diff --git a/debian/apertis/automated-tests b/debian/apertis/automated-tests
new file mode 100644
index 0000000000000000000000000000000000000000..132166b1e187b3743841d04924562e1c76a30e7c
--- /dev/null
+++ b/debian/apertis/automated-tests
@@ -0,0 +1 @@
+boot*
diff --git a/debian/apertis/component b/debian/apertis/component
new file mode 100644
index 0000000000000000000000000000000000000000..eb5a316cbd195d26e3f768c7dd8e1b47299e17f8
--- /dev/null
+++ b/debian/apertis/component
@@ -0,0 +1 @@
+target
diff --git a/debian/apertis/copyright b/debian/apertis/copyright
new file mode 100644
index 0000000000000000000000000000000000000000..028b675ee8bd259f09567fb78870a9f2288c0dae
--- /dev/null
+++ b/debian/apertis/copyright
@@ -0,0 +1,334 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+
+Files: *
+Copyright: 1989, 1991, Free Software Foundation, Inc.
+License: GPL-2 or LGPL-2.1
+
+Files: .ycm_extra_conf.py
+Copyright: interest in the
+License: Unlicense
+
+Files: debian/*
+Copyright: 2010-2013 Tollef Fog Heen <tfheen@debian.org>
+ 2013-2018 Michael Biebl <biebl@debian.org>
+ 2013 Michael Stapelberg <stapelberg@debian.org>
+License: LGPL-2.1+
+
+Files: debian/extra/systemd.py
+ debian/extra/udev.py
+Copyright: 2009, 2014-2016, Canonical Ltd.
+License: LGPL-2.1+
+
+Files: debian/extra/tmpfiles.d/*
+Copyright: 2010-2013 Tollef Fog Heen <tfheen@debian.org>
+ 2013-2018 Michael Biebl <biebl@debian.org>
+ 2013 Michael Stapelberg <stapelberg@debian.org>
+License: GPL-2+
+
+Files: debian/lib.systemd.systemd-logind
+Copyright: 2015-2017, Collabora Ltd.
+License: MPL-2.0
+
+Files: debian/tests/boot-and-services
+ debian/tests/build-login
+ debian/tests/storage
+ debian/tests/systemd-fsckd
+ debian/tests/udev
+ debian/tests/unit-config
+Copyright: 2009, 2014-2016, Canonical Ltd.
+License: LGPL-2.1+
+
+Files: hwdb.d/*
+Copyright: no-info-found
+License: Expat
+
+Files: man/systemd-fsckd.service.xml
+Copyright: 2015, Canonical
+License: LGPL-2.1+
+
+Files: modprobe.d/*
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: network/*
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: presets/*
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: rules.d/*
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: shell-completion/*
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: shell-completion/bash/coredumpctl
+ shell-completion/bash/hostnamectl
+ shell-completion/bash/journalctl
+ shell-completion/bash/localectl
+ shell-completion/bash/loginctl
+ shell-completion/bash/systemd-analyze
+ shell-completion/bash/timedatectl
+ shell-completion/bash/udevadm
+Copyright: 2010, Ran Benita
+License: LGPL-2.1+
+
+Files: src/*
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: src/basic/*
+Copyright: no-info-found
+License: public-domain
+
+Files: src/basic/linux/*
+Copyright: no-info-found
+License: GPL-2+
+
+Files: src/basic/linux/btrfs.h
+Copyright: 2007, Oracle.
+License: GPL-2
+
+Files: src/basic/linux/if.h
+Copyright: UCB 1982-1988
+License: GPL-2+
+
+Files: src/basic/linux/if_arp.h
+Copyright: UCB 1986-1988
+License: GPL-2+
+
+Files: src/basic/linux/if_macsec.h
+Copyright: 2015, Sabrina Dubroca <sd@queasysnail.net>
+License: GPL-2+
+
+Files: src/basic/linux/if_tun.h
+Copyright: 1999, 2000, Maxim Krasnyansky <max_mk@yahoo.com>
+License: GPL-2+
+
+Files: src/basic/sparse-endian.h
+Copyright: 2012, Josh Triplett <josh@joshtriplett.org>
+License: Expat
+
+Files: src/basic/utf8.c
+Copyright: 2000, Red Hat, Inc.
+ 1999, Tom Tromey
+License: LGPL-2+
+
+Files: src/boot/efi/sha256.c
+Copyright: blurb: / 2007-2019, Free Software Foundation, Inc.
+License: LGPL-2.1+
+
+Files: src/fsckd/*
+Copyright: 2015, Canonical
+License: LGPL-2.1+
+
+Files: src/journal/*
+Copyright: 2012, B. Poettering
+License: LGPL-2.1+
+
+Files: src/journal/journald.conf
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: src/journal/lookup3.c
+Copyright: no-info-found
+License: public-domain
+
+Files: src/network/networkd.conf
+ src/network/org.freedesktop.network1.conf
+ src/network/org.freedesktop.network1.policy
+ src/network/org.freedesktop.network1.service
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: src/shared/*
+Copyright: 1995-2004, Miquel van Smoorenburg
+License: LGPL-2+
+
+Files: src/shared/linux/*
+Copyright: 2008, Red Hat, Inc.
+ 2008, Ian Kent <raven@themaw.net>
+License: GPL-2
+
+Files: src/shared/linux/bpf.h
+Copyright: 2011-2014, PLUMgrid, http:plumgrid.com
+License: GPL-2
+
+Files: src/shared/linux/dm-ioctl.h
+Copyright: 2004-2009, Red Hat, Inc.
+ 2001-2003, Sistina Software (UK) Limited.
+License: LGPL
+
+Files: src/shared/linux/nl80211.h
+Copyright: 2018, 2019, Intel Corporation
+ 2015-2017, Intel Deutschland GmbH
+ 2008, Michael Wu <flamingice@sourmilk.net>
+ 2008, Michael Buesch <m@bues.ch>
+ 2008, Luis Carlos Cobo <luisca@cozybit.com>
+ 2008, Jouni Malinen <jouni.malinen@atheros.com>
+ 2008, Colin McCabe <colin@cozybit.com>
+ 2008, 2009, Luis R. Rodriguez <lrodriguez@atheros.com>
+ 2006-2010, Johannes Berg <johannes@sipsolutions.net>
+License: ISC
+
+Files: src/systemd/sd-dhcp-client.h
+ src/systemd/sd-dhcp-lease.h
+ src/systemd/sd-dhcp-option.h
+ src/systemd/sd-dhcp-server.h
+ src/systemd/sd-dhcp6-client.h
+ src/systemd/sd-dhcp6-lease.h
+ src/systemd/sd-ndisc.h
+ src/systemd/sd-radv.h
+Copyright: 2013-2015, 2017, Intel Corporation.
+License: LGPL-2.1+
+
+Files: src/systemd/sd-ipv4acd.h
+ src/systemd/sd-ipv4ll.h
+Copyright: 2014, Axis Communications AB.
+License: LGPL-2.1+
+
+Files: src/test/test-systemd-tmpfiles.py
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: src/udev/mtd_probe/*
+Copyright: 2010, - Maxim Levitsky
+License: GPL-2+
+
+Files: src/udev/scsi_id/scsi.h
+Copyright: IBM Corp. 2003
+License: GPL-2
+
+Files: src/udev/udev-ctrl.c
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: src/udev/udevadm-control.c
+Copyright: no-info-found
+License: GPL-2+
+
+Files: src/udev/v4l_id/*
+Copyright: 2009, Filippo Argiolas <filippo.argiolas@gmail.com>
+License: GPL-2+
+
+Files: src/vconsole/90-vconsole.rules.in
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: sysctl.d/*
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: sysusers.d/*
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: test/fuzz/*
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: test/test-path/*
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: test/units/*
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: tmpfiles.d/*
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: tools/*
+Copyright: 2014, The Chromium OS Authors.
+License: BSD-3-clause
+
+Files: tools/catalog-report.py
+Copyright: no-info-found
+License: Expat
+
+Files: units/*
+Copyright: no-info-found
+License: LGPL-2.1+
+
+Files: .mkosi/* catalog/* catalog/systemd.bg.catalog.in catalog/systemd.fr.catalog.in catalog/systemd.hu.catalog.in catalog/systemd.it.catalog.in catalog/systemd.pt_BR.catalog.in catalog/systemd.zh_CN.catalog.in catalog/systemd.zh_TW.catalog.in docs/* docs/fonts/* hwdb.d/pci.ids man/* man/environment.d.xml man/journal-remote.conf.xml man/networkd.conf.xml man/standard-conf.xml man/systemd-machine-id-commit.service.xml man/tmpfiles.d.xml man/udev.xml shell-completion/bash/systemctl.in src/analyze/* src/basic/gunicode.c src/basic/gunicode.h src/basic/gunicode.c src/basic/gunicode.h src/basic/raw-clone.h src/basic/smack-util.c src/basic/smack-util.h src/basic/smack-util.c src/basic/smack-util.h src/boot/* src/boot/efi/crc32.c src/boot/efi/shim.c src/boot/efi/shim.h src/boot/efi/shim.c src/boot/efi/shim.h src/core/dbus-swap.c src/core/dbus-swap.h src/core/swap.h src/core/dbus-swap.c src/core/dbus-swap.h src/core/swap.h src/core/dbus-swap.c src/core/dbus-swap.h src/core/swap.h src/core/ima-setup.c src/core/ima-setup.h src/core/ima-setup.c src/core/ima-setup.h src/core/killall.c src/core/load-fragment.c src/core/namespace.h src/core/smack-setup.c src/core/smack-setup.h src/core/smack-setup.c src/core/smack-setup.h src/core/triggers.systemd.in src/fsck/* src/import/import-pubring.gpg src/libsystemd-network/* src/libsystemd-network/arp-util.c src/libsystemd-network/arp-util.h src/libsystemd-network/sd-ipv4acd.c src/libsystemd-network/sd-ipv4ll.c src/libsystemd-network/test-ipv4ll.c src/libsystemd-network/arp-util.c src/libsystemd-network/arp-util.h src/libsystemd-network/sd-ipv4acd.c src/libsystemd-network/sd-ipv4ll.c src/libsystemd-network/test-ipv4ll.c src/libsystemd-network/arp-util.c src/libsystemd-network/arp-util.h src/libsystemd-network/sd-ipv4acd.c src/libsystemd-network/sd-ipv4ll.c src/libsystemd-network/test-ipv4ll.c src/libsystemd-network/arp-util.c src/libsystemd-network/arp-util.h src/libsystemd-network/sd-ipv4acd.c src/libsystemd-network/sd-ipv4ll.c src/libsystemd-network/test-ipv4ll.c src/libsystemd-network/arp-util.c src/libsystemd-network/arp-util.h src/libsystemd-network/sd-ipv4acd.c src/libsystemd-network/sd-ipv4ll.c src/libsystemd-network/test-ipv4ll.c src/libsystemd/sd-hwdb/* src/libudev/libudev-queue.c src/network/* src/network/netdev/* src/network/netdev/wireguard.c src/network/networkd-brvlan.c src/network/networkd-brvlan.h src/network/networkd-brvlan.c src/network/networkd-brvlan.h src/network/networkd-conf.c src/network/networkd-conf.h src/network/networkd-conf.c src/network/networkd-conf.h src/network/networkd-nexthop.c src/network/networkd-nexthop.h src/network/networkd-sriov.c src/network/networkd-sriov.h src/network/networkd-nexthop.c src/network/networkd-nexthop.h src/network/networkd-sriov.c src/network/networkd-sriov.h src/network/networkd-nexthop.c src/network/networkd-nexthop.h src/network/networkd-sriov.c src/network/networkd-sriov.h src/network/networkd-nexthop.c src/network/networkd-nexthop.h src/network/networkd-sriov.c src/network/networkd-sriov.h src/network/tc/* src/pstore/pstore.c src/shared/sleep-config.c src/shutdown/* src/sleep/sleep.c src/sulogin-shell/* src/test/* src/test/test-conf-files.c src/test/test-list.c src/test/test-sched-prio.c src/test/test-udev.c src/tty-ask-password-agent/* src/udev/* src/udev/ata_id/* src/vconsole/* test/* test/fuzz/fuzz-dhcp6-client/* test/sd-script.py test/test-exec-deserialization.py test/test-resolve/* test/test-resolve/kyhwana.org.pkts test/test-resolve/org~20200417.pkts test/test-resolve/root.pkts test/test-resolve/vdwaa.nl~20200417.pkts test/test-resolve/zbyszek@fedoraproject.org.pkts test/udev-test.pl tools/chromiumos/gen_autosuspend_rules.py
+Copyright: 2008-2015 Kay Sievers <kay@vrfy.org>
+ 2010-2015 Lennart Poettering
+ 2012-2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+ 2013-2015 Tom Gundersen <teg@jklm.no>
+ 2013-2015 Daniel Mack
+ 2010-2015 Harald Hoyer
+ 2013-2015 David Herrmann
+ 2013, 2014 Thomas H.P. Andersen
+ 2013, 2014 Daniel Buch
+ 2014 Susant Sahani
+ 2009-2015 Intel Corporation
+ 2000, 2005 Red Hat, Inc.
+ 2009 Alan Jenkins <alan-jenkins@tuffmail.co.uk>
+ 2010 ProFUSION embedded systems
+ 2010 Maarten Lankhorst
+ 1995-2004 Miquel van Smoorenburg
+ 1999 Tom Tromey
+ 2011 Michal Schmidt
+ 2012 B. Poettering
+ 2012 Holger Hans Peter Freyther
+ 2012 Dan Walsh
+ 2012 Roberto Sassu
+ 2013 David Strauss
+ 2013 Marius Vollmer
+ 2013 Jan Janssen
+ 2013 Simon Peeters
+License: LGPL-2.1+
+
+Files: src/basic/linux/can/* src/basic/linux/if_bonding.h src/basic/linux/libc-compat.h src/basic/linux/wireguard.h src/shared/linux/ethtool.h
+Copyright: 2004-2009 Red Hat, Inc.
+ 2011-2014 PLUMgrid
+ 2001-2003 Sistina Software (UK) Limited.
+ 2008 Ian Kent <raven@themaw.net>
+ 1998 David S. Miller >davem@redhat.com>
+ 2001 Jeff Garzik <jgarzik@pobox.com>
+ 2006-2010 Johannes Berg <johannes@sipsolutions.net
+ 2008 Michael Wu <flamingice@sourmilk.net>
+ 2008 Luis Carlos Cobo <luisca@cozybit.com>
+ 2008 Michael Buesch <m@bues.ch>
+ 2008, 2009 Luis R. Rodriguez <lrodriguez@atheros.com>
+ 2008 Jouni Malinen <jouni.malinen@atheros.com>
+ 2008 Colin McCabe <colin@cozybit.com>
+ 2018-2019 Intel Corporation
+ 2007 Oracle.
+ 2009 Wolfgang Grandegger <wg@grandegger.com>
+ 1999 Thomas Davis <tadavis@lbl.gov>
+ 2015 Sabrina Dubroca <sd@queasysnail.net>
+ 1999-2000 Maxim Krasnyansky <max_mk@yahoo.com>
+ 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>
+License: GPL-2 with Linux-syscall-note exception
+
+Files: src/udev/scsi_id/* src/udev/scsi_id/scsi_id.c
+Copyright: 2003 IBM Corp.
+License: GPL-2+
+
+Files: src/udev/udev-builtin-blkid.c src/udev/udev-builtin-input_id.c src/udev/udev-builtin-kmod.c src/udev/udev-builtin-usb_id.c src/udev/udev-event.h src/udev/udevadm-test.c src/udev/udev-event.h src/udev/udevadm-test.c src/udev/udevd.c
+Copyright: 2003-2012 Kay Sievers <kay@vrfy.org>
+ 2003-2004 Greg Kroah-Hartman <greg@kroah.com>
+ 2004 Chris Friesen <chris_friesen@sympatico.ca>
+ 2004, 2009, 2010 David Zeuthen <david@fubar.dk>
+ 2005, 2006 SUSE Linux Products GmbH
+ 2003 IBM Corp.
+ 2007 Hannes Reinecke <hare@suse.de>
+ 2009 Canonical Ltd.
+ 2009 Scott James Remnant <scott@netsplit.com>
+ 2009 Martin Pitt <martin.pitt@ubuntu.com>
+ 2009 Piter Punk <piterpunk@slackware.com>
+ 2009, 2010 Lennart Poettering
+ 2009 Filippo Argiolas <filippo.argiolas@gmail.com>
+ 2010 Maxim Levitsky
+ 2011 ProFUSION embedded systems
+ 2011 Karel Zak <kzak@redhat.com>
+ 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+ 2014 David Herrmann <dh.herrmann@gmail.com>
+ 2014 Carlos Garnacho <carlosg@gnome.org>
+License: GPL-2+
diff --git a/debian/changelog b/debian/changelog
index f19ad7aeeece1d19adb57f7208910548023fb8f4..5e19c799ed4e5f93a40f2e3e96331e3afad740a4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1220,6 +1220,89 @@ systemd (247.9-1) unstable; urgency=medium
-- Michael Biebl <biebl@debian.org> Sun, 15 Aug 2021 21:10:56 +0200
+systemd (247.3-7+apertis2) apertis; urgency=medium
+
+ [ Dylan Aïssi ]
+ * Refresh the automatically detected licensing information
+
+ [ Walter Lozano ]
+ * Enable tests on MR
+
+ -- Walter Lozano <walter.lozano@collabora.com> Sat, 21 Jan 2023 08:44:24 -0300
+
+systemd (247.3-7+apertis1) apertis; urgency=medium
+
+ * Merge from Debian Bullseye. Remaining changes:
+ - Fix bashisms in various scripts
+ - Add systemd-boot package
+ - AppArmor: Add systemd-logind profile
+ - Don’t build against libdw, since 0.158 isn’t available in target.
+ - Add /usr to non-unmountable list.
+ - Fix debian/control syntax.
+ - Switch to OpenSSL, drop systemd-journal-remote and its dependency on
+ libmicrohttpd-dev
+ - Fix syntax in kernel-install.
+ - Remove bashisms from the entry directory plugin
+ - Fix bashisms in kernel-install scripts.
+ - kernel-install: allow to create $BOOT/$MACHINE_ID.
+ - Fix kernel-install call from update-initramfs.
+ - 85-initrd: fix the args number
+ - Refresh patch for UEFI entries generator.
+ - Fix the path to bootable binaries in efi entry.
+ - Fix access to run/systemd/notify for systemd-logind in apparmor rule
+ - Fix compilation on kernel 5.14+
+ - Remove '-execdir +' usage for compatibility with rust-findutils
+ - Fix issue with journald and /var at shutdown
+ - meson: change operator combining bools from + to and
+ - meson: do not fail if rsync is not installed with meson 0.57.2
+ * Move debian/patches/meson*.patch to debian/patches/apertis/
+
+ -- Dylan Aïssi <dylan.aissi@collabora.com> Tue, 10 May 2022 18:04:34 +0200
+
+systemd (247.3-6+apertis4) apertis; urgency=medium
+
+ * meson: change operator combining bools from + to and
+ * meson: do not fail if rsync is not installed with meson 0.57.2
+
+ -- Vignesh Raman <vignesh.raman@collabora.com> Fri, 25 Mar 2022 16:14:40 +0530
+
+systemd (247.3-6+apertis3) apertis; urgency=medium
+
+ * systemd-journal-flush: Add a requirement on var.mount
+
+ -- Detlev Casanova <detlevi.casanova@collabora.com> Wed, 26 Jan 2022 15:53:23 -0500
+
+systemd (247.3-6+apertis2) apertis; urgency=medium
+
+ * d/p/basic-linux-Sync-if_arp.h-with-Linux-5.14.patch:
+ Fix compilation on kernel 5.14+
+ * Remove '-execdir +' usage for compatibility with rust-findutils
+
+ -- Ryan Gonzalez <ryan.gonzalez@collabora.com> Thu, 13 Jan 2022 15:27:00 -0600
+
+systemd (247.3-6+apertis1) apertis; urgency=medium
+
+ * Merge from Debian Bullseye. Remaining changes:
+ * Fix bashisms in various scripts
+ * Add systemd-boot package
+ * AppArmor: Add systemd-logind profile
+ * Don’t build against libdw, since 0.158 isn’t available in target.
+ * Add /usr to non-unmountable list.
+ * Fix debian/control syntax.
+ * Switch to OpenSSL, drop systemd-journal-remote and its dependency on
+ libmicrohttpd-dev
+ * Fix syntax in kernel-install.
+ * Remove bashisms from the entry directory plugin
+ * Fix bashisms in kernel-install scripts.
+ * kernel-install: allow to create $BOOT/$MACHINE_ID.
+ * Fix kernel-install call from update-initramfs.
+ * 85-initrd: fix the args number
+ * Refresh patch for UEFI entries generator.
+ * Fix the path to bootable binaries in efi entry.
+ * Fix access to run/systemd/notify for systemd-logind in apparmor rule
+
+ -- Ariel D'Alessandro <ariel.dalessandro@collabora.com> Mon, 16 Aug 2021 21:15:04 -0300
+
systemd (247.3-6) unstable; urgency=high
* Non-maintainer upload (acked by maintainers)
@@ -1288,6 +1371,82 @@ systemd (247.3-2) unstable; urgency=medium
-- Michael Biebl <biebl@debian.org> Sat, 06 Mar 2021 22:32:14 +0100
+systemd (247.3-1apertis5) apertis; urgency=medium
+
+ * Fix access to run/systemd/notify for systemd-logind in apparmor rule
+
+ -- Frédéric Danis <frederic.danis@collabora.com> Mon, 14 Jun 2021 15:06:35 +0200
+
+systemd (247.3-1apertis4) apertis; urgency=medium
+
+ * Fix bashisms in kernel-install scripts.
+ Remove negotiation from `-z` to test for non-emptiness instead of
+ previously added version reversing those tests logic.
+ * kernel-install: allow to create $BOOT/$MACHINE_ID.
+ Commit [cf73f650890](https://github.com/systemd/systemd/commit/cf73f650890)
+ provides script `00-entry-directory.install` which creates the entry
+ directory only if `$BOOT/$MACHINE_ID` folder exists.
+ This part was moved out of `kernel-install` script and may introduce
+ the problem during upgrade since before Apertis v2022dev2 we do kernel
+ install with `$MACHINE_ID` generated in a build time. Later we remove
+ `/etc/machine-id` file allowing to generate an unique machine ID during
+ first boot, so there will be no directory `$BOOT/$MACHINE_ID` with a new
+ ID preventing from new entry generation during kernel upgrade in runtime.
+ Hence remove the part checking the `$BOOT/$MACHINE_ID` existence and
+ allow to create the proper entry in any case, returning the previous
+ `kernel-install` behaviour.
+ * Fix kernel-install call from update-initramfs.
+ Fix parameters assignment in `kernel-install` while calling
+ from `update-initramfs` or any package update except kernel.
+ * 85-initrd: fix the args number
+ `kernel-install` pass 5 args to modules anyway, so empty argument
+ do not allow to install the initrd file into boot entry directory.
+ Since we do not pass the initrd name via options module
+ `90-loaderentry.install` also skip the initrd copying and setup.
+ * Refresh patch for UEFI entries generator.
+ Update names for entry directories variables and fix options count.
+ * Fix the path to bootable binaries in efi entry
+ `stat` doesn't work well inside of the systemd-nspawn container
+ created by Debos returning "?" instead of mountpoint.
+ Fall back to the provided directory, since we have separate
+ partition for "/boot/efi".
+ This change allow to use correct paths for kernel and initrd
+ for entry generation.
+
+ -- Denis Pynkin <denis.pynkin@collabora.com> Mon, 03 May 2021 23:16:58 +0000
+
+systemd (247.3-1apertis3) apertis; urgency=medium
+
+ * Fix syntax in kernel-install.
+ Fixed syntax of kernel-install script introduced during
+ the merge with newer version from bullseye.
+ * Remove bashisms from the entry directory plugin
+ - Use [ not [[ and -n to test for non-emptiness
+
+ -- Denis Pynkin <denis.pynkin@collabora.com> Mon, 26 Apr 2021 23:21:30 +0300
+
+systemd (247.3-1apertis2) apertis; urgency=medium
+
+ [ Sjoerd Simons ]
+ * Fix debian/control syntax.
+
+ [ Walter Lozano ]
+ * Switch to OpenSSL, drop systemd-journal-remote and its dependency on
+ libmicrohttpd-dev
+
+ -- Emanuele Aina <emanuele.aina@collabora.com> Wed, 24 Mar 2021 10:11:04 +0000
+
+systemd (247.3-1apertis1) apertis; urgency=medium
+
+ * Merge from Debian Bullseye. Remaining changes:
+ + Fix bashisms in various scripts
+ + Add systemd-boot package
+ + AppArmor: Add systemd-logind profile
+ + Don’t build against libdw, since 0.158 isn’t available in target.
+ * Add /usr to non-unmountable list.
+
+ -- Sjoerd Simons <sjoerd@collabora.com> Tue, 16 Mar 2021 21:06:54 +0100
+
systemd (247.3-1) unstable; urgency=medium
[ Michael Biebl ]
@@ -2291,6 +2450,155 @@ systemd (242-1) experimental; urgency=medium
-- Michael Biebl <biebl@debian.org> Wed, 08 May 2019 01:33:56 +0200
+systemd (241-7~deb10u6co2) apertis; urgency=medium
+
+ * Add /usr to non-unmountable list.
+ For Apertis we don't support `/usr` being a seperate partition, the only time
+ `/usr` is on a mountpoint is when using ostree images (where it is a bind mount
+ and which use a merged-usr layout). So also add `/usr` to the list of paths that
+ are considered unmountable even with split-usr support enabled in systemd.
+
+ -- Denis Pynkin <denis.pynkin@collabora.com> Wed, 10 Mar 2021 02:09:16 +0300
+
+systemd (241-7~deb10u6co1) apertis; urgency=medium
+
+ [ Ritesh Raj Sarraf ]
+ * Merge changes from Debian Buster. Remaining changes:
+ + Fix syntax error in shell script
+ + Fix new bashisms introduced on update.
+ + AppArmor: Fix conflict with chaiwala-apparmor-profiles
+ + AppArmor: Add systemd-logind profile
+ + Don’t build against libdw, since 0.158 isn’t available in target.
+ + Drop patch apertis/0101-basic-cap-list-parse-print-numerical-capabilities.patch
+ + Drop patch apertis/0102-basic-capability-util-let-cap_last_cap-return-unsign.patch
+ + Drop patch apertis/0103-basic-cap-list-reduce-scope-of-variables.patch
+
+ [ Denis Pynkin ]
+ * Force the call of systemd-journal-flush before `/var` unmount.
+ The problem with failed `/var` unmount placed on separate partition
+ have a long story: https://github.com/systemd/systemd/issues/867
+ According messages after the fix integrated into upstream -- there are
+ some corner cases which aren't fully fixed by patches adding [relinquish
+ options](https://gitlab.apertis.org/pkg/systemd/-/merge_requests/26)
+ In case of ostree-based images we have a similar issue since `/var` is
+ bind-mounted in initramfs. Systemd is trying to unmount `/var` on
+ shutdown, however `ExecStop=` command from `systemd-journal-flush`
+ service is not executed during shutdown.
+ By adding `PartOf=var.mount` into service file we force the
+ `systemd-journal-flush.service` to be called prior the `/var` unmount.
+ This allow to unlock the bind-mount, since `journald` have a chance to
+ re-link it's journal into `/run` with `journalctl
+ --smart-relinquish-var` call.
+ * Handle new capabilities gracefully (PR 16424)
+ Backported PR 16424 to avoid message
+ 'Failed to parse bus message: Invalid argument'
+ with an updated kernel using new capabilities.
+
+ [ Frédéric Danis ]
+ * systemd-boot: backport fix of menu ordering with boot counting
+ systemd-boot selects the last valid entry by default, not the first, which
+ prevent correct rollback.
+
+ [ Martyn Welch ]
+ * journald: Backport support for --relinquish and --smart-relinquish options.
+ Newer version of systemd-journald support the --relinquish and
+ --smart-relinquish options that enable cleaner handling of mounts at
+ shutdown as journald can be told to close any logging under
+ /var/log/journal so that the /var filesystem can be unmounted should it be
+ on a separate partition.
+ Backport this feature as it enables shutdown without failures, a highly
+ desirable trait in embedded products using systemd.
+
+ -- Ritesh Raj Sarraf <ritesh.sarraf@collabora.com> Tue, 09 Mar 2021 15:58:45 +0530
+
+systemd (241-7~deb10u4co5) apertis; urgency=medium
+
+ * Force the call of systemd-journal-flush before `/var` unmount.
+ The problem with failed `/var` unmount placed on separate partition
+ have a long story: https://github.com/systemd/systemd/issues/867
+ According messages after the fix integrated into upstream -- there are
+ some corner cases which aren't fully fixed by patches adding [relinquish
+ options](https://gitlab.apertis.org/pkg/systemd/-/merge_requests/26)
+ In case of ostree-based images we have a similar issue since `/var` is
+ bind-mounted in initramfs. Systemd is trying to unmount `/var` on
+ shutdown, however `ExecStop=` command from `systemd-journal-flush`
+ service is not executed during shutdown.
+ By adding `PartOf=var.mount` into service file we force the
+ `systemd-journal-flush.service` to be called prior the `/var` unmount.
+ This allow to unlock the bind-mount, since `journald` have a chance to
+ re-link it's journal into `/run` with `journalctl
+ --smart-relinquish-var` call.
+
+ -- Denis Pynkin <denis.pynkin@collabora.com> Tue, 17 Nov 2020 23:54:02 +0300
+
+systemd (241-7~deb10u4co4) apertis; urgency=medium
+
+ * Handle new capabilities gracefully (PR 16424)
+ Backported PR 16424 to avoid message
+ 'Failed to parse bus message: Invalid argument'
+ with an updated kernel using new capabilities.
+
+ -- Denis Pynkin <denis.pynkin@collabora.com> Sun, 01 Nov 2020 17:54:06 +0300
+
+systemd (241-7~deb10u4co3) apertis; urgency=medium
+
+ * systemd-boot: backport fix of menu ordering with boot counting
+ systemd-boot selects the last valid entry by default, not the first, which
+ prevent correct rollback.
+
+ -- Frédéric Danis <frederic.danis@collabora.com> Wed, 23 Sep 2020 17:32:23 +0200
+
+systemd (241-7~deb10u4co2) apertis; urgency=medium
+
+ * journald: Backport support for --relinquish and --smart-relinquish options.
+ Newer version of systemd-journald support the --relinquish and
+ --smart-relinquish options that enable cleaner handling of mounts at
+ shutdown as journald can be told to close any logging under
+ /var/log/journal so that the /var filesystem can be unmounted should it be
+ on a separate partition.
+ Backport this feature as it enables shutdown without failures, a highly
+ desirable trait in embedded products using systemd.
+
+ -- Martyn Welch <martyn@hades.welchs.me.uk> Fri, 21 Aug 2020 14:16:45 +0100
+
+systemd (241-7~deb10u4co1) apertis; urgency=medium
+
+ * Merge changes from Debian Buster. Remaining changes:
+ + Fix syntax error in shell script
+ + Fix new bashisms introduced on update.
+ + AppArmor: Fix conflict with chaiwala-apparmor-profiles
+ + AppArmor: Add systemd-logind profile
+ + Don’t build against libdw, since 0.158 isn’t available in target.
+
+ -- Ritesh Raj Sarraf <ritesh.sarraf@collabora.com> Tue, 26 May 2020 11:41:53 +0000
+
+systemd (241-7~deb10u1co4) apertis; urgency=medium
+
+ * AppArmor: Fix conflict with chaiwala-apparmor-profiles
+
+ -- Frédéric Danis <frederic.danis@collabora.com> Thu, 19 Dec 2019 11:15:14 +0100
+
+systemd (241-7~deb10u1co3) apertis; urgency=medium
+
+ * AppArmor: Add systemd-logind profile
+
+ -- Frédéric Danis <frederic.danis@collabora.com> Mon, 16 Dec 2019 11:35:22 +0100
+
+systemd (241-7~deb10u1co2) apertis; urgency=medium
+
+ * Don’t build against libdw, since 0.158 isn’t available in target.
+
+ -- Andrej Shadura <andrewsh@debian.org> Thu, 12 Sep 2019 12:50:38 +0200
+
+systemd (241-7~deb10u1co1) apertis; urgency=medium
+
+ * Merge from Debian. Remaining changes:
+ + Sync changes from Debian Buster
+ + Fix syntax error in shell script
+ + Fix new bashisms introduced on update.
+
+ -- Andrej Shadura <andrewsh@debian.org> Thu, 12 Sep 2019 12:00:35 +0200
+
systemd (241-7) unstable; urgency=medium
[ Michael Biebl ]
@@ -2327,6 +2635,26 @@ systemd (241-6) unstable; urgency=medium
-- Michael Biebl <biebl@debian.org> Mon, 08 Jul 2019 11:27:51 +0200
+systemd (241-5co3) apertis; urgency=medium
+
+ * Fix new bashisms introduced on update.
+
+ -- Frederic Dalleau <frederic.dalleau@collabora.com> Thu, 15 Aug 2019 15:47:38 +0000
+
+systemd (241-5co2) apertis; urgency=medium
+
+ * Fix syntax error in shell script
+
+ -- Ritesh Raj Sarraf <ritesh.sarraf@collabora.com> Mon, 12 Aug 2019 20:34:33 +0530
+
+systemd (241-5co1) apertis; urgency=medium
+
+ [ Ritesh Raj Sarraf ]
+ * Refresh patches
+ * Sync changes from Debian Buster
+
+ -- Ritesh Raj Sarraf <ritesh.sarraf@collabora.com> Thu, 08 Aug 2019 04:20:28 +0000
+
systemd (241-5) unstable; urgency=medium
* Revert "Add check to switch VTs only between K_XLATE or K_UNICODE"
@@ -2513,6 +2841,36 @@ systemd (240-6) unstable; urgency=high
-- Martin Pitt <mpitt@debian.org> Mon, 18 Feb 2019 13:54:04 +0000
+systemd (240-5co3) apertis; urgency=medium
+
+ * d/patches/disable-failing-tests.patch
+ - Disable tests failing in Bosch's build environment (APERTIS-6048)
+ - test-netlink, test-stat-util
+
+ -- Ritesh Raj Sarraf <ritesh.sarraf@collabora.com> Tue, 21 May 2019 09:43:06 +0530
+
+systemd (240-5co2) apertis; urgency=medium
+
+ * Uncomment code for initramfs compatibility.
+ Forgot to uncomment this code by occasion.
+
+ -- Denis Pynkin <denis.pynkin@collabora.com> Thu, 14 Feb 2019 13:58:11 +0000
+
+systemd (240-5co1) apertis; urgency=medium
+
+ * Add patches removing bashisms from kernel-install.
+ Adapt kernel-install and parts for /bin/sh.
+ * Call `kernel-install` on kernel install and remove.
+ Set appropriate symlinks for kernel-install script to copy the kernel
+ and initramfs to EFI partition with generation of EFI loader entry
+ during kernel package install anr remove them on deinstallation.
+ * Add systemd-boot binary package.
+ Move all stuff related to EFI boot into separate package.
+ * Call `kernel-install` on changes in initramfs.
+ Allow to update the EFI loader entry on changes in initramfs.
+
+ -- Denis Pynkin <denis.pynkin@collabora.com> Wed, 13 Feb 2019 16:43:19 +0000
+
systemd (240-5) unstable; urgency=medium
[ Felipe Sateler ]
diff --git a/debian/control b/debian/control
index 11cc64dc286ae385f6537ffd9549a36b613e5496..491dc8ceffdc2399d6a79e526c1e8ff414fd60ce 100644
--- a/debian/control
+++ b/debian/control
@@ -43,7 +43,7 @@ Build-Depends: debhelper-compat (= 13),
libbz2-dev <!stage1>,
zlib1g-dev <!stage1> | libz-dev <!stage1>,
libcurl4-openssl-dev <!stage1>,
- libmicrohttpd-dev <!stage1>,
+ libssl-dev <!stage1>,
libpcre2-dev <!stage1>,
libgcrypt20-dev,
libkmod-dev (>= 15),
@@ -51,7 +51,7 @@ Build-Depends: debhelper-compat (= 13),
libmount-dev (>= 2.30),
libfdisk-dev (>= 2.33),
libseccomp-dev (>= 2.3.1) [amd64 arm64 armel armhf i386 mips mipsel mips64 mips64el x32 powerpc ppc64 ppc64el riscv64 s390x],
- libdw-dev (>= 0.158) <!stage1>,
+# libdw-dev (>= 0.158) <!stage1>,
libpolkit-gobject-1-dev <!stage1>,
libzstd-dev (>= 1.4.0),
libtss2-dev <!stage1>,
diff --git a/debian/extra/initramfs-tools/hooks/udev b/debian/extra/initramfs-tools/hooks/udev
index d7f26c42dd1531c3cf05e8b707847ba875f06573..b624e5f6164e8e3f1b7e75b4d4d1ff55f5458261 100755
--- a/debian/extra/initramfs-tools/hooks/udev
+++ b/debian/extra/initramfs-tools/hooks/udev
@@ -22,9 +22,9 @@ cp -p /etc/udev/udev.conf "$DESTDIR/etc/udev/"
# copy .link files containing interface naming definitions
mkdir -p "$DESTDIR/lib/systemd/network/"
-find -L /lib/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' +
+find -L /lib/systemd/network -name '*.link' -print0 | xargs -0r cp -pt "$DESTDIR/lib/systemd/network/"
if [ -d /etc/systemd/network ]; then
- find -L /etc/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' +
+ find -L /etc/systemd/network -name '*.link' -print0 | xargs -0r cp -pt "$DESTDIR/lib/systemd/network/"
fi
mkdir -p "$DESTDIR/lib/udev/rules.d/"
diff --git a/debian/extra/kernel-install.d/85-initrd.install b/debian/extra/kernel-install.d/85-initrd.install
index ecbed87a44ae79242424ac6147f6587ecf66e889..419df727274f2df5b532d650ab847b4357c02023 100755
--- a/debian/extra/kernel-install.d/85-initrd.install
+++ b/debian/extra/kernel-install.d/85-initrd.install
@@ -10,7 +10,7 @@ INITRD_SRC="/boot/initrd.img-$KERNEL_VERSION"
[ "$COMMAND" = add ] || exit 0
-if [ "$#" -ge 5 ]; then
+if [ "$#" -gt 5 ]; then
# Explicit initrd paths were passed, fall through to default 90-loaderentry.install handling;
# we'd be either injecting an unwanted image or, worse, overriding a user-provided one
exit 0
diff --git a/debian/extra/zz_kernel-install b/debian/extra/zz_kernel-install
new file mode 100755
index 0000000000000000000000000000000000000000..1bb9e00826ddcc50c992604b42fb513325841095
--- /dev/null
+++ b/debian/extra/zz_kernel-install
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+case "$DPKG_MAINTSCRIPT_PACKAGE" in
+ linux-image-*)
+ exit 0
+ ;;
+ *)
+ kernel-install add "$1"
+ ;;
+esac
diff --git a/debian/lib.systemd.systemd-logind b/debian/lib.systemd.systemd-logind
new file mode 100644
index 0000000000000000000000000000000000000000..4c59a663b34cf934ab2273788b69f2d63357d5a4
--- /dev/null
+++ b/debian/lib.systemd.systemd-logind
@@ -0,0 +1,66 @@
+# vim:syntax=apparmor
+#
+# Copyright (C) 2015-2017 Collabora Ltd.
+#
+# SPDX-License-Identifier: MPL-2.0
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# This profile is fairly permissive: systemd-logind is very much a trusted
+# process anyway (it has CAP_MAC_ADMIN and CAP_SYS_ADMIN) so there's
+# little point in trying to restrict it extensively: it's mainly here so
+# we can identify logind as a D-Bus peer in other profiles.
+#
+# We put it in enforcing mode so that we have a consistent story (saying
+# everything is enforcing is simpler than listing exceptions), and
+# it could potentially also mitigate attacks in which logind could be
+# tricked into reading and trusting files that it shouldn't.
+
+#include <tunables/global>
+
+/lib/systemd/systemd-logind flags=(attach_disconnected) {
+ #include <abstractions/base>
+ #include <abstractions/dbus-strict>
+ #include <abstractions/nameservice>
+
+ capability sys_admin,
+ capability mac_admin,
+ capability audit_control,
+ capability chown,
+ capability kill,
+ capability dac_read_search,
+ capability dac_override,
+ capability fowner,
+ capability sys_tty_config,
+
+ /lib/systemd/systemd-logind mr,
+
+ dbus bind bus=system name=org.freedesktop.login1,
+ dbus (send, receive) bus=system,
+
+ network netlink,
+
+ mount fstype=tmpfs -> /run/user/*/,
+
+ /dev/dri/* rw,
+ /dev/input/* rw,
+ /dev/tty* rw,
+ /etc/systemd/** r,
+ /etc/udev/** r,
+ /proc/** r,
+ /run/systemd/notify w,
+ /run/systemd/seats/{,*} rw,
+ /run/systemd/sessions/{,*} rw,
+ /run/systemd/users/{,*} rw,
+ /run/systemd/inhibit/{,*} rw,
+ /run/nologin rw,
+ "/run/.#nologin*" rw,
+ /run/utmp rwk,
+ /run/systemd/shutdown/scheduled rw,
+ "/run/systemd/shutdown/.#scheduled*" rw,
+ /run/udev/** r,
+ /run/user/*/ w,
+ /var/lib/systemd/linger/{,**} r,
+ /sys/** r,
+}
diff --git a/debian/patches/apertis/Add-usr-to-non-unmountable-list.patch b/debian/patches/apertis/Add-usr-to-non-unmountable-list.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bed74c151ef770e0eef810101289a3947aa2d7de
--- /dev/null
+++ b/debian/patches/apertis/Add-usr-to-non-unmountable-list.patch
@@ -0,0 +1,38 @@
+From: Denis Pynkin <denis.pynkin@collabora.com>
+Date: Wed, 10 Mar 2021 01:58:37 +0300
+Subject: [PATCH] Add /usr to non-unmountable list
+
+Debians systemd has split-usr enabled as both Debian and in principle Apertis
+support both a split and a merged-usr setup. This mostly adds search paths to
+system (e.g. to look at both `/bin/` and `/usr/bin`) however it also means that
+if `/usr` is a mountpoint system will try to unmount it. Unfortunately this causes
+issues at shutdown for systems with a merged-usr layout as basic libraries (e.g. libc)
+are located in `/usr` making it impossible to unmount.
+
+For Apertis we don't support `/usr` being a seperate partition, the only time
+`/usr` is on a mountpoint is when using ostree images (where it is a bind mount
+and which use a merged-usr layout). So also add `/usr` to the list of paths that
+are considered unmountable even with split-usr support enabled in systemd.
+
+Adding `/usr` to the non-unmountable list allows to avoid problems with
+unmounting it for Apertis images.
+
+Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
+---
+ src/shutdown/umount.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c
+index 3a72a13..970c055 100644
+--- a/src/shutdown/umount.c
++++ b/src/shutdown/umount.c
+@@ -500,9 +500,7 @@ static int delete_md(MountPoint *m) {
+
+ static bool nonunmountable_path(const char *path) {
+ return path_equal(path, "/")
+-#if ! HAVE_SPLIT_USR
+ || path_equal(path, "/usr")
+-#endif
+ || path_startswith(path, "/run/initramfs");
+ }
+
diff --git a/debian/patches/apertis/Fix-the-path-to-bootable-binaries-in-efi-entry.patch b/debian/patches/apertis/Fix-the-path-to-bootable-binaries-in-efi-entry.patch
new file mode 100644
index 0000000000000000000000000000000000000000..d83378efcd3a9bda7ad377158ecd388db4efe140
--- /dev/null
+++ b/debian/patches/apertis/Fix-the-path-to-bootable-binaries-in-efi-entry.patch
@@ -0,0 +1,36 @@
+From eddc14ee54896149a9b6293255352185669abcd6 Mon Sep 17 00:00:00 2001
+From: Denis Pynkin <denis.pynkin@collabora.com>
+Date: Mon, 3 May 2021 23:04:26 +0000
+Subject: Fix the path to bootable binaries in efi entry
+
+`stat` doesn't work well due `coreutils-gplv2`
+created by Debos returning "?" instead of mount point.
+Fall back to the provided directory, since we have separate
+partition for "/boot/efi".
+This change allow to use correct paths for kernel and initrd
+for entry generation.
+
+Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
+---
+ src/kernel-install/90-loaderentry.install | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
+index 0c73007..c61bf2b 100644
+--- a/src/kernel-install/90-loaderentry.install
++++ b/src/kernel-install/90-loaderentry.install
+@@ -20,6 +20,11 @@ MACHINE_ID=$KERNEL_INSTALL_MACHINE_ID
+
+ BOOT_ROOT=${ENTRY_DIR_ABS%/$MACHINE_ID/$KERNEL_VERSION}
+ BOOT_MNT=$(stat -c %m $BOOT_ROOT)
++# stat doesn't work well due `coreutils-gplv2`
++# returning "?" instead of mount point.
++# Fall back to the provided directory, since we have separate
++# partition for "/boot/efi"
++mountpoint "$BOOT_MNT" || BOOT_MNT="$BOOT_ROOT"
+ ENTRY_DIR=${ENTRY_DIR_ABS#$BOOT_MNT}
+
+ if [ $COMMAND = "remove" ]; then
+--
+2.20.1
+
diff --git a/debian/patches/apertis/Remove-bashisms-from-the-UEFI-entries-generator.patch b/debian/patches/apertis/Remove-bashisms-from-the-UEFI-entries-generator.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ae4228902a2cc6eaabc383fabcf395d96acc3be2
--- /dev/null
+++ b/debian/patches/apertis/Remove-bashisms-from-the-UEFI-entries-generator.patch
@@ -0,0 +1,161 @@
+From 48877ecd94ff71c03e3d880601fb0ba067f11a35 Mon Sep 17 00:00:00 2001
+From: Denis Pynkin <denis.pynkin@collabora.com>
+Date: Mon, 3 May 2021 02:28:43 +0300
+Subject: Remove bashisms from the UEFI entries generator
+
+- Use [ not [[ and -z to test for non-emptiness
+- Use shell lists instead of arrays
+
+Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
+Signed-off-by: Frederic Dalleau <frederic.dalleau@collabora.com>
+---
+ src/kernel-install/90-loaderentry.install | 75 +++++++++++++----------
+ 1 file changed, 42 insertions(+), 33 deletions(-)
+
+diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install
+index d096745..12d7b6e 100644
+--- a/src/kernel-install/90-loaderentry.install
++++ b/src/kernel-install/90-loaderentry.install
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env bash
++#!/bin/sh
+ # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+ # ex: ts=8 sw=4 sts=4 et filetype=sh
+
+@@ -8,11 +8,11 @@ ENTRY_DIR_ABS="$3"
+ KERNEL_IMAGE="$4"
+ INITRD_OPTIONS_START="5"
+
+-if ! [[ $KERNEL_INSTALL_MACHINE_ID ]]; then
++if [ -z "$KERNEL_INSTALL_MACHINE_ID" ]; then
+ exit 0
+ fi
+
+-if ! [[ -d "$ENTRY_DIR_ABS" ]]; then
++if ! [ -d "$ENTRY_DIR_ABS" ]; then
+ exit 0
+ fi
+
+@@ -22,48 +22,47 @@ BOOT_ROOT=${ENTRY_DIR_ABS%/$MACHINE_ID/$KERNEL_VERSION}
+ BOOT_MNT=$(stat -c %m $BOOT_ROOT)
+ ENTRY_DIR=${ENTRY_DIR_ABS#$BOOT_MNT}
+
+-if [[ $COMMAND == remove ]]; then
++if [ $COMMAND = "remove" ]; then
+ rm -f "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf"
+ rm -f "$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION+"*".conf"
+ exit 0
+ fi
+
+-if ! [[ $COMMAND == add ]]; then
++if ! [ $COMMAND = "add" ]; then
+ exit 1
+ fi
+
+-if ! [[ $KERNEL_IMAGE ]]; then
++if [ -z "$KERNEL_IMAGE" ]; then
+ exit 1
+ fi
+
+-if [[ -f /etc/os-release ]]; then
++if [ -f /etc/os-release ]; then
+ . /etc/os-release
+-elif [[ -f /usr/lib/os-release ]]; then
++elif [ -f /usr/lib/os-release ]; then
+ . /usr/lib/os-release
+ fi
+
+-if ! [[ $PRETTY_NAME ]]; then
++if [ -z "$PRETTY_NAME" ]; then
+ PRETTY_NAME="Linux $KERNEL_VERSION"
+ fi
+
+-if [[ -f /etc/kernel/cmdline ]]; then
+- read -r -d '' -a BOOT_OPTIONS < /etc/kernel/cmdline
+-elif [[ -f /usr/lib/kernel/cmdline ]]; then
+- read -r -d '' -a BOOT_OPTIONS < /usr/lib/kernel/cmdline
+-else
+- declare -a BOOT_OPTIONS
+-
+- read -r -d '' -a line < /proc/cmdline
+- for i in "${line[@]}"; do
+- [[ "${i#initrd=*}" != "$i" ]] && continue
+- [[ "${i#BOOT_IMAGE=*}" != "$i" ]] && continue
+- BOOT_OPTIONS+=("$i")
+- done
++if [ -f /etc/kernel/cmdline ]; then
++ read -r BOOT_OPTIONS < /etc/kernel/cmdline
++elif [ -f /usr/lib/kernel/cmdline ]; then
++ read -r BOOT_OPTIONS < /usr/lib/kernel/cmdline
++elif [ -f "/proc/cmdline" ]; then
++ BOOT_OPTIONS=$(
++ cat /proc/cmdline | tr ' ' '\n' | \
++ while read -r i; do
++ [ "${i#initrd=*}" != "$i" ] && continue
++ echo -n " $i"
++ done
++ )
+ fi
+
+-if [[ -f /etc/kernel/tries ]]; then
++if [ -f /etc/kernel/tries ]; then
+ read -r TRIES </etc/kernel/tries
+- if ! [[ "$TRIES" =~ ^[0-9]+$ ]] ; then
++ if [ -z "${TRIES##*[!0-9]*}" ] ; then
+ echo "/etc/kernel/tries does not contain an integer." >&2
+ exit 1
+ fi
+@@ -79,11 +78,20 @@ cp "$KERNEL_IMAGE" "$ENTRY_DIR_ABS/linux" &&
+ exit 1
+ }
+
+-INITRD_OPTIONS=( "${@:${INITRD_OPTIONS_START}}" )
++shift $INITRD_OPTIONS_START
++INITRD_OPTIONS=""
++while [ $# -gt 0 ] ; do
++ if [ -z "$INITRD_OPTIONS" ] ; then
++ INITRD_OPTIONS="$1"
++ else
++ INITRD_OPTIONS="$INITRD_OPTIONS\n$1"
++ fi
++ shift
++done
+
+-for initrd in "${INITRD_OPTIONS[@]}"; do
+- if [[ -f "${initrd}" ]]; then
+- initrd_basename="$(basename ${initrd})"
++echo "${INITRD_OPTIONS}" | while read initrd; do
++ if [ -f "${initrd}" ]; then
++ initrd_basename=$(basename "${initrd}")
+ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+ echo "Installing $ENTRY_DIR_ABS/${initrd_basename}"
+ cp "${initrd}" "$ENTRY_DIR_ABS/${initrd_basename}" &&
+@@ -97,7 +105,7 @@ done
+
+ # If no initrd option is supplied, fall back to "initrd" which is
+ # the name used by dracut when generating it in its kernel-install hook
+-[[ ${#INITRD_OPTIONS[@]} == 0 ]] && INITRD_OPTIONS=( initrd )
++[ -z "${INITRD_OPTIONS}" ] && INITRD_OPTIONS=initrd
+
+ mkdir -p "${LOADER_ENTRY%/*}" || {
+ echo "Could not create loader entry directory '${LOADER_ENTRY%/*}'." >&2
+@@ -110,11 +118,12 @@ mkdir -p "${LOADER_ENTRY%/*}" || {
+ echo "title $PRETTY_NAME"
+ echo "version $KERNEL_VERSION"
+ echo "machine-id $MACHINE_ID"
+- echo "options ${BOOT_OPTIONS[*]}"
++ echo "options ${BOOT_OPTIONS}"
+ echo "linux $ENTRY_DIR/linux"
+- for initrd in "${INITRD_OPTIONS[@]}"; do
+- [[ -f $ENTRY_DIR_ABS/$(basename ${initrd}) ]] && \
+- echo "initrd $ENTRY_DIR/$(basename ${initrd})"
++ echo "${INITRD_OPTIONS}" | while read initrd; do
++ initrd_basename=$(basename "${initrd}")
++ [ -f "$ENTRY_DIR_ABS/${initrd_basename}" ] && \
++ echo "initrd $ENTRY_DIR/${initrd_basename}"
+ done
+ :
+ } > "$LOADER_ENTRY" || {
+--
+2.29.3
+
diff --git a/debian/patches/apertis/Remove-bashisms-from-the-depmod-wrapper.patch b/debian/patches/apertis/Remove-bashisms-from-the-depmod-wrapper.patch
new file mode 100644
index 0000000000000000000000000000000000000000..20b77a8698611eaaeac860f175925781395261d4
--- /dev/null
+++ b/debian/patches/apertis/Remove-bashisms-from-the-depmod-wrapper.patch
@@ -0,0 +1,60 @@
+From: Denis Pynkin <denis.pynkin@collabora.com>
+Date: Thu, 24 Jan 2019 22:40:46 +0300
+Subject: Remove bashisms from the depmod wrapper
+
+- Use [ not [[ and -n to test for non-emptiness
+- Use for loop instead of comma expansion
+
+Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
+[ Rebased to the latest master, amended the rm call ]
+Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
+---
+ src/kernel-install/50-depmod.install | 21 ++++++++++++++++-----
+ 1 file changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install
+index 3850eac..2b026da 100644
+--- a/src/kernel-install/50-depmod.install
++++ b/src/kernel-install/50-depmod.install
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env bash
++#!/bin/sh
+ # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+ # ex: ts=8 sw=4 sts=4 et filetype=sh
+
+@@ -8,11 +8,11 @@ ENTRY_DIR_ABS="$3"
+ KERNEL_IMAGE="$4"
+ INITRD_OPTIONS_START="5"
+
+-[[ $KERNEL_VERSION ]] || exit 1
++[ -n $KERNEL_VERSION ] || exit 1
+
+ case "$COMMAND" in
+ add)
+- [[ -d "/lib/modules/${KERNEL_VERSION}/kernel" ]] || exit 0
++ [ -d "/lib/modules/${KERNEL_VERSION}/kernel" ] || exit 0
+ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+ echo "Running depmod -a ${KERNEL_VERSION}"
+ exec depmod -a "${KERNEL_VERSION}"
+@@ -20,8 +20,19 @@ case "$COMMAND" in
+ remove)
+ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+ echo "Removing /lib/modules/${KERNEL_VERSION}/modules.dep and associated files"
+- exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin.bin,dep{,.bin},devname,softdep,symbols{,.bin}}
+- ;;
++ for d in alias \
++ alias.bin \
++ builtin.bin \
++ dep \
++ dep.bin \
++ devname \
++ softdep \
++ symbols \
++ symbols.bin
++ do
++ rm -f "/lib/modules/$2/modules.$d"
++ done
++ ;;
+ *)
+ exit 0
+ esac
diff --git a/debian/patches/apertis/Remove-bashisms-from-the-entry-directory-plugin.patch b/debian/patches/apertis/Remove-bashisms-from-the-entry-directory-plugin.patch
new file mode 100644
index 0000000000000000000000000000000000000000..00c46583d18a3634a9f7b22005a8fe9dc216be00
--- /dev/null
+++ b/debian/patches/apertis/Remove-bashisms-from-the-entry-directory-plugin.patch
@@ -0,0 +1,39 @@
+From 2b89d2fe0193b36fa892ccc368e81efa8e854bb9 Mon Sep 17 00:00:00 2001
+From: Denis Pynkin <denis.pynkin@collabora.com>
+Date: Mon, 26 Apr 2021 23:00:48 +0300
+Subject: Remove bashisms from the entry directory plugin
+
+- Use [ not [[ and -z to test for non-emptiness
+
+Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
+---
+ src/kernel-install/00-entry-directory.install | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/kernel-install/00-entry-directory.install b/src/kernel-install/00-entry-directory.install
+index 21c09fa..e2fc396 100644
+--- a/src/kernel-install/00-entry-directory.install
++++ b/src/kernel-install/00-entry-directory.install
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env bash
++#/bin/sh
+ # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+ # ex: ts=8 sw=4 sts=4 et filetype=sh
+
+@@ -8,11 +8,11 @@ ENTRY_DIR_ABS="$3"
+ KERNEL_IMAGE="$4"
+ INITRD_OPTIONS_START="5"
+
+-if ! [[ $KERNEL_INSTALL_MACHINE_ID ]]; then
++if [ -z "$KERNEL_INSTALL_MACHINE_ID" ]; then
+ exit 0
+ fi
+
+-if [[ $COMMAND != add ]]; then
++if [ "$COMMAND" != "add" ]; then
+ exit 0
+ fi
+
+--
+2.20.1
+
diff --git a/debian/patches/apertis/Reworked-kernel-install-script.patch b/debian/patches/apertis/Reworked-kernel-install-script.patch
new file mode 100644
index 0000000000000000000000000000000000000000..54f8e34bcc3cfdb74338697babd7d8ed809f3b34
--- /dev/null
+++ b/debian/patches/apertis/Reworked-kernel-install-script.patch
@@ -0,0 +1,226 @@
+From 2b3c1bccc61217f9800fa6b6f7af1007dd6c27e3 Mon Sep 17 00:00:00 2001
+From: Denis Pynkin <denis.pynkin@collabora.com>
+Date: Mon, 3 May 2021 03:12:29 +0300
+Subject: Reworked kernel-install script
+
+- Removed bashisms -- script is adapted for running with `/bin/sh`
+- Add support of calling the script without passing the kernel image.
+- Allow to use name prefix while detecting the action.
+ If the name of (sym)link to 'kernel-install' script ends with
+ 'installkernel' or 'removekernel' -- the action 'add' or 'remove' is
+ assumed. This change allow to use file names like `zz_installkernel`
+ to force it to run last during the kernel installing or removing.
+
+Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
+Signed-off-by: Frederic Dalleau <frederic.dalleau@collabora.com>
+---
+ src/kernel-install/kernel-install | 100 +++++++++++++++++-------------
+ 1 file changed, 56 insertions(+), 44 deletions(-)
+
+diff --git a/src/kernel-install/kernel-install b/src/kernel-install/kernel-install
+index e7457e9..6729168 100755
+--- a/src/kernel-install/kernel-install
++++ b/src/kernel-install/kernel-install
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env bash
++#!/bin/sh
+ # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+ # ex: ts=8 sw=4 sts=4 et filetype=sh
+ # SPDX-License-Identifier: LGPL-2.1-or-later
+@@ -33,22 +33,18 @@ usage()
+ dropindirs_sort()
+ {
+ local suffix=$1; shift
+- local -a files
+ local f d i
+
+- readarray -t files <<<"$(
+- for d in "$@"; do
+- for i in "$d/"*"$suffix"; do
+- if [[ -e "$i" ]]; then
+- echo "${i##*/}"
+- fi
+- done
+- done | sort -Vu
+- )"
+-
+- for f in "${files[@]}"; do
++ for d in "$@"; do
++ for i in "$d/"*"$suffix"; do
++ if [ -e "$i" ]; then
++ echo "${i##*/}"
++ fi
++ done
++ done | sort -u | \
++ while read f; do
+ for d in "$@"; do
+- if [[ -e "$d/$f" ]]; then
++ if [ -e "$d/$f" ]; then
+ echo "$d/$f"
+ continue 2
+ fi
+@@ -59,51 +55,64 @@ dropindirs_sort()
+ export LC_COLLATE=C
+
+ for i in "$@"; do
+- if [ "$i" == "--help" -o "$i" == "-h" ]; then
++ if [ "$i" = "--help" -o "$i" = "-h" ]; then
+ usage
+ exit 0
+ fi
+ done
+
+ KERNEL_INSTALL_VERBOSE=0
+-if [ "$1" == "--verbose" -o "$1" == "-v" ]; then
++if [ "$1" = "--verbose" -o "$1" = "-v" ]; then
+ shift
+ KERNEL_INSTALL_VERBOSE=1
+ fi
+ export KERNEL_INSTALL_VERBOSE
+
+-if [[ "${0##*/}" == 'installkernel' ]]; then
++INITRD_OPTIONS=""
++if [ "${0%installkernel}" != "${0}" ]; then
+ COMMAND='add'
+ # make install doesn't pass any parameter wrt initrd handling
+- INITRD_OPTIONS=()
++ KERNEL_VERSION="$1"
++ KERNEL_IMAGE="$2"
++elif [ "${0%removekernel}" != "${0}" ]; then
++ COMMAND='remove'
++ KERNEL_VERSION="$1"
++ KERNEL_IMAGE="$2"
+ else
+ COMMAND="$1"
+ shift
+- INITRD_OPTIONS=( "${@:3}" )
++ KERNEL_VERSION="$1"
++ KERNEL_IMAGE="$2"
++ while [ $# -gt 2 ] ; do
++ if [ -z "$INITRD_OPTIONS" ] ; then
++ INITRD_OPTIONS="$3"
++ else
++ INITRD_OPTIONS="$INITRD_OPTIONS\n$3"
++ fi
++ shift
++ done
+ fi
+
+-KERNEL_VERSION="$1"
+-KERNEL_IMAGE="$2"
+
+ # Reuse directory created without a machine ID present if it exists.
+-if [[ -d /efi/Default ]] || [[ -d /boot/Default ]] || [[ -d /boot/efi/Default ]]; then
++if [ -d /efi/Default ] || [ -d /boot/Default ] || [ -d /boot/efi/Default ]; then
+ MACHINE_ID="Default"
+-elif [[ -f /etc/machine-id ]]; then
++elif [ -f /etc/machine-id ]; then
+ read MACHINE_ID < /etc/machine-id
+ else
+ MACHINE_ID="Default"
+ fi
+
+-if [[ ! $COMMAND ]] || [[ ! $KERNEL_VERSION ]]; then
++if [ -z "$COMMAND" ] || [ -z "$KERNEL_VERSION" ]; then
+ echo "Not enough arguments" >&2
+ exit 1
+ fi
+
+-if [[ -d /efi/loader/entries ]] || [[ -d /efi/$MACHINE_ID ]]; then
++if [ -d /efi/loader/entries ] || [ -d /efi/$MACHINE_ID ]; then
+ ENTRY_DIR_ABS="/efi/$MACHINE_ID/$KERNEL_VERSION"
+-elif [[ -d /boot/loader/entries ]] || [[ -d /boot/$MACHINE_ID ]]; then
++elif [ -d /boot/loader/entries ] || [ -d /boot/$MACHINE_ID ]; then
+ ENTRY_DIR_ABS="/boot/$MACHINE_ID/$KERNEL_VERSION"
+-elif [[ -d /boot/efi/loader/entries ]] || [[ -d /boot/efi/$MACHINE_ID ]]; then
++elif [ -d /boot/efi/loader/entries ] || [ -d /boot/efi/$MACHINE_ID ]; then
+ ENTRY_DIR_ABS="/boot/efi/$MACHINE_ID/$KERNEL_VERSION"
+ elif mountpoint -q /efi; then
+ ENTRY_DIR_ABS="/efi/$MACHINE_ID/$KERNEL_VERSION"
+@@ -117,51 +126,53 @@ export KERNEL_INSTALL_MACHINE_ID=$MACHINE_ID
+
+ ret=0
+
+-readarray -t PLUGINS <<<"$(
++
++plugins_list(){
+ dropindirs_sort ".install" \
+ "/etc/kernel/install.d" \
+ "/usr/lib/kernel/install.d"
+-)"
++}
+
+ case $COMMAND in
+ add)
+- if [[ ! "$KERNEL_IMAGE" ]]; then
+- echo "Command 'add' requires an argument" >&2
+- exit 1
++ # According to man page 2-nd parameter could be skipped
++ if [ -z "$KERNEL_IMAGE" ]; then
++ KERNEL_IMAGE="/boot/vmlinuz-$KERNEL_VERSION"
+ fi
+
+- if [[ ! -f "$KERNEL_IMAGE" ]]; then
++ if [ ! -f "$KERNEL_IMAGE" ]; then
+ echo "Kernel image argument ${KERNEL_IMAGE} not a file" >&2
+ exit 1
+ fi
+
+- for f in "${PLUGINS[@]}"; do
+- if [[ -x $f ]]; then
++ plugins_list | while read f; do
++ if [ -x "$f" ]; then
++
+ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+- echo "+$f add $KERNEL_VERSION $ENTRY_DIR_ABS $KERNEL_IMAGE ${INITRD_OPTIONS[@]}"
+- "$f" add "$KERNEL_VERSION" "$ENTRY_DIR_ABS" "$KERNEL_IMAGE" "${INITRD_OPTIONS[@]}"
++ echo "+$f add $KERNEL_VERSION $ENTRY_DIR_ABS $KERNEL_IMAGE ${INITRD_OPTIONS}"
++ "$f" add "$KERNEL_VERSION" "$ENTRY_DIR_ABS" "$KERNEL_IMAGE" "${INITRD_OPTIONS}"
+ x=$?
+- if [[ $x == $SKIP_REMAINING ]]; then
++ if [ $x = $SKIP_REMAINING ]; then
+ ret=0
+ break
+ fi
+- ((ret+=$x))
++ ret=`expr $ret + $?`
+ fi
+ done
+ ;;
+
+ remove)
+- for f in "${PLUGINS[@]}"; do
+- if [[ -x $f ]]; then
++ plugins_list | while read f; do
++ if [ -x "$f" ]; then
+ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+ echo "+$f remove $KERNEL_VERSION $ENTRY_DIR_ABS"
+ "$f" remove "$KERNEL_VERSION" "$ENTRY_DIR_ABS"
+ x=$?
+- if [[ $x == $SKIP_REMAINING ]]; then
++ if [ $x = $SKIP_REMAINING ]; then
+ ret=0
+ break
+ fi
+- ((ret+=$x))
++ ret=`expr $ret + $x`
+ fi
+ done
+
+@@ -169,7 +180,7 @@ case $COMMAND in
+ echo "Removing $ENTRY_DIR_ABS"
+
+ rm -rf "$ENTRY_DIR_ABS"
+- ((ret+=$?))
++ ret=`expr $ret + $?`
+ ;;
+
+ *)
+@@ -179,3 +190,4 @@ case $COMMAND in
+ esac
+
+ exit $ret
++
+--
+2.29.3
+
diff --git a/debian/patches/apertis/basic-linux-Sync-if_arp.h-with-Linux-5.14.patch b/debian/patches/apertis/basic-linux-Sync-if_arp.h-with-Linux-5.14.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5a8d981091e36bafb59379af524cb5989f3563a2
--- /dev/null
+++ b/debian/patches/apertis/basic-linux-Sync-if_arp.h-with-Linux-5.14.patch
@@ -0,0 +1,23 @@
+From: Chris Packham <chris.packham@alliedtelesis.co.nz>
+Date: Fri, 10 Sep 2021 09:51:36 +1200
+Subject: basic/linux: Sync if_arp.h with Linux 5.14
+
+ARPHRD_MCTP was added in 5.14. Sync if_arp.h to pick up the definition
+
+Fixes #20694
+---
+ src/basic/linux/if_arp.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h
+index c3cc5a9..4783af9 100644
+--- a/src/basic/linux/if_arp.h
++++ b/src/basic/linux/if_arp.h
+@@ -54,6 +54,7 @@
+ #define ARPHRD_X25 271 /* CCITT X.25 */
+ #define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */
+ #define ARPHRD_CAN 280 /* Controller Area Network */
++#define ARPHRD_MCTP 290
+ #define ARPHRD_PPP 512
+ #define ARPHRD_CISCO 513 /* Cisco HDLC */
+ #define ARPHRD_HDLC ARPHRD_CISCO
diff --git a/debian/patches/apertis/kernel-install-allow-to-create-BOOT-MACHINE_ID.patch b/debian/patches/apertis/kernel-install-allow-to-create-BOOT-MACHINE_ID.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ad44b33833eb60b41fa2d73481fdc101bdd24d92
--- /dev/null
+++ b/debian/patches/apertis/kernel-install-allow-to-create-BOOT-MACHINE_ID.patch
@@ -0,0 +1,44 @@
+From f462882b9f851adb9bd0a420f2b3e5912bbfb712 Mon Sep 17 00:00:00 2001
+From: Denis Pynkin <denis.pynkin@collabora.com>
+Date: Sun, 2 May 2021 21:47:16 +0300
+Subject: kernel-install: allow to create $BOOT/$MACHINE_ID
+
+Commit cf73f650890 provides script `00-entry-directory.install` which
+creates the entry directory only if `$BOOT/$MACHINE_ID` folder exists.
+This part was moved out of `kernel-install` script and may introduce
+the problem during upgrade since before Apertis v2022dev2 we do kernel
+install with `$MACHINE_ID` generated in a build time. Later we remove
+`/etc/machine-id` file allowing to generate an unique machine ID during
+first boot, so there will be no directory `$BOOT/$MACHINE_ID` with a new
+ID preventing from new entry generation during kernel upgrade in runtime.
+Hence remove the part checking the `$BOOT/$MACHINE_ID` existence and
+allow to create the proper entry in any case, returning the previous
+`kernel-install` behaviour.
+
+Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
+---
+ src/kernel-install/00-entry-directory.install | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/src/kernel-install/00-entry-directory.install b/src/kernel-install/00-entry-directory.install
+index e2fc396..f753794 100644
+--- a/src/kernel-install/00-entry-directory.install
++++ b/src/kernel-install/00-entry-directory.install
+@@ -16,14 +16,6 @@ if [ "$COMMAND" != "add" ]; then
+ exit 0
+ fi
+
+-# If the boot dir exists (e.g. $ESP/<machine-id>),
+-# create the entry directory ($ESP/<machine-id>/<kernel-version>).
+-# This is the only function of this plugin.
+-MACHINE_ID_DIR="${ENTRY_DIR_ABS%/*}"
+-if ! [ -d "$MACHINE_ID_DIR" ]; then
+- exit 0
+-fi
+-
+ if [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ]; then
+ echo "+mkdir -v -p $ENTRY_DIR_ABS"
+ exec mkdir -v -p "$ENTRY_DIR_ABS"
+--
+2.29.3
+
diff --git a/debian/patches/apertis/meson-do-not-fail-if-rsync-is-not-installed-with-meson-0.57.2.patch b/debian/patches/apertis/meson-do-not-fail-if-rsync-is-not-installed-with-meson-0.57.2.patch
new file mode 100644
index 0000000000000000000000000000000000000000..f05e33c0556107193c888e55a79ab741d9d3837a
--- /dev/null
+++ b/debian/patches/apertis/meson-do-not-fail-if-rsync-is-not-installed-with-meson-0.57.2.patch
@@ -0,0 +1,53 @@
+From 7c5fd25119a495009ea62f79e5daec34cc464628 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 12 Apr 2021 14:03:32 +0200
+Subject: [PATCH] meson: do not fail if rsync is not installed with meson
+ 0.57.2
+
+https://github.com/mesonbuild/meson/issues/8641
+
+Our CI started to fail. Even if the change is reverted in meson,
+we need a quick workaround here.
+---
+ man/meson.build | 25 ++++++++++++++-----------
+ 1 file changed, 14 insertions(+), 11 deletions(-)
+
+diff --git a/man/meson.build b/man/meson.build
+index 3cae8446cd..f9c4b83dc8 100644
+--- a/man/meson.build
++++ b/man/meson.build
+@@ -184,17 +184,20 @@ html = custom_target(
+ depends : html_pages,
+ command : ['echo'])
+
+-run_target(
+- 'doc-sync',
+- depends : man_pages + html_pages,
+- command : ['rsync', '-rlv',
+- '--delete-excluded',
+- '--include=man',
+- '--include=*.html',
+- '--exclude=*',
+- '--omit-dir-times',
+- meson.current_build_dir(),
+- get_option('www-target')])
++rsync = find_program('rsync', required : false)
++if rsync.found()
++ run_target(
++ 'doc-sync',
++ depends : man_pages + html_pages,
++ command : [rsync, '-rlv',
++ '--delete-excluded',
++ '--include=man',
++ '--include=*.html',
++ '--exclude=*',
++ '--omit-dir-times',
++ meson.current_build_dir(),
++ get_option('www-target')])
++endif
+
+ ############################################################
+
+--
+2.30.2
+
diff --git a/debian/patches/apertis/meson.build-change-operator-combining-bools-from-to-and.patch b/debian/patches/apertis/meson.build-change-operator-combining-bools-from-to-and.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5a3fb9863943c8fa12b109af19bc2ec32beaa036
--- /dev/null
+++ b/debian/patches/apertis/meson.build-change-operator-combining-bools-from-to-and.patch
@@ -0,0 +1,32 @@
+From c29537f39e4f413a6cbfe9669fa121bdd6d8b36f Mon Sep 17 00:00:00 2001
+From: Dan Streetman <ddstreet@canonical.com>
+Date: Fri, 3 Sep 2021 12:43:33 -0400
+Subject: [PATCH] meson.build: change operator combining bools from + to and
+
+upstream meson stopped allowing combining boolean with the plus
+operator, and now requires using the logical and operator
+
+reference:
+https://github.com/mesonbuild/meson/commit/43302d3296baff6aeaf8e03f5d701b0402e37a6c
+
+Fixes: #20632
+---
+ meson.build | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/meson.build b/meson.build
+index 6e1a8b1e50..0fe996adba 100644
+--- a/meson.build
++++ b/meson.build
+@@ -35,7 +35,7 @@ conf.set10('BUILD_MODE_DEVELOPER', get_option('mode') == 'developer',
+
+ want_ossfuzz = get_option('oss-fuzz')
+ want_libfuzzer = get_option('llvm-fuzz')
+-if want_ossfuzz + want_libfuzzer > 1
++if want_ossfuzz and want_libfuzzer
+ error('only one of oss-fuzz or llvm-fuzz can be specified')
+ endif
+
+--
+2.30.2
+
diff --git a/debian/patches/apertis/systemd-journal-flush-Add-a-requirement-on-var.mount.patch b/debian/patches/apertis/systemd-journal-flush-Add-a-requirement-on-var.mount.patch
new file mode 100644
index 0000000000000000000000000000000000000000..39c6012787c1ca2f71ce86c5e5f35a1ed0364a4c
--- /dev/null
+++ b/debian/patches/apertis/systemd-journal-flush-Add-a-requirement-on-var.mount.patch
@@ -0,0 +1,43 @@
+From: Detlev Casanova <detlev.casanova@collabora.com>
+Date: Wed, 26 Jan 2022 15:30:42 -0500
+Subject: systemd-journal-flush: Add a requirement on var.mount.
+
+On some systems (like ostree), /var is already mounted (bind) when systemd
+starts and is not in /etc/fstab, so there is no var.mount file (fragment)
+generated by systemd-fstab-generator
+
+var.mount unit still exists: it instantiated via /proc/self/mountinfo
+
+RequiresMountsFor= does not add Requires= dependencies for .mount units if
+there is no corresponding fragment file (it still adds them After=, though -
+see unit_add_mount_dependencies() in unit.c)
+=> systemd-journal-flush.service will have After=var.mount but no
+ Requires=var.mount.
+=> On shutdown, nothing causes systemd-journal-flush.service to be stopped as
+ it does not require var.mount.
+
+See https://github.com/systemd/systemd/issues/867#issuecomment-890768048
+for details
+
+This patch adds the Require= for var.mount. It fixes the unmounting of
+/var at shutdown and doesn't influence systems that let systemd mount
+/var.
+
+Signed-off-by: Detlev Casanova <detlev.casanova@collabora.com>
+---
+ units/systemd-journal-flush.service | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/units/systemd-journal-flush.service b/units/systemd-journal-flush.service
+index 1a71592..e258866 100644
+--- a/units/systemd-journal-flush.service
++++ b/units/systemd-journal-flush.service
+@@ -11,7 +11,7 @@
+ Description=Flush Journal to Persistent Storage
+ Documentation=man:systemd-journald.service(8) man:journald.conf(5)
+ DefaultDependencies=no
+-Requires=systemd-journald.service
++Requires=systemd-journald.service var.mount
+ After=systemd-journald.service systemd-remount-fs.service
+ Before=systemd-tmpfiles-setup.service
+ RequiresMountsFor=/var/log/journal
diff --git a/debian/patches/series b/debian/patches/series
index 661f0c480a264cfdceb00182173bca921dfae870..3e98fe1e96efdaea619e656e88b24e4c6b3f1ec0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -18,3 +18,14 @@ debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch
debian/systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch
debian/Downgrade-a-couple-of-warnings-to-debug.patch
debian/Skip-flaky-test_resolved_domain_restricted_dns-in-network.patch
+apertis/Add-usr-to-non-unmountable-list.patch
+apertis/Remove-bashisms-from-the-depmod-wrapper.patch
+apertis/Remove-bashisms-from-the-UEFI-entries-generator.patch
+apertis/Reworked-kernel-install-script.patch
+apertis/Remove-bashisms-from-the-entry-directory-plugin.patch
+apertis/kernel-install-allow-to-create-BOOT-MACHINE_ID.patch
+apertis/Fix-the-path-to-bootable-binaries-in-efi-entry.patch
+apertis/basic-linux-Sync-if_arp.h-with-Linux-5.14.patch
+apertis/systemd-journal-flush-Add-a-requirement-on-var.mount.patch
+apertis/meson.build-change-operator-combining-bools-from-to-and.patch
+apertis/meson-do-not-fail-if-rsync-is-not-installed-with-meson-0.57.2.patch
diff --git a/debian/rules b/debian/rules
index 44465f992fad0350e10ec0062e2bf8bb9001a187..1b1db875e74a5076e9a3b83b2c07825a3a369110 100755
--- a/debian/rules
+++ b/debian/rules
@@ -106,13 +106,12 @@ CONFFLAGS += \
-Dlibcryptsetup=true \
-Dlibcryptsetup-plugins=true \
-Dcoredump=true \
- -Delfutils=true \
+ -Delfutils=false \
-Dapparmor=true \
-Dlibidn2=true \
-Dlibiptc=true \
-Dlibcurl=true \
-Dimportd=true \
- -Dmicrohttpd=true \
-Dopenssl=true \
-Dcryptolib=openssl \
-Ddns-over-tls=openssl \
@@ -135,7 +134,6 @@ CONFFLAGS += \
-Dlibiptc=false \
-Dlibcurl=false \
-Dimportd=false \
- -Dmicrohttpd=false \
-Dopenssl=false \
-Dlibfido2=false \
-Dtpm2=false \
@@ -236,6 +234,8 @@ ifeq ($(DEB_VENDOR),Ubuntu)
cp -a debian/extra/units-ubuntu/* debian/systemd/lib/systemd/system/
endif
+ dh_apparmor -psystemd --profile-name=lib.systemd.systemd-logind
+
execute_after_dh_installman:
# remove duplicate files shipped by systemd-*/udev
# run after dh_installman, which runs after dh_install, to include manpages
@@ -299,4 +299,4 @@ ifeq (, $(filter nocheck, $(DEB_BUILD_OPTIONS)))
endif
%:
- dh $@ --without autoreconf --buildsystem=meson
+ dh $@ --without autoreconf --buildsystem=meson -Nsystemd-journal-remote
diff --git a/debian/systemd-boot.install b/debian/systemd-boot.install
index 29cd23b65c92fea9c6c8f9075a1fd0893be702d3..9a4564b65cd8c2a6357c92b7e49be7635adebdf9 100644
--- a/debian/systemd-boot.install
+++ b/debian/systemd-boot.install
@@ -1,3 +1,4 @@
+etc/kernel
lib/systemd/systemd-bless-boot
lib/systemd/system-generators/systemd-bless-boot-generator
lib/systemd/system/sysinit.target.wants/systemd-boot-system-token.service
@@ -5,6 +6,14 @@ lib/systemd/system/systemd-bless-boot.service
lib/systemd/system/systemd-boot-system-token.service
lib/systemd/system/systemd-boot-update.service
usr/bin/bootctl
+usr/bin/kernel-install
+usr/lib/systemd/boot
+usr/share/man/man1/bootctl*
+usr/share/man/man8/kernel-install*
usr/share/bash-completion/completions/bootctl
-../extra/initramfs etc/
-../extra/kernel etc/
+usr/share/bash-completion/completions/kernel-install
+usr/share/zsh/vendor-completions/_bootctl
+usr/share/zsh/vendor-completions/_kernel-install
+usr/lib/kernel
+../../extra/kernel-install.d/* usr/lib/kernel/install.d
+../../extra/zz_kernel-install etc/initramfs/post-update.d
diff --git a/debian/systemd-boot.links b/debian/systemd-boot.links
new file mode 100644
index 0000000000000000000000000000000000000000..20fe0bb59264191c0e1f91cedffdb487eace0efa
--- /dev/null
+++ b/debian/systemd-boot.links
@@ -0,0 +1,3 @@
+# Links for adding/removing kernel and initramfs
+/usr/bin/kernel-install /etc/kernel/postinst.d/zz_installkernel
+/usr/bin/kernel-install /etc/kernel/postrm.d/zz_removekernel
\ No newline at end of file
diff --git a/debian/systemd.install b/debian/systemd.install
index 75cbd757d70965fa0543183b1ebd52f0cc483118..06e779456c70c21eef3f0df7fb5d38e39330ce9f 100755
--- a/debian/systemd.install
+++ b/debian/systemd.install
@@ -17,7 +17,6 @@ usr/lib/sysusers.d/systemd-journal.conf
usr/lib/sysusers.d/systemd-network.conf
usr/lib/systemd/
usr/lib/tmpfiles.d/
-usr/lib/kernel
<!stage1> usr/lib/*/cryptsetup/
usr/share/bash-completion/
usr/share/zsh/vendor-completions/
@@ -35,3 +34,4 @@ var/lib
../extra/units/* lib/systemd/system/
../extra/kernel-install.d/* usr/lib/kernel/install.d
../extra/pam.d/* usr/lib/pam.d/
+../../lib.systemd.systemd-logind etc/apparmor.d/