From wikipedia:
utmp maintains a full accounting of the current status of the
system, system boot time (used by uptime), recording user
logins at which terminals, logouts, system events etc.
This is seldom use, if at all, on an embedded device, and may expose
users' behaviour to others (by observing who logs in from where, for
example).
Forcibly disable support for utmp.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr: split off to its own patch]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Systemd enables compatibility with SysV services and utmp by default,
none of which is needed for buildroot as the packages' .mk will install
only the files for the chosen init system.
Furthermore, SysV support requires a setup where *both* /etc/init.d and
/etc/rc.d exists (the latter for the usual /etc/rcN.d). However, in
Buildroot, the latter does not exist; so we would not be able to provide
a working SysV support anyway.
So, just forcibly disable SysV support.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- expand commit log
- disable utmp in its own patch
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Currently, we define the so-called "overflow group" as 'nogroup'.
However, one practical issue is that systemd-sysusers will otherwise
create a 'nobody' group with gid 999, because that's is what is usual to
define the overflow group: users and groups are defined in LSB (Linux
Standard Base):
https://refspecs.linuxfoundation.org/LSB_5.0.0/LSB-Core-generic/LSB-Core-generic/usernames.html
Quoting: "If the username exists on a system,then they should be in the
suggested corresponding group".
Only Debian and derivatives depart from this custom, naming it 'nogroup'
(hence the rationale for commit 908198e756 (system/skeleton: remove
spurious group 'nobody').
See also commit 9c67af2c52 (system/skeleton: use uid/gid 65534 for
nobody/nogroup), and a related discussion on LWN.net (key is "overflow
UID" which also applies to GID):
https://lwn.net/Articles/695478/
Use the recommended groupname 'nobody'. Adapt packages accordingly.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- reword commit log
- extend commit log with more references (commits and LWN)
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Group the udev users first, to make clear which software
requires them.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Reviewed-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This supports 4 plugins, each will be added at the right spot if
enabled, based on the template coming with systemd.
The sed replacements are carefully written to be idempotent, and to
be robust enough to be combined with the other available packages
(nss_mdns4) in any installation order.
nss-systemd is used for the DynamicUser features, which is a defacto
necessity for systemd. It handles transient users/groups without
touching the /etc/{passwd,group} files on disk. To support the
'SupplementaryGroups' feature, groups should be merged.
nss-myhostname allows resolving the hostname, again without touching
files in /etc.
nss-mymachines adds name resolution from containers supported by
machined. Users from the containers might end up in system groups, so
groups should be merged.
nss-resolve, part of resolved, is required for consistent dns lookups.
As per the documentation (nss-resolve(8)), DNS queries shall not
continue past the resolve service, unless the service is not available.
We anchor nss_resolve to appear after files, if mymachines is also used,
remove that first (and add it back later). Other packages (mdns4) move
around the dns entry, so replacing that is not a good option.
If mdns4 is installed aswell, then resolved will take precedence for
host lookups.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- exp[lain why 'host: resolve' uses !UNAVAIL=return
- rewrap commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
All systemd binaries depend on libsystemd-shared and need their RPATH
fixed. Use a glob to catch them all.
We can't use $(wildcard ...) because this is expanded before any file
may exist (it's in the same rule that install those file, and the
expansion in Makefile is done once at the beginning of the recipe).
We need to test each file:
1. to ignore files that were not build (e.g. because the host is
missing some dependencies (in which case we don't care; we're only
interested in systemctl, and that one is already built)
2. to ensure the glob was expanded (in case no file would match
systemd-*)
Signed-off-by: Norbert Lange <nolange79@gmail.com>
[yann.morin.1998@free.fr:
- don't use 'set -e', use the more traditional '|| eixt 1'
- don't cd into HOST_DIR/bin, but use $(addprefix ...)
- use positive logic in the test
- expand commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
The necessary system users are documented in the projects README.
Description is matched to the ones in the upstream sysusers.d
files. Remove homedirectory (upstream doesnt care either).
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Since V235 the "gateway" and "upload" services use DynamicUsers,
requiring no entries in /etc/passwd.
This functionality requires nss-systemd, which is always
enabled in buildroot.
The "bus-proxy" user was removed in V230.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Reviewed-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
User can drop in more systemd units or presets
in an rootfs overlay, which will be copied over *after*
the TARGET_FINALIZE_HOOKS are run.
Instead, run preset-all afterwards from ROOTFS_PRE_CMD_HOOKS
Signed-off-by: Norbert Lange <nolange79@gmail.com>
Reviewed-by: Jérémy ROSEN <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
[yann.morin.1998@free.fr: two sapces in hash file]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
When selecting "console" for the automatic getty, the buildroot logic
would collide with systemd's internal console detection logic, resulting
in two getty being started on the console.
This commit fixes that by doing nothing when "console" is selected and
letting systemd-getty-generator deal with starting the proper getty.
Note that if something other than the console is selected
* Things will work properly, even if the selected terminal is also the
console
* A getty will still be started on the console.
This is what systemd has been doing on buildroot since the beginning. it
could be disabled but I left it for backward compatibility
Fixes: #12361
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
If libapparmor is selected, depend on libapparmor and set -Dapparmor=true
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Adam Duskett <aduskett@gmail.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
When libgcrypt is available set default-dnssec to the backwards
compatible allow-downgrade option.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
systemd-homed is a system service that may be used to create, remove,
change or inspect home directories.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Thomas:
- add missing dependency on kernel headers >= 4.12
- add missing Config.in comment about dependency]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Currently, the dependencies for the init system choice, and the
dependencies for the package, are slightly different, and not in the
same order, the latter making it difficult to assess consistency between
the two.
Fix all that, by cross-duplicating dependencies from the init choice and
the package, and order the dependencies according to the manual (arch
first, toolchain, then the others).
Note that some dependencies are redundant, but kept nonetheless for
correctness:
- BR2_USE_MMU is implied by BR2_TOOLCHAIN_USES_GLIBC, but systemd does
use fork();
- !BR2_STATIC_LIBS is also implied by BR2_TOOLCHAIN_USES_GLIBC, but it
is also inherited from kmod which we select;
- BR2_TOOLCHAIN_HAS_THREADS is also implied by BR2_TOOLCHAIN_USES_GLIBC,
but systemd does use pthread_*() functions.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
On master during the stabilisation phase, a new patch was added to
systemd; in parallel, on the next branch, systemd was bumped. Then, when
next was merged into master, there was no merge conflict, so the uneeded
patch was left unnoticed.
That patch was applied upstream, and is present in the version we now
have, so it no longer applies.
Drop that patch.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
systemd-userdbd is a system service that multiplexes user/group lookups
to all local services that provide JSON user/group record definitions
to the system. In addition it synthesizes JSON user/group records from
classic UNIX/glibc NSS user/group records in order to provide full
backwards compatibility.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
systemd-repart grows and adds partitions to a partition table, based on
the configuration files described in repart.d.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Set default-dns-over-tls to opportunistic when dns-over-tls is enabled
as it should be fully backwards compatible. The DNSOverTLS config in
resolved.conf can be used to override default-dns-over-tls.
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
For additional post-244 fixes.
Update the hash of the README after commit faba5b2b (Revert "Drop dbus
activation stub service") changed a comment about dbus:
- dbus >= 1.11.0 (strictly speaking optional, but recommended)
+ dbus >= 1.4.0 (strictly speaking optional, but recommended)
+ NOTE: If using dbus < 1.9.18, you should override the default
+ policy directory (--with-dbuspolicydir=/etc/dbus-1/system.d).
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
By using the interface in the filename for the networkd config file,
we have a clear association between the config file and the interface
it applies to.
This is beneficical for systems that have multiple interfaces.
Signed-off-by: Pascal de Bruijn <p.debruijn@unilogic.nl>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Handling of tty is a bit tricky, we need to aggressively disable what
systemd does with tty1 then update for what buildroot wants to do
Rework the whole tty generation to work with presets
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- fold long lines
- drop spurious empty lines removals
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
since v234 upstream recommands using systemctl preset-all to enable units.
* add a buildroot specific preset file
* use that file to disable getty@tty1
* make systemd depend on host-systemd
* remove all link-creating code that systemd does for us.
Most packages will not be affected by this change, but a few packages
were installing units without manually enabling them. Those packages
will now be automatically enabled.
The fact that those packages were not enabled is almost certainly a bug,
but it is a change of behaviour that needs to be reported
host-systemd also builds udevadm for the host. That means we no longer
need to depend on host-eudev to provide udevadm (that would conflict).
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- also remove the hwdb sources on fs generation
- fix check-package errors
- few typoes and reformatting in commit log
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Add the infrastructure to build the host version of systemd
* disable all optional features, they can be re-added when needed
* systemd has creative way of dealing with cross compile
we build a "normal" host systemd, but install it in $HOST_DIR
we use systemctl --root to correctly act on TARGET_DIR
* we need to adjust RPATH using patchelf because meson can't do it
correctly by itsel
The first question is: why do we use --prefix=/usr ?
systemd will store its --prefix in all the executables it generates. As
such, systemctl will have a hardcoded 'prefix', where it will manipulate
and create files/symlinks in. When called natively, this is nice and
shinny.
However, for cross-setup, that does not work obviously.
So, systemd has its tools know about the 'root' directory where this
prefix should be related to. We can call systemctl --root=$(TARGET_DIR)
and systemctl wil do the links and such in there.
However, it does so by appending its known prefix to it.
So, if we were to configure host-systemd as we usually do, with
--prefix=$(HOST_DIR), then when we would call host systemctl --root=$(TARGET_DIR)
it would look for files in $(TARGET_DIR)/$(HOST_DIR), which is wrong.
Calling the host systemctl without --root is also wrong, as it would look for
files in $(HOST_DIR)
So, there is no satisfying official support for this case.
The trick then, is to configure systemd with the prefix it would expect
at runtime (on the target!), that is with /usr, but install out-of-tree.
That was it for the first part of the question: why do we use --prefix.
Now, the second question is: why do we need to muck up with the rpath
after installation?
Well, this boils down to meson (and not systemd itself). When it
installs executables, meson will handily insert whatever rpath the
package meson.build would tell it to use. systemd installs libs in
$(prefix)/lib/systemd and has a NEEDED to those libs, so it uses an
RPATH to find those libs, and meson does inject that RPATH into the
installed executables.
However, we Buildroot also want to insert our own RPATH, because systemd
uses util-linux' libs and libcap, installed in $(HOST_DIR), so it needs
our RPATH.
However, meson can not extend the RPATH from the LDFLAGS in the
environment; meson can only set the RPATH from what it knows about from
the package's meson.build.
That, in addition to the --prefix=/usr issue above, means that the
executables installed by host-systemd have an RPATH set to
/usr/lib/systemd. when we would want it to be set to
$(HOST_DIR)/lib:$(HOST_DIR)/lib/systemd
That's what is done in the post-install hook: set the RPATH to the
appropriate values.
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- reformatting in commit log
- declare host variant after target variant
- simplify comments
- slight reordering of variable (HOST_SYSTEMD_NINJA_ENV moved)
- reformatting for mutli-line variable (HOST_SYSTEMD_HOST_TOOLS)
- don't split HOST_SYSTEMD_CONF_OPTS in two sets
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Other changes:
- Update hash for README due to added licence directory tools/chromiumos.
- Add hash for tools/chromiumos/LICENSE
- Added BSD-3-Clause (tools/chromiumos) in systemd.mk due to the new
tools/chromiumos directory.
- Added tools/chromiumos/LICENSE to SYSTEMD_LICENSE_FILES in systemd.mk
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Other changes:
- Add spidermonkey as a dependency.
- Add 0001-make-netgroup-support-optional.patch to allow building on musl.
- Add a runtime dependency on dbus.
- Add --disable-libelongind.
- Add --disable-libsystemd-login.
- Update dependencies for systemd pam support.
- Update dependencies for udisks.
Signed-off-by: Adam Duskett <Aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Bump to 243.4 forgot to update hash of README file (update to the
requirements).
Fixes:
- http://autobuild.buildroot.org/results/eae13046b90253cdb2bf260e10b316386dff4eb1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: explain why README was changed]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Upstream systemd-stable has started tagging point releses.
The commit we currently used has now been tagged as v243.3, and this
brings us to v243.4.
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
[yann.morin.1998@free.fr:
- expand commit log to explain previous version
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Docker fails to start with "Devices cgroup isn't mounted" as of systemd 243.
According to the systemd documentation:
systemd now defaults to the "unified" cgroup hierarchy setup during
build-time, i.e. -Ddefault-hierarchy=unified is now the build-time default.
Previously, -Ddefault-hierarchy=hybrid was the default. [...] Downstream
production distributions might want to continue to use
-Ddefault-hierarchy=hybrid (or even =legacy) for their builds as unfortunately
the popular container managers have not caught up with the kernel API changes.
Changing this option to "hybrid" or "legacy" fixes the Docker startup.
Reference: https://github.com/opencontainers/runc/issues/654
Signed-off-by: Christian Stewart <christian@paral.in>
Tested-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The systemd project maintains a separate repository on github where patches
are backported on top of released version by the systemd maintainers.
This patch changes the SYSTEMD_SITE to point on that repository and points
to the latest version of v243, which was the previous version used by
systemd.
Unfortunately, upstream does not tag any version,so we use 'git describe'
as a SYSTEMD_VERSION
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Reviewed-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Carlos Santos <unixmania@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
