
+- initialize_coredump(skip_setup);
+-
+ r = fixup_environment();
+ if (r < 0) {
+ log_emergency_errno(r, "Failed to fix up PID 1 environment: %m");
+diff --git a/sysctl.d/50-coredump.conf.in b/sysctl.d/50-coredump.conf.in
+index ccd5c2c..53e74a1 100644
+--- a/sysctl.d/50-coredump.conf.in
++++ b/sysctl.d/50-coredump.conf.in
+@@ -9,4 +9,4 @@
+ # and systemd-coredump(8) and core(5) for the explanation of the
+ # setting below.
+
+-kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %h %e
++kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t 9223372036854775808 %h %e
diff --git a/debian/patches/debian/Revert-udev-network-device-renaming-immediately-give.patch b/debian/patches/debian/Revert-udev-network-device-renaming-immediately-give.patch
new file mode 100644
index 00000000..e8bf17b8
--- /dev/null
+++ b/debian/patches/debian/Revert-udev-network-device-renaming-immediately-give.patch
@@ -0,0 +1,89 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Thu, 18 Jul 2013 01:04:07 +0200
+Subject: Revert "udev: network device renaming - immediately give up if the
+ target name isn't available"
+
+This reverts commit 97595710b77aa162ca5e20da57d0a1ed7355eaad.
+
+We need to keep supporting systems with 75-persistent-net-generator.rules
+generated names for a while after switching to net.ifnames. Re-apply this old
+hack to make the renaming less likely to fail.
+---
+ src/udev/udev-event.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 46 insertions(+), 5 deletions(-)
+
+diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
+index 07b7365..f67b295 100644
+--- a/src/udev/udev-event.c
++++ b/src/udev/udev-event.c
+@@ -680,6 +680,7 @@ static int rename_netif(UdevEvent *event) {
+ const char *action, *oldname;
+ char name[IFNAMSIZ];
+ int ifindex, r;
++ int loop;
+
+ if (!event->name)
+ return 0; /* No new name is requested. */
+@@ -705,17 +706,57 @@ static int rename_netif(UdevEvent *event) {
+ return log_device_error_errno(dev, r, "Failed to get ifindex: %m");
+
+ strscpy(name, IFNAMSIZ, event->name);
++
+ r = rtnl_set_link_name(&event->rtnl, ifindex, name);
+- if (r < 0)
+- return log_device_error_errno(dev, r, "Failed to rename network interface %i from '%s' to '%s': %m", ifindex, oldname, name);
++ if (r >= 0) {
++ r = device_rename(dev, event->name);
++ if (r < 0)
++ return log_warning_errno(r, "Network interface %i is renamed from '%s' to '%s', but could not update sd_device object: %m", ifindex, oldname, name);
++
++ log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, name);
++
++ return 1;
++ }
++
++ /* keep trying if the destination interface name already exists */
++ if (r != -EEXIST)
++ goto out;
+
+- r = device_rename(dev, event->name);
++ /* free our own name, another process may wait for us */
++ snprintf(name, IFNAMSIZ, "rename%u", ifindex);
++ r = rtnl_set_link_name(&event->rtnl, ifindex, name);
+ if (r < 0)
+- return log_warning_errno(r, "Network interface %i is renamed from '%s' to '%s', but could not update sd_device object: %m", ifindex, oldname, name);
++ goto out;
+
++ /* log temporary name */
+ log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, name);
+
+- return 1;
++ /* wait a maximum of 90 seconds for our target to become available */
++ strscpy(name, IFNAMSIZ, event->name);
++ loop = 90 * 20;
++ while (loop--) {
++ const struct timespec duration = { 0, 1000 * 1000 * 1000 / 20 };
++
++ nanosleep(&duration, NULL);
++
++ r = rtnl_set_link_name(&event->rtnl, ifindex, name);
++ if (r >= 0) {
++ r = device_rename(dev, event->name);
++ if (r < 0)
++ return log_warning_errno(r, "Network interface %i is renamed from '%s' to '%s', but could not update sd_device object: %m", ifindex, oldname, name);
++
++ log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, oldname, name);
++
++ return 1;
++ }
++ if (r != -EEXIST)
++ goto out;
++ }
++
++out:
++ if (r < 0)
++ return log_device_error_errno(dev, r, "Failed to rename network interface %i from '%s' to '%s': %m", ifindex, oldname, name);
++ return r;
+ }
+
+ static int update_devnode(UdevEvent *event) {
diff --git a/debian/patches/debian/Revert-udev-rules-Permission-changes-for-dev-dri-renderD.patch b/debian/patches/debian/Revert-udev-rules-Permission-changes-for-dev-dri-renderD.patch
new file mode 100644
index 00000000..54066bdd
--- /dev/null
+++ b/debian/patches/debian/Revert-udev-rules-Permission-changes-for-dev-dri-renderD.patch
@@ -0,0 +1,82 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Sun, 17 Dec 2017 00:31:20 +0100
+Subject: Revert "udev-rules: Permission changes for /dev/dri/renderD*"
+
+This would introduce a new system group "render". As the name is rather
+generic, this needs further discussion first, so revert this change for
+now.
+
+This reverts commit 4e15a7343cb389e97f3eb4f49699161862d8b8b2.
+---
+ meson.build | 2 --
+ meson_options.txt | 2 --
+ rules/50-udev-default.rules.in | 5 +----
+ src/login/70-uaccess.rules.m4 | 2 +-
+ 4 files changed, 2 insertions(+), 9 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index a87bb57..8072f52 100644
+--- a/meson.build
++++ b/meson.build
+@@ -808,7 +808,6 @@ conf.set10('ENABLE_WHEEL_GROUP', get_option('wheel-group'))
+ dev_kvm_mode = get_option('dev-kvm-mode')
+ substs.set('DEV_KVM_MODE', dev_kvm_mode)
+ conf.set10('DEV_KVM_UACCESS', dev_kvm_mode != '0666')
+-substs.set('GROUP_RENDER_MODE', get_option('group-render-mode'))
+
+ kill_user_processes = get_option('default-kill-user-processes')
+ conf.set10('KILL_USER_PROCESSES', kill_user_processes)
+@@ -3087,7 +3086,6 @@ status = [
+ 'minimum container UID base: @0@'.format(container_uid_base_min),
+ 'maximum container UID base: @0@'.format(container_uid_base_max),
+ '/dev/kvm access mode: @0@'.format(get_option('dev-kvm-mode')),
+- 'render group access mode: @0@'.format(get_option('group-render-mode')),
+ 'certificate root directory: @0@'.format(get_option('certificate-root')),
+ 'support URL: @0@'.format(support_url),
+ 'nobody user name: @0@'.format(nobody_user),
+diff --git a/meson_options.txt b/meson_options.txt
+index 1423b89..aba9d8f 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -189,8 +189,6 @@ option('nobody-group', type : 'string',
+ value : 'nobody')
+ option('dev-kvm-mode', type : 'string', value : '0666',
+ description : '/dev/kvm access mode')
+-option('group-render-mode', type : 'string', value : '0666',
+- description : 'Access mode for devices owned by render group (e.g. /dev/dri/renderD*, /dev/kfd).')
+ option('default-kill-user-processes', type : 'boolean',
+ description : 'the default value for KillUserProcesses= setting')
+ option('gshadow', type : 'boolean',
+diff --git a/rules/50-udev-default.rules.in b/rules/50-udev-default.rules.in
+index 191f56f..63aa3db 100644
+--- a/rules/50-udev-default.rules.in
++++ b/rules/50-udev-default.rules.in
+@@ -31,14 +31,11 @@ SUBSYSTEM=="input", KERNEL=="js[0-9]*", MODE="0664"
+
+ SUBSYSTEM=="video4linux", GROUP="video"
+ SUBSYSTEM=="graphics", GROUP="video"
+-SUBSYSTEM=="drm", KERNEL!="renderD*", GROUP="video"
++SUBSYSTEM=="drm", GROUP="video"
+ SUBSYSTEM=="dvb", GROUP="video"
+ SUBSYSTEM=="media", GROUP="video"
+ SUBSYSTEM=="cec", GROUP="video"
+
+-SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="render", MODE="@GROUP_RENDER_MODE@"
+-SUBSYSTEM=="kfd", GROUP="render", MODE="@GROUP_RENDER_MODE@"
+-
+ SUBSYSTEM=="sound", GROUP="audio", \
+ OPTIONS+="static_node=snd/seq", OPTIONS+="static_node=snd/timer"
+
+diff --git a/src/login/70-uaccess.rules.m4 b/src/login/70-uaccess.rules.m4
+index d55e5bf..e46cacb 100644
+--- a/src/login/70-uaccess.rules.m4
++++ b/src/login/70-uaccess.rules.m4
+@@ -45,7 +45,7 @@ SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x010001*", TAG+="uaccess"
+ SUBSYSTEM=="firewire", ATTR{units}=="*0x00a02d:0x014001*", TAG+="uaccess"
+
+ # DRI video devices
+-SUBSYSTEM=="drm", KERNEL=="card*", TAG+="uaccess"
++SUBSYSTEM=="drm", KERNEL=="card*|renderD*", TAG+="uaccess"
+ m4_ifdef(`DEV_KVM_UACCESS',``
+ # KVM
+ SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="uaccess"''
diff --git a/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch b/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch
new file mode 100644
index 00000000..d844cbe2
--- /dev/null
+++ b/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch
@@ -0,0 +1,57 @@
+From: Nis Martensen <nis.martensen@web.de>
+Date: Tue, 19 Jan 2016 22:01:43 +0100
+Subject: Skip filesystem check if already done by the initramfs
+
+Newer versions of initramfs-tools already fsck and mount / and /usr in
+the initramfs. Skip the filesystem check in this case.
+
+Based on a previous patch by Michael Biebl <biebl@debian.org>.
+
+Closes: #782522
+Closes: #810748
+---
+ src/fstab-generator/fstab-generator.c | 11 ++++++++---
+ units/systemd-fsck-root.service.in | 1 +
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
+index 55a8242..777ae5f 100644
+--- a/src/fstab-generator/fstab-generator.c
++++ b/src/fstab-generator/fstab-generator.c
+@@ -310,6 +310,7 @@ static int add_mount(
+ *where_escaped = NULL;
+ _cleanup_fclose_ FILE *f = NULL;
+ int r;
++ struct stat sb;
+
+ assert(what);
+ assert(where);
+@@ -387,9 +388,13 @@ static int add_mount(
+ }
+
+ if (passno != 0) {
+- r = generator_write_fsck_deps(f, dest, what, where, fstype);
+- if (r < 0)
+- return r;
++ if (streq(where, "/usr") && stat("/run/initramfs/fsck-usr", &sb) == 0)
++ ; /* skip /usr fsck if it has already been checked in the initramfs */
++ else {
++ r = generator_write_fsck_deps(f, dest, what, where, fstype);
++ if (r < 0)
++ return r;
++ }
+ }
+
+ fprintf(f, "\n[Mount]\n");
+diff --git a/units/systemd-fsck-root.service.in b/units/systemd-fsck-root.service.in
+index bea6c16..49df031 100644
+--- a/units/systemd-fsck-root.service.in
++++ b/units/systemd-fsck-root.service.in
+@@ -16,6 +16,7 @@ Before=local-fs.target shutdown.target
+ Wants=systemd-fsckd.socket
+ After=systemd-fsckd.socket
+ ConditionPathIsReadWrite=!/
++ConditionPathExists=!/run/initramfs/fsck-root
+
+ [Service]
+ Type=oneshot
diff --git a/debian/patches/debian/Use-Debian-specific-config-files.patch b/debian/patches/debian/Use-Debian-specific-config-files.patch
new file mode 100644
index 00000000..678e2ba0
--- /dev/null
+++ b/debian/patches/debian/Use-Debian-specific-config-files.patch
@@ -0,0 +1,428 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Thu, 18 Jul 2013 20:11:02 +0200
+Subject: Use Debian specific config files
+
+Use /etc/default/locale instead of /etc/locale.conf for locale settings.
+
+Use /etc/default/keyboard instead of /etc/X11/xorg.conf.d/00-keyboard.conf for
+keyboard configuration.
+
+Read/write /etc/timezone if /etc/localtime does not exist.
+---
+ src/basic/time-util.c | 21 ++++-
+ src/core/locale-setup.c | 21 +++++
+ src/locale/keymap-util.c | 209 +++++++++++++++++++++++------------------------
+ src/timedate/timedated.c | 10 +++
+ 4 files changed, 154 insertions(+), 107 deletions(-)
+
+diff --git a/src/basic/time-util.c b/src/basic/time-util.c
+index 557c75d..ea5f6a4 100644
+--- a/src/basic/time-util.c
++++ b/src/basic/time-util.c
+@@ -1382,8 +1382,25 @@ int get_timezone(char **tz) {
+ int r;
+
+ r = readlink_malloc("/etc/localtime", &t);
+- if (r < 0)
+- return r; /* returns EINVAL if not a symlink */
++ if (r < 0) {
++ if (r != -EINVAL)
++ return r; /* returns EINVAL if not a symlink */
++
++ r = read_one_line_file("/etc/timezone", &t);
++ if (r < 0) {
++ if (r != -ENOENT)
++ log_warning_errno(r, "Failed to read /etc/timezone: %m");
++ return -EINVAL;
++ }
++
++ if (!timezone_is_valid(t, LOG_DEBUG))
++ return -EINVAL;
++ z = strdup(t);
++ if (!z)
++ return -ENOMEM;
++ *tz = z;
++ return 0;
++ }
+
+ e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/");
+ if (!e)
+diff --git a/src/core/locale-setup.c b/src/core/locale-setup.c
+index 584fb22..bb8e17f 100644
+--- a/src/core/locale-setup.c
++++ b/src/core/locale-setup.c
+@@ -59,6 +59,27 @@ int locale_setup(char ***environment) {
+ log_warning_errno(r, "Failed to read /etc/locale.conf: %m");
+ }
+
++ if (r <= 0) {
++ r = parse_env_file(NULL, "/etc/default/locale",
++ "LANG", &variables[VARIABLE_LANG],
++ "LANGUAGE", &variables[VARIABLE_LANGUAGE],
++ "LC_CTYPE", &variables[VARIABLE_LC_CTYPE],
++ "LC_NUMERIC", &variables[VARIABLE_LC_NUMERIC],
++ "LC_TIME", &variables[VARIABLE_LC_TIME],
++ "LC_COLLATE", &variables[VARIABLE_LC_COLLATE],
++ "LC_MONETARY", &variables[VARIABLE_LC_MONETARY],
++ "LC_MESSAGES", &variables[VARIABLE_LC_MESSAGES],
++ "LC_PAPER", &variables[VARIABLE_LC_PAPER],
++ "LC_NAME", &variables[VARIABLE_LC_NAME],
++ "LC_ADDRESS", &variables[VARIABLE_LC_ADDRESS],
++ "LC_TELEPHONE", &variables[VARIABLE_LC_TELEPHONE],
++ "LC_MEASUREMENT", &variables[VARIABLE_LC_MEASUREMENT],
++ "LC_IDENTIFICATION", &variables[VARIABLE_LC_IDENTIFICATION]);
++
++ if (r < 0 && r != -ENOENT)
++ log_warning_errno(r, "Failed to read /etc/default/locale: %m");
++ }
++
+ for (i = 0; i < _VARIABLE_LC_MAX; i++) {
+ char *s;
+
+diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c
+index 6b6b32a..cb63d45 100644
+--- a/src/locale/keymap-util.c
++++ b/src/locale/keymap-util.c
+@@ -95,6 +95,7 @@ void locale_simplify(char *locale[_VARIABLE_LC_MAX]) {
+ int locale_read_data(Context *c, sd_bus_message *m) {
+ struct stat st;
+ int r;
++ const char *path = "/etc/locale.conf";
+
+ /* Do not try to re-read the file within single bus operation. */
+ if (m) {
+@@ -105,7 +106,11 @@ int locale_read_data(Context *c, sd_bus_message *m) {
+ c->locale_cache = sd_bus_message_ref(m);
+ }
+
+- r = stat("/etc/locale.conf", &st);
++ r = stat(path, &st);
++ if (r < 0 && errno == ENOENT) {
++ path = "/etc/default/locale";
++ r = stat(path, &st);
++ }
+ if (r < 0 && errno != ENOENT)
+ return -errno;
+
+@@ -120,7 +125,7 @@ int locale_read_data(Context *c, sd_bus_message *m) {
+ c->locale_mtime = t;
+ context_free_locale(c);
+
+- r = parse_env_file(NULL, "/etc/locale.conf",
++ r = parse_env_file(NULL, path,
+ "LANG", &c->locale[VARIABLE_LANG],
+ "LANGUAGE", &c->locale[VARIABLE_LANGUAGE],
+ "LC_CTYPE", &c->locale[VARIABLE_LC_CTYPE],
+@@ -201,8 +206,6 @@ int vconsole_read_data(Context *c, sd_bus_message *m) {
+ }
+
+ int x11_read_data(Context *c, sd_bus_message *m) {
+- _cleanup_fclose_ FILE *f = NULL;
+- bool in_section = false;
+ struct stat st;
+ usec_t t;
+ int r;
+@@ -216,7 +219,7 @@ int x11_read_data(Context *c, sd_bus_message *m) {
+ c->x11_cache = sd_bus_message_ref(m);
+ }
+
+- if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) < 0) {
++ if (stat("/etc/default/keyboard", &st) < 0) {
+ if (errno != ENOENT)
+ return -errno;
+
+@@ -233,61 +236,14 @@ int x11_read_data(Context *c, sd_bus_message *m) {
+ c->x11_mtime = t;
+ context_free_x11(c);
+
+- f = fopen("/etc/X11/xorg.conf.d/00-keyboard.conf", "re");
+- if (!f)
+- return -errno;
+-
+- for (;;) {
+- _cleanup_free_ char *line = NULL;
+- char *l;
+-
+- r = read_line(f, LONG_LINE_MAX, &line);
+- if (r < 0)
+- return r;
+- if (r == 0)
+- break;
+-
+- l = strstrip(line);
+- if (IN_SET(l[0], 0, '#'))
+- continue;
+-
+- if (in_section && first_word(l, "Option")) {
+- _cleanup_strv_free_ char **a = NULL;
+-
+- r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES);
+- if (r < 0)
+- return r;
+-
+- if (strv_length(a) == 3) {
+- char **p = NULL;
+-
+- if (streq(a[1], "XkbLayout"))
+- p = &c->x11_layout;
+- else if (streq(a[1], "XkbModel"))
+- p = &c->x11_model;
+- else if (streq(a[1], "XkbVariant"))
+- p = &c->x11_variant;
+- else if (streq(a[1], "XkbOptions"))
+- p = &c->x11_options;
+-
+- if (p) {
+- free_and_replace(*p, a[2]);
+- }
+- }
++ r = parse_env_file(NULL, "/etc/default/keyboard",
++ "XKBMODEL", &c->x11_model,
++ "XKBLAYOUT", &c->x11_layout,
++ "XKBVARIANT", &c->x11_variant,
++ "XKBOPTIONS", &c->x11_options);
+
+- } else if (!in_section && first_word(l, "Section")) {
+- _cleanup_strv_free_ char **a = NULL;
+-
+- r = strv_split_extract(&a, l, WHITESPACE, EXTRACT_QUOTES);
+- if (r < 0)
+- return -ENOMEM;
+-
+- if (strv_length(a) == 2 && streq(a[1], "InputClass"))
+- in_section = true;
+-
+- } else if (in_section && first_word(l, "EndSection"))
+- in_section = false;
+- }
++ if (r < 0)
++ return r;
+
+ return 0;
+ }
+@@ -296,9 +252,18 @@ int locale_write_data(Context *c, char ***settings) {
+ _cleanup_strv_free_ char **l = NULL;
+ struct stat st;
+ int r, p;
++ const char *path = "/etc/locale.conf";
+
+ /* Set values will be returned as strv in *settings on success. */
+
++ r = load_env_file(NULL, path, &l);
++ if (r < 0 && r == -ENOENT) {
++ path = "/etc/default/locale";
++ r = load_env_file(NULL, path, &l);
++ }
++ if (r < 0 && r != -ENOENT)
++ return r;
++
+ for (p = 0; p < _VARIABLE_LC_MAX; p++) {
+ _cleanup_free_ char *t = NULL;
+ char **u;
+@@ -321,20 +286,20 @@ int locale_write_data(Context *c, char ***settings) {
+ }
+
+ if (strv_isempty(l)) {
+- if (unlink("/etc/locale.conf") < 0)
++ if (unlink(path) < 0)
+ return errno == ENOENT ? 0 : -errno;
+
+ c->locale_mtime = USEC_INFINITY;
+ return 0;
+ }
+
+- r = write_env_file_label("/etc/locale.conf", l);
++ r = write_env_file_label(path, l);
+ if (r < 0)
+ return r;
+
+ *settings = TAKE_PTR(l);
+
+- if (stat("/etc/locale.conf", &st) >= 0)
++ if (stat(path, &st) >= 0)
+ c->locale_mtime = timespec_load(&st.st_mtim);
+
+ return 0;
+@@ -402,70 +367,104 @@ int vconsole_write_data(Context *c) {
+ }
+
+ int x11_write_data(Context *c) {
+- _cleanup_fclose_ FILE *f = NULL;
+- _cleanup_free_ char *temp_path = NULL;
+ struct stat st;
+ int r;
++ char *t, **u, **l = NULL;
+
+- if (isempty(c->x11_layout) &&
+- isempty(c->x11_model) &&
+- isempty(c->x11_variant) &&
+- isempty(c->x11_options)) {
++ r = load_env_file(NULL, "/etc/default/keyboard", &l);
++ if (r < 0 && r != -ENOENT)
++ return r;
+
+- if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0)
+- return errno == ENOENT ? 0 : -errno;
++ /* This could perhaps be done more elegantly using an array
++ * like we do for the locale, instead of struct
++ */
++ if (isempty(c->x11_layout)) {
++ l = strv_env_unset(l, "XKBLAYOUT");
++ } else {
++ if (asprintf(&t, "XKBLAYOUT=%s", c->x11_layout) < 0) {
++ strv_free(l);
++ return -ENOMEM;
++ }
+
+- c->vc_mtime = USEC_INFINITY;
+- return 0;
++ u = strv_env_set(l, t);
++ free(t);
++ strv_free(l);
++
++ if (!u)
++ return -ENOMEM;
++
++ l = u;
+ }
+
+- mkdir_p_label("/etc/X11/xorg.conf.d", 0755);
++ if (isempty(c->x11_model)) {
++ l = strv_env_unset(l, "XKBMODEL");
++ } else {
++ if (asprintf(&t, "XKBMODEL=%s", c->x11_model) < 0) {
++ strv_free(l);
++ return -ENOMEM;
++ }
++
++ u = strv_env_set(l, t);
++ free(t);
++ strv_free(l);
+
+- r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f, &temp_path);
+- if (r < 0)
+- return r;
++ if (!u)
++ return -ENOMEM;
+
+- (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
+- (void) fchmod(fileno(f), 0644);
++ l = u;
++ }
+
+- fputs("# Written by systemd-localed(8), read by systemd-localed and Xorg. It's\n"
+- "# probably wise not to edit this file manually. Use localectl(1) to\n"
+- "# instruct systemd-localed to update it.\n"
+- "Section \"InputClass\"\n"
+- " Identifier \"system-keyboard\"\n"
+- " MatchIsKeyboard \"on\"\n", f);
++ if (isempty(c->x11_variant)) {
++ l = strv_env_unset(l, "XKBVARIANT");
++ } else {
++ if (asprintf(&t, "XKBVARIANT=%s", c->x11_variant) < 0) {
++ strv_free(l);
++ return -ENOMEM;
++ }
+
+- if (!isempty(c->x11_layout))
+- fprintf(f, " Option \"XkbLayout\" \"%s\"\n", c->x11_layout);
++ u = strv_env_set(l, t);
++ free(t);
++ strv_free(l);
+
+- if (!isempty(c->x11_model))
+- fprintf(f, " Option \"XkbModel\" \"%s\"\n", c->x11_model);
++ if (!u)
++ return -ENOMEM;
+
+- if (!isempty(c->x11_variant))
+- fprintf(f, " Option \"XkbVariant\" \"%s\"\n", c->x11_variant);
++ l = u;
++ }
+
+- if (!isempty(c->x11_options))
+- fprintf(f, " Option \"XkbOptions\" \"%s\"\n", c->x11_options);
++ if (isempty(c->x11_options)) {
++ l = strv_env_unset(l, "XKBOPTIONS");
++ } else {
++ if (asprintf(&t, "XKBOPTIONS=%s", c->x11_options) < 0) {
++ strv_free(l);
++ return -ENOMEM;
++ }
+
+- fputs("EndSection\n", f);
++ u = strv_env_set(l, t);
++ free(t);
++ strv_free(l);
+
+- r = fflush_sync_and_check(f);
+- if (r < 0)
+- goto fail;
++ if (!u)
++ return -ENOMEM;
+
+- if (rename(temp_path, "/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) {
+- r = -errno;
+- goto fail;
++ l = u;
+ }
+
+- if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) >= 0)
+- c->x11_mtime = timespec_load(&st.st_mtim);
++ if (strv_isempty(l)) {
++ strv_free(l);
+
+- return 0;
++ if (unlink("/etc/default/keyboard") < 0)
++ return errno == ENOENT ? 0 : -errno;
+
+-fail:
+- if (temp_path)
+- (void) unlink(temp_path);
++ c->vc_mtime = USEC_INFINITY;
++ return 0;
++ }
++
++ r = write_env_file("/etc/default/keyboard", l);
++ strv_free(l);
++
++ if (r >= 0 && stat("/etc/default/keyboard", &st) >= 0)
++ c->x11_mtime = timespec_load(&st.st_mtim);
+
+ return r;
+ }
+diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
+index e168889..7485f2b 100644
+--- a/src/timedate/timedated.c
++++ b/src/timedate/timedated.c
+@@ -215,6 +215,7 @@ static int context_read_data(Context *c) {
+ static int context_write_data_timezone(Context *c) {
+ _cleanup_free_ char *p = NULL;
+ int r = 0;
++ struct stat st;
+
+ assert(c);
+
+@@ -222,6 +223,9 @@ static int context_write_data_timezone(Context *c) {
+ if (unlink("/etc/localtime") < 0 && errno != ENOENT)
+ r = -errno;
+
++ if (unlink("/etc/timezone") < 0 && errno != ENOENT)
++ r = -errno;
++
+ return r;
+ }
+
+@@ -233,6 +237,12 @@ static int context_write_data_timezone(Context *c) {
+ if (r < 0)
+ return r;
+
++ if (stat("/etc/timezone", &st) == 0 && S_ISREG(st.st_mode)) {
++ r = write_string_file("/etc/timezone", c->zone, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
++ if (r < 0)
++ return r;
++ }
++
+ return 0;
+ }
+
diff --git a/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch b/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch
new file mode 100644
index 00000000..8f941837
--- /dev/null
+++ b/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch
@@ -0,0 +1,1055 @@
+From: Didier Roche <didrocks@ubuntu.com>
+Date: Fri, 22 May 2015 13:04:38 +0200
+Subject: fsckd daemon for inter-fsckd communication
+
+Global logic:
+Add systemd-fsckd multiplexer which accepts multiple (via systemd-fsck's
+/run/systemd/fsck.progress socket) fsck instances to connect to it and sends
+progress report. systemd-fsckd then computes and writes to /dev/console the
+number of devices currently being checked and the minimum fsck progress.
+
+Plymouth and user interaction:
+Forward the progress to plymouth and support canellation of in progress fsck.
+Try to connect and send to plymouth (if running) some checked report progress,
+using direct plymouth protocole.
+
+Update message is the following:
+fsckd:<num_devices>:<progress>:<string>
+* num_devices corresponds to the current number of devices being checked (int)
+* progress corresponds to the current minimum percentage of all devices being
+ checked (float, from 0 to 100)
+* string is a translated message ready to be displayed by the plymouth theme
+ displaying the information above. It can be overridden by plymouth themes
+ supporting i18n.
+
+Grab in fsckd plymouth watch key Control+C, and propagate this cancel request
+to systemd-fsck which will terminate fsck.
+
+Send a message to signal to user what key we are grabbing for fsck cancel.
+
+Message is: fsckd-cancel-msg:<string>
+Where string is a translated string ready to be displayed by the plymouth theme
+indicating that Control+C can be used to cancel current checks. It can be
+overridden (matching only fsckd-cancel-msg prefix) for themes supporting i18n.
+
+Misc:
+systemd-fsckd stops on idle when no fsck is connected.
+Add man page explaining the plymouth theme protocol, usage of the daemon
+as well as the socket activation part. Adapt existing fsck man page.
+
+Note that fsckd had lived in the upstream tree for a while, but was removed.
+More information at
+http://lists.freedesktop.org/archives/systemd-devel/2015-April/030175.html
+-
+---
+ man/rules/meson.build | 1 +
+ man/systemd-fsckd.service.xml | 162 +++++++++
+ meson.build | 8 +
+ po/POTFILES.in | 1 +
+ src/fsckd/fsckd.c | 690 +++++++++++++++++++++++++++++++++++++
+ units/meson.build | 2 +
+ units/systemd-fsck-root.service.in | 2 +
+ units/systemd-fsck@.service.in | 3 +-
+ units/systemd-fsckd.service.in | 17 +
+ units/systemd-fsckd.socket | 15 +
+ 10 files changed, 900 insertions(+), 1 deletion(-)
+ create mode 100644 man/systemd-fsckd.service.xml
+ create mode 100644 src/fsckd/fsckd.c
+ create mode 100644 units/systemd-fsckd.service.in
+ create mode 100644 units/systemd-fsckd.socket
+
+diff --git a/man/rules/meson.build b/man/rules/meson.build
+index 0c990a0..dff5d2f 100644
+--- a/man/rules/meson.build
++++ b/man/rules/meson.build
+@@ -657,6 +657,7 @@ manpages = [
+ '8',
+ ['systemd-fsck', 'systemd-fsck-root.service'],
+ ''],
++ ['systemd-fsckd.service', '8', ['systemd-fsckd.socket', 'systemd-fsckd'], ''],
+ ['systemd-fstab-generator', '8', [], ''],
+ ['systemd-getty-generator', '8', [], ''],
+ ['systemd-gpt-auto-generator', '8', [], ''],
+diff --git a/man/systemd-fsckd.service.xml b/man/systemd-fsckd.service.xml
+new file mode 100644
+index 0000000..b7ad58d
+--- /dev/null
++++ b/man/systemd-fsckd.service.xml
+@@ -0,0 +1,162 @@
++<?xml version="1.0"?>
++<!--*-nxml-*-->
++<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
++<!--
++ This file is part of systemd.
++
++ Copyright 2015 Canonical
++
++ systemd is free software; you can redistribute it and/or modify it
++ under the terms of the GNU Lesser General Public License as published by
++ the Free Software Foundation; either version 2.1 of the License, or
++ (at your option) any later version.
++
++ systemd is distributed in the hope that it will be useful, but
++ WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public License
++ along with systemd; If not, see <http://www.gnu.org/licenses/>.
++-->
++<refentry id="systemd-fsckd.service" xmlns:xi="http://www.w3.org/2001/XInclude">
++
++ <refentryinfo>
++ <title>systemd-fsckd.service</title>
++ <productname>systemd</productname>
++
++ <authorgroup>
++ <author>
++ <contrib>Developer</contrib>
++ <firstname>Didier</firstname>
++ <surname>Roche</surname>
++ <email>didrocks@ubuntu.com</email>
++ </author>
++ </authorgroup>
++ </refentryinfo>
++
++ <refmeta>
++ <refentrytitle>systemd-fsckd.service</refentrytitle>
++ <manvolnum>8</manvolnum>
++ </refmeta>
++
++ <refnamediv>
++ <refname>systemd-fsckd.service</refname>
++ <refname>systemd-fsckd.socket</refname>
++ <refname>systemd-fsckd</refname>
++ <refpurpose>File system check progress reporting</refpurpose>
++ </refnamediv>
++
++ <refsynopsisdiv>
++ <para><filename>systemd-fsckd.service</filename></para>
++ <para><filename>systemd-fsckd.socket</filename></para>
++ <para><filename>/usr/lib/systemd/systemd-fsckd</filename></para>
++ </refsynopsisdiv>
++
++ <refsect1>
++ <title>Description</title>
++
++ <para><filename>systemd-fsckd.service</filename> is a service responsible
++ for receiving file system check progress, and communicating some
++ consolidated data to console and plymouth (if running). It also handles
++ possible check cancellations.</para>
++
++ <para><command>systemd-fsckd</command> receives messages about file
++ system check progress from <command>fsck</command> through an
++ UNIX domain socket. It can display the progress of the least advanced
++ fsck as well as the total number of devices being checked in parallel
++ to the console. It will also send progress messages to plymouth.
++ Both the raw data and translated messages are sent, so compiled
++ plymouth themes can use the raw data to display custom messages, and
++ scripted themes, not supporting i18n, can display the translated
++ versions.</para>
++
++ <para><command>systemd-fsckd</command> will instruct plymouth to grab
++ Control+C keypresses. When the key is pressed, running checks will be
++ terminated. It will also cancel any newly connected fsck instances for
++ the lifetime of <filename>systemd-fsckd</filename>.</para>
++ </refsect1>
++
++ <refsect1>
++ <title>Protocol for communication with plymouth</title>
++
++ <para><filename>systemd-fsckd</filename> passes the
++ following messages to the theme:</para>
++
++ <para>Progress update, sent as a plymouth update message:
++ <literal>fsckd:<num_devices>:<progress>:<string></literal>
++ <variablelist>
++ <varlistentry>
++ <term><literal><num_devices></literal></term>
++ <listitem><para>the current number of devices
++ being checked (int)</para></listitem>
++ </varlistentry>
++ <varlistentry>
++ <term><literal><progress></literal></term>
++ <listitem><para>the current minimum percentage of
++ all devices being checking (float, from 0 to 100)</para></listitem>
++ </varlistentry>
++ <varlistentry>
++ <term><literal><string></literal></term>
++ <listitem><para>a translated message ready to be displayed
++ by the plymouth theme displaying the data above. It can be overridden
++ by themes supporting i18n.</para></listitem>
++ </varlistentry>
++ </variablelist>
++ </para>
++
++ <para>Cancel message, sent as a traditional plymouth message:
++ <literal>fsckd-cancel-msg:<string></literal>
++ <variablelist>
++ <varlistentry>
++ <term><literal><strings></literal></term>
++ <listitem><para>a translated string ready to be displayed
++ by the plymouth theme indicating that Control+C can be used to cancel
++ current checks. It can be overridden (matching only
++ <literal>fsckd-cancel-msg</literal> prefix)
++ by themes supporting i18n.</para></listitem>
++ </varlistentry>
++ </variablelist>
++ </para>
++ </refsect1>
++
++ <refsect1>
++ <title>Options</title>
++
++ <para>The following options are understood:</para>
++
++ <variablelist>
++ <xi:include href="standard-options.xml" xpointer="help" />
++ <xi:include href="standard-options.xml" xpointer="version" />
++ </variablelist>
++
++ </refsect1>
++
++ <refsect1>
++ <title>Exit status</title>
++
++ <para>On success, 0 is returned, a non-zero failure
++ code otherwise. Note that the daemon stays idle for
++ a while to accept new <filename>fsck</filename>
++ connections before exiting.</para>
++ </refsect1>
++
++ <refsect1>
++ <title>See Also</title>
++ <para>
++ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
++ <citerefentry><refentrytitle>systemd-fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry><refentrytitle>systemd-quotacheck.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.cramfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.ext4</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.fat</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.hfsplus</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.minix</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.ntfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.xfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>
++ </para>
++ </refsect1>
++
++</refentry>
+diff --git a/meson.build b/meson.build
+index e6b28e1..a87bb57 100644
+--- a/meson.build
++++ b/meson.build
+@@ -2372,6 +2372,14 @@ executable('systemd-makefs',
+ install : true,
+ install_dir : rootlibexecdir)
+
++executable('systemd-fsckd',
++ 'src/fsckd/fsckd.c',
++ include_directories : includes,
++ link_with : [libshared],
++ install_rpath : rootlibexecdir,
++ install : true,
++ install_dir : rootlibexecdir)
++
+ executable('systemd-sleep',
+ 'src/sleep/sleep.c',
+ include_directories : includes,
+diff --git a/po/POTFILES.in b/po/POTFILES.in
+index 029261c..d709ddb 100644
+--- a/po/POTFILES.in
++++ b/po/POTFILES.in
+@@ -8,3 +8,4 @@ src/portable/org.freedesktop.portable1.policy
+ src/resolve/org.freedesktop.resolve1.policy
+ src/timedate/org.freedesktop.timedate1.policy
+ src/core/dbus-unit.c
++src/fsckd/fsckd.c
+diff --git a/src/fsckd/fsckd.c b/src/fsckd/fsckd.c
+new file mode 100644
+index 0000000..d48e53a
+--- /dev/null
++++ b/src/fsckd/fsckd.c
+@@ -0,0 +1,690 @@
++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
++
++/***
++ This file is part of systemd.
++
++ Copyright 2015 Canonical
++
++ Author:
++ Didier Roche <didrocks@ubuntu.com>
++
++ systemd is free software; you can redistribute it and/or modify it
++ under the terms of the GNU Lesser General Public License as published by
++ the Free Software Foundation; either version 2.1 of the License, or
++ (at your option) any later version.
++
++ systemd is distributed in the hope that it will be useful, but
++ WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public License
++ along with systemd; If not, see <http://www.gnu.org/licenses/>.
++***/
++
++#include <getopt.h>
++#include <errno.h>
++#include <libintl.h>
++#include <math.h>
++#include <stdbool.h>
++#include <stdlib.h>
++#include <stdio.h>
++#include <sys/socket.h>
++#include <sys/types.h>
++#include <sys/un.h>
++#include <unistd.h>
++
++#include "sd-daemon.h"
++#include "build.h"
++#include "def.h"
++#include "sd-event.h"
++#include "log.h"
++#include "list.h"
++#include "macro.h"
++#include "socket-util.h"
++#include "fd-util.h"
++#include "string-util.h"
++#include "io-util.h"
++#include "util.h"
++#include "alloc-util.h"
++#include "locale-util.h"
++
++#define FSCKD_SOCKET_PATH "/run/systemd/fsck.progress"
++#define IDLE_TIME_SECONDS 30
++#define PLYMOUTH_REQUEST_KEY "K\2\2\3"
++#define CLIENTS_MAX 128
++
++struct Manager;
++
++typedef struct Client {
++ struct Manager *manager;
++ char *device_name;
++ /* device id refers to "fd <fd>" until it gets a name as "device_name" */
++ char *device_id;
++
++ pid_t fsck_pid;
++ FILE *fsck_f;
++
++ size_t cur;
++ size_t max;
++ int pass;
++
++ double percent;
++
++ bool cancelled;
++ bool bad_input;
++
++ sd_event_source *event_source;
++
++ LIST_FIELDS(struct Client, clients);
++} Client;
++
++typedef struct Manager {
++ sd_event *event;
++
++ LIST_HEAD(Client, clients);
++ unsigned n_clients;
++
++ size_t clear;
++
++ int connection_fd;
++ sd_event_source *connection_event_source;
++
++ bool show_status_console;
++
++ double percent;
++ int numdevices;
++
++ int plymouth_fd;
++ sd_event_source *plymouth_event_source;
++ bool plymouth_cancel_sent;
++
++ bool cancel_requested;
++} Manager;
++
++static void client_free(Client *c);
++static void manager_free(Manager *m);
++
++DEFINE_TRIVIAL_CLEANUP_FUNC(Client*, client_free);
++DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
++
++static int manager_write_console(Manager *m, const char *message) {
++ _cleanup_fclose_ FILE *console = NULL;
++ int l;
++ size_t j;
++
++ assert(m);
++
++ if (!m->show_status_console)
++ return 0;
++
++ /* Reduce the SAK window by opening and closing console on every request */
++ console = fopen("/dev/console", "we");
++ if (!console)
++ return -errno;
++
++ if (message) {
++ fprintf(console, "\r%s\r%n", message, &l);
++ if (m->clear < (size_t)l)
++ m->clear = (size_t)l;
++ } else {
++ fputc('\r', console);
++ for (j = 0; j < m->clear; j++)
++ fputc(' ', console);
++ fputc('\r', console);
++ }
++ fflush(console);
++
++ return 0;
++}
++
++static double compute_percent(int pass, size_t cur, size_t max) {
++ /* Values stolen from e2fsck */
++
++ static const double pass_table[] = {
++ 0, 70, 90, 92, 95, 100
++ };
++
++ if (pass <= 0)
++ return 0.0;
++
++ if ((unsigned) pass >= ELEMENTSOF(pass_table) || max == 0)
++ return 100.0;
++
++ return pass_table[pass-1] +
++ (pass_table[pass] - pass_table[pass-1]) *
++ (double) cur / max;
++}
++
++static int client_request_cancel(Client *c) {
++ assert(c);
++
++ if (c->cancelled)
++ return 0;
++
++ log_info("Request to cancel fsck for %s from fsckd", c->device_id);
++ if (kill(c->fsck_pid, SIGTERM) < 0) {
++ /* ignore the error and consider that cancel was sent if fsck just exited */
++ if (errno != ESRCH)
++ return log_error_errno(errno, "Cannot send cancel to fsck for %s: %m", c->device_id);
++ }
++
++ c->cancelled = true;
++ return 1;
++}
++
++static void client_free(Client *c) {
++ assert(c);
++
++ if (c->manager) {
++ LIST_REMOVE(clients, c->manager->clients, c);
++ c->manager->n_clients--;
++ }
++
++ sd_event_source_unref(c->event_source);
++ fclose(c->fsck_f);
++ if (c->device_name)
++ free(c->device_name);
++ if (c->device_id)
++ free(c->device_id);
++ free(c);
++}
++
++static void manager_disconnect_plymouth(Manager *m) {
++ assert(m);
++
++ m->plymouth_event_source = sd_event_source_unref(m->plymouth_event_source);
++ m->plymouth_fd = safe_close(m->plymouth_fd);
++ m->plymouth_cancel_sent = false;
++}
++
++static int manager_plymouth_feedback_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
++ Manager *m = userdata;
++ Client *current;
++ char buffer[6];
++ ssize_t l;
++
++ assert(m);
++
++ l = read(m->plymouth_fd, buffer, sizeof(buffer));
++ if (l < 0) {
++ log_warning_errno(errno, "Got error while reading from plymouth: %m");
++ manager_disconnect_plymouth(m);
++ return -errno;
++ }
++ if (l == 0) {
++ manager_disconnect_plymouth(m);
++ return 0;
++ }
++
++ if (l > 1 && buffer[0] == '\15')
++ log_error("Message update to plymouth wasn't delivered successfully");
++
++ /* the only answer support type we requested is a key interruption */
++ if (l > 2 && buffer[0] == '\2' && buffer[5] == '\3') {
++ m->cancel_requested = true;
++
++ /* cancel all connected clients */
++ LIST_FOREACH(clients, current, m->clients)
++ client_request_cancel(current);
++ }
++
++ return 0;
++}
++
++static int manager_connect_plymouth(Manager *m) {
++ union sockaddr_union sa = PLYMOUTH_SOCKET;
++ int r;
++
++ if (!plymouth_running())
++ return 0;
++
++ /* try to connect or reconnect if sending a message */
++ if (m->plymouth_fd >= 0)
++ return 1;
++
++ m->plymouth_fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
++ if (m->plymouth_fd < 0)
++ return log_warning_errno(errno, "Connection to plymouth socket failed: %m");
++
++ if (connect(m->plymouth_fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + 1 + strlen(sa.un.sun_path+1)) < 0) {
++ r = log_warning_errno(errno, "Couldn't connect to plymouth: %m");
++ goto fail;
++ }
++
++ r = sd_event_add_io(m->event, &m->plymouth_event_source, m->plymouth_fd, EPOLLIN, manager_plymouth_feedback_handler, m);
++ if (r < 0) {
++ log_warning_errno(r, "Can't listen to plymouth socket: %m");
++ goto fail;
++ }
++
++ return 1;
++
++fail:
++ manager_disconnect_plymouth(m);
++ return r;
++}
++
++static int plymouth_send_message(int plymouth_fd, const char *message, bool update) {
++ _cleanup_free_ char *packet = NULL;
++ int n;
++ char mode = 'M';
++
++ if (update)
++ mode = 'U';
++
++ if (asprintf(&packet, "%c\002%c%s%n", mode, (int) (strlen(message) + 1), message, &n) < 0)
++ return log_oom();
++
++ return loop_write(plymouth_fd, packet, n + 1, true);
++}
++
++static int manager_send_plymouth_message(Manager *m, const char *message) {
++ const char *plymouth_cancel_message = NULL, *l10n_cancel_message = NULL;
++ int r;
++
++ r = manager_connect_plymouth(m);
++ if (r < 0)
++ return r;
++ /* 0 means that plymouth isn't running, do not send any message yet */
++ else if (r == 0)
++ return 0;
++
++ if (!m->plymouth_cancel_sent) {
++
++ /* Indicate to plymouth that we listen to Ctrl+C */
++ r = loop_write(m->plymouth_fd, PLYMOUTH_REQUEST_KEY, sizeof(PLYMOUTH_REQUEST_KEY), true);
++ if (r < 0)
++ return log_warning_errno(r, "Can't send to plymouth cancel key: %m");
++
++ m->plymouth_cancel_sent = true;
++
++ l10n_cancel_message = _("Press Ctrl+C to cancel all filesystem checks in progress");
++ plymouth_cancel_message = strjoina("fsckd-cancel-msg:", l10n_cancel_message);
++
++ r = plymouth_send_message(m->plymouth_fd, plymouth_cancel_message, false);
++ if (r < 0)
++ log_warning_errno(r, "Can't send filesystem cancel message to plymouth: %m");
++
++ } else if (m->numdevices == 0) {
++
++ m->plymouth_cancel_sent = false;
++
++ r = plymouth_send_message(m->plymouth_fd, "", false);
++ if (r < 0)
++ log_warning_errno(r, "Can't clear plymouth filesystem cancel message: %m");
++ }
++
++ r = plymouth_send_message(m->plymouth_fd, message, true);
++ if (r < 0)
++ return log_warning_errno(r, "Couldn't send \"%s\" to plymouth: %m", message);
++
++ return 0;
++}
++
++static int manager_update_global_progress(Manager *m) {
++ Client *current = NULL;
++ _cleanup_free_ char *console_message = NULL;
++ _cleanup_free_ char *fsck_message = NULL;
++ int current_numdevices = 0, r;
++ double current_percent = 100;
++
++ /* get the overall percentage */
++ LIST_FOREACH(clients, current, m->clients) {
++ current_numdevices++;
++
++ /* right now, we only keep the minimum % of all fsckd processes. We could in the future trying to be
++ linear, but max changes and corresponds to the pass. We have all the informations into fsckd
++ already if we can treat that in a smarter way. */
++ current_percent = MIN(current_percent, current->percent);
++ }
++
++ /* update if there is anything user-visible to update */
++ if (fabs(current_percent - m->percent) > 0.001 || current_numdevices != m->numdevices) {
++ m->numdevices = current_numdevices;
++ m->percent = current_percent;
++
++ if (asprintf(&console_message,
++ ngettext("Checking in progress on %d disk (%3.1f%% complete)",
++ "Checking in progress on %d disks (%3.1f%% complete)", m->numdevices),
++ m->numdevices, m->percent) < 0)
++ return -ENOMEM;
++
++ if (asprintf(&fsck_message, "fsckd:%d:%3.1f:%s", m->numdevices, m->percent, console_message) < 0)
++ return -ENOMEM;
++
++ r = manager_write_console(m, console_message);
++ if (r < 0)
++ return r;
++
++ /* try to connect to plymouth and send message */
++ r = manager_send_plymouth_message(m, fsck_message);
++ if (r < 0)
++ return r;
++ }
++ return 0;
++}
++
++static int client_progress_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
++ Client *client = userdata;
++ char line[LINE_MAX];
++ Manager *m;
++
++ assert(client);
++ m = client->manager;
++
++ /* check first if we need to cancel this client */
++ if (m->cancel_requested)
++ client_request_cancel(client);
++
++ while (fgets(line, sizeof(line), client->fsck_f) != NULL) {
++ int pass;
++ size_t cur, max;
++ _cleanup_free_ char *device = NULL, *old_device_id = NULL;
++
++ if (sscanf(line, "%i %zu %zu %ms", &pass, &cur, &max, &device) == 4) {
++ if (!client->device_name) {
++ client->device_name = strdup(device);
++ if (!client->device_name) {
++ log_oom();
++ continue;
++ }
++ old_device_id = client->device_id;
++ client->device_id = strdup(device);
++ if (!client->device_id) {
++ log_oom();
++ client->device_id = old_device_id;
++ old_device_id = NULL;
++ continue;
++ }
++ }
++ client->pass = pass;
++ client->cur = cur;
++ client->max = max;
++ client->bad_input = false;
++ client->percent = compute_percent(client->pass, client->cur, client->max);
++ log_debug("Getting progress for %s (%zu, %zu, %d) : %3.1f%%", client->device_id,
++ client->cur, client->max, client->pass, client->percent);
++ } else {
++ if (errno == ENOMEM) {
++ log_oom();
++ continue;
++ }
++
++ /* if previous input was already garbage, kick it off from progress report */
++ if (client->bad_input) {
++ log_warning("Closing connection on incorrect input of fsck connection for %s", client->device_id);
++ client_free(client);
++ manager_update_global_progress(m);
++ return 0;
++ }
++ client->bad_input = true;
++ }
++
++ }
++
++ if (feof(client->fsck_f)) {
++ log_debug("Fsck client %s disconnected", client->device_id);
++ client_free(client);
++ }
++
++ manager_update_global_progress(m);
++ return 0;
++}
++
++static int manager_new_connection_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
++ _cleanup_(client_freep) Client *c = NULL;
++ _cleanup_close_ int new_fsck_fd = -1;
++ _cleanup_fclose_ FILE *new_fsck_f = NULL;
++ struct ucred ucred = {};
++ Manager *m = userdata;
++ int r;
++
++ assert(m);
++
++ /* Initialize and list new clients */
++ new_fsck_fd = accept4(m->connection_fd, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK);
++ if (new_fsck_fd < 0) {
++ log_error_errno(errno, "Couldn't accept a new connection: %m");
++ return 0;
++ }
++
++ if (m->n_clients >= CLIENTS_MAX) {
++ log_error("Too many clients, refusing connection.");
++ return 0;
++ }
++
++
++ new_fsck_f = fdopen(new_fsck_fd, "r");
++ if (!new_fsck_f) {
++ log_error_errno(errno, "Couldn't fdopen new connection for fd %d: %m", new_fsck_fd);
++ return 0;
++ }
++ new_fsck_fd = -1;
++
++ r = getpeercred(fileno(new_fsck_f), &ucred);
++ if (r < 0) {
++ log_error_errno(r, "Couldn't get credentials for fsck: %m");
++ return 0;
++ }
++
++ c = new0(Client, 1);
++ if (!c) {
++ log_oom();
++ return 0;
++ }
++
++ c->fsck_pid = ucred.pid;
++ c->fsck_f = new_fsck_f;
++ new_fsck_f = NULL;
++
++ if (asprintf(&(c->device_id), "fd %d", fileno(c->fsck_f)) < 0) {
++ log_oom();
++ return 0;
++ }
++
++ r = sd_event_add_io(m->event, &c->event_source, fileno(c->fsck_f), EPOLLIN, client_progress_handler, c);
++ if (r < 0) {
++ log_oom();
++ return 0;
++ }
++
++ LIST_PREPEND(clients, m->clients, c);
++ m->n_clients++;
++ c->manager = m;
++
++ log_debug("New fsck client connected: %s", c->device_id);
++
++ /* only request the client to cancel now in case the request is dropped by the client (chance to recancel) */
++ if (m->cancel_requested)
++ client_request_cancel(c);
++
++ c = NULL;
++ return 0;
++}
++
++static void manager_free(Manager *m) {
++ if (!m)
++ return;
++
++ /* clear last line */
++ manager_write_console(m, NULL);
++
++ sd_event_source_unref(m->connection_event_source);
++ safe_close(m->connection_fd);
++
++ while (m->clients)
++ client_free(m->clients);
++
++ manager_disconnect_plymouth(m);
++
++ sd_event_unref(m->event);
++
++ free(m);
++}
++
++static int manager_new(Manager **ret, int fd) {
++ _cleanup_(manager_freep) Manager *m = NULL;
++ int r;
++
++ assert(ret);
++
++ m = new0(Manager, 1);
++ if (!m)
++ return -ENOMEM;
++
++ m->plymouth_fd = -1;
++ m->connection_fd = fd;
++ m->percent = 100;
++
++ r = sd_event_default(&m->event);
++ if (r < 0)
++ return r;
++
++ if (access("/run/systemd/show-status", F_OK) >= 0)
++ m->show_status_console = true;
++
++ r = sd_event_add_io(m->event, &m->connection_event_source, fd, EPOLLIN, manager_new_connection_handler, m);
++ if (r < 0)
++ return r;
++
++ *ret = m;
++ m = NULL;
++
++ return 0;
++}
++
++static int run_event_loop_with_timeout(Manager *m, usec_t timeout) {
++ int r, code;
++ sd_event *e = m->event;
++
++ assert(e);
++
++ for (;;) {
++ r = sd_event_get_state(e);
++ if (r < 0)
++ return r;
++ if (r == SD_EVENT_FINISHED)
++ break;
++
++ r = sd_event_run(e, timeout);
++ if (r < 0)
++ return r;
++
++ /* Exit if we reached the idle timeout and no more clients are
++ connected. If there is still an fsck process running but
++ simply slow to send us progress updates, exiting would mean
++ that this fsck process receives SIGPIPE resulting in an
++ aborted file system check. */
++ if (r == 0 && m->n_clients == 0) {
++ sd_event_exit(e, 0);
++ break;
++ }
++ }
++
++ r = sd_event_get_exit_code(e, &code);
++ if (r < 0)
++ return r;
++
++ return code;
++}
++
++static void help(void) {
++ printf("%s [OPTIONS...]\n\n"
++ "Capture fsck progress and forward one stream to plymouth\n\n"
++ " -h --help Show this help\n"
++ " --version Show package version\n",
++ program_invocation_short_name);
++}
++
++static int parse_argv(int argc, char *argv[]) {
++
++ enum {
++ ARG_VERSION = 0x100,
++ ARG_ROOT,
++ };
++
++ static const struct option options[] = {
++ { "help", no_argument, NULL, 'h' },
++ { "version", no_argument, NULL, ARG_VERSION },
++ {}
++ };
++
++ int c;
++
++ assert(argc >= 0);
++ assert(argv);
++
++ while ((c = getopt_long(argc, argv, "hv", options, NULL)) >= 0)
++ switch (c) {
++
++ case 'h':
++ help();
++ return 0;
++
++ case ARG_VERSION:
++ puts(PACKAGE_STRING);
++ puts(SYSTEMD_FEATURES);
++ return 0;
++
++ case '?':
++ return -EINVAL;
++
++ default:
++ assert_not_reached("Unhandled option");
++ }
++
++ if (optind < argc) {
++ log_error("Extraneous arguments");
++ return -EINVAL;
++ }
++
++ return 1;
++}
++
++int main(int argc, char *argv[]) {
++ _cleanup_(manager_freep) Manager *m = NULL;
++ int fd = -1;
++ int r, n;
++
++ log_set_target(LOG_TARGET_AUTO);
++ log_parse_environment();
++ log_open();
++ init_gettext();
++
++ r = parse_argv(argc, argv);
++ if (r <= 0)
++ goto finish;
++
++ n = sd_listen_fds(0);
++ if (n > 1) {
++ log_error("Too many file descriptors received.");
++ r = -EINVAL;
++ goto finish;
++ } else if (n == 1)
++ fd = SD_LISTEN_FDS_START + 0;
++ else {
++ fd = make_socket_fd(LOG_DEBUG, FSCKD_SOCKET_PATH, SOCK_STREAM, SOCK_CLOEXEC);
++ if (fd < 0) {
++ r = log_error_errno(fd, "Couldn't create listening socket fd on %s: %m", FSCKD_SOCKET_PATH);
++ goto finish;
++ }
++ }
++
++ r = manager_new(&m, fd);
++ if (r < 0) {
++ log_error_errno(r, "Failed to allocate manager: %m");
++ goto finish;
++ }
++
++ r = run_event_loop_with_timeout(m, IDLE_TIME_SECONDS * USEC_PER_SEC);
++ if (r < 0) {
++ log_error_errno(r, "Failed to run event loop: %m");
++ goto finish;
++ }
++
++ sd_event_get_exit_code(m->event, &r);
++
++finish:
++ return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
++}
+diff --git a/units/meson.build b/units/meson.build
+index d695084..ab489b3 100644
+--- a/units/meson.build
++++ b/units/meson.build
+@@ -87,6 +87,7 @@ units = [
+ ['systemd-coredump.socket', 'ENABLE_COREDUMP',
+ 'sockets.target.wants/'],
+ ['systemd-exit.service', ''],
++ ['systemd-fsckd.socket', ''],
+ ['systemd-initctl.socket', '',
+ 'sockets.target.wants/'],
+ ['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
+@@ -143,6 +144,7 @@ in_units = [
+ 'sysinit.target.wants/'],
+ ['systemd-fsck-root.service', ''],
+ ['systemd-fsck@.service', ''],
++ ['systemd-fsckd.service', ''],
+ ['systemd-halt.service', ''],
+ ['systemd-hibernate-resume@.service', 'ENABLE_HIBERNATE'],
+ ['systemd-hibernate.service', 'ENABLE_HIBERNATE'],
+diff --git a/units/systemd-fsck-root.service.in b/units/systemd-fsck-root.service.in
+index 042081c..bea6c16 100644
+--- a/units/systemd-fsck-root.service.in
++++ b/units/systemd-fsck-root.service.in
+@@ -13,6 +13,8 @@ Documentation=man:systemd-fsck-root.service(8)
+ DefaultDependencies=no
+ Conflicts=shutdown.target
+ Before=local-fs.target shutdown.target
++Wants=systemd-fsckd.socket
++After=systemd-fsckd.socket
+ ConditionPathIsReadWrite=!/
+
+ [Service]
+diff --git a/units/systemd-fsck@.service.in b/units/systemd-fsck@.service.in
+index 3322083..bfa565b 100644
+--- a/units/systemd-fsck@.service.in
++++ b/units/systemd-fsck@.service.in
+@@ -13,7 +13,8 @@ Documentation=man:systemd-fsck@.service(8)
+ DefaultDependencies=no
+ BindsTo=%i.device
+ Conflicts=shutdown.target
+-After=%i.device systemd-fsck-root.service local-fs-pre.target
++Wants=systemd-fsckd.socket
++After=%i.device systemd-fsck-root.service local-fs-pre.target systemd-fsckd.socket
+ Before=systemd-quotacheck.service shutdown.target
+
+ [Service]
+diff --git a/units/systemd-fsckd.service.in b/units/systemd-fsckd.service.in
+new file mode 100644
+index 0000000..9c7ed51
+--- /dev/null
++++ b/units/systemd-fsckd.service.in
+@@ -0,0 +1,17 @@
++# This file is part of systemd.
++#
++# systemd is free software; you can redistribute it and/or modify it
++# under the terms of the GNU Lesser General Public License as published by
++# the Free Software Foundation; either version 2.1 of the License, or
++# (at your option) any later version.
++
++[Unit]
++Description=File System Check Daemon to report status
++Documentation=man:systemd-fsckd.service(8)
++DefaultDependencies=no
++Requires=systemd-fsckd.socket
++Before=shutdown.target
++
++[Service]
++ExecStart=@rootlibexecdir@/systemd-fsckd
++StandardOutput=journal+console
+diff --git a/units/systemd-fsckd.socket b/units/systemd-fsckd.socket
+new file mode 100644
+index 0000000..61fec97
+--- /dev/null
++++ b/units/systemd-fsckd.socket
+@@ -0,0 +1,15 @@
++# This file is part of systemd.
++#
++# systemd is free software; you can redistribute it and/or modify it
++# under the terms of the GNU Lesser General Public License as published by
++# the Free Software Foundation; either version 2.1 of the License, or
++# (at your option) any later version.
++
++[Unit]
++Description=fsck to fsckd communication Socket
++Documentation=man:systemd-fsckd.service(8) man:systemd-fsck@.service(8) man:systemd-fsck-root.service(8)
++DefaultDependencies=no
++
++[Socket]
++ListenStream=/run/systemd/fsck.progress
++SocketMode=0600
diff --git a/debian/patches/httpd-use-a-cleanup-function-to-call-MHD_destroy_response.patch b/debian/patches/httpd-use-a-cleanup-function-to-call-MHD_destroy_response.patch
new file mode 100644
index 00000000..e16c1c0d
--- /dev/null
+++ b/debian/patches/httpd-use-a-cleanup-function-to-call-MHD_destroy_response.patch
@@ -0,0 +1,192 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 7 Dec 2018 12:13:10 +0100
+Subject: =?utf-8?q?=C2=B5httpd=3A_use_a_cleanup_function_to_call_MHD=5Fdest?=
+ =?utf-8?q?roy=5Fresponse?=
+
+(cherry picked from commit d101fb24eb1c58c97f2adce1f69f4b61a788933a)
+(cherry picked from commit 03bf8a389ea1e9822a1b66f14b699661e88e0cb3)
+---
+ src/journal-remote/journal-gatewayd.c | 53 +++++++++--------------------------
+ src/journal-remote/microhttpd-util.c | 11 ++------
+ src/journal-remote/microhttpd-util.h | 1 +
+ 3 files changed, 18 insertions(+), 47 deletions(-)
+
+diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
+index 4185af6..af45fa5 100644
+--- a/src/journal-remote/journal-gatewayd.c
++++ b/src/journal-remote/journal-gatewayd.c
+@@ -461,7 +461,7 @@ static int request_handler_entries(
+ struct MHD_Connection *connection,
+ void *connection_cls) {
+
+- struct MHD_Response *response;
++ _cleanup_(MHD_destroy_responsep) struct MHD_Response *response = NULL;
+ RequestMeta *m = connection_cls;
+ int r;
+
+@@ -503,11 +503,7 @@ static int request_handler_entries(
+ return respond_oom(connection);
+
+ MHD_add_response_header(response, "Content-Type", mime_types[m->mode]);
+-
+- r = MHD_queue_response(connection, MHD_HTTP_OK, response);
+- MHD_destroy_response(response);
+-
+- return r;
++ return MHD_queue_response(connection, MHD_HTTP_OK, response);
+ }
+
+ static int output_field(FILE *f, OutputMode m, const char *d, size_t l) {
+@@ -619,7 +615,7 @@ static int request_handler_fields(
+ const char *field,
+ void *connection_cls) {
+
+- struct MHD_Response *response;
++ _cleanup_(MHD_destroy_responsep) struct MHD_Response *response = NULL;
+ RequestMeta *m = connection_cls;
+ int r;
+
+@@ -642,11 +638,7 @@ static int request_handler_fields(
+ return respond_oom(connection);
+
+ MHD_add_response_header(response, "Content-Type", mime_types[m->mode == OUTPUT_JSON ? OUTPUT_JSON : OUTPUT_SHORT]);
+-
+- r = MHD_queue_response(connection, MHD_HTTP_OK, response);
+- MHD_destroy_response(response);
+-
+- return r;
++ return MHD_queue_response(connection, MHD_HTTP_OK, response);
+ }
+
+ static int request_handler_redirect(
+@@ -654,8 +646,7 @@ static int request_handler_redirect(
+ const char *target) {
+
+ char *page;
+- struct MHD_Response *response;
+- int ret;
++ _cleanup_(MHD_destroy_responsep) struct MHD_Response *response = NULL;
+
+ assert(connection);
+ assert(target);
+@@ -671,11 +662,7 @@ static int request_handler_redirect(
+
+ MHD_add_response_header(response, "Content-Type", "text/html");
+ MHD_add_response_header(response, "Location", target);
+-
+- ret = MHD_queue_response(connection, MHD_HTTP_MOVED_PERMANENTLY, response);
+- MHD_destroy_response(response);
+-
+- return ret;
++ return MHD_queue_response(connection, MHD_HTTP_MOVED_PERMANENTLY, response);
+ }
+
+ static int request_handler_file(
+@@ -683,8 +670,7 @@ static int request_handler_file(
+ const char *path,
+ const char *mime_type) {
+
+- struct MHD_Response *response;
+- int ret;
++ _cleanup_(MHD_destroy_responsep) struct MHD_Response *response = NULL;
+ _cleanup_close_ int fd = -1;
+ struct stat st;
+
+@@ -702,15 +688,10 @@ static int request_handler_file(
+ response = MHD_create_response_from_fd_at_offset64(st.st_size, fd, 0);
+ if (!response)
+ return respond_oom(connection);
+-
+- fd = -1;
++ TAKE_FD(fd);
+
+ MHD_add_response_header(response, "Content-Type", mime_type);
+-
+- ret = MHD_queue_response(connection, MHD_HTTP_OK, response);
+- MHD_destroy_response(response);
+-
+- return ret;
++ return MHD_queue_response(connection, MHD_HTTP_OK, response);
+ }
+
+ static int get_virtualization(char **v) {
+@@ -747,14 +728,13 @@ static int request_handler_machine(
+ struct MHD_Connection *connection,
+ void *connection_cls) {
+
+- struct MHD_Response *response;
++ _cleanup_(MHD_destroy_responsep) struct MHD_Response *response = NULL;
+ RequestMeta *m = connection_cls;
+ int r;
+ _cleanup_free_ char* hostname = NULL, *os_name = NULL;
+ uint64_t cutoff_from = 0, cutoff_to = 0, usage = 0;
+- char *json;
+ sd_id128_t mid, bid;
+- _cleanup_free_ char *v = NULL;
++ _cleanup_free_ char *v = NULL, *json = NULL;
+
+ assert(connection);
+ assert(m);
+@@ -803,21 +783,16 @@ static int request_handler_machine(
+ usage,
+ cutoff_from,
+ cutoff_to);
+-
+ if (r < 0)
+ return respond_oom(connection);
+
+ response = MHD_create_response_from_buffer(strlen(json), json, MHD_RESPMEM_MUST_FREE);
+- if (!response) {
+- free(json);
++ if (!response)
+ return respond_oom(connection);
+- }
++ TAKE_PTR(json);
+
+ MHD_add_response_header(response, "Content-Type", "application/json");
+- r = MHD_queue_response(connection, MHD_HTTP_OK, response);
+- MHD_destroy_response(response);
+-
+- return r;
++ return MHD_queue_response(connection, MHD_HTTP_OK, response);
+ }
+
+ static int request_handler(
+diff --git a/src/journal-remote/microhttpd-util.c b/src/journal-remote/microhttpd-util.c
+index adf40b5..6d049d1 100644
+--- a/src/journal-remote/microhttpd-util.c
++++ b/src/journal-remote/microhttpd-util.c
+@@ -32,21 +32,16 @@ static int mhd_respond_internal(struct MHD_Connection *connection,
+ const char *buffer,
+ size_t size,
+ enum MHD_ResponseMemoryMode mode) {
+- struct MHD_Response *response;
+- int r;
+-
+ assert(connection);
+
+- response = MHD_create_response_from_buffer(size, (char*) buffer, mode);
++ _cleanup_(MHD_destroy_responsep) struct MHD_Response *response
++ = MHD_create_response_from_buffer(size, (char*) buffer, mode);
+ if (!response)
+ return MHD_NO;
+
+ log_debug("Queueing response %u: %s", code, buffer);
+ MHD_add_response_header(response, "Content-Type", "text/plain");
+- r = MHD_queue_response(connection, code, response);
+- MHD_destroy_response(response);
+-
+- return r;
++ return MHD_queue_response(connection, code, response);
+ }
+
+ int mhd_respond(struct MHD_Connection *connection,
+diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h
+index 364cd0f..ba51d84 100644
+--- a/src/journal-remote/microhttpd-util.h
++++ b/src/journal-remote/microhttpd-util.h
+@@ -75,3 +75,4 @@ int check_permissions(struct MHD_Connection *connection, int *code, char **hostn
+ int setup_gnutls_logger(char **categories);
+
+ DEFINE_TRIVIAL_CLEANUP_FUNC(struct MHD_Daemon*, MHD_stop_daemon);
++DEFINE_TRIVIAL_CLEANUP_FUNC(struct MHD_Response*, MHD_destroy_response);
diff --git a/debian/patches/journal-rely-on-_cleanup_free_-to-free-a-temporary-string.patch b/debian/patches/journal-rely-on-_cleanup_free_-to-free-a-temporary-string.patch
new file mode 100644
index 00000000..b4ad96c9
--- /dev/null
+++ b/debian/patches/journal-rely-on-_cleanup_free_-to-free-a-temporary-string.patch
@@ -0,0 +1,46 @@
+From: Evgeny Vereshchagin <evvers@ya.ru>
+Date: Mon, 24 Dec 2018 00:29:56 +0100
+Subject: journal: rely on _cleanup_free_ to free a temporary string used in
+ client_context_read_cgroup
+
+Closes https://github.com/systemd/systemd/issues/11253.
+
+(cherry picked from commit ef30f7cac18a810814ada7e6a68a31d48cc9fccd)
+(cherry picked from commit 1789a12dbf74112992a478ac4cf2f13d8c286d15)
+---
+ src/journal/journald-context.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/src/journal/journald-context.c b/src/journal/journald-context.c
+index 8253a45..2d711bc 100644
+--- a/src/journal/journald-context.c
++++ b/src/journal/journald-context.c
+@@ -246,7 +246,7 @@ static int client_context_read_label(
+ }
+
+ static int client_context_read_cgroup(Server *s, ClientContext *c, const char *unit_id) {
+- char *t = NULL;
++ _cleanup_free_ char *t = NULL;
+ int r;
+
+ assert(c);
+@@ -254,7 +254,6 @@ static int client_context_read_cgroup(Server *s, ClientContext *c, const char *u
+ /* Try to acquire the current cgroup path */
+ r = cg_pid_get_path_shifted(c->pid, s->cgroup_root, &t);
+ if (r < 0 || empty_or_root(t)) {
+-
+ /* We use the unit ID passed in as fallback if we have nothing cached yet and cg_pid_get_path_shifted()
+ * failed or process is running in a root cgroup. Zombie processes are automatically migrated to root cgroup
+ * on cgroupsv1 and we want to be able to map log messages from them too. */
+@@ -268,10 +267,8 @@ static int client_context_read_cgroup(Server *s, ClientContext *c, const char *u
+ }
+
+ /* Let's shortcut this if the cgroup path didn't change */
+- if (streq_ptr(c->cgroup, t)) {
+- free(t);
++ if (streq_ptr(c->cgroup, t))
+ return 0;
+- }
+
+ free_and_replace(c->cgroup, t);
+
diff --git a/debian/patches/journal-remote-set-a-limit-on-the-number-of-fields-in-a-m.patch b/debian/patches/journal-remote-set-a-limit-on-the-number-of-fields-in-a-m.patch
new file mode 100644
index 00000000..f4abb523
--- /dev/null
+++ b/debian/patches/journal-remote-set-a-limit-on-the-number-of-fields-in-a-m.patch
@@ -0,0 +1,75 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 7 Dec 2018 10:48:10 +0100
+Subject: journal-remote: set a limit on the number of fields in a message
+
+Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is
+reused for the new error condition (too many fields).
+
+This matches the change done for systemd-journald, hence forming the second
+part of the fix for CVE-2018-16865
+(https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
+
+(cherry picked from commit ef4d6abe7c7fab6cbff975b32e76b09feee56074)
+(cherry picked from commit 1c9232336460d0f004156964df1478e4d3ddac97)
+---
+ src/journal-remote/journal-remote-main.c | 7 +++++--
+ src/journal-remote/journal-remote.c | 3 +++
+ src/shared/journal-importer.c | 5 ++++-
+ 3 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
+index 8543dba..802c3ea 100644
+--- a/src/journal-remote/journal-remote-main.c
++++ b/src/journal-remote/journal-remote-main.c
+@@ -222,9 +222,12 @@ static int process_http_upload(
+ if (r == -EAGAIN)
+ break;
+ if (r < 0) {
+- if (r == -E2BIG)
+- log_warning_errno(r, "Entry is too above maximum of %u, aborting connection %p.",
++ if (r == -ENOBUFS)
++ log_warning_errno(r, "Entry is above the maximum of %u, aborting connection %p.",
+ DATA_SIZE_MAX, connection);
++ else if (r == -E2BIG)
++ log_warning_errno(r, "Entry with more fields than the maximum of %u, aborting connection %p.",
++ ENTRY_FIELD_COUNT_MAX, connection);
+ else
+ log_warning_errno(r, "Failed to process data, aborting connection %p: %m",
+ connection);
+diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c
+index 3c0916c..1da32c5 100644
+--- a/src/journal-remote/journal-remote.c
++++ b/src/journal-remote/journal-remote.c
+@@ -407,6 +407,9 @@ int journal_remote_handle_raw_source(
+ log_debug("%zu active sources remaining", s->active);
+ return 0;
+ } else if (r == -E2BIG) {
++ log_notice("Entry with too many fields, skipped");
++ return 1;
++ } else if (r == -ENOBUFS) {
+ log_notice("Entry too big, skipped");
+ return 1;
+ } else if (r == -EAGAIN) {
+diff --git a/src/shared/journal-importer.c b/src/shared/journal-importer.c
+index b0e6192..8638cd3 100644
+--- a/src/shared/journal-importer.c
++++ b/src/shared/journal-importer.c
+@@ -23,6 +23,9 @@ enum {
+ };
+
+ static int iovw_put(struct iovec_wrapper *iovw, void* data, size_t len) {
++ if (iovw->count >= ENTRY_FIELD_COUNT_MAX)
++ return -E2BIG;
++
+ if (!GREEDY_REALLOC(iovw->iovec, iovw->size_bytes, iovw->count + 1))
+ return log_oom();
+
+@@ -97,7 +100,7 @@ static int get_line(JournalImporter *imp, char **line, size_t *size) {
+
+ imp->scanned = imp->filled;
+ if (imp->scanned >= DATA_SIZE_MAX)
+- return log_error_errno(SYNTHETIC_ERRNO(E2BIG),
++ return log_error_errno(SYNTHETIC_ERRNO(ENOBUFS),
+ "Entry is bigger than %u bytes.",
+ DATA_SIZE_MAX);
+
diff --git a/debian/patches/journal-remote-verify-entry-length-from-header.patch b/debian/patches/journal-remote-verify-entry-length-from-header.patch
new file mode 100644
index 00000000..63492bbf
--- /dev/null
+++ b/debian/patches/journal-remote-verify-entry-length-from-header.patch
@@ -0,0 +1,111 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 7 Dec 2018 12:47:14 +0100
+Subject: journal-remote: verify entry length from header
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Calling mhd_respond(), which ulimately calls MHD_queue_response() is
+ineffective at point, becuase MHD_queue_response() immediately returns
+MHD_NO signifying an error, because the connection is in state
+MHD_CONNECTION_CONTINUE_SENT.
+
+As Christian Grothoff kindly explained:
+> You are likely calling MHD_queue_repsonse() too late: once you are
+> receiving upload_data, HTTP forces you to process it all. At this time,
+> MHD has already sent "100 continue" and cannot take it back (hence you
+> get MHD_NO!).
+>
+> In your request handler, the first time when you are called for a
+> connection (and when hence *upload_data_size == 0 and upload_data ==
+> NULL) you must check the content-length header and react (with
+> MHD_queue_response) based on this (to prevent MHD from automatically
+> generating 100 continue).
+
+If we ever encounter this kind of error, print a warning and immediately
+abort the connection. (The alternative would be to keep reading the data,
+but ignore it, and return an error after we get to the end of data.
+That is possible, but of course puts additional load on both the
+sender and reciever, and doesn't seem important enough just to return
+a good error message.)
+
+Note that sending of the error does not work (the connection is always aborted
+when MHD_queue_response is used with MHD_RESPMEM_MUST_FREE, as in this case)
+with libµhttpd 0.59, but works with 0.61:
+https://src.fedoraproject.org/rpms/libmicrohttpd/pull-request/1
+
+(cherry picked from commit 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd)
+(cherry picked from commit c6d56141fad673a42b6b4eb186d2d217becca71c)
+---
+ src/journal-remote/journal-remote-main.c | 34 ++++++++++++++++++++++----------
+ 1 file changed, 24 insertions(+), 10 deletions(-)
+
+diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c
+index e1748cb..8543dba 100644
+--- a/src/journal-remote/journal-remote-main.c
++++ b/src/journal-remote/journal-remote-main.c
+@@ -221,16 +221,14 @@ static int process_http_upload(
+ journal_remote_server_global->seal);
+ if (r == -EAGAIN)
+ break;
+- else if (r < 0) {
+- log_warning("Failed to process data for connection %p", connection);
++ if (r < 0) {
+ if (r == -E2BIG)
+- return mhd_respondf(connection,
+- r, MHD_HTTP_PAYLOAD_TOO_LARGE,
+- "Entry is too large, maximum is " STRINGIFY(DATA_SIZE_MAX) " bytes.");
++ log_warning_errno(r, "Entry is too above maximum of %u, aborting connection %p.",
++ DATA_SIZE_MAX, connection);
+ else
+- return mhd_respondf(connection,
+- r, MHD_HTTP_UNPROCESSABLE_ENTITY,
+- "Processing failed: %m.");
++ log_warning_errno(r, "Failed to process data, aborting connection %p: %m",
++ connection);
++ return MHD_NO;
+ }
+ }
+
+@@ -264,6 +262,7 @@ static int request_handler(
+ const char *header;
+ int r, code, fd;
+ _cleanup_free_ char *hostname = NULL;
++ size_t len;
+
+ assert(connection);
+ assert(connection_cls);
+@@ -283,12 +282,27 @@ static int request_handler(
+ if (!streq(url, "/upload"))
+ return mhd_respond(connection, MHD_HTTP_NOT_FOUND, "Not found.");
+
+- header = MHD_lookup_connection_value(connection,
+- MHD_HEADER_KIND, "Content-Type");
++ header = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Content-Type");
+ if (!header || !streq(header, "application/vnd.fdo.journal"))
+ return mhd_respond(connection, MHD_HTTP_UNSUPPORTED_MEDIA_TYPE,
+ "Content-Type: application/vnd.fdo.journal is required.");
+
++ header = MHD_lookup_connection_value(connection, MHD_HEADER_KIND, "Content-Length");
++ if (!header)
++ return mhd_respond(connection, MHD_HTTP_LENGTH_REQUIRED,
++ "Content-Length header is required.");
++ r = safe_atozu(header, &len);
++ if (r < 0)
++ return mhd_respondf(connection, r, MHD_HTTP_LENGTH_REQUIRED,
++ "Content-Length: %s cannot be parsed: %m", header);
++
++ if (len > ENTRY_SIZE_MAX)
++ /* When serialized, an entry of maximum size might be slightly larger,
++ * so this does not correspond exactly to the limit in journald. Oh well.
++ */
++ return mhd_respondf(connection, 0, MHD_HTTP_PAYLOAD_TOO_LARGE,
++ "Payload larger than maximum size of %u bytes", ENTRY_SIZE_MAX);
++
+ {
+ const union MHD_ConnectionInfo *ci;
+
diff --git a/debian/patches/journald-do-not-store-the-iovec-entry-for-process-command.patch b/debian/patches/journald-do-not-store-the-iovec-entry-for-process-command.patch
new file mode 100644
index 00000000..01b3da1e
--- /dev/null
+++ b/debian/patches/journald-do-not-store-the-iovec-entry-for-process-command.patch
@@ -0,0 +1,200 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 18:38:39 +0100
+Subject: journald: do not store the iovec entry for process commandline on
+ stack
+
+This fixes a crash where we would read the commandline, whose length is under
+control of the sending program, and then crash when trying to create a stack
+allocation for it.
+
+CVE-2018-16864
+https://bugzilla.redhat.com/show_bug.cgi?id=1653855
+
+The message actually doesn't get written to disk, because
+journal_file_append_entry() returns -E2BIG.
+
+(cherry picked from commit 084eeb865ca63887098e0945fb4e93c852b91b0f)
+(cherry picked from commit cf56627fe5525132c8e09eb3e77bfc0556a2f04d)
+---
+ src/basic/io-util.c | 10 ++++++++++
+ src/basic/io-util.h | 2 ++
+ src/coredump/coredump.c | 31 +++++++++++--------------------
+ src/journal/journald-server.c | 25 +++++++++++++++----------
+ 4 files changed, 38 insertions(+), 30 deletions(-)
+
+diff --git a/src/basic/io-util.c b/src/basic/io-util.c
+index 1f64cc9..575398f 100644
+--- a/src/basic/io-util.c
++++ b/src/basic/io-util.c
+@@ -8,6 +8,7 @@
+ #include <unistd.h>
+
+ #include "io-util.h"
++#include "string-util.h"
+ #include "time-util.h"
+
+ int flush_fd(int fd) {
+@@ -252,3 +253,12 @@ ssize_t sparse_write(int fd, const void *p, size_t sz, size_t run_length) {
+
+ return q - (const uint8_t*) p;
+ }
++
++char* set_iovec_string_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value) {
++ char *x;
++
++ x = strappend(field, value);
++ if (x)
++ iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(x);
++ return x;
++}
+diff --git a/src/basic/io-util.h b/src/basic/io-util.h
+index ed189b5..792a64a 100644
+--- a/src/basic/io-util.h
++++ b/src/basic/io-util.h
+@@ -71,3 +71,5 @@ static inline bool FILE_SIZE_VALID_OR_INFINITY(uint64_t l) {
+ #define IOVEC_MAKE(base, len) (struct iovec) IOVEC_INIT(base, len)
+ #define IOVEC_INIT_STRING(string) IOVEC_INIT((char*) string, strlen(string))
+ #define IOVEC_MAKE_STRING(string) (struct iovec) IOVEC_INIT_STRING(string)
++
++char* set_iovec_string_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value);
+diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
+index 20c1fb0..db2cf64 100644
+--- a/src/coredump/coredump.c
++++ b/src/coredump/coredump.c
+@@ -1063,19 +1063,10 @@ static int send_iovec(const struct iovec iovec[], size_t n_iovec, int input_fd)
+ return 0;
+ }
+
+-static char* set_iovec_field(struct iovec *iovec, size_t *n_iovec, const char *field, const char *value) {
+- char *x;
+-
+- x = strappend(field, value);
+- if (x)
+- iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(x);
+- return x;
+-}
+-
+ static char* set_iovec_field_free(struct iovec *iovec, size_t *n_iovec, const char *field, char *value) {
+ char *x;
+
+- x = set_iovec_field(iovec, n_iovec, field, value);
++ x = set_iovec_string_field(iovec, n_iovec, field, value);
+ free(value);
+ return x;
+ }
+@@ -1125,36 +1116,36 @@ static int gather_pid_metadata(
+ disable_coredumps();
+ }
+
+- set_iovec_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]);
++ set_iovec_string_field(iovec, n_iovec, "COREDUMP_UNIT=", context[CONTEXT_UNIT]);
+ }
+
+ if (cg_pid_get_user_unit(pid, &t) >= 0)
+ set_iovec_field_free(iovec, n_iovec, "COREDUMP_USER_UNIT=", t);
+
+ /* The next few are mandatory */
+- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_PID=", context[CONTEXT_PID]))
++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_PID=", context[CONTEXT_PID]))
+ return log_oom();
+
+- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_UID=", context[CONTEXT_UID]))
++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_UID=", context[CONTEXT_UID]))
+ return log_oom();
+
+- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_GID=", context[CONTEXT_GID]))
++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_GID=", context[CONTEXT_GID]))
+ return log_oom();
+
+- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL]))
++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL=", context[CONTEXT_SIGNAL]))
+ return log_oom();
+
+- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT]))
++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_RLIMIT=", context[CONTEXT_RLIMIT]))
+ return log_oom();
+
+- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_HOSTNAME=", context[CONTEXT_HOSTNAME]))
++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_HOSTNAME=", context[CONTEXT_HOSTNAME]))
+ return log_oom();
+
+- if (!set_iovec_field(iovec, n_iovec, "COREDUMP_COMM=", context[CONTEXT_COMM]))
++ if (!set_iovec_string_field(iovec, n_iovec, "COREDUMP_COMM=", context[CONTEXT_COMM]))
+ return log_oom();
+
+ if (context[CONTEXT_EXE] &&
+- !set_iovec_field(iovec, n_iovec, "COREDUMP_EXE=", context[CONTEXT_EXE]))
++ !set_iovec_string_field(iovec, n_iovec, "COREDUMP_EXE=", context[CONTEXT_EXE]))
+ return log_oom();
+
+ if (sd_pid_get_session(pid, &t) >= 0)
+@@ -1222,7 +1213,7 @@ static int gather_pid_metadata(
+ iovec[(*n_iovec)++] = IOVEC_MAKE_STRING(t);
+
+ if (safe_atoi(context[CONTEXT_SIGNAL], &signo) >= 0 && SIGNAL_VALID(signo))
+- set_iovec_field(iovec, n_iovec, "COREDUMP_SIGNAL_NAME=SIG", signal_to_string(signo));
++ set_iovec_string_field(iovec, n_iovec, "COREDUMP_SIGNAL_NAME=SIG", signal_to_string(signo));
+
+ return 0; /* we successfully acquired all metadata */
+ }
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index f096725..2a960eb 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -905,6 +905,7 @@ static void dispatch_message_real(
+ pid_t object_pid) {
+
+ char source_time[sizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t)];
++ _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL;
+ uid_t journal_uid;
+ ClientContext *o;
+
+@@ -921,20 +922,23 @@ static void dispatch_message_real(
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->uid, uid_t, uid_is_valid, UID_FMT, "_UID");
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->gid, gid_t, gid_is_valid, GID_FMT, "_GID");
+
+- IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM");
+- IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE");
+- IOVEC_ADD_STRING_FIELD(iovec, n, c->cmdline, "_CMDLINE");
+- IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE");
++ IOVEC_ADD_STRING_FIELD(iovec, n, c->comm, "_COMM"); /* At most TASK_COMM_LENGTH (16 bytes) */
++ IOVEC_ADD_STRING_FIELD(iovec, n, c->exe, "_EXE"); /* A path, so at most PATH_MAX (4096 bytes) */
+
+- IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT");
++ if (c->cmdline)
++ /* At most _SC_ARG_MAX (2MB usually), which is too much to put on stack.
++ * Let's use a heap allocation for this one. */
++ cmdline1 = set_iovec_string_field(iovec, &n, "_CMDLINE=", c->cmdline);
+
++ IOVEC_ADD_STRING_FIELD(iovec, n, c->capeff, "_CAP_EFFECTIVE"); /* Read from /proc/.../status */
++ IOVEC_ADD_SIZED_FIELD(iovec, n, c->label, c->label_size, "_SELINUX_CONTEXT");
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "_AUDIT_SESSION");
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->loginuid, uid_t, uid_is_valid, UID_FMT, "_AUDIT_LOGINUID");
+
+- IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP");
++ IOVEC_ADD_STRING_FIELD(iovec, n, c->cgroup, "_SYSTEMD_CGROUP"); /* A path */
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->session, "_SYSTEMD_SESSION");
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, c->owner_uid, uid_t, uid_is_valid, UID_FMT, "_SYSTEMD_OWNER_UID");
+- IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT");
++ IOVEC_ADD_STRING_FIELD(iovec, n, c->unit, "_SYSTEMD_UNIT"); /* Unit names are bounded by UNIT_NAME_MAX */
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->user_unit, "_SYSTEMD_USER_UNIT");
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->slice, "_SYSTEMD_SLICE");
+ IOVEC_ADD_STRING_FIELD(iovec, n, c->user_slice, "_SYSTEMD_USER_SLICE");
+@@ -955,13 +959,14 @@ static void dispatch_message_real(
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->uid, uid_t, uid_is_valid, UID_FMT, "OBJECT_UID");
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->gid, gid_t, gid_is_valid, GID_FMT, "OBJECT_GID");
+
++ /* See above for size limits, only ->cmdline may be large, so use a heap allocation for it. */
+ IOVEC_ADD_STRING_FIELD(iovec, n, o->comm, "OBJECT_COMM");
+ IOVEC_ADD_STRING_FIELD(iovec, n, o->exe, "OBJECT_EXE");
+- IOVEC_ADD_STRING_FIELD(iovec, n, o->cmdline, "OBJECT_CMDLINE");
+- IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE");
++ if (o->cmdline)
++ cmdline2 = set_iovec_string_field(iovec, &n, "OBJECT_CMDLINE=", o->cmdline);
+
++ IOVEC_ADD_STRING_FIELD(iovec, n, o->capeff, "OBJECT_CAP_EFFECTIVE");
+ IOVEC_ADD_SIZED_FIELD(iovec, n, o->label, o->label_size, "OBJECT_SELINUX_CONTEXT");
+-
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->auditid, uint32_t, audit_session_is_valid, "%" PRIu32, "OBJECT_AUDIT_SESSION");
+ IOVEC_ADD_NUMERIC_FIELD(iovec, n, o->loginuid, uid_t, uid_is_valid, UID_FMT, "OBJECT_AUDIT_LOGINUID");
+
diff --git a/debian/patches/journald-lower-the-maximum-entry-size-limit-to-for-non-se.patch b/debian/patches/journald-lower-the-maximum-entry-size-limit-to-for-non-se.patch
new file mode 100644
index 00000000..a1e96bfa
--- /dev/null
+++ b/debian/patches/journald-lower-the-maximum-entry-size-limit-to-for-non-se.patch
@@ -0,0 +1,32 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 22:52:53 +0100
+Subject: =?utf-8?q?journald=3A_lower_the_maximum_entry_size_limit_to_=C2=BD?=
+ =?utf-8?q?_for_non-sealed_fds?=
+
+We immediately read the whole contents into memory, making thigs much more
+expensive. Sealed fds should be used instead since they are more efficient
+on our side.
+
+(cherry picked from commit 6670c9de196c8e2d5e84a8890cbb68f70c4db6e3)
+(cherry picked from commit f0ad5fe17fc6cee1f04f8f93899538ea2e96256c)
+---
+ src/journal/journald-native.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
+index 50aad6d..221188d 100644
+--- a/src/journal/journald-native.c
++++ b/src/journal/journald-native.c
+@@ -376,8 +376,10 @@ void server_process_native_file(
+ if (st.st_size <= 0)
+ return;
+
+- if (st.st_size > ENTRY_SIZE_MAX) {
+- log_error("File passed too large. Ignoring.");
++ /* When !sealed, set a lower memory limit. We have to read the file,
++ * effectively doubling memory use. */
++ if (st.st_size > ENTRY_SIZE_MAX / (sealed ? 1 : 2)) {
++ log_error("File passed too large (%"PRIu64" bytes). Ignoring.", (uint64_t) st.st_size);
+ return;
+ }
+
diff --git a/debian/patches/journald-remove-unnecessary.patch b/debian/patches/journald-remove-unnecessary.patch
new file mode 100644
index 00000000..6e04c6b1
--- /dev/null
+++ b/debian/patches/journald-remove-unnecessary.patch
@@ -0,0 +1,32 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 17:53:50 +0100
+Subject: journald: remove unnecessary {}
+
+(cherry picked from commit bc2762a309132a34db1797d8b5792d5747a94484)
+(cherry picked from commit ccbb69e14ea9938c20ced03b4952fee0d22684b0)
+---
+ src/journal/journald-server.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index 434325c..f096725 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -1276,8 +1276,7 @@ int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void
+ return log_error_errno(errno, "recvmsg() failed: %m");
+ }
+
+- CMSG_FOREACH(cmsg, &msghdr) {
+-
++ CMSG_FOREACH(cmsg, &msghdr)
+ if (cmsg->cmsg_level == SOL_SOCKET &&
+ cmsg->cmsg_type == SCM_CREDENTIALS &&
+ cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred)))
+@@ -1295,7 +1294,6 @@ int server_process_datagram(sd_event_source *es, int fd, uint32_t revents, void
+ fds = (int*) CMSG_DATA(cmsg);
+ n_fds = (cmsg->cmsg_len - CMSG_LEN(0)) / sizeof(int);
+ }
+- }
+
+ /* And a trailing NUL, just in case */
+ s->buffer[n] = 0;
diff --git a/debian/patches/journald-set-a-limit-on-the-number-of-fields-1k.patch b/debian/patches/journald-set-a-limit-on-the-number-of-fields-1k.patch
new file mode 100644
index 00000000..3ee7a426
--- /dev/null
+++ b/debian/patches/journald-set-a-limit-on-the-number-of-fields-1k.patch
@@ -0,0 +1,52 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 22:45:02 +0100
+Subject: journald: set a limit on the number of fields (1k)
+
+We allocate a iovec entry for each field, so with many short entries,
+our memory usage and processing time can be large, even with a relatively
+small message size. Let's refuse overly long entries.
+
+CVE-2018-16865
+https://bugzilla.redhat.com/show_bug.cgi?id=1653861
+
+What from I can see, the problem is not from an alloca, despite what the CVE
+description says, but from the attack multiplication that comes from creating
+many very small iovecs: (void* + size_t) for each three bytes of input message.
+
+(cherry picked from commit 052c57f132f04a3cf4148f87561618da1a6908b4)
+(cherry picked from commit eaf1d6e1e6ec5023ffdc2801e2b671226e862774)
+---
+ src/journal/journald-native.c | 5 +++++
+ src/shared/journal-importer.h | 3 +++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
+index e86178e..d0fee2a 100644
+--- a/src/journal/journald-native.c
++++ b/src/journal/journald-native.c
+@@ -141,6 +141,11 @@ static int server_process_entry(
+ }
+
+ /* A property follows */
++ if (n > ENTRY_FIELD_COUNT_MAX) {
++ log_debug("Received an entry that has more than " STRINGIFY(ENTRY_FIELD_COUNT_MAX) " fields, ignoring entry.");
++ r = 1;
++ goto finish;
++ }
+
+ /* n existing properties, 1 new, +1 for _TRANSPORT */
+ if (!GREEDY_REALLOC(iovec, m,
+diff --git a/src/shared/journal-importer.h b/src/shared/journal-importer.h
+index 53354b7..7914c0c 100644
+--- a/src/shared/journal-importer.h
++++ b/src/shared/journal-importer.h
+@@ -21,6 +21,9 @@
+ #endif
+ #define LINE_CHUNK 8*1024u
+
++/* The maximum number of fields in an entry */
++#define ENTRY_FIELD_COUNT_MAX 1024
++
+ struct iovec_wrapper {
+ struct iovec *iovec;
+ size_t size_bytes;
diff --git a/debian/patches/journald-when-processing-a-native-message-bail-more-quick.patch b/debian/patches/journald-when-processing-a-native-message-bail-more-quick.patch
new file mode 100644
index 00000000..368c476a
--- /dev/null
+++ b/debian/patches/journald-when-processing-a-native-message-bail-more-quick.patch
@@ -0,0 +1,203 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 5 Dec 2018 22:50:39 +0100
+Subject: journald: when processing a native message,
+ bail more quickly on overbig messages
+
+We'd first parse all or most of the message, and only then consider if it
+is not too large. Also, when encountering a single field over the limit,
+we'd still process the preceding part of the message. Let's be stricter,
+and check size limits early, and let's refuse the whole message if it fails
+any of the size limits.
+
+(cherry picked from commit 964ef920ea6735d39f856b05fd8ef451a09a6a1d)
+(cherry picked from commit c13facb835046af8ab8ebad2ec63d9e8c0909f26)
+---
+ src/journal/journald-native.c | 65 ++++++++++++++++++++++++-------------------
+ 1 file changed, 37 insertions(+), 28 deletions(-)
+
+diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
+index d0fee2a..50aad6d 100644
+--- a/src/journal/journald-native.c
++++ b/src/journal/journald-native.c
+@@ -110,7 +110,7 @@ static int server_process_entry(
+ int priority = LOG_INFO;
+ pid_t object_pid = 0;
+ const char *p;
+- int r = 0;
++ int r = 1;
+
+ p = buffer;
+
+@@ -122,8 +122,7 @@ static int server_process_entry(
+ if (!e) {
+ /* Trailing noise, let's ignore it, and flush what we collected */
+ log_debug("Received message with trailing noise, ignoring.");
+- r = 1; /* finish processing of the message */
+- break;
++ break; /* finish processing of the message */
+ }
+
+ if (e == p) {
+@@ -133,8 +132,7 @@ static int server_process_entry(
+ }
+
+ if (IN_SET(*p, '.', '#')) {
+- /* Ignore control commands for now, and
+- * comments too. */
++ /* Ignore control commands for now, and comments too. */
+ *remaining -= (e - p) + 1;
+ p = e + 1;
+ continue;
+@@ -143,7 +141,6 @@ static int server_process_entry(
+ /* A property follows */
+ if (n > ENTRY_FIELD_COUNT_MAX) {
+ log_debug("Received an entry that has more than " STRINGIFY(ENTRY_FIELD_COUNT_MAX) " fields, ignoring entry.");
+- r = 1;
+ goto finish;
+ }
+
+@@ -153,7 +150,7 @@ static int server_process_entry(
+ N_IOVEC_META_FIELDS + N_IOVEC_OBJECT_FIELDS +
+ client_context_extra_fields_n_iovec(context))) {
+ r = log_oom();
+- break;
++ goto finish;
+ }
+
+ q = memchr(p, '=', e - p);
+@@ -162,6 +159,16 @@ static int server_process_entry(
+ size_t l;
+
+ l = e - p;
++ if (l > DATA_SIZE_MAX) {
++ log_debug("Received text block of %zu bytes is too large, ignoring entry.", l);
++ goto finish;
++ }
++
++ if (entry_size + l + n + 1 > ENTRY_SIZE_MAX) { /* data + separators + trailer */
++ log_debug("Entry is too big (%zu bytes after processing %zu entries), ignoring entry.",
++ entry_size + l, n + 1);
++ goto finish;
++ }
+
+ /* If the field name starts with an underscore, skip the variable, since that indicates
+ * a trusted field */
+@@ -179,7 +186,7 @@ static int server_process_entry(
+ p = e + 1;
+ continue;
+ } else {
+- uint64_t l;
++ uint64_t l, total;
+ char *k;
+
+ if (*remaining < e - p + 1 + sizeof(uint64_t) + 1) {
+@@ -188,10 +195,16 @@ static int server_process_entry(
+ }
+
+ l = unaligned_read_le64(e + 1);
+-
+ if (l > DATA_SIZE_MAX) {
+- log_debug("Received binary data block of %"PRIu64" bytes is too large, ignoring.", l);
+- break;
++ log_debug("Received binary data block of %"PRIu64" bytes is too large, ignoring entry.", l);
++ goto finish;
++ }
++
++ total = (e - p) + 1 + l;
++ if (entry_size + total + n + 1 > ENTRY_SIZE_MAX) { /* data + separators + trailer */
++ log_debug("Entry is too big (%"PRIu64"bytes after processing %zu fields), ignoring.",
++ entry_size + total, n + 1);
++ goto finish;
+ }
+
+ if ((uint64_t) *remaining < e - p + 1 + sizeof(uint64_t) + l + 1 ||
+@@ -200,7 +213,7 @@ static int server_process_entry(
+ break;
+ }
+
+- k = malloc((e - p) + 1 + l);
++ k = malloc(total);
+ if (!k) {
+ log_oom();
+ break;
+@@ -228,15 +241,8 @@ static int server_process_entry(
+ }
+ }
+
+- if (n <= 0) {
+- r = 1;
++ if (n <= 0)
+ goto finish;
+- }
+-
+- if (!client_context_test_priority(context, priority)) {
+- r = 0;
+- goto finish;
+- }
+
+ tn = n++;
+ iovec[tn] = IOVEC_MAKE_STRING("_TRANSPORT=journal");
+@@ -247,6 +253,11 @@ static int server_process_entry(
+ goto finish;
+ }
+
++ r = 0; /* Success, we read the message. */
++
++ if (!client_context_test_priority(context, priority))
++ goto finish;
++
+ if (message) {
+ if (s->forward_to_syslog)
+ server_forward_syslog(s, syslog_fixup_facility(priority), identifier, message, ucred, tv);
+@@ -318,15 +329,13 @@ void server_process_native_file(
+ bool sealed;
+ int r;
+
+- /* Data is in the passed fd, since it didn't fit in a
+- * datagram. */
++ /* Data is in the passed fd, probably it didn't fit in a datagram. */
+
+ assert(s);
+ assert(fd >= 0);
+
+ /* If it's a memfd, check if it is sealed. If so, we can just
+- * use map it and use it, and do not need to copy the data
+- * out. */
++ * mmap it and use it, and do not need to copy the data out. */
+ sealed = memfd_get_sealed(fd) > 0;
+
+ if (!sealed && (!ucred || ucred->uid != 0)) {
+@@ -393,7 +402,7 @@ void server_process_native_file(
+ ssize_t n;
+
+ if (fstatvfs(fd, &vfs) < 0) {
+- log_error_errno(errno, "Failed to stat file system of passed file, ignoring: %m");
++ log_error_errno(errno, "Failed to stat file system of passed file, not processing it: %m");
+ return;
+ }
+
+@@ -403,7 +412,7 @@ void server_process_native_file(
+ * https://github.com/systemd/systemd/issues/1822
+ */
+ if (vfs.f_flag & ST_MANDLOCK) {
+- log_error("Received file descriptor from file system with mandatory locking enabled, refusing.");
++ log_error("Received file descriptor from file system with mandatory locking enabled, not processing it.");
+ return;
+ }
+
+@@ -416,13 +425,13 @@ void server_process_native_file(
+ * and so is SMB. */
+ r = fd_nonblock(fd, true);
+ if (r < 0) {
+- log_error_errno(r, "Failed to make fd non-blocking, ignoring: %m");
++ log_error_errno(r, "Failed to make fd non-blocking, not processing it: %m");
+ return;
+ }
+
+ /* The file is not sealed, we can't map the file here, since
+ * clients might then truncate it and trigger a SIGBUS for
+- * us. So let's stupidly read it */
++ * us. So let's stupidly read it. */
+
+ p = malloc(st.st_size);
+ if (!p) {
diff --git a/debian/patches/json-handle-NULL-explicitly-in-json_variant_has_type.patch b/debian/patches/json-handle-NULL-explicitly-in-json_variant_has_type.patch
new file mode 100644
index 00000000..1db4b594
--- /dev/null
+++ b/debian/patches/json-handle-NULL-explicitly-in-json_variant_has_type.patch
@@ -0,0 +1,23 @@
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 4 Jan 2019 13:24:18 +0100
+Subject: json: handle NULL explicitly in json_variant_has_type()
+
+(cherry picked from commit f8c186c9ece5c1c0b89abf52f058efb0ed37e0cb)
+(cherry picked from commit 388e534d24cac041bd00b48f27a84d6b31089c67)
+---
+ src/shared/json.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/shared/json.c b/src/shared/json.c
+index 59c4617..c9ee74c 100644
+--- a/src/shared/json.c
++++ b/src/shared/json.c
+@@ -979,6 +979,8 @@ bool json_variant_has_type(JsonVariant *v, JsonVariantType type) {
+ JsonVariantType rt;
+
+ v = json_variant_dereference(v);
++ if (!v)
++ return false;
+
+ rt = json_variant_type(v);
+ if (rt == type)
diff --git a/debian/patches/libudev-util-make-util_replace_whitespace-read-only-len-c.patch b/debian/patches/libudev-util-make-util_replace_whitespace-read-only-len-c.patch
new file mode 100644
index 00000000..a59c44b5
--- /dev/null
+++ b/debian/patches/libudev-util-make-util_replace_whitespace-read-only-len-c.patch
@@ -0,0 +1,93 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Tue, 25 Dec 2018 12:56:48 +0900
+Subject: libudev-util: make util_replace_whitespace() read only len
+ characters
+
+This effectively reverts df8ba4fa0e8be1ff7899d08a4b6be0196c8405a0.
+
+Fixes #11264.
+
+(cherry picked from commit 577ab71c58d36bc8577d15f172a306c9c05cd2f4)
+(cherry picked from commit c3712308fc090116e388f395e4a8bb0bd8446ea6)
+---
+ src/libudev/libudev-util.c | 13 +++++++------
+ src/test/test-libudev.c | 27 +++++++++++++++++----------
+ 2 files changed, 24 insertions(+), 16 deletions(-)
+
+diff --git a/src/libudev/libudev-util.c b/src/libudev/libudev-util.c
+index f67ab40..7e21719 100644
+--- a/src/libudev/libudev-util.c
++++ b/src/libudev/libudev-util.c
+@@ -122,19 +122,20 @@ size_t util_path_encode(const char *src, char *dest, size_t size) {
+ *
+ * Note this may be called with 'str' == 'to', i.e. to replace whitespace
+ * in-place in a buffer. This function can handle that situation.
++ *
++ * Note that only 'len' characters are read from 'str'.
+ */
+ size_t util_replace_whitespace(const char *str, char *to, size_t len) {
+ bool is_space = false;
+- const char *p = str;
+- size_t j;
++ size_t i, j;
+
+ assert(str);
+ assert(to);
+
+- p += strspn(p, WHITESPACE);
++ i = strspn(str, WHITESPACE);
+
+- for (j = 0; j < len && *p != '\0'; p++) {
+- if (isspace(*p)) {
++ for (j = 0; j < len && i < len && str[i] != '\0'; i++) {
++ if (isspace(str[i])) {
+ is_space = true;
+ continue;
+ }
+@@ -146,7 +147,7 @@ size_t util_replace_whitespace(const char *str, char *to, size_t len) {
+ to[j++] = '_';
+ is_space = false;
+ }
+- to[j++] = *p;
++ to[j++] = str[i];
+ }
+
+ to[j] = '\0';
+diff --git a/src/test/test-libudev.c b/src/test/test-libudev.c
+index 10bf365..09fd466 100644
+--- a/src/test/test-libudev.c
++++ b/src/test/test-libudev.c
+@@ -364,16 +364,23 @@ static void test_util_replace_whitespace(void) {
+ test_util_replace_whitespace_one_len("hoge hoge ", 1, "h");
+ test_util_replace_whitespace_one_len("hoge hoge ", 0, "");
+
+- test_util_replace_whitespace_one_len(" hoge hoge ", 9, "hoge_hoge");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 8, "hoge_hog");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 7, "hoge_ho");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 6, "hoge_h");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 5, "hoge");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 4, "hoge");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 3, "hog");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 2, "ho");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 1, "h");
+- test_util_replace_whitespace_one_len(" hoge hoge ", 0, "");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 16, "hoge_hoge");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 15, "hoge_hoge");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 14, "hoge_hog");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 13, "hoge_ho");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 12, "hoge_h");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 11, "hoge");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 10, "hoge");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 9, "hoge");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 8, "hoge");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 7, "hog");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 6, "ho");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 5, "h");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 4, "");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 3, "");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 2, "");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 1, "");
++ test_util_replace_whitespace_one_len(" hoge hoge ", 0, "");
+ }
+
+ static void test_util_resolve_subsys_kernel_one(const char *str, bool read_value, int retval, const char *expected) {
diff --git a/debian/patches/logind-do-not-pass-negative-number-to-strerror.patch b/debian/patches/logind-do-not-pass-negative-number-to-strerror.patch
new file mode 100644
index 00000000..ed07a780
--- /dev/null
+++ b/debian/patches/logind-do-not-pass-negative-number-to-strerror.patch
@@ -0,0 +1,23 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 9 Jan 2019 14:08:29 +0100
+Subject: logind: do not pass negative number to strerror
+
+(cherry picked from commit 65641b3cdc12923320879bac6f071eb45a70e79c)
+(cherry picked from commit 8f8f3191d33ca8583fe62a9e6268e2a914a7b2c0)
+---
+ src/login/logind-seat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c
+index c758ffd..a6d88f8 100644
+--- a/src/login/logind-seat.c
++++ b/src/login/logind-seat.c
+@@ -376,7 +376,7 @@ int seat_read_active_vt(Seat *s) {
+
+ k = read(s->manager->console_active_fd, t, sizeof(t)-1);
+ if (k <= 0) {
+- log_error("Failed to read current console: %s", k < 0 ? strerror(-errno) : "EOF");
++ log_error("Failed to read current console: %s", k < 0 ? strerror(errno) : "EOF");
+ return k < 0 ? -errno : -EIO;
+ }
+
diff --git a/debian/patches/man-update-color-of-journal-logs-in-DEBUG-level.patch b/debian/patches/man-update-color-of-journal-logs-in-DEBUG-level.patch
new file mode 100644
index 00000000..f6429f35
--- /dev/null
+++ b/debian/patches/man-update-color-of-journal-logs-in-DEBUG-level.patch
@@ -0,0 +1,26 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 3 Jan 2019 06:21:17 +0900
+Subject: man: update color of journal logs in DEBUG level
+
+Fixes #11303.
+
+(cherry picked from commit 8a6d06cbaa794b1546d01a15dc5cdfde9f836101)
+---
+ man/journalctl.xml | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/man/journalctl.xml b/man/journalctl.xml
+index 58f3aa2..7ff0a47 100644
+--- a/man/journalctl.xml
++++ b/man/journalctl.xml
+@@ -118,8 +118,8 @@
+
+ <para>When outputting to a tty, lines are colored according to
+ priority: lines of level ERROR and higher are colored red; lines
+- of level NOTICE and higher are highlighted; other lines are
+- displayed normally.</para>
++ of level NOTICE and higher are highlighted; lines of level DEBUG
++ are colored lighter grey; other lines are displayed normally.</para>
+ </refsect1>
+
+ <refsect1>
diff --git a/debian/patches/meson-stop-setting-fPIE-globally.patch b/debian/patches/meson-stop-setting-fPIE-globally.patch
new file mode 100644
index 00000000..ae0eaa13
--- /dev/null
+++ b/debian/patches/meson-stop-setting-fPIE-globally.patch
@@ -0,0 +1,43 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Thu, 10 Jan 2019 12:58:27 +0100
+Subject: meson: stop setting -fPIE globally
+
+Setting -fPIE globally can lead to miscompilations on certain
+architectures.
+This is caused by both -fPIE and -fPIC options being added to various
+compilation commands. Only -fPIC is being recorded in the LTO options
+section of the object. The gcc-8 LTO plugin merges -fPIC + -fPIE to
+nothing. So, the compilations done by the plugin are not
+position-independent and fail to link with -pie.
+
+The simplest solution is to stop setting -fPIE globally and instead
+using meson's b_pie=true option. This requires meson 0.49 or later.
+
+Since we don't set this option in meson.build but leave it up to the
+distro maintainer to set this option, do not bump the meson version
+requirement.
+
+Fixes: #10548
+(cherry picked from commit 4e4bbc439eb7f16a608f457d3eaac08c60633212)
+---
+ meson.build | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index b338886..e6b28e1 100644
+--- a/meson.build
++++ b/meson.build
+@@ -362,13 +362,6 @@ possible_link_flags = [
+ '-Wl,-z,now',
+ ]
+
+-# the oss-fuzz fuzzers are not built with -fPIE, so don't
+-# enable it when we are linking against them
+-if not fuzzer_build
+- possible_cc_flags += '-fPIE'
+- possible_link_flags += '-pie'
+-endif
+-
+ if cc.get_id() == 'clang'
+ possible_cc_flags += [
+ '-Wno-typedef-redefinition',
diff --git a/debian/patches/network-do-not-ignore-errors-on-link_request_set_neighbor.patch b/debian/patches/network-do-not-ignore-errors-on-link_request_set_neighbor.patch
new file mode 100644
index 00000000..8fd65ed4
--- /dev/null
+++ b/debian/patches/network-do-not-ignore-errors-on-link_request_set_neighbor.patch
@@ -0,0 +1,45 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 30 Dec 2018 22:07:23 +0900
+Subject: network: do not ignore errors on link_request_set_neighbors() and
+ link_set_routing_policy()
+
+(cherry picked from commit f3ef324dfa72ee1d0e113dbb234c643d8f0286f0)
+---
+ src/network/networkd-link.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index cadf7f8..589a016 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -866,7 +866,9 @@ static int link_request_set_routes(Link *link) {
+
+ link_set_state(link, LINK_STATE_CONFIGURING);
+
+- (void) link_set_routing_policy_rule(link);
++ r = link_set_routing_policy_rule(link);
++ if (r < 0)
++ return r;
+
+ /* First add the routes that enable us to talk to gateways, then add in the others that need a gateway. */
+ for (phase = 0; phase < _PHASE_MAX; phase++)
+@@ -1079,7 +1081,9 @@ static int link_request_set_addresses(Link *link) {
+
+ link_set_state(link, LINK_STATE_CONFIGURING);
+
+- link_request_set_neighbors(link);
++ r = link_request_set_neighbors(link);
++ if (r < 0)
++ return r;
+
+ LIST_FOREACH(addresses, ad, link->network->static_addresses) {
+ r = address_configure(ad, link, address_handler, false);
+@@ -1216,7 +1220,7 @@ static int link_request_set_addresses(Link *link) {
+
+ return 0;
+ }
+- }
++ }
+
+ log_link_debug(link, "Offering DHCPv4 leases");
+ }
diff --git a/debian/patches/network-rename-link_set_routing_policy_rule-to-link_reque.patch b/debian/patches/network-rename-link_set_routing_policy_rule-to-link_reque.patch
new file mode 100644
index 00000000..a0541e3e
--- /dev/null
+++ b/debian/patches/network-rename-link_set_routing_policy_rule-to-link_reque.patch
@@ -0,0 +1,34 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 30 Dec 2018 22:10:32 +0900
+Subject: network: rename link_set_routing_policy_rule() to
+ link_request_set_routing_policy_rule()
+
+For consistency to other functions.
+
+(cherry picked from commit 47079967e64727dd9271d2b033b5aa485209a7f7)
+---
+ src/network/networkd-link.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 589a016..e529111 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -787,7 +787,7 @@ void link_check_ready(Link *link) {
+ return;
+ }
+
+-static int link_set_routing_policy_rule(Link *link) {
++static int link_request_set_routing_policy_rule(Link *link) {
+ RoutingPolicyRule *rule, *rrule = NULL;
+ int r;
+
+@@ -866,7 +866,7 @@ static int link_request_set_routes(Link *link) {
+
+ link_set_state(link, LINK_STATE_CONFIGURING);
+
+- r = link_set_routing_policy_rule(link);
++ r = link_request_set_routing_policy_rule(link);
+ if (r < 0)
+ return r;
+
diff --git a/debian/patches/network-set-_configured-flags-to-false-before-requesting-.patch b/debian/patches/network-set-_configured-flags-to-false-before-requesting-.patch
new file mode 100644
index 00000000..eb45bdd6
--- /dev/null
+++ b/debian/patches/network-set-_configured-flags-to-false-before-requesting-.patch
@@ -0,0 +1,63 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 30 Dec 2018 22:08:10 +0900
+Subject: network: set *_configured flags to false before requesting addresses
+ or freinds
+
+Fixes #11272.
+
+(cherry picked from commit 2428613f854f46b6624199c2dc58d02617320133)
+---
+ src/network/networkd-link.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index e529111..5353b9d 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -794,6 +794,9 @@ static int link_request_set_routing_policy_rule(Link *link) {
+ assert(link);
+ assert(link->network);
+
++ link_set_state(link, LINK_STATE_CONFIGURING);
++ link->routing_policy_rules_configured = false;
++
+ LIST_FOREACH(rules, rule, link->network->rules) {
+ r = routing_policy_rule_get(link->manager, rule->family, &rule->from, rule->from_prefixlen, &rule->to,
+ rule->to_prefixlen, rule->tos, rule->fwmark, rule->table, rule->iif, rule->oif,
+@@ -865,6 +868,7 @@ static int link_request_set_routes(Link *link) {
+ assert(link->state != _LINK_STATE_INVALID);
+
+ link_set_state(link, LINK_STATE_CONFIGURING);
++ link->static_routes_configured = false;
+
+ r = link_request_set_routing_policy_rule(link);
+ if (r < 0)
+@@ -905,6 +909,7 @@ static int link_request_set_neighbors(Link *link) {
+ assert(link->state != _LINK_STATE_INVALID);
+
+ link_set_state(link, LINK_STATE_CONFIGURING);
++ link->neighbors_configured = false;
+
+ LIST_FOREACH(neighbors, neighbor, link->network->neighbors) {
+ r = neighbor_configure(neighbor, link, NULL);
+@@ -1075,12 +1080,18 @@ static int link_request_set_addresses(Link *link) {
+ assert(link->network);
+ assert(link->state != _LINK_STATE_INVALID);
+
++ link_set_state(link, LINK_STATE_CONFIGURING);
++
++ /* Reset all *_configured flags we are configuring. */
++ link->addresses_configured = false;
++ link->neighbors_configured = false;
++ link->static_routes_configured = false;
++ link->routing_policy_rules_configured = false;
++
+ r = link_set_bridge_fdb(link);
+ if (r < 0)
+ return r;
+
+- link_set_state(link, LINK_STATE_CONFIGURING);
+-
+ r = link_request_set_neighbors(link);
+ if (r < 0)
+ return r;
diff --git a/debian/patches/process-util-don-t-use-overly-large-buffer-to-store-proce.patch b/debian/patches/process-util-don-t-use-overly-large-buffer-to-store-proce.patch
new file mode 100644
index 00000000..2c3c5bef
--- /dev/null
+++ b/debian/patches/process-util-don-t-use-overly-large-buffer-to-store-proce.patch
@@ -0,0 +1,68 @@
+From: Michal Sekletar <msekleta@redhat.com>
+Date: Tue, 22 Jan 2019 14:29:50 +0100
+Subject: process-util: don't use overly large buffer to store process command
+ line
+
+Allocate new string as a return value and free our "scratch pad"
+buffer that is potentially much larger than needed (up to
+_SC_ARG_MAX).
+
+Fixes #11502
+
+(cherry picked from commit eb1ec489eef8a32918bbfc56a268c9d10464584d)
+---
+ src/basic/process-util.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/basic/process-util.c b/src/basic/process-util.c
+index 31fdbd9..78ce43b 100644
+--- a/src/basic/process-util.c
++++ b/src/basic/process-util.c
+@@ -102,7 +102,8 @@ int get_process_comm(pid_t pid, char **ret) {
+ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char **line) {
+ _cleanup_fclose_ FILE *f = NULL;
+ bool space = false;
+- char *k, *ans = NULL;
++ char *k;
++ _cleanup_free_ char *ans = NULL;
+ const char *p;
+ int c;
+
+@@ -143,7 +144,7 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
+ if (!ans)
+ return -ENOMEM;
+
+- *line = ans;
++ *line = TAKE_PTR(ans);
+ return 0;
+
+ } else {
+@@ -208,7 +209,7 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
+ _cleanup_free_ char *t = NULL;
+ int h;
+
+- free(ans);
++ ans = mfree(ans);
+
+ if (!comm_fallback)
+ return -ENOENT;
+@@ -241,9 +242,18 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
+ if (!ans)
+ return -ENOMEM;
+ }
++
++ *line = TAKE_PTR(ans);
++ return 0;
+ }
+
+- *line = ans;
++ k = realloc(ans, strlen(ans) + 1);
++ if (!k)
++ return -ENOMEM;
++
++ ans = NULL;
++ *line = k;
++
+ return 0;
+ }
+
diff --git a/debian/patches/sd-device-fix-segfault-when-error-occurs-in-device_new_fr.patch b/debian/patches/sd-device-fix-segfault-when-error-occurs-in-device_new_fr.patch
new file mode 100644
index 00000000..a77ce18d
--- /dev/null
+++ b/debian/patches/sd-device-fix-segfault-when-error-occurs-in-device_new_fr.patch
@@ -0,0 +1,33 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 23 Dec 2018 03:06:47 +0900
+Subject: sd-device: fix segfault when error occurs in
+ device_new_from_{nulstr,strv}()
+
+As devpath may not be set yet.
+
+When debug logging is enabled, log_device_*() calls
+sd_device_get_sysname(). So, we should not assume that devpath is always
+set.
+
+Fixes #11258.
+
+(cherry picked from commit 18fee12a2d489378a2a9b647db0d0eb8c43f5362)
+(cherry picked from commit 9ae73a6273461361eef7e83d48aadee111d6616e)
+---
+ src/libsystemd/sd-device/sd-device.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c
+index db58615..9b1ef44 100644
+--- a/src/libsystemd/sd-device/sd-device.c
++++ b/src/libsystemd/sd-device/sd-device.c
+@@ -1002,6 +1002,9 @@ static int device_set_sysname(sd_device *device) {
+ const char *pos;
+ size_t len = 0;
+
++ if (!device->devpath)
++ return -EINVAL;
++
+ pos = strrchr(device->devpath, '/');
+ if (!pos)
+ return -EINVAL;
diff --git a/debian/patches/sd-device-monitor-fix-ordering-of-setting-buffer-size.patch b/debian/patches/sd-device-monitor-fix-ordering-of-setting-buffer-size.patch
new file mode 100644
index 00000000..cfe5ee47
--- /dev/null
+++ b/debian/patches/sd-device-monitor-fix-ordering-of-setting-buffer-size.patch
@@ -0,0 +1,44 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 12 Jan 2019 05:24:54 +0900
+Subject: sd-device-monitor: fix ordering of setting buffer size
+
+By b1c097af8df58a94cba031a347061b7cb9b62d9b (#10239), the receive buffer
+size for uevents was set by SO_RCVBUF at first, and fallback to
+use SO_RCVBUFFORCE. So, as SO_RCVBUF limits to the buffer size
+net.core.rmem_max, which is usually much smaller than 128MB udevd requests,
+uevents buffer size was not sufficient.
+
+This fixes the ordering of the request: SO_RCVBUFFORCE first, and
+fallback to SO_RCVBUF. Then, udevd's uevent buffer size can be set to
+128MB.
+
+This also revert 903893237a2105b05671fe87b8f5d5e7417040d2.
+
+Fixes #11314 and #10754.
+
+(cherry picked from commit ee0b9e721a368742ac6fa9c3d9a33e45dc3203a2)
+---
+ src/libsystemd/sd-device/device-monitor.c | 10 ++--------
+ 1 file changed, 2 insertions(+), 8 deletions(-)
+
+diff --git a/src/libsystemd/sd-device/device-monitor.c b/src/libsystemd/sd-device/device-monitor.c
+index b869326..a6230d3 100644
+--- a/src/libsystemd/sd-device/device-monitor.c
++++ b/src/libsystemd/sd-device/device-monitor.c
+@@ -93,14 +93,8 @@ _public_ int sd_device_monitor_set_receive_buffer_size(sd_device_monitor *m, siz
+ assert_return(m, -EINVAL);
+ assert_return((size_t) n == size, -EINVAL);
+
+- if (m->bound)
+- return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
+- "sd-device-monitor: Socket fd is already bound. "
+- "It may be dangerous to change buffer size. "
+- "Refusing to change buffer size.");
+-
+- if (setsockopt_int(m->sock, SOL_SOCKET, SO_RCVBUF, n) < 0) {
+- r = setsockopt_int(m->sock, SOL_SOCKET, SO_RCVBUFFORCE, n);
++ if (setsockopt_int(m->sock, SOL_SOCKET, SO_RCVBUFFORCE, n) < 0) {
++ r = setsockopt_int(m->sock, SOL_SOCKET, SO_RCVBUF, n);
+ if (r < 0)
+ return r;
+ }
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 00000000..9a7e241d
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,60 @@
+Do-not-start-server-if-it-is-already-runnning-11245.patch
+core-free-lines-after-reading-them.patch
+switch-root-fix-error-message.patch
+udev-event-do-not-read-stdout-or-stderr-if-the-pipefd-is-.patch
+ask-password-api-do-not-call-ask_password_keyring-if-keyn.patch
+Docs-Add-Missing-Space-Between-Words.patch
+test-json-check-absolute-and-relative-difference-in-float.patch
+Pass-separate-dev_t-var-to-device_path_parse_major_minor.patch
+libudev-util-make-util_replace_whitespace-read-only-len-c.patch
+sd-device-fix-segfault-when-error-occurs-in-device_new_fr.patch
+Revert-sd-device-ignore-bind-unbind-events-for-now.patch
+Revert-udevd-configure-a-child-process-name-for-worker-pr.patch
+test-add-test-for-sending-receiving-an-invalid-device.patch
+journal-rely-on-_cleanup_free_-to-free-a-temporary-string.patch
+Revert-pam_systemd-drop-setting-DBUS_SESSION_BUS_ADDRESS.patch
+udev-rework-how-we-handle-the-return-value-from-spawned-p.patch
+json-handle-NULL-explicitly-in-json_variant_has_type.patch
+udev-node-make-link_find_prioritized-return-negative-valu.patch
+core-mount-make-mount_setup_existing_unit-not-drop-MOUNT_.patch
+coredump-remove-duplicate-MESSAGE-prefix-from-message.patch
+journald-remove-unnecessary.patch
+journald-do-not-store-the-iovec-entry-for-process-command.patch
+basic-process-util-limit-command-line-lengths-to-_SC_ARG_.patch
+coredump-fix-message-when-we-fail-to-save-a-journald-core.patch
+journald-set-a-limit-on-the-number-of-fields-1k.patch
+journald-when-processing-a-native-message-bail-more-quick.patch
+journald-lower-the-maximum-entry-size-limit-to-for-non-se.patch
+httpd-use-a-cleanup-function-to-call-MHD_destroy_response.patch
+journal-remote-verify-entry-length-from-header.patch
+journal-remote-set-a-limit-on-the-number-of-fields-in-a-m.patch
+logind-do-not-pass-negative-number-to-strerror.patch
+udevd-drop-redundant-call-to-sd_event_get_exit_code.patch
+udev-open-control-and-netlink-sockets-before-daemonizatio.patch
+Revert-logind-become-the-controlling-terminal-process-bef.patch
+udevadm-refuse-to-run-trigger-control-settle-and-monitor-.patch
+network-do-not-ignore-errors-on-link_request_set_neighbor.patch
+network-rename-link_set_routing_policy_rule-to-link_reque.patch
+network-set-_configured-flags-to-false-before-requesting-.patch
+man-update-color-of-journal-logs-in-DEBUG-level.patch
+sd-device-monitor-fix-ordering-of-setting-buffer-size.patch
+meson-stop-setting-fPIE-globally.patch
+Revert-Always-rename-an-interface-to-its-name-specified-i.patch
+process-util-don-t-use-overly-large-buffer-to-store-proce.patch
+debian/Use-Debian-specific-config-files.patch
+debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
+debian/Make-run-lock-tmpfs-an-API-fs.patch
+debian/Revert-udev-network-device-renaming-immediately-give.patch
+debian/Add-support-for-TuxOnIce-hibernation.patch
+debian/Re-enable-journal-forwarding-to-syslog.patch
+debian/Don-t-enable-audit-by-default.patch
+debian/Only-start-logind-if-dbus-is-installed.patch
+debian/fsckd-daemon-for-inter-fsckd-communication.patch
+debian/Skip-filesystem-check-if-already-done-by-the-initram.patch
+debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch
+debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch
+debian/Revert-core-enable-TasksMax-for-all-services-by-default-a.patch
+debian/Let-graphical-session-pre.target-be-manually-started.patch
+debian/Add-env-variable-for-machine-ID-path.patch
+debian/Revert-udev-rules-Permission-changes-for-dev-dri-renderD.patch
+debian/Drop-seccomp-system-call-filter-for-udev.patch
diff --git a/debian/patches/switch-root-fix-error-message.patch b/debian/patches/switch-root-fix-error-message.patch
new file mode 100644
index 00000000..75d1301b
--- /dev/null
+++ b/debian/patches/switch-root-fix-error-message.patch
@@ -0,0 +1,25 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Tue, 25 Dec 2018 13:10:18 +0900
+Subject: switch-root: fix error message
+
+Fixes #11261.
+
+(cherry picked from commit a5c67ccc575e6ebf12710cb7df84f65a51c5dc58)
+(cherry picked from commit ebcd154e1df434865d2752efdccbc7737bb28029)
+---
+ src/shared/switch-root.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/shared/switch-root.c b/src/shared/switch-root.c
+index ee31c44..dbb4622 100644
+--- a/src/shared/switch-root.c
++++ b/src/shared/switch-root.c
+@@ -83,7 +83,7 @@ int switch_root(const char *new_root,
+ (void) mkdir_p_label(chased, 0755);
+
+ if (mount(i, chased, NULL, mount_flags, NULL) < 0)
+- return log_error_errno(r, "Failed to mount %s to %s: %m", i, chased);
++ return log_error_errno(errno, "Failed to mount %s to %s: %m", i, chased);
+ }
+
+ /* Do not fail if base_filesystem_create() fails. Not all switch roots are like base_filesystem_create() wants
diff --git a/debian/patches/test-add-test-for-sending-receiving-an-invalid-device.patch b/debian/patches/test-add-test-for-sending-receiving-an-invalid-device.patch
new file mode 100644
index 00000000..c0cc4365
--- /dev/null
+++ b/debian/patches/test-add-test-for-sending-receiving-an-invalid-device.patch
@@ -0,0 +1,132 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 23 Dec 2018 03:28:28 +0900
+Subject: test: add test for sending/receiving an invalid device
+
+(cherry picked from commit 4fe0caadc85431118f2d8aea7570307cfc2aed27)
+(cherry picked from commit c2a11194c33de9bc7545a7c4df3fda5b90f02a50)
+---
+ src/libsystemd/sd-device/test-sd-device-monitor.c | 81 +++++++++++++++--------
+ 1 file changed, 54 insertions(+), 27 deletions(-)
+
+diff --git a/src/libsystemd/sd-device/test-sd-device-monitor.c b/src/libsystemd/sd-device/test-sd-device-monitor.c
+index 9e5ca11..48b49fb 100644
+--- a/src/libsystemd/sd-device/test-sd-device-monitor.c
++++ b/src/libsystemd/sd-device/test-sd-device-monitor.c
+@@ -24,11 +24,43 @@ static int monitor_handler(sd_device_monitor *m, sd_device *d, void *userdata) {
+ return sd_event_exit(sd_device_monitor_get_event(m), 0);
+ }
+
+-static int test_send_receive_one(sd_device *device, bool subsystem_filter, bool tag_filter, bool use_bpf) {
++static int test_receive_device_fail(void) {
+ _cleanup_(sd_device_monitor_unrefp) sd_device_monitor *monitor_server = NULL, *monitor_client = NULL;
+- const char *syspath, *subsystem, *tag, *devtype = NULL;
++ _cleanup_(sd_device_unrefp) sd_device *loopback = NULL;
++ const char *syspath;
+ int r;
+
++ log_info("/* %s */", __func__);
++
++ /* Try to send device with invalid action and without seqnum. */
++ assert_se(sd_device_new_from_syspath(&loopback, "/sys/class/net/lo") >= 0);
++ assert_se(device_add_property(loopback, "ACTION", "hoge") >= 0);
++
++ assert_se(sd_device_get_syspath(loopback, &syspath) >= 0);
++
++ assert_se(device_monitor_new_full(&monitor_server, MONITOR_GROUP_NONE, -1) >= 0);
++ assert_se(sd_device_monitor_start(monitor_server, NULL, NULL) >= 0);
++ assert_se(sd_event_source_set_description(sd_device_monitor_get_event_source(monitor_server), "sender") >= 0);
++
++ assert_se(device_monitor_new_full(&monitor_client, MONITOR_GROUP_NONE, -1) >= 0);
++ assert_se(device_monitor_allow_unicast_sender(monitor_client, monitor_server) >= 0);
++ assert_se(sd_device_monitor_start(monitor_client, monitor_handler, (void *) syspath) >= 0);
++ assert_se(sd_event_source_set_description(sd_device_monitor_get_event_source(monitor_client), "receiver") >= 0);
++
++ /* Do not use assert_se() here. */
++ r = device_monitor_send_device(monitor_server, monitor_client, loopback);
++ if (r < 0)
++ return log_error_errno(r, "Failed to send loopback device: %m");
++
++ assert_se(sd_event_run(sd_device_monitor_get_event(monitor_client), 0) >= 0);
++
++ return 0;
++}
++
++static void test_send_receive_one(sd_device *device, bool subsystem_filter, bool tag_filter, bool use_bpf) {
++ _cleanup_(sd_device_monitor_unrefp) sd_device_monitor *monitor_server = NULL, *monitor_client = NULL;
++ const char *syspath, *subsystem, *tag, *devtype = NULL;
++
+ log_device_info(device, "/* %s(subsystem_filter=%s, tag_filter=%s, use_bpf=%s) */", __func__,
+ true_false(subsystem_filter), true_false(tag_filter), true_false(use_bpf));
+
+@@ -56,14 +88,8 @@ static int test_send_receive_one(sd_device *device, bool subsystem_filter, bool
+ if ((subsystem_filter || tag_filter) && use_bpf)
+ assert_se(sd_device_monitor_filter_update(monitor_client) >= 0);
+
+- /* Do not use assert_se() here. */
+- r = device_monitor_send_device(monitor_server, monitor_client, device);
+- if (r < 0)
+- return log_error_errno(r, "Failed to send loopback device: %m");
+-
++ assert_se(device_monitor_send_device(monitor_server, monitor_client, device) >= 0);
+ assert_se(sd_event_loop(sd_device_monitor_get_event(monitor_client)) == 0);
+-
+- return 0;
+ }
+
+ static void test_subsystem_filter(sd_device *device) {
+@@ -111,22 +137,23 @@ int main(int argc, char *argv[]) {
+ if (getuid() != 0)
+ return log_tests_skipped("not root");
+
+- assert_se(sd_device_new_from_syspath(&loopback, "/sys/class/net/lo") >= 0);
+- assert_se(device_add_property(loopback, "ACTION", "add") >= 0);
+- assert_se(device_add_property(loopback, "SEQNUM", "10") >= 0);
+-
+- r = test_send_receive_one(loopback, false, false, false);
++ r = test_receive_device_fail();
+ if (r < 0) {
+ assert_se(r == -EPERM && detect_container() > 0);
+ return log_tests_skipped("Running in container? Skipping remaining tests");
+ }
+
+- assert_se(test_send_receive_one(loopback, true, false, false) >= 0);
+- assert_se(test_send_receive_one(loopback, false, true, false) >= 0);
+- assert_se(test_send_receive_one(loopback, true, true, false) >= 0);
+- assert_se(test_send_receive_one(loopback, true, false, true) >= 0);
+- assert_se(test_send_receive_one(loopback, false, true, true) >= 0);
+- assert_se(test_send_receive_one(loopback, true, true, true) >= 0);
++ assert_se(sd_device_new_from_syspath(&loopback, "/sys/class/net/lo") >= 0);
++ assert_se(device_add_property(loopback, "ACTION", "add") >= 0);
++ assert_se(device_add_property(loopback, "SEQNUM", "10") >= 0);
++
++ test_send_receive_one(loopback, false, false, false);
++ test_send_receive_one(loopback, true, false, false);
++ test_send_receive_one(loopback, false, true, false);
++ test_send_receive_one(loopback, true, true, false);
++ test_send_receive_one(loopback, true, false, true);
++ test_send_receive_one(loopback, false, true, true);
++ test_send_receive_one(loopback, true, true, true);
+
+ test_subsystem_filter(loopback);
+
+@@ -139,13 +166,13 @@ int main(int argc, char *argv[]) {
+ assert_se(device_add_property(sda, "ACTION", "change") >= 0);
+ assert_se(device_add_property(sda, "SEQNUM", "11") >= 0);
+
+- assert_se(test_send_receive_one(sda, false, false, false) >= 0);
+- assert_se(test_send_receive_one(sda, true, false, false) >= 0);
+- assert_se(test_send_receive_one(sda, false, true, false) >= 0);
+- assert_se(test_send_receive_one(sda, true, true, false) >= 0);
+- assert_se(test_send_receive_one(sda, true, false, true) >= 0);
+- assert_se(test_send_receive_one(sda, false, true, true) >= 0);
+- assert_se(test_send_receive_one(sda, true, true, true) >= 0);
++ test_send_receive_one(sda, false, false, false);
++ test_send_receive_one(sda, true, false, false);
++ test_send_receive_one(sda, false, true, false);
++ test_send_receive_one(sda, true, true, false);
++ test_send_receive_one(sda, true, false, true);
++ test_send_receive_one(sda, false, true, true);
++ test_send_receive_one(sda, true, true, true);
+
+ return 0;
+ }
diff --git a/debian/patches/test-json-check-absolute-and-relative-difference-in-float.patch b/debian/patches/test-json-check-absolute-and-relative-difference-in-float.patch
new file mode 100644
index 00000000..d083a9b5
--- /dev/null
+++ b/debian/patches/test-json-check-absolute-and-relative-difference-in-float.patch
@@ -0,0 +1,54 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Fri, 21 Dec 2018 22:49:53 +0100
+Subject: test-json: check absolute and relative difference in floating point
+ test
+
+The test fails under valgrind, so there was an exception for valgrind.
+Unfortunately that check only works when valgrind-devel headers are
+available during build. But it is possible to have just valgrind installed,
+or simply install it after the build, and then "valgrind test-json" would
+fail.
+
+It also seems that even without valgrind, this fails on some arm32 CPUs.
+Let's do the usual-style test for absolute and relative differences.
+
+(cherry picked from commit aa70783f55b369521b94e0985e84bbdaae16b174)
+(cherry picked from commit 88938bf95b850849d075d7a6ebe37bb1d9780efe)
+---
+ src/test/test-json.c | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/src/test/test-json.c b/src/test/test-json.c
+index 5aa4d19..cd6269f 100644
+--- a/src/test/test-json.c
++++ b/src/test/test-json.c
+@@ -1,9 +1,6 @@
+ /* SPDX-License-Identifier: LGPL-2.1+ */
+
+ #include <math.h>
+-#if HAVE_VALGRIND_VALGRIND_H
+-#include <valgrind/valgrind.h>
+-#endif
+
+ #include "alloc-util.h"
+ #include "fd-util.h"
+@@ -45,12 +42,13 @@ static void test_tokenizer(const char *data, ...) {
+
+ d = va_arg(ap, long double);
+
+-#if HAVE_VALGRIND_VALGRIND_H
+- if (!RUNNING_ON_VALGRIND)
+-#endif
+- /* Valgrind doesn't support long double calculations and automatically downgrades to 80bit:
+- * http://www.valgrind.org/docs/manual/manual-core.html#manual-core.limits */
+- assert_se(fabsl(d - v.real) < 0.001L);
++ /* Valgrind doesn't support long double calculations and automatically downgrades to 80bit:
++ * http://www.valgrind.org/docs/manual/manual-core.html#manual-core.limits.
++ * Some architectures might not support long double either.
++ */
++
++ assert_se(fabsl(d - v.real) < 1e-10 ||
++ fabsl((d - v.real) / v.real) < 1e-10);
+
+ } else if (t == JSON_TOKEN_INTEGER) {
+ intmax_t i;
diff --git a/debian/patches/udev-event-do-not-read-stdout-or-stderr-if-the-pipefd-is-.patch b/debian/patches/udev-event-do-not-read-stdout-or-stderr-if-the-pipefd-is-.patch
new file mode 100644
index 00000000..3ea72f42
--- /dev/null
+++ b/debian/patches/udev-event-do-not-read-stdout-or-stderr-if-the-pipefd-is-.patch
@@ -0,0 +1,41 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 26 Dec 2018 00:36:55 +0900
+Subject: udev-event: do not read stdout or stderr if the pipefd is not
+ created
+
+Fixes #11255.
+
+(cherry picked from commit adeb26c1affd09138bb96a9e25b795d146e64c97)
+(cherry picked from commit 32a11a27b69031240beea38260d93e034ea33036)
+---
+ src/udev/udev-event.c | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
+index e28d6a5..3e91697 100644
+--- a/src/udev/udev-event.c
++++ b/src/udev/udev-event.c
+@@ -570,13 +570,17 @@ static int spawn_wait(Spawn *spawn) {
+ }
+ }
+
+- r = sd_event_add_io(e, NULL, spawn->fd_stdout, EPOLLIN, on_spawn_io, spawn);
+- if (r < 0)
+- return r;
++ if (spawn->fd_stdout >= 0) {
++ r = sd_event_add_io(e, NULL, spawn->fd_stdout, EPOLLIN, on_spawn_io, spawn);
++ if (r < 0)
++ return r;
++ }
+
+- r = sd_event_add_io(e, NULL, spawn->fd_stderr, EPOLLIN, on_spawn_io, spawn);
+- if (r < 0)
+- return r;
++ if (spawn->fd_stderr >= 0) {
++ r = sd_event_add_io(e, NULL, spawn->fd_stderr, EPOLLIN, on_spawn_io, spawn);
++ if (r < 0)
++ return r;
++ }
+
+ r = sd_event_add_child(e, NULL, spawn->pid, WEXITED, on_spawn_sigchld, spawn);
+ if (r < 0)
diff --git a/debian/patches/udev-node-make-link_find_prioritized-return-negative-valu.patch b/debian/patches/udev-node-make-link_find_prioritized-return-negative-valu.patch
new file mode 100644
index 00000000..d8f5bf5e
--- /dev/null
+++ b/debian/patches/udev-node-make-link_find_prioritized-return-negative-valu.patch
@@ -0,0 +1,29 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Wed, 9 Jan 2019 02:46:03 +0900
+Subject: udev-node: make link_find_prioritized() return negative value when
+ nothing found
+
+Fixes a bug introduced by a2554acec652fc65c8ed0c6c1fede9ba8c3693b1.
+
+Fixes RHBZ#1662303.
+
+(cherry picked from commit 82d9ac23fd5ab2befe2a95187640a8d38799dd64)
+(cherry picked from commit f665fe3e2e74548a2a236f3b7635227621aa568a)
+---
+ src/udev/udev-node.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
+index c11eb8c..c77010c 100644
+--- a/src/udev/udev-node.c
++++ b/src/udev/udev-node.c
+@@ -181,6 +181,9 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir,
+ priority = db_prio;
+ }
+
++ if (!target)
++ return -ENOENT;
++
+ *ret = TAKE_PTR(target);
+ return 0;
+ }
diff --git a/debian/patches/udev-open-control-and-netlink-sockets-before-daemonizatio.patch b/debian/patches/udev-open-control-and-netlink-sockets-before-daemonizatio.patch
new file mode 100644
index 00000000..61d789fd
--- /dev/null
+++ b/debian/patches/udev-open-control-and-netlink-sockets-before-daemonizatio.patch
@@ -0,0 +1,171 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 8 Jan 2019 22:41:16 +0100
+Subject: udev: open control and netlink sockets before daemonization
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+c4b69e990f962128cc6975e36e91e9ad838fa2c4 effectively moved the initalization of socket.
+Before that commit:
+run → listen_fds → udev_ctrl_new → udev_ctrl_new_from_fd → socket()
+After:
+run → main_loop → manager_new → udev_ctrl_new_from_fd → socket()
+
+The problem is that main_loop was called after daemonization. Move manager_new
+out of main_loop and before daemonization.
+
+Fixes #11314 (hopefully ;)).
+
+v2: Yu Watanabe
+sd_event is initialized in main_loop().
+
+(cherry picked from commit b5af8c8cdf5fc7cc5d4108460270728375eb7fc4)
+(cherry picked from commit 6b59b44b87568fe5f8362018f47d440b1e6681dd)
+---
+ src/udev/udevd.c | 67 ++++++++++++++++++++++++++++----------------------------
+ 1 file changed, 34 insertions(+), 33 deletions(-)
+
+diff --git a/src/udev/udevd.c b/src/udev/udevd.c
+index 6938d81..a1050a7 100644
+--- a/src/udev/udevd.c
++++ b/src/udev/udevd.c
+@@ -1590,7 +1590,7 @@ static int parse_argv(int argc, char *argv[]) {
+
+ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cgroup) {
+ _cleanup_(manager_freep) Manager *manager = NULL;
+- int r, fd_worker;
++ int r;
+
+ assert(ret);
+
+@@ -1604,25 +1604,13 @@ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cg
+ .cgroup = cgroup,
+ };
+
+- udev_builtin_init();
+-
+- r = udev_rules_new(&manager->rules, arg_resolve_name_timing);
+- if (!manager->rules)
+- return log_error_errno(r, "Failed to read udev rules: %m");
+-
+ manager->ctrl = udev_ctrl_new_from_fd(fd_ctrl);
+ if (!manager->ctrl)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to initialize udev control socket");
+
+- if (fd_ctrl < 0) {
+- r = udev_ctrl_enable_receiving(manager->ctrl);
+- if (r < 0)
+- return log_error_errno(r, "Failed to bind udev control socket: %m");
+- }
+-
+- fd_ctrl = udev_ctrl_get_fd(manager->ctrl);
+- if (fd_ctrl < 0)
+- return log_error_errno(fd_ctrl, "Failed to get udev control socket fd: %m");
++ r = udev_ctrl_enable_receiving(manager->ctrl);
++ if (r < 0)
++ return log_error_errno(r, "Failed to bind udev control socket: %m");
+
+ r = device_monitor_new_full(&manager->monitor, MONITOR_GROUP_KERNEL, fd_uevent);
+ if (r < 0)
+@@ -1630,6 +1618,18 @@ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cg
+
+ (void) sd_device_monitor_set_receive_buffer_size(manager->monitor, 128 * 1024 * 1024);
+
++ r = device_monitor_enable_receiving(manager->monitor);
++ if (r < 0)
++ return log_error_errno(r, "Failed to bind netlink socket: %m");
++
++ *ret = TAKE_PTR(manager);
++
++ return 0;
++}
++
++static int main_loop(Manager *manager) {
++ int fd_worker, fd_ctrl, r;
++
+ /* unnamed socket from workers to the main daemon */
+ r = socketpair(AF_LOCAL, SOCK_DGRAM|SOCK_CLOEXEC, 0, manager->worker_watch);
+ if (r < 0)
+@@ -1675,6 +1675,10 @@ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cg
+ if (r < 0)
+ return log_error_errno(r, "Failed to create watchdog event source: %m");
+
++ fd_ctrl = udev_ctrl_get_fd(manager->ctrl);
++ if (fd_ctrl < 0)
++ return log_error_errno(fd_ctrl, "Failed to get udev control socket fd: %m");
++
+ r = sd_event_add_io(manager->event, &manager->ctrl_event, fd_ctrl, EPOLLIN, on_ctrl_msg, manager);
+ if (r < 0)
+ return log_error_errno(r, "Failed to create udev control event source: %m");
+@@ -1709,20 +1713,11 @@ static int manager_new(Manager **ret, int fd_ctrl, int fd_uevent, const char *cg
+ if (r < 0)
+ return log_error_errno(r, "Failed to create post event source: %m");
+
+- *ret = TAKE_PTR(manager);
+-
+- return 0;
+-}
+-
+-static int main_loop(int fd_ctrl, int fd_uevent, const char *cgroup) {
+- _cleanup_(manager_freep) Manager *manager = NULL;
+- int r;
++ udev_builtin_init();
+
+- r = manager_new(&manager, fd_ctrl, fd_uevent, cgroup);
+- if (r < 0) {
+- r = log_error_errno(r, "Failed to allocate manager object: %m");
+- goto exit;
+- }
++ r = udev_rules_new(&manager->rules, arg_resolve_name_timing);
++ if (!manager->rules)
++ return log_error_errno(r, "Failed to read udev rules: %m");
+
+ r = udev_rules_apply_static_dev_perms(manager->rules);
+ if (r < 0)
+@@ -1739,13 +1734,12 @@ static int main_loop(int fd_ctrl, int fd_uevent, const char *cgroup) {
+ sd_notify(false,
+ "STOPPING=1\n"
+ "STATUS=Shutting down...");
+- if (manager)
+- udev_ctrl_cleanup(manager->ctrl);
+ return r;
+ }
+
+ static int run(int argc, char *argv[]) {
+ _cleanup_free_ char *cgroup = NULL;
++ _cleanup_(manager_freep) Manager *manager = NULL;
+ int fd_ctrl = -1, fd_uevent = -1;
+ int r;
+
+@@ -1822,10 +1816,14 @@ static int run(int argc, char *argv[]) {
+ if (r < 0)
+ return log_error_errno(r, "Failed to listen on fds: %m");
+
++ r = manager_new(&manager, fd_ctrl, fd_uevent, cgroup);
++ if (r < 0)
++ return log_error_errno(r, "Failed to create manager: %m");
++
+ if (arg_daemonize) {
+ pid_t pid;
+
+- log_info("starting version " PACKAGE_VERSION);
++ log_info("Starting version " PACKAGE_VERSION);
+
+ /* connect /dev/null to stdin, stdout, stderr */
+ if (log_get_max_level() < LOG_DEBUG) {
+@@ -1849,7 +1847,10 @@ static int run(int argc, char *argv[]) {
+ log_debug_errno(r, "Failed to adjust OOM score, ignoring: %m");
+ }
+
+- return main_loop(fd_ctrl, fd_uevent, cgroup);
++ r = main_loop(manager);
++ /* FIXME: move this into manager_free() */
++ udev_ctrl_cleanup(manager->ctrl);
++ return r;
+ }
+
+ DEFINE_MAIN_FUNCTION(run);
diff --git a/debian/patches/udev-rework-how-we-handle-the-return-value-from-spawned-p.patch b/debian/patches/udev-rework-how-we-handle-the-return-value-from-spawned-p.patch
new file mode 100644
index 00000000..9993cbf6
--- /dev/null
+++ b/debian/patches/udev-rework-how-we-handle-the-return-value-from-spawned-p.patch
@@ -0,0 +1,151 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 6 Jan 2019 22:17:00 +0100
+Subject: udev: rework how we handle the return value from spawned programs
+
+When running PROGRAM="...", we would log
+systemd-udevd[447]: Failed to wait spawned command '...': Input/output error
+no matter why the program actually failed, at error level.
+
+The code wouldn't distinguish between an internal failure and a failure in the
+program being called and run sd_event_exit(..., -EIO) on any kind of error. EIO
+is rather misleading here, becuase it suggests a serious error.
+
+on_spawn_sigchld is updated to set the return code to distinguish failure to
+spawn, including the program being killed by a signal (a negative return value),
+and the program failing (positive return value).
+
+The logging levels are adjusted, so that for PROGRAM= calls, which are
+essentially "if" statements, we only log at debug level (unless we get a
+timeout or segfault or another unexpected error).
+
+(cherry picked from commit a75211421fc9366068e6d9446e8e567246c72feb)
+(cherry picked from commit 5862f1730af205e2b95349b477aeed25b2f3e3b8)
+---
+ src/udev/udev-event.c | 38 +++++++++++++-------------------------
+ src/udev/udev-rules.c | 12 +++++++-----
+ 2 files changed, 20 insertions(+), 30 deletions(-)
+
+diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
+index 3e91697..07b7365 100644
+--- a/src/udev/udev-event.c
++++ b/src/udev/udev-event.c
+@@ -504,38 +504,34 @@ static int on_spawn_timeout_warning(sd_event_source *s, uint64_t usec, void *use
+
+ static int on_spawn_sigchld(sd_event_source *s, const siginfo_t *si, void *userdata) {
+ Spawn *spawn = userdata;
++ int ret = -EIO;
+
+ assert(spawn);
+
+ switch (si->si_code) {
+ case CLD_EXITED:
+- if (si->si_status == 0) {
++ if (si->si_status == 0)
+ log_debug("Process '%s' succeeded.", spawn->cmd);
+- sd_event_exit(sd_event_source_get_event(s), 0);
+-
+- return 1;
+- }
+-
+- log_full(spawn->accept_failure ? LOG_DEBUG : LOG_WARNING,
+- "Process '%s' failed with exit code %i.", spawn->cmd, si->si_status);
++ else
++ log_full(spawn->accept_failure ? LOG_DEBUG : LOG_WARNING,
++ "Process '%s' failed with exit code %i.", spawn->cmd, si->si_status);
++ ret = si->si_status;
+ break;
+ case CLD_KILLED:
+ case CLD_DUMPED:
+- log_warning("Process '%s' terminated by signal %s.", spawn->cmd, signal_to_string(si->si_status));
+-
++ log_error("Process '%s' terminated by signal %s.", spawn->cmd, signal_to_string(si->si_status));
+ break;
+ default:
+ log_error("Process '%s' failed due to unknown reason.", spawn->cmd);
+ }
+
+- sd_event_exit(sd_event_source_get_event(s), -EIO);
+-
++ sd_event_exit(sd_event_source_get_event(s), ret);
+ return 1;
+ }
+
+ static int spawn_wait(Spawn *spawn) {
+ _cleanup_(sd_event_unrefp) sd_event *e = NULL;
+- int r, ret;
++ int r;
+
+ assert(spawn);
+
+@@ -586,15 +582,7 @@ static int spawn_wait(Spawn *spawn) {
+ if (r < 0)
+ return r;
+
+- r = sd_event_loop(e);
+- if (r < 0)
+- return r;
+-
+- r = sd_event_get_exit_code(e, &ret);
+- if (r < 0)
+- return r;
+-
+- return ret;
++ return sd_event_loop(e);
+ }
+
+ int udev_event_spawn(UdevEvent *event,
+@@ -679,12 +667,12 @@ int udev_event_spawn(UdevEvent *event,
+ };
+ r = spawn_wait(&spawn);
+ if (r < 0)
+- return log_error_errno(r, "Failed to wait spawned command '%s': %m", cmd);
++ return log_error_errno(r, "Failed to wait for spawned command '%s': %m", cmd);
+
+ if (result)
+ result[spawn.result_len] = '\0';
+
+- return r;
++ return r; /* 0 for success, and positive if the program failed */
+ }
+
+ static int rename_netif(UdevEvent *event) {
+@@ -899,7 +887,7 @@ void udev_event_execute_run(UdevEvent *event, usec_t timeout_usec) {
+ (void) usleep(event->exec_delay_usec);
+ }
+
+- udev_event_spawn(event, timeout_usec, false, command, NULL, 0);
++ (void) udev_event_spawn(event, timeout_usec, false, command, NULL, 0);
+ }
+ }
+ }
+diff --git a/src/udev/udev-rules.c b/src/udev/udev-rules.c
+index 53c68d2..f697972 100644
+--- a/src/udev/udev-rules.c
++++ b/src/udev/udev-rules.c
+@@ -645,11 +645,13 @@ static int import_program_into_properties(UdevEvent *event,
+ const char *program) {
+ char result[UTIL_LINE_SIZE];
+ char *line;
+- int err;
++ int r;
+
+- err = udev_event_spawn(event, timeout_usec, true, program, result, sizeof(result));
+- if (err < 0)
+- return err;
++ r = udev_event_spawn(event, timeout_usec, false, program, result, sizeof result);
++ if (r < 0)
++ return r;
++ if (r > 0)
++ return -EIO;
+
+ line = result;
+ while (line) {
+@@ -1959,7 +1961,7 @@ int udev_rules_apply_to_event(
+ rules_str(rules, rule->rule.filename_off),
+ rule->rule.filename_line);
+
+- if (udev_event_spawn(event, timeout_usec, true, program, result, sizeof(result)) < 0) {
++ if (udev_event_spawn(event, timeout_usec, true, program, result, sizeof(result)) != 0) {
+ if (cur->key.op != OP_NOMATCH)
+ goto nomatch;
+ } else {
diff --git a/debian/patches/udevadm-refuse-to-run-trigger-control-settle-and-monitor-.patch b/debian/patches/udevadm-refuse-to-run-trigger-control-settle-and-monitor-.patch
new file mode 100644
index 00000000..d63dae5a
--- /dev/null
+++ b/debian/patches/udevadm-refuse-to-run-trigger-control-settle-and-monitor-.patch
@@ -0,0 +1,111 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Mon, 7 Jan 2019 14:30:55 +0900
+Subject: udevadm: refuse to run trigger, control,
+ settle and monitor commands in chroot
+
+Closes #11333.
+
+(cherry picked from commit c494b739a47359ab2697482f52545e2a6d1c86ad)
+---
+ src/udev/udevadm-control.c | 6 ++++++
+ src/udev/udevadm-monitor.c | 6 ++++++
+ src/udev/udevadm-settle.c | 6 ++++++
+ src/udev/udevadm-trigger.c | 6 ++++++
+ 4 files changed, 24 insertions(+)
+
+diff --git a/src/udev/udevadm-control.c b/src/udev/udevadm-control.c
+index d932041..cb9b4cc 100644
+--- a/src/udev/udevadm-control.c
++++ b/src/udev/udevadm-control.c
+@@ -26,6 +26,7 @@
+ #include "udevadm.h"
+ #include "udev-ctrl.h"
+ #include "util.h"
++#include "virt.h"
+
+ static int help(void) {
+ printf("%s control OPTION\n\n"
+@@ -70,6 +71,11 @@ int control_main(int argc, char *argv[], void *userdata) {
+ if (r < 0)
+ return r;
+
++ if (running_in_chroot() > 0) {
++ log_info("Running in chroot, ignoring request.");
++ return 0;
++ }
++
+ if (argc <= 1)
+ log_error("Option missing");
+
+diff --git a/src/udev/udevadm-monitor.c b/src/udev/udevadm-monitor.c
+index f7737d0..f1b3e25 100644
+--- a/src/udev/udevadm-monitor.c
++++ b/src/udev/udevadm-monitor.c
+@@ -17,6 +17,7 @@
+ #include "signal-util.h"
+ #include "string-util.h"
+ #include "udevadm.h"
++#include "virt.h"
+
+ static bool arg_show_property = false;
+ static bool arg_print_kernel = false;
+@@ -210,6 +211,11 @@ int monitor_main(int argc, char *argv[], void *userdata) {
+ if (r <= 0)
+ goto finalize;
+
++ if (running_in_chroot() > 0) {
++ log_info("Running in chroot, ignoring request.");
++ return 0;
++ }
++
+ /* Callers are expecting to see events as they happen: Line buffering */
+ setlinebuf(stdout);
+
+diff --git a/src/udev/udevadm-settle.c b/src/udev/udevadm-settle.c
+index 4ae237d..9b05e9a 100644
+--- a/src/udev/udevadm-settle.c
++++ b/src/udev/udevadm-settle.c
+@@ -18,6 +18,7 @@
+ #include "udevadm.h"
+ #include "udev-ctrl.h"
+ #include "util.h"
++#include "virt.h"
+
+ static usec_t arg_timeout = 120 * USEC_PER_SEC;
+ static const char *arg_exists = NULL;
+@@ -88,6 +89,11 @@ int settle_main(int argc, char *argv[], void *userdata) {
+ if (r <= 0)
+ return r;
+
++ if (running_in_chroot() > 0) {
++ log_info("Running in chroot, ignoring request.");
++ return 0;
++ }
++
+ deadline = now(CLOCK_MONOTONIC) + arg_timeout;
+
+ /* guarantee that the udev daemon isn't pre-processing */
+diff --git a/src/udev/udevadm-trigger.c b/src/udev/udevadm-trigger.c
+index f13a08f..aa9ebd5 100644
+--- a/src/udev/udevadm-trigger.c
++++ b/src/udev/udevadm-trigger.c
+@@ -15,6 +15,7 @@
+ #include "strv.h"
+ #include "udevadm.h"
+ #include "udevadm-util.h"
++#include "virt.h"
+
+ static bool arg_verbose = false;
+ static bool arg_dry_run = false;
+@@ -158,6 +159,11 @@ int trigger_main(int argc, char *argv[], void *userdata) {
+ bool settle = false;
+ int c, r;
+
++ if (running_in_chroot() > 0) {
++ log_info("Running in chroot, ignoring request.");
++ return 0;
++ }
++
+ r = sd_device_enumerator_new(&e);
+ if (r < 0)
+ return r;
diff --git a/debian/patches/udevd-drop-redundant-call-to-sd_event_get_exit_code.patch b/debian/patches/udevd-drop-redundant-call-to-sd_event_get_exit_code.patch
new file mode 100644
index 00000000..bcf934d6
--- /dev/null
+++ b/debian/patches/udevd-drop-redundant-call-to-sd_event_get_exit_code.patch
@@ -0,0 +1,54 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 8 Jan 2019 22:56:50 +0100
+Subject: udevd: drop redundant call to sd_event_get_exit_code
+
+sd_event_loop returns the same thing anyway.
+
+(cherry picked from commit 44dcf454b604628bf451194482c97ce981596ce5)
+(cherry picked from commit 1f6562d559bd11612b3f59b20fae4ed34d688dff)
+---
+ src/udev/udevd.c | 15 +++------------
+ 1 file changed, 3 insertions(+), 12 deletions(-)
+
+diff --git a/src/udev/udevd.c b/src/udev/udevd.c
+index ec77bd4..6938d81 100644
+--- a/src/udev/udevd.c
++++ b/src/udev/udevd.c
+@@ -464,7 +464,7 @@ static int worker_device_monitor_handler(sd_device_monitor *monitor, sd_device *
+ static int worker_main(Manager *_manager, sd_device_monitor *monitor, sd_device *first_device) {
+ _cleanup_(sd_device_unrefp) sd_device *dev = first_device;
+ _cleanup_(manager_freep) Manager *manager = _manager;
+- int r, ret;
++ int r;
+
+ assert(manager);
+ assert(monitor);
+@@ -507,11 +507,7 @@ static int worker_main(Manager *_manager, sd_device_monitor *monitor, sd_device
+ if (r < 0)
+ return log_error_errno(r, "Event loop failed: %m");
+
+- r = sd_event_get_exit_code(manager->event, &ret);
+- if (r < 0)
+- return log_error_errno(r, "Failed to get exit code: %m");
+-
+- return ret;
++ return 0;
+ }
+
+ static int worker_spawn(Manager *manager, struct event *event) {
+@@ -1737,14 +1733,9 @@ static int main_loop(int fd_ctrl, int fd_uevent, const char *cgroup) {
+ "STATUS=Processing with %u children at max", arg_children_max);
+
+ r = sd_event_loop(manager->event);
+- if (r < 0) {
++ if (r < 0)
+ log_error_errno(r, "Event loop failed: %m");
+- goto exit;
+- }
+-
+- sd_event_get_exit_code(manager->event, &r);
+
+-exit:
+ sd_notify(false,
+ "STOPPING=1\n"
+ "STATUS=Shutting down...");
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 00000000..09c133a6
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,302 @@
+#! /usr/bin/make -f
+
+#export DH_VERBOSE = 1
+#export DEB_BUILD_OPTIONS = nostrip
+
+export LC_ALL = C.UTF-8
+
+include /usr/share/dpkg/default.mk
+
+ifeq ($(DEB_VENDOR),Ubuntu)
+ DEFAULT_NTP_SERVERS = ntp.ubuntu.com
+ SUPPORT_URL = http://www.ubuntu.com/support
+ CONFFLAGS_DISTRO = -Ddns-servers=''
+else
+ DEFAULT_NTP_SERVERS = 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org
+ SUPPORT_URL = https://www.debian.org/support
+ CONFFLAGS_DISTRO =
+endif
+
+ifneq (, $(filter $(DEB_BUILD_ARCH), riscv64))
+ TEST_TIMEOUT_MULTIPLIER = "-t 10"
+endif
+
+# fail on missing files and symbols changes on distro builds, but not if we
+# build/test upstream master
+ifeq ($(TEST_UPSTREAM),)
+ DH_MISSING = --fail-missing
+ GENSYMBOLS_LEVEL = 4
+else
+ DH_MISSING = --list-missing
+ GENSYMBOLS_LEVEL = 1
+endif
+
+ifneq (, $(filter noudeb, $(DEB_BUILD_OPTIONS)))
+export DEB_BUILD_PROFILES += noudeb
+endif
+
+CONFFLAGS = \
+ -Db_lto=true \
+ -Db_pie=true \
+ -Drootlibdir=/lib/$(DEB_HOST_MULTIARCH) \
+ -Dsplit-usr=true \
+ -Dquotaon-path=/sbin/quotaon \
+ -Dquotacheck-path=/sbin/quotacheck \
+ -Dkmod-path=/bin/kmod \
+ -Dkexec-path=/sbin/kexec \
+ -Dsulogin-path=/sbin/sulogin \
+ -Dmount-path=/bin/mount \
+ -Dumount-path=/bin/umount \
+ -Dloadkeys-path=/bin/loadkeys \
+ -Dsetfont-path=/bin/setfont \
+ -Dtelinit-path=/lib/sysvinit/telinit \
+ -Dsysvinit-path=/etc/init.d \
+ -Dsysvrcnd-path=/etc \
+ -Ddebug-shell=/bin/bash \
+ -Dzshcompletiondir=/usr/share/zsh/vendor-completions \
+ -Ddbuspolicydir=/usr/share/dbus-1/system.d/ \
+ -Dsupport-url=$(SUPPORT_URL) \
+ -Ddefault-kill-user-processes=false \
+ -Dpamconfdir=no \
+ -Drpmmacrosdir=no \
+ -Dqrencode=false \
+ -Dvconsole=false \
+ -Dfirstboot=false \
+ -Dxkbcommon=false \
+ -Dportabled=false \
+ -Dwheel-group=false \
+ -Dntp-servers="$(DEFAULT_NTP_SERVERS)" \
+ -Dlink-udev-shared=false \
+ -Dsystem-uid-max=999 \
+ -Dsystem-gid-max=999 \
+ -Dnobody-user=nobody \
+ -Dnobody-group=nogroup \
+ -Dbump-proc-sys-fs-nr-open=false \
+ -Ddev-kvm-mode=0660
+
+# resolved's DNSSEC support is still not mature enough, don't enable it by
+# default on stable Debian or any Ubuntu releases
+CONFFLAGS += $(shell grep -qE 'stretch|ubuntu' /etc/os-release && echo -Ddefault-dnssec=no)
+
+CONFFLAGS_deb = \
+ -Dselinux=true \
+ -Dhwdb=true \
+ -Dsysusers=true \
+ -Dinstall-tests=true \
+ -Defi=true \
+ -Dnss-myhostname=true \
+ -Dnss-mymachines=true \
+ -Dnss-resolve=true \
+ -Dnss-systemd=true \
+ -Dresolve=true \
+ -Dlink-systemctl-shared=false
+
+ifeq (, $(filter stage1, $(DEB_BUILD_PROFILES)))
+CONFFLAGS_deb += \
+ -Daudit=true \
+ -Dlibcryptsetup=true \
+ -Dcoredump=true \
+ -Delfutils=true \
+ -Dapparmor=true \
+ -Dlibidn=true \
+ -Dlibiptc=true \
+ -Dlibcurl=true \
+ -Dimportd=true \
+ -Dmicrohttpd=true \
+ -Dgnutls=true
+else
+CONFFLAGS_deb += \
+ -Daudit=false \
+ -Dlibcryptsetup=false \
+ -Dcoredump=false \
+ -Delfutils=false \
+ -Dapparmor=false \
+ -Dlibidn=false \
+ -Dlibiptc=false \
+ -Dlibcurl=false \
+ -Dimportd=false \
+ -Dmicrohttpd=false \
+ -Dgnutls=false
+endif
+
+CONFFLAGS_udeb = \
+ -Dlibcryptsetup=false \
+ -Dcoredump=false \
+ -Delfutils=false \
+ -Dpam=false \
+ -Daudit=false \
+ -Dselinux=false\
+ -Dapparmor=false \
+ -Dlibidn=false \
+ -Dlibiptc=false \
+ -Dsmack=false \
+ -Dima=false \
+ -Dbinfmt=false \
+ -Dquotacheck=false \
+ -Dtmpfiles=false \
+ -Drandomseed=false \
+ -Dbacklight=false \
+ -Dlogind=false \
+ -Dmachined=false \
+ -Dlibcurl=false \
+ -Dimportd=false \
+ -Dmicrohttpd=false \
+ -Dgnutls=false \
+ -Dhostnamed=false \
+ -Dtimedated=false \
+ -Dnetworkd=false \
+ -Dtimesyncd=false \
+ -Dlocaled=false \
+ -Dnss-myhostname=false \
+ -Dnss-mymachines=false \
+ -Dnss-resolve=false \
+ -Dnss-systemd=false \
+ -Dresolve=false \
+ -Dpolkit=false \
+ -Dacl=false \
+ -Dgcrypt=false \
+ -Drfkill=false \
+ -Dhwdb=false \
+ -Dman=false \
+ -Defi=false \
+ -Dseccomp=false \
+ -Dsysusers=false
+
+override_dh_auto_configure:
+ dh_auto_configure --builddirectory=build-deb \
+ -- $(CONFFLAGS) $(CONFFLAGS_DISTRO) $(CONFFLAGS_deb)
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_auto_configure --builddirectory=build-udeb \
+ -- $(CONFFLAGS) $(CONFFLAGS_DISTRO) $(CONFFLAGS_udeb)
+endif
+
+override_dh_auto_build:
+ dh_auto_build --builddirectory=build-deb
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_auto_build --builddirectory=build-udeb
+endif
+ # generate POT file for translators
+ ninja -C build-deb/ systemd-pot
+
+override_dh_auto_install:
+ dh_auto_install --builddirectory=build-deb \
+ --destdir=debian/install/deb
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_auto_install --builddirectory=build-udeb \
+ --destdir=debian/install/udeb
+endif
+ # fix paths in manpages; manually check the remaining /usr occurrences
+ # occasionally, with filtering out paths which are known to be in /usr:
+ # grep -r /usr debian/install/deb/usr/share/man/|egrep -v '/usr/local|os.*release|factory|zoneinfo|tmpfiles|kernel|foo|machines|sysctl|dbus|include|binfmt'
+ find debian/install/deb/usr/share/man/ -type f | xargs sed -ri 's_/usr(/lib/systemd/system|/lib/systemd/network|/lib/udev|/lib[^/]|/lib/[^a-z])_\1_g'
+
+override_dh_auto_clean:
+ifneq (, $(TEST_UPSTREAM))
+ debian/extra/checkout-upstream
+endif
+ dh_auto_clean --builddirectory=build-deb
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_auto_clean --builddirectory=build-udeb
+endif
+ rm -rf debian/install/ debian/shlibs.local
+ # remove Python byte code files
+ rm -rf tools/__pycache__/
+ rm -f po/systemd.pot
+
+override_dh_install:
+ # remove unnecessary / unused files
+ rm -f debian/install/*/usr/share/doc/systemd/LICENSE.*
+ rm -f debian/install/*/var/log/README
+ rm -f debian/install/*/etc/init.d/README
+ rm -f debian/install/*/usr/lib/sysctl.d/50-default.conf
+ rm -f debian/install/*/etc/X11/xinit/xinitrc.d/50-systemd-user.sh
+ rmdir -p --ignore-fail-on-non-empty debian/install/*/etc/X11/xinit/xinitrc.d/
+ rm -f debian/install/*/lib/systemd/system/halt-local.service
+ # remove files related to factory-reset feature
+ find debian/install/ \( -name 'systemd-update-done*' -o \
+ -name systemd-journal-catalog-update.service -o \
+ -name systemd-udev-hwdb-update.service -o \
+ -name ldconfig.service -o \
+ -name etc.conf \) -delete
+ rm -rf debian/install/*/usr/share/factory/
+ # remove symlinks enabling default-on services
+ rm -rf debian/install/*/etc/systemd/system/*.target.wants/
+ # remove aliases
+ find debian/install/*/etc/systemd/system/ -type l -delete
+ # replace upstream sysusers.d/basic.conf with proper users for Debian
+ debian/extra/make-sysusers-basic > debian/install/deb/usr/lib/sysusers.d/basic.conf
+ # remove resolvconf compat symlink
+ rm -f debian/install/*/sbin/resolvconf
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_install -pudev-udeb -plibudev1-udeb --sourcedir=debian/install/udeb
+endif
+
+ dh_install --remaining-packages --sourcedir=debian/install/deb
+
+ # we don't want /tmp to be a tmpfs by default
+ mv debian/systemd/lib/systemd/system/tmp.mount debian/systemd/usr/share/systemd/
+ printf '\n[Install]\nWantedBy=local-fs.target\n' >> debian/systemd/usr/share/systemd/tmp.mount
+ rm debian/systemd/lib/systemd/system/local-fs.target.wants/tmp.mount
+
+ # files shipped by cryptsetup
+ifeq (, $(filter stage1, $(DEB_BUILD_PROFILES)))
+ rm debian/systemd/usr/share/man/man5/crypttab.5
+endif
+
+ # files shipped by systemd
+ rm debian/udev/lib/udev/rules.d/70-uaccess.rules
+ rm debian/udev/lib/udev/rules.d/73-seat-late.rules
+ rm debian/udev/lib/udev/rules.d/71-seat.rules
+ rm debian/udev/lib/udev/rules.d/99-systemd.rules
+
+ # remove duplicate files shipped by systemd-*/udev
+ echo "Removing duplicate files in systemd package:"
+ set -e; for pkg in $(shell dh_listpackages -Nudev-udeb -Nlibudev1-udeb -Nsystemd); do \
+ echo "... from $$pkg..."; \
+ (cd debian/$$pkg; find -type f -o -type l) | (cd debian/systemd; xargs rm -f --verbose); \
+ (cd debian/$$pkg; find -mindepth 1 -type d) | (cd debian/systemd; xargs rmdir --ignore-fail-on-non-empty --verbose || true); \
+ done
+
+ # Ubuntu specific files
+ifeq ($(DEB_VENDOR),Ubuntu)
+ install -D --mode=644 debian/extra/udev.py debian/udev/usr/share/apport/package-hooks/udev.py
+ install -D --mode=644 debian/extra/systemd.py debian/systemd/usr/share/apport/package-hooks/systemd.py
+ install --mode=644 debian/extra/rules-ubuntu/*.rules debian/udev/lib/udev/rules.d/
+ cp -a debian/extra/units-ubuntu/* debian/systemd/lib/systemd/system/
+ install --mode=755 debian/extra/set-cpufreq debian/systemd/lib/systemd/
+endif
+
+override_dh_missing:
+ dh_missing --sourcedir debian/install/deb $(DH_MISSING)
+
+override_dh_installinit:
+ dh_installinit --no-start
+
+PROJECT_VERSION ?= $(shell awk '/(PROJECT|PACKAGE)_VERSION/ {print $$3}' build-deb/config.h | tr -d \")
+
+# The SysV compat tools (which are symlinks to systemctl) are
+# quasi-essential, so add their dependencies to Pre-Depends
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753589
+override_dh_shlibdeps:
+ dh_shlibdeps -psystemd -- -dPre-Depends \
+ -edebian/systemd/bin/systemctl \
+ -dDepends
+ dh_shlibdeps --remaining-packages -Lsystemd
+
+override_dh_makeshlibs:
+ sed 's/SHARED_LIB_VERSION/$(PROJECT_VERSION)/' debian/shlibs.local.in > debian/shlibs.local
+ dh_makeshlibs -plibudev1 --add-udeb=libudev1-udeb -- -c$(GENSYMBOLS_LEVEL)
+ dh_makeshlibs -psystemd -Xlibsystemd-shared -- -c$(GENSYMBOLS_LEVEL)
+ dh_makeshlibs --remaining-packages -- -c$(GENSYMBOLS_LEVEL)
+
+override_dh_auto_test:
+ifeq (, $(filter nocheck, $(DEB_BUILD_OPTIONS)))
+ echo "01234567890123456789012345678901" > build-deb/machine-id
+ # some tests hang under fakeroot, so disable fakeroot
+ env -u LD_PRELOAD SYSTEMD_MACHINE_ID_PATH=$(CURDIR)/build-deb/machine-id meson test -C build-deb $(TEST_TIMEOUT_MULTIPLIER) || ( \
+ cat build-deb/meson-logs/testlog.txt; \
+ exit 1)
+endif
+
+%:
+ dh $@ --without autoreconf,systemd --buildsystem=meson
diff --git a/debian/shlibs.local.in b/debian/shlibs.local.in
new file mode 100644
index 00000000..432b7268
--- /dev/null
+++ b/debian/shlibs.local.in
@@ -0,0 +1,3 @@
+udeb: libudev 1 libudev1-udeb
+libsystemd 0 libsystemd0 (= ${binary:Version})
+libsystemd-shared SHARED_LIB_VERSION systemd (= ${binary:Version})
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 00000000..163aaf8d
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/systemd-container.install b/debian/systemd-container.install
new file mode 100644
index 00000000..4d805b38
--- /dev/null
+++ b/debian/systemd-container.install
@@ -0,0 +1,30 @@
+bin/machinectl
+lib/systemd/import-pubring.gpg
+lib/systemd/systemd-machined
+lib/systemd/systemd-export
+lib/systemd/systemd-import*
+lib/systemd/systemd-pull
+lib/systemd/system/systemd-nspawn@.service
+lib/systemd/system/systemd-importd.service
+lib/systemd/system/systemd-machined.service
+lib/systemd/system/var-lib-machines.mount
+lib/systemd/system/machines.target
+lib/systemd/system/*.target.wants/var-lib-machines.mount
+lib/systemd/system/dbus-org.freedesktop.import1.service
+lib/systemd/system/dbus-org.freedesktop.machine1.service
+usr/bin/systemd-nspawn
+usr/lib/tmpfiles.d/systemd-nspawn.conf
+usr/share/dbus-1/system.d/org.freedesktop.import1.conf
+usr/share/dbus-1/system.d/org.freedesktop.machine1.conf
+usr/share/dbus-1/system-services/org.freedesktop.import1.service
+usr/share/dbus-1/system-services/org.freedesktop.machine1.service
+usr/share/man/man*/*nspawn*
+usr/share/man/man*/machinectl*
+usr/share/man/man*/systemd-machined*
+usr/share/polkit-1/actions/org.freedesktop.import1.policy
+usr/share/polkit-1/actions/org.freedesktop.machine1.policy
+usr/share/zsh/vendor-completions/_systemd-nspawn
+usr/share/zsh/vendor-completions/_sd_machines
+usr/share/zsh/vendor-completions/_machinectl
+usr/share/bash-completion/completions/machinectl
+usr/share/bash-completion/completions/systemd-nspawn
diff --git a/debian/systemd-container.maintscript b/debian/systemd-container.maintscript
new file mode 100644
index 00000000..470978c0
--- /dev/null
+++ b/debian/systemd-container.maintscript
@@ -0,0 +1,2 @@
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.import1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.machine1.conf 233-3~
diff --git a/debian/systemd-container.postinst b/debian/systemd-container.postinst
new file mode 100644
index 00000000..a65319bf
--- /dev/null
+++ b/debian/systemd-container.postinst
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+# Enable machines.target by default on new installs and upgrades
+if dpkg --compare-versions "$2" lt "232-4~"; then
+ systemctl enable machines.target || true
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd-container.postrm b/debian/systemd-container.postrm
new file mode 100644
index 00000000..2140680f
--- /dev/null
+++ b/debian/systemd-container.postrm
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+ purge)
+ # clean up after manually enabled units in postinst
+ rm -f /etc/systemd/system/multi-user.target.wants/machines.target
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/systemd-coredump.install b/debian/systemd-coredump.install
new file mode 100644
index 00000000..3efcecba
--- /dev/null
+++ b/debian/systemd-coredump.install
@@ -0,0 +1,11 @@
+usr/bin/coredumpctl
+lib/systemd/systemd-coredump
+lib/systemd/system/systemd-coredump*
+lib/systemd/system/*/systemd-coredump*
+usr/share/man/man1/coredumpctl*
+usr/share/man/man5/coredump.conf*
+usr/share/man/man8/systemd-coredump*
+usr/share/bash-completion/completions/coredumpctl
+usr/share/zsh/vendor-completions/_coredumpctl
+usr/lib/sysctl.d/50-coredump.conf
+etc/systemd/coredump.conf
diff --git a/debian/systemd-coredump.postinst b/debian/systemd-coredump.postinst
new file mode 100644
index 00000000..49e755e0
--- /dev/null
+++ b/debian/systemd-coredump.postinst
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = configure ]; then
+ adduser --quiet --system --group --no-create-home --home /run/systemd \
+ --gecos "systemd core dump processing" systemd-coredump
+
+ # enable systemd-coredump right after package installation
+ if [ -d /run/systemd/system ]; then
+ systemctl daemon-reload && systemctl start systemd-coredump.socket || true
+ fi
+ /lib/systemd/systemd-sysctl /usr/lib/sysctl.d/50-coredump.conf || true
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd-coredump.prerm b/debian/systemd-coredump.prerm
new file mode 100644
index 00000000..89cf954e
--- /dev/null
+++ b/debian/systemd-coredump.prerm
@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+if [ "$1" = remove ]; then
+ # disable systemd-coredump on removal
+ if [ -w /proc/sys/kernel/core_pattern ] && grep -q '^|.*systemd-coredump' /proc/sys/kernel/core_pattern; then
+ echo core > /proc/sys/kernel/core_pattern
+ fi
+ if [ -d /run/systemd/system ]; then
+ systemctl stop systemd-coredump.socket || true
+ fi
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd-journal-remote.install b/debian/systemd-journal-remote.install
new file mode 100644
index 00000000..188628b4
--- /dev/null
+++ b/debian/systemd-journal-remote.install
@@ -0,0 +1,29 @@
+# systemd-journal-upload
+etc/systemd/journal-upload.conf
+lib/systemd/systemd-journal-upload
+lib/systemd/system/systemd-journal-upload.service
+usr/share/man/man5/journal-upload.conf.d.5
+usr/share/man/man5/journal-upload.conf.5
+usr/share/man/man8/systemd-journal-upload.8
+usr/share/man/man8/systemd-journal-upload.service.8
+
+# systemd-journal-remote
+etc/systemd/journal-remote.conf
+lib/systemd/systemd-journal-remote
+lib/systemd/system/systemd-journal-remote.service
+lib/systemd/system/systemd-journal-remote.socket
+usr/lib/sysusers.d/systemd-remote.conf
+usr/share/man/man5/journal-remote.conf.d.5
+usr/share/man/man5/journal-remote.conf.5
+usr/share/man/man8/systemd-journal-remote.service.8
+usr/share/man/man8/systemd-journal-remote.socket.8
+usr/share/man/man8/systemd-journal-remote.8
+
+# systemd-journal-gatewayd
+lib/systemd/systemd-journal-gatewayd
+lib/systemd/system/systemd-journal-gatewayd.service
+lib/systemd/system/systemd-journal-gatewayd.socket
+usr/share/systemd/gatewayd/
+usr/share/man/man8/systemd-journal-gatewayd.service.8
+usr/share/man/man8/systemd-journal-gatewayd.socket.8
+usr/share/man/man8/systemd-journal-gatewayd.8
diff --git a/debian/systemd-journal-remote.postinst b/debian/systemd-journal-remote.postinst
new file mode 100644
index 00000000..8ef91ada
--- /dev/null
+++ b/debian/systemd-journal-remote.postinst
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+adduser --quiet --system \
+ --home /run/systemd --no-create-home \
+ --gecos "systemd Journal Remote" \
+ --group systemd-journal-remote
+
+#DEBHELPER#
diff --git a/debian/systemd-sysv.install b/debian/systemd-sysv.install
new file mode 100644
index 00000000..9c104a9d
--- /dev/null
+++ b/debian/systemd-sysv.install
@@ -0,0 +1,14 @@
+usr/share/man/man1/init.1
+usr/share/man/man8/telinit.8
+usr/share/man/man8/runlevel.8
+usr/share/man/man8/shutdown.8
+usr/share/man/man8/poweroff.8
+usr/share/man/man8/reboot.8
+usr/share/man/man8/halt.8
+sbin/init
+sbin/telinit
+sbin/runlevel
+sbin/shutdown
+sbin/poweroff
+sbin/reboot
+sbin/halt
diff --git a/debian/systemd-sysv.postinst b/debian/systemd-sysv.postinst
new file mode 100644
index 00000000..e2fd036e
--- /dev/null
+++ b/debian/systemd-sysv.postinst
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+
+# update grub on first install, so that the alternative init system boot
+# entries get updated
+if [ "$1" = configure ] && [ -z "$2" ] && [ -e /boot/grub/grub.cfg ] && which update-grub >/dev/null 2>&1; then
+ update-grub || true
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd-tests.install b/debian/systemd-tests.install
new file mode 100644
index 00000000..28b745c2
--- /dev/null
+++ b/debian/systemd-tests.install
@@ -0,0 +1 @@
+usr/lib/systemd/tests
diff --git a/debian/systemd-tests.lintian-overrides b/debian/systemd-tests.lintian-overrides
new file mode 100644
index 00000000..9784f462
--- /dev/null
+++ b/debian/systemd-tests.lintian-overrides
@@ -0,0 +1,2 @@
+# test programs only, need to link against internal library
+systemd-tests: binary-or-shlib-defines-rpath usr/lib/systemd/tests/*
diff --git a/debian/systemd.NEWS b/debian/systemd.NEWS
new file mode 100644
index 00000000..3f90a348
--- /dev/null
+++ b/debian/systemd.NEWS
@@ -0,0 +1,28 @@
+systemd (236-1) unstable; urgency=medium
+
+ DynamicUser=yes has been enabled for systemd-journal-upload.service and
+ systemd-journal-gatewayd.service.
+ This means we no longer need to statically allocate a systemd-journal-upload
+ and systemd-journal-gateway user and you can now safely remove those system
+ users along with their associated groups.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 17 Dec 2017 21:17:32 +0100
+
+systemd (231-1) unstable; urgency=low
+
+ This version drops support for running /etc/rcS.d SysV init scripts.
+ These are prone to cause dependency loops, and almost all Debian packages
+ with rcS scripts now ship a native systemd service. If you have custom or
+ third-party rcS scripts you need to convert them or change them to run
+ in rc2.d/ - rc5.d/; see this page for details:
+ <https://wiki.debian.org/Teams/pkg-systemd/rcSMigration>.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 14 Jul 2016 12:54:34 +0200
+
+systemd (224-2) unstable; urgency=medium
+
+ This version splits out systemd-nspawn, systemd-machined, and machinectl
+ into the new "systemd-container" package. That now also enables
+ systemd-importd.
+
+ -- Martin Pitt <mpitt@debian.org> Sat, 22 Aug 2015 15:58:43 +0200
diff --git a/debian/systemd.bug-control b/debian/systemd.bug-control
new file mode 100644
index 00000000..03c8d6b5
--- /dev/null
+++ b/debian/systemd.bug-control
@@ -0,0 +1 @@
+package-status: udev dracut initramfs-tools
diff --git a/debian/systemd.bug-script b/debian/systemd.bug-script
new file mode 100644
index 00000000..b1099e7c
--- /dev/null
+++ b/debian/systemd.bug-script
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+cat <<EOF
+
+Providing additional information can help diagnose problems with systemd.
+Specifically, this would include:
+- fstab configuration (copy of /etc/fstab).
+- local modifications of unit files (output of systemd-delta).
+- state of running services and units (output of systemd-analyze dump).
+- enabled/disabled state of installed services.
+If this information is not relevant for your bug report or you have privacy
+concerns, please choose no.
+
+EOF
+
+yesno "Do you want to provide additional information [Y|n]? " yep
+[ "$REPLY" = yep ] || exit 0
+
+# We don’t clean up this directory because there is no way to know when
+# reportbug finished running, and reportbug needs the files around.
+# Given that those are just a couple of kilobytes in size and people
+# generally don’t file a lot of bugs, I don’t think it’s a big deal.
+DIR=$(mktemp -d)
+
+echo "-- BEGIN ATTACHMENTS --" >&3
+
+# remove highlighting escape codes from systemd-delta output
+systemd-delta --no-pager 2>&1 |sed "s%\x1b[^m]*m%%g" >$DIR/systemd-delta.txt
+echo "$DIR/systemd-delta.txt" >&3
+
+if [ -d /run/systemd/system ]; then
+ systemd-analyze --no-pager dump >$DIR/systemd-analyze-dump.txt 2>&1
+ echo "$DIR/systemd-analyze-dump.txt" >&3
+fi
+
+if [ -d /var/lib/systemd/deb-systemd-helper-enabled ]; then
+ head -n100 $(find /var/lib/systemd/deb-systemd-helper-enabled -type f | tr '\n' ' ') >$DIR/dsh-enabled.txt
+ echo "$DIR/dsh-enabled.txt" >&3
+fi
+
+echo "/etc/fstab" >&3
+
+echo "-- END ATTACHMENTS --" >&3
diff --git a/debian/systemd.dirs b/debian/systemd.dirs
new file mode 100644
index 00000000..fac35d6c
--- /dev/null
+++ b/debian/systemd.dirs
@@ -0,0 +1 @@
+var/lib/systemd
diff --git a/debian/systemd.install b/debian/systemd.install
new file mode 100644
index 00000000..f0fa42cb
--- /dev/null
+++ b/debian/systemd.install
@@ -0,0 +1,72 @@
+etc/
+bin/systemctl
+bin/journalctl
+bin/loginctl
+bin/machinectl
+bin/networkctl
+bin/systemd-notify
+bin/systemd-tty-ask-password-agent
+bin/systemd-ask-password
+bin/systemd-machine-id-setup
+bin/systemd-tmpfiles
+bin/systemd-inhibit
+bin/systemd-escape
+bin/systemd-sysusers
+lib/modprobe.d/
+lib/systemd/
+lib/udev/rules.d/70-uaccess.rules
+lib/udev/rules.d/73-seat-late.rules
+lib/udev/rules.d/71-seat.rules
+lib/udev/rules.d/99-systemd.rules
+usr/bin/systemd-cgls
+usr/bin/systemd-cgtop
+usr/bin/systemd-nspawn
+usr/bin/systemd-stdio-bridge
+usr/bin/systemd-analyze
+usr/bin/systemd-cat
+usr/bin/systemd-detect-virt
+usr/bin/systemd-delta
+usr/bin/systemd-run
+usr/bin/systemd-path
+usr/bin/systemd-socket-activate
+usr/bin/systemd-mount
+usr/bin/systemd-umount
+usr/bin/systemd-id128
+usr/bin/kernel-install
+usr/bin/bootctl
+usr/bin/busctl
+usr/bin/timedatectl
+usr/bin/localectl
+usr/bin/hostnamectl
+usr/bin/resolvectl
+usr/bin/systemd-resolve
+usr/share/man/man1/
+usr/share/man/man5/
+usr/share/man/man7/
+usr/share/man/man8/
+usr/share/bash-completion/
+usr/share/zsh/vendor-completions/
+usr/share/dbus-1/
+usr/share/doc/
+usr/share/pkgconfig/systemd.pc
+usr/share/polkit-1/
+usr/share/systemd/kbd-model-map
+usr/share/systemd/language-fallback-map
+usr/lib/binfmt.d/
+usr/lib/environment.d/
+usr/lib/modules-load.d/
+usr/lib/sysctl.d/
+usr/lib/sysusers.d/basic.conf
+usr/lib/sysusers.d/systemd.conf
+usr/lib/systemd/
+usr/lib/tmpfiles.d/
+usr/lib/kernel
+usr/share/locale/
+var/lib
+../../extra/init-functions.d lib/lsb/
+../../extra/tmpfiles.d/*.conf usr/lib/tmpfiles.d/
+../../extra/systemd-sysv-install lib/systemd/
+../../extra/units/* lib/systemd/system/
+../../extra/dhclient-exit-hooks.d/ etc/dhcp/
+../../extra/kernel-install.d/* usr/lib/kernel/install.d
+../../extra/pam.d etc/
diff --git a/debian/systemd.links b/debian/systemd.links
new file mode 100644
index 00000000..11b6fe0c
--- /dev/null
+++ b/debian/systemd.links
@@ -0,0 +1,83 @@
+# These are all services which have native implementations
+# So we mask them by linking against /dev/null or create an alias
+/lib/systemd/system/systemd-random-seed.service /lib/systemd/system/urandom.service
+/lib/systemd/system/systemd-sysctl.service /lib/systemd/system/procps.service
+
+/lib/systemd/system/rc-local.service /lib/systemd/system/rc.local.service
+
+/lib/systemd/system/systemd-modules-load.service /lib/systemd/system/module-init-tools.service
+/lib/systemd/system/systemd-modules-load.service /lib/systemd/system/kmod.service
+/etc/modules /etc/modules-load.d/modules.conf
+
+# X server and ICE socket directories are created by /usr/lib/tmpfiles.d/x11.conf
+/dev/null /lib/systemd/system/x11-common.service
+
+# systemd sets the hostname internally during early boot
+/dev/null /lib/systemd/system/hostname.service
+
+# /run/nologin is handled by systemd-user-sessions.service
+/dev/null /lib/systemd/system/rmnologin.service
+/dev/null /lib/systemd/system/bootmisc.service
+
+# Although bootlogd is disabled by default (via /etc/default/bootlogd)
+# by masking them we avoid spawning a shell uselessly thrice during boot.
+# Besides, bootlogd doesn't look particularly useful in a systemd world.
+/dev/null /lib/systemd/system/bootlogd.service
+/dev/null /lib/systemd/system/stop-bootlogd-single.service
+/dev/null /lib/systemd/system/stop-bootlogd.service
+
+# systemd sets the hwclock internally
+# http://cgit.freedesktop.org/systemd/systemd/commit/?id=7948c4dfbea73ac21250b588089039aa17a90386
+/dev/null /lib/systemd/system/hwclock.service
+
+# We use native mount support so mask those services
+# TODO: check if any SysV init scripts depend on those facilities
+/dev/null /lib/systemd/system/mountkernfs.service
+/dev/null /lib/systemd/system/mountdevsubfs.service
+/dev/null /lib/systemd/system/mountall.service
+/dev/null /lib/systemd/system/mountall-bootclean.service
+/dev/null /lib/systemd/system/mountnfs.service
+/dev/null /lib/systemd/system/mountnfs-bootclean.service
+/dev/null /lib/systemd/system/umountfs.service
+/dev/null /lib/systemd/system/umountnfs.service
+/dev/null /lib/systemd/system/umountroot.service
+/dev/null /lib/systemd/system/checkfs.service
+/dev/null /lib/systemd/system/checkroot.service
+/dev/null /lib/systemd/system/checkroot-bootclean.service
+
+# We use the built-in cryptsetup support
+/dev/null /lib/systemd/system/cryptdisks.service
+/dev/null /lib/systemd/system/cryptdisks-early.service
+
+# Single user mode is implemented natively, don't use legacy SysV init scripts
+# to avoid spawning sulogin twice.
+/dev/null /lib/systemd/system/single.service
+/dev/null /lib/systemd/system/killprocs.service
+
+# Those services are useless under systemd. Mask them so they can't
+# be run manually by accident.
+/dev/null /lib/systemd/system/sendsigs.service
+/dev/null /lib/systemd/system/halt.service
+/dev/null /lib/systemd/system/reboot.service
+/dev/null /lib/systemd/system/rc.service
+/dev/null /lib/systemd/system/rcS.service
+
+# The motd SysV init script is no longer required to create the dynamic part of
+# /etc/motd to display the uname information as pam_exec is used for that now.
+# An explicit Breaks against older versions of login, which still use
+# /run/motd.dynamic, is not necessary, as pam_motd will silently ignore it if
+# that file is missing and simply display nothing.
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=735521
+/dev/null /lib/systemd/system/motd.service
+
+# We have the journal to handle kernel messages from early boot
+/dev/null /lib/systemd/system/bootlogs.service
+
+# Enable Debian specific units
+/lib/systemd/system/getty-static.service /lib/systemd/system/getty.target.wants/getty-static.service
+
+# Compat symlink
+/lib/systemd/systemd /bin/systemd
+
+# Create a compat symlink as systemd-sysctl no longer reads /etc/sysctl.conf
+/etc/sysctl.conf /etc/sysctl.d/99-sysctl.conf
diff --git a/debian/systemd.lintian-overrides b/debian/systemd.lintian-overrides
new file mode 100644
index 00000000..f47d5b78
--- /dev/null
+++ b/debian/systemd.lintian-overrides
@@ -0,0 +1,2 @@
+systemd: maintainer-script-calls-systemctl
+systemd: possibly-insecure-handling-of-tmp-files-in-maintainer-script
diff --git a/debian/systemd.maintscript b/debian/systemd.maintscript
new file mode 100644
index 00000000..ab7bca2a
--- /dev/null
+++ b/debian/systemd.maintscript
@@ -0,0 +1,11 @@
+rm_conffile /etc/X11/xinit/xinitrc.d/50-systemd-user.sh 228-3~
+rm_conffile /etc/systemd/bootchart.conf 230-1~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.hostname1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.locale1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.login1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.machine1.conf 228-5~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.network1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.resolve1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.systemd1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.timedate1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.systemd-shim.conf 239-15~ systemd-shim
diff --git a/debian/systemd.postinst b/debian/systemd.postinst
new file mode 100644
index 00000000..15d4fd5e
--- /dev/null
+++ b/debian/systemd.postinst
@@ -0,0 +1,173 @@
+#! /bin/sh
+
+set -e
+
+_systemctl() {
+ if [ -d /run/systemd/system ]; then
+ systemctl "$@"
+ fi
+}
+
+_update_catalog() {
+ journalctl --update-catalog || true
+}
+
+# Update Message Catalogs database and reload in response to dpkg triggers
+if [ "$1" = "triggered" ]; then
+ shift
+ for trigger in "$@"; do
+ case $trigger in
+ /usr/lib/systemd/catalog)
+ _update_catalog
+ ;;
+ /etc/init.d)
+ _systemctl daemon-reload || true
+ ;;
+ esac
+ done
+ exit 0
+fi
+
+# Enable getty and remote-fs.target by default on new installs
+if [ -z "$2" ]; then
+ systemctl enable getty@tty1.service || true
+ systemctl enable remote-fs.target || true
+fi
+
+# Enable timesyncd by default on new installs installs and upgrades
+if dpkg --compare-versions "$2" lt "218-11~"; then
+ systemctl enable systemd-timesyncd.service || true
+fi
+
+# Enable ondemand by default on new installs installs and upgrades
+if [ -e /lib/systemd/system/ondemand.service ] && dpkg --compare-versions "$2" lt "231-7~"; then
+ systemctl enable ondemand.service || true
+fi
+
+# Do a one-time migration of the local time setting
+if [ -z "$2" ]; then
+ if [ -f /etc/default/rcS ]; then
+ . /etc/default/rcS
+ fi
+ if [ "$UTC" = "no" ] && [ ! -e /etc/adjtime ]; then
+ printf "0.0 0 0.0\n0\nLOCAL\n" > /etc/adjtime
+ fi
+fi
+
+# Do a one-time migration of the TMPTIME setting
+if [ -z "$2" ]; then
+ if [ -f /etc/default/rcS ]; then
+ . /etc/default/rcS
+ fi
+ if [ ! -e /etc/tmpfiles.d/tmp.conf ]; then
+ case "$TMPTIME" in
+ -*|infinite|infinity)
+ cat > /etc/tmpfiles.d/tmp.conf <<EOF
+# Avoid clearing /tmp by shipping an empty /etc/tmpfiles.d/tmp.conf file
+# which overrides /usr/lib/tmpfiles.d/tmp.conf.
+# This file was automatically created because of local modifications in
+# /etc/default/rcS where TMPTIME was set to infinite.
+EOF
+ ;;
+ esac
+ fi
+fi
+
+# Do a one-time migration of the RAMTMP setting
+if [ -z "$2" ]; then
+ if [ -f /etc/default/rcS ]; then
+ . /etc/default/rcS
+ fi
+ if [ -f /etc/default/tmpfs ]; then
+ . /etc/default/tmpfs
+ fi
+ if [ "$RAMTMP" = "yes" ]; then
+ # systemctl enable will work even when systemd is not the active PID 1.
+ if [ ! -e /etc/systemd/system/tmp.mount ]; then
+ cp /usr/share/systemd/tmp.mount /etc/systemd/system/tmp.mount
+ systemctl enable tmp.mount || true
+ fi
+ fi
+fi
+
+# Create /etc/machine-id
+systemd-machine-id-setup
+
+# Setup system users and groups
+addgroup --quiet --system systemd-journal
+
+# We need to stop running services before we call adduser
+RESTART=""
+if dpkg --compare-versions "$2" lt-nl "239-6"; then
+ for s in systemd-networkd systemd-timesyncd systemd-resolved ; do
+ if _systemctl -q is-active $s; then
+ _systemctl stop $s
+ RESTART="$s $RESTART"
+ fi
+ done
+fi
+
+adduser --quiet --system --group --no-create-home --home /run/systemd \
+ --gecos "systemd Time Synchronization" systemd-timesync
+adduser --quiet --system --group --no-create-home --home /run/systemd \
+ --gecos "systemd Network Management" systemd-network
+adduser --quiet --system --group --no-create-home --home /run/systemd \
+ --gecos "systemd Resolver" systemd-resolve
+
+# Remove old state directory of systemd-timesyncd
+if dpkg --compare-versions "$2" lt-nl "240-3~"; then
+ if [ -L /var/lib/systemd/timesync ] ; then
+ rm /var/lib/systemd/timesync
+ rm -rf /var/lib/private/systemd/timesync
+ fi
+fi
+
+# Initial update of the Message Catalogs database
+_update_catalog
+
+if [ -n "$2" ]; then
+ _systemctl daemon-reexec || true
+ # don't restart logind; this can be done again once this gets implemented:
+ # https://github.com/systemd/systemd/issues/1163
+ _systemctl try-restart systemd-networkd.service || true
+ _systemctl try-restart systemd-resolved.service || true
+ _systemctl try-restart systemd-timesyncd.service || true
+ _systemctl try-restart systemd-journald.service || true
+fi
+
+# Restart services which we stopped earlier
+# This needs to run after daemon-rexec
+if dpkg --compare-versions "$2" lt-nl "239-6"; then
+ for s in $RESTART ; do
+ _systemctl start $s
+ done
+fi
+
+# Cleanup hwclock-save.service, which was shipped in jessie.
+if dpkg --compare-versions "$2" lt-nl "228-5~"; then
+ for t in reboot halt poweroff ; do
+ rm -f /etc/systemd/system/${t}.target.wants/hwclock-save.service
+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/${t}.target.wants 2> /dev/null || true
+ done
+fi
+
+if dpkg --compare-versions "$2" lt-nl "235-3~"; then
+ # systemd-bus-proxyd got dropped before stretch, and never created any file
+ deluser --system systemd-bus-proxy || true
+fi
+
+if dpkg --compare-versions "$2" lt-nl "236-1~"; then
+ # Clean up old /var/lib/systemd/clock on upgrade.
+ # The clock file used by systemd-timesyncd is now stored in
+ # StateDirectory=systemd/timesync.
+ rm -f /var/lib/systemd/clock
+fi
+
+if dpkg --compare-versions "$2" lt-nl "239-12~"; then
+ # clean up bogus "nobody" group from #912525; ensure that it's a system group
+ if getent group nobody >/dev/null; then
+ delgroup --system nobody || true
+ fi
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd.postrm b/debian/systemd.postrm
new file mode 100644
index 00000000..94d77b4d
--- /dev/null
+++ b/debian/systemd.postrm
@@ -0,0 +1,27 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+ purge)
+ # clean up after manually enabled units in postinst
+ rm -f /etc/systemd/system/getty.target.wants/getty@tty1.service
+ rm -f /etc/systemd/system/multi-user.target.wants/remote-fs.target
+ rm -f /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
+ rm -f /etc/systemd/system/dbus-org.freedesktop.timesync1.service
+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/getty.target.wants 2> /dev/null || true
+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/multi-user.target.wants 2> /dev/null || true
+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/sysinit.target.wants 2> /dev/null || true
+
+ rm -f /var/lib/systemd/catalog/database
+ rmdir --ignore-fail-on-non-empty /var/lib/systemd/catalog 2> /dev/null || true
+
+ rm -rf /var/lib/systemd/backlight/
+ rm -rf /var/lib/systemd/rfkill/
+
+ rm -f /var/lib/systemd/clock
+ rm -f /var/lib/systemd/random-seed
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/systemd.prerm b/debian/systemd.prerm
new file mode 100644
index 00000000..aedbf58e
--- /dev/null
+++ b/debian/systemd.prerm
@@ -0,0 +1,15 @@
+#! /bin/sh
+
+set -e
+
+#
+# Prevent systemd from being removed if it's the active init. That
+# will not work.
+#
+
+if [ "$1" = "remove" ] && [ -d /run/systemd/system ]; then
+ echo "systemd is the active init system, please switch to another before removing systemd."
+ exit 1
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd.triggers b/debian/systemd.triggers
new file mode 100644
index 00000000..299a3f90
--- /dev/null
+++ b/debian/systemd.triggers
@@ -0,0 +1,2 @@
+interest-noawait /usr/lib/systemd/catalog
+interest-noawait /etc/init.d
diff --git a/debian/tests/assert.sh b/debian/tests/assert.sh
new file mode 100644
index 00000000..eccc3382
--- /dev/null
+++ b/debian/tests/assert.sh
@@ -0,0 +1,25 @@
+# utility functions for shell tests
+
+assert_true() {
+ if ! $1; then
+ echo "FAIL: command '$1' failed with exit code $?" >&2
+ exit 1
+ fi
+}
+
+
+assert_eq() {
+ if [ "$1" != "$2" ]; then
+ echo "FAIL: expected: '$2' actual: '$1'" >&2
+ exit 1
+ fi
+}
+
+assert_in() {
+ if ! echo "$2" | grep -q "$1"; then
+ echo "FAIL: '$1' not found in:" >&2
+ echo "$2" >&2
+ exit 1
+ fi
+}
+
diff --git a/debian/tests/boot-and-services b/debian/tests/boot-and-services
new file mode 100755
index 00000000..75089668
--- /dev/null
+++ b/debian/tests/boot-and-services
@@ -0,0 +1,539 @@
+#!/usr/bin/python3
+# autopkgtest check: Boot with systemd and check critical desktop services
+# (C) 2014 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+import sys
+import os
+import unittest
+import subprocess
+import tempfile
+import shutil
+import time
+import re
+from glob import glob
+
+
+def wait_unit_stop(unit, timeout=10):
+ '''Wait until given unit is not running any more
+
+ Raise RuntimeError on timeout.
+ '''
+ for i in range(timeout):
+ if subprocess.call(['systemctl', 'is-active', '--quiet', unit]) != 0:
+ return
+ time.sleep(1)
+
+ raise RuntimeError('Timed out waiting for %s to stop' % unit)
+
+
+class ServicesTest(unittest.TestCase):
+ '''Check that expected services are running'''
+
+ def test_0_init(self):
+ '''Verify that init is systemd'''
+
+ self.assertIn('systemd', os.readlink('/proc/1/exe'))
+
+ def test_no_failed(self):
+ '''No failed units'''
+
+ out = subprocess.check_output(['systemctl', '--state=failed', '--no-legend'],
+ universal_newlines=True)
+ failed = out.splitlines()
+ # ignore /etc/modules failure as stuff that we put there by default
+ # often fails
+ failed = [f for f in failed if 'systemd-modules-load' not in f]
+ # apparmor fails if not enabled in the kernel
+ if not os.path.exists('/sys/kernel/security/apparmor'):
+ failed = [f for f in failed if 'apparmor.service' not in f]
+ # ignore thermald as it doesn't start in most virtual envs
+ failed = [f for f in failed if 'thermald' not in f]
+ # console-setup.service fails on devices without keyboard (LP: #1516591)
+ failed = [f for f in failed if 'console-setup' not in f]
+ # cpi.service fails on s390x
+ failed = [f for f in failed if 'cpi.service' not in f]
+ if failed:
+ for f in failed:
+ f = f.split()[0]
+ print('-------- journal for failed service %s -----------' % f)
+ sys.stdout.flush()
+ subprocess.call(['journalctl', '-b', '-u', f])
+ self.assertEqual(failed, [])
+
+ @unittest.skipUnless(shutil.which('gdm3') is not None, 'gdm3 not found')
+ def test_gdm3(self):
+ subprocess.check_call(['pgrep', '-af', 'gdm-.*-session'])
+ self.active_unit('gdm')
+
+ def test_dbus(self):
+ out = subprocess.check_output(
+ ['dbus-send', '--print-reply', '--system',
+ '--dest=org.freedesktop.DBus', '/', 'org.freedesktop.DBus.GetId'])
+ self.assertIn(b'string "', out)
+ self.active_unit('dbus')
+
+ def test_network_manager(self):
+ # 0.9.10 changed the command name
+ _help = subprocess.check_output(['nmcli', '--help'],
+ stderr=subprocess.STDOUT)
+ if b' g[eneral]' in _help:
+ out = subprocess.check_output(['nmcli', 'general'])
+ else:
+ out = subprocess.check_output(['nmcli', 'nm'])
+ self.assertIn(b'enabled', out)
+ self.active_unit('network-manager')
+
+ def test_cron(self):
+ out = subprocess.check_output(['ps', 'u', '-C', 'cron'])
+ self.assertIn(b'root', out)
+ self.active_unit('cron')
+
+ def test_logind(self):
+ out = subprocess.check_output(['loginctl'])
+ self.assertNotEqual(b'', out)
+ self.active_unit('systemd-logind')
+
+ @unittest.skipIf('TEST_UPSTREAM' in os.environ,
+ 'Forwarding to rsyslog is a Debian patch')
+ def test_rsyslog(self):
+ out = subprocess.check_output(['ps', 'u', '-C', 'rsyslogd'])
+ self.assertIn(b'bin/rsyslogd', out)
+ self.active_unit('rsyslog')
+ with open('/var/log/syslog') as f:
+ log = f.read()
+ # has kernel messages
+ self.assertRegex(log, 'kernel:.*[cC]ommand line:')
+ # has init messages
+ self.assertRegex(log, 'systemd.*Reached target Graphical Interface')
+ # has other services
+ self.assertRegex(log, 'NetworkManager.*:')
+
+ def test_udev(self):
+ out = subprocess.check_output(['udevadm', 'info', '--export-db'])
+ self.assertIn(b'\nP: /devices/', out)
+ self.active_unit('systemd-udevd')
+
+ def test_tmp_mount(self):
+ # check if we want to mount /tmp in fstab
+ want_tmp_mount = False
+ with open('/etc/fstab') as f:
+ for l in f:
+ try:
+ if not l.startswith('#') and l.split()[1] in ('/tmp', '/tmp/'):
+ want_tmp_mount = True
+ break
+ except IndexError:
+ pass
+
+ # ensure that we actually do/don't have a /tmp mount
+ (status, status_out) = subprocess.getstatusoutput('systemctl status tmp.mount')
+ findmnt = subprocess.call(['findmnt', '-n', '/tmp'], stdout=subprocess.PIPE)
+ if want_tmp_mount:
+ self.assertEqual(status, 0, status_out)
+ self.assertEqual(findmnt, 0)
+ else:
+ # 4 is correct (since upstream commit ca473d57), accept 3 for systemd <= 230
+ self.assertIn(status, [3, 4], status_out)
+ self.assertNotEqual(findmnt, 0)
+
+ @unittest.skipIf('TEST_UPSTREAM' in os.environ,
+ 'Debian specific configuration, N/A for upstream')
+ def test_tmp_cleanup(self):
+ # systemd-tmpfiles-clean.timer only runs 15 mins after boot, shortcut
+ # it
+ self.assertEqual(subprocess.call(
+ ['systemctl', 'status', 'systemd-tmpfiles-clean.timer'],
+ stdout=subprocess.PIPE), 0)
+ subprocess.check_call(['systemctl', 'start', 'systemd-tmpfiles-clean'])
+ # all files in /tmp/ should get cleaned up on boot
+ self.assertFalse(os.path.exists('/tmp/oldfile.test'))
+ self.assertFalse(os.path.exists('/tmp/newfile.test'))
+ # files in /var/tmp/ older than 30d should get cleaned up
+ # XXX FIXME: /var/tmp/ cleanup was disabled in #675422
+ # self.assertFalse(os.path.exists('/var/tmp/oldfile.test'))
+ self.assertTrue(os.path.exists('/var/tmp/newfile.test'))
+
+ # next run should leave the recent ones
+ os.close(os.open('/tmp/newfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ subprocess.check_call(['systemctl', 'start', 'systemd-tmpfiles-clean'])
+ wait_unit_stop('systemd-tmpfiles-clean')
+ self.assertTrue(os.path.exists('/tmp/newfile.test'))
+
+ # Helper methods
+
+ def active_unit(self, unit):
+ '''Check that given unit is active'''
+
+ out = subprocess.check_output(['systemctl', 'status', unit])
+ self.assertIn(b'active (running)', out)
+
+
+class JournalTest(unittest.TestCase):
+ '''Check journal functionality'''
+
+ def test_no_options(self):
+ out = subprocess.check_output(['journalctl'])
+ # has kernel messages
+ self.assertRegex(out, b'kernel:.*[cC]ommand line:')
+ # has init messages
+ self.assertRegex(out, b'systemd.*Reached target Graphical Interface')
+ # has other services
+ self.assertRegex(out, b'NetworkManager.*:.*starting')
+
+ def test_log_for_service(self):
+ out = subprocess.check_output(
+ ['journalctl', '_SYSTEMD_UNIT=NetworkManager.service'])
+ self.assertRegex(out, b'NetworkManager.*:.*starting')
+ self.assertNotIn(b'kernel:', out)
+ self.assertNotIn(b'systemd:', out)
+
+
+class NspawnTest(unittest.TestCase):
+ '''Check nspawn'''
+
+ @classmethod
+ def setUpClass(kls):
+ '''Build a bootable busybox mini-container'''
+
+ kls.td_c_busybox = tempfile.TemporaryDirectory(prefix='c_busybox.')
+ kls.c_busybox = kls.td_c_busybox.name
+ for d in ['etc/init.d', 'bin', 'sbin']:
+ os.makedirs(os.path.join(kls.c_busybox, d))
+ shutil.copy('/bin/busybox', os.path.join(kls.c_busybox, 'bin'))
+ shutil.copy('/etc/os-release', os.path.join(kls.c_busybox, 'etc'))
+ os.symlink('busybox', os.path.join(kls.c_busybox, 'bin', 'sh'))
+ os.symlink('../bin/busybox', os.path.join(kls.c_busybox, 'sbin/init'))
+ with open(os.path.join(kls.c_busybox, 'etc/init.d/rcS'), 'w') as f:
+ f.write('''#!/bin/sh
+echo fake container started
+ps aux
+poweroff\n''')
+ os.fchmod(f.fileno(), 0o755)
+ subprocess.check_call(['systemd-machine-id-setup', '--root',
+ kls.c_busybox], stderr=subprocess.PIPE)
+
+ def setUp(self):
+ self.workdir = tempfile.TemporaryDirectory()
+
+ def test_boot(self):
+ cont = os.path.join(self.workdir.name, 'c1')
+ shutil.copytree(self.c_busybox, cont, symlinks=True)
+ os.sync()
+ nspawn = subprocess.Popen(['systemd-nspawn', '-D', cont, '-b'],
+ stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ out = nspawn.communicate(timeout=60)[0]
+ self.assertIn(b'Spawning container c1', out)
+ self.assertIn(b'fake container started', out)
+ self.assertRegex(out, b'\n\s+1\s+0\s+init[\r\n]')
+ self.assertRegex(out, b'\n\s+2+\s+0\s.*rcS[\r\n]')
+ self.assertRegex(out, b'Container c1.*shut down')
+ self.assertEqual(nspawn.returncode, 0)
+
+ def test_service(self):
+ self.assertTrue(os.path.isdir('/var/lib/machines'))
+ cont = '/var/lib/machines/c1'
+ shutil.copytree(self.c_busybox, cont, symlinks=True)
+ self.addCleanup(shutil.rmtree, cont)
+ os.sync()
+ subprocess.check_call(['systemctl', 'start', 'systemd-nspawn@c1'])
+ wait_unit_stop('systemd-nspawn@c1')
+
+ subprocess.call(['journalctl', '--sync'])
+ systemctl = subprocess.Popen(
+ ['systemctl', 'status', '-overbose', '-l', 'systemd-nspawn@c1'],
+ stdout=subprocess.PIPE)
+ out = systemctl.communicate()[0].decode('UTF-8', 'replace')
+ self.assertEqual(systemctl.returncode, 3, out)
+ self.assertNotIn('failed', out)
+
+
+@unittest.skipUnless(os.path.exists('/sys/kernel/security/apparmor'),
+ 'AppArmor not enabled')
+class AppArmorTest(unittest.TestCase):
+ def test_profile(self):
+ '''AppArmor confined unit'''
+
+ # create AppArmor profile
+ aa_profile = tempfile.NamedTemporaryFile(prefix='aa_violator.')
+ aa_profile.write(b'''#include <tunables/global>
+
+profile "violator-test" {
+ #include <abstractions/base>
+
+ /{usr/,}bin/** rix,
+ /etc/machine-id r,
+}
+''')
+ aa_profile.flush()
+ subprocess.check_call(['apparmor_parser', '-r', '-v', aa_profile.name])
+
+ # create confined unit
+ with open('/run/systemd/system/violator.service', 'w') as f:
+ f.write('''[Unit]
+Description=AppArmor test
+
+[Service]
+ExecStart=/bin/sh -euc 'echo CP1; cat /etc/machine-id; echo CP2; if cat /etc/passwd; then exit 1; fi; echo CP3'
+AppArmorProfile=violator-test
+''')
+ self.addCleanup(os.unlink, '/run/systemd/system/violator.service')
+
+ # launch
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+ subprocess.check_call(['systemctl', 'start', 'violator.service'])
+ wait_unit_stop('violator.service')
+
+ # check status
+ st = subprocess.Popen(['systemctl', 'status', '-l',
+ 'violator.service'], stdout=subprocess.PIPE,
+ universal_newlines=True)
+ out = st.communicate()[0]
+ # unit should be stopped
+ self.assertEqual(st.returncode, 3)
+
+ self.assertIn('inactive', out)
+ self.assertIn('CP1', out)
+ self.assertIn('CP2', out)
+ self.assertIn('CP3', out)
+ with open('/etc/machine-id') as f:
+ self.assertIn(f.read().strip(), out)
+ self.assertNotIn('root:x', out, 'unit can read /etc/passwd')
+
+
+@unittest.skipIf(os.path.exists('/sys/fs/cgroup/cgroup.controllers'),
+ 'test needs to be reworked on unified cgroup hierarchy')
+class CgroupsTest(unittest.TestCase):
+ '''Check cgroup setup'''
+
+ @classmethod
+ def setUpClass(kls):
+ kls.controllers = []
+ for controller in glob('/sys/fs/cgroup/*'):
+ if not os.path.islink(controller):
+ kls.controllers.append(controller)
+
+ def setUp(self):
+ self.service = 'testsrv.service'
+ self.service_file = '/run/systemd/system/' + self.service
+
+ def tearDown(self):
+ subprocess.call(['systemctl', 'stop', self.service],
+ stderr=subprocess.PIPE)
+ try:
+ os.unlink(self.service_file)
+ except OSError:
+ pass
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ def create_service(self, extra_service=''):
+ '''Create test service unit'''
+
+ with open(self.service_file, 'w') as f:
+ f.write('''[Unit]
+Description=test service
+[Service]
+ExecStart=/bin/sleep 500
+%s
+''' % extra_service)
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ def assertNoControllers(self):
+ '''Assert that no cgroup controllers exist for test service'''
+
+ cs = glob('/sys/fs/cgroup/*/system.slice/%s' % self.service)
+ self.assertEqual(cs, [])
+
+ def assertController(self, name):
+ '''Assert that cgroup controller exists for test service'''
+
+ c = '/sys/fs/cgroup/%s/system.slice/%s' % (name, self.service)
+ self.assertTrue(os.path.isdir(c))
+
+ def assertNoController(self, name):
+ '''Assert that cgroup controller does not exist for test service'''
+
+ c = '/sys/fs/cgroup/%s/system.slice/%s' % (name, self.service)
+ self.assertFalse(os.path.isdir(c))
+
+ def test_simple(self):
+ '''simple service'''
+
+ self.create_service()
+ self.assertNoControllers()
+ subprocess.check_call(['systemctl', 'start', self.service])
+ self.assertController('systemd')
+ subprocess.check_call(['systemctl', 'stop', self.service])
+ self.assertNoControllers()
+
+ def test_cpushares(self):
+ '''service with CPUShares'''
+
+ self.create_service('CPUShares=1000')
+ self.assertNoControllers()
+ subprocess.check_call(['systemctl', 'start', self.service])
+ self.assertController('systemd')
+ self.assertController('cpu,cpuacct')
+ subprocess.check_call(['systemctl', 'stop', self.service])
+ self.assertNoControllers()
+
+
+class SeccompTest(unittest.TestCase):
+ '''Check seccomp syscall filtering'''
+
+ def test_failing(self):
+ with open('/run/systemd/system/scfail.service', 'w') as f:
+ f.write('''[Unit]
+Description=seccomp test
+[Service]
+ExecStart=/bin/cat /etc/machine-id
+SystemCallFilter=access
+''')
+ self.addCleanup(os.unlink, '/run/systemd/system/scfail.service')
+
+ # launch
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+ subprocess.check_call(['systemctl', 'start', 'scfail.service'])
+ wait_unit_stop('scfail.service')
+
+ # check status
+ st = subprocess.Popen(['systemctl', 'status', '-l',
+ 'scfail.service'], stdout=subprocess.PIPE)
+ out = st.communicate()[0]
+ # unit should be stopped
+ self.assertEqual(st.returncode, 3)
+
+ subprocess.check_call(['systemctl', 'reset-failed', 'scfail.service'])
+
+ self.assertIn(b'failed', out)
+ self.assertIn(b'code=killed, signal=SYS', out)
+ with open('/etc/machine-id') as f:
+ self.assertNotIn(f.read().strip().encode('ASCII'), out)
+
+
+class CoredumpTest(unittest.TestCase):
+ '''Check systemd-coredump'''
+
+ def test_bash_crash(self):
+ subprocess.call("ulimit -c unlimited; bash -c 'kill -SEGV $$'", shell=True,
+ cwd='/tmp', stderr=subprocess.DEVNULL)
+
+ # with systemd-coredump installed we should get the core dumps in
+ # systemd's dir
+ for timeout in range(50):
+ cores = glob('/var/lib/systemd/coredump/core.bash.*')
+ if cores:
+ break
+ time.sleep(1)
+ self.assertNotEqual(cores, [])
+ self.assertEqual(glob('/tmp/core*'), [])
+
+ # we should also get a message and stack trace in journal
+ for timeout in range(10):
+ subprocess.call(['journalctl', '--sync'])
+ journal = subprocess.check_output(['journalctl', '-t', 'systemd-coredump'])
+ if re.search(b'Process.*bash.*dumped core', journal) and \
+ re.search(b'#[0-9] .*bash', journal):
+ break
+ time.sleep(1)
+ self.assertRegex(journal, b'Process.*bash.*dumped core')
+ self.assertIn(b'Stack trace', journal)
+ self.assertRegex(journal, b'#[0-9] .*bash')
+
+
+class CLITest(unittest.TestCase):
+ def setUp(self):
+ self.programs = []
+ for line in subprocess.check_output(['dpkg', '-L', 'systemd', 'systemd-container', 'systemd-coredump', 'udev'],
+ universal_newlines=True).splitlines():
+ if '/bin/' in line:
+ self.programs.append(line.strip())
+
+ def test_help(self):
+ '--help works and succeeds'''
+
+ for program in self.programs:
+ p = subprocess.Popen([program, '--help'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
+ (out, err) = p.communicate()
+ try:
+ self.assertEqual(err, '')
+ self.assertEqual(p.returncode, 0)
+ self.assertIn(os.path.basename(program), out)
+ self.assertTrue('--help' in out or 'Usage' in out, out)
+ except AssertionError:
+ print('Failed program: %s' % program)
+ raise
+
+ def test_version(self):
+ '--version works and succeeds'''
+
+ version = subprocess.check_output(['pkg-config', '--modversion', 'systemd'],
+ universal_newlines=True).strip()
+
+ for program in self.programs:
+ # known to not respond to --version
+ if os.path.basename(program) in ['kernel-install', 'systemd-ask-password', 'systemd-stdio-bridge']:
+ continue
+ p = subprocess.Popen([program, '--version'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
+ (out, err) = p.communicate()
+ try:
+ self.assertEqual(err, '')
+ self.assertEqual(p.returncode, 0)
+ self.assertIn(version, out)
+ except AssertionError:
+ print('Failed program: %s' % program)
+ raise
+
+ def test_invalid_option(self):
+ '''Calling with invalid option fails'''
+
+ for program in self.programs:
+ p = subprocess.Popen([program, '--invalid-option'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
+ (out, err) = p.communicate()
+ try:
+ # kernel-install is an unique snowflake
+ if not program.endswith('/kernel-install'):
+ self.assertIn('--invalid-option', err)
+ self.assertNotEqual(p.returncode, 0)
+ except AssertionError:
+ print('Failed program: %s' % program)
+ raise
+
+
+def pre_boot_setup():
+ '''Test setup before rebooting testbed'''
+
+ # create a few temporary files to ensure that they get cleaned up on boot
+ os.close(os.open('/tmp/newfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ os.close(os.open('/var/tmp/newfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ # we can't use utime() here, as systemd looks for ctime
+ cur_time = time.clock_gettime(time.CLOCK_REALTIME)
+ time.clock_settime(time.CLOCK_REALTIME, cur_time - 2 * 30 * 86400)
+ try:
+ os.close(os.open('/tmp/oldfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ os.close(os.open('/var/tmp/oldfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ finally:
+ time.clock_settime(time.CLOCK_REALTIME, cur_time)
+
+ # allow X to start even on headless machines
+ os.makedirs('/etc/X11/xorg.conf.d/', exist_ok=True)
+ with open('/etc/X11/xorg.conf.d/dummy.conf', 'w') as f:
+ f.write('''Section "Device"
+ Identifier "test"
+ Driver "dummy"
+EndSection''')
+
+
+if __name__ == '__main__':
+ if not os.getenv('ADT_REBOOT_MARK'):
+ pre_boot_setup()
+ print('Rebooting...')
+ subprocess.check_call(['/tmp/autopkgtest-reboot', 'boot1'])
+
+ unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
+ verbosity=2))
diff --git a/debian/tests/boot-smoke b/debian/tests/boot-smoke
new file mode 100755
index 00000000..ca1fd375
--- /dev/null
+++ b/debian/tests/boot-smoke
@@ -0,0 +1,66 @@
+#!/bin/sh
+# test 20 successful reboots in a row
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+# For bisecting/testing you can replace individual binaries in /lib/systemd
+# with --copy /host/path/systemd-foo:/tmp/systemd-replace/systemd-foo
+set -e
+
+. `dirname $0`/assert.sh
+
+if [ -z "$ADT_REBOOT_MARK" ]; then
+ # enable persistent journal
+ mkdir -p /var/log/journal
+ # allow X to start even on headless machines
+ mkdir -p /etc/X11/xorg.conf.d/
+ cat << EOF > /etc/X11/xorg.conf.d/dummy.conf
+Section "Device"
+ Identifier "test"
+ Driver "dummy"
+EndSection
+EOF
+
+
+ ADT_REBOOT_MARK=0
+ if [ -d /tmp/systemd-replace/ ]; then
+ for f in /tmp/systemd-replace/*; do
+ echo "Installing $f..."
+ rm -f /lib/systemd/$(basename $f)
+ cp $f /lib/systemd/
+ done
+ fi
+else
+ echo "checking for failed unmounts for user systemd"
+ JOURNAL=$(journalctl)
+ if echo "$JOURNAL" | grep -E "systemd\[([2-9]|[1-9][0-9]+)\].*Failed unmounting"; then
+ exit 1
+ fi
+ echo "checking for connection timeouts"
+ if echo "$JOURNAL" | grep "Connection timed out"; then
+ exit 1
+ fi
+
+ echo "checking that polkitd runs"
+ pidof polkitd
+
+ echo "checking that there are no running jobs"
+ TIMEOUT=10
+ while [ $TIMEOUT -ge 0 ]; do
+ running="$(systemctl --no-pager --no-legend list-jobs || true)"
+ [ -n "$running" ] || break
+ TIMEOUT=$((TIMEOUT - 1))
+ done
+ if [ -n "$running" ]; then
+ echo "running jobs after remaining timeout $TIMEOUT: $running"
+ journalctl --sync
+ journalctl -ab > $ADT_ARTIFACTS/journal.txt
+ udevadm info --export-db > $ADT_ARTIFACTS/udevdb.txt
+ exit 1
+ fi
+fi
+
+if [ "$ADT_REBOOT_MARK" -ge 5 ]; then
+ exit 0
+fi
+
+echo "reboot #$ADT_REBOOT_MARK"
+/tmp/autopkgtest-reboot $(($ADT_REBOOT_MARK + 1))
diff --git a/debian/tests/build-login b/debian/tests/build-login
new file mode 100755
index 00000000..def83b18
--- /dev/null
+++ b/debian/tests/build-login
@@ -0,0 +1,38 @@
+#!/bin/sh
+# autopkgtest check: Test build against libsystemd-login-dev
+# (C) 2014 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+set -e
+
+WORKDIR=$(mktemp -d)
+trap "rm -rf $WORKDIR" 0 INT QUIT ABRT PIPE TERM
+cd $WORKDIR
+cat <<EOF > loginmonitor.c
+#include <assert.h>
+#include <stdio.h>
+#include <systemd/sd-login.h>
+
+int main(int argc, char **argv)
+{
+ sd_login_monitor* mon = NULL;
+ int res;
+
+ res = sd_login_monitor_new(NULL, &mon);
+ if (res < 0) {
+ fprintf(stderr, "sd_login_monitor_new failed with value %i\n", res);
+ return 1;
+ }
+
+ assert(sd_login_monitor_get_fd(mon) > 0);
+ sd_login_monitor_unref(mon);
+
+ return 0;
+}
+EOF
+
+gcc -Wall -Werror -o loginmonitor loginmonitor.c `pkg-config --cflags --libs libsystemd`
+echo "build: OK"
+[ -x loginmonitor ]
+./loginmonitor
+echo "run: OK"
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 00000000..24e75f61
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,190 @@
+Tests: timedated, hostnamed, localed-locale, localed-x11-keymap
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+Restrictions: needs-root, isolation-container
+
+Tests: logind
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+Restrictions: needs-root, isolation-container
+
+Tests: unit-config
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+ python3,
+ pkg-config,
+Restrictions: needs-root, allow-stderr
+
+Tests: storage
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+ python3,
+ pkg-config,
+ cryptsetup-bin,
+Restrictions: needs-root, isolation-machine
+
+Tests: networkd-test.py
+Tests-Directory: test
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+ python3,
+ pkg-config,
+ cryptsetup-bin,
+ systemd-sysv,
+ policykit-1,
+ dnsmasq-base
+Restrictions: needs-root, isolation-container
+
+Tests: build-login
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+ python3,
+ pkg-config,
+ cryptsetup-bin,
+ systemd-sysv,
+ policykit-1,
+ dnsmasq-base,
+ build-essential,
+ libsystemd-dev,
+Restrictions: isolation-container
+
+Tests: boot-and-services
+Depends: systemd-sysv,
+ systemd-container,
+ systemd-coredump,
+ libpam-systemd,
+ xserver-xorg-video-dummy,
+ xserver-xorg,
+ gdm3 [!s390x],
+ cron,
+ network-manager,
+ busybox-static,
+ apparmor,
+ pkg-config,
+ python3
+Restrictions: needs-root, isolation-machine, breaks-testbed
+
+Tests: udev
+Depends: systemd-tests,
+ python3,
+ tree,
+ perl,
+ xz-utils,
+Restrictions: needs-root, allow-stderr, isolation-machine
+
+Tests: root-unittests
+Depends: systemd-tests,
+ libpam-systemd,
+ tree,
+ perl,
+ xz-utils,
+ libcap2-bin,
+ iproute2,
+ liblz4-tool,
+ acl,
+ iputils-ping,
+ dbus-user-session,
+Restrictions: needs-root, allow-stderr, isolation-container
+
+Tests: upstream
+Depends: libsystemd-dev,
+ tree,
+ perl,
+ xz-utils,
+ libcap2-bin,
+ iproute2,
+ liblz4-tool,
+ acl,
+ kbd,
+ cryptsetup-bin,
+ net-tools,
+ isc-dhcp-client,
+ iputils-ping,
+ strace,
+ qemu-system-x86 [amd64 i386],
+ qemu-system-arm [arm64 armhf],
+ qemu-system-s390x [s390x],
+ less,
+ pkg-config,
+ gcc,
+ libc6-dev | libc-dev,
+ make,
+ quota,
+ systemd-journal-remote,
+ systemd-container,
+ systemd-coredump,
+ fdisk | util-linux (<< 2.29.2-3~),
+ netcat-openbsd,
+ busybox-static,
+ plymouth,
+ e2fsprogs,
+Restrictions: needs-root, allow-stderr, isolation-machine
+
+Tests: boot-smoke
+Depends: libsystemd-dev,
+ tree,
+ perl,
+ xz-utils,
+ libcap2-bin,
+ iproute2,
+ liblz4-tool,
+ acl,
+ kbd,
+ cryptsetup-bin,
+ net-tools,
+ isc-dhcp-client,
+ iputils-ping,
+ strace,
+ qemu-system-x86 [amd64 i386],
+ qemu-system-arm [arm64 armhf],
+ qemu-system-s390x [s390x],
+ less,
+ pkg-config,
+ gcc,
+ libc6-dev | libc-dev,
+ make,
+ quota,
+ systemd-journal-remote,
+ systemd-container,
+ systemd-coredump,
+ systemd-sysv,
+ fdisk | util-linux (<< 2.29.2-3~),
+ netcat-openbsd,
+ busybox-static,
+ plymouth,
+ network-manager,
+ policykit-1,
+ gdm3 [!s390x],
+ xserver-xorg-video-dummy,
+Restrictions: needs-root, isolation-container, allow-stderr, breaks-testbed
+
+# NOUPSTREAM: Do not run these tests for upstream builds
+
+Tests: systemd-fsckd
+Depends: systemd-sysv,
+ python3,
+ plymouth
+Restrictions: needs-root, isolation-machine, breaks-testbed
diff --git a/debian/tests/fsck b/debian/tests/fsck
new file mode 100755
index 00000000..77b50d72
--- /dev/null
+++ b/debian/tests/fsck
@@ -0,0 +1,27 @@
+#!/bin/bash
+fd=0
+
+OPTIND=1
+while getopts "C:aTlM" opt; do
+ case "$opt" in
+ C)
+ fd=$OPTARG
+ ;;
+ \?);;
+ esac
+done
+
+shift "$((OPTIND-1))"
+device=$1
+
+echo "Running fake fsck on $device"
+
+declare -a maxpass=(30 5 2 30 60)
+
+for pass in {1..5}; do
+ maxprogress=${maxpass[$((pass-1))]}
+ for (( current=0; current<=${maxprogress}; current++)); do
+ echo "$pass $current $maxprogress $device">&$fd
+ sleep 0.1
+ done
+done
diff --git a/debian/tests/hostnamed b/debian/tests/hostnamed
new file mode 100755
index 00000000..1b228691
--- /dev/null
+++ b/debian/tests/hostnamed
@@ -0,0 +1,22 @@
+#!/bin/sh
+set -e
+
+. `dirname $0`/assert.sh
+
+ORIG_HOST=`cat /etc/hostname`
+echo "original hostname: $ORIG_HOST"
+
+# should activate daemon and work
+STATUS="`hostnamectl`"
+assert_in "Static hostname: $ORIG_HOST" "$STATUS"
+assert_in "Kernel:.* `uname -r`" "$STATUS"
+
+# change hostname
+assert_eq "`hostnamectl set-hostname testhost 2>&1`" ""
+assert_eq "`cat /etc/hostname`" "testhost"
+assert_in "Static hostname: testhost" "`hostnamectl`"
+
+# reset to original
+assert_eq "`hostnamectl set-hostname $ORIG_HOST 2>&1`" ""
+assert_eq "`cat /etc/hostname`" "$ORIG_HOST"
+assert_in "Static hostname: $ORIG_HOST" "`hostnamectl`"
diff --git a/debian/tests/lidswitch.evemu b/debian/tests/lidswitch.evemu
new file mode 100644
index 00000000..de1d5904
--- /dev/null
+++ b/debian/tests/lidswitch.evemu
@@ -0,0 +1,34 @@
+# EVEMU 1.2
+# Input device name: "Lid Switch"
+# Input device ID: bus 0x19 vendor 0000 product 0x05 version 0000
+# Supported events:
+# Event type 0 (EV_SYN)
+# Event code 0 (SYN_REPORT)
+# Event code 5 (FF_STATUS_MAX)
+# Event type 5 (EV_SW)
+# Event code 0 (SW_LID)
+# Properties:
+N: Fake Lid Switch
+I: 0019 0000 0005 0000
+P: 00 00 00 00 00 00 00 00
+B: 00 21 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 02 00 00 00 00 00 00 00 00
+B: 03 00 00 00 00 00 00 00 00
+B: 04 00 00 00 00 00 00 00 00
+B: 05 01 00 00 00 00 00 00 00
+B: 11 00 00 00 00 00 00 00 00
+B: 12 00 00 00 00 00 00 00 00
+B: 15 00 00 00 00 00 00 00 00
+B: 15 00 00 00 00 00 00 00 00
diff --git a/debian/tests/localed-locale b/debian/tests/localed-locale
new file mode 100755
index 00000000..468258d1
--- /dev/null
+++ b/debian/tests/localed-locale
@@ -0,0 +1,42 @@
+#!/bin/sh
+set -e
+
+. `dirname $0`/assert.sh
+
+if [ -n "$TEST_UPSTREAM" ]; then
+ LOCALE_CONF=/etc/locale.conf
+else
+ LOCALE_CONF=/etc/default/locale
+fi
+
+if ! ORIG_LOC=`grep -v '^#' $LOCALE_CONF 2>/dev/null`; then
+ # set up for a minimal unconfigured system
+ if [ -e /etc/locale.gen ]; then
+ echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
+ fi
+ locale-gen en_US.UTF-8
+ ORIG_LOC='LANG="en_US.UTF-8"'
+ echo "$ORIG_LOC" > $LOCALE_CONF
+fi
+
+if ! [ -e /etc/default/keyboard ]; then
+ /bin/echo -e 'XKBMODEL=us\nXKBLAYOUT=pc105' > /etc/default/keyboard
+fi
+
+# should activate daemon and work
+assert_in "System Locale:" "`localectl --no-pager`"
+
+# change locale
+assert_eq "`localectl --no-pager set-locale LANG=C LC_CTYPE=en_US.UTF-8 2>&1`" ""
+sync
+assert_eq "`cat $LOCALE_CONF`" "LANG=C
+LC_CTYPE=en_US.UTF-8"
+
+! [ -f /etc/locale.conf ]
+
+STATUS=`localectl`
+assert_in "System Locale: LANG=C" "$STATUS"
+assert_in "LC_CTYPE=en_US.UTF-8" "$STATUS"
+
+# reset locale to original
+echo "$ORIG_LOC" > $LOCALE_CONF
diff --git a/debian/tests/localed-x11-keymap b/debian/tests/localed-x11-keymap
new file mode 100755
index 00000000..34f48080
--- /dev/null
+++ b/debian/tests/localed-x11-keymap
@@ -0,0 +1,52 @@
+#!/bin/sh
+set -e
+
+. `dirname $0`/assert.sh
+
+if [ -f /etc/default/keyboard ]; then
+ ORIG_KBD=`cat /etc/default/keyboard`
+else
+ ORIG_KBD=""
+fi
+
+cleanup() {
+ # reset locale to original
+ if [ -n "ORIG_KBD" ]; then
+ echo "$ORIG_KBD" > /etc/default/keyboard
+ else
+ rm -f /etc/default/keyboard
+ fi
+ rm -f /etc/X11/xorg.conf.d/00-keyboard.conf
+}
+trap cleanup EXIT INT QUIT PIPE
+
+# should activate daemon and work
+STATUS=`localectl`
+assert_in "X11 Layout:" "`localectl --no-pager`"
+
+# change layout
+assert_eq "`localectl --no-pager set-x11-keymap et pc101 2>&1`" ""
+sync
+
+if [ -n "$TEST_UPSTREAM" ]; then
+ # Upstream writes xorg.conf.d file
+ assert_in 'Option "XkbLayout" "et' "`cat /etc/X11/xorg.conf.d/00-keyboard.conf`"
+ assert_in 'Option "XkbModel" "pc101"' "`cat /etc/X11/xorg.conf.d/00-keyboard.conf`"
+else
+ # Debian console-setup config file
+ assert_in 'XKBLAYOUT="\?et"\?' "`cat /etc/default/keyboard`"
+ assert_in 'XKBMODEL="\?pc101"\?' "`cat /etc/default/keyboard`"
+
+ ! [ -f /etc/X11/xorg.conf.d/00-keyboard.conf ]
+fi
+
+STATUS=`localectl --no-pager`
+assert_in "X11 Layout: et" "$STATUS"
+assert_in "X11 Model: pc101" "$STATUS"
+
+# gets along without config file
+if [ -z "$TEST_UPSTREAM" ]; then
+ rm /etc/default/keyboard
+ systemctl stop systemd-localed
+ assert_in "X11 Layout: n/a" "`localectl --no-pager`"
+fi
diff --git a/debian/tests/logind b/debian/tests/logind
new file mode 100755
index 00000000..07a658bd
--- /dev/null
+++ b/debian/tests/logind
@@ -0,0 +1,204 @@
+#!/bin/sh
+set -e
+
+test_started() {
+ # ensure the *old* logind from before the upgrade isn't running
+ echo " * try-restarting systemd-logind"
+ systemctl try-restart systemd-logind
+
+ echo " * daemon is started"
+ # should start at boot, not with D-BUS activation
+ LOGINDPID=$(pidof systemd-logind)
+
+ # loginctl should succeed
+ echo " * loginctl succeeds"
+ LOGINCTL_OUT=`loginctl`
+}
+
+test_properties() {
+ # Default KillUserProcesses should be off for debian/ubuntu builds
+ r=$(busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager KillUserProcesses)
+ [ "$r" = "b false" ]
+}
+
+# args: <timeout>
+wait_suspend() {
+ timeout=$1
+ while [ $timeout -gt 0 ] && [ ! -e /run/suspend.flag ]; do
+ sleep 1
+ timeout=$((timeout - 1))
+ [ $(($timeout % 5)) -ne 0 ] || echo " waiting for suspend, ${timeout}s remaining..."
+ done
+ if [ ! -e /run/suspend.flag ]; then
+ echo "closing lid did not cause suspend" >&2
+ exit 1
+ fi
+ rm /run/suspend.flag
+ echo " * closing lid caused suspend"
+}
+
+test_suspend_on_lid() {
+ if systemd-detect-virt --quiet --container; then
+ echo " * Skipping suspend test in container"
+ return
+ fi
+ if ! grep -q mem /sys/power/state; then
+ echo " * suspend not supported on this testbed, skipping"
+ return
+ fi
+
+ # cleanup handler
+ trap 'rm -f /run/udev/rules.d/70-logindtest-*.rules; udevadm control --reload;
+ kill $KILL_PID;
+ rm /run/systemd/system/systemd-suspend.service;
+ if [ -d /sys/module/scsi_debug ]; then rmmod scsi_debug 2>/dev/null || (sleep 2; rmmod scsi_debug ) || true; fi' \
+ EXIT INT QUIT TERM PIPE
+
+ # watch what's going on
+ journalctl -f -u systemd-logind.service &
+ KILL_PID="$KILL_PID $!"
+
+ # create fake suspend
+ UNIT=$(systemctl show -pFragmentPath --value systemd-suspend.service)
+ sed '/^ExecStart=/ s_=.*$_=/bin/touch /run/suspend.flag_' $UNIT > /run/systemd/system/systemd-suspend.service
+ sync
+ systemctl daemon-reload
+
+ # create fake lid switch
+ mkdir -p /run/udev/rules.d
+ echo 'SUBSYSTEM=="input", KERNEL=="event*", ATTRS{name}=="Fake Lid Switch", TAG+="power-switch"' \
+ > /run/udev/rules.d/70-logindtest-lid.rules
+ sync
+ udevadm control --reload
+ evemu-device $(dirname $0)/lidswitch.evemu &
+ KILL_PID="$KILL_PID $!"
+ while [ -z "$O" ]; do
+ sleep 0.1
+ O=$(grep -l '^Fake Lid Switch' /sys/class/input/*/device/name)
+ done
+ O=${O%/device/name}
+ LID_DEV=/dev/${O#/sys/class/}
+
+ # close lid
+ evemu-event $LID_DEV --sync --type 5 --code 0 --value 1
+ # need to wait for 30s suspend inhibition after boot
+ wait_suspend 31
+ # open lid again
+ evemu-event $LID_DEV --sync --type 5 --code 0 --value 0
+
+ echo " * waiting for 30s inhibition time between suspends"
+ sleep 30
+
+ # now closing lid should cause instant suspend
+ evemu-event $LID_DEV --sync --type 5 --code 0 --value 1
+ wait_suspend 2
+ evemu-event $LID_DEV --sync --type 5 --code 0 --value 0
+
+ P=$(pidof systemd-logind)
+ [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; }
+}
+
+test_shutdown() {
+ echo " * scheduled shutdown with wall message"
+ shutdown 2>&1
+ sleep 5
+ shutdown -c || true
+ # logind should still be running
+ P=$(pidof systemd-logind)
+ [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; }
+
+ echo " * scheduled shutdown without wall message"
+ shutdown --no-wall 2>&1
+ sleep 5
+ shutdown -c --no-wall || true
+ P=$(pidof systemd-logind)
+ [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; }
+}
+
+test_in_logind_session() {
+ echo " * XDG_SESSION_ID=$XDG_SESSION_ID"
+ # cgroup v1: "1:name=systemd:/user.slice/..."; unified hierarchy: "0::/user.slice"
+ if grep -E '(name=systemd|^0:):.*session.*scope' /proc/self/cgroup; then
+ echo " * process is in session cgroup"
+ else
+ echo "FAIL: process is not in session cgroup"
+ echo "/proc/self/cgroup:"
+ cat /proc/self/cgroup
+ loginctl
+ loginctl show-session "$XDG_SESSION_ID"
+ exit 1
+ fi
+}
+
+test_acl() {
+ # ACL tests
+ if ! echo "$LOGINCTL_OUT" | grep -q "seat0"; then
+ echo " * Skipping ACL tests, as there is no seat"
+ return
+ fi
+ if systemd-detect-virt --quiet --container; then
+ echo " * Skipping ACL tests in container"
+ return
+ fi
+
+ # determine user
+ USER=`echo "$OUT" | grep seat0 | awk '{print $3}'`
+ echo "seat user: $USER"
+
+ # scsi_debug should not be loaded yet
+ ! test -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block
+
+ # we use scsi_debug to create new devices which we can put ACLs on
+ # tell udev about the tagging, so that logind can pick it up
+ cat <<EOF > /run/udev/rules.d/70-logindtest-scsi_debug-user.rules
+SUBSYSTEM=="block", ATTRS{model}=="scsi_debug*", TAG+="uaccess"
+EOF
+ sync
+ udevadm control --reload
+
+ echo " * coldplug: logind started with existing device"
+ killall systemd-logind
+ modprobe scsi_debug
+ while ! dev=/dev/`ls /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block 2>/dev/null`; do sleep 0.1; done
+ test -b $dev
+ echo "got block device $dev"
+ udevadm settle
+ # trigger logind
+ loginctl > /dev/null
+ sleep 1
+ if getfacl -p $dev | grep -q "user:$USER:rw-"; then
+ echo "$dev has ACL for user $USER"
+ else
+ echo "$dev has no ACL for user $USER:" >&2
+ getfacl -p $dev >&2
+ exit 1
+ fi
+
+ rmmod scsi_debug
+
+ echo " * hotplug: new device appears while logind is running"
+ modprobe scsi_debug
+ while ! dev=/dev/`ls /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block`; do sleep 0.1; done
+ test -b $dev
+ echo "got block device $dev"
+ udevadm settle
+ sleep 1
+ if getfacl -p $dev | grep -q "user:$USER:rw-"; then
+ echo "$dev has ACL for user $USER"
+ else
+ echo "$dev has no ACL for user $USER:" >&2
+ getfacl -p $dev >&2
+ exit 1
+ fi
+}
+
+#
+# main
+#
+
+test_started
+test_properties
+test_in_logind_session
+test_suspend_on_lid
+test_shutdown
+test_acl
diff --git a/debian/tests/process-killer b/debian/tests/process-killer
new file mode 100755
index 00000000..6ca10b8d
--- /dev/null
+++ b/debian/tests/process-killer
@@ -0,0 +1,9 @@
+#!/bin/sh
+# loop until we can kill the process given in arg
+
+while :
+do
+ /usr/bin/pkill -x $*
+ [ $? -eq 0 ] && break
+ sleep 1
+done
diff --git a/debian/tests/root-unittests b/debian/tests/root-unittests
new file mode 100644
index 00000000..96416e28
--- /dev/null
+++ b/debian/tests/root-unittests
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -eu
+
+EXFAIL=""
+
+res=0
+for t in /usr/lib/systemd/tests/test-*; do
+ tname=$(basename $t)
+ # test-udev needs special prep and has its own test
+ [ "$tname" != test-udev ] || continue
+ echo "====== $tname ======="
+ # exit code 77 means "skip"
+ rc=0
+ $t || rc=$?
+ if [ "$rc" = 0 ]; then
+ echo "PASS: $tname"
+ elif [ "$rc" = 77 ]; then
+ echo "SKIP: $tname"
+ elif [ "${EXFAIL%$tname*}" != "$EXFAIL" ]; then
+ echo "EXFAIL: $tname"
+ else
+ echo "FAIL: $tname (code: $rc)"
+ res=$rc
+ fi
+done
+exit $res
diff --git a/debian/tests/storage b/debian/tests/storage
new file mode 100755
index 00000000..d3861a7d
--- /dev/null
+++ b/debian/tests/storage
@@ -0,0 +1,238 @@
+#!/usr/bin/env python3
+# systemd integration test: Handling of storage devices
+# (C) 2015 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+import os
+import sys
+import unittest
+import subprocess
+import time
+import random
+from glob import glob
+
+
+@unittest.skipIf(os.path.isdir('/sys/module/scsi_debug'),
+ 'The scsi_debug module is already loaded')
+class FakeDriveTestBase(unittest.TestCase):
+ @classmethod
+ def setUpClass(klass):
+ # create a fake SCSI hard drive
+ subprocess.check_call(['modprobe', 'scsi_debug'])
+ # wait until drive got created
+ sys_dirs = []
+ while not sys_dirs:
+ sys_dirs = glob('/sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block')
+ time.sleep(0.1)
+ assert len(sys_dirs) == 1
+ devs = os.listdir(sys_dirs[0])
+ assert len(devs) == 1
+ klass.device = '/dev/' + devs[0]
+
+ def tearDown(self):
+ # clear drive
+ with open(self.device, 'wb') as f:
+ block = b'0' * 1048576
+ try:
+ while True:
+ f.write(block)
+ except OSError:
+ pass
+ subprocess.check_call(['udevadm', 'settle'])
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+
+class CryptsetupTest(FakeDriveTestBase):
+ def setUp(self):
+ self.plaintext_name = 'testcrypt1'
+ self.plaintext_dev = '/dev/mapper/' + self.plaintext_name
+ if os.path.exists(self.plaintext_dev):
+ self.fail('%s exists already' % self.plaintext_dev)
+
+ super().setUp()
+
+ if os.path.exists('/etc/crypttab'):
+ os.rename('/etc/crypttab', '/etc/crypttab.systemdtest')
+ self.password = 'pwd%i' % random.randint(1000, 10000)
+ self.password_agent = None
+
+ def tearDown(self):
+ if self.password_agent:
+ os.kill(self.password_agent, 9)
+ os.waitpid(self.password_agent, 0)
+ self.password_agent = None
+ subprocess.call(['umount', self.plaintext_dev], stderr=subprocess.DEVNULL)
+ subprocess.call(['systemctl', 'stop', 'systemd-cryptsetup@%s.service' % self.plaintext_name],
+ stderr=subprocess.STDOUT)
+ if os.path.exists('/etc/crypttab'):
+ os.unlink('/etc/crypttab')
+ if os.path.exists('/etc/crypttab.systemdtest'):
+ os.rename('/etc/crypttab.systemdtest', '/etc/crypttab')
+
+ super().tearDown()
+
+ def format_luks(self):
+ '''Format test device with LUKS'''
+
+ p = subprocess.Popen(['cryptsetup', '--batch-mode', 'luksFormat', self.device, '-'],
+ stdin=subprocess.PIPE)
+ p.communicate(self.password.encode())
+ self.assertEqual(p.returncode, 0)
+ os.sync()
+ subprocess.check_call(['udevadm', 'settle'])
+
+ def start_password_agent(self):
+ '''Run password agent to answer passphrase request for crypt device'''
+
+ pid = os.fork()
+ if pid > 0:
+ self.password_agent = pid
+ return
+
+ # wait for incoming request
+ found = False
+ while not found:
+ for ask in glob('/run/systemd/ask-password/ask.*'):
+ with open(ask) as f:
+ contents = f.read()
+ if 'disk scsi_debug' in contents and self.plaintext_name in contents:
+ found = True
+ break
+ if not found:
+ time.sleep(0.5)
+
+ # parse Socket=
+ for line in contents.splitlines():
+ if line.startswith('Socket='):
+ socket = line.split('=', 1)[1]
+ break
+
+ # send reply
+ p = subprocess.Popen(['/lib/systemd/systemd-reply-password', '1', socket],
+ stdin=subprocess.PIPE)
+ p.communicate(self.password.encode())
+ assert p.returncode == 0
+
+ os._exit(0)
+
+ def apply(self, target):
+ '''Tell systemd to generate and run the cryptsetup units'''
+
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ self.start_password_agent()
+ subprocess.check_call(['systemctl', 'restart', target])
+ for timeout in range(50):
+ if os.path.exists(self.plaintext_dev):
+ break
+ time.sleep(0.1)
+ else:
+ self.fail('timed out for %s to appear' % self.plaintext_dev)
+
+ def test_luks_by_devname(self):
+ '''LUKS device by plain device name, empty'''
+
+ self.format_luks()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s %s none luks\n' % (self.plaintext_name, self.device))
+ self.apply('cryptsetup.target')
+
+ # should not be mounted
+ with open('/proc/mounts') as f:
+ self.assertNotIn(self.plaintext_name, f.read())
+
+ # device should not have anything on it
+ p = subprocess.Popen(['blkid', self.plaintext_dev], stdout=subprocess.PIPE)
+ out = p.communicate()[0]
+ self.assertEqual(out, b'')
+ self.assertNotEqual(p.returncode, 0)
+
+ def test_luks_by_uuid(self):
+ '''LUKS device by UUID, empty'''
+
+ self.format_luks()
+ uuid = subprocess.check_output(['blkid', '-ovalue', '-sUUID', self.device],
+ universal_newlines=True).strip()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s UUID=%s none luks\n' % (self.plaintext_name, uuid))
+ self.apply('cryptsetup.target')
+
+ # should not be mounted
+ with open('/proc/mounts') as f:
+ self.assertNotIn(self.plaintext_name, f.read())
+
+ # device should not have anything on it
+ p = subprocess.Popen(['blkid', self.plaintext_dev], stdout=subprocess.PIPE)
+ out = p.communicate()[0]
+ self.assertEqual(out, b'')
+ self.assertNotEqual(p.returncode, 0)
+
+ def test_luks_swap(self):
+ '''LUKS device with "swap" option'''
+
+ self.format_luks()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s %s none luks,swap\n' % (self.plaintext_name, self.device))
+ self.apply('cryptsetup.target')
+
+ # should not be mounted
+ with open('/proc/mounts') as f:
+ self.assertNotIn(self.plaintext_name, f.read())
+
+ # device should be formatted with swap
+ out = subprocess.check_output(['blkid', '-ovalue', '-sTYPE', self.plaintext_dev])
+ self.assertEqual(out, b'swap\n')
+
+ def test_luks_tmp(self):
+ '''LUKS device with "tmp" option'''
+
+ self.format_luks()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s %s none luks,tmp\n' % (self.plaintext_name, self.device))
+ self.apply('cryptsetup.target')
+
+ # should not be mounted
+ with open('/proc/mounts') as f:
+ self.assertNotIn(self.plaintext_name, f.read())
+
+ # device should be formatted with ext2
+ out = subprocess.check_output(['blkid', '-ovalue', '-sTYPE', self.plaintext_dev])
+ self.assertEqual(out, b'ext2\n')
+
+ def test_luks_fstab(self):
+ '''LUKS device in /etc/fstab'''
+
+ self.format_luks()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s %s none luks,tmp\n' % (self.plaintext_name, self.device))
+
+ mountpoint = '/run/crypt1.systemdtest'
+ os.mkdir(mountpoint)
+ self.addCleanup(os.rmdir, mountpoint)
+ os.rename('/etc/fstab', '/etc/fstab.systemdtest')
+ self.addCleanup(os.rename, '/etc/fstab.systemdtest', '/etc/fstab')
+ with open('/etc/fstab', 'a') as f:
+ with open('/etc/fstab.systemdtest') as forig:
+ f.write(forig.read())
+ f.write('%s %s ext2 defaults 0 0\n' % (self.plaintext_dev, mountpoint))
+
+ # this should now be a requirement of local-fs.target
+ self.apply('local-fs.target')
+
+ # should be mounted
+ found = False
+ with open('/proc/mounts') as f:
+ for line in f:
+ fields = line.split()
+ if fields[0] == self.plaintext_dev:
+ self.assertEqual(fields[1], mountpoint)
+ self.assertEqual(fields[2], 'ext2')
+ found = True
+ break
+ if not found:
+ self.fail('%s is not mounted' % self.plaintext_dev)
+
+
+if __name__ == '__main__':
+ unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
+ verbosity=2))
diff --git a/debian/tests/systemd-fsckd b/debian/tests/systemd-fsckd
new file mode 100755
index 00000000..b71a8dc2
--- /dev/null
+++ b/debian/tests/systemd-fsckd
@@ -0,0 +1,297 @@
+#!/usr/bin/python3
+# autopkgtest check: Ensure that systemd-fsckd can report progress and cancel
+# (C) 2015 Canonical Ltd.
+# Author: Didier Roche <didrocks@ubuntu.com>
+
+from contextlib import suppress
+import inspect
+import fileinput
+import os
+import subprocess
+import shutil
+import stat
+import sys
+import unittest
+from time import sleep, time
+
+GRUB_AUTOPKGTEST_CONFIG_PATH = "/etc/default/grub.d/50-cloudimg-settings.cfg"
+TEST_AUTOPKGTEST_CONFIG_PATH = "/etc/default/grub.d/99-fsckdtest.cfg"
+
+SYSTEMD_ETC_SYSTEM_UNIT_DIR = "/etc/systemd/system/"
+SYSTEMD_PROCESS_KILLER_PATH = os.path.join(SYSTEMD_ETC_SYSTEM_UNIT_DIR, "process-killer.service")
+
+SYSTEMD_FSCK_ROOT_PATH = "/lib/systemd/system/systemd-fsck-root.service"
+SYSTEMD_FSCK_ROOT_ENABLE_PATH = os.path.join(SYSTEMD_ETC_SYSTEM_UNIT_DIR, 'local-fs.target.wants/systemd-fsck-root.service')
+
+SYSTEM_FSCK_PATH = '/sbin/fsck'
+PROCESS_KILLER_PATH = '/sbin/process-killer'
+SAVED_FSCK_PATH = "{}.real".format(SYSTEM_FSCK_PATH)
+
+FSCKD_TIMEOUT = 30
+
+
+class FsckdTest(unittest.TestCase):
+ '''Check that we run, report and can cancel fsck'''
+
+ def __init__(self, test_name, after_reboot, return_code):
+ super().__init__(test_name)
+ self._test_name = test_name
+ self._after_reboot = after_reboot
+ self._return_code = return_code
+
+ def setUp(self):
+ super().setUp()
+ # ensure we have our root fsck enabled by default (it detects it runs in a vm and doesn't pull the target)
+ # note that it can already exists in case of a reboot (as there was no tearDown as we wanted)
+ os.makedirs(os.path.dirname(SYSTEMD_FSCK_ROOT_ENABLE_PATH), exist_ok=True)
+ with suppress(FileExistsError):
+ os.symlink(SYSTEMD_FSCK_ROOT_PATH, SYSTEMD_FSCK_ROOT_ENABLE_PATH)
+ enable_plymouth()
+
+ # note that the saved real fsck can still exists in case of a reboot (as there was no tearDown as we wanted)
+ if not os.path.isfile(SAVED_FSCK_PATH):
+ os.rename(SYSTEM_FSCK_PATH, SAVED_FSCK_PATH)
+
+ # install mock fsck and killer
+ self.install_bin(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'fsck'),
+ SYSTEM_FSCK_PATH)
+ self.install_bin(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'process-killer'),
+ PROCESS_KILLER_PATH)
+
+ self.files_to_clean = [SYSTEMD_FSCK_ROOT_ENABLE_PATH, SYSTEM_FSCK_PATH, SYSTEMD_PROCESS_KILLER_PATH, PROCESS_KILLER_PATH]
+
+ def tearDown(self):
+ # tearDown is only called once the test really ended (not while rebooting during tests)
+ for f in self.files_to_clean:
+ with suppress(FileNotFoundError):
+ os.remove(f)
+ os.rename(SAVED_FSCK_PATH, SYSTEM_FSCK_PATH)
+ super().tearDown()
+
+ def test_fsckd_run(self):
+ '''Ensure we can reboot after a fsck was processed'''
+ if not self._after_reboot:
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertFsckProceeded()
+ self.assertSystemRunning()
+
+ def test_fsckd_run_without_plymouth(self):
+ '''Ensure we can reboot without plymouth after a fsck was processed'''
+ if not self._after_reboot:
+ enable_plymouth(enable=False)
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertFsckProceeded(with_plymouth=False)
+ self.assertSystemRunning()
+
+ def test_fsck_with_failure(self):
+ '''Ensure that a failing fsck doesn't prevent fsckd to stop'''
+ if not self._after_reboot:
+ self.install_process_killer_unit('fsck')
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertWasRunning('process-killer')
+ self.assertFalse(self.is_failed_unit('process-killer'))
+ self.assertFsckProceeded()
+ self.assertSystemRunning()
+
+ def test_systemd_fsck_with_failure(self):
+ '''Ensure that a failing systemd-fsck doesn't prevent fsckd to stop'''
+ if not self._after_reboot:
+ self.install_process_killer_unit('systemd-fsck', kill=True)
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertProcessKilled()
+ self.assertTrue(self.is_failed_unit('systemd-fsck-root'))
+ self.assertWasRunning('systemd-fsckd')
+ self.assertWasRunning('plymouth-start')
+ self.assertSystemRunning()
+
+ def test_systemd_fsckd_with_failure(self):
+ '''Ensure that a failing systemd-fsckd doesn't prevent system to boot'''
+ if not self._after_reboot:
+ self.install_process_killer_unit('systemd-fsckd', kill=True)
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertProcessKilled()
+ self.assertFalse(self.is_failed_unit('systemd-fsck-root'))
+ self.assertTrue(self.is_failed_unit('systemd-fsckd'))
+ self.assertWasRunning('plymouth-start')
+ self.assertSystemRunning()
+
+ def test_systemd_fsck_with_plymouth_failure(self):
+ '''Ensure that a failing plymouth doesn't prevent fsckd to reconnect/exit'''
+ if not self._after_reboot:
+ self.install_process_killer_unit('plymouthd', kill=True)
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertWasRunning('process-killer')
+ self.assertFsckProceeded()
+ self.assertFalse(self.is_active_unit('plymouth-start'))
+ self.assertSystemRunning()
+
+ def install_bin(self, source, dest):
+ '''install mock fsck'''
+ shutil.copy2(source, dest)
+ st = os.stat(dest)
+ os.chmod(dest, st.st_mode | stat.S_IEXEC)
+
+ def is_active_unit(self, unit):
+ '''Check that given unit is active'''
+
+ return subprocess.call(['systemctl', 'status', unit],
+ stdout=subprocess.PIPE) == 0
+
+ def is_failed_unit(self, unit):
+ '''Check that given unit failed'''
+
+ p = subprocess.Popen(['systemctl', 'is-active', unit], stdout=subprocess.PIPE)
+ out, err = p.communicate()
+ if b'failed' in out:
+ return True
+ return False
+
+ def assertWasRunning(self, unit, expect_running=True):
+ '''Assert that a given unit has been running'''
+ p = subprocess.Popen(['systemctl', 'status', '--no-pager', unit],
+ stdout=subprocess.PIPE, universal_newlines=True)
+ out = p.communicate()[0].strip()
+ if expect_running:
+ self.assertRegex(out, 'Active:.*since')
+ else:
+ self.assertNotRegex(out, 'Active:.*since')
+ self.assertIn(p.returncode, (0, 3))
+
+ def assertFsckdStop(self):
+ '''Ensure systemd-fsckd stops, which indicates no more fsck activity'''
+ timeout = time() + FSCKD_TIMEOUT
+ while time() < timeout:
+ if not self.is_active_unit('systemd-fsckd'):
+ return
+ sleep(1)
+ raise Exception("systemd-fsckd still active after {}s".format(FSCKD_TIMEOUT))
+
+ def assertFsckProceeded(self, with_plymouth=True):
+ '''Assert we executed most of the fsck-related services successfully'''
+ self.assertWasRunning('systemd-fsckd')
+ self.assertFalse(self.is_failed_unit('systemd-fsckd'))
+ self.assertTrue(self.is_active_unit('systemd-fsck-root')) # remains active after exit
+ if with_plymouth:
+ self.assertWasRunning('plymouth-start')
+ else:
+ self.assertWasRunning('plymouth-start', expect_running=False)
+
+ def assertSystemRunning(self):
+ '''Assert that the system is running'''
+
+ self.assertTrue(self.is_active_unit('default.target'))
+
+ def assertProcessKilled(self):
+ '''Assert the targeted process was killed successfully'''
+ self.assertWasRunning('process-killer')
+ self.assertFalse(self.is_failed_unit('process-killer'))
+
+ def reboot(self):
+ '''Reboot the system with the current test marker'''
+ subprocess.check_call(['/tmp/autopkgtest-reboot', "{}:{}".format(self._test_name, self._return_code)])
+
+ def install_process_killer_unit(self, process_name, kill=False):
+ '''Create a systemd unit which will kill process_name'''
+ with open(SYSTEMD_PROCESS_KILLER_PATH, 'w') as f:
+ f.write('''[Unit]
+DefaultDependencies=no
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/timeout 10 {} {}
+
+[Install]
+WantedBy=systemd-fsck-root.service'''.format(PROCESS_KILLER_PATH,
+ '--signal SIGKILL {}'.format(process_name) if kill else process_name))
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+ subprocess.check_call(['systemctl', 'enable', 'process-killer'], stderr=subprocess.DEVNULL)
+
+
+def enable_plymouth(enable=True):
+ '''ensure plymouth is enabled in grub config (doesn't reboot)'''
+ plymouth_enabled = 'splash' in open('/boot/grub/grub.cfg').read()
+ if enable and not plymouth_enabled:
+ if os.path.exists(GRUB_AUTOPKGTEST_CONFIG_PATH):
+ shutil.copy2(GRUB_AUTOPKGTEST_CONFIG_PATH, TEST_AUTOPKGTEST_CONFIG_PATH)
+ for line in fileinput.input([TEST_AUTOPKGTEST_CONFIG_PATH], inplace=True):
+ if line.startswith("GRUB_CMDLINE_LINUX_DEFAULT"):
+ print(line[:line.rfind('"')] + ' splash quiet"\n')
+ else:
+ os.makedirs(os.path.dirname(TEST_AUTOPKGTEST_CONFIG_PATH), exist_ok=True)
+ with open(TEST_AUTOPKGTEST_CONFIG_PATH, 'w') as f:
+ f.write('GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0 splash quiet"\n')
+ elif not enable and plymouth_enabled:
+ with suppress(FileNotFoundError):
+ os.remove(TEST_AUTOPKGTEST_CONFIG_PATH)
+ subprocess.check_call(['update-grub'], stderr=subprocess.DEVNULL)
+
+
+def boot_with_systemd_distro():
+ '''Reboot with systemd as init and distro setup for grub'''
+ enable_plymouth()
+ subprocess.check_call(['/tmp/autopkgtest-reboot', 'systemd-started'])
+
+
+def getAllTests(unitTestClass):
+ '''get all test names in predictable sorted order from unitTestClass'''
+ return sorted([test[0] for test in inspect.getmembers(unitTestClass, predicate=inspect.isfunction)
+ if test[0].startswith('test_')])
+
+
+# ADT_REBOOT_MARK contains the test name to pursue after reboot
+# (to check results and states after reboot, mostly).
+# we append the previous global return code (0 or 1) to it.
+# Example: ADT_REBOOT_MARK=test_foo:0
+if __name__ == '__main__':
+ if os.path.exists('/run/initramfs/fsck-root'):
+ print('SKIP: root file system is being checked by initramfs already')
+ sys.exit(0)
+
+ all_tests = getAllTests(FsckdTest)
+ reboot_marker = os.getenv('ADT_REBOOT_MARK')
+
+ current_test_after_reboot = ""
+ if not reboot_marker:
+ boot_with_systemd_distro()
+
+ # first test
+ if reboot_marker == "systemd-started":
+ current_test = all_tests[0]
+ return_code = 0
+ else:
+ (current_test_after_reboot, return_code) = reboot_marker.split(':')
+ current_test = current_test_after_reboot
+ return_code = int(return_code)
+
+ # loop on remaining tests to run
+ try:
+ remaining_tests = all_tests[all_tests.index(current_test):]
+ except ValueError:
+ print("Invalid value for ADT_REBOOT_MARK, {} is not a valid test name".format(reboot_marker))
+ sys.exit(2)
+
+ # run all remaining tests
+ for test_name in remaining_tests:
+ after_reboot = False
+ # if this tests needed a reboot (and it has been performed), executes second part of it
+ if test_name == current_test_after_reboot:
+ after_reboot = True
+ suite = unittest.TestSuite()
+ suite.addTest(FsckdTest(test_name, after_reboot, return_code))
+ result = unittest.TextTestRunner(stream=sys.stdout, verbosity=2).run(suite)
+ if len(result.failures) != 0 or len(result.errors) != 0:
+ return_code = 1
+
+ sys.exit(return_code)
diff --git a/debian/tests/timedated b/debian/tests/timedated
new file mode 100755
index 00000000..52df8cfc
--- /dev/null
+++ b/debian/tests/timedated
@@ -0,0 +1,136 @@
+#!/bin/sh
+set -e
+
+. `dirname $0`/assert.sh
+
+ORIG_TZ=`grep -v '^#' /etc/timezone`
+echo "original tz: $ORIG_TZ"
+
+echo 'timedatectl works'
+assert_in "Local time:" "`timedatectl --no-pager`"
+
+echo 'change timezone'
+assert_eq "`timedatectl --no-pager set-timezone Europe/Moscow 2>&1`" ""
+assert_eq "`readlink /etc/localtime | sed 's#^.*zoneinfo/##'`" "Europe/Moscow"
+[ -n "$TEST_UPSTREAM" ] || assert_eq "`cat /etc/timezone`" "Europe/Moscow"
+assert_in "Time.*zone: Europe/Moscow (MSK, +" "`timedatectl --no-pager`"
+
+echo 'reset timezone to original'
+assert_eq "`timedatectl --no-pager set-timezone $ORIG_TZ 2>&1`" ""
+assert_eq "`readlink /etc/localtime | sed 's#^.*zoneinfo/##'`" "$ORIG_TZ"
+[ -n "$TEST_UPSTREAM" ] || assert_eq "`cat /etc/timezone`" "$ORIG_TZ"
+
+# test setting UTC vs. LOCAL in /etc/adjtime
+if [ -e /etc/adjtime ]; then
+ ORIG_ADJTIME=`cat /etc/adjtime`
+ trap "echo '$ORIG_ADJTIME' > /etc/adjtime" EXIT INT QUIT PIPE
+else
+ trap "rm -f /etc/adjtime" EXIT INT QUIT PIPE
+fi
+
+echo 'no adjtime file'
+rm -f /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+
+echo 'UTC set in adjtime file'
+printf '0.0 0 0\n0\nUTC\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+UTC"
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'non-zero values in adjtime file'
+printf '0.1 123 0\n0\nLOCAL\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_eq "`cat /etc/adjtime`" "0.1 123 0
+0
+UTC"
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.1 123 0
+0
+LOCAL"
+
+echo 'fourth line adjtime file'
+printf '0.0 0 0\n0\nLOCAL\nsomethingelse\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+UTC
+somethingelse"
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL
+somethingelse"
+
+echo 'no final newline in adjtime file'
+printf '0.0 0 0\n0\nUTC' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n0\nUTC' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'only one line in adjtime file'
+printf '0.0 0 0\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'only one line in adjtime file, no final newline'
+printf '0.0 0 0' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'only two lines in adjtime file'
+printf '0.0 0 0\n0\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n0\n' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+
+echo 'only two lines in adjtime file, no final newline'
+printf '0.0 0 0\n0' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n0' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'unknown value in 3rd line of adjtime file'
+printf '0.0 0 0\n0\nFOO\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n0\nFOO\n' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
diff --git a/debian/tests/udev b/debian/tests/udev
new file mode 100755
index 00000000..9ef53849
--- /dev/null
+++ b/debian/tests/udev
@@ -0,0 +1,13 @@
+#!/bin/sh
+# autopkgtest check: Run upstream udev test script
+# (C) 2016 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+set -euC
+
+TEST_DIR=${ADTTMP:=$(mktemp -d)}
+mkdir -p $TEST_DIR/test
+test/sys-script.py $TEST_DIR/test
+cp test/udev-test.pl $TEST_DIR
+cp /usr/lib/systemd/tests/manual/test-udev $TEST_DIR
+cd $TEST_DIR
+./udev-test.pl
diff --git a/debian/tests/unit-config b/debian/tests/unit-config
new file mode 100755
index 00000000..1cfa4d43
--- /dev/null
+++ b/debian/tests/unit-config
@@ -0,0 +1,369 @@
+#!/usr/bin/python3
+# autopkgtest check: enable/disable/configure units
+# (C) 2015 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+import unittest
+import subprocess
+import os
+import sys
+import tempfile
+from glob import glob
+
+system_unit_dir = subprocess.check_output(
+ ['pkg-config', '--variable=systemdsystemunitdir', 'systemd'],
+ universal_newlines=True).strip()
+systemd_sysv_install = os.path.join(os.path.dirname(system_unit_dir),
+ 'systemd-sysv-install')
+
+
+class EnableTests(unittest.TestCase):
+ def tearDown(self):
+ # remove all traces from our test unit
+ f = glob(system_unit_dir + '/test_enable*.service')
+ f += glob(system_unit_dir + '/*/test_enable*.service')
+ f += glob('/etc/systemd/system/test_enable*.service')
+ f += glob('/etc/systemd/system/*/test_enable*.service')
+ f += glob('/etc/init.d/test_enable*')
+ f += glob('/etc/rc?.d/???test_enable*')
+ [os.unlink(i) for i in f]
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ def create_unit(self, suffix='', enable=False):
+ '''Create a test unit'''
+
+ unit = os.path.join(system_unit_dir,
+ 'test_enable%s.service' % suffix)
+ with open(unit, 'w') as f:
+ f.write('''[Unit]
+Description=Testsuite unit %s
+[Service]
+ExecStart=/bin/echo hello
+[Install]
+WantedBy=multi-user.target
+''' % suffix)
+
+ if enable:
+ os.symlink(unit, '/etc/systemd/system/multi-user.target.wants/' +
+ os.path.basename(unit))
+
+ return unit
+
+ def create_sysv(self, suffix='', enable=False):
+ '''Create a test SysV script'''
+
+ script = '/etc/init.d/test_enable%s' % suffix
+ with open(script, 'w') as f:
+ f.write('''/bin/sh
+### BEGIN INIT INFO
+# Provides: test_enable%s
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Testsuite script%s
+### END INIT INFO
+
+echo hello
+''' % (suffix, suffix))
+ os.chmod(script, 0o755)
+
+ if enable:
+ subprocess.check_call(
+ [systemd_sysv_install, 'enable', os.path.basename(script)])
+
+ def assertEnabled(self, enabled, unit='test_enable.service'):
+ '''assert that given unit has expected state'''
+
+ systemctl = subprocess.Popen(['systemctl', 'is-enabled', unit],
+ stdout=subprocess.PIPE,
+ universal_newlines=True)
+ out = systemctl.communicate()[0].strip()
+ if enabled:
+ self.assertEqual(systemctl.returncode, 0)
+ self.assertEqual(out, 'enabled')
+ else:
+ self.assertEqual(systemctl.returncode, 1)
+ self.assertEqual(out, 'disabled')
+
+ def test_unit_enable(self):
+ '''no sysv: enable unit'''
+
+ self.create_unit()
+ self.assertEnabled(False)
+ # also works without .service suffix
+ self.assertEnabled(False, unit='test_enable')
+
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ self.assertEnabled(True)
+ # also works without .service suffix
+ self.assertEnabled(True, unit='test_enable')
+
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # enable should be idempotent
+ subprocess.check_call(['systemctl', 'enable', 'test_enable.service'])
+ self.assertEnabled(True)
+
+ def test_unit_disable(self):
+ '''no sysv: disable unit'''
+
+ self.create_unit(enable=True)
+ self.assertEnabled(True)
+ # also works without .service suffix
+ self.assertEnabled(True, unit='test_enable')
+
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ self.assertEnabled(False)
+ # also works without .service suffix
+ self.assertEnabled(False, unit='test_enable')
+
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertFalse(os.path.islink(l))
+
+ # disable should be idempotent
+ subprocess.check_call(['systemctl', 'disable', 'test_enable.service'])
+ self.assertEnabled(False)
+
+ def test_unit_sysv_enable(self):
+ '''with sysv: enable unit'''
+
+ self.create_unit()
+ self.create_sysv()
+ self.assertEnabled(False)
+ # also works without .service suffix
+ self.assertEnabled(False, unit='test_enable')
+
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ self.assertEnabled(True)
+ # also works without .service suffix
+ self.assertEnabled(True, unit='test_enable')
+
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # enabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l))
+ self.assertEqual(os.readlink(l[0]), '../init.d/test_enable')
+
+ # enable should be idempotent
+ subprocess.check_call(['systemctl', 'enable', 'test_enable.service'])
+ self.assertEnabled(True)
+
+ def test_unit_sysv_disable(self):
+ '''with sysv: disable unit'''
+
+ self.create_unit(enable=True)
+ self.create_sysv(enable=True)
+ self.assertEnabled(True)
+ # also works without .service suffix
+ self.assertEnabled(True, unit='test_enable')
+
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ self.assertEnabled(False)
+ # also works without .service suffix
+ self.assertEnabled(False, unit='test_enable')
+
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertFalse(os.path.islink(l))
+
+ # disabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(l, [])
+
+ # disable should be idempotent
+ subprocess.check_call(['systemctl', 'enable', 'test_enable.service'])
+ self.assertEnabled(True)
+
+ def test_unit_alias_enable(self):
+ '''no sysv: enable unit with an alias'''
+
+ u = self.create_unit()
+ with open(u, 'a') as f:
+ f.write('Alias=test_enablea.service\n')
+
+ self.assertEnabled(False)
+
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ self.assertEnabled(True)
+
+ # enablement symlink
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # alias symlink
+ l = '/etc/systemd/system/test_enablea.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ def test_unit_alias_disable(self):
+ '''no sysv: disable unit with an alias'''
+
+ u = self.create_unit()
+ with open(u, 'a') as f:
+ f.write('Alias=test_enablea.service\n')
+ os.symlink(system_unit_dir + '/test_enable.service',
+ '/etc/systemd/system/test_enablea.service')
+
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ self.assertEnabled(False)
+
+ # enablement symlink
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertFalse(os.path.islink(l))
+
+ # alias symlink
+ l = '/etc/systemd/system/test_enablea.service'
+ self.assertFalse(os.path.islink(l))
+
+ def test_unit_sysv_alias_enable(self):
+ '''with sysv: enable unit with an alias'''
+
+ u = self.create_unit()
+ with open(u, 'a') as f:
+ f.write('Alias=test_enablea.service\n')
+ self.create_sysv()
+
+ self.assertEnabled(False)
+
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ # enablement symlink
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # alias symlink
+ l = '/etc/systemd/system/test_enablea.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # enabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l))
+ self.assertEqual(os.readlink(l[0]), '../init.d/test_enable')
+
+ self.assertEnabled(True)
+
+ def test_unit_sysv_alias_disable(self):
+ '''with sysv: disable unit with an alias'''
+
+ u = self.create_unit(enable=True)
+ with open(u, 'a') as f:
+ f.write('Alias=test_enablea.service\n')
+ os.symlink(system_unit_dir + '/test_enable.service',
+ '/etc/systemd/system/test_enablea.service')
+ self.create_sysv(enable=True)
+
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ # enablement symlink
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertFalse(os.path.islink(l))
+
+ # alias symlink
+ l = '/etc/systemd/system/test_enablea.service'
+ self.assertFalse(os.path.islink(l))
+
+ # disabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(l, [])
+
+ self.assertEnabled(False)
+
+ def test_sysv_enable(self):
+ '''only sysv: enable'''
+
+ self.create_sysv()
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ # enabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l))
+ self.assertEqual(os.readlink(l[0]), '../init.d/test_enable')
+
+ # enable should be idempotent
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+ self.assertEnabled(True)
+
+ def test_sysv_disable(self):
+ '''only sysv: disable'''
+
+ self.create_sysv(enable=True)
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ # disabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(l, [])
+
+ # disable should be idempotent
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+ self.assertEnabled(False)
+
+ def test_unit_link(self):
+ '''systemctl link'''
+
+ with tempfile.NamedTemporaryFile(suffix='.service') as f:
+ f.write(b'[Unit]\n')
+ f.flush()
+ subprocess.check_call(['systemctl', 'link', f.name])
+
+ unit = os.path.basename(f.name)
+ l = os.path.join('/etc/systemd/system', unit)
+ self.assertEqual(os.readlink(l), f.name)
+
+ # disable it again
+ subprocess.check_call(['systemctl', 'disable', unit])
+ # this should also remove the unit symlink
+ self.assertFalse(os.path.islink(l))
+
+ def test_unit_enable_full_path(self):
+ '''systemctl enable a unit in a non-default path'''
+
+ with tempfile.NamedTemporaryFile(suffix='.service') as f:
+ f.write(b'''[Unit]
+Description=test
+[Service]
+ExecStart=/bin/true
+[Install]
+WantedBy=multi-user.target''')
+ f.flush()
+ unit = os.path.basename(f.name)
+
+ # now enable it
+ subprocess.check_call(['systemctl', 'enable', f.name])
+ self.assertEnabled(True, unit=unit)
+ l = os.path.join('/etc/systemd/system', unit)
+ self.assertEqual(os.readlink(l), f.name)
+ enable_l = '/etc/systemd/system/multi-user.target.wants/' + unit
+ self.assertEqual(os.readlink(enable_l), f.name)
+
+ # disable it again
+ subprocess.check_call(['systemctl', 'disable', unit])
+ # self.assertEnabled(False) does not work as now systemd does not
+ # know about the unit at all any more
+ self.assertFalse(os.path.islink(enable_l))
+ # this should also remove the unit symlink
+ self.assertFalse(os.path.islink(l))
+
+
+if __name__ == '__main__':
+ unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
+ verbosity=2))
diff --git a/debian/tests/upstream b/debian/tests/upstream
new file mode 100755
index 00000000..e0cf8be0
--- /dev/null
+++ b/debian/tests/upstream
@@ -0,0 +1,51 @@
+#!/bin/sh
+# run upstream system integration tests
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+set -e
+
+# even after installing policycoreutils this fails with
+# "Failed to install /usr/libexec/selinux/hll/pp"
+BLACKLIST="TEST-06-SELINUX"
+
+# some tests are flaky
+BLACKLIST="$BLACKLIST
+TEST-02-CRYPTSETUP
+TEST-16-EXTEND-TIMEOUT
+TEST-17-UDEV-WANTS
+"
+
+# quiesce Makefile.guess; not really relevant as systemd/nspawn run from
+# installed packages
+export BUILD_DIR=.
+
+# modify the image build scripts to install systemd from the debs instead of
+# from a "make/ninja install" as we don't have a built tree here. Also call
+# systemd-nspawn from the system.
+sed -i '/DESTDIR.* install/ s%^.*$% for p in `grep ^Package: '`pwd`'/debian/control | cut -f2 -d\\ |grep -Ev -- "-(udeb|dev)"`; do (cd /tmp; apt-get download $p \&\& dpkg-deb --fsys-tarfile ${p}[._]*deb | tar -C $initdir --dereference -x); done%; s_[^" ]*/systemd-nspawn_systemd-nspawn_g; s/\(_ninja_bin=\).*/\1dummy-ninja/' test/test-functions
+
+# adjust path
+sed -i 's_/usr/libexec/selinux/hll/pp_/usr/lib/selinux/hll/pp_' test/TEST-06-SELINUX/test.sh
+
+FAILED=""
+
+for t in test/TEST*; do
+ echo "$BLACKLIST" | grep -q "$(basename $t)" && continue
+ echo "========== `basename $t` =========="
+ rm -rf /var/tmp/systemd-test.*
+ if ! make -C $t setup run clean; then
+ for j in /var/tmp/systemd-test.*/journal/*; do
+ [ -e "$j" ] || continue
+ # keep the entire journal in artifacts, in case one needs the debug messages
+ cp -r "$j" "$AUTOPKGTEST_ARTIFACTS/$(basename $t)-$(basename $j)"
+ echo "---- $j ----"
+ journalctl --priority=warning --directory=$j
+ done
+ FAILED="$FAILED $t"
+ fi
+ echo
+done
+
+if [ -n "$FAILED" ]; then
+ echo FAILED TESTS: "$FAILED"
+ exit 1
+fi
diff --git a/debian/udev-udeb.dirs b/debian/udev-udeb.dirs
new file mode 100644
index 00000000..eeba23d8
--- /dev/null
+++ b/debian/udev-udeb.dirs
@@ -0,0 +1 @@
+/etc/udev/rules.d/
diff --git a/debian/udev-udeb.install b/debian/udev-udeb.install
new file mode 100644
index 00000000..0e9ff407
--- /dev/null
+++ b/debian/udev-udeb.install
@@ -0,0 +1,20 @@
+lib/systemd/network/99-default.link
+lib/systemd/systemd-udevd
+bin/udevadm
+lib/udev/ata_id
+lib/udev/scsi_id
+lib/udev/cdrom_id
+lib/udev/rules.d/50-udev-default.rules
+lib/udev/rules.d/60-cdrom_id.rules
+lib/udev/rules.d/60-input-id.rules
+lib/udev/rules.d/60-persistent-input.rules
+lib/udev/rules.d/60-persistent-storage.rules
+lib/udev/rules.d/64-btrfs.rules
+lib/udev/rules.d/75-net-description.rules
+lib/udev/rules.d/75-probe_mtd.rules
+lib/udev/rules.d/80-drivers.rules
+lib/udev/rules.d/80-net-setup-link.rules
+../../extra/rules/50-firmware.rules lib/udev/rules.d/
+../../extra/rules/73-special-net-names.rules lib/udev/rules.d/
+../../extra/rules/73-usb-net-by-mac.rules lib/udev/rules.d/
+../../extra/start-udev lib/debian-installer/
diff --git a/debian/udev.NEWS b/debian/udev.NEWS
new file mode 100644
index 00000000..abca3dde
--- /dev/null
+++ b/debian/udev.NEWS
@@ -0,0 +1,15 @@
+systemd (220-7) unstable; urgency=medium
+
+ The mechanism for providing stable network interface names changed.
+ Previously they were kept in /etc/udev/rules.d/70-persistent-net.rules
+ which mapped device MAC addresses to the (arbitrary) name they got when
+ they first appeared (i. e. mostly at the time of installation). As this
+ had several problems and is not supported any more, this is deprecated in
+ favor of the "net.ifnames" mechanism. With this most of your network
+ interfaces will get location-based names. If you have ifupdown, firewall,
+ or other configuration that relies on the old names, you need to update
+ these by Debian 10/Ubuntu 18.04 LTS, and then remove
+ /etc/udev/rules.d/70-persistent-net.rules. Please see
+ /usr/share/doc/udev/README.Debian.gz for details about this.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 15 Jun 2015 15:30:29 +0200
diff --git a/debian/udev.README.Debian b/debian/udev.README.Debian
new file mode 100644
index 00000000..b008fe19
--- /dev/null
+++ b/debian/udev.README.Debian
@@ -0,0 +1,149 @@
+This documents udev integration Debian specifics. Please see man udev(7) and
+its referenced manpages for general documentation.
+
+Network interface naming
+~~~~~~~~~~~~~~~~~~~~~~~~
+Since version 197 udev has a builtin persistent name generator which checks
+firmware/BIOS provided index numbers or slot names (similar to biosdevname),
+falls back to slot names (PCI numbers, etc., in the spirit of
+/dev/disks/by-path/), and then optionally falls back to MAC address, and
+generates names based on these properties. This provides "location oriented"
+names for PCI cards such as "enp0s1" for ethernet, or wlp1s0" for a WIFI card
+so that replacing a broken network card does not change the name (as long
+as the new card is fitted into the bus in the old card's slot.) As location
+based naming does not work well for USB devices, these use a MAC based naming
+schema (see /lib/udev/rules.d/73-usb-net-by-mac.rules).
+
+This has been enabled by default since udev 220-7, which affects new
+installations/hardware. Existing installations/hardware which already got
+covered by the old 75-persistent-net-generator.rules may keep their existing
+interface names until the release of Debian 10 / Ubuntu 18.04 LTS; see
+below.
+
+You can disable these stable names and go back to the kernel-provided ones
+(which don't have a stable order) in one of two ways:
+
+ - Put "net.ifnames=0" into the kernel command line (e. g. in
+ /etc/default/grub's GRUB_CMDLINE_LINUX_DEFAULT, then run "update-grub").
+
+ - Disable the default *.link rules with
+ "ln -s /dev/null /etc/systemd/network/99-default.link"
+ and rebuild the initrd with "update-initramfs -u".
+
+See this page for more information:
+http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
+
+Legacy persistent network interface naming
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Debian releases up to 8 ("Jessie") and Ubuntu up to 15.04 had an udev rule
+/lib/udev/rules.d/75-persistent-net-generator.rules which fixed the name of a
+network interface that it got when its MAC address first appeared in a
+dynamically created /etc/udev/rules.d/70-persistent-net.rules file.
+
+This had inherent race conditions (which sometimes caused collisions and
+interface names like "rename1"), required having to write state into /etc
+(which isn't possible for read-only root), and did not work in virtualized
+environments.
+
+This old schema is deprecated in Debian 9 ("Stretch"), and will not
+be supported any more in Debian 10.
+
+Migration to the current network interface naming scheme
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Interface names must be be manually migrated to the new naming scheme before
+upgrading to Debian 10 / Ubuntu 18.04 LTS. If you rely on the old names in
+custom ifupdown stanzas, firewall scripts, or other networking configuration,
+these will eventually need to be updated to the new names.
+
+WARNING: This process may render your machine inaccessible through ssh. Be sure
+to have physical or serial console access to the machine or a way to revert to
+your existing configuration.
+
+First, determine all relevant network interface names: those in
+/etc/udev/rules.d/70-persistent-net.rules, or if that does not exist (in
+the case of virtual machines), in "ip link" or /sys/class/net/.
+
+Then for every interface name use a command like
+
+ grep -r eth0 /etc
+
+to find out where it is being used.
+
+Then on "real hardware" machines, rename the file to
+70-persistent-net.rules.old; alternately, if you have multiple interfaces,
+instead of renaming you may wish to comment out specific lines to convert a
+single interface at a time.
+
+On VMs remove the files /etc/systemd/network/99-default.link and
+/etc/systemd/network/50-virtio-kernel-names.link (the latter only exists on VMs
+that use virtio network devices).
+
+Rebuild the initrd with
+
+ update-initramfs -u
+
+and reboot. Then your system should have a new network interface name (or
+names). Adjust configuration files as discovered with the grep above, and test
+your system.
+
+Repeat for each network interface name, as necessary.
+
+Custom net interface naming
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+In some cases it is convenient to define your own specific names for network
+interfaces. These can be customized in two different ways:
+
+ * You can create your own names via *.link files (see systemd.link(5)) based
+ on hardware properties. For example, /etc/systemd/network/10-dmz.link:
+
+ ------------ snip ------------
+ [Match]
+ MACAddress=11:22:aa:bb:cc:33
+
+ [Link]
+ Name=eth-dmz
+ ------------ snip ------------
+
+ * If you need attributes that link files don't expose, or you need more
+ powerful pattern matching, you can create udev rules (see udev(7))
+ like /etc/udev/rules.d/76-netnames.rules:
+
+ ------------ snip ------------
+ # identify by vendor/model ID
+ SUBSYSTEM=="net", ACTION=="add", ENV{ID_VENDOR_ID}=="0x8086", \
+ ENV{ID_MODEL_ID}=="0x1502", NAME="eth-intel-gb"
+
+ # USB device by path
+ # get ID_PATH if not present yet
+ ENV{ID_PATH}=="", IMPORT{builtin}="path_id"
+ SUBSYSTEM=="net", ACTION=="add", ENV{ID_PATH}=="*-usb-0:3:1*", NAME="eth-blue-hub"
+ ------------ snip ----------
+
+ The name of the rules file needs to have a prefix smaller than "80" so that
+ it runs before /lib/udev/rules.d/80-net-setup-link.rules, and should have a
+ prefix bigger than "75" so that it runs after 75-net-description.rules and
+ thus you can use matches on ID_VENDOR and similar properties.
+
+ * Unless you disabled net.ifnames, you can change the policy
+ (kernel/bios/path/MAC based naming) in an /etc/systemd/network/*.link file,
+ for individual devices or entire device classes. See man systemd.link(5) for
+ details about this. /lib/systemd/network/99-default.link is the default
+ policy. Note that /lib/udev/rules.d/73-usb-net-by-mac.rules uses MAC based
+ names for USB devices.
+
+Any of the above changes require an initrd update with "update-initramfs -u" to
+get effective.
+
+Using udev with LDAP or NIS
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+If the rules files reference usernames or groups not present in the
+/etc/{passwd,group} files and the system is configured to use a
+network-based database like LDAP or NIS then udev may fail at boot time
+because users and groups are looked up well before the network has been
+initialized.
+A possible solution is to configure /etc/nsswitch.conf like this:
+
+ passwd: files ldap [UNAVAIL=return]
+ group: files ldap [UNAVAIL=return]
+
+The nsswitch.conf syntax is documented in the glibc manual.
diff --git a/debian/udev.bug-control b/debian/udev.bug-control
new file mode 100644
index 00000000..3134261d
--- /dev/null
+++ b/debian/udev.bug-control
@@ -0,0 +1 @@
+package-status: systemd
diff --git a/debian/udev.bug-script b/debian/udev.bug-script
new file mode 100644
index 00000000..97f56f15
--- /dev/null
+++ b/debian/udev.bug-script
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# We don’t clean up this directory because there is no way to know when
+# reportbug finished running, and reportbug needs the files around.
+# Given that those are just a couple of kilobytes in size and people
+# generally don’t file a lot of bugs, I don’t think it’s a big deal.
+DIR=$(mktemp -d)
+
+echo "-- BEGIN ATTACHMENTS --" >&3
+
+udevadm info --export-db >$DIR/udev-database.txt
+echo "$DIR/udev-database.txt" >&3
+
+echo "-- END ATTACHMENTS --" >&3
diff --git a/debian/udev.init b/debian/udev.init
new file mode 100644
index 00000000..6a3c9b39
--- /dev/null
+++ b/debian/udev.init
@@ -0,0 +1,254 @@
+#!/bin/sh -e
+### BEGIN INIT INFO
+# Provides: udev
+# Required-Start: mountkernfs
+# Required-Stop: umountroot
+# Default-Start: S
+# Default-Stop: 0 6
+# Short-Description: Start systemd-udevd, populate /dev and load drivers.
+### END INIT INFO
+
+PATH="/sbin:/bin"
+NAME="systemd-udevd"
+DAEMON="/lib/systemd/systemd-udevd"
+DESC="hotplug events dispatcher"
+PIDFILE="/run/udev.pid"
+CTRLFILE="/run/udev/control"
+OMITDIR="/run/sendsigs.omit.d"
+
+# we need to unmount /dev/pts/ and remount it later over the devtmpfs
+unmount_devpts() {
+ if mountpoint -q /dev/pts/; then
+ umount -n -l /dev/pts/
+ fi
+
+ if mountpoint -q /dev/shm/; then
+ umount -n -l /dev/shm/
+ fi
+}
+
+# mount a devtmpfs over /dev, if somebody did not already do it
+mount_devtmpfs() {
+ if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then
+ mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev
+ return
+ fi
+
+ if ! mount -n -o nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev; then
+ log_failure_msg "udev requires devtmpfs support, not started"
+ log_end_msg 1
+ fi
+
+ return 0
+}
+
+create_dev_makedev() {
+ if [ -e /sbin/MAKEDEV ]; then
+ ln -sf /sbin/MAKEDEV /dev/MAKEDEV
+ else
+ ln -sf /bin/true /dev/MAKEDEV
+ fi
+}
+
+# shell version of /usr/bin/tty
+my_tty() {
+ [ -x /bin/readlink ] || return 0
+ [ -e /proc/self/fd/0 ] || return 0
+ readlink --silent /proc/self/fd/0 || true
+}
+
+warn_if_interactive() {
+ if [ "$RUNLEVEL" = "S" -a "$PREVLEVEL" = "N" ]; then
+ return
+ fi
+
+ TTY=$(my_tty)
+ if [ -z "$TTY" -o "$TTY" = "/dev/console" -o "$TTY" = "/dev/null" ]; then
+ return
+ fi
+
+ printf "\n\n\nIt has been detected that the command\n\n\t$0 $*\n\n"
+ printf "has been run from an interactive shell.\n"
+ printf "It will probably not do what you expect, so this script will wait\n"
+ printf "60 seconds before continuing. Press ^C to stop it.\n"
+ printf "RUNNING THIS COMMAND IS HIGHLY DISCOURAGED!\n\n\n\n"
+ sleep 60
+}
+
+make_static_nodes() {
+ [ -e /lib/modules/$(uname -r)/modules.devname ] || return 0
+ [ -x /bin/kmod ] || return 0
+
+ /bin/kmod static-nodes --format=tmpfiles --output=/proc/self/fd/1 | \
+ while read type name mode uid gid age arg; do
+ [ -e $name ] && continue
+ case "$type" in
+ c|b|c!|b!) mknod -m $mode $name $type $(echo $arg | sed 's/:/ /') ;;
+ d|d!) mkdir $name ;;
+ *) echo "unparseable line ($type $name $mode $uid $gid $age $arg)" >&2 ;;
+ esac
+
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon $name
+ fi
+ done
+}
+
+
+##############################################################################
+
+
+[ -x $DAEMON ] || exit 0
+
+# defaults
+tmpfs_size="10M"
+
+if [ -e /etc/udev/udev.conf ]; then
+ . /etc/udev/udev.conf
+fi
+
+. /lib/lsb/init-functions
+
+if [ ! -e /proc/filesystems ]; then
+ log_failure_msg "udev requires a mounted procfs, not started"
+ log_end_msg 1
+fi
+
+if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then
+ log_failure_msg "udev requires devtmpfs support, not started"
+ log_end_msg 1
+fi
+
+if [ ! -d /sys/class/ ]; then
+ log_failure_msg "udev requires a mounted sysfs, not started"
+ log_end_msg 1
+fi
+
+if [ ! -w /sys ]; then
+ log_warning_msg "udev does not support containers, not started"
+ exit 0
+fi
+
+if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] || \
+ [ -e /sys/block -a ! -e /sys/class/block ]; then
+ log_warning_msg "CONFIG_SYSFS_DEPRECATED must not be selected"
+ log_warning_msg "Booting will continue in 30 seconds but many things will be broken"
+ sleep 30
+fi
+
+# When modifying this script, do not forget that between the time that the
+# new /dev has been mounted and udevadm trigger has been run there will be
+# no /dev/null. This also means that you cannot use the "&" shell command.
+
+case "$1" in
+ start)
+ if [ ! -e "/run/udev/" ]; then
+ warn_if_interactive
+ fi
+
+ if [ -w /sys/kernel/uevent_helper ]; then
+ echo > /sys/kernel/uevent_helper
+ fi
+
+ if ! mountpoint -q /dev/; then
+ unmount_devpts
+ mount_devtmpfs
+ [ -d /proc/1 ] || mount -n /proc
+ fi
+
+ make_static_nodes
+
+ # clean up parts of the database created by the initramfs udev
+ udevadm info --cleanup-db
+
+ # set the SELinux context for devices created in the initramfs
+ [ -x /sbin/restorecon ] && /sbin/restorecon -R /dev
+
+ log_daemon_msg "Starting $DESC" "$NAME"
+ if start-stop-daemon --start --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile; then
+ # prevents udevd to be killed by sendsigs (see #791944)
+ mkdir -p $OMITDIR
+ ln -sf $PIDFILE $OMITDIR/$NAME
+ log_end_msg $?
+ else
+ log_warning_msg $?
+ log_warning_msg "Waiting 15 seconds and trying to continue anyway"
+ sleep 15
+ fi
+
+ log_action_begin_msg "Synthesizing the initial hotplug events (subsystems)"
+ if udevadm trigger --type=subsystems --action=add; then
+ log_action_end_msg $?
+ else
+ log_action_end_msg $?
+ fi
+ log_action_begin_msg "Synthesizing the initial hotplug events (devices)"
+ if udevadm trigger --type=devices --action=add; then
+ log_action_end_msg $?
+ else
+ log_action_end_msg $?
+ fi
+
+ create_dev_makedev
+
+ # wait for the systemd-udevd childs to finish
+ log_action_begin_msg "Waiting for /dev to be fully populated"
+ if udevadm settle; then
+ log_action_end_msg 0
+ else
+ log_action_end_msg 0 'timeout'
+ fi
+ ;;
+
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ if start-stop-daemon --stop --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then
+ # prevents cryptsetup/dmsetup hangs (see #791944)
+ rm -f $CTRLFILE
+ log_end_msg $?
+ else
+ log_end_msg $?
+ fi
+ ;;
+
+ restart)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ if start-stop-daemon --stop --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then
+ # prevents cryptsetup/dmsetup hangs (see #791944)
+ rm -f $CTRLFILE
+ log_end_msg $?
+ else
+ log_end_msg $? || true
+ fi
+
+ log_daemon_msg "Starting $DESC" "$NAME"
+ if start-stop-daemon --start --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile; then
+ # prevents udevd to be killed by sendsigs (see #791944)
+ mkdir -p $OMITDIR
+ ln -sf $PIDFILE $OMITDIR/$NAME
+ log_end_msg $?
+ else
+ log_end_msg $?
+ fi
+ ;;
+
+ reload|force-reload)
+ udevadm control --reload-rules
+ ;;
+
+ status)
+ status_of_proc $DAEMON $NAME && exit 0 || exit $?
+ ;;
+
+ *)
+ echo "Usage: /etc/init.d/udev {start|stop|restart|reload|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
+
diff --git a/debian/udev.install b/debian/udev.install
new file mode 100644
index 00000000..b0ab649f
--- /dev/null
+++ b/debian/udev.install
@@ -0,0 +1,24 @@
+etc/udev/
+lib/udev/*
+lib/systemd/network/*.link
+lib/systemd/system/systemd-udev*
+lib/systemd/system/systemd-hwdb*
+lib/systemd/system/*.target.wants/systemd-udev*
+lib/systemd/system/*.target.wants/*hwdb*
+lib/systemd/systemd-udevd
+bin/udevadm
+bin/systemd-hwdb
+usr/share/man/man5/udev.conf.5
+usr/share/man/man5/systemd.link.5
+usr/share/man/man7/hwdb.7
+usr/share/man/man7/udev.7
+usr/share/man/man8/systemd-hwdb*
+usr/share/man/man8/systemd-udevd*
+usr/share/man/man8/udevadm.8
+usr/share/bash-completion/completions/udevadm
+usr/share/zsh/vendor-completions/_udevadm
+usr/share/pkgconfig/udev.pc
+../../extra/initramfs-tools usr/share/
+../../extra/rules/*.rules lib/udev/rules.d/
+#../../extra/*.hwdb lib/udev/hwdb.d/
+../../extra/fbdev-blacklist.conf lib/modprobe.d/
diff --git a/debian/udev.links b/debian/udev.links
new file mode 100644
index 00000000..d0ac5ee4
--- /dev/null
+++ b/debian/udev.links
@@ -0,0 +1,2 @@
+/lib/systemd/system/systemd-udevd.service /lib/systemd/system/udev.service
+/bin/udevadm /sbin/udevadm
diff --git a/debian/udev.maintscript b/debian/udev.maintscript
new file mode 100644
index 00000000..da7cfb6f
--- /dev/null
+++ b/debian/udev.maintscript
@@ -0,0 +1,8 @@
+rm_conffile /etc/init.d/udev-finish 226-1~
+rm_conffile /etc/init/udev-finish.conf 226-1~
+rm_conffile /etc/init/udev-fallback-graphics.conf 226-1~
+symlink_to_dir /usr/share/doc/udev libudev1 221-2~
+rm_conffile /etc/modprobe.d/fbdev-blacklist.conf 229-6~
+rm_conffile /etc/init/udev.conf 233-1~
+rm_conffile /etc/init/udevmonitor.conf 233-1~
+rm_conffile /etc/init/udevtrigger.conf 233-1~
diff --git a/debian/udev.postinst b/debian/udev.postinst
new file mode 100644
index 00000000..d18a8de7
--- /dev/null
+++ b/debian/udev.postinst
@@ -0,0 +1,136 @@
+#!/bin/sh -e
+
+chrooted() {
+ if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ];
+ then
+ # the devicenumber/inode pair of / is the same as that of /sbin/init's
+ # root, so we're *not* in a chroot and hence return false.
+ return 1
+ fi
+ echo "A chroot environment has been detected, udev not started."
+ return 0
+}
+
+in_debootstrap() {
+ # debootstrap --second-stage may be run in an emulator instead of a chroot,
+ # we need to check for this special case because start-stop-daemon would
+ # not be available. (#520742)
+ if [ -d /debootstrap/ ]; then
+ echo "Being installed by debootstrap, udev not started."
+ return 0
+ fi
+ return 1
+}
+
+can_start_udevd() {
+ if [ ! -d /sys/class/ ]; then
+ echo "udev requires a mounted sysfs, not started."
+ return 1
+ fi
+ return 0
+}
+
+enable_udev() {
+ can_start_udevd || return 0
+ invoke-rc.d udev start
+}
+
+update_initramfs() {
+ [ -x /usr/sbin/update-initramfs -a -e /etc/initramfs-tools/initramfs.conf ] \
+ || return 0
+ update-initramfs -u
+}
+
+upgrade_fixes() {
+ if dpkg --compare-versions "$2" lt "226-1"; then
+ update-rc.d udev-finish remove
+ fi
+
+ # we enabled net.ifnames in 220-7 by default; don't change iface names in
+ # virtualized envs (where 75-persistent-net-generator.rules didn't work)
+ if dpkg --compare-versions "$2" lt-nl "220-7~" &&
+ [ ! -e /etc/udev/rules.d/70-persistent-net.rules ] &&
+ [ ! -e /etc/udev/rules.d/80-net-setup-link.rules ] &&
+ [ ! -e /etc/systemd/network/99-default.link ] &&
+ [ ! -L /etc/systemd/network/99-default.link ] &&
+ ! grep -q net.ifnames /proc/cmdline && ! chrooted; then
+ mkdir -p /etc/systemd/network
+ cat <<EOF > /etc/systemd/network/99-default.link
+# This machine is most likely a virtualized guest, where the old persistent
+# network interface mechanism (75-persistent-net-generator.rules) did not work.
+# This file disables /lib/systemd/network/99-default.link to avoid
+# changing network interface names on upgrade. Please read
+# /usr/share/doc/udev/README.Debian.gz about how to migrate to the currently
+# supported mechanism.
+EOF
+ fi
+
+ # 226 introduced predictable interface names for virtio
+ # (https://github.com/systemd/systemd/pull/1119); disable for upgrades
+ if dpkg --compare-versions "$2" lt-nl "226-2~" &&
+ [ ! -e /etc/systemd/network/50-virtio-kernel-names.link ] &&
+ ls -d /sys/bus/virtio/drivers/virtio_net/virt* >/dev/null 2>&1; then
+ echo "virtio network devices detected, disabling predictable interface names in /etc/systemd/network/50-virtio-kernel-names.link"
+ mkdir -p /etc/systemd/network/
+ cat <<EOF > /etc/systemd/network/50-virtio-kernel-names.link
+# udev 226 introduced predictable interface names for virtio;
+# disable this for upgrades. You can remove this file if you update your
+# network configuration to move to the ens* names instead.
+# See /usr/share/doc/udev/README.Debian.gz for details about predictable
+# network interface names.
+[Match]
+Driver=virtio_net
+
+[Link]
+NamePolicy=onboard kernel
+EOF
+ fi
+
+ # new Default-Stop (see #791944)
+ if dpkg --compare-versions "$2" lt-nl "239-8"; then
+ update-rc.d -f udev remove
+ fi
+}
+
+update_hwdb() {
+ systemd-hwdb --usr update || true
+}
+
+case "$1" in
+ configure)
+ # update/create hwdb before we (re)start udev
+ update_hwdb
+
+ # Add new system group used by udev rules
+ addgroup --quiet --system input
+
+ # Make /dev/kvm accessible to kvm group
+ addgroup --quiet --system kvm
+
+ if [ -z "$2" ]; then # first install
+ if ! chrooted && ! in_debootstrap; then
+ enable_udev
+ fi
+ else # upgrades
+ upgrade_fixes "$@"
+ if ! chrooted; then
+ if can_start_udevd; then
+ if [ -d /run/systemd/system ] ; then
+ systemctl daemon-reload || true
+ fi
+ invoke-rc.d udev restart
+ fi
+ fi
+ fi
+
+ update_initramfs
+ ;;
+
+ triggered)
+ update_hwdb
+ exit 0
+ ;;
+esac
+
+#DEBHELPER#
+
diff --git a/debian/udev.postrm b/debian/udev.postrm
new file mode 100644
index 00000000..8658f764
--- /dev/null
+++ b/debian/udev.postrm
@@ -0,0 +1,12 @@
+#!/bin/sh -e
+
+case "$1" in
+ purge)
+ rm -f /etc/udev/rules.d/70-persistent-*.rules
+ rmdir --ignore-fail-on-non-empty /etc/udev/rules.d/ 2> /dev/null || true
+ rm -f /lib/udev/hwdb.bin
+ rm -f /var/log/udev
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/udev.preinst b/debian/udev.preinst
new file mode 100644
index 00000000..b24d9da1
--- /dev/null
+++ b/debian/udev.preinst
@@ -0,0 +1,81 @@
+#!/bin/sh -e
+
+# adapted from postinst
+chrooted() {
+ if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ];
+ then
+ return 1
+ fi
+ return 0
+}
+
+check_kernel_features() {
+ # skip the check if udev is not already active
+ [ -d /run/udev/ ] || return 0
+
+ if [ -e /proc/kallsyms ]; then
+
+ local needed_symbols='inotify_init signalfd accept4 open_by_handle_at timerfd_create epoll_create'
+ for symbol in $needed_symbols; do
+ if ! egrep -q "^[a-fA-F0-9]+ T \.?sys_${symbol}$" /proc/kallsyms; then
+ cat <<END
+Since release 198, udev requires support for the following features in
+the running kernel:
+
+- inotify(2) (CONFIG_INOTIFY_USER)
+- signalfd(2) (CONFIG_SIGNALFD)
+- accept4(2)
+- open_by_handle_at(2) (CONFIG_FHANDLE)
+- timerfd_create(2) (CONFIG_TIMERFD)
+- epoll_create(2) (CONFIG_EPOLL)
+END
+ exit 1
+ fi
+ done
+
+ fi
+
+ if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then
+ cat <<END
+Since release 176, udev requires support for the following features in
+the running kernel:
+
+- devtmpfs (CONFIG_DEVTMPFS)
+END
+ exit 1
+ fi
+
+ if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] ||
+ [ -e /sys/block -a ! -e /sys/class/block ]; then
+ cat <<END
+The currently running kernel has the CONFIG_SYSFS_DEPRECATED option
+enabled, which is incompatible with udev.
+END
+ exit 1
+ fi
+}
+
+check_version() {
+ # $2 is non-empty when installing from the "config-files" state
+ [ -n "$2" ] || return 0
+
+ if dpkg --compare-versions $2 lt 204-4; then
+ # these must be checked first to allow aborting before changing anything
+ if chrooted; then
+ echo 'Running in a chroot, skipping the kernel versions checks!'
+ else
+ check_kernel_features
+ # suppress errors when the new rules files contain options not supported by
+ # the old daemon
+ udevadm control --log-priority=0 || true
+ fi
+ fi # 204-4
+}
+
+case "$1" in
+ install|upgrade|abort-upgrade)
+ check_version "$@"
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/udev.prerm b/debian/udev.prerm
new file mode 100644
index 00000000..7eac2866
--- /dev/null
+++ b/debian/udev.prerm
@@ -0,0 +1,30 @@
+#!/bin/sh -e
+
+# adapted from postinst
+chrooted() {
+ if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ];
+ then
+ return 1
+ fi
+ return 0
+}
+
+kill_udevd() {
+ if [ -d /run/systemd/system ]; then
+ systemctl stop systemd-udevd-control.socket systemd-udevd-kernel.socket
+ systemctl stop systemd-udevd.service
+ else
+ invoke-rc.d udev stop
+ fi
+}
+
+case "$1" in
+ remove)
+ if ! chrooted; then
+ kill_udevd
+ fi
+ ;;
+esac
+
+#DEBHELPER#
+
diff --git a/debian/udev.triggers b/debian/udev.triggers
new file mode 100644
index 00000000..7f814f05
--- /dev/null
+++ b/debian/udev.triggers
@@ -0,0 +1 @@
+interest-noawait /lib/udev/hwdb.d
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 00000000..4dd34402
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,3 @@
+version=3
+opts=filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/systemd-$1\.tar\.gz/ \
+ https://github.com/systemd/systemd/tags .*/v?(\d\S*)\.tar\.gz
--
GitLab