summaryrefslogtreecommitdiffstats
path: root/debian
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 13:00:48 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 13:00:48 +0000
commitf542925b701989ba6eed7b08b5226d4021b9b85f (patch)
tree57e14731f21a6d663326d30b7b88736e9d51c420 /debian
parentAdding upstream version 247.3. (diff)
downloadsystemd-debian/247.3-7+deb11u4.tar.xz
systemd-debian/247.3-7+deb11u4.zip
Adding debian version 247.3-7+deb11u4.debian/247.3-7+deb11u4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian')
-rw-r--r--debian/README.Debian112
-rw-r--r--debian/README.source103
-rw-r--r--debian/changelog6860
-rw-r--r--debian/control402
-rw-r--r--debian/copyright262
-rwxr-xr-xdebian/extra/checkout-upstream132
-rw-r--r--debian/extra/dhclient-exit-hooks.d/timesyncd52
-rw-r--r--debian/extra/fbdev-blacklist.conf20
-rw-r--r--debian/extra/init-functions.d/40-systemd101
-rwxr-xr-xdebian/extra/initramfs-tools/hooks/udev55
-rwxr-xr-xdebian/extra/initramfs-tools/scripts/init-bottom/udev28
-rwxr-xr-xdebian/extra/initramfs-tools/scripts/init-top/udev31
-rwxr-xr-xdebian/extra/kernel-install.d/85-initrd.install38
-rw-r--r--debian/extra/make-fbdev-blacklist47
-rwxr-xr-xdebian/extra/make-sysusers-basic18
-rw-r--r--debian/extra/network/73-usb-net-by-mac.link5
-rw-r--r--debian/extra/pam-configs/systemd7
-rw-r--r--debian/extra/pam.d/systemd-user13
-rw-r--r--debian/extra/rules-ubuntu/40-vm-hotadd.rules14
-rw-r--r--debian/extra/rules-ubuntu/61-persistent-storage-android.rules6
-rw-r--r--debian/extra/rules-ubuntu/71-power-switch-proliant.rules2
-rw-r--r--debian/extra/rules-ubuntu/78-graphics-card.rules30
-rw-r--r--debian/extra/rules/50-firmware.rules3
-rw-r--r--debian/extra/rules/73-special-net-names.rules14
-rw-r--r--debian/extra/rules/80-debian-compat.rules30
-rwxr-xr-xdebian/extra/start-udev23
-rwxr-xr-xdebian/extra/systemd-sysv-install56
-rw-r--r--debian/extra/systemd.py28
-rw-r--r--debian/extra/tmpfiles.d/debian.conf14
-rw-r--r--debian/extra/udev.py19
-rw-r--r--debian/extra/units-ubuntu/user@.service.d/timeout.conf4
-rw-r--r--debian/extra/units/getty-static.service10
-rw-r--r--debian/extra/units/rc-local.service.d/debian.conf10
-rw-r--r--debian/extra/units/systemd-localed.service.d/locale-gen.conf5
-rw-r--r--debian/gbp.conf9
-rwxr-xr-xdebian/git-cherry-pick53
-rw-r--r--debian/libnss-myhostname.install3
-rw-r--r--debian/libnss-myhostname.lintian-overrides2
-rw-r--r--debian/libnss-myhostname.postinst41
-rw-r--r--debian/libnss-myhostname.postrm29
-rw-r--r--debian/libnss-mymachines.install3
-rw-r--r--debian/libnss-mymachines.lintian-overrides2
-rw-r--r--debian/libnss-mymachines.postinst41
-rw-r--r--debian/libnss-mymachines.postrm29
-rw-r--r--debian/libnss-resolve.install3
-rw-r--r--debian/libnss-resolve.lintian-overrides2
-rw-r--r--debian/libnss-resolve.postinst48
-rw-r--r--debian/libnss-resolve.postrm33
-rw-r--r--debian/libnss-systemd.install3
-rw-r--r--debian/libnss-systemd.lintian-overrides2
-rw-r--r--debian/libnss-systemd.postinst39
-rw-r--r--debian/libnss-systemd.postrm29
-rw-r--r--debian/libpam-systemd.install3
-rw-r--r--debian/libpam-systemd.postinst7
-rw-r--r--debian/libpam-systemd.prerm20
-rw-r--r--debian/libsystemd-dev.install5
-rw-r--r--debian/libsystemd0.install1
-rw-r--r--debian/libsystemd0.symbols607
-rw-r--r--debian/libudev-dev.install5
-rw-r--r--debian/libudev1-udeb.install1
-rw-r--r--debian/libudev1.install1
-rw-r--r--debian/libudev1.symbols100
-rw-r--r--debian/patches/Add-helper-for-case-independent-string-equality-checks.patch24
-rw-r--r--debian/patches/Always-free-deserialized_subscribed-on-reload.patch25
-rw-r--r--debian/patches/Drop-bundled-copy-of-linux-if_arp.h.patch219
-rw-r--r--debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch34
-rw-r--r--debian/patches/Revert-udev-do-not-execute-hwdb-builtin-import-twice-or-t.patch52
-rw-r--r--debian/patches/analyze-slightly-reword-PrivateTmp-message.patch26
-rw-r--r--debian/patches/ata_id-Fixed-getting-Response-Code-from-SCSI-Sense-Data-2.patch37
-rw-r--r--debian/patches/basic-add-make_mount_point_inode-helper.patch239
-rw-r--r--debian/patches/basic-unit-name-adjust-comments.patch36
-rw-r--r--debian/patches/basic-unit-name-do-not-use-strdupa-on-a-path.patch65
-rw-r--r--debian/patches/btrfs-util-add-helper-that-abstracts-might-be-btrfs-subvo.patch106
-rw-r--r--debian/patches/core-fix-mtime-calculation-of-dropin-files.patch100
-rw-r--r--debian/patches/coredump-do-not-allow-user-to-access-coredumps-with-chang.patch388
-rw-r--r--debian/patches/debian/Add-env-variable-for-machine-ID-path.patch77
-rw-r--r--debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch30
-rw-r--r--debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch21
-rw-r--r--debian/patches/debian/Don-t-enable-audit-by-default.patch53
-rw-r--r--debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch74
-rw-r--r--debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch31
-rw-r--r--debian/patches/debian/Keep-journal-files-compatible-with-older-versions.patch69
-rw-r--r--debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch22
-rw-r--r--debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch42
-rw-r--r--debian/patches/debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch68
-rw-r--r--debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch24
-rw-r--r--debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch56
-rw-r--r--debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch37
-rw-r--r--debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch46
-rw-r--r--debian/patches/debian/Revert-udev-fix-memleak.patch30
-rw-r--r--debian/patches/debian/Revert-udev-link_update-should-fail-if-the-entry-in-symli.patch47
-rw-r--r--debian/patches/debian/Revert-udev-make-algorithm-that-selects-highest-priority-.patch163
-rw-r--r--debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch57
-rw-r--r--debian/patches/debian/Use-Debian-specific-config-files.patch459
-rw-r--r--debian/patches/debian/deny-list-upstream-test-02-ppc64el.patch17
-rw-r--r--debian/patches/debian/deny-list-upstream-test-25.patch17
-rw-r--r--debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch1065
-rw-r--r--debian/patches/debian/systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch52
-rw-r--r--debian/patches/debian/test-disable-DnsmasqClientTest.test_resolved_etc_hosts-in.patch131
-rw-r--r--debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch25
-rw-r--r--debian/patches/localed-Run-locale-gen-if-available-to-generate-missing-l.patch448
-rw-r--r--debian/patches/logind-fix-getting-property-OnExternalPower-via-D-Bus.patch36
-rw-r--r--debian/patches/machine-adjust-error-message-to-use-normalized-instead-of.patch28
-rw-r--r--debian/patches/machine-basic-factor-out-helper-function-to-add-airlocked.patch499
-rw-r--r--debian/patches/machine-enter-target-PID-namespace-when-adding-a-live-mou.patch105
-rw-r--r--debian/patches/machined-varlink-fix-double-free.patch22
-rw-r--r--debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch86
-rw-r--r--debian/patches/pkg-config-make-prefix-overridable-again.patch75
-rw-r--r--debian/patches/rm-rf-fstatat-might-fail-if-containing-dir-has-limited-ac.patch128
-rw-r--r--debian/patches/rm-rf-optionally-fsync-after-removing-directory-tree.patch39
-rw-r--r--debian/patches/rm-rf-refactor-rm_rf_children-split-out-body-of-directory.patch320
-rw-r--r--debian/patches/rules-Move-ID_SMARTCARD_READER-definition-to-a-70-configu.patch41
-rw-r--r--debian/patches/series66
-rw-r--r--debian/patches/shared-calendarspec-abort-calculation-after-1000-iteratio.patch55
-rw-r--r--debian/patches/shared-calendarspec-when-mktime-moves-us-backwards-jump-f.patch105
-rw-r--r--debian/patches/shared-mount-util-use-namespace_fork-utils.patch92
-rw-r--r--debian/patches/shared-rm-rf-loop-over-nested-directories-instead-of-inst.patch264
-rw-r--r--debian/patches/shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch99
-rw-r--r--debian/patches/shared-rm_rf-refactor-rm_rf_children_inner-to-shorten-cod.patch66
-rw-r--r--debian/patches/table-drop-trailing-white-spaces-of-the-last-cell-in-row.patch167
-rw-r--r--debian/patches/time-util-fix-buffer-over-run.patch55
-rw-r--r--debian/patches/tmpfiles-st-may-have-been-used-uninitialized.patch27
-rw-r--r--debian/patches/udev-always-create-device-symlinks-for-USB-disks.patch111
-rw-r--r--debian/patches/udev-first-set-properties-based-on-usb-subsystem.patch34
-rw-r--r--debian/patches/udevadm-trigger-do-not-return-immediately-on-EACCES.patch58
-rw-r--r--debian/patches/unit-name-generate-a-clear-error-code-when-convertin.patch59
-rw-r--r--debian/patches/virt-Fix-the-detection-for-Hyper-V-VMs.patch38
-rw-r--r--debian/patches/virt-Support-detection-for-ARM64-Hyper-V-guests.patch28
-rw-r--r--debian/patches/virt-detect-OpenStack-Nova-instance.patch21
-rwxr-xr-xdebian/rules315
-rw-r--r--debian/shlibs.local.in3
-rw-r--r--debian/source/format1
-rw-r--r--debian/systemd-container.install44
-rw-r--r--debian/systemd-container.lintian-overrides2
-rw-r--r--debian/systemd-container.maintscript2
-rw-r--r--debian/systemd-container.postinst10
-rw-r--r--debian/systemd-container.postrm12
-rw-r--r--debian/systemd-coredump.install11
-rw-r--r--debian/systemd-coredump.postinst16
-rw-r--r--debian/systemd-coredump.prerm15
-rw-r--r--debian/systemd-journal-remote.install29
-rw-r--r--debian/systemd-journal-remote.postinst10
-rw-r--r--debian/systemd-sysv.install14
-rw-r--r--debian/systemd-sysv.postinst11
-rw-r--r--debian/systemd-tests.install1
-rw-r--r--debian/systemd-tests.lintian-overrides2
-rw-r--r--debian/systemd-timesyncd.install7
-rw-r--r--debian/systemd-timesyncd.postinst29
-rw-r--r--debian/systemd-timesyncd.postrm11
-rw-r--r--debian/systemd.NEWS65
-rw-r--r--debian/systemd.bug-control1
-rw-r--r--debian/systemd.bug-script43
-rw-r--r--debian/systemd.dirs1
-rw-r--r--debian/systemd.install71
-rw-r--r--debian/systemd.links32
-rw-r--r--debian/systemd.lintian-overrides1
-rw-r--r--debian/systemd.maintscript12
-rw-r--r--debian/systemd.postinst148
-rw-r--r--debian/systemd.postrm30
-rw-r--r--debian/systemd.preinst21
-rw-r--r--debian/systemd.prerm15
-rw-r--r--debian/systemd.triggers1
-rw-r--r--debian/tests/assert.sh34
-rwxr-xr-xdebian/tests/boot-and-services558
-rwxr-xr-xdebian/tests/boot-smoke86
-rwxr-xr-xdebian/tests/build-login38
-rw-r--r--debian/tests/control199
-rwxr-xr-xdebian/tests/fsck27
-rwxr-xr-xdebian/tests/hostnamed22
-rw-r--r--debian/tests/lidswitch.evemu34
-rwxr-xr-xdebian/tests/localed-locale63
-rwxr-xr-xdebian/tests/localed-x11-keymap52
-rwxr-xr-xdebian/tests/logind204
-rwxr-xr-xdebian/tests/process-killer9
-rw-r--r--debian/tests/root-unittests26
-rwxr-xr-xdebian/tests/storage271
-rwxr-xr-xdebian/tests/systemd-fsckd297
-rwxr-xr-xdebian/tests/timedated188
-rwxr-xr-xdebian/tests/udev13
-rwxr-xr-xdebian/tests/unit-config369
-rwxr-xr-xdebian/tests/upstream65
-rw-r--r--debian/udev-udeb.dirs1
-rw-r--r--debian/udev-udeb.install21
-rw-r--r--debian/udev.NEWS25
-rw-r--r--debian/udev.README.Debian150
-rw-r--r--debian/udev.bug-control1
-rw-r--r--debian/udev.bug-script14
-rw-r--r--debian/udev.init255
-rw-r--r--debian/udev.install26
-rw-r--r--debian/udev.links1
-rw-r--r--debian/udev.lintian-overrides3
-rw-r--r--debian/udev.maintscript3
-rw-r--r--debian/udev.postinst88
-rw-r--r--debian/udev.postrm14
-rw-r--r--debian/udev.preinst83
-rw-r--r--debian/udev.prerm31
-rw-r--r--debian/udev.triggers1
-rw-r--r--debian/upstream/metadata4
-rw-r--r--debian/watch3
199 files changed, 21176 insertions, 0 deletions
diff --git a/debian/README.Debian b/debian/README.Debian
new file mode 100644
index 0000000..11f5e32
--- /dev/null
+++ b/debian/README.Debian
@@ -0,0 +1,112 @@
+Enabling persistent logging in journald
+=======================================
+
+To enable persistent logging, create /var/log/journal:
+
+ mkdir -p /var/log/journal
+ systemd-tmpfiles --create --prefix /var/log/journal
+
+systemd will make the journal files owned by the "systemd-journal" group and
+add an ACL for read permissions for users in the "adm" group.
+To grant a user read access to the system journal, add them to one of the two
+groups.
+
+This will allow you to look at previous boot logs with e. g.
+"journalctl -b -1".
+
+If you enable persistent logging, consider uninstalling rsyslog or any other
+system-log-daemon, to avoid logging everything twice.
+
+Debugging boot/shutdown problems
+================================
+
+The "debug-shell" service starts a root shell on VT 9 which is available very
+early during boot and very late during shutdown. You can temporarily enable
+this when booting the system does not get sufficiently far to get a desktop or
+even the text console logins (getty), or when shutdown hangs eternally.
+
+For boot problems the recommended way is to append "systemd.debug-shell" to the
+kernel command line in the bootloader.
+For shutdown problems, run "systemctl start debug-shell" as root, then shut
+down.
+
+WARNING: Please avoid "systemctl enable debug-shell" as this will start the
+debug shell permanently which is a SECURITY HOLE as it allows unauthenticated
+and unrestricted root access to your computer if you forget to disable it!
+Please only enable it if you cannot pass "systemd.debug-shell" to the boot
+loader for some reason, and then immediately run "systemctl disable debug-shell"
+after booting.
+
+Once the boot/shutdown problem happened, switch to VT9 (Ctrl+Alt+F9). There you
+can use the usual systemctl or journalctl commands, or any other Linux shell
+command to list or kill processes. For example, run "systemctl list-jobs" to
+see what's currently being run, or "systemctl" to find units which are not in
+the expected state (e. g. "failed" for boot or still "active" during shutdown),
+and then get more detailed information with "systemctl status -l foo.service"
+to get a service "foo"'s status and recent logging.
+
+In situations where the debug shell is not available, you can generate a
+/shutdown-log.txt file instead:
+1. Boot with these kernel command line options:
+ systemd.log_level=debug systemd.log_target=kmsg log_buf_len=1M
+2. Save the following script as /lib/systemd/system-shutdown/debug.sh and make it executable:
+ #!/bin/sh
+ mount -o remount,rw /
+ dmesg > /shutdown-log.txt
+ mount -o remount,ro /
+3. Reboot
+
+Enable and use networkd
+=======================
+networkd is a small and lean service to configure network interfaces, designed
+mostly for server use cases in a world with hotplugged and virtualized
+networking. Its configuration is similar in spirit and abstraction level to
+ifupdown, but you don't need any extra packages to configure bridges, bonds,
+vlan etc. It is not very suitable for managing WLANs yet; NetworkManager is
+still much more appropriate for such Desktop use cases.
+
+networkd is not enabled by default; run
+
+ systemctl enable systemd-networkd
+
+if you want to use it. After that you need to create some *.network
+configuration files. In the simplest case you just want to run DHCP on all
+available Ethernet interfaces:
+
+--- /etc/systemd/network/all-eth.network ---
+[Match]
+Name=e*
+[Network]
+DHCP=yes
+
+This will match on both the kernel "ethN" as well as the predictable interface
+names "en*". Please see man systemd.network(5) for all available configuration
+options and examples.
+
+You need to make sure that interfaces handled by networkd are not handled by
+ifupdown (/etc/network/interfaces) and NetworkManager.
+
+Note that interfaces brought up/down will *not* run hooks in
+/etc/network/if-*.d/.
+
+It is recommended to use networkd together with systemd-resolved(8) to
+dynamically manage /etc/resolv.conf:
+
+ systemctl enable systemd-resolved
+ ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
+
+Debian's networkd has been modified to also work with the resolvconf package.
+
+KillUserProcesses behavior in Debian
+====================================
+
+If KillUserProcesses=yes is configured in logind.conf(5), the session scope
+will be terminated when the user logs out of that session.
+
+See logind.conf(5):
+
+| Note that setting KillUserProcesses=yes will break tools like screen(1) and
+| tmux(1), unless they are moved out of the session scope.
+
+The default for KillUserProcesses in /etc/systemd/logind.conf is set
+to "yes" in upstream systemd, though Debian defaults to "no" (see #825394).
diff --git a/debian/README.source b/debian/README.source
new file mode 100644
index 0000000..e3ba8cf
--- /dev/null
+++ b/debian/README.source
@@ -0,0 +1,103 @@
+Building from source
+--------------------
+Install “git-buildpackage” and run the following steps:
+
+ gbp clone git+ssh://git.debian.org/git/pkg-systemd/systemd.git
+ cd systemd
+ gbp buildpackage
+
+We recommend you use pbuilder to make sure you build in a clean environment:
+
+ gbp buildpackage --git-pbuilder
+
+Changelog
+---------
+The systemd package uses gbp dch for automatically generating
+debian/changelog entries from the corresponding git commits. This makes
+cherry-picking, merging, and rebasing much simpler.
+
+Thus, for any packaging change *don't* modify debian/changelog, just write a
+meaningful git commit log with proper bug references (such as "Closes: #12345"
+on the last line). For doing a release, run
+
+ gbp dch --auto
+
+then beautify the generated debian/changelog, then run the usual "dch -r" and
+"debcommit -ar --sign-tags".
+
+Patch handling
+--------------
+The systemd package uses gbp pq for maintaining patches with a git-like
+workflow in a "patch-queue/<branch>" local branch and then exporting them as
+quilt series. For working on patches you run
+
+ gbp pq import --force
+
+Then you are in the patch-queue branch and can git log, commit, cherry-pick
+upstream commits, rebase, etc. there. After you are done, run
+
+ gbp pq export
+
+which will put you back into master and update debian/patches/ (including
+series). You need to git add etc. new patches, possibly other
+packaging changes, and then git commit as usual.
+
+systemd uses gbp pq's "topic" branches for organizing patches; for simplicity
+(as this is the most common operation), upstream cherry-picks go into the
+"empty" topic (i. e. directly into debian/patches/), while Debian specific
+patches go into "Gbp-Pq: Topic debian" (i. e. debian/patches/debian/).
+
+Rebasing patches to a new upstream version
+------------------------------------------
+gbp pq's "rebase" command does not work very conveniently as it fails on merge
+conflicts. First, ensure you are in the master branch:
+
+ git checkout master # in case you aren't already
+
+Now, do one of
+
+ (1) To import a new upstream release into the existing master branch for unstable,
+do:
+
+ gbp pq import --force
+ gbp pq switch # switch back to master from patch-queue/master
+ gbp import-orig [...]
+ gbp pq switch # switch to patch-queue/master
+ git rebase master
+
+ (2) To import a new upstream release into a new branch for Debian experimental, do:
+
+ git branch experimental
+ git checkout experimental
+ editor debian/gbp.conf # set "debian-branch=experimental"
+ gbp import-orig [...]
+ git branch patch-queue/experimental patch-queue/master
+ git checkout patch-queue/experimental
+ git rebase experimental
+
+Now resolve all the conflicts, skip obsolete patches, etc. When you are done, run
+
+ gbp pq export
+
+Note that our debian/gbp.conf disables patch numbers.
+
+Cherry-picking upstream patches
+-------------------------------
+You can add the systemd upstream branch as an additional remote to the Debian
+packaging branch. Call it "github" or similar to avoid confusing it with the
+already existing "upstream" branch from git-buildpackage:
+
+ git remote add github https://github.com/systemd/systemd.git
+ git fetch github -n
+
+Now you can look at the upstream log and cherry-pick patches into the
+patch-queue branch:
+
+ gbp pq import --force
+ git log github/master
+ git cherry-pick 123DEADBEEF
+
+debian/git-cherry-pick is a nice tool to automate all that:
+
+ debian/git-cherry-pick 123DEADBEEF 987654 AFFE99
+ git checkout master # switch back from patch-queue branch
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..7314dfc
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,6860 @@
+systemd (247.3-7+deb11u4) bullseye; urgency=medium
+
+ * backport patches to fix a calendar spec calculation hang on DST change
+ if TZ=Europe/Dublin (Closes: #1033540)
+
+ -- Luca Boccassi <bluca@debian.org> Sun, 18 Jun 2023 15:55:54 +0100
+
+systemd (247.3-7+deb11u3) bullseye; urgency=medium
+
+ * udev: fix creating /dev/serial/by-id/ symlinks for USB devices.
+ (Closes: #1035094)
+ * Fix memory leak on daemon-reload
+
+ -- Luca Boccassi <bluca@debian.org> Sun, 30 Apr 2023 13:56:31 +0100
+
+systemd (247.3-7+deb11u2) bullseye; urgency=medium
+
+ [ Michael Biebl ]
+ * ata_id: fix getting Response Code from SCSI Sense Data.
+ (Closes: #1021579)
+ * logind: fix getting property OnExternalPower via D-Bus (Closes:
+ #1021644)
+
+ [ Luca Boccassi ]
+ * Backport patch to fix CVE-2022-4415 (Closes: #1026831)
+ * Backport patch to fix CVE-2022-3821
+ * Backport patch to fix crash in systemd-machined (Closes: #1023567)
+
+ -- Luca Boccassi <bluca@debian.org> Thu, 22 Dec 2022 12:55:42 +0100
+
+systemd (247.3-7+deb11u1) bullseye; urgency=medium
+
+ * Drop bundled copy of linux/if_arp.h.
+ Fixes build failures with newer kernel headers.
+ * virt: support detection for ARM64 Hyper-V guests (Closes: #1013342)
+ * virt: detect OpenStack instance as KVM on arm (Closes: #1016157)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 07 Aug 2022 15:25:09 +0200
+
+systemd (247.3-7) bullseye; urgency=medium
+
+ * Switch debian-branch to debian/bullseye
+ * udevadm-trigger: do not return immediately on EACCES.
+ Fixes a regression when using systemd-networkd in an unprivileged LXD
+ container. (Closes: #997006)
+ * Revert multipath symlink race fix.
+ Revert upstream commits which caused a regression in udev resulting in
+ long delays when processing partitions with the same label.
+ (Closes: #993738)
+ * shared/rm-rf: loop over nested directories instead of recursing.
+ Fixes uncontrolled recursion in systemd-tmpfiles.
+ (CVE-2021-3997, Closes: #1003467)
+ * Demote systemd-timesyncd from Depends to Recommends.
+ This avoids a dependency cycle between systemd and systemd-timesyncd and
+ thus makes dist upgrades more predictable and robust.
+ It also allows minimal, systemd based containers where no NTP client is
+ strictly necessary.
+ To ensure that systemd-timesyncd is installed in a default installation
+ created by d-i, bump its priority to standard.
+ (Closes: #986651, #993947)
+ * autopktest: Fix timedated test dependencies.
+ Add an explicit systemd-timesyncd dependency as it is required by the
+ timedated test.
+ * machine: enter target PID namespace when adding a live mount.
+ Fixes failure to bind mount a directory into a container using
+ machinectl. (Closes: #993248)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 20 Mar 2022 20:55:25 +0100
+
+systemd (247.3-6) unstable; urgency=high
+
+ * Non-maintainer upload (acked by maintainers)
+ * unit-name: generate a clear error code when converting an overly long fs
+ path to a unit name
+ * basic/unit-name: do not use strdupa() on a path (CVE-2021-33910)
+ * basic/unit-name: adjust comments
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Tue, 13 Jul 2021 19:29:24 +0200
+
+systemd (247.3-5) unstable; urgency=medium
+
+ * udev-udeb: setup /dev/fd, /dev/std{in,out,err} symlinks.
+ As systemd-udevd no longer sets them up itself, we create them manually
+ after mounting devtmpfs. This avoids breaking applications which expect
+ those symlinks. (Closes: #975018)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 12 Apr 2021 20:21:24 +0200
+
+systemd (247.3-4) unstable; urgency=medium
+
+ [ Luca Boccassi ]
+ * Backport patch to fix assert with invalid LoadCredentials=
+ Regression introduced in v247, fixed in v249, see:
+ https://github.com/systemd/systemd/issues/19178
+ (Closes: #986302)
+
+ [ Michael Biebl ]
+ * network: Delay addition of IPv6 Proxy NDP addresses.
+ Fixes "IPv6 Proxy NDP addresses are being lost from interfaces after
+ networkd adds them". (Closes: #985510)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 11 Apr 2021 16:06:46 +0200
+
+systemd (247.3-3) unstable; urgency=medium
+
+ * pkg-config: make prefix overridable again (Closes: #984763)
+ * Revert "units: turn off DNSSEC validation when timesyncd resolves
+ hostnames"
+ Support for SYSTEMD_NSS_RESOLVE_VALIDATE=0 requires the changes from
+ https://github.com/systemd/systemd/pull/17823 for the dnssec bypass
+ logic. Those are rather invasive changes and not suitable for a stable
+ backport.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 11 Mar 2021 18:09:35 +0100
+
+systemd (247.3-2) unstable; urgency=medium
+
+ * Downgrade a couple of warnings to debug.
+ If a package still ships only a SysV init script or if a service file or
+ tmpfile uses /var/run, downgrade those messages to debug. We can use
+ lintian to detect those issues.
+ For service files and tmpfiles in /etc, keep the warning, as those files
+ are typically added locally and aren't checked by lintian.
+ (Closes: #981407)
+ * core: fix mtime calculation of dropin files
+ (Closes: #975289)
+ * analyze: slightly reword PrivateTmp= message
+ (Closes: #931753)
+ * rules: move ID_SMARTCARD_READER definition to a <70 configuration
+ (Closes: #978011)
+ * units: turn off DNSSEC validation when timesyncd resolves hostnames
+ (Closes: #898530)
+ * table: drop trailing white spaces of the last cell in row
+ (Closes: #980820)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 06 Mar 2021 22:32:14 +0100
+
+systemd (247.3-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 247.3
+ * Rebase patches
+
+ [ Ioanna Alifieraki ]
+ * systemctl: return error code when scheduled shutdown fails
+
+ -- Michael Biebl <biebl@debian.org> Wed, 03 Feb 2021 17:11:39 +0100
+
+systemd (247.2-5) unstable; urgency=medium
+
+ [ Matthias Klumpp ]
+ * Configure localed to run locale-gen to generate missing locale.
+ This applies an (upstreamed) patch to permit systemd-localed to run
+ locale-gen to generate missing locale when requested to switch the
+ system locale.
+ This makes localectl usable on Debian for changing locale without
+ breaking system localization or even prevent certain applications from
+ running at all after switching to a non-generated locale.
+
+ [ Michael Biebl ]
+ * systemctl: do not shutdown immediately on scheduled shutdown.
+ When, for whatever reason, a scheduled shutdown fails to be set, systemd
+ will proceed with immediate shutdown without allowing the user to react.
+ This is counterintuitive because when a scheduled shutdown is issued,
+ it means the user wants to shutdown at a specified time in the future,
+ not immediately. (Closes: #931235)
+ * test: disable DnsmasqClientTest.test_resolved_etc_hosts in
+ networkd-test.py.
+ This test appears to be flaky.
+ See: #979716
+ * Bump Standards-Version to 4.5.1
+ * Set upstream metadata fields: Bug-Submit, Bug-Database, Repository,
+ Repository-Browse
+
+ -- Michael Biebl <biebl@debian.org> Mon, 18 Jan 2021 13:45:15 +0100
+
+systemd (247.2-4) unstable; urgency=medium
+
+ * Move libraries and NSS modules from /lib to /usr/lib.
+ Keep libpam_systemd.so installed in /lib, as PAM doesn't support
+ loading PAM modules from /usr/lib on a split-usr system.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 02 Jan 2021 17:06:01 +0100
+
+systemd (247.2-3) unstable; urgency=medium
+
+ * test: use modern qemu numa arguments
+ This fixes TEST-36-NUMAPOLICY from the upstream autopkgtest when using
+ qemu >= 5.2.
+ * Increase timeout when running unit tests.
+ The default timeout for individual unit tests is 30s. On slower
+ architectures and environments like reproducible-builds, this sometimes
+ is not enough.
+ Instead of fine-tuning the timeout for each individual test, we instead
+ increase the timeouts by a factor of 10.
+ * init-functions, getty-static.service: Don't hard-code path to systemctl
+ binary.
+ This should simplify an eventual move of systemctl from /bin to
+ /usr/bin.
+ * getty-static.service: Skip if dbus-broker is installed.
+ Check for the binary in /usr/bin as this makes it easier to move the
+ service files from /lib/systemd to /usr/lib/systemd.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 26 Dec 2020 13:33:41 +0100
+
+systemd (247.2-2) unstable; urgency=medium
+
+ * Switch to "unified" cgroup hierarchy (i.e. cgroupv2) (Closes: #943981)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 21 Dec 2020 20:06:49 +0100
+
+systemd (247.2-1) unstable; urgency=medium
+
+ [ Balint Reczey ]
+ * debian/systemd.NEWS: Mention udev rules changes in 247
+
+ [ Michael Biebl ]
+ * New upstream version 247.2
+ * Rebase patches
+ * test: fix fd_is_mount_point() check
+
+ -- Michael Biebl <biebl@debian.org> Sun, 20 Dec 2020 20:44:31 +0100
+
+systemd (247.1-4) unstable; urgency=medium
+
+ [ наб ]
+ * debian/extra/kernel-install.d/85-initrd.install: Don't install initrd when
+ an explicit path was passed (Closes: #970213)
+ * debian/extra/kernel-install.d/85-initrd.install: Match initrd installation
+ messages and uninstallation to 90-loaderentry.install
+
+ [ Michael Biebl ]
+ * sd-device: keep escaped strings in DEVLINK= property (Closes: #976699)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 11 Dec 2020 20:25:31 +0100
+
+systemd (247.1-3) unstable; urgency=medium
+
+ * d/t/timedated: Ignore return code of dbus-monitor in wait_mon()
+ We are not really interested in the return code and error messages from
+ dbus-monitor after killing it, so ignore them to avoid undesired
+ autopkgtest failures.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 03 Dec 2020 23:53:29 +0100
+
+systemd (247.1-2) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Upload to unstable
+ * Revert "d/t/timedated: use /bin/bash to work around job handling issue in
+ dash"
+
+ [ Balint Reczey ]
+ * debian/tests/timedated: Wait for the killed child only.
+ There may be other children of the script due to autopkgtest machinery
+ and they exit after the script exited. (LP: #1904406)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 02 Dec 2020 23:25:32 +0100
+
+systemd (247.1-1) experimental; urgency=medium
+
+ * New upstream version 247.1
+
+ -- Michael Biebl <biebl@debian.org> Tue, 01 Dec 2020 17:17:28 +0100
+
+systemd (247-1) experimental; urgency=medium
+
+ * New upstream version 247
+ * Rebase patches
+ * Update symbol versions for the v247 release
+
+ -- Michael Biebl <biebl@debian.org> Thu, 26 Nov 2020 19:46:41 +0100
+
+systemd (247~rc2-3) experimental; urgency=medium
+
+ * Merge changes from unstable
+ * sd-device: make sd_device_has_current_tag() compatible with udev database
+ generated by older udevd
+ (Closes: #974730)
+ * Add Breaks: udev (<< 247~) to systemd.
+ This ensures that udev is upgraded alongside systemd and both support
+ the new udev tags concept introduced in v247. (Closes: #975554)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 26 Nov 2020 18:18:53 +0100
+
+systemd (247~rc2-2) experimental; urgency=medium
+
+ * missing: define several syscall numbers for MIPS arch (Closes: #974619)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 13 Nov 2020 19:22:04 +0100
+
+systemd (247~rc2-1) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 247~rc2
+ - tmpfiles: Handle filesystems without ACL support in more cases
+ (Closes: #972135)
+ * Rebase patches
+ * Explicitly disable oomd
+ * Use -Dmode=release as we want a release, not developer, build
+ * Update symbols file for libudev1 and libsystemd0
+
+ [ Luca Boccassi ]
+ * systemd-container: install systemd-dissect binary.
+ Required for TEST-50-DISSECT since:
+ https://github.com/systemd/systemd/pull/16046
+ * d/t/control: install squashfs-tools for upstream test.
+ Required by TEST-50-DISSECT since upstream PR:
+ https://github.com/systemd/systemd/pull/16046
+
+ [ Dan Streetman ]
+ * d/control: update meson minimum version
+ https://github.com/systemd/systemd/pull/13842#issuecomment-601105975
+ * d/t/upstream: convert 'blacklist' term to 'deny-list'
+ Support transition for upstream-ci from
+ https://github.com/systemd/systemd/pull/16262
+
+ -- Michael Biebl <biebl@debian.org> Thu, 12 Nov 2020 21:23:22 +0100
+
+systemd (246.6-5) unstable; urgency=medium
+
+ * Drop non-functional DefaultTasksMax patch.
+ This patch was supposed to remove the DefaultTasksMax limit, but lost
+ its actual logic over 4 years ago, when the patches were rebased for the
+ v231 release. Since nobody has complained so far, we can assume it is
+ safe to drop this patch. (Closes: #975335)
+ * test-seccomp: accept ENOSYS from sysctl(2) too.
+ It seems that kernel 5.9 started returning that.
+ * test/test-functions: copy /usr/lib/pam.d into $initdir.
+ The systemd-user file has been moved from /etc/pam.d into /usr/lib/pam.d,
+ so test-functions needs to copy it from /usr/lib/pam.d instead.
+
+ -- Michael Biebl <biebl@debian.org> Tue, 24 Nov 2020 21:53:25 +0100
+
+systemd (246.6-4) unstable; urgency=medium
+
+ * Revert "Trigger a systemctl daemon-reload when init scripts are installed
+ or removed"
+ Remove the dpkg file trigger which called systemctl daemon-reload whenever
+ a SysV init script was installed. We have proper support in debhelper
+ nowadays which makes this superfluous and we want to avoid unnecessary
+ systemctl daemon-reload calls.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 19 Nov 2020 22:35:48 +0100
+
+systemd (246.6-3) unstable; urgency=medium
+
+ * pam: include pam_keyinit session module in systemd-user.
+ We want that systemd --user gets its own keyring, not the basic keyring
+ set up by systemd --system.
+ * pam: move systemd-user PAM config from /etc/pam.d to /usr/lib/pam.d.
+ This is supported since PAM 1.2 and we want as little files in /etc as
+ possible.
+ * init-functions: update LSB hook to not use ignore-dependencies
+ job-mode=ignore-dependencies, as currently used in the LSB hook during
+ bootup and shutdown, can have undesired side-effects, like changing the
+ ordering of services and ultimately causing them to fail, due to unmet
+ dependencies.
+ So simplify that, and only apply --no-block on reload requests during
+ bootup and shutdown. (Closes: #960594)
+ * d/t/timedated: use /bin/bash to work around job handling issue in dash.
+ See: #975010
+
+ -- Michael Biebl <biebl@debian.org> Tue, 17 Nov 2020 23:34:07 +0100
+
+systemd (246.6-2) unstable; urgency=medium
+
+ * XDG autostart improvements
+ - Add support for Path= in XDG Desktop File
+ - Ignore more common XDG Desktop Entry fields
+ - Lower most info messages to debug level (Closes: #968116)
+ * Re-enable seccomp support on riscv64.
+ This should be safe now, as the code has fallbacks for systems with
+ older libseccomp versions.
+ * Move sysusers.d/sysctl.d/binfmt.d/modules-load.d back to /usr.
+ In Debian, late mounting of /usr is no longer supported, so it is safe
+ to install those files in /usr.
+ We want those facilities in /usr, not /, as this will make an eventual
+ switch to a merged-usr setup easier. (Closes: #971282)
+ * units: update serial-getty@.service to support 57600 baud rate
+ (Closes: #969144)
+ * bootspec: don't fail with EIO if searching for ESP and finding one without
+ an enveloping partition table
+ (Closes: #970534)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 15 Oct 2020 23:48:34 +0200
+
+systemd (246.6-1) unstable; urgency=medium
+
+ * New upstream version 246.6
+ * Rebase patches
+
+ -- Michael Biebl <biebl@debian.org> Mon, 21 Sep 2020 20:28:36 +0200
+
+systemd (246.5-1) unstable; urgency=medium
+
+ * New upstream version 246.5
+ - network: fix NDisc handling for the case when multiple routers exist
+ (Closes: #969599)
+ - core/socket: we may get ENOTCONN from socket_instantiate_service()
+ (Closes: #970156)
+ * Rebase patches
+
+ -- Michael Biebl <biebl@debian.org> Mon, 14 Sep 2020 08:04:39 +0200
+
+systemd (246.4-1) unstable; urgency=medium
+
+ * New upstream version 246.4
+ * Rebase patches
+
+ -- Michael Biebl <biebl@debian.org> Wed, 02 Sep 2020 13:30:52 +0200
+
+systemd (246.3-1) unstable; urgency=medium
+
+ * New upstream version 246.3
+ * Rebase patches
+
+ -- Michael Biebl <biebl@debian.org> Sat, 29 Aug 2020 18:39:32 +0200
+
+systemd (246.2-2) unstable; urgency=medium
+
+ [ Balint Reczey ]
+ * debian/systemd.postinst: Restart systemd-networkd.socket on incompatible
+ change.
+ PassCredentials=yes is replaced with PassPacketInfo=yes and extra padding is
+ dropped, too.
+ (Closes: #968589, LP: #1891716)
+
+ [ Michael Biebl ]
+ * Fix restart of systemd-networkd.socket.
+ We can't restart the socket while systemd-networkd.service is still
+ active. Instead we stop the socket and ensure, that a try-restart of
+ systemd-networkd.service also starts the socket.
+ * seccomp: Add support for riscv64 (Closes: #954312)
+ * Support missing conditions/asserts everywhere (Closes: #968612)
+ * path: Skip directories when finalising $PATH search (Closes: #969006)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 29 Aug 2020 16:24:49 +0200
+
+systemd (246.2-1) unstable; urgency=medium
+
+ * New upstream version 246.2
+ * Remove resolvconf.conf drop-in, resolved integration moved to resolvconf
+ package
+ * Rebase patches
+ * Add versioned Breaks against resolvconf (<< 1.83~) to systemd.
+ The PathExists= directive was changed in v246 to match the documented
+ behaviour but now causes resolvconf-pull-resolved.service to be
+ continuously triggered by resolvconf-pull-resolved.path.
+ This requires a fix in the resolvconf package, see #968015.
+ (Closes: #967906)
+ * Keep journal files compatible with older versions.
+ Disable the KEYED-HASH journal feature by default and keep LZ4 (instead
+ of ZSTD) as default compression for new journal files. Otherwise journal
+ files are incompatible and can't be read by older journalctl
+ implementations.
+ This patch can be dropped in bullseye+1, as journalctl from bullseye
+ will then be able to read journal files with those features.
+ (Closes: #968055)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 17 Aug 2020 22:28:09 +0200
+
+systemd (246.1-1) unstable; urgency=medium
+
+ * New upstream version 246.1
+ * Rebase patches
+
+ -- Michael Biebl <biebl@debian.org> Sun, 16 Aug 2020 13:14:46 +0200
+
+systemd (246-2) unstable; urgency=medium
+
+ * Upload to unstable
+
+ -- Michael Biebl <biebl@debian.org> Mon, 03 Aug 2020 09:46:27 +0200
+
+systemd (246-1) experimental; urgency=medium
+
+ * New upstream version 246
+ * Rebase patches
+ * Update symbols file for libsystemd0
+ * Bump libapparmor-dev Build-Depends to (>= 2.13)
+ * Disable libfido2 support.
+ This is only used by homed which we don't enable.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 30 Jul 2020 22:22:24 +0200
+
+systemd (245.7-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 245.7
+ - resolve: enable RES_TRUSTAD towards the 127.0.0.53 stub resolver
+ (Closes: #965371)
+ - basic/cap-list: parse/print numerical capabilities
+ (Closes: #964926)
+ * Rebase patches
+
+ [ Dan Streetman ]
+ * Add libzstd-dev and zstd as build and test deps.
+ https://github.com/systemd/systemd/pull/15422
+
+ -- Michael Biebl <biebl@debian.org> Mon, 27 Jul 2020 23:24:47 +0200
+
+systemd (245.6-3) unstable; urgency=medium
+
+ [ Dan Streetman ]
+ * d/t/upstream: capture new merged 'system.journal' from tests.
+ https://github.com/systemd/systemd/pull/15281
+ * d/t/upstream: use --directory or --file param for journalctl.
+ Properly tell journalctl if the journal to parse is a dir or file.
+ * d/t/storage: check for ext2 or ext4 fs when using crypttab 'tmp' option.
+ https://github.com/systemd/systemd/pull/15853
+
+ [ Martin Pitt ]
+ * debian/tests/localed-locale: Fix for environments without en_US.UTF-8.
+ Unconditionally back up/restore locale configuration files and generate
+ en_US.UTF-8. Previously the test failed in environments which have some
+ locale other than en_US.UTF-8 in /etc/default/locale.
+ Also fix the assertion of /etc/locale.conf not being present after
+ localectl. This only applies to Debian/Ubuntu tests, not upstream ones.
+
+ [ Dimitri John Ledkov ]
+ * Enable EFI/bootctl on armhf.
+
+ -- Michael Biebl <biebl@debian.org> Tue, 14 Jul 2020 18:16:57 +0200
+
+systemd (245.6-2) unstable; urgency=medium
+
+ [ Dan Streetman ]
+ * 40-vm-hotadd.rules: check offline before onlining memory/cpus.
+ The kernel will return EINVAL if the memory or cpu is already online,
+ which is harmless, but adds a confusing error to the log. Avoid the error
+ message by only onlining if the memory or cpu is currently offline.
+ (LP: #1876018)
+
+ [ Michael Biebl ]
+ * d/t/boot-and-services: use canonical name for NetworkManager service
+ * Fix build with libmicrohttpd 0.9.71.
+ The return type of callbacks was changed from int to an enum.
+
+ [ Youfu Zhang ]
+ * fsckd: avoid useless CR displayed on console (LP: #1692353)
+
+ [ Balint Reczey ]
+ * dhclient-exit-hooks.d/timesyncd: Act only when systemd-timesyncd is available.
+ Otherwise the hook script might trigger an error if the
+ systemd-timesyncd package is uninstalled but not purged. (LP: #1873031)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 05 Jul 2020 11:44:39 +0200
+
+systemd (245.6-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 245.6
+ * Rebase patches
+
+ [ Balint Reczey ]
+ * debian/tests/boot-and-services: Handle missing fstab (LP: #1877078)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 08 Jun 2020 00:56:37 +0200
+
+systemd (245.5-3) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Bump priority of libnss-systemd to standard
+ * logind: avoid shadow lookups when doing userdb client side
+ * Disable DNSSEC support by default in resolved.
+ The upstream default, DNSSEC=allow-downgrade can lead to compatibility
+ issues with certain network access points. Previously, DNSSEC support
+ was only turned off when built for a stable Debian release, but it is
+ safer and more consistent to just generally change the default to
+ DNSSEC=no. (Closes: #959996)
+ * Bump debhelper compatibility level to 13.
+ Use the debhelper-compat package to declare the compatibility level and
+ drop debian/compat.
+ * Convert to dh_installsystemd and disable dh_installsystemduser
+ * Drop custom initramfs update code.
+ Now handled by dh_installinitramfs which is enabled by default in compat
+ level 12 and above.
+
+ [ Dan Streetman ]
+ * Cherry-pick fix from upstream master to adjust UseGateway= default
+ - network: change UseGateway= default to UseRoutes= setting
+ - network: honor SetDNSRoutes= even if UseGateway=False
+ (LP: #1867375)
+
+ [ Topi Miettinen ]
+ * Delete empty lines at end of file.
+ Upstream commit hooks don't allow empty lines and of course they serve no
+ purpose.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 17 May 2020 19:28:49 +0200
+
+systemd (245.5-2) unstable; urgency=medium
+
+ * Cherry-pick various fixes from upstream master
+ - network: add a flag to ignore gateway provided by DHCP server
+ - userdb: when doing client-side NSS look-ups optionally avoid shadow
+ look-ups
+ - nss-systemd: don't synthesize root/nobody when iterating
+ - core: make sure we don't get confused when setting TERM for a tty fd
+ - core: make sure to restore the control command id, too
+ * Install 60-block.rules in udev-udeb and initramfs-tools.
+ The block device rules were split out from 60-persistent-storage.rules
+ into its own rules file in v220. Those rules ensure that change events
+ are emitted and the udev db is updated after metadata changes.
+ Thanks to Pascal Hambourg (Closes: #958397)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 27 Apr 2020 17:38:44 +0200
+
+systemd (245.5-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 245.5
+ * Rebase patches
+
+ [ Dan Streetman ]
+ * Follow symlinks when finding link files to copy into initramfs.
+ If the /{etc,lib}/systemd/network directory itself is a symlink, the find
+ command will not actually find any of the files in the dir it links to.
+ Use the find -L param to follow symlinks.
+ (LP: #1868892)
+ * Remove Ubuntu-specific ondemand.service.
+ New processors handle scaling/throttling in internal firmware
+ (e.g. intel_pstate), and do not require OS config.
+ Additionally, nobody else does this, not even Debian.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 18 Apr 2020 20:41:18 +0200
+
+systemd (245.4-4) unstable; urgency=medium
+
+ * Drop Conflicts: virtualbox-guest-utils from systemd-timesyncd.
+ Otherwise this could lead to virtualbox-guest-utils being uninstalled on
+ upgrades which is not intended. (Closes: #956436)
+ * pid1: automatically generate systemd-remount-fs.service deps, plus enable
+ systemd-pstore from sysinit.target
+ * Fix systemd-pstore.service enablement symlink on upgrades.
+ It is now started via sysinit.target. Also clean up the symlink on
+ purge.
+
+ -- Michael Biebl <biebl@debian.org> Mon, 13 Apr 2020 11:34:31 +0200
+
+systemd (245.4-3) unstable; urgency=medium
+
+ [ Dan Streetman ]
+ * d/rules: in dh_auto_test, include meson param --print-errorlogs.
+ Also, don't cat testlog.txt; it's noisy and not very helpful.
+ Upstream request:
+ https://github.com/systemd/systemd/pull/14338#issuecomment-603432989
+
+ [ Michael Biebl ]
+ * pid1: by default make user units inherit their umask from the user manager
+ (Closes: #945000)
+ * user-util: rework how we validate user names.
+ This reworks the user validation infrastructure. There are now two
+ modes. In regular mode we are strict and test against a strict set of
+ valid chars. And in "relaxed" mode we just filter out some really
+ obvious, dangerous stuff. i.e. strict is whitelisting what is OK, but
+ "relaxed" is blacklisting what is really not OK.
+ The idea is that we use strict mode whenever we allocate a new user,
+ while "relaxed" mode is used when we process users registered elsewhere.
+ (Closes: #955541)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 10 Apr 2020 11:55:15 +0200
+
+systemd (245.4-2) unstable; urgency=medium
+
+ [ Balint Reczey ]
+ * Ship systemd-timesyncd in a separate package.
+ The new systemd-timesyncd package conflicting with other NTP-related
+ packages resolves the problems arising when running systemd-timesyncd
+ and other NTP servers on the same system.
+ (LP: #1849156, Closes: #805927, #947936)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 04 Apr 2020 08:59:50 +0200
+
+systemd (245.4-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 245.4
+ - Allow names starting with a digit (Closes: #954174)
+ - Recognize davfs as network file system (Closes: #954755)
+ * Enable systemd-pstore.service by default on new installs and upgrades
+ (Closes: #952767)
+ * Revert "Enable seccomp support on riscv64"
+ This requires further changes to the source code and a newer, not yet
+ officially released, libseccomp. Since this complicates backports revert
+ this change for the time being.
+
+ [ Dan Streetman ]
+ * d/t/logind: use grep -s when checking /sys/power/state.
+ Some kernels in Ubuntu (e.g. linux-kvm) do not enable CONFIG_PM, which
+ results in stderr output when the logind test tries to grep the power
+ state file, causing the test to fail. The test already handles skipping
+ the test if suspend isn't supported, so just use -s to suppress grep
+ from printing to stderr if the file doesn't exist.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 02 Apr 2020 11:58:18 +0200
+
+systemd (245.2-1) unstable; urgency=medium
+
+ * New upstream version 245.2
+ * Rebase patches
+ * Enable seccomp support on riscv64 (Closes: #954077)
+ * Drop migration code for the switch from DynamicUser=yes to no.
+ This code is no longer needed as it only affected systems between 239-1
+ and 239-5, i.e. it never affected a stable release.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 18 Mar 2020 23:32:08 +0100
+
+systemd (245-2) unstable; urgency=medium
+
+ * Revert "job: Don't mark as redundant if deps are relevant"
+ This change negatively affects plymouth which was no longer properly
+ stopped after the system has completed booting. The running plymouth
+ daemon can trigger a VT switch (to tty1). (Closes: #953670)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 12 Mar 2020 13:55:26 +0100
+
+systemd (245-1) unstable; urgency=medium
+
+ [ Balint Reczey ]
+ * New upstream version 245
+ * Refresh patches
+ * Update symbols
+
+ [ Michael Biebl ]
+ * Disable repart, userdb, homed, fdisk, pwquality, p11kit feature.
+ Those are new features which drag in new dependencies and need further
+ review first.
+ * analyze: Fix table time output
+ * execute: Fix migration from DynamicUser=yes to no
+ * Drop manual clean up of /var/lib/private/systemd/timesync.
+ This is now done properly by systemd itself when a service switches from
+ DynamicUser=yes to no.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 11 Mar 2020 13:33:37 +0100
+
+systemd (244.3-1) unstable; urgency=medium
+
+ * New upstream version 244.3
+ - Revert "Support Plugable UD-PRO8 dock"
+ Unfortunately the same usb hub is used in other places, and causes
+ numerous regressions. (Closes: #951330)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 15 Feb 2020 15:44:45 +0100
+
+systemd (244.2-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 244.2
+ - polkit: when authorizing via PolicyKit re-resolve callback/userdata
+ instead of caching it (CVE-2020-1712, Closes: #950732)
+ * Rebase patches
+ * Bump Standards-Version to 4.5.0
+
+ [ Balint Reczey ]
+ * Remove empty /var/log/journal/ on purge
+
+ -- Michael Biebl <biebl@debian.org> Fri, 07 Feb 2020 19:24:20 +0100
+
+systemd (244.1-3) unstable; urgency=medium
+
+ * Update documentation regarding network interface naming.
+ Document that 73-usb-net-by-mac.link needs to be masked together with
+ 99-default.link if one wants to disable the systemd naming scheme and keep
+ the kernel-provided names. (Closes: #946196)
+ * Update debian/rules clean target to remove all Python bytecode
+ * Update systemd package description.
+ Recommend init=/lib/systemd/systemd instead of init=/bin/systemd.
+ The latter is just a compat symlink which might go away eventually.
+ * shared/dropin: fix assert for invalid drop-in.
+ Fixes an assertion when running systemctl cat on inexistent
+ unit templates. (Closes: #950489)
+ * core: call dynamic_user_acquire() only when 'group' is non-null.
+ Fixes an assertion in systemd which could happen if a unit is reloaded
+ and the unit is in bad-setting state. (Closes: #950409)
+ * Don't fail upgrade if /proc is not mounted.
+ Applying ACLs on /var/log/journal via systemd-tmpfiles requires a
+ mounted /proc. Skip this step if /proc is not available, e.g. in a
+ chroot. (Closes: #950533)
+
+ -- Michael Biebl <biebl@debian.org> Tue, 04 Feb 2020 00:11:55 +0100
+
+systemd (244.1-2) unstable; urgency=medium
+
+ * Report status of libpam-systemd and libnss-systemd in systemd reportbug
+ template.
+ Since the libpam-systemd Recommends was moved from systemd to
+ systemd-sysv we no longer get this information automatically, so request
+ it explicitly.
+ * Drop btrfs-progs Recommends from systemd-container.
+ Upstream has dropped the logic of setting up /var/lib/machines as btrfs
+ loopback mount so this Recommends is no longer necessary.
+ * Fix processing of dpkg triggers in systemd.
+ We need to use $@ instead of "$@" so we can iterate through the
+ individual trigger names which are passed as a space separated list in
+ the second argument.
+ * Fix cleanup of timesyncd state directory
+ * Enable persistent journal.
+ Create /var/log/journal on upgrades and new installs. This enables
+ persistent journal in auto mode. (Closes: #717388)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 01 Feb 2020 02:59:12 +0100
+
+systemd (244.1-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 244.1
+ - network: fix segfault in parsing SendOption= (Closes: #946475)
+ * core: don't allow perpetual units to be masked (Closes: #948710)
+
+ [ Balint Reczey ]
+ * debian/watch: Switch to watch tags at github.com/systemd/systemd-stable.
+ Upstream point releases appear there.
+
+ [ Helmut Grohne ]
+ * Add basic support for the noinsttest build profile
+ * Annotate dbus build dependency with <!noinsttest>
+ The dbus library is needed for building tests. As such it must be
+ present unless we disable both build time and installed tests.
+ Previously, building with the nocheck profile worked, but it didn't
+ reproduce a regular build.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 25 Jan 2020 18:53:23 +0100
+
+systemd (244-3) unstable; urgency=medium
+
+ * Update udev-udeb to use 73-usb-net-by-mac.link
+
+ -- Michael Biebl <biebl@debian.org> Mon, 02 Dec 2019 23:44:52 +0100
+
+systemd (244-2) unstable; urgency=medium
+
+ * Add lintian override for udev.
+ 60-autosuspend-chromiumos.rules triggers a udev-rule-missing-subsystem
+ warning. This is a false positive, as SUBSYSTEM is tested at the
+ beginning of the rules file.
+ * Add lintian override for systemd-container
+ systemd-nspawn@.service triggers a
+ systemd-service-file-refers-to-unusual-wantedby-target warning but
+ nspawn containers are supposed to be started via machines.target.
+ * Make it easier to override MAC based name policy for USB network adapters.
+ Replace 73-usb-net-by-mac.rules with 73-usb-net-by-mac.link. The .link
+ file provides the same functionality but makes it easier to set a custom
+ name for USB network adapters via the systemd.link mechanism.
+ Thanks to Benjamin Poirier (Closes: #941636)
+ * Move libpam-systemd Recommends from systemd to systemd-sysv.
+ libpam-systemd is only really useful if systemd is PID 1 and the systemd
+ package should be installable without affecting another installed init
+ system. (Closes: #926316)
+ * Upload to unstable
+
+ -- Michael Biebl <biebl@debian.org> Mon, 02 Dec 2019 17:57:55 +0100
+
+systemd (244-1) experimental; urgency=medium
+
+ * New upstream version 244
+ - udev: do not propagate error when executing PROGRAM and IMPORT{program}
+ (Closes: #944675)
+ - sd-event: don't invalidate source type on disconnect
+ (Closes: #945332)
+ * Rebase patches
+
+ -- Michael Biebl <biebl@debian.org> Sat, 30 Nov 2019 16:39:57 +0100
+
+systemd (243-9) unstable; urgency=medium
+
+ [ Daniel Kahn Gillmor ]
+ * resolved: fix connection failures with TLS 1.3 and GnuTLS (Closes: #945507)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 29 Nov 2019 21:33:19 +0100
+
+systemd (243-8) unstable; urgency=medium
+
+ * udevadm: ignore EROFS and return earlier.
+ Fixes failures of "udevadm trigger" in containers with a readonly /sys.
+ (Closes: #944860)
+ * udev: silence warning about PROGRAM+= or IMPORT+= rules (Closes: #944917)
+ * man: add entry about SpeedMeter= (Closes: #944597)
+ * udev: drop SystemCallArchitectures=native from systemd-udevd.service.
+ We can't really control what helper programs are run from other udev
+ rules. E.g. running i386 binaries under amd64 is a valid use case and
+ should not trigger a SIGSYS failure. (Closes: #869719)
+
+ -- Michael Biebl <biebl@debian.org> Tue, 19 Nov 2019 09:17:12 +0100
+
+systemd (243-7) unstable; urgency=medium
+
+ * Fix build failure on arm64 with libseccomp >= 2.4.2
+
+ -- Michael Biebl <biebl@debian.org> Fri, 15 Nov 2019 22:01:17 +0100
+
+systemd (243-6) unstable; urgency=medium
+
+ * Revert "sysusers: properly mark generated accounts as locked"
+ We shouldn't lock the accounts because people actually need to use them, and
+ if they are locked, various tools will refuse.
+ * udev: ignore error caused by device disconnection.
+ During an add or change event, the device may be disconnected.
+ (Closes: #944586)
+ * udev: do not append newline when writing attributes
+
+ -- Michael Biebl <biebl@debian.org> Thu, 14 Nov 2019 14:09:49 +0100
+
+systemd (243-5) unstable; urgency=medium
+
+ * Switch default hierarchy (back) to hybrid.
+ Since v243, the new upstream default is unified, but this still causes
+ regressions in important packages, like LXC or Docker, so switch the
+ default back to hybrid for now.
+ * Drop masks for SysV init scripts that have been dropped
+ * Drop masks for SysV init scripts provided by initscripts and bootlogd
+ * logind: fix emission of PropertiesChanged signal for users and seats
+ * Bump Standards Version to 4.4.1
+ * Upload to unstable
+
+ -- Michael Biebl <biebl@debian.org> Mon, 11 Nov 2019 00:58:41 +0100
+
+systemd (243-4) experimental; urgency=medium
+
+ * Merge changes from unstable branch
+
+ -- Michael Biebl <biebl@debian.org> Sat, 09 Nov 2019 01:15:08 +0100
+
+systemd (243-3) experimental; urgency=medium
+
+ * Import patches from v243-stable branch (up to ef677436aa)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 14 Oct 2019 15:26:01 +0200
+
+systemd (243-2) experimental; urgency=medium
+
+ * Import patches from v243-stable branch (up to fab6f010ac)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 22 Sep 2019 12:46:02 +0200
+
+systemd (243-1) experimental; urgency=medium
+
+ * New upstream version 243
+ * Merge changes from unstable branch
+
+ -- Michael Biebl <biebl@debian.org> Thu, 05 Sep 2019 01:21:49 +0200
+
+systemd (243~rc2-1) experimental; urgency=medium
+
+ * New upstream version 243~rc2
+ - man: document that "systemd-analyze blame/critical-chain" is not useful
+ to track down job latency. (Closes: #920234)
+ - systemctl: process all units matched by a glob in the cat verb by
+ default. (Closes: #904913)
+ - units: automatically revert to /run logging on shutdown if necessary.
+ Prevents /var staying busy on shutdown due to journald.
+ (Closes: #851402)
+ - bash-completion: don't sort syslog priorities. (Closes: #913222)
+ - man: add example for setting multiple properties at once.
+ (Closes: #807464)
+ * Rebase patches
+ * Update symbols file for libsystemd0
+ * core: stop removing non-existent and duplicate lookup paths
+ * Install static-nodes-permissions.conf tmpfile in udev
+
+ -- Michael Biebl <biebl@debian.org> Sat, 31 Aug 2019 00:20:41 +0200
+
+systemd (242-8) unstable; urgency=medium
+
+ [ Dan Streetman ]
+ * d/extra/rules/73-special-net-names.rules: use $$ instead of $ in PROGRAM=
+ value.
+ Fixes incorrect variable substitution.
+ * Rework and improve blacklist handling in debian/tests/upstream
+
+ [ Balint Reczey ]
+ * Various improvements to debian/extra/checkout-upstream making it more
+ straightforward to override the default behaviour
+ * Use package version as systemd's reported version (LP: #1849158)
+
+ [ Michael Biebl]
+ * debiant/tests/udev: replace deprecated ADTTMP with AUTOPKGTEST_TMP
+
+ -- Michael Biebl <biebl@debian.org> Fri, 08 Nov 2019 23:18:00 +0100
+
+systemd (242-7) unstable; urgency=medium
+
+ * sleep: properly pass verb to sleep script
+ * core: factor root_directory application out of apply_working_directory.
+ Fixes RootDirectory not working when used in combination with User.
+ (Closes: #939408)
+ * shared/bus-util: drop trusted annotation from
+ bus_open_system_watch_bind_with_description().
+ This ensures that access controls on systemd-resolved's D-Bus interface
+ are enforced properly.
+ (CVE-2019-15718, Closes: #939353)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 04 Sep 2019 19:34:17 +0200
+
+systemd (242-6) unstable; urgency=medium
+
+ [ Dan Streetman ]
+ * d/t/control: upstream test requires qemu-system-ppc on ppc64el
+ * d/t/control: install seabios for upstream test.
+ Some archs (at least arm64) qemu implementation require the vga bios.
+
+ [ Michael Biebl ]
+ * Drop unused lintian override
+ * network: fix ListenPort= in [WireGuard] section (Closes: #936198)
+ * d/e/r/73-usb-net-by-mac.rules: import net.ifnames only for network devices
+ (Closes: #934589)
+ * d/e/r/73-usb-net-by-mac.rules: skip if iface name was provided by
+ user-space
+ * Drop dbus activation stub service.
+ Since dbus 1.11.0, a dbus-daemon that is run with --systemd-activation
+ automatically assumes that o.fd.systemd1 is an activatable service.
+ As a result, with a new enough dbus version,
+ /usr/share/dbus-1/services/org.freedesktop.systemd1.service and
+ /usr/share/dbus-1/system-services/org.freedesktop.systemd1.service
+ become unnecessary and can be removed. (Closes: #914015)
+ * Revert "core: check start limit on condition checks too"
+ If a unit was referenced too often, it hit the restart limit and the
+ unit was marked as failed. Fixes a regression introduced in v242.
+ (Closes: #935829)
+
+ [ Michael Prokop ]
+ * README.Debian: document KillUserProcesses behavior in Debian
+
+ -- Michael Biebl <biebl@debian.org> Tue, 03 Sep 2019 11:09:07 +0200
+
+systemd (242-5) unstable; urgency=medium
+
+ [ Dan Streetman ]
+ * d/rules: add CONFFGLAGS_UPSTREAM to dh_auto_configure -- params
+
+ [ Michael Biebl ]
+ * core: never propagate reload failure to service result.
+ Fixes a regression introduced in v239 where the main process of a
+ service unit gets killed on reload if ExecReload fails. (Closes: #936032)
+ * shared/seccomp: add sync_file_range2.
+ Some architectures need the arguments to be reordered because of alignment
+ issues. Otherwise, it's the same as sync_file_range.
+ Fixes sync_file_range failures in nspawn containers on arm, ppc.
+ (Closes: #935091)
+ * bash-completion: don't sort syslog priorities.
+ By default, the available completions are sorted alphabetically, which
+ is counterproductive in case of syslog priorities. Override the default
+ behavior using the `nosort` option. (Closes: #913222)
+ * test-bpf: skip test when run inside containers
+
+ -- Michael Biebl <biebl@debian.org> Thu, 29 Aug 2019 16:18:18 +0200
+
+systemd (242-4) unstable; urgency=medium
+
+ * Upload to unstable
+
+ -- Michael Biebl <biebl@debian.org> Wed, 21 Aug 2019 22:09:13 +0200
+
+systemd (242-3) experimental; urgency=medium
+
+ [ Dan Streetman ]
+ * d/t/boot-and-services: fix test_failing()
+ * d/t/boot-and-services: check for any kernel message, not just first kernel
+ message (Closes: #929730)
+ * d/t/upstream: add TEST-30, TEST-34 to blacklist
+ * d/t/timedated: replace systemctl is-active with systemctl show
+ * d/t/control: root-unittests can break networking, add breaks-testbed
+ * d/t/control: mark udev test skippable
+ * d/t/upstream: always cleanup after (and before) each test
+ * d/t/control: upstream test requires dmeventd
+ * d/e/checkout-upstream: don't remove .git
+ * d/e/checkout-upstream: move change to debian/ files above other changes
+ * d/e/checkout-upstream: add UPSTREAM_KEEP_CHANGELOG param
+ * d/e/checkout-upstream: create git commits for each change
+ * d/e/checkout-upstream: switch from 'quilt' to 'native' format
+ * d/e/checkout-upstream: set user.name, user.email if unset
+ * d/t/storage: change plaintext_name to include testname
+ * d/t/storage: increase wait for plaintext_dev from 5 to 30 seconds
+ * d/t/storage: wait for service to start, only stop if active
+ * d/t/storage: don't search for 'scsi_debug' in ask_password
+ * d/t/storage: manage scsi_debug using add_hosts (Closes: #929728)
+ * d/t/storage: use short timeout waiting for scsi_debug block dev to appear
+ * d/t/storage: convert password agent into normal Thread
+ * d/t/storage: fail if socket info not in ask_password contents
+ * d/t/boot-smoke: pass failure reason to fail() to print instead of separate
+ echo
+ * d/t/boot-smoke: in fail() set +e so errors are ignored while gathering
+ data
+ * d/t/boot-smoke: gather still running jobs in fail()
+ * d/t/boot-smoke: wait for is-system-running
+ * d/t/boot-smoke: call fail if pidof polkitd fails
+ * d/t/boot-smoke: remove check for running jobs
+
+ [ Michael Biebl ]
+ * d/t/boot-smoke: check for NetworkManager instead of D-Bus activated
+ polkitd (Closes: #934992)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 21 Aug 2019 00:12:22 +0200
+
+systemd (242-2) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * Drop dependency on lsb-base.
+ It is only needed when booting with sysvinit and initscripts, but
+ initscripts already Depends on lsb-base (see #864999).
+ * Stop removing enablement symlinks in /etc/systemd/system.
+ With v242 this is no longer necessary as `ninja install` will no longer
+ create those symlinks.
+ * Replace manual removal of halt-local.service with upstream patch
+
+ [ Dimitri John Ledkov ]
+ * Build manpages in .deb variant.
+ Upstream snapshots are switching to building manpages off by default.
+
+ [ Luca Boccassi ]
+ * Enable portabled and install related files in systemd-container.
+ Keep disabled for the udeb profile. (Closes: #918606)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 07 Jun 2019 22:41:50 +0200
+
+systemd (242-1) experimental; urgency=medium
+
+ * New upstream version 242
+ - Change ownership/mode of the execution directories also for static users
+ (Closes: #919231)
+ - A new boolean sandboxing option RestrictSUIDSGID= has been added that is
+ built on seccomp. When turned on, creation of SUID/SGID files is
+ prohibited. The NoNewPrivileges= and the new RestrictSUIDSGID= options
+ are now implied if DynamicUser= is turned on for a service.
+ (Closes: #928102, CVE-2019-3843, CVE-2019-3844)
+ * Drop Revert-udev-network-device-renaming-immediately-give.patch.
+ This patch needs ongoing maintenance work to be adapted to new releases
+ and fails to apply with v242. Instead of investing more time into it we
+ are going to drop the patch as it was a hack anyway.
+ * Rebase patches
+ * Drop pre-stretch migration code
+ * Drop /sbin/udevadm compat symlink (Closes: #852580)
+ * socket-util: Make sure flush_accept() doesn't hang on unexpected
+ EOPNOTSUPP
+ * Enable regexp matching support in journalctl using pcre2 (Closes: #898892)
+ * Switch from libidn to libidn2 (Closes: #928615)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 08 May 2019 01:33:56 +0200
+
+systemd (241-7) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * network: Fix failure to bring up interface with Linux kernel 5.2.
+ Backport two patches from systemd master in order to fix a bug with 5.2
+ kernels where the network interface fails to come up with the following
+ error: "enp3s0: Could not bring up interface: Invalid argument"
+ (Closes: #931636)
+ * Use /usr/sbin/nologin as nologin shell.
+ In Debian the nologin shell is installed in /usr/sbin, not /sbin.
+ (Closes: #931850)
+
+ [ Mert Dirik ]
+ * 40-systemd: Don't fail if SysV init script uses set -u and $1 is unset
+ (Closes: #931719)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 18 Jul 2019 19:38:23 +0200
+
+systemd (241-6) unstable; urgency=medium
+
+ * ask-password: Prevent buffer overflow when reading from keyring.
+ Fixes a possible memory corruption that causes systemd-cryptsetup to
+ crash either when a single large password is used or when multiple
+ passwords have already been pushed to the keyring. (Closes: #929726)
+ * Clarify documentation regarding %h/%u/%U specifiers.
+ Make it clear, that setting "User=" has no effect on those specifiers.
+ Also ensure that "%h" is actually resolved to "/root" for the system
+ manager instance as documented in the systemd.unit man page.
+ (Closes: #927911)
+ * network: Behave more gracefully when IPv6 has been disabled.
+ Ignore any configured IPv6 settings when IPv6 has been disabled in the
+ kernel via sysctl. Instead of failing completely, continue and log a
+ warning instead. (Closes: #929469)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 08 Jul 2019 11:27:51 +0200
+
+systemd (241-5) unstable; urgency=medium
+
+ * Revert "Add check to switch VTs only between K_XLATE or K_UNICODE"
+ This change left the keyboard in an unusable state when exiting an X
+ session. (Closes: #929229)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 24 May 2019 22:58:59 +0200
+
+systemd (241-4) unstable; urgency=medium
+
+ * journal-remote: Do not request Content-Length if Transfer-Encoding is
+ chunked (Closes: #927008)
+ * systemctl: Restore "systemctl reboot ARG" functionality.
+ Fixes a regression introduced in v240. (Closes: #928659)
+ * random-util: Eat up bad RDRAND values seen on AMD CPUs.
+ Some AMD CPUs return bogus data via RDRAND after a suspend/resume cycle
+ while still reporting success via the carry flag.
+ Filter out invalid data like -1 (and also 0, just to be sure).
+ (Closes: #921267)
+ * Add check to switch VTs only between K_XLATE or K_UNICODE.
+ Switching to K_UNICODE from other than L_XLATE can make the keyboard
+ unusable and possibly leak keypresses from X.
+ (CVE-2018-20839, Closes: #929116)
+ * Document that DRM render nodes are now owned by group "render"
+ (Closes: #926886)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 17 May 2019 21:16:33 +0200
+
+systemd (241-3) unstable; urgency=high
+
+ [ Michael Biebl ]
+ * Drop systemd-shim alternative from libpam-systemd.
+ A fixed systemd-shim package which works with newer versions of systemd
+ is unlikely to happen given that the systemd-shim package has been
+ removed from the archive. Drop the alternative dependency from
+ libpam-systemd accordingly.
+ * Properly remove duplicate directories from systemd package.
+ When removing duplicate directories from the systemd package, sort the
+ list of directories in reverse order so we properly delete nested
+ directories.
+ * udev: Run programs in the specified order (Closes: #925190)
+ * bash-completion: Use default completion for redirect operators
+ (Closes: #924541)
+ * networkd: Clarify that IPv6 RA uses our own stack, no the kernel's
+ (Closes: #815582)
+ * Revert "Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf"
+ Apparently Conflicts= are not a reliable mechanism to ensure alternative
+ NTP implementations take precedence over systemd-timesyncd.
+ (Closes: #902026)
+ * network: Fix routing policy rule issue.
+ When multiple links request a routing policy, make sure they are all
+ applied correctly. (Closes: #924406)
+ * pam-systemd: Use secure_getenv() rather than getenv()
+ Fixes a vulnerability in the systemd PAM module which insecurely uses
+ the environment and lacks seat verification permitting spoofing an
+ active session to PolicyKit. (CVE-2019-3842)
+
+ [ Martin Pitt ]
+ * Enable udev autopkgtest in containers.
+ This test doesn't actually need udev.service (which is disabled in
+ containers) and works fine in LXC.
+ * Enable boot-and-service autopkgtest in containers
+ - Skip tests which can't work in containers.
+ - Add missing rsyslog test dependency.
+ - e2scrub_reap.service fails in containers, ignore (filed as #926138)
+ - Relax pgrep pattern for gdm, as there's no wayland session in
+ containers.
+
+ -- Michael Biebl <biebl@debian.org> Mon, 08 Apr 2019 12:59:32 +0200
+
+systemd (241-2) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/boot-smoke: Create journal and udevdb artifacts on all
+ failures
+ * autopkgtests: Replace obsolete $ADT_* variables
+ * networkd-test: Ignore failures of test_route_only_dns* in containers.
+ This test exposes a race condition when running in LXC, see issue #11848
+ for details. Until that is understood and fixed, skip the test as it's
+ not a recent regression. (Closes: #924539)
+ * Bump Standards-Version to 4.3.0.
+ No changes necessary.
+ * debian/tests/boot-smoke: Only check current boot for connection timeouts.
+ Otherwise we'll catch some
+ Failed to resolve group 'render': Connection timed out
+ messages that happen in earlier boots during VM setup, before the
+ "render" group is created.
+ Fixes https://github.com/systemd/systemd/issues/11875
+ * timedated: Fix emitted value when ntp client is enabled/disabled.
+ Fixes a regression introduced in 241.
+ * debian/tests/timedated: Check enabling/disabling NTP.
+ Assert that `timedatectl set-ntp` correctly controls the service, sets
+ the `org.freedesktop.timedate1 NTP` property, and sends the right
+ `PropertiesChanged` signal.
+ This reproduces <https://github.com/systemd/systemd/issues/11944> and
+ also the earlier <https://github.com/systemd/systemd/issues/9672>.
+
+ [ Michael Biebl ]
+ * Disable fallback DNS servers in resolved (Closes: #923081)
+ * cgtop: Fix processing of controllers other than CPU (Closes: #921280)
+ * udev: Restore debug level when logging a failure in the external prog
+ called by IMPORT{program} (Closes: #924199)
+ * core: Remove "." path components from required mount paths.
+ Fixes mount related failures when a user's home directory contains "/./"
+ (Closes: #923881)
+ * udev.init: Use new s-s-d --notify-await to start udev daemon.
+ Fixes a race condition during startup under SysV init.
+ Add versioned dependency on dpkg (>= 1.19.3) to ensure that a version
+ of start-stop-daemon which supports --notify-await is installed.
+ (Closes: #908796)
+ * Make /dev/dri/renderD* accessible to group "render"
+ Follow upstream and make render nodes available to a dedicated system
+ group "render" instead of "video". Keep the uaccess tag for local,
+ active users.
+
+ -- Michael Biebl <biebl@debian.org> Fri, 15 Mar 2019 18:33:54 +0100
+
+systemd (241-1) unstable; urgency=medium
+
+ [ Adam Borowski ]
+ * Make libpam-systemd Provide: logind, default-logind.
+ This allows alternate logind implementations such as elogind, without
+ having to recompile every dependent package -- as long as the client API
+ remains compatible.
+ These new virtual packages got policy-approved in #917431. (Closes: #915407)
+
+ [ Felipe Sateler ]
+ * New upstream version 241
+ - Refresh patches
+ - Backport upstream fix for Driver= matches in .network files
+
+ [ Martin Pitt ]
+ * debian/libsystemd0.symbols: Add new symbol from release 241
+ * Fix various bugs and races in networkd tests.
+ This should get the autopkgtest back to green, which regressed with
+ dnsmasq 2.80.
+
+ -- Felipe Sateler <fsateler@debian.org> Thu, 21 Feb 2019 20:10:15 -0300
+
+systemd (240-6) unstable; urgency=high
+
+ * High urgency as this fixes a vulnerability.
+
+ [ Felipe Sateler ]
+ * Reenable pristine-tar in gbp.conf.
+ The pristine-tar bug has been fixed, so we can use it again.
+ This reverts commit 9fcfbbf6fea15eacfa3fad74240431c5f2c3300e.
+ * d/watch: add version mangle to transform -rc to ~rc.
+ Upstream has started releasing rcs, so let's account for that
+ * Fix comment about why we disable hwclock.service.
+ Systemd nowadays doesn't do it itself because the kernel does it on its
+ own when necessary, and when not, it is not safe to save the hwclock (eg,
+ there is no certainty the system clock
+ is correct)
+ * udev: Backport upstream preventing mass killings when not running under
+ systemd (Closes: #918764)
+
+ [ Dimitri John Ledkov ]
+ * debian/tests/storage: improve cleanups.
+ On fast ppc64el machines, cryptsetup start job may not complete by the
+ time tearDown is executed. In that case stop, causes to simply cancel the
+ start job without actually cleaning up the dmsetup node. This leads to
+ failing subsequent test as it no longer starts with a clean device. Thus
+ ensure the systemd-cryptsetup unit is started, before stopping it.
+ Also rmmod scsi_debug module at the end, to allow re-running the test in a
+ loop.
+ * debian/tests/upstream: Mark TEST-13-NSPAWN-SMOKE as flakey.
+ * debian/tests/control: add socat to upstream tests for pull #11591
+ * Blacklist TEST-10-ISSUE-2467 #11706
+ * debian/tests/storage: fix for LUKS2 and avoid interactive password
+ prompts.
+
+ [ Martin Pitt ]
+ * udevadm: Fix segfault with subsystem-match containing '/'
+ (Closes: #919206)
+ * sd-bus: if we receive an invalid dbus message, ignore and proceed
+ * sd-bus: enforce a size limit on D-Bus object paths.
+ This avoids accessing/modifying memory outside of the allocated stack
+ region by sending specially crafted D-Bus messages with very large object
+ paths.
+ Vulnerability discovered by Chris Coulson <chris.coulson@canonical.com>,
+ patch provided by Riccardo Schirone <rschiron@redhat.com>.
+ (CVE-2019-6454)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 18 Feb 2019 13:54:04 +0000
+
+systemd (240-5) unstable; urgency=medium
+
+ [ Felipe Sateler ]
+ * Revert interface renaming changes. (Closes: #919390)
+
+ [ Martin Pitt ]
+ * process-util: Fix memory leak (Closes: #920018)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 27 Jan 2019 21:33:07 +0000
+
+systemd (240-4) unstable; urgency=medium
+
+ [ Benjamin Drung ]
+ * Fix shellcheck issues in initramfs-tools scripts
+
+ [ Michael Biebl ]
+ * Import patches from v240-stable branch (up to f02b5472c6)
+ - Fixes a problem in logind closing the controlling terminal when using
+ startx. (Closes: #918927)
+ - Fixes various journald vulnerabilities via attacker controlled alloca.
+ (CVE-2018-16864, CVE-2018-16865, Closes: #918841, Closes: #918848)
+ * sd-device-monitor: Fix ordering of setting buffer size.
+ Fixes an issue with uevents not being processed properly during coldplug
+ stage and some kernel modules not being loaded via "udevadm trigger".
+ (Closes: #917607)
+ * meson: Stop setting -fPIE globally.
+ Setting -fPIE globally can lead to miscompilations on certain
+ architectures. Instead use the b_pie=true build option, which was
+ introduced in meson 0.49. Bump the Build-Depends accordingly.
+ (Closes: #909396)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 12 Jan 2019 21:49:44 +0100
+
+systemd (240-3) unstable; urgency=medium
+
+ * udev.init: Trigger add events for subsystems.
+ Update the SysV init script and mimic the behaviour of the initramfs and
+ systemd-udev-trigger.service which first trigger subsystems and then
+ devices during the coldplug stage.
+ * udevadm: Refuse to run trigger, control, settle and monitor commands in
+ chroot (Closes: #917633)
+ * network: Set link state configuring before setting addresses.
+ Fixes a crash in systemd-networkd caused by an assertion failure.
+ (Closes: #918658)
+ * libudev-util: Make util_replace_whitespace() read only len characters.
+ Fixes a regression where /dev/disk/by-id/ names had additional
+ underscores.
+ * man: Update color of journal logs in DEBUG level (Closes: #917948)
+ * Remove old state directory of systemd-timesyncd on upgrades.
+ Otherwise timesyncd will fail to update the clock file if it was created
+ as /var/lib/private/systemd/timesync/clock.
+ This was the case when the service was using DynamicUser=yes which it no
+ longer does in v240. (Closes: #918190)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 09 Jan 2019 18:40:57 +0100
+
+systemd (240-2) unstable; urgency=medium
+
+ * Pass separate dev_t var to device_path_parse_major_minor.
+ Fixes FTBFS on mips/mipsel (MIPS/O32). (Closes: #917195)
+ * test-json: Check absolute and relative difference in floating point test.
+ Fixes FTBFS due to test-suite failures on armel, armhf and hppa.
+ (Closes: #917215)
+ * sd-device: Fix segfault when error occurs in device_new_from_{nulstr,strv}()
+ Fixes a segfault in systemd-udevd when debug logging is enabled.
+ * udev-event: Do not read stdout or stderr if the pipefd is not created.
+ This fixes problems with device-mapper symlinks no longer being created
+ or certain devices not being marked as ready. (Closes: #917124)
+ * Don't bump fs.nr_open in PID 1.
+ In v240, systemd bumped fs.nr_open in PID 1 to the highest possible
+ value. Processes that are spawned directly by systemd, will have
+ RLIMIT_NOFILE be set to 512K (hard).
+ pam_limits in Debian defaults to "set_all", i.e. for limits which are
+ not explicitly configured in /etc/security/limits.conf, the value from
+ PID 1 is taken, which means for login sessions, RLIMIT_NOFILE is set to
+ the highest possible value instead of 512K. Not every software is able
+ to deal with such an RLIMIT_NOFILE properly.
+ While this is arguably a questionable default in Debian's pam_limit,
+ work around this problem by not bumping fs.nr_open in PID 1.
+ (Closes: #917167)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 27 Dec 2018 14:03:57 +0100
+
+systemd (240-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 240
+ - core: Skip cgroup_subtree_mask_valid update if UNIT_STUB
+ (Closes: #903011)
+ - machined: Rework referencing of machine scopes from machined
+ (Closes: #903288)
+ - timesync: Fix serialization of IP address
+ (Closes: #916516)
+ - core: Don't track jobs-finishing-during-reload explicitly
+ (Closes: #916678)
+ * Rebase patches
+ * Install new systemd-id128 binary
+ * Update symbols file for libsystemd0
+ * Update nss build options
+
+ [ Martin Pitt ]
+ * tests: Disable some flaky upstream tests.
+ See https://github.com/systemd/systemd/issues/11195
+ * tests: Disable flaky TEST-17-UDEV-WANTS upstream test.
+ See https://github.com/systemd/systemd/issues/11195
+
+ -- Michael Biebl <biebl@debian.org> Sat, 22 Dec 2018 16:01:43 +0100
+
+systemd (239-15) unstable; urgency=medium
+
+ [ Felipe Sateler ]
+ * Fix container check in udev init script.
+ Udev needs writable /sys, so the init script tried to check before
+ starting. Unfortunately, the check was inverted. Let's add the missing
+ '!' to negate the check.
+ (Closes: #915261)
+ * Add myself to uploaders
+
+ [ Michael Biebl ]
+ * Remove obsolete systemd-shim conffile on upgrades.
+ The D-Bus policy file was dropped from the systemd-shim package in
+ version 8-4, but apparently there are cases where users removed the
+ package before that cleanup happened. The D-Bus policy file that was
+ shipped by systemd-shim was much more restrictive and now prevents
+ calling GetDynamicUsers() and other recent APIs on systemd Manager.
+ (Closes: #914285)
+
+ -- Felipe Sateler <fsateler@debian.org> Wed, 05 Dec 2018 21:03:34 -0300
+
+systemd (239-14) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * autopkgtest: Drop test_custom_cgroup_cleanup from boot-and-services
+ * resolved: Increase size of TCP stub replies (Closes: #915049)
+ * meson: Unify linux/stat.h check with other checks and use _GNU_SOURCE.
+ Fixes a build failure with glibc 2.28.
+ * Drop procps dependency from systemd.
+ The systemd-exit.service user service no longer uses the "kill" binary.
+ * Simplify container check in udev SysV init script.
+ Instead of using "ps" to detect a container environment, simply test if
+ /sys is writable. This matches what's used in systemd-udevd.service via
+ ConditionPathIsReadWrite=/sys and follows
+ https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
+ This means we no longer need procps, so drop that dependency from the
+ udev package. (Closes: #915095)
+
+ [ Mert Dirik ]
+ * 40-systemd: Honour __init_d_script_name.
+ Make /lib/lsb/init-functions.d/40-systemd use __init_d_script_name
+ (if available) to figure out real script name. (Closes: #826214)
+ * 40-systemd: Improve heuristics for init-d-script.
+ Improve heuristics for scripts run via init-d-script so that the
+ redirection works even for older init-d-script versions without the
+ __init_d_script_name variable.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 02 Dec 2018 01:00:01 +0100
+
+systemd (239-13) unstable; urgency=medium
+
+ * autopktest: Add e2fsprogs dependency to upstream test.
+ Some of the upstream tests require mkfs.ext4. (Closes: #887250)
+ * systemctl: Tell update-rc.d to skip creating any systemd symlinks.
+ When calling update-rc.d via systemd-sysv-install, tell it to skip
+ creating any systemd symlinks as we want to handle those directly in
+ systemctl. Older update-rc.d versions will ignore that request, but
+ that's ok. This means we don't need a versioned dependency against
+ init-system-helpers. (Closes: #743217)
+ * pam_systemd: Suppress LOG_DEBUG log messages if debugging is off
+ (Closes: #825949)
+ * Drop cgroup-don-t-trim-cgroup-trees-created-by-someone-el.patch.
+ The patch is no longer necessary as lxc.service now uses Delegate=yes.
+ * Remove obsolete Replaces from pre-jessie
+
+ -- Michael Biebl <biebl@debian.org> Tue, 20 Nov 2018 19:44:39 +0100
+
+systemd (239-12) unstable; urgency=high
+
+ [ Martin Pitt ]
+ * Enable QEMU on more architectures in "upstream" autopkgtest.
+ Taken from the Ubuntu package, so apparently QEMU works well enough on
+ these architectures now.
+ * autopkgtest: Avoid test bed reset for boot-smoke.
+ Make "boot-smoke"'s dependencies a strict superset of "upstream"'s, so
+ that autopkgtest doesn't have to provide a new testbed.
+ * Fix wrong "nobody" group from sysusers.d.
+ Fix our make-sysusers-basic sysusers.d generator to special-case the
+ nobody group. "nobody" user and "nogroup" group both have the same ID
+ 65534, which is the only special case for Debian's static users/groups.
+ So specify the gid explicitly, to avoid systemd-sysusers creating a
+ dynamic system group for "nobody".
+ Also clean up the group on upgrades.
+ Thanks to Keh-Ming Luoh for the original patch! (Closes: #912525)
+
+ [ Michael Biebl ]
+ * autopkgtest: Use shutil.which() which is provided by Python 3
+ * Drop non-existing gnuefi=false build option.
+ This was mistakenly added when converting from autotools to meson.
+ * core: When deserializing state always use read_line(…, LONG_LINE_MAX, …)
+ Fixes a vulnerability in unit_deserialize which allows an attacker to
+ supply arbitrary state across systemd re-execution via NotifyAccess.
+ (CVE-2018-15686, Closes: #912005)
+ * meson: Use the host architecture compiler/linker for src/boot/efi.
+ Fixes cross build failure for arm64. (Closes: #905381)
+ * systemd: Do not pass .wants fragment path to manager_load_unit.
+ Fixes an issue with overridden units in /etc not being used due to a
+ .wants/ symlink pointing to /lib. (Closes: #907054)
+ * machined: When reading os-release file, join PID namespace too.
+ This ensures that we properly acquire the os-release file from containers.
+ (Closes: #911231)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 17 Nov 2018 18:39:21 +0100
+
+systemd (239-11) unstable; urgency=high
+
+ [ Michael Biebl ]
+ * debian/tests/upstream: Clean up after each test run.
+ Otherwise the loopback images used by qemu are not properly released and
+ we might run out of disk space.
+ * dhcp6: Make sure we have enough space for the DHCP6 option header.
+ Fixes out-of-bounds heap write in systemd-networkd dhcpv6 option
+ handling.
+ (CVE-2018-15688, LP: #1795921, Closes: #912008)
+ * chown-recursive: Rework the recursive logic to use O_PATH.
+ Fixes a race condition in chown_one() which allows an attacker to cause
+ systemd to set arbitrary permissions on arbitrary files.
+ (CVE-2018-15687, LP: #1796692, Closes: #912007)
+
+ [ Martin Pitt ]
+ * debian/tests/boot-and-services: Use gdm instead of lightdm.
+ This seems to work more reliably, on Ubuntu CI's i386 instances lightdm
+ fails.
+
+ [ Manuel A. Fernandez Montecelo ]
+ * Run "meson test" instead of "ninja test"
+ Upstream developers of meson recommend to run it in this way, because
+ "ninja test" just calls "meson test", and by using meson directly and
+ using extra command line arguments it is possible to control aspects of
+ how the tests are run.
+ * Increase timeout for test in riscv64.
+ The buildds for the riscv64 arch used at the moment are slow, so increase
+ the timeouts for this arch by a factor of 10, for good measure.
+ (Closes: #906429)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 28 Oct 2018 13:02:18 +0100
+
+systemd (239-10) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * meson: Rename -Ddebug to -Ddebug-extra.
+ Meson added -Doptimization and -Ddebug options, which obviously causes
+ a conflict with our -Ddebug options. Let's rename it.
+ (Closes: #909455)
+ * Add conflicts against consolekit.
+ Letting both ConsoleKit and logind manage dynamic device permissions
+ will only lead to inconsistent and unexpected results.
+
+ [ Felipe Sateler ]
+ * Link systemctl binary statically against libshared.
+ This reduces the Pre-Depends list considerably, and is more resilient
+ against borked installs.
+
+ -- Michael Biebl <biebl@debian.org> Tue, 25 Sep 2018 16:11:12 +0200
+
+systemd (239-9) unstable; urgency=medium
+
+ * autopkgtest: Remove needs-recommends runtime restriction.
+ This restriction has been deprecated and there are plans to remove it
+ altogether. The tests pass withouth needs-recommends, so it seems safe
+ to remove.
+ * test: Use installed catalogs when test-catalog is not located at build
+ dir.
+ This makes it possible to run test-catalog as installed test, so we no
+ longer need to mark it as EXFAIL in our root-unittests autopkgtest.
+ * test: Use "systemd-runtest.env" to set $SYSTEMD_TEST_DATA and
+ $SYSTEMD_CATALOG_DIR.
+ This avoids embedding ABS_{SRC,BUILD}_DIR into libsystemd-shared.so and
+ the test binaries and should make the build reproducible.
+ (Closes: #908365)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 12 Sep 2018 19:07:38 +0200
+
+systemd (239-8) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Clean up dbus-org.freedesktop.timesync1.service Alias on purge
+ (Closes: #904290)
+ * user-runtime-dir: Fix wrong SELinux context (Closes: #908026)
+ * core: Fix gid when DynamicUser=yes with static user (Closes: #904335)
+ * Remove udev control socket on shutdown under sysvinit.
+ The udev control socket is no longer removed automatically when the
+ daemon is stopped. As this can confuse other software, update the SysV
+ init script to remove the control socket manually and make sure the init
+ script is executed on shutdown (runlevel 0) and reboot (runlevel 6).
+ (Closes: #791944)
+ * Bump Standards-Version to 4.2.1
+
+ [ Martin Pitt ]
+ * timedated: Fix wrong PropertyChanged values and refcounting
+
+ -- Michael Biebl <biebl@debian.org> Fri, 07 Sep 2018 08:41:12 +0200
+
+systemd (239-7) unstable; urgency=medium
+
+ * autopkgtest: Add iputils-ping dependency to root-unittests.
+ The ping binary is required by test-bpf.
+ * autopkgtest: Add dbus-user-session and libpam-systemd dependency to
+ root-unittests.
+ Without a working D-Bus user session, a lot of the test-bus-* tests are
+ skipped.
+ * network/link: Fix logic error in matching devices by MAC (Closes: #904198)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 22 Jul 2018 13:40:15 +0200
+
+systemd (239-6) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * autopkgtest: Install libnss-systemd.
+ Make sure that dynamic users can be resolved. This e. g. prevents a
+ startup failure for systemd-resolved.
+ * autopkgtest: Add missing python3 test dependency for udev test
+
+ [ Michael Biebl ]
+ * autopkgtest: Make AppArmor violator test work with merged-usr
+ * Make /dev/kvm accessible to local users and group kvm.
+ Re-add the uaccess tag to /dev/kvm to make it accessible to local
+ users. Access is also granted via group kvm, so create that in
+ udev.postinst. (Closes: #887852)
+ * Move a few man pages from systemd to systemd-journal-remote.
+ The systemd package shipped a few systemd-journal-remote and
+ systemd-journal-upload related man pages which really belong into the
+ systemd-journal-remote package. Move those man pages into the correct
+ package and add a Breaks/Replaces against systemd accordingly.
+ (Closes: #903557)
+ * autopkgtest: Drop no-longer needed workaround from upstream test
+ * Go back to statically allocate system users for timesyncd, networkd and
+ resolved.
+ There are currently too many open issues related to D-Bus and the usage
+ of DynamicUser. (Closes: #902971)
+ * Change python3-minimal dependency to python3.
+ While we strictly only need python3-minimal, the usage of
+ python3-minimal triggers a lintian error: depends-on-python-minimal
+ * test: Drop SKIP_INITRD for QEMU-based tests.
+ The Debian Linux kernel ships ext4 support as a module, so we require an
+ initrd to successfully start the QEMU images.
+ * debian/tests/localed-x11-keymap: Deal with absence of
+ /etc/default/keyboard more gracefully
+ * autopkgtest: Add various dependencies to make upstream test pass on Debian
+ - netcat-openbsd: Required by TEST-12-ISSUE-3171.
+ - busybox-static: Required by TEST-13-NSPAWN-SMOKE.
+ - plymouth: Required by TEST-15-DROPIN and TEST-22-TMPFILES.
+ * Drop seccomp system call filter for udev.
+ The seccomp based system call whitelist requires at least systemd 239 to
+ be the active init and during a dist-upgrade we can't guarantee that
+ systemd has been fully configured before udev is restarted.
+ The versioned systemd Breaks that was added to udev for #902185 didn't
+ really fix this issue, so revert that change again. (Closes: #903224)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 19 Jul 2018 00:04:54 +0200
+
+systemd (239-5) unstable; urgency=medium
+
+ * Add inverse version restriction of the Breaks to the systemd-shim
+ alternative in libpam-systemd.
+ Otherwise apt will fail to find an installation path for libpam-systemd
+ in cases where libpam-systemd is an indirect dependency. (Closes: #902998)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 05 Jul 2018 11:50:10 +0200
+
+systemd (239-4) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Drop outdated section from README.Debian about switching back to SysV init
+ * sleep: Fix one more printf format of a fiemap field
+ * basic: Add missing comma in raw_clone assembly for sparc
+ * bus-util: Make log level lower in request_name_destroy_callback()
+ * tmpfiles: Specify access mode for /run/systemd/netif
+ * Add Breaks against python-dbusmock (<< 0.18) to systemd.
+ The logind and timedated tests in python-dbusmock were broken by the
+ latest systemd release and had to be adjusted to work with systemd 239.
+ See #902602
+ * Drop patches which try to support running systemd services without systemd
+ as pid 1.
+ No one is currently actively maintaining systemd-shim, which means that
+ e.g. running systemd-logind no longer works when systemd is not pid 1.
+ Thus drop our no longer working patches. Bump the Breaks against
+ systemd-shim accordingly.
+ See #895292, #901404, #901405
+
+ [ Martin Pitt ]
+ * test: fix networkd-test.py rate limiting and dynamic user
+
+ -- Michael Biebl <biebl@debian.org> Tue, 03 Jul 2018 23:36:28 +0200
+
+systemd (239-3) unstable; urgency=medium
+
+ * Revert "systemctl: when removing enablement or mask symlinks, cover both
+ /run and /etc"
+ We currently have packages in the archive which use
+ "systemctl --runtime unmask" and are broken by this change.
+ This is a intermediate step until it is clear whether upstream will
+ revert this commit or whether we will have to update affected packages
+ to deal with this changed behaviour.
+ See #902287 and https://github.com/systemd/systemd/issues/9393
+
+ -- Michael Biebl <biebl@debian.org> Wed, 27 Jun 2018 14:46:06 +0200
+
+systemd (239-2) unstable; urgency=medium
+
+ * sleep: Fix printf format of fiemap fields.
+ This should fix a FTBFS on ia64.
+ * timesync: Change type of drift_freq to int64_t.
+ This should fix a FTBFS on x32.
+ * Bump systemd Breaks to ensure it is upgraded in lockstep with udev.
+ The hardening features used by systemd-udevd.service require systemd 239
+ and udev will fail to start with older versions. (Closes: #902185)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 27 Jun 2018 13:59:24 +0200
+
+systemd (239-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 239
+ * Drop alternative iptables-dev Build-Depends.
+ It is no longer needed as both Ubuntu and Debian now ship libiptc-dev in
+ their latest stable (LTS) release.
+ * Drop alternative btrfs-tools Recommends.
+ It is no longer needed as btrfs-progs is now available in both Debian
+ and Ubuntu and keeping the alternative around prevents the transitional
+ package from being autoremoved.
+ * Disable installation of RPM macros.
+ This avoids having to remove them manually later on.
+ * Drop cleanup rules for libtool .la files.
+ With the switch to Meson, libtool is no longer used.
+ * Drop fallback for older kernels when running the test suite.
+ We now assume that we have a kernel newer then 3.13.
+ * Stop cleaning up .busname units.
+ Those are gone upstream, so we no longer need to remove them manually.
+ * Update symbols file for libsystemd0
+ * Rebase patches
+ * Install new resolvectl tool.
+ Don't ship the /sbin/resolvconf compat symlink in the systemd package,
+ as this would cause a file conflict with the resolvconf and openresolv
+ package.
+ * Disable support for "Portable Services"
+ This is still an experimental feature.
+ * Disable pristine-tar in gbp.conf.
+ It is currently not possible to import the systemd v239 tarball using
+ pristine-tar due to #902115.
+ * Bump Build-Depends on meson to (>= 0.44)
+ * Stop setting the path for the kill binary, no longer necessary
+ * Stop creating systemd-network and systemd-resolve system user
+ systemd-networkd.service and systemd-resolved.service now use
+ DynamicUser=yes.
+
+ [ Dimitri John Ledkov ]
+ * Run all upstream tests, and then report all that failed.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 23 Jun 2018 00:18:08 +0200
+
+systemd (238-5) unstable; urgency=medium
+
+ [ Evgeny Vereshchagin ]
+ * upstream autopkgtest: Copy journal subdirectories.
+ Otherwise logs are missing on failures.
+
+ [ Martin Pitt ]
+ * debian/tests/boot-and-services: Ignore cpi.service failure.
+ This is apparently a regression in Ubuntu 18.04, not in systemd, so
+ ignore it.
+
+ [ Michael Biebl ]
+ * sd-bus: Do not try to close already closed fd (Closes: #896781)
+ * Use dh_missing to act on uninstalled files.
+ The usage of dh_install --fail-missing has been deprecated.
+ * meson: Avoid warning about comparison of bool and string.
+ The result of this is undefined and will become a hard error in a future
+ Meson release.
+ * login: Respect --no-wall when cancelling a shutdown request
+ (Closes: #897938)
+ * Add dependencies of libsystemd-shared to Pre-Depends.
+ This is necessary so systemctl is functional at all times during a
+ dist-upgrade. (Closes: #897986)
+ * Drop dh_strip override, the dbgsym migration is done
+
+ [ Felipe Sateler ]
+ * Don't include libmount.h in a header file.
+ Kernel and glibc headers both use MS_* constants, but are not in sync, so
+ only one of them can be used at a time. Thus, only import them where
+ needed. Works around #898743.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 26 May 2018 10:31:29 +0200
+
+systemd (238-4) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * udev/net-id: Fix check for address to keep interface names stable
+ * debian/copyright: Move global wildcard section to the top
+
+ [ Martin Pitt ]
+ * Fix daemon reload failures
+
+ [ Laurent Bigonville ]
+ * Fix /sys/fs/cgroup mount when using SELinux.
+ Since v236, all cgroups except /sys/fs/cgroup/systemd and
+ /sys/fs/cgroup/unified are not mounted when SELinux is enabled (even in
+ permissive mode). Disabling SELinux completely restores these cgroups.
+ This patch fixes that issue by no longer making the assumption that those
+ cgroups are mounted by initrd/dracut before systemd is started.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 01 Apr 2018 13:02:57 +0200
+
+systemd (238-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Enable systemd-sysusers unit and provide correct Debian static u/gids.
+ Add a helper script debian/extra/make-sysusers-basic which generates a
+ sysusers.d(5) file from Debian's static master passwd/group files.
+ systemd 238 now supports specifying different uid and gid and a
+ non-default login shell, so this is possible now. (Closes: #888126)
+ * udev README.Debian: Include initrd rebuild and some clarifications in
+ migration.
+ While initrd update is already being mentioned in the introductory
+ section, it is easy to miss when going through the migration steps, so
+ explicitly mention it again. Also add a warning about keeping a fallback
+ on misconfigurations, and the possibility to migrate one interface at a
+ time.
+ Thanks to Karl O. Pinc for the suggestions! (Closes: #881769)
+
+ [ Michael Biebl ]
+ * basic/macros: Rename noreturn into _noreturn_.
+ "noreturn" is reserved and can be used in other header files we include.
+ (Closes: #893426)
+ * units: Fix SuccessAction that belongs to [Unit] section not [Service]
+ section (Closes: #893282)
+
+ -- Michael Biebl <biebl@debian.org> Tue, 20 Mar 2018 23:22:57 +0100
+
+systemd (238-2) unstable; urgency=medium
+
+ [ Alf Gaida ]
+ * core: do not free stack-allocated strings.
+ Fixes a crash in systemd when the cpuacct cgroup controller is not
+ available. (Closes: #892360)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 10 Mar 2018 01:12:47 +0100
+
+systemd (238-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 238
+ - Fixes systemd-tmpfiles to correctly handle symlinks present in
+ non-terminal path components. (CVE-2018-6954, Closes: #890779)
+ * Rebase patches
+ * Use compat symlinks as provided by upstream.
+ As the upstream build system now creates those symlinks for us, we no
+ longer have to create them manually.
+ * Update symbols file for libsystemd0
+ * test-cgroup-util: bail out when running under a buildd environment
+
+ [ Dimitri John Ledkov ]
+ * systemd-sysv-install: Fix name initialisation.
+ Only initialise NAME after --root optional argument has been parsed,
+ otherwise NAME is initialized to e.g. `enable`, instead of to the
+ `unit-name`, resulting in failures. (LP: #1752882)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 07 Mar 2018 23:21:53 +0100
+
+systemd (237-4) unstable; urgency=medium
+
+ [ Gunnar Hjalmarsson ]
+ * Fix PO template creation.
+ Cherry-pick upstream patches to build a correct systemd.pot including
+ the polkit policy files even without policykit-1 being installed.
+ (LP: #1707898)
+
+ [ Michael Biebl ]
+ * Drop mask for fuse SysV init script.
+ The fuse package has removed its SysV init script a long time ago, so
+ the mask is no longer needed.
+ * Replace two Debian specific patches which cherry-picks from upstream
+ master
+
+ -- Michael Biebl <biebl@debian.org> Wed, 28 Feb 2018 19:18:34 +0100
+
+systemd (237-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/boot-smoke: More robust journal checking.
+ Also fail the test if calling journalctl fails, and avoid calling it
+ twice. See https://github.com/systemd/systemd/pull/8032
+ * Simplify PO template creation.
+ Use the existing upstream build system instead of a manual call to
+ `intltool-update` and `xgettext` to build systemd.pot. Remove the now
+ obsolete intltool build dependency, but still explicitly keep gettext.
+ (LP: #1707898)
+ * Make systemd-sysv-install robust against existing $ROOT.
+ Always initialize `$ROOT`, to avoid the script getting confused by an
+ existing outside env variable. Also fix the `--root` option to actually
+ work, the previous approach was conceptually broken due to how shell
+ quoting works. Make the work with `set -u`. (Closes: #890436)
+
+ [ Felipe Sateler ]
+ * Backport upstream patch fixing a wrong assert() call (Closes: #890423)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 14 Feb 2018 23:07:17 +0100
+
+systemd (237-2) unstable; urgency=medium
+
+ * Drop debian/extra/rules/70-debian-uaccess.rules.
+ Up-to-date udev rules for U2F devices are shipped in libu2f-udev nowadays.
+ (Closes: #889665)
+ * service: relax PID file symlink chain checks a bit.
+ Let's read the PID file after all if there's a potentially unsafe symlink
+ chain in place. But if we do, then refuse taking the PID if its outside of
+ the cgroup. (Closes: #889144)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 09 Feb 2018 23:35:31 +0100
+
+systemd (237-1) unstable; urgency=medium
+
+ * New upstream version 237
+ * Rebase patches
+ * Update symbols file for libsystemd0
+ * Update Vcs-* to point to https://salsa.debian.org
+ * Bump Standards-Version to 4.1.3
+ * Set Rules-Requires-Root to no
+
+ -- Michael Biebl <biebl@debian.org> Tue, 30 Jan 2018 01:55:24 +0100
+
+systemd (236-4) unstable; urgency=medium
+
+ [ Felipe Sateler ]
+ * Allow systemd-timesyncd to start when libnss-systemd is not installed.
+ Pick upstream patch requiring the existence of the systemd-timesync user
+ only when running as root, which is not the case for the system unit.
+ (Closes: #887343)
+
+ [ Nicolas Braud-Santoni ]
+ * debian/copyright: Refer to the CC0 license file (Closes: #882629)
+
+ [ Michael Biebl ]
+ * Add Build-Depends on python3-evdev <!nocheck>
+ This is used by hwdb/parse_hwdb.py to perform additional validation on
+ hwdb files.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 28 Jan 2018 22:29:32 +0100
+
+systemd (236-3) unstable; urgency=medium
+
+ * Revert "core/execute: RuntimeDirectory= or friends requires mount
+ namespace"
+ This was making mounts from SSH sessions invisible to the system.
+ (Closes: #885325)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 11 Jan 2018 16:46:04 +0100
+
+systemd (236-2) unstable; urgency=medium
+
+ * Downgrade priority of libudev1 to optional.
+ This makes it compliant with recent versions of debian-policy which
+ recommends to use priority optional for library packages.
+ * Clarify NEWS entry about removal of system users.
+ Mention in the recent NEWS entry that the associated system groups
+ should be removed as well. (Closes: #885061)
+ * cryptsetup-generator: Don't mistake NULL input as OOM.
+ Fixes systemd-cryptsetup-generator failing to run during boot.
+ (Closes: #885201)
+ * analyze: Use normal bus connection for "plot" verb.
+ Fixes "systemd-analyze plot" failing to run as root. (Closes: #884506)
+ * Stop re-enabling systemd services on every upgrade.
+ This was done so changes to the [Install] section would be applied on
+ upgrades. Forcefully re-enabling a service might overwrite local
+ modifications though and thus far, none of the affected services did
+ actually change its [Install] section. So remove this code from the
+ maintainer scripts as it was apparently doing more harm then good.
+ (Closes: #869354)
+
+ -- Michael Biebl <biebl@debian.org> Tue, 02 Jan 2018 00:35:14 +0100
+
+systemd (236-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/upstream: Only show ≥ warning in journal dumps.
+ Showing the entire debug log is too hard to scan visually, and most of
+ the time the warnings and errors are sufficient to explain a failure.
+ Put the journal files into the artifacts though, in case the debug
+ information is necessary.
+
+ [ Michael Biebl ]
+ * New upstream version 236
+ - nspawn: Adjust path to static resolv.conf to support split usr.
+ (Closes: #881310)
+ - networkd: Don't stop networkd if CONFIG_FIB_RULES=n in kernel.
+ (Closes: #881823)
+ - core: Fix segfault in compile_bind_mounts() when BindPaths= or
+ BindReadOnlyPaths= is set. (Closes: #883380)
+ - meson: Link NSS modules with -z nodelete to fix memory leak in
+ nss-systemd. (Closes: #883407)
+ - logind: Make sure we don't acces m->action_what if it's not initialized.
+ (Closes: #882270)
+ - systemctl: Ignore shutdown's "-t" argument. (Closes: #882245)
+ - core: Be more defensive if we can't determine per-connection socket
+ peer. (Closes: #879603)
+ - bpf-firewall: Actually invoke BPF_PROG_ATTACH to check whether
+ cgroup/bpf is available. (Closes: #878965)
+ * Rebase patches
+ * Update symbols file for libsystemd0
+ * Bump Standards-Version to 4.1.2
+ * Clean up old /var/lib/systemd/clock on upgrade.
+ The clock file used by systemd-timesyncd is now stored in
+ StateDirectory=systemd/timesync. (Closes: #883605)
+ * Stop creating systemd-timesync system user.
+ DynamicUser=yes has been enabled for systemd-timesyncd.service so
+ allocating a system user statically is no longer necessary.
+ * Document removal of systemd-{timesync,journal-gateway,journal-upload} user.
+ We no longer create those system users as the corresponding services now
+ use DynamicUser=yes. Removing those system users automatically is tricky,
+ as the relevant services might be running during upgrade. Add a NEWS
+ entry instead which documents this change.
+ * Revert "udev-rules: Permission changes for /dev/dri/renderD*"
+ This would introduce a new system group "render". As the name is rather
+ generic, this needs further discussion first, so revert this change for
+ now.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 17 Dec 2017 21:45:51 +0100
+
+systemd (235-3) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Switch from XC-Package-Type to Package-Type. As of dpkg-dev 1.15.7
+ Package-Type is recognized as an official field name.
+ * Install modprobe configuration file to /lib/modprobe.d.
+ Otherwise it is not read by kmod. (Closes: #879191)
+
+ [ Felipe Sateler ]
+ * Backport upstream (partial) fix for combined DynamicUser= + User=
+ UID was not allowed to be different to GID, which is normally the case in
+ debian, due to the group users being allocated the GID 100 without an
+ equivalent UID 100 being allocated.
+ * Backport upstream patches to fully make DynamicUser=yes + static,
+ pre-existing User= work.
+
+ [ Martin Pitt ]
+ * Add missing python3-minimal dependency to systemd-tests
+ * Drop long-obsolete systemd-bus-proxy system user
+ systemd-bus-proxy hasn't been shipped since before stretch and never
+ created any files. Thus clean up the obsolete system user on upgrades.
+ (Closes: #878182)
+ * Drop static systemd-journal-gateway system user
+ systemd-journal-gatewayd.service now uses DynamicUser=, so we don't need
+ to create this statically any more. Don't remove the user on upgrades
+ though, as there is likely still be a running process. (Closes: #878183)
+ * Use DynamicUser= for systemd-journal-upload.service.
+ * Add Recommends: libnss-systemd to systemd-sysv.
+ This is useful to actually be able to resolve dynamically created system
+ users with DynamicUser=true. This concept is going to be used much more
+ in future versions and (hopefully) third-party .services, so pulling it
+ into the default installation seems prudent now.
+ * resolved: Fix loop on packets with pseudo dns types.
+ (CVE-2017-15908, Closes: #880026, LP: #1725351)
+ * bpf-firewall: Properly handle kernels without BPF cgroup but with TRIE maps.
+ Fixes "Detaching egress BPF: Invalid argument" log spam. (Closes: #878965)
+ * Fix MemoryDenyWriteExecution= bypass with pkey_mprotect() (LP: #1725348)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 15 Nov 2017 09:34:00 +0100
+
+systemd (235-2) unstable; urgency=medium
+
+ * Revert "tests: when running a manager object in a test, migrate to private
+ cgroup subroot first"
+ This was causing test suite failures when running inside a chroot.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 11 Oct 2017 00:46:07 +0200
+
+systemd (235-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 235
+ - cryptsetup-generator: use remote-cryptsetup.target when _netdev is
+ present (Closes: #852534)
+ - tmpfiles: change btmp mode 0600 → 0660 (Closes: #870638)
+ - networkd: For IPv6 addresses do not treat IFA_F_DEPRECATED as not ready
+ (Closes: #869995)
+ - exec-util,conf-files: skip non-executable files in execute_directories()
+ (Closes: #867902)
+ - man: update udevadm -y/--sysname-match documentation (Closes: #865081)
+ - tmpfiles: silently ignore any path that passes through autofs
+ (Closes: #805553)
+ - shared: end string with % if one was found at the end of a expandible
+ string (Closes: #865450)
+ * Refresh patches
+ * Bump Build-Depends on libmount-dev to (>= 2.30)
+ * Install new modprobe.d config file
+ * Bump Standards-Version to 4.1.1
+
+ [ Martin Pitt ]
+ * Merge logind-kill-off autopkgtest into logind test.
+ This was horribly inefficient as a separate test (from commit
+ 6bd0dab41e), as that cost two VM resets plus accompanying boots; and
+ this does not change any state thus does not require this kind of
+ isolation.
+
+ -- Michael Biebl <biebl@debian.org> Tue, 10 Oct 2017 18:29:28 +0200
+
+systemd (234-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Various fixes for the upstream autopkgtest.
+
+ [ Felipe Sateler ]
+ * Add fdisk to the dependencies of the upstream autopkgtest.
+ The upstream autopkgtest uses sfdisk, which is now in the non-essential
+ fdisk package. (Closes: #872119)
+ * Disable nss-systemd on udeb builds
+ * Correctly disable resolved on udeb builds
+ * Help fix collisions in libsystemd-shared symbols by versioning them.
+ Backport upstream patch to version the symbols provided in the private
+ library, so that they cannot confuse unversioned pam modules or libraries
+ linked into them. (Closes: #873708)
+
+ [ Dimitri John Ledkov ]
+ * Cherrypick upstream networkd-test.py assertion/check fixes.
+ This resolves ADT test suite failures, when running tests under lxc/lxd
+ providers.
+ * Cherrypick arm* seccomp fixes.
+ This should resolve ADT test failures, on arm64, when running as root.
+ * Disable KillUserProcesses, yet again, with meson this time.
+ * initramfs-tools: trigger udevadm add actions with subsystems first.
+ This updates the initramfs-tools init-top udev script to trigger udevadm
+ actions with type specified. This mimics the systemd-udev-trigger.service.
+ Without type specified only devices are triggered, but triggering
+ subsystems may also be required and should happen before triggering the
+ devices. This is the case for example on s390x with zdev generated udev
+ rules. (LP: #1713536)
+
+ [ Michael Biebl ]
+ * (Re)add --quiet flag to addgroup calls.
+ This is now safe with adduser having been fixed to no longer suppress
+ fatal error messages if --quiet is used. (Closes: #837871)
+ * Switch back to default GCC (Closes: #873661)
+ * Drop systemd-timesyncd.service.d/disable-with-time-daemon.conf.
+ All major NTP implementations ship a native service file nowadays with a
+ Conflicts=systemd-timesyncd.service so this drop-in is no longer
+ necessary. (Closes: #873185)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 04 Sep 2017 00:17:00 +0200
+
+systemd (234-2.3) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Also switch to g++-6 temporarily (needed for some tests):
+ - Add g++-6 to Build-Depends
+ - Export CXX = g++-6
+
+ -- Cyril Brulebois <kibi@debian.org> Thu, 24 Aug 2017 02:40:53 +0200
+
+systemd (234-2.2) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Switch to gcc-6 on all architectures, working around an FTBFS on mips64el,
+ apparently due to a gcc-7 bug (See: #871514):
+ - Add gcc-6 to Build-Depends in debian/control
+ - Export CC = gcc-6 in debian/rules
+
+ -- Cyril Brulebois <kibi@debian.org> Wed, 23 Aug 2017 22:53:09 +0000
+
+systemd (234-2.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix missing 60-input-id.rules in udev-udeb, which breaks the graphical
+ version of the Debian Installer, as no key presses or mouse events get
+ processed (Closes: #872598).
+
+ -- Cyril Brulebois <kibi@debian.org> Wed, 23 Aug 2017 20:41:33 +0200
+
+systemd (234-2) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * udev README.Debian: Fix name of example *.link file
+
+ [ Felipe Sateler ]
+ * test-condition: Don't assume that all non-root users are normal users.
+ Automated builders may run under a dedicated system user, and this test
+ would fail that.
+
+ [ Michael Biebl ]
+ * Revert "units: Tell login to preserve environment"
+ Environment=LANG= LANGUAGE= LC_CTYPE= ... as used in the getty units is
+ not unsetting the variables but instead sets it to an empty var. Passing
+ that environment to login messes up the system locale settings and
+ breaks programs like gpg-agent.
+ (Closes: #868695)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 20 Jul 2017 15:13:42 +0200
+
+systemd (234-1) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream version 234
+ - tmpfiles: Create /var/log/lastlog if it does not exist.
+ (Closes: #866313)
+ - network: Bridge vlan without PVID. (Closes: #859941)
+ * Rebase patches
+ * Switch build system from autotools to meson.
+ Update the Build-Depends accordingly.
+ * Update fsckd patch for meson
+ * udev autopkgtest: no longer install test-udev binary manually.
+ This is now done by the upstream build system.
+ * Update symbols file for libsystemd0
+ * Update lintian override for systemd-tests.
+ Upstream now installs manual and unsafe tests in subdirectories of
+ /usr/lib/systemd/tests/, so ignore those as well.
+ * Bump Standards-Version to 4.0.0
+ * Change priority of libnss-* packages from extra to optional.
+ * Use UTF-8 locale when building the package.
+ Otherwise meson will be pretty unhappy when trying to process files with
+ unicode characters. Use C.UTF-8 as this locale is pretty much guaranteed
+ to be available everywhere.
+ * Mark test-timesync as manual.
+ The test tries to setup inotify watches for /run/systemd/netif/links
+ which fails in a buildd environment where systemd is not active.
+ * Do not link udev against libsystemd-shared.
+ We ship udev in a separate binary package, so can't use
+ libsystemd-shared, which is part of the systemd binary package.
+ * Avoid requiring a "kvm" system group.
+ This group is not universally available and as a result generates a
+ warning during boot. As kvm is only really useful if the qemu package is
+ installed and this package already takes care of setting up the proper
+ permissions for /dev/kvm, drop this rule from 50-udev-default.rules.
+
+ [ Martin Pitt ]
+ * udev README.Debian: Update transitional rules and mention *.link files.
+ - 01-mac-for-usb.link got replaced with 73-usb-net-by-mac.rules
+ - /etc/systemd/network/50-virtio-kernel-names.link is an upgrade
+ transition for VMs with virtio
+ - Describe *.link files as a simpler/less error prone (but also less
+ flexible) way of customizing interface names. (Closes: #868002)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 13 Jul 2017 17:38:28 +0200
+
+systemd (233-10) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Adjust var-lib-machines.mount target.
+ Upstream PR #6095 changed the location to
+ {remote-fs,machines}.target.wants, so just install all available ones.
+
+ [ Dimitri John Ledkov ]
+ * Fix out-of-bounds write in systemd-resolved.
+ CVE-2017-9445 (Closes: #866147, LP: #1695546)
+
+ [ Michael Biebl ]
+ * Be truly quiet in systemctl -q is-enabled (Closes: #866579)
+ * Improve RLIMIT_NOFILE handling.
+ Use /proc/sys/fs/nr_open to find the current limit of open files
+ compiled into the kernel instead of using a hard-coded value of 65536
+ for RLIMIT_NOFILE. (Closes: #865449)
+
+ [ Nicolas Braud-Santoni ]
+ * debian/extra/rules: Use updated U2F ruleset.
+ This ruleset comes from Yubico's libu2f-host. (Closes: #824532)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 03 Jul 2017 18:51:58 +0200
+
+systemd (233-9) unstable; urgency=medium
+
+ * hwdb: Use path_join() to generate the hwdb_bin path.
+ This ensures /lib/udev/hwdb.bin gets the correct SELinux context. Having
+ double slashes in the path makes selabel_lookup_raw() return the wrong
+ context. (Closes: #851933)
+ * Drop no longer needed Breaks against usb-modeswitch
+ * Drop Breaks for packages shipping rcS init scripts.
+ This transition was completed in stretch.
+
+ -- Michael Biebl <biebl@debian.org> Mon, 19 Jun 2017 15:10:14 +0200
+
+systemd (233-8) experimental; urgency=medium
+
+ * Bump debhelper compatibility level to 10
+ * Drop versioned Build-Depends on dpkg-dev.
+ It's no longer necessary as even Jessie ships a new enough version.
+ * timesyncd: don't use compiled-in list if FallbackNTP has been configured
+ explicitly (Closes: #861769)
+ * resolved: fix null pointer p->question dereferencing.
+ This fixes a bug which allowed a remote DoS (daemon crash) via a crafted
+ DNS response with an empty question section.
+ Fixes: CVE-2017-9217 (Closes: #863277)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 29 May 2017 14:12:08 +0200
+
+systemd (233-7) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * basic/journal-importer: Fix unaligned access in get_data_size()
+ (Closes: #862062)
+ * ima: Ensure policy exists before asking the kernel to load it
+ (Closes: #863111)
+ * Add Depends: procps to systemd.
+ It's required by /usr/lib/systemd/user/systemd-exit.service which calls
+ /bin/kill to stop the systemd --user instance. (Closes: #862292)
+ * service: Serialize information about currently executing command
+ (Closes: #861157)
+ * seccomp: Add clone syscall definitions for mips (Closes: #861171)
+
+ [ Dimitri John Ledkov ]
+ * ubuntu: disable dnssec on any ubuntu releases (LP: #1690605)
+
+ [ Felipe Sateler ]
+ * Specify nobody user and group.
+ Otherwise nss-systemd will translate to group 'nobody', which doesn't
+ exist on debian systems.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 24 May 2017 12:26:18 +0200
+
+systemd (233-6) experimental; urgency=medium
+
+ [ Felipe Sateler ]
+ * Backport upstream PR #5531.
+ This delays opening the mdns and llmnr sockets until a network has enabled
+ them. This silences annoying messages when networkd receives such packets
+ without expecting them: Got mDNS UDP packet on unknown scope.
+
+ [ Martin Pitt ]
+ * resolved: Disable DNSSEC by default on stretch and zesty.
+ Both Debian stretch and Ubuntu zesty are close to releasing, switch to
+ DNSSEC=off by default for those. Users can still turn it back on with
+ DNSSEC=allow-downgrade (or even "yes").
+
+ [ Michael Biebl ]
+ * Add Conflicts against hal.
+ Since v183, udev no longer supports RUN+="socket:". This feature is
+ still used by hal, but now generates vast amounts of errors in the
+ journal. Thus force the removal of hal by adding a Conflicts to the udev
+ package. This is safe, as hal is long dead and no longer useful.
+ * Drop systemd-ui Suggests
+ systemd-ui is unmaintained upstream and not particularly useful anymore.
+ * journal: fix up syslog facility when forwarding native messages.
+ Native journal messages (_TRANSPORT=journal) typically don't have a
+ syslog facility attached to it. As a result when forwarding the
+ messages to syslog they ended up with facility 0 (LOG_KERN).
+ Apply syslog_fixup_facility() so we use LOG_USER instead.
+ (Closes: #837893)
+ * Split upstream tests into systemd-tests binary package (Closes: #859152)
+ * Get PACKAGE_VERSION from config.h.
+ This also works with meson and is not autotools specific.
+
+ [ Sjoerd Simons ]
+ * init-functions Only call daemon-reload when planning to redirect
+ systemctl daemon-reload is a quite a heavy operation, it will re-parse
+ all configuration and re-run all generators. This should only be done
+ when strictly needed. (Closes: #861158)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 28 Apr 2017 21:47:14 +0200
+
+systemd (233-5) experimental; urgency=medium
+
+ * Do not throw a warning in emergency and rescue mode if plymouth is not
+ installed.
+ Ideally, plymouth should only be referenced via dependencies, not
+ ExecStartPre. This at least avoids the confusing error message on
+ minimal installations that do not carry plymouth.
+ * rules: Allow SPARC vdisk devices when identifying CD drives
+ (Closes: #858014)
+
+ -- Michael Biebl <biebl@debian.org> Tue, 21 Mar 2017 21:00:08 +0100
+
+systemd (233-4) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * udev autopkgtest: Drop obsolete sys.tar.xz fallback.
+ This was only necessary for supporting 232 as well.
+ * root-unittest: Drop obsolete FIXME comment.
+ * Add libpolkit-gobject-1-dev build dep for polkit version detection.
+ * Move systemd.link(5) to udev package.
+ .link files are being handled by udev, so it should ship the
+ corresponding manpage. Bump Breaks/Replaces accordingly. (Closes: #857270)
+
+ [ Michael Biebl ]
+ * Restart journald on upgrades (Closes: #851438)
+ * Avoid strict DM API versioning.
+ Compiling against the dm-ioctl.h header as provided by the Linux kernel
+ will embed the DM interface version number. Running an older kernel can
+ lead to errors on shutdown when trying to detach DM devices.
+ As a workaround, build against a local copy of dm-ioctl.h based on 3.13,
+ which is the minimum required version to support DM_DEFERRED_REMOVE.
+ (Closes: #856337)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 16 Mar 2017 18:40:16 +0100
+
+systemd (233-3) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * Install D-Bus policy files in /usr
+ * Drop no longer needed maintainer scripts migration code and simplify
+ various version checks
+ * Fix location of installed tests
+ * Override package-name-doesnt-match-sonames lintian warning for libnss-*
+ * Don't ship any symlinks in /etc/systemd/system.
+ Those should be created dynamically via "systemctl enable".
+
+ [ Martin Pitt ]
+ * root-unittests autopkgtest: Skip test-udev.
+ It has its own autopkgtest and needs some special preparation. At some
+ point that should be merged into root-unittests, but let's quickfix this
+ to unbreak upstream CI.
+
+ -- Michael Biebl <biebl@debian.org> Fri, 03 Mar 2017 19:49:44 +0100
+
+systemd (233-2) experimental; urgency=medium
+
+ * test: skip instead of fail if crypto kmods are not available.
+ The Debian buildds have module loading disabled, thus AF_ALG sockets are
+ not available during build. Skip the tests that cover those (khash and
+ id128) instead of failing them in this case.
+ https://github.com/systemd/systemd/issues/5524
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 03 Mar 2017 11:51:25 +0100
+
+systemd (233-1) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release 233:
+ - udev: Remove /run/udev/control on stop to avoid sendsigs to kill
+ udevd. (Closes: #791944)
+ - nspawn: Handle container directory symlinks. (Closes: #805785)
+ - Fix mount units to not become "active" when NFS mounts time out.
+ (Closes: #835810)
+ - hwdb: Rework path/priority comparison when loading files from /etc/
+ vs. /lib. (Closes: #845442)
+ - machinectl: Fix "list" command when failing to determine OS version.
+ (Closes: #849316)
+ - Support tilegx architecture. (Closes: #856306)
+ - systemd-sleep(8): Point out inhibitor interface as better alternative
+ for suspend integration. (Closes: #758279)
+ - journalctl: Improve error message wording when specifying boot
+ offset with ephemeral journal. (Closes: #839291)
+ * Install new systemd-umount and /usr/lib/environment.d/
+ * Use "make install-tests" for shipped unit tests
+ * Switch back to gold linker on mips*
+ Bug #851736 got fixed now.
+ * debian/rules: Drop obsolete SETCAP path
+
+ [ Michael Biebl ]
+ * Drop upstart jobs for udev
+ * Drop /sbin/udevadm compat symlink from udev-udeb and initramfs
+ * Drop Breaks and Replaces from pre-jessie
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 02 Mar 2017 17:10:09 +0100
+
+systemd (232-19) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/README.source: Update patch and changelog handling to current
+ reality.
+ * root-unittests autopkgtest: Blacklist test-journal-importer.
+ This got added in a recent PR, but running this requires using "make
+ install-tests" which hasn't landed yet.
+ * fsckd: Fix format specifiers on 32 bit architectures.
+ * resolved: Fix NSEC proofs for missing TLDs (Closes: #855479)
+ * boot-and-services autopkgtest: Skip CgroupsTest on unified hierarchy.
+ * boot-smoke autopkgtest: Run in containers, too.
+ * logind autopkgtest: Adjust to work in containers.
+
+ [ Dimitri John Ledkov ]
+ * Fix resolved failing to follow CNAMES for DNS stub replies (LP: #1647031)
+ * Fix emitting change signals with a sessions property in logind
+ (LP: #1661568)
+
+ [ Michael Biebl ]
+ * If an automount unit is masked, don't react to activation anymore.
+ Otherwise we'll hit an assert sooner or later. (Closes: #856035)
+
+ [ Felipe Sateler ]
+ * resolved: add the new KSK to the built-in resolved trust anchor.
+ The old root key will be discarded in early 2018, so get this into
+ stretch.
+ * Backport some zsh completion fixes from upstream (Closes: #847203)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 02 Mar 2017 09:21:12 +0100
+
+systemd (232-18) unstable; urgency=medium
+
+ * udev autopkgtest: Adjust to script-based test /sys creation.
+ PR #5250 changes from the static sys.tar.xz to creating the test /sys
+ directory with a script. Get along with both cases until 233 gets
+ released and packaged.
+ * systemd-resolved.service.d/resolvconf.conf: Don't fail if resolvconf is
+ not installed. ReadWritePaths= fails by default if the referenced
+ directory does not exist. This happens if resolvconf is not installed, so
+ use '-' to ignore the absence. (Closes: #854814)
+ * Fix two more seccomp issues.
+ * Permit seeing process list of units whose unit files are missing.
+ * Fix systemctl --user enable/disable without $XDG_RUNTIME_DIR being set.
+ (Closes: #855050)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 13 Feb 2017 17:36:12 +0100
+
+systemd (232-17) unstable; urgency=medium
+
+ * Add libcap2-bin build dependency for tests. This will make
+ test_exec_capabilityboundingset() actually run. (Closes: #854394)
+ * Add iproute2 build dependency for tests. This will make
+ test_exec_privatenetwork() actually run; it skips if "ip" is not present.
+ (Closes: #854396)
+ * autopkgtest: Run all upstream unit tests as root.
+ Ship all upstream unit tests in libsystemd-dev, and run them all as root
+ in autopkgtest. (Closes: #854392) This also fixes the FTBFS on non-seccomp
+ architectures.
+ * systemd-resolved.service.d/resolvconf.conf: Allow writing to
+ /run/resolvconf. Upstream PR #5283 will introduce permission restrictions
+ for systemd-resolved.service, including the lockdown to writing
+ /run/systemd/. This will then cause the resolvconf call in our drop-in to
+ fail as that needs to write to /run/resolvconf/. Add this to
+ ReadWritePaths=. (This is a no-op with the current unrestricted unit).
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 10 Feb 2017 11:52:46 +0100
+
+systemd (232-16) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Add autopkgtest for test-seccomp
+ * udev: Fix by-id symlinks for devices whose IDs contain whitespace
+ (Closes: #851164, LP: #1647485)
+ * Add lintian overrides for binary-or-shlib-defines-rpath on shipped test
+ programs. This is apparently a new lintian warning on which uploads get
+ rejected. These are only test programs, not in $PATH, and they need to
+ link against systemd's internal library.
+
+ [ Michael Biebl ]
+ * Fix seccomp filtering. (Closes: #852811)
+ * Do not crash on daemon-reexec when /run is full (Closes: #850074)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 09 Feb 2017 16:22:43 +0100
+
+systemd (232-15) unstable; urgency=medium
+
+ * Add missing Build-Depends on tzdata.
+ It is required to successfully run the test suite. (Closes: #852883)
+ * Bump systemd Breaks to ensure it is upgraded in lockstep with udev.
+ The sandboxing features used by systemd-udevd.service require systemd
+ (>= 232-11). (Closes: #853078)
+ * Bump priority of libpam-systemd to standard.
+ This reflects the changes that have been made in the archive a while
+ ago. See #803184
+
+ -- Michael Biebl <biebl@debian.org> Wed, 01 Feb 2017 22:45:35 +0100
+
+systemd (232-14) unstable; urgency=medium
+
+ * Deal with NULL pointers more gracefully in unit_free() (Closes: #852202)
+ * Fix issues in journald during startup
+
+ -- Michael Biebl <biebl@debian.org> Mon, 23 Jan 2017 14:52:46 +0100
+
+systemd (232-13) unstable; urgency=medium
+
+ * Re-add versioned Conflicts/Replaces against upstart.
+ In Debian the upstart package was never split into upstart and
+ upstart-sysv, so we need to keep that for switching from upstart to
+ systemd-sysv. (Closes: #852156)
+ * Update Vcs-* according to the latest recommendation
+ * Update Homepage and the URLs in debian/copyright to use https
+
+ -- Michael Biebl <biebl@debian.org> Sun, 22 Jan 2017 08:19:28 +0100
+
+systemd (232-12) unstable; urgency=medium
+
+ * Fix build if seccomp support is disabled
+ * Enable seccomp support on ppc64
+
+ -- Michael Biebl <biebl@debian.org> Wed, 18 Jan 2017 19:43:51 +0100
+
+systemd (232-11) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Fix RestrictAddressFamilies=
+ Backport upstream fix for setting up seccomp filters to fix
+ RestrictAddressFamilies= on non-amd64 architectures. Drop the hack from
+ debian/rules to remove this property from unit files.
+ See #843160
+ * Use local machine-id for running tests during package build.
+ Since "init" and thus "systemd" are not part of debootstrap any more,
+ some buildd chroots don't have an /etc/machine-id any more. Port the old
+ Add-env-variable-for-machine-ID-path.patch to the current code, use a
+ local machine-id again, and always make test suite failures fatal.
+ (Closes: #851445)
+
+ [ Michael Biebl ]
+ * gpt-auto-generator: support LUKS encrypted root partitions
+ (Closes: #851475)
+ * Switch to bfd linker on mips*
+ The gold linker is currently producing broken libraries on mips*
+ resulting in segfaults for users of libsystemd. Switch to bfd until
+ binutils has been fixed. (Closes: #851412)
+ * Revert "core: turn on specifier expansion for more unit file settings"
+ The expansion of the % character broke the fstab-generator and
+ specifying the tmpfs size as percentage of physical RAM resulted in the
+ size being set to 4k. (Closes: #851492)
+ * Drop obsolete Conflicts, Breaks and Replaces
+ * Require systemd-shim version which supports v232.
+ See #844785
+
+ [ Ondřej Nový ]
+ * Redirect try-restart in init-functions hook (Closes: #851688)
+
+ -- Michael Biebl <biebl@debian.org> Wed, 18 Jan 2017 12:38:54 +0100
+
+systemd (232-10) unstable; urgency=medium
+
+ * Add NULL sentinel to strjoin.
+ We haven't cherry-picked upstream commit 605405c6c which introduced a
+ strjoin macro that adds the NULL sentinel automatically so we need to do
+ it manually. (Closes: #851210)
+
+ -- Michael Biebl <biebl@debian.org> Fri, 13 Jan 2017 05:08:55 +0100
+
+systemd (232-9) unstable; urgency=medium
+
+ * Use --disable-wheel-group configure switch.
+ Instead of mangling the tmpfiles via sed to remove the wheel group, use
+ the configure switch which was added upstream in v230.
+ See https://github.com/systemd/systemd/issues/2492
+ * Update debian/copyright.
+ Bob Jenkins released the lookup3.[ch] files as public domain which means
+ there is no copyright holder.
+ * Drop fallback for older reportbug versions when attaching files
+ * debian/extra/init-functions.d/40-systemd: Stop checking for init env var.
+ This env variable is no longer set when systemd executes a service so
+ it's pointless to check for it.
+ * debian/extra/init-functions.d/40-systemd: Stop setting
+ _SYSTEMCTL_SKIP_REDIRECT=true.
+ It seems we don't actually need it to detect recursive loops (PPID is
+ sufficient) and by exporting it we leak _SYSTEMCTL_SKIP_REDIRECT into
+ the runtime environment of the service. (Closes: #802018)
+ * debian/extra/init-functions.d/40-systemd: Rename _SYSTEMCTL_SKIP_REDIRECT.
+ Rename _SYSTEMCTL_SKIP_REDIRECT to SYSTEMCTL_SKIP_REDIRECT to be more
+ consistent with other environment variables which are used internally by
+ systemd, like SYSTEMCTL_SKIP_SYSV.
+ * Various specifier resolution fixes.
+ Turn on specifier expansion for more unit file settings.
+ See https://github.com/systemd/systemd/pull/4835 (Closes: #781730)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 12 Jan 2017 16:59:22 +0100
+
+systemd (232-8) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Drop systemd dependency from libnss-myhostname again.
+ This NSS module is completely independent from systemd, unlike the other
+ three.
+ * Install 71-seat.rules into the initrd.
+ This helps plymouth to detect applicable devices. (Closes: #756109)
+ * networkd: Fix crash when setting routes.
+ * resolved: Drop removal of resolvconf entry on stop.
+ This leads to timeouts on shutdown via the resolvconf hooks and does not
+ actually help much -- /etc/resolv.conf would then just be empty instead of
+ having a nonexisting 127.0.0.53 nameserver, so manually stopping resolved
+ in a running system is broken either way. (LP: #1648068)
+ * Keep RestrictAddressFamilies on amd64.
+ This option and libseccomp currently work on amd64 at least, so let's make
+ sure it does not break there as well, and benefit from the additional
+ protection at least on this architecture.
+ * Explicitly set D-Bus policy dir.
+ This is about to change upstream in
+ https://github.com/systemd/systemd/pull/4892, but as explained in commit
+ 2edb1e16fb12f4 we need to keep the policies in /etc/ until stretch+1.
+
+ [ Michael Biebl ]
+ * doc: Clarify NoNewPrivileges in systemd.exec(5). (Closes: #756604)
+ * core: Rework logic to determine when we decide to add automatic deps for
+ mounts. This adds a concept of "extrinsic" mounts. If mounts are
+ extrinsic we consider them managed by something else and do not add
+ automatic ordering against umount.target, local-fs.target,
+ remote-fs.target. (Closes: #818978)
+ * rules: Add persistent links for nbd devices. (Closes: #837999)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 17 Dec 2016 01:54:18 +0100
+
+systemd (232-7) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Mark liblz4-tool build dependency as <!nocheck>
+ * udev: Try mount -n -o move first
+ initramfs-tools is not actually using util-linux mount (yet), so making
+ mount -n --move the first alternative would trigger an error message if
+ users have built their initramfs without busybox support.
+
+ [ Alexander Kurtz ]
+ * debian/extra/kernel-install.d/85-initrd.install: Remove an unnecessary
+ variable. (Closes: #845977)
+
+ [ Martin Pitt ]
+ * Drop systemd-networkd's "After=dbus.service" ordering, so that it can
+ start during early boot (for cloud-init.service). It will auto-connect to
+ D-Bus once it becomes available later, and transient (from DHCP) hostname
+ and timezone setting do not currently work anyway. (LP: #1636912)
+ * Run hwdb/parse_hwdb.py during package build.
+ * Package libnss-systemd
+ * Make libnss-* depend on the same systemd package version.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 30 Nov 2016 14:38:36 +0100
+
+systemd (232-6) unstable; urgency=medium
+
+ * Add policykit-1 test dependency for networkd-test.py.
+ * debian/rules: Don't destroy unit symlinks with sed -i.
+ Commit 21711e74 introduced a "sed -i" to remove RestrictAddressFamilies=
+ from units. This also caused unit symlinks to get turned into real files,
+ causing D-Bus activated services like timedated to fail ("two units with
+ the same D-Bus name").
+ * Fall back to "mount -o move" in udev initramfs script
+ klibc's mount does not understand --move, so for the time being we need to
+ support both variants. (Closes: #845161)
+ * debian/README.Debian: Document how to generate a shutdown log.
+ Thanks 積丹尼 Dan Jacobson. (Closes: #826297)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 21 Nov 2016 10:39:57 +0100
+
+systemd (232-5) unstable; urgency=medium
+
+ * Add missing liblz4-tool build dependency.
+ Fixes test-compress failure during package build.
+ * systemd: Ship /var/lib.
+ This will soon contain a polkit pkla file.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 20 Nov 2016 12:22:52 +0100
+
+systemd (232-4) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/unit-config: Query pkg-config for system unit dir.
+ This fixes confusion on merged-/usr systems where both /usr/lib/systemd and
+ /lib/systemd exist. It's actually useful to verify that systemd.pc says the
+ truth.
+ * debian/tests/upstream: Fix clobbering of merged-/usr symlinks
+ * debian/tests/systemd-fsckd: Create /etc/default/grub.d if necessary
+ * debian/rules: Drop check for linking to libs in /usr.
+ This was just an approximation, as booting without an initrd could still be
+ broken by library updates (e. g. #828991). With merged /usr now being the
+ default this is now completely moot.
+ * Move kernel-install initrd script to a later prefix.
+ 60- does not leave much room for scripts that want to run before initrd
+ building (which is usually one of the latest things to do), so bump to 85.
+ Thanks to Sjoerd Simons for the suggestion.
+ * Disable 99-default.link instead of the udev rule for disabling persistent
+ interface names.
+ Disabling 80-net-setup-link.rules will also cause ID_NET_DRIVER to not be
+ set any more, which breaks 80-container-ve.network and matching on driver
+ name in general. So disable the actual default link policy instead. Still
+ keep testing for 80-net-setup-link.rules in the upgrade fix and
+ 73-usb-net-by-mac.rules to keep the desired behaviour on systems which
+ already disabled ifnames via that udev rule.
+ See https://lists.freedesktop.org/archives/systemd-devel/2016-November/037805.html
+ * debian/tests/boot-and-services: Always run seccomp test
+ seccomp is now available on all architectures on which Debian and Ubuntu
+ run tests, so stop making this test silently skip if seccomp is disabled.
+ * Bump libseccomp build dependency as per configure.ac.
+ * Replace "Drop RestrictAddressFamilies=" patch with sed call.
+ With that it will also apply to upstream builds/CI, and it is structurally
+ simpler.
+ * Rebuild against libseccomp with fixed shlibs. (Closes: #844497)
+
+ [ Michael Biebl ]
+ * fstab-generator: add x-systemd.mount-timeout option. (Closes: #843989)
+ * build-sys: do not install ctrl-alt-del.target symlink twice.
+ (Closes: #844039)
+ * Enable lz4 support.
+ While the compression rate is not as good as XZ, it is much faster, so a
+ better default for the journal and especially systemd-coredump.
+ (Closes: #832010)
+
+ [ Felipe Sateler ]
+ * Enable machines.target by default. (Closes: #806787)
+
+ [ Evgeny Vereshchagin ]
+ * debian/tests/upstream: Print all journal files.
+ We don't print all journal files. This is misleading a bit:
+ https://github.com/systemd/systemd/pull/4331#issuecomment-252830790
+ https://github.com/systemd/systemd/pull/4395#discussion_r87948836
+
+ [ Luca Boccassi ]
+ * Use mount --move in initramfs-tools udev script.
+ Due to recent changes in busybox and initramfs-tools the mount
+ utility is no longer the one from busybox but from util-linux.
+ The latter does not support mount -o move.
+ The former supports both -o move and --move, so use it instead to be
+ compatible with both.
+ See this discussion for more details:
+ https://bugs.debian.org/823856 (Closes: #844775)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 20 Nov 2016 03:34:58 +0100
+
+systemd (232-3) unstable; urgency=medium
+
+ [ Felipe Sateler ]
+ * Make systemd-delta less confused on merged-usr systems. (Closes: #843070)
+ * Fix wrong paths for /bin/mount when compiled on merged-usr system.
+ Then the build system finds /usr/bin/mount which won't exist on a
+ split-/usr system. Set the paths explicitly in debian/rules and drop
+ Use-different-default-paths-for-various-binaries.patch. (Closes: #843433)
+
+ [ Martin Pitt ]
+ * debian/tests/logind: Split out "pid in logind session" test
+ * debian/tests/logind: Adjust "in logind session" test for unified cgroup
+ hierarchy
+ * debian/tests/boot-and-services: Check common properties of CLI programs.
+ Verify that CLI programs have a sane behaviour and exit code when being
+ called with --help, --version, or an invalid option.
+ * nspawn: Fix exit code for --help and --version (Closes: #843544)
+ * core: Revert using the unified hierarchy for the systemd cgroup.
+ Too many things don't get along with it yet, like docker, LXC, or runc.
+ (Closes: #843509)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 09 Nov 2016 09:34:45 +0100
+
+systemd (232-2) unstable; urgency=medium
+
+ * Drop RestrictAddressFamilies from service files.
+ RestrictAddressFamilies= is broken on 32bit architectures and causes
+ various services to fail with a timeout, including
+ systemd-udevd.service.
+ While this might actually be a libseccomp issue, remove this option for
+ now until a proper solution is found. (Closes: #843160)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 05 Nov 2016 22:43:27 +0100
+
+systemd (232-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release 232:
+ - Fix "systemctl start" when ReadWriteDirectories is a symlink
+ (Closes: ##792187)
+ - Fix "journalctl --setup-keys" output (Closes: #839097)
+ - Run run sysctl service if /proc/sys/net is writable, for containers
+ (Closes: #840529)
+ - resolved: Add d.f.ip6.arpa to the DNSSEC default negative trust anchors
+ (Closes: #834453)
+ * debian/tests/logind: Copy the current on-disk unit instead of the
+ on-memory one.
+ * Build sd-boot on arm64. gnu-efi is available on arm64 now.
+ (Closes: #842617)
+ * Link test-seccomp against seccomp libs to fix FTBFS
+ * debian/rules: Remove nss-systemd (until we package it)
+ * Install new systemd-mount
+
+ [ Michael Biebl ]
+ * Install new journal-upload.conf man pages in systemd-journal-remote
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 04 Nov 2016 07:18:10 +0200
+
+systemd (231-10) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * systemctl: Add --wait option to wait until started units terminate again.
+ * nss-resolve: return NOTFOUND instead of UNAVAIL on resolution errors.
+ This makes it possible to configure a fallback to "dns" without breaking
+ DNSSEC, with "resolve [!UNAVAIL=return] dns".
+ * libnss-resolve.postinst: Skip dns fallback if resolve is present.
+ Only fall back to "dns" if nss-resolve is not installed (for the
+ architecture of the calling program). Once it is, we never want to fall
+ back to "dns" as that breaks enforcing DNSSEC verification and also
+ pointlessly retries NXDOMAIN failures. (LP: #1624071)
+ * unit: sent change signal before removing the unit if necessary
+ (LP: #1632964)
+ * networkd: Fix assertion crash on adding VTI with IPv6 addresses
+ (LP: #1633274)
+ * debian/tests/upstream: Stop specifying initrd, it is autodetected now.
+ * debian/tests/upstream: Add gcc/libc-dev/make test dependencies,
+ so that the tests can build helper binaries.
+
+ [ Felipe Sateler ]
+ * Explicitly disable installing the upstream-provided PAM configuration.
+ * Register interest in the status of dracut and initramfs-tools in reportbug
+ template
+
+ [ Michael Biebl ]
+ * Stop creating systemd-update-utmp-runlevel.service symlinks manually
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 26 Oct 2016 13:24:37 +0200
+
+systemd (231-9) unstable; urgency=medium
+
+ * pid1: process zero-length notification messages again.
+ Just remove the assertion, the "n" value was not used anyway. This fixes
+ a local DoS due to unprocessed/unclosed fds which got introduced by the
+ previous fix. (Closes: #839171) (LP: #1628687)
+ * pid1: Robustify manager_dispatch_notify_fd()
+ * test/networkd-test.py: Add missing writeConfig() helper function.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 29 Sep 2016 23:39:24 +0200
+
+systemd (231-8) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Replace remaining systemctl --failed with --state=failed
+ "--failed" is deprecated in favor of --state.
+ * debian/shlibs.local.in: More precisely define version of internal shared
+ lib.
+ * debian/tests/upstream: Drop blacklisting
+ These tests now work fine without qemu.
+ * debian/tests/storage: Avoid rmmod scsi_debug (LP: #1626737)
+ * upstream build system: Install libudev, libsystemd, and nss modules to
+ ${rootlibdir}. Drop downstream workaround from debian/rules.
+ * Ubuntu: Disable resolved's DNSSEC for the final 16.10 release.
+ Resolved's DNSSEC support is still not mature enough, and upstream
+ recommends to disable it in stable distro releases still.
+ * Fix abort/DoS on zero-length notify message triggers (LP: #1628687)
+ * resolved: don't query domain-limited DNS servers for other domains
+ (LP: #1588230)
+
+ [ Antonio Ospite ]
+ * Update systemd-user pam config to require pam_limits.so.
+ (Closes: #838191)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 29 Sep 2016 13:40:21 +0200
+
+systemd (231-7) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * fsckd: Do not exit on idle timeout if there are still clients connected
+ (Closes: #788050, LP: #1547844)
+
+ [ Martin Pitt ]
+ * 73-usb-net-by-mac.rules: Split kernel command line import line.
+ Reportedly this makes the rule actually work on some platforms. Thanks Alp
+ Toker! (LP: #1593379)
+ * debian/tests/boot-smoke: Only run 5 iterations
+ * systemd.postinst: Drop obsolete setcap call for systemd-detect-virt.
+ Drop corresponding libcap2-bin dependency.
+ * debian/tests/systemd-fsckd: Robustify check for "unit was running"
+ (LP: #1624406)
+ * debian/extra/set-cpufreq: Use powersave with intel_pstate.
+ This is what we did on xenial, and apparently powersave is still actually
+ better than performance. Thanks to Doug Smythies for the measurements!
+ (LP: #1579278)
+ * Ubuntu: Move ondemand.service from static to runtime enablement.
+ This makes it easier to keep performance, by disabling ondemand.service.
+ Side issue in LP: #1579278
+ * Revert "networkd: remove route if carrier is lost"
+ This causes networkd to drop addresses from unmanaged interfaces in some
+ cases. (Closes: #837759)
+ * debian/tests/storage: Avoid stderr output of stopping systemd-cryptsetup@.service
+ * libnss-*.prerm: Remove possible [key=value] options from NSS modules as well.
+ (LP: #1625584)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 20 Sep 2016 15:03:06 +0200
+
+systemd (231-6) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Add alternative iptables-dev build dependencies
+ libiptc-dev is very new and not yet present in stable Debian/Ubuntu releases.
+ Add it as a fallback build dependency for backports and upstream tests.
+ * Detect if seccomp is enabled but seccomp filtering is disabled
+ (Closes: #832713)
+ * resolved: recognize DNS names with more than one trailing dot as invalid
+ (LP: #1600000)
+ * debian/tests/smoke: Store udev db dump artifact on failure
+ * networkd: limit the number of routes to the kernel limit
+ * systemctl: consider service running only when it is in active or reloading state
+ * networkd: remove route if carrier is lost
+ * Add Ref()/Unref() bus calls for units
+
+ [ Felipe Sateler ]
+ * git-cherry-pick: always recreate the patch-queue branch.
+
+ [ Dimitri John Ledkov ]
+ * Use idiomatic variables from dpkg include.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 11 Sep 2016 15:00:55 +0200
+
+systemd (231-5) unstable; urgency=medium
+
+ [ Iain Lane ]
+ * Let graphical-session-pre.target be manually started (LP: #1615341)
+
+ [ Felipe Sateler ]
+ * Add basic version of git-cherry-pick
+ * Replace Revert-units-add-a-basic-SystemCallFilter-3471.patch with upstream
+ patch
+ * sysv-generator: better error reporting. (Closes: #830257)
+
+ [ Martin Pitt ]
+ * 73-usb-net-by-mac.rules: Test for disabling 80-net-setup-link.rules more
+ efficiently. Stop calling readlink at all and just test if
+ /etc/udev/rules.d/80-net-setup-link.rules exists -- a common way to
+ disable an udev rule is to just "touch" it in /etc/udev/rule.d/ (i. e.
+ empty file), and if the rule is customized we cannot really predict anyway
+ if the user wants MAC-based USB net names or not. (LP: #1615021)
+ * Ship kernel-install (Closes: #744301)
+ * Add debian/extra/kernel-install.d/60-initrd.install.
+ This kernel-install drop-in copies the initrd of the selected kernel to
+ the EFI partition.
+ * bootctl: Automatically detect ESP partition.
+ This makes bootctl work with Debian's /boot/efi/ mountpoint without having
+ to explicitly specify --path.
+ Patches cherry-picked from upstream master.
+ * systemd.NEWS: Point out that alternatively rcS scripts can be moved to
+ rc[2-5]. Thanks to Petter Reinholdtsen for the suggestion!
+
+ [ Michael Biebl ]
+ * Enable iptables support (Closes: #787480)
+ * Revert "logind: really handle *KeyIgnoreInhibited options in logind.conf"
+ The special 'key handling' inhibitors should always work regardless of
+ any *IgnoreInhibited settings – otherwise they're nearly useless.
+ Update man pages to clarify that *KeyIgnoreInhibited only apply to a
+ subset of locks (Closes: #834148)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 26 Aug 2016 10:58:07 +0200
+
+systemd (231-4) unstable; urgency=medium
+
+ * Revert "pid1: reconnect to the console before being re-executed"
+ This unbreaks consoles after "daemon-reexec". (Closes: #834367)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 18 Aug 2016 07:03:13 +0200
+
+systemd (231-3) unstable; urgency=medium
+
+ * resolved resolvconf integration: Run resolvconf without privilege
+ restrictions. On some architectures (at least ppc64el), running resolvconf
+ does not work with MemoryDenyWriteExecute=yes. (LP: #1609740)
+ * Revert unit usage of MemoryDenyWriteExecute=yes. This is implemented
+ through seccomp as well. (Closes: #832713)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 15 Aug 2016 09:58:09 +0200
+
+systemd (231-2) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/rules: Fix UPSTREAM_VERSION for upstream master builds
+ * Limit "link against /usr" check to some critical binaries only and add
+ generators
+ * debian/rules: Put back cleanup of *.busname (Closes: #833487)
+ * debian/tests/localed-x11-keymap: Robustify cleanup
+ * debian/tests/localed-x11-keymap: Check that localed works without
+ /etc/default/keyboard. This reproduces #833849.
+ * Revert "units: add a basic SystemCallFilter (#3471)"
+ This causes fatal failures on kernels that don't have seccomp enabled.
+ This can be reactivated once
+ https://github.com/systemd/systemd/issues/3882 is fixed.
+ (Closes: #832713, #832893)
+
+ [ Simon McVittie ]
+ * localed: tolerate absence of /etc/default/keyboard.
+ The debian-specific patch to read Debian config files was not tolerating
+ the absence of /etc/default/keyboard. This causes systemd-localed to
+ fail to start on systems where that file isn't populated (like embedded
+ systems without keyboards). (Closes: #833849)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 14 Aug 2016 10:54:57 +0200
+
+systemd (231-1) unstable; urgency=low
+
+ [ Martin Pitt ]
+ * New upstream release 231:
+ - Fix "Failed to create directory /str/sys/fs/selinux: Read-only file
+ system" warning. (Closes: #830693)
+ * systemd.postinst: Remove systemd-networkd-resolvconf-update.path removal
+ leftover. (Closes: #830778)
+ * Drop support for rcS.d SysV init scripts.
+ These are prone to cause dependency loops, and almost all packages with
+ rcS scripts now ship a native systemd service.
+ * networkd: Handle router advertisements in userspace again.
+ Drop Revert-Revert-networkd-ndisc-revert-to-letting-the-k.patch.
+ Bug #814566/#815586 got fixed in 230, and #815884 and #815884 and #815793
+ are unreproducible and need more reporter feedback.
+ * debian/gbp.conf: Enable dch options "full" and "multimaint-merge"
+ * systemd-sysv: Add Conflicts: systemd-shim.
+ To avoid shim trying to claim the D-Bus interfaces.
+ * Add graphical-session.target user unit.
+ * Add graphical-session-pre.target user unit
+ * Add debian/extra/units-ubuntu/user@.service.d/timeout.conf.
+ This avoids long hangs during shutdown if user services fail/hang due to
+ X.org going away too early. This is mostly a workaround, so only install
+ for Ubuntu for now.
+ * Dynamically add upstream version to debian/shlibs.local
+ * Set Debian/Ubuntu downstream support URL in journal catalogs
+ (Closes: #769187)
+
+ [ Michael Biebl ]
+ * Restrict Conflicts: openrc to << 0.20.4-2.1.
+ Newer versions of openrc no longer ship conflicting implementations of
+ update-rc.d/invoke-rc.d.
+ * Add Depends: dbus to systemd-container.
+ This is required for systemd-machined and systemd-nspawn to work
+ properly. (Closes: #830575)
+ * Drop insserv.conf generator.
+ We no longer parse /etc/insserv.conf and /etc/insserv.conf.d/* and
+ augment services with that dependency information via runtime drop-in
+ files. Services which want to provide certain system facilities need to
+ pull in the corresponding targets themselves. Either directly in the
+ native service unit or by shipping a drop-in snippet for SysV init
+ scripts. (Closes: #825858)
+ * getty-static.service: Only start if we have a working VC subsystem.
+ Use ConditionPathExists=/dev/tty0, the same check as in getty@.service,
+ to determine whether we have a functional VC subsystem and we should
+ start any gettys. (Closes: #824779)
+ * Stop mentioning snapshot and restore in the package description.
+ Support for the .snapshot unit type has been removed upstream.
+ * Drop sigpwr-container-shutdown.service.
+ This is no longer necessary as lxc-stop has been fixed to use SIGRTMIN+3
+ to shut down systemd based LXC containers.
+ https://github.com/lxc/lxc/pull/1086
+ https://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/
+
+ [ Felipe Sateler ]
+ * Add versioned breaks for packages shipping rcS init scripts
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 26 Jul 2016 12:17:14 +0200
+
+systemd (230-7) unstable; urgency=medium
+
+ * Tell dh_shlibdeps to look in the systemd package for libraries. Otherwise
+ dpkg-shlibdeps fails to find libsystemd-shared as we no longer create a
+ shlibs file for it.
+ * Add Build-Depends-Package to libudev1.symbols and libsystemd0.symbols.
+ This ensures proper dependencies when a package has a Build-Depends on a
+ higher version of libudev-dev or libsystemd-dev then what it gets from the
+ used symbols.
+
+ -- Michael Biebl <biebl@debian.org> Fri, 08 Jul 2016 13:04:33 +0200
+
+systemd (230-6) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/boot-smoke: Stop running in containers again, too unreliable
+ on Ubuntu s390x right now.
+
+ [ Michael Biebl ]
+ * Bump Build-Depends on debhelper to (>= 9.20160114), required for
+ --dbgsym-migration support.
+ * Install test-udev binary into $libdir/udev/ not $libdir. Only libraries
+ should be installed directly into $libdir.
+ * Exclude libsystemd-shared from dh_makeshlibs.
+
+ [ Felipe Sateler ]
+ * Do not install libsystemd-shared.so symlink
+ * {machine,system}ctl: always pass &changes and &n_changes (Closes: #830144)
+
+ [ Michael Prokop ]
+ * debian/tests/logind: Ensure correct version of logind is running.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 07 Jul 2016 15:22:16 +0200
+
+systemd (230-5) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Sync test/networkd-test.py with current upstream master, and remove our
+ debian/tests/networkd copy. Directly run test/networkd-test.py in
+ autopkgtest.
+ * debian/extra/rules/73-usb-net-by-mac.rules: Disable when
+ /etc/udev/rules.d/80-net-setup-link.rules is a symlink to /dev/null, to be
+ consistent with the documented way to disable ifnames. (Closes: #824491,
+ LP: #1593379)
+ * debian/rules: Ignore libcap-ng.so in the "does anything link against /usr"
+ check, to work around libaudit1 recently gaining a new dependency against
+ that library (#828991). We have no influence on that ourselves. This fixes
+ the FTBFS in the meantime.
+
+ [ Felipe Sateler ]
+ * Convert common code into a private shared library. This saves about 9 MB
+ of installed size in the systemd package, and some more in systemd-*.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 01 Jul 2016 09:15:12 +0200
+
+systemd (230-4) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * tmp.mount: Add nosuid and nodev mount options. This restores compatibility
+ with the original SysV int RAMTMP defaults. (Closes: #826377)
+ * debian/tests/upstream: Some tests fail on platforms without QEMU at the
+ moment due to upstream PR#3587; blacklist these for now if QEMU is not
+ available.
+ * debian/rules: Don't run the "anything links against /usr" check for
+ upstream tests, as those run on Ubuntu 16.04 LTS which does not yet have
+ libidn moved to /lib.
+ * debian/tests/upstream: Clean up old journals before running a test, to
+ avoid printing a wrong one on failure.
+ * debian/tests/upstream: Do not run the QEMU tests on i386. Nested QEMU on
+ i386 causes testbed hangs on Ubuntu's cloud infrastructure, which is the
+ only place where these actually run.
+ * resolved: Fix SERVFAIL handling and introduce a new "Cache=" option to
+ disable local caching.
+ * resolved: Support IPv6 zone indices in resolv.conf. (LP: #1587489)
+ * resolved: Update resolv.conf when calling SetLinkDNS().
+ * debian/tests/storage: Sync and settle udev after luksFormat, to reduce the
+ chance of seeing some half-written signatures.
+ * debian/tests/networkd: Stop skipping the two DHCP6 tests, this regression
+ seems to have been fixed now.
+ * resolved: respond to local resolver requests on 127.0.0.53:53. This
+ provides compatibility with clients that don't use NSS but do DNS queries
+ directly, such as Chrome.
+ * resolved: Don't add route-only domains to /etc/resolv.conf.
+ * systemd-resolve: Add --flush-caches and --status commands.
+ * Add debian/extra/units/systemd-resolved.service.d/resolvconf.conf to tell
+ resolvconf about resolved's builtin DNS server on 127.0.0.53. With that,
+ DNS servers picked up via networkd are respected when using resolvconf,
+ and software like Chrome that does not do NSS (libnss-resolve) still gets
+ proper DNS resolution. Drop the brittle and ugly
+ systemd-networkd-resolvconf-update.{path,service} hack instead.
+ * debian/tests/boot-smoke: Run in containers as well.
+
+ [ Laurent Bigonville ]
+ * Build with IDN support. (Closes: #814528)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 29 Jun 2016 15:23:32 +0200
+
+systemd (230-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/boot-and-services: Adjust test_tmp_mount() for fixed
+ systemctl exit code for "unit not found" in upstream commit ca473d57.
+ * debian/tests/boot-and-services, test_no_failed(): Show journal of failed
+ units.
+ * debian/extra/init-functions.d/40-systemd: Adjust to changed systemctl
+ show behaviour in 231: now this fails for nonexisting units instead of
+ succeeding with "not-found". Make the code compatible to both for now.
+ * Fix networkd integration with resolvconf for domain-limited DNS servers,
+ so that these don't appear as global nameservers in resolv.conf. Thanks
+ Andy Whitcroft for the initial fix! Add corresponding test case to
+ debian/tests/networkd. (LP: #1587762)
+ * resolved: Fix comments in resolve.conf for search domain overflows.
+ (LP: #1588229)
+ * On Ubuntu, provide an "ondemand.service" that replaces
+ /etc/init.d/ondemand. The latter does not exist any more when
+ "initscripts" falls out of the default installation. (LP: #1584124) This
+ now does not do a fixed one-minute wait but uses "Type=idle" instead. This
+ also becomes a no-op when the CPU supports "intel_pstate" (≤ 5 years old),
+ as on these the ondemand/powersave schedulers are actually detrimental.
+ (LP: #1579278)
+ * debian/systemd-container.install: Drop *.busname installation, they are
+ going away upstream.
+ * debian/extra/init-functions.d/40-systemd: Do not call systemctl
+ daemon-reload if the script is called as user (like reportbug does). Also
+ make sure that daemon-reload will not invoke polkit.
+ * Install test-udeb from .libs, to avoid installing the automake shell
+ wrapper.
+ * Fix transaction restarting in resolved to avoid async processing of
+ free'd transactions.
+ (Closes: #817210, LP: #1587727, #1587740, #1587762, #1587740)
+ * Add "upstream" autopkgtest that runs the test/TEST* upstream integration
+ tests in QEMU and nspawn.
+ * Build systemd-sysusers binary, for using in rkt. Do not ship the
+ corresponding unit and sysusers.d/ files yet, as these need some
+ Debianization and an autopkgtest. (Closes: #823322)
+ * debian/tests/systemd-fsckd: Adjust was_running() to also work for version
+ 230.
+
+ [ Michael Biebl ]
+ * Add "systemctl daemon-reload" to lsb init-functions hook if the LoadState
+ of a service is "not-found". This will run systemd-sysv-generator, so SysV
+ init scripts that aren't installed by the package manager should be picked
+ up automatically. (Closes: #825913)
+ * automount: handle expire_tokens when the mount unit changes its state.
+ (Closes: #826512)
+ * debian/systemd.preinst: Correctly determine whether a service is enabled.
+ Testing for the return code alone is not sufficient as we need to
+ differentiate between "generated" and "enabled" services.
+ (Closes: #825981)
+
+ [ Felipe Sateler ]
+ * Drop configure option --disable-compat-libs. It no longer exists.
+ * Add policykit-1 to Suggests. It is used to allow unprivileged users to
+ execute certain commands. (Closes: #827756)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 21 Jun 2016 23:51:07 +0200
+
+systemd (230-2) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Don't add a Breaks: against usb-modeswitch when building on Ubuntu; there
+ it does not use hotplug.functions and is a lower version.
+ * boot-and-services autopkgtest: Add missing xserver-xorg and
+ lightdm-greeter test dependencies, so that lightdm can start.
+ (See LP #1581106)
+ * Re-disable logind's KillUserProcesses option by default. (Closes: #825394)
+
+ [ Michael Biebl ]
+ * Drop --disable-silent-rules from debian/rules. This is now handled by dh
+ directly depending on whether the DH_QUIET environment variable is set.
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 31 May 2016 12:02:14 +0200
+
+systemd (230-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release 230.
+ - Fix rare assertion failure in hashmaps. (Closes: #816612)
+ - Fix leaking scope units. (Closes: #805477)
+ - Fix wrong socket ownership after daemon-reload. (LP: #1577001)
+ - udev: Fix touch screen detection. (LP: #1530384)
+ * Drop cmdline-upstart-boot autopkgtest. It was still needed up to Ubuntu
+ 16.04 LTS, but upstart-sysv is not supported any more in Debian and Ubuntu
+ now.
+ * udev: Drop hotplug.functions, now that the last remaining user of this got
+ fixed. Add appropriate versioned Breaks:.
+ * debian/extra/rules/70-debian-uaccess.rules: Add some more FIDO u2f devices
+ from different vendors. Thanks Atoyama Tokanawa.
+ * Remove "bootchart" autopkgtest, this upstream version does not ship
+ bootchart any more. It will be packaged separately.
+
+ [ Michael Biebl ]
+ * Drop obsolete --disable-bootchart configure switch from udeb build.
+ * Remove obsolete /etc/systemd/bootchart.conf conffile on upgrades.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 23 May 2016 09:42:51 +0200
+
+systemd (229-6) unstable; urgency=medium
+
+ * systemd-container: Prefer renamed "btrfs-progs" package name over
+ "btrfs-tools". (Closes: #822629)
+ * systemd-container: Recommend libnss-mymachines. (Closes: #822615)
+ * Drop systemd-dbg, in favor of debhelpers' automatic -dbgsym packages.
+ * Drop Add-targets-for-compatibility-with-Debian-insserv-sy.patch; we don't
+ need $x-display-manager any more as most/all DMs ship native services, and
+ $mail-transport-agent is not widely used (not even by our default MTA
+ exim4).
+ * Unify our two patches for Debian specific configuration files.
+ * Drop udev-re-enable-mount-propagation-for-udevd.patch, i. e. run udevd in
+ its own slave mount name space again. laptop-mode-tools 1.68 fixed the
+ original bug (#762018), thus add a Breaks: to earlier versions.
+ * Ship fbdev-blacklist.conf in /lib/modprobe.d/ instead of /etc/modprobe.d/;
+ remove the conffile on upgrades.
+ * Replace util-Add-hidden-suffixes-for-ucf.patch with patch that got
+ committed upstream.
+ * Replace Stop-syslog.socket-when-entering-emergency-mode.patch with patch
+ that got committed upstream.
+ * debian/udev.README.Debian: Adjust documentation of MAC based naming for
+ USB network cards to the udev rule, where this was moved to in 229-5.
+ * debian/extra/init-functions.d/40-systemd: Invoke status command with
+ --no-pager, to avoid blocking scripts that call an init.d script with
+ "status" with an unexpected pager process. (Closes: #765175, LP: #1576409)
+ * Add debian/extra/rules/70-debian-uaccess.rules: Make FIDO U2F dongles
+ accessible to the user session. This avoids having to install libu2f-host0
+ (which isn't discoverable at all) to make those devices work.
+ (LP: #1387908)
+ * libnss-resolve: Enable systemd-resolved.service on package installation,
+ as this package makes little sense without resolved.
+ * Add a DHCP exit hook for pushing received NTP servers into timesyncd.
+ (LP: #1578663)
+ * debian/udev.postinst: Fix migration check from the old persistent-net
+ generator to not apply to chroots. (Closes: #813141)
+ * Revert "enable TasksMax= for all services by default, and set it to 512".
+ Introducing a default limit on number of threads broke a lot of software
+ which regularly needs more, such as MySQL and RabbitMQ, or services that
+ spawn off an indefinite number of subtasks that are not in a scope, like
+ LXC or cron. 512 is way too much for most "simple" services, and it's way
+ too little for the ones mentioned above. Effective (and much stricter)
+ limits should instead be put into units individually.
+ (Closes: #823530, LP: #1578080)
+ * Split out udev rule to name USB network interfaces by MAC address into
+ 73-usb-net-by-mac.rules, so that it's easier to disable. (Closes: #824025)
+ * 73-usb-net-by-mac.rules: Disable when net.ifnames=0 is specified on the
+ kernel command line, to be consistent with disabling the *.link files.
+ * 73-special-net-names.rule: Name the IBM integrated management module
+ virtual USB network card "ibmimm". Thanks Marco d'Itri!
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 12 May 2016 09:40:19 +0200
+
+systemd (229-5) unstable; urgency=medium
+
+ * debian/tests/unit-config: Call "daemon-reload" to clean up generated units
+ in between tests.
+ * debian/tests/unit-config: Check that enable/disable commands are
+ idempotent.
+ * debian/tests/unit-config: Detect if system units are in /usr/, so that the
+ test works on systems with merged /usr.
+ * debian/tests/unit-config: Use systemd-sysv-install instead of update-rc.d
+ directly, so that the test works under Fedora too.
+ * debian/tests/unit-config: Check disabling of a "systemctl link"ed unit,
+ and check "systemctl enable" on a unit with full path which is not in the
+ standard directories.
+ * Rename debian/extra/rules/73-idrac.rules to 73-special-net-names.rules, as
+ it is going to get rules for other devices. Also install it into the
+ initramfs.
+ * debian/extra/rules/73-special-net-names.rules: Add DEVPATH number based
+ naming schema for ibmveth devices. (LP: #1561096)
+ * Don't set SYSTEMD_READY=0 on DM_UDEV_DISABLE_OTHER_RULES_FLAG=1 devmapper
+ devices with "change" events, as this causes spurious unmounting with
+ multipath devices. (LP: #1565969)
+ * Fix bogus "No [Install] section" warning when enabling a unit with full
+ path. (LP: #1563590)
+ * debian/tests/cmdline-upstart-boot: In test_rsyslog(), check for messages
+ from dbus instead of NetworkManager. NM 1.2 does not seem to log to syslog
+ by default any more.
+ * Bump Standards-Version to 3.9.8 (no changes necessary).
+ * debian/tests/boot-smoke: Add some extra debugging if there are pending
+ jobs after 10s, to figure out why lightdm is sometimes "restarting".
+ (for LP #1571673)
+ * debian/tests/boot-smoke: Configure dummy X.org driver (like in the
+ boot-and-services test), to avoid lightdm randomly fail. (LP: #1571673)
+ * Move Debian specific patches into debian/patches/debian (which translates
+ to "Gbp-Pq: Topic debian" with pq). This keeps upstream vs. Debian
+ patches separated without the comments in debian/patches/series (which
+ always get removed by "pq export").
+ * Don't ship an empty /etc/X11/xinit/xinitrc.d/ directory, this isn't
+ supported in Debian. (Closes: #822198)
+ * udev: Mark nbd as inactive until connected. (Closes: #812485)
+ * On shutdown, unmount /tmp before disabling swap. (Closes: #788303)
+ * debian/systemd-coredump.postinst: Do daemon-reload before starting
+ systemd-coredump, as the unit file may have changed on upgrades.
+ (Closes: #820325)
+ * Set MAC based name for USB network interfaces only for universally
+ administered (i. e. stable) MACs, not for locally administered (i. e.
+ randomly generated) ones. Drop /lib/systemd/network/90-mac-for-usb.link
+ (as link files don't currently support globs for MACAddress=) and replace
+ with an udev rule in /lib/udev/rules.d/73-special-net-names.rules.
+ (Closes: #812575, LP: #1574483)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 25 Apr 2016 11:08:11 +0200
+
+systemd (229-4) unstable; urgency=medium
+
+ * Fix assertion crash when processing a (broken) device without a sysfs
+ path. (Closes: #819290, LP: #1560695)
+ * Fix crash when shutdown is issued from a non-tty. (LP: #1553040)
+ * networkd: Stay running while any non-loopback interface is up.
+ (Closes: #819414)
+ * Fix reading uint32 D-Bus properties on big-endian.
+ * Fix crash if an udev device has many tags or devlinks. (LP: #1564976)
+ * systemctl, loginctl, etc.: Don't start polkit agent when running as root.
+ (LP: #1565617)
+ * keymap: Add Add HP ZBook (LP: #1535219) and HP ProBook 440 G3.
+ * systemd.resource-control.5: Fix links to cgroup documentation on
+ kernel.org. (Closes: #819970)
+ * Install test-udev into libudev-dev, so that we have it available for
+ autopkgtests.
+ * Add "udev" autopkgtest for running the upstream test/udev-test.pl.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 07 Apr 2016 08:11:10 +0200
+
+systemd (229-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/timedated: Add tests for "timedatectl set-local-rtc".
+ * Be more tolerant in parsing /etc/adjtime.
+ * debian/systemd.postinst: Don't fail package installation if systemctl
+ daemon-reload trigger fails. This does not fix the root cause of the
+ reload failures, but at least causes fewer packages to be in a broken
+ state after upgrade, so that a reboot or apt-get -f install have a much
+ higher chance in succeeding. (For bugs like LP #1502097 or LP #1447654)
+ * debian/tests/networkd: Skip test_hogplug_dhcp_ip6 when running against
+ upstream as well.
+ * debian/tests/boot-and-services: Wait for units to stop with a "systemctl
+ is-active" loop instead of static sleeps.
+ * debian/tests/networkd: Skip DHCPv6 tests for downstream packages too. This
+ is an actual regression in networkd-229, to be investigated. But this
+ shouldn't hold up reverse dependencies.
+ * Fix assertion in add_random(). (LP: #1554861)
+ * debian/tests/boot-and-services: Don't assert on "Stopped Container c1"
+ message in NspawnTests.test_service(), this is sometimes not present. Just
+ check that the unit did not fail.
+ * Add "adduser" dependency to systemd-coredump, to quiesce lintian.
+ * Bump Standards-Version to 3.9.7 (no changes necessary).
+ * Fix timespec parsing by correctly initializing microseconds.
+ (Closes: #818698, LP: #1559038)
+ * networkd: Add fallback if FIONREAD is not supported. (Closes: #818488)
+ * Cherry-pick various fixes from upstream master.
+ - Fixes logout when changing the current target. (Closes: #805442)
+
+ [ Evgeny Vereshchagin ]
+ * debian/tests/boot-and-services: Search systemd-coredump's output by
+ SYSLOG_IDENTIFIER.
+ * Add missing "Recommends: btrfs-tools" to systemd-container.
+ * Add systemd-coredump postinst/prerm to start/stop systemd-coredump.socket
+ without a reboot. (Closes: #816767)
+
+ [ Felipe Sateler ]
+ * Set the paths of loadkeys and setfont via configure arguments, not a patch
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 21 Mar 2016 14:11:44 +0100
+
+systemd (229-2) unstable; urgency=medium
+
+ * time-util: map ALARM clockids to non-ALARM clockids in now(), to work on
+ architectures which don't support CLOCK_BOOTTIME_ALARM. Fixes FTBFS on
+ many architectures.
+ * debian/systemd.postinst: Add missing newline to /etc/adjtime migration.
+ (See #699554)
+ * debian/systemd.postinst: Only try to enable tmp.mount if we actually
+ copied it to /etc. Don't try to enable a generated unit. (LP: #1545707)
+ * debian/tests/boot-and-services: Increase timeouts of test_bash_crash from
+ 5 to 10 seconds, and sync the journal after every iteration.
+ * debian/extra/checkout-upstream: Try again after one minute if git checkout
+ fails, to avoid failures from transient network errors.
+ * debian/tests/systemd-fsckd: Use grub.d/50-cloudimg-settings.cfg as a
+ template for generating our custom one instead of 90-autopkgtest.cfg. The
+ latter does not exist on non-x86 architectures and is not relevant for
+ this test.
+ * debian/tests/boot-and-services: Skip journal test for test_bash_crash when
+ running against upstream, as this currently fails most of the time. To be
+ investigated.
+ * debian/tests/networkd: Skip test_coldplug_dhcp_ip6 when running against
+ upstream, as this is brittle there. To be investigated.
+ * debian/tests/bootchart: Skip test if bootchart is not available or
+ testing in upstream mode. bootchart got removed from master and will be
+ moved to a separate repository.
+ * debian/tests/boot-and-services: Show verbose journal output on failure in
+ nspawn test, and sync journal before.
+ * Move systemd-coredump socket and service into systemd-coredump binary
+ package.
+ * Revert changing the default core dump ulimit and core_pattern. This
+ completely breaks core dumps without systemd-coredump. It's also
+ contradicting core(8). (Closes: #815020)
+ * Fix addresses for type "sit" tunnels. (Closes: #816132)
+ * networkd: Go back to letting the kernel handle IPv6 router advertisements,
+ as networkd's own currently has too many regressions. Thanks to Stefan
+ Lippers-Hollmann for investigating this! (Closes: #814566,
+ #814667, #815586, #815884, #815793)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 28 Feb 2016 22:16:12 +0100
+
+systemd (229-1) unstable; urgency=medium
+
+ * New upstream release 229.
+ - Fix systemctl behaviour in chroots. (Closes: #802780)
+ - Fix SELinux context of /run/user/$UID. (Closes: #775651)
+ - Add option to optionally turn of color output. (Closes: #783692)
+ - Don't git-ignore src/journal-remote/browse.html. (Closes: #805514)
+ - Do not warn about Wants depencencies on masked units. (LP: #1543282)
+ * debian/systemd.install: Ship the new systemd-resolve.
+ * libsystemd0.symbols: Add new symbols from this release.
+ * systemd-coredump.postinst: Create systemd-coredump system user.
+ * debian/tests/systemd-fsckd: Tame overly strict test for failed plymouth
+ unit, which is a race condition with plymouthd auto-stopping.
+ (LP: #1543144)
+ * Drop timedated-don-t-rely-on-usr-being-mounted-in-the-ini.patch.
+ initramfs-tools has mounted /usr since Jessie, and tzdata now creates
+ /etc/localtime as a symlink too (see #803144).
+ * Use-different-default-paths-for-various-binaries.patch: Drop path changes
+ for setcap (which is already a build dep and not used at all) and sulogin
+ (which is now in util-linux).
+ * Remove obsolete udev maintainer script checks:
+ - Drop check for kernel >= 2.6.32, which released in 2009.
+ - Drop restarting of some daemons due to the devtmpfs migration, which
+ happened before the above kernel even.
+ - Drop support for forcing upgrades on kernels known not to work via
+ /etc/udev/kernel-upgrade. Don't pretend that this would help, as users
+ could end up with a non-bootable system. Always fail early in preinst
+ when it's still possible to install a working kernel.
+ - Drop postinst test for "running in containers" -- it's actually possible
+ to run udev in containers if you mount /sys r/w and you know what you
+ are doing. Also, the init.d script and systemd service do that check
+ again.
+ - Keep the kernel feature and chroot checks, as these are still useful.
+ Simplify check_kernel_features() by eliminating some variables.
+ - Drop debconf templates. Two of them are obsolete, and having
+ CONFIG_SYSFS_DEPRECATED is now so implausible that this doesn't warrant
+ the overhead and translator efforts.
+ * Drop debian/tests/ifupdown-hotplug. The units moved into ifupdown, so the
+ test should go there too (see #814312).
+ * debian/tests/control: Reorder tests and add a comment which ones should
+ not be run for an upstream build.
+ * debian/tests/control: Rearrange tests and avoid removing test dependencies
+ to minimize testbed resets.
+ * Add debian/extra/checkout-upstream: Script to replace the current
+ source with a checkout of an upstream pull request, branch, or commit,
+ and remove debian/patches/. Call from debian/rules if $TEST_UPSTREAM is
+ set. This will be used for upstream CI.
+ * Enable seccomp support on powerpc, ppc64el, and s390x.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 11 Feb 2016 21:02:39 +0100
+
+systemd (228-6) unstable; urgency=medium
+
+ * Make-run-lock-tmpfs-an-API-fs.patch: Drop /run/lock from
+ tmpfiles.d/legacy.conf to avoid the latter clobbering the permissions of
+ /run/lock. Fixes fallout from cleanup in -5 that resulted /run/lock to
+ have 0755 permissions instead of 1777. (LP: #1541775)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 04 Feb 2016 11:46:54 +0100
+
+systemd (228-5) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Drop systemd-vconsole-setup.service: It has never been installed/used in
+ Debian and is not necessary for Ubuntu any more.
+ * Drop halt-local.service. This has never been documented/used in Debian.
+ (LP: #1532553)
+ * debian/extra/initramfs-tools/scripts/init-bottom/udev: Prefer "nuke"
+ again, it comes from klibc-utils. But fall back to "rm" if it does not
+ exist.
+ * systemd-timesyncd.service.d/disable-with-time-daemon.conf: Also don't run
+ if /usr/sbin/VBoxService exists, as virtualbox-guest-utils already
+ provides time synchronization with the host. (Closes: #812522)
+ * Drop Michael Stapelberg from Uploaders:, he stopped maintenance long ago.
+ Thanks Michael for your great work in the past!
+ * Replace "sysv-rc" dependency with Conflicts: openrc, file-rc. The
+ rationale from #739679 still applies, but with the moving of
+ {invoke,update}-rc.d to init-system-helpers we don't actually need
+ anything from sysv-rc any more other than the assumption that SysV init
+ scripts are enabled in /etc/rc?.d/ for the SysV generator to work (and
+ file-rc and openrc don't do that).
+ * debian/tests/timedated: Verify /etc/localtime symlink. Skip verifying the
+ /etc/timezone file (which is Debian specific) if $TEST_UPSTREAM is set.
+ * debian/tests/localed-locale: Check /etc/locale.conf if $TEST_UPSTREAM is
+ set.
+ * debian/tests/localed-x11-keymap: Test /etc/X11/xorg.conf.d/00-keyboard.conf
+ if $TEST_UPSTREAM is set.
+ * debian/tests/boot-and-services: Check for reaching graphical.target
+ instead of default.target, as the latter is a session systemd state only.
+ * debian/tests/boot-and-services: Skip tests which are known to fail/not
+ applicable with testing upstream builds.
+ * Drop Fix-up-tmpfiles.d-permissions-properly.patch:
+ - /run/lock is already created differently by
+ Make-run-lock-tmpfs-an-API-fs.patch, and contradicts to that.
+ - /run/lock/lockdev/ isn't being used anywhere and got dropped
+ upstream; backport the patch (tmpfiles-drop-run-lock-lockdev.patch).
+ - Move dropping of "group:wheel" (which has never existed in Debian) into
+ debian/rules, to also catch occurrences in other parts of the file which
+ the static patch would overlook.
+ * Shorten persistent identifier for CCW network interfaces (on s390x only).
+ (LP: #1526808)
+ * debian/rules: If $TEST_UPSTREAM is set (when building/testing upstream
+ master instead of distro packages), don't fail on non-installed new files
+ or new library symbols.
+ * Add systemd-sysv conflict to upstart-sysv, and version the upstart
+ conflict. This works with both Debian's and Ubuntu's upstart packages.
+
+ [ Michael Biebl ]
+ * Drop support for the /etc/udev/disabled flag file. This was a workaround
+ for udev failing to install with debootstrap because it didn't use
+ invoke-rc.d and therefor was not compliant with policy-rc.d. See #520742
+ for further details. This is no longer the case, so supporting that file
+ only leads to confusion about its purpose.
+ * Retrigger cleanup of org.freedesktop.machine1.conf and
+ hwclock-save.service now that dpkg has been fixed to correctly pass the
+ old version to postinst on upgrade. (Closes: #802545)
+ * Only ship *.link files as part of the udev package. The *.network files
+ are solely used by systemd-networkd and should therefor be shipped by the
+ systemd package. (Closes: #808237)
+ * Cherry-pick a few fixes from upstream:
+ - Fix unaligned access in initialize_srand(). (Closes: #812928)
+ - Don't run kmod-static-nodes.service if module list is empty. This
+ requires kmod v23. (Closes: #810367)
+ - Fix typo in systemctl(1). (Closes: #807462)
+ - Fix systemd-nspawn --link-journal=host to not fail if the directory
+ already exists. (Closes: #808222)
+ - Fix a typo in logind-dbus.c. The polkit action is named
+ org.freedesktop.login1.power-off, not org.freedesktop.login1.poweroff.
+ - Don't log an EIO error in gpt-auto-generator if blkid finds something
+ which is not a partition table. (Closes: #765586)
+ - Apply ACLs to /var/log/journal and also set them explicitly for
+ system.journal.
+ * Only skip the filesystem check for /usr if the /run/initramfs/fsck-usr
+ flag file exists. Otherwise we break booting with dracut which uses
+ systemd inside the initramfs. (Closes: #810748)
+ * Update the instructions in README.Debian for creating /var/log/journal.
+ They are now in line with the documentation in the systemd-journald(8) man
+ page and ensure that ACLs and group permissions are properly set.
+ (Closes: #800947, #805617)
+ * Drop "systemctl daemon-reload" from lsb init-functions hook. This is no
+ longer necessary as invoke-rc.d and init-system-helpers take care of this
+ nowadays.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 03 Feb 2016 10:09:46 +0100
+
+systemd (228-4) unstable; urgency=medium
+
+ * debian/udev.README.Debian: Add alternative way of disabling ifnames.
+ (Closes: #809339)
+ * Put back /lib/udev/hotplug.functions, until the three remaining packages
+ that use it stop doing so. (Closes: #810114)
+ * debian/udev.README.Debian: Point out that any change to interface naming
+ rules requires an initrd update.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 11 Jan 2016 07:12:40 +0100
+
+systemd (228-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/rules: Remove temporary debug output from test failures again. All
+ Debian buildd kernels are recent enough now, but add a check for kernels
+ older than 3.13 and ignore test failures for those.
+ * debian/tests/networkd: Factor out dnsmasq specific test "router" setup, so
+ that we can test against other implementations.
+ * debian/tests/networkd: Add router setup using an (isolated) networkd
+ process for configuring the veths and DHCP server.
+ * debian/tests/networkd: On failure, only show journal for current test.
+ * systemd-networkd-resolvconf-update.service: Wait for getting a name
+ server, not just for getting online.
+ * debian/tests/boot-and-services: Wait until bash crash stack trace is in
+ the journal before asserting on it. Also relax RE to work on non-x86
+ architectures.
+ * debian/tests/networkd: If /etc/resolv.conf already has three nameservers,
+ accept that too (as then the additional test one can't be added any more).
+ * Fix FTBFS on x32. Thanks Helmut Grohne! (Closes: #805910)
+ * debian/tests/networkd: For IPv6 tests, also wait for IPv4 address to
+ arrive; s-n-wait-online already exits after getting an IPv6 address, but
+ we verify both.
+ * debian/tests/boot-and-services: Don't check for "Requesting system
+ poweroff" log message in nspawn test, current upstream master does not
+ write that any more. Instead check for "Stopped Container c1".
+ * Add "storage" autopkgtest. Initially this covers some basic use cases with
+ LUKS cryptsetup devices.
+ * Add acl build dependency (for <!nocheck>). Current upstream master now
+ needs it for some test cases.
+ * debian/extra/initramfs-tools/scripts/init-bottom/udev: Use "rm -rf"
+ instead of "nuke". The latter does not exist any more in current
+ initramfs-tools.
+ * Ignore test failures during "make check" if /etc/machine-id is missing
+ (like in ancient local schroots). (Closes: #807884)
+ * debian/extra/rules/80-debian-compat.rules: Remember which device got the
+ "cdrw", "dvd", or "dvdrw" symlink to avoid changing links on device
+ events. (Closes: #774080). Drop the rule for the "cdrom" symlink as that
+ is already created in 60-cdrom_id.rules.
+ * Eliminate "hotplug.functions" udev helper and put the logging functions
+ directly into net.agent. This simplifies the migration of the latter to
+ ifupdown.
+ * Adjust manpages to keep /usr/lib/systemd/{user*,boot,ntp-units.d,modules*}
+ paths, only keep /lib/systemd/{system*,network}. (Closes: #808997)
+ * debian/udev.README.Debian: Fix typo and slight wording improvement.
+ (Closes: #809513)
+ * Drop net.agent, 80-networking.rules, and ifup@.service. These moved to
+ ifupdown 0.8.5 now. Add Breaks: to earlier versions.
+
+ [ Michael Biebl ]
+ * Bump Build-Depends on libdw-dev to (>= 0.158) as per configure.ac.
+ (Closes: #805631)
+ * Make sure all swap units are ordered before the swap target. This avoids
+ that swap devices are being stopped prematurely during shutdown.
+ (Closes: #805133)
+ * Drop unneeded /etc/X11/xinit/xinitrc.d/50-systemd-user.sh from the package
+ and clean up the conffile on upgrades. We have the dbus-user-session
+ package in Debian to properly enable the D-Bus user-session mode which
+ also takes care of updating the systemd --user environment.
+ (Closes: #795761)
+ * Stop testing for unknown arguments in udev maintainer scripts.
+ * Drop networking.service.d/systemd.conf. The ifupdown package now ships a
+ proper service file so this drop-in file is no longer necessary.
+
+ [ Andreas Henriksson ]
+ * Fix LSB init hook to not reload masked services. (Closes: #804882)
+
+ -- Martin Pitt <mpitt@debian.org> Sat, 02 Jan 2016 17:42:56 +0100
+
+systemd (228-2) unstable; urgency=medium
+
+ * Remove wrong endianness conversion in test-siphash24 to fix FTBFS on
+ big-endian machines.
+ * Bump libseccomp-dev build dependency to indicate required versions for
+ backporting to jessie. (Closes: #805497)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 19 Nov 2015 11:37:45 +0100
+
+systemd (228-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Fix journald killing by watchdog. (Closes: #805042)
+ - Drop check for /etc/mtab. (Closes: #802025)
+ - Follow unit file symlinks in /usr, but not /etc when looking for
+ [Install] data, to avoid getting confused by Aliases. (Closes: #719695)
+ - journalctl: introduce short options for --since and --until.
+ (Closes: #801390)
+ - journald: Never accept fds from file systems with mandatory locking.
+ (LP: #1514141)
+ - Put nspawn containers in correct slice. (LP: #1455828)
+ * Cherry-pick some networkd fixes from trunk to fix regressions from 228.
+ * debian/rules: Configure with --as-needed to avoid unnecessary binary
+ dependencies.
+ * systemd-networkd-resolvconf-update.service: Increase StartLimitBurst, as
+ this might be legitimately called several times in quick succession. If
+ that part of the "networkd" autopkgtest fails, show the journal log for
+ that service for easier debugging.
+ * debian/tests/boot-and-services: Add test case for systemd-coredump.
+ * Add systemd-coredump postinst/prerm to enable/disable this without a
+ reboot.
+ * debian/tests/networkd: Check for systemd-networkd-wait-online in /usr as
+ well, for usage in other distros.
+ * debian/tests/logind: Skip suspend test if the kernel does not support
+ suspend.
+ * debian/tests/logind: Split tests into functions.
+ * debian/tests/boot-and-services: Ignore failures of console-setup.service,
+ to work around LP: #1516591.
+ * debian/tests/control: Restrict boot-smoke test to isolation-machine, it
+ does not currently work well in LXC.
+ * debian/tests/networkd: Add new test cases for "DHCP=all, IPv4 only,
+ disabling RA" (which should always be fast), "DHCP=all, IPv4 only" (which
+ will require a longer timeout due to waiting 12s for a potential IPv6 RA
+ reply), and "DHCP=ipv4" (with and without RA).
+ * debian/tests/networkd: Fix UnicodeDecodeError under 'C' locale.
+ * debian/tests/networkd: Show networkctl and journal output on failure.
+ * debian/tests/networkd: Fix bytes vs. string TypeError in the IPv6 polling.
+ (LP: #1516009)
+ * debian/tests/networkd: Show contents of test .network file on failure.
+ * debian/tests/networkd: Skip if networkd is already running (safer when
+ running on real systems), and add copyright header.
+ * Bump util-linux dependencies to >= 2.27.1 to ensure that the mount monitor
+ ignores /etc/mtab.
+
+ [ Felipe Sateler ]
+ * Enable elfutils support for getting stack traces for systemd-coredump.
+ * libnss-my{machines,hostname}.postrm: do not remove entries from
+ nsswitch.conf if there are packages from other architectures remaining.
+
+ [ Michael Biebl ]
+ * Drop systemd-setup-dgram-qlen.service. This has been made obsolete by
+ upstream commit 1985486 which bumps net.unix.max_dgram_qlen to 512 early
+ during boot.
+ * Various cleanups to the udev maintainer scripts:
+ - Remove unused tempdir() function.
+ - Properly stop udev daemon on remove.
+ - Stop killing udev daemon on failed upgrades and drop the corresponding
+ starts from preinst.
+ - Stop masking systemd-udevd.service and udev.service during upgrades. We
+ restart the udev daemon in postinst, so those masks seem unnecessary.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 18 Nov 2015 16:11:59 +0100
+
+systemd (227-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/logind: Add tests for scheduled shutdown with and without
+ wall message.
+ * Import upstream fix for not unmounting system mounts (#801361) and drop
+ our revert patch.
+ * debian/tests/boot-smoke: Apply check for failed unmounts only to user
+ systemd processes, i. e. not to pid 1.
+ * Drop Fix-usr-remount-failure-for-split-usr.patch. Jessie has a new enough
+ initramfs-tools already, and this was just an error message, not breaking
+ the boot.
+ * Drop debian-fixup.service in favor of using a tmpfiles.d clause, which is
+ faster.
+ * Drop Order-remote-fs.target-after-local-fs.target.patch. It's mostly
+ academic and only applies to the already known-broken situation that rcS
+ init.d scripts depend on $remote_fs.
+ * Replace reversion of sd_pid_notify_with_fds() msg_controllen fix with
+ proper upstream fix to never block on sending messages on NOTIFY_SOCKET
+ socket.
+ * Drop check for missing /etc/machine-id on "make check" failure; this isn't
+ happening on current buildds any more.
+ * Drop Disable-tests-which-fail-on-buildds.patch, to re-evaluate what still
+ fails and needs fixing. On failure, show kernel version and /etc/hosts
+ to be able to debug them better. The next upload will make the necessary
+ adjustments to fix package builds again.
+
+ [ Michael Biebl ]
+ * Drop dependency on udev from the systemd package. We don't need udev
+ within a container, so this allows us to trim down the footprint by not
+ installing the udev package. As the udev package has Priority: important,
+ it is still installed by default though.
+ * Include the status of the udev package when filing a bug report against
+ systemd, and vice versa.
+ * Use filter instead of findstring, since findstring also matches
+ substrings and we only want direct matches.
+ * systemd.bug-script: Fix typo. (Closes: #804512)
+ * Re-add bits which call SELinux in systemd-user pam service.
+ (Closes: #804565)
+
+ [ Felipe Sateler ]
+ * Add libnss-resolve package. (Closes: #798905)
+ * Add systemd-coredump package. This Conflicts/Replaces/Provides a new
+ "core-dump-handler" virtual package. (Closes: #744964)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 11 Nov 2015 15:04:26 +0100
+
+systemd (227-2) unstable; urgency=medium
+
+ * Revert "sd_pid_notify_with_fds: fix computing msg_controllen", it causes
+ connection errors from various services on boot. (Closes: #801354)
+ * debian/tests/boot-smoke: Check for failed unmounts. This reproduces
+ #801361 (but not in a minimal VM, just in a desktop one).
+ * Revert "core: add a "Requires=" dependency between units and the
+ slices they are located in". This causes user systemd instances to try and
+ unmount system mounts (and succeed if you login as root).
+ (Closes: #801361)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 09 Oct 2015 12:34:27 +0200
+
+systemd (227-1) unstable; urgency=medium
+
+ * New upstream release.
+ - Bump watchdog timeout for shipped units to 3 min. (Closes: #776460)
+ - gpt-auto-generator: Check fstab for /boot entries. (Closes: #797326)
+ - Fix group of RuntimeDirectory dirs. (Closes: #798391)
+ - Support %i (and other macros) in RuntimeDirectory. (Closes: #799324)
+ - Bump util-linux/libmount-dev dependencies to >= 2.27.
+ * debian/libsystemd0.symbols: Add new symbols for this release.
+ * debian/extra/initramfs-tools/hooks/udev: Copy all
+ /etc/udev/rules.d/*.rules rules which are not merely overriding the one in
+ /lib/, not just 70-persistent-net.rules. They might contain network names
+ or other bits which are relevant for the initramfs. (Closes: #795494)
+ * ifup@.service: Drop PartOf=network.target; we don't want to stop these
+ units during shutdown. Stopping networking.service already shuts down the
+ interfaces, but contains the safeguard for NFS or other network file
+ systems. Isolating emergency.target still keeps working as before as well,
+ as this also stops networking.service. (Closes: #761909, LP: #1492546)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 08 Oct 2015 11:34:35 +0200
+
+systemd (226-4) unstable; urgency=medium
+
+ * debian/tests/logind: Be more verbose on failures.
+ * Revert networkd calling if-{up,post-down}.d/ scripts. About half of the
+ existing hooks are not relevant or even actively detrimental when running
+ with networkd. For the relevant ones, a lot of them should be fixed in the
+ projects themselves (using IP_FREEBIND etc.). (Closes: #798625)
+ * Add systemd-networkd-resolvconf-update.{path,service} units to send DNS
+ server updates from networkd to resolvconf, if installed and enabled.
+ * Don't restart logind on upgrades any more. This kills X.org (#798097)
+ while logind doesn't save/restore its open fds (issue #1163), and also
+ gets confused about being idle in between (LP: #1473800)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 02 Oct 2015 13:44:28 +0200
+
+systemd (226-3) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * README.Debian: Fix "other" typo. Thanks Salvatore Bonaccorso.
+ (Closes: #798737)
+
+ [ Michael Biebl ]
+ * Stop building the compat library packages and drop them for good.
+ * Update debian/copyright.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 19 Sep 2015 19:06:51 +0200
+
+systemd (226-2) unstable; urgency=medium
+
+ * debian/udev.init: Mount /dev file system with nosuid. (LP: #1450960)
+ * udev.postinst: udev 226 introduced predictable interface names for virtio.
+ Create /etc/systemd/network/50-virtio-kernel-names.link on upgrade to
+ disable this, to avoid changing e. g. "eth0" to "ens3" in QEMU instances
+ and similar environments. (Closes: #799034)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 15 Sep 2015 15:21:09 +0200
+
+systemd (226-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Fix scheduled shutdown to not shut down immediately. (Closes: #797763)
+ - Fix description of CPE_NAME in os-release(5). (Closes: #797768)
+ * debian/libsystemd0.symbols: Add new symbols from this release.
+ * Enable libseccomp support for mips64, mips64el, and x32. (Closes: #797403)
+ * debian/tests/networkd: Add hotplug tests.
+ * Make networkd call if-up.d/ scripts when it brings up interfaces, to
+ become compatible with ifupdown and NetworkManager for packages shipping
+ hooks. (LP: #1492129)
+ - Add debian/extra/systemd-networkd-dispatcher.c: suid root wrapper for
+ calling if-up.d/ or if-post-down.d/ hook scripts. Install it as
+ root:systemd-networkd 4754 so that only networkd can run it.
+ - Add networkd-call-systemd-networkd-dispatcher-when-links.patch: Call the
+ above wrapper when links go up/down.
+ - debian/tests/networkd: Verify that if-up.d/ and if-post-down.d/ scripts
+ get run for a networkd managed interface.
+ - Note that if-pre-up.d/ and if-down.d/ scripts are *not* being called, as
+ they are often not applicable for networkd (if-pre-up.d) and unreliable
+ (if-down.d).
+ * Drop udev-finish. We needed this for the autogenerated CD and network
+ interface names, but both are gone now.
+ * Drop debian/udev.udev-fallback-graphics.upstart. The vesafb module has
+ been compiled into the kernel in both Debian and Ubuntu for a fair while,
+ this never had a systemd equivalent, and Debian never shipped the
+ accompanying rules for determining $PRIMARY_DEVICE_FOR_DISPLAY.
+ * debian/control: Remove some boilerplate from the long descriptions, to
+ more easily get to the point what a specific package actually does.
+ * debian/README.Debian: As systemd is the default init now, replace the
+ documentation how to switch to systemd with how to switch back
+ (temporarily or permanently) to SysV init. Also move that paragraph to the
+ bottom as it's now less important.
+ * debian/README.Debian: Add a hint why you may want to enable persistent
+ journal, and suggest to uninstall system-log-daemon to avoid duplicate
+ logging.
+ * debian/README.Debian: Add documentation about networkd integration.
+ * Rename 01-mac-for-usb.link to 90-mac-for-usb.link so that it becomes
+ easier to override.
+ * debian-fixup.service just has one purpose now (make /etc/mtab a symlink),
+ so drop the debian/extra/debian-fixup shell script and put the ln command
+ directly into debian-fixup.service. Update the description.
+ * debian/tests/networkd: Check that /etc/resolv.conf gets the DHCP's
+ nameserver in case it is a symlink (i. e. dynamically managed by
+ systemd-resolved or resolvconf).
+ * systemd-networkd-dispatcher: Also pass on the DNS server list to if-up.d/
+ as $IF_DNS_NAMESERVERS, so that resolvconf or similar programs work as
+ expected.
+ * Drop debian/systemd-journal-remote.postrm: Removing system users is
+ potentially dangerous (there might be a leftover process after purging).
+
+ [ Michael Biebl ]
+ * Drop libsystemd-login-dev. All reverse dependencies have been updated to
+ use libsystemd-dev directly.
+ * Update build instructions to use "gbp clone" instead of "gbp-clone" as all
+ gbp-* commands have been removed from git-buildpackage.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 10 Sep 2015 16:53:53 +0200
+
+systemd (225-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release.
+ - Fixes FTBFS on alpha. (Closes: #792551)
+ - Fixes machined state tracking logic. (Closes: #788269)
+ * Add better fix for "systemctl link/enable" breakage with full paths.
+ (LP: #1480310)
+ * debian/rules: Add missing $(dh_options) in overridden debhelper targets.
+
+ [ Felipe Sateler ]
+ * Move conffile from systemd to systemd-container package (Closes: #797048)
+
+ [ Michael Biebl ]
+ * Drop unnecessary Conflicts/Replaces from systemd-journal-remote.
+ None of the files in this package were previously shipped by systemd.
+ * Create system users for systemd-journal-{gateway,remote,upload} when
+ installing the systemd-journal-remote package.
+ * Explicitly turn off the features we don't want in a stage1 build.
+ Otherwise ./configure might enable them automatically if the build
+ dependencies are installed and "dh_install --fail-missing" will then fail
+ due to uninstalled files.
+ * Enable GnuTLS support as systemd-journal-remote makes sense mostly with
+ encryption enabled.
+ * Rely on build profiles to determine which packages should be skipped
+ during build and no longer specify that manually.
+ * Drop our patch which removes rc-local-generator.
+ rc-local.service acts as an ordering barrier even if its condition is
+ false, because conditions are evaluated when the service is about to be
+ started, not when it is enqueued. We don't want this ordering barrier on
+ systems that don't need/use /etc/rc.local.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 30 Aug 2015 21:18:59 +0200
+
+systemd (224-2) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Skip systemd-fsckd autopkgtest if /run/initramfs/fsck-root exists, i. e.
+ the initramfs already ran fsck.
+ * Fix broken ACL in tmpfiles.d/systemd.conf. (Closes: #794645, LP: #1480552)
+ * Add debian/tests/unit-config: Test "systemctl link"; reproduces LP#1480310.
+ * Add a hack to unbreak "systemctl link". (LP: #1480310)
+ * debian/extra/rules-ubuntu/40-hyperv-hotadd.rules: Also apply to Xen, and
+ rename to 40-vm-hotadd.rules.
+ * Fix networkd crash. (Closes: #796358)
+ * debian/rules: Remove all files/empty dirs in systemd which are already
+ shipped by systemd-* or udev, instead of an explicit list.
+ * Bump "mount" dependency to >= 2.26, to ensure "swapon -o" availability.
+ (Closes: #796389)
+ * Install /lib/systemd/network/* into udev instead of systemd, as it's
+ really udev which is evaluating these.
+ * Split out "systemd-container" package with machined and nspawn and enable
+ importd. Add new libbz2-dev, zlib1g-dev, and libcurl-dev build deps.
+ (LP: #1448900)
+ * Move transitional libgcrypt11-dev build dep to libgcrypt20-dev.
+ * debian/rules: Limit check for libraries in /usr to systemd and udev
+ packages, as other packages like systemd-containers can (and do) link to
+ /usr.
+ * Build-depend on dpkg-dev (>= 1.17.14) and bump debhelper version for build
+ profiles support.
+ * Drop "display-managers" autopkgtest, obsolete with dropped
+ default-display-manager-generator.
+ * boot-and-services autopkgtest: Add systemd-container test dependency for
+ the nspawn tests.
+ * Don't enable audit support when building with "stage1" profile, to avoid
+ circular build dep.
+
+ [ Helmut Grohne ]
+ * Improve support for cross-building and bootstrapping.
+
+ [ Michael Biebl ]
+ * Drop default-display-manager-generator. All major desktops now use a
+ display manager which support the new scheme and setup the
+ /etc/systemd/system/display-manager.service symlink correctly.
+ * Add new binary package "systemd-journal-remote" with tools for
+ sending/receiving remote journal logs:
+ systemd-journal-{remote,upload,gatewayd}. (Closes: #742802, LP: #1480952)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 25 Aug 2015 12:40:35 +0200
+
+systemd (224-1) unstable; urgency=medium
+
+ * New upstream release.
+ * boot-and-services autopkgtest: Ignore thermald. Since 1.4.3-2 it starts by
+ default, but fails in most virtual envs.
+
+ -- Martin Pitt <mpitt@debian.org> Sat, 01 Aug 2015 13:38:57 +0200
+
+systemd (223-2) unstable; urgency=medium
+
+ * Don't enable gnu-efi on ARM. It FTBFSes and cannot really be tested now as
+ there is no available hardware.
+ * debian/extra/initramfs-tools/hooks/udev: Don't fail if
+ /etc/systemd/network/ does not exist. (Closes: #794050)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 30 Jul 2015 08:25:51 +0200
+
+systemd (223-1) unstable; urgency=medium
+
+ * New upstream release:
+ - Fix systemd-bootchart crash. (Closes: #792403)
+ - Trim list of files in /usr/share/doc/systemd/. (Closes: #791839)
+ - Fix "Invalid argument" failure with some journal files.
+ (Closes: #792090)
+ - tmpfiles: Don't recursively descend into journal directories in /var.
+ (Closes: #791897)
+ - Don't frequently wake up on disabled TimeoutIdleSec=, in particular in
+ automount timers. (LP: #1470845)
+ - tmpfiles: Don't delete lost+found/. (Closes: #788193)
+
+ [ Michael Biebl ]
+ * udev: Remove obsolete rm_conffile/mv_conffile functions from udev.preinst.
+ The udev package is using dpkg-maintscripts-helper now to remove obsolete
+ conffiles.
+ * systemd: Remove obsolete conffile clean up from pre-wheezy.
+ * udev-udeb: Remove scsi_wait_scan hack from the start-udev script as well.
+
+ [ Martin Pitt ]
+ * Enable GNU EFI support and add gnu-efi build dep. This enables/ships the
+ systemd EFI boot loader. (Closes: #787720, LP: #1472283)
+ * networkd autopkgtest: More robust/forceful killing of dnsmasq.
+ * ifup@.service: Drop "oneshot" to run ifup in the background during boot.
+ This avoids blocking network.target on boot with unavailable hotplug
+ interfaces in /etc/network/interfaces. (Closes: #790669, LP: #1425376)
+ * systemd.postinst: Avoid confusing error message about
+ /run/systemd/was-enabled not existing on reconfiguring.
+ * debian/extra/initramfs-tools/hooks/udev: Drop some redundant code.
+ * Fix networkd-wait-online -i to properly wait for the given interfaces
+ only.
+ * Drop debian/extra/base-installer.d/05udev: We use net.ifnames by default
+ now, thus we don't need to copy 70-persistent-*.rules any more.
+ * debian/extra/start-udev: Run d-i's udevd with "notice" log level, just
+ like we did in the initramfs in 219-10.
+ * Fix size explosion of networkd (post-223 patch from trunk).
+
+ [ Julian Wollrath ]
+ * Copy all .link interface naming definitions to initramfs. (Closes: #793374)
+
+ [ Felipe Sateler ]
+ * nss-my*.postinst: configure at the end of the hosts line, not before
+ files. (Closes: #789006)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 30 Jul 2015 00:02:26 +0200
+
+systemd (222-2) unstable; urgency=medium
+
+ [ Adam Conrad ]
+ * debian/udev-udeb.install: Install new bits for net.ifnames (LP: #1473542)
+ * debian/extra/initramfs-tools/hooks/udev: Do the same for initramfs-tools.
+
+ [ Martin Pitt ]
+ * emergency.service: Wait for plymouth to shut down. Fixes invisible
+ emergency shell with plymouth running endlessly. (LP: #1471258)
+ * Add "networkd" autopkgtest. Covers basic DHCP on IPv4 and IPv4+6 on a veth
+ device.
+
+ [ Michael Biebl ]
+ * Bump package priorities of systemd and systemd-sysv to important to match
+ what has been used in the Debian archive since Jessie.
+ * Drop scsi_wait_scan hack from the udev initramfs-tools script. This Linux
+ kernel module has been broken since 2.6.30 and as a result was removed in
+ 3.5. The Debian Jessie kernel no longer ships this module.
+ (Closes: #752775)
+ * Drop libsystemd-journald-dev and libsystemd-id128-dev. There are no
+ reverse dependencies left and we want to avoid new packages picking up
+ a build dependency on those obsolete transitional packages.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 15 Jul 2015 23:51:15 +0200
+
+systemd (222-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Fix reload killing BusName= units. (Closes: #746151)
+ - sysv-generator: detect invalid names and escape them. (Closes: #677075)
+ - Document removal of PIDFile on daemon shutdown. (Closes: #734006)
+ - Drop Revert-rules-fix-tests-for-removable-state.patch, the auto-suspend
+ rules now got dropped entirely.
+ * Add Revert-VT-reuse-patches.patch: Revert a couple of logind VT reuse
+ patches which alternately broke lightdm and gdm.
+ * debian/libsystemd0.symbols: Add new symbols from this release.
+ * Disable test-netlink during package build, fails on some buildds.
+ * udev.postinst: Don't call addgroup with --quiet, so that if the "input"
+ group already exists as a non-system group you get a sensible error
+ message. Some broken tutorials forget the --system option.
+ (Closes: #769948, LP: #1455956)
+ * systemd.postinst: Drop the --quiet from the addgroup calls as well, same
+ reason as above. (Closes: #762275)
+ * udev: Drop doc dir symlinking. It has caused too much trouble and only
+ marginally helps to avoid duplication. Such duplication should be dealt
+ with at the distro, not package level.
+ * debian/rules: Entirely ignore $LD_PRELOAD instead of just libfakeroot in
+ the link check, to also avoid libeatmydata. (Closes: #790546)
+ * boot-and-services, display-managers autopkgtests: Install and configure
+ dummy X.org driver, so that these work in headless machines/VMs.
+ * systemd-fsckd autopkgtest: Stop using/asserting on lightdm, just check
+ that default.target is active. lightdm is prone to fail in test
+ environments, and fiddling with it in two other autopkgtests is
+ sufficient.
+ * debian/watch: Adjust to new upstream release model of only providing the
+ github tag tarballs.
+ * Drop dsl-modem.agent. It hasn't been maintained/tested for many years, few
+ if any people actually use this, and this doesn't belong into udev.
+
+ [ Michael Biebl ]
+ * Stop building the Python 3 bindings. They were split into a separate
+ source package upstream and are now built from src:python-systemd. See
+ http://lists.freedesktop.org/archives/systemd-devel/2015-July/033443.html
+ * Remove obsolete --disable-chkconfig configure option.
+ * Move the man pages for libnss-myhostname, libnss-mymachines and udev.conf
+ from systemd into the correct package. Move the zsh completion file for
+ udevadm into the udev package as well. Add Breaks/Replaces accordingly.
+ (Closes: #790879)
+ * Drop rules which remove pre-generated files before build. The upstream
+ tarball no longer ships any pre-generated files so this is no longer
+ necessary.
+ * Fix cleanup rule for Python byte code files.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 08 Jul 2015 18:56:07 +0200
+
+systemd (221-1) unstable; urgency=medium
+
+ * New upstream release 221:
+ - Fix persistent storage links for Xen devices. (LP: #1467151)
+ - Drop all backported patches and port the others to new upstream release.
+ - debian/rules: Drop workarounds for broken 220 tarball, 221 is fine.
+
+ [ Michael Biebl ]
+ * initramfs hook: Stop installing 55-dm.rules, 64-md-raid.rules,
+ 60-persistent-storage-lvm.rules and 60-persistent-storage-dm.rules.
+ The mdadm, lvm2 and dmsetup package provide their own udev hooks nowadays
+ to make sure their udev rules files are installed into the initramfs.
+ Having the copy rules at two places is confusing and makes debugging
+ harder.
+ * Make it possible to skip building udeb packages via
+ DEB_BUILD_OPTIONS="noudeb". This allows quicker builds for local testing
+ and is benefical for derivatives that don't use d-i.
+ * Install API documentation for libudev and libsystemd in their respective
+ packages. Both libraries use man pages now, so we need to be explicit
+ about what is installed where.
+
+ [ Martin Pitt ]
+ * ifupdown-hotplug autopkgtest: Different cloud/desktop environments have
+ different ways of including /etc/network/interfaces.d/, try to get along
+ wit either and skip the test if interfaces.d/ does not get included at
+ all.
+ * Drop obsolete gtk-doc-tools build dependency, gtkdocize autoreconfig, and
+ ./configure options.
+ * libudev-dev.install: Drop gtk-doc files, not built by upstream any more
+ and replaced with manpages.
+ * libsystemd0.symbols: Add new symbols for this release.
+ * debian/rules: Fix paths in manpages as we don't currently have a merged
+ /usr in Debian but have most systemd things in /lib. This replaces the
+ previous huge and maintenance-intense patch.
+ * Drop Accept-mountall-specific-fstab-options.patch. Replaced with
+ systemd.postinst migration code in Ubuntu.
+ * Revert overly aggressive USB autosuspend udev rules change which broke
+ various USB keyboards. (Closes: #789723)
+ * Have rc-local.service output also go to the console. /etc/rc.local often
+ contains status messages which users expect to see during boot.
+ (LP: #1468102)
+ * debian/rules: Install udev.NEWS into libudev1, to get along with Debian's
+ udev -> libudev1 doc dir symlinking. (Closes: #790042)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 28 Jun 2015 12:05:36 +0200
+
+systemd (220-7) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Enable seccomp support on arm64 as well.
+ * Replace the remainder of Fix-paths-in-man-pages.patch with an upstream
+ provided patch.
+
+ [ Martin Pitt ]
+ * Switch to net.ifnames persistent network interfaces (on new
+ installations/for new hardware), and deprecate the old
+ 75-persistent-net-generator.rules. See the ML discussion for details:
+ https://lists.debian.org/debian-devel/2015/05/msg00170.html
+ https://lists.debian.org/debian-devel/2015/06/msg00018.html
+ - Drop Make-net.ifnames-opt-in-instead-of-opt-out.patch, to use
+ net.ifnames by default.
+ - Revert-udev-network-device-renaming-immediately-give.patch: Adjust
+ patch comment.
+ - Drop 75-persistent-net-generator.rules, write_net_rules helper and
+ rule_generator.functions.
+ - Adjust udev's README.Debian accordingly, and describe the migration.
+ This needs to happen manually as there is no robust way of doing this
+ automatically.
+ - Add udev NEWS file for announcing this change and pointing to udev's
+ README.
+ - udev.postinst: Drop write_interfaces_rules().
+ - udev.postinst: Disable net.ifnames on systems which did not support
+ 75-persistent-net-generator.rules (most importantly, virtualized guests)
+ to avoid changing network interface names on upgrade.
+ - LP: #1454254
+ * fsckd-daemon-for-inter-fsckd-communication.patch: Add fsckd.c to
+ POTFILES.in.
+ * ifupdown-hotplug autopkgtest: Fix config name in interfaces.d/, it must
+ not have a suffix in Debian. Also clean up the file after the test.
+ * net.agent: When running under systemd, run everything in the foreground.
+ This avoids killing the forked child in the middle of its operation under
+ systemd when the parent exits.
+ * Check during build that systemd and systemd-journald don't link against
+ anything in /usr, to prevent bugs like #771652 and #788913 in the future.
+ * Drop Skip-99-systemd.rules-when-not-running-systemd-as-in.patch. The rules
+ mostly just attach tags systemd specific properties which are harmless
+ under other init systems, and systemd-sysctl also works there.
+ * 80-networking.rules: Only call agents for add|remove, as they don't handle
+ other events.
+ * Restore udev watches on block device changes. (Closes: #789060,
+ LP: #1466081)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 17 Jun 2015 22:48:53 +0200
+
+systemd (220-6) unstable; urgency=medium
+
+ * Enable seccomp support on the architectures that provide libseccomp.
+ (Closes: #760299)
+ * boot-and-services autopkgtest: Add SeccompTest for the above.
+ * boot-and-services autopkgtest: Check that we don't get an unwanted
+ tmp.mount unless /etc/fstab explicitly specifies it.
+ * Bump libcap-dev build dep to the version that provides libcap2-udeb.
+ (Closes: #787542)
+ * Stop installing tmp.mount by default; there are still situations where it
+ becomes active through dependencies from other units, which is surprising,
+ hides existing data in /tmp during runtime, and it isn't safe to have a
+ tmpfs /tmp on every install scenario. (Closes: #783509)
+ - d/rules: Ship tmp.mount in /usr/share/systemd/ instead of
+ /lib/systemd/systemd.
+ - systemd.postinst: When tmp.mount already was enabled, install tmp.mount
+ into /etc and keep it enabled.
+ - systemd.postinst: When enabling tmp.mount because of RAMTMP=yes, copy it
+ from /usr/share.
+ - Drop Don-t-mount-tmp-as-tmpfs-by-default.patch and
+ PrivateTmp-shouldn-t-require-tmpfs.patch, not necessary any more.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 11 Jun 2015 09:25:49 +0200
+
+systemd (220-5) unstable; urgency=medium
+
+ * debian/README.source: Upstream repository moved to github, adjust
+ cherry-picking instructions accordingly.
+ * debian/control: Replace obsolete Python2 version header with
+ X-Python3-Version.
+ * dracut: Fix path to systemd-fsck. (Closes: #787553)
+ * Ignore test failures during build if /etc/machine-id is missing (which is
+ the case in a few buildd chroots still). (Closes: #787258)
+ * debian/udev.README.Debian: Move network interface hotplug documentation
+ into separate section. Point out that "lo" does not need to be configured
+ in ifupdown under systemd.
+ * debian/udev.README.Debian: Document net.ifnames, and how to write udev
+ rules for custom network names.
+ * Add debian/extra/01-mac-for-usb.link: Use MAC based names for network
+ interfaces which are (directly or indirectly) on USB. Path based names
+ are inadequate for dynamic buses like USB.
+ * Fix another escape parsing regression in Exec*= lines. (Closes: #787256)
+ * Disable EFI support for udeb build.
+ * Refine detection of touch screen devices.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 07 Jun 2015 16:52:33 +0200
+
+systemd (220-4) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/extra/initramfs-tools/scripts/init-top/udev: Drop $ROOTDELAY wait.
+ This does not concern udev in particular, but is handled by
+ initramfs-tools itself (scripts/local). The intention of this parameter is
+ not to statically wait for the given time, but wait *up to* that time for
+ the root device to appear.
+ * Add debian/extra/units/rc-local.service.d/wait-online.conf: Make
+ rc-local.service wait for network-online.target (if it gets started). This
+ not specified by LSB, but has been behaving that way in Debian under SysV
+ init and upstart. (LP: #1451797)
+ * Fix parsing of escape characters in Exec*= lines. (Closes: #787256)
+ * Drop path_is_mount_point-handle-false-positive-on-some-fs.patch (it was
+ already not applied in 220-1). This needs to be re-thought and re-done
+ against the current code, and overlayfs in general. On overlayfs this
+ still reports false positives for files that changed in the upperdir, but
+ this does not break systemd-machine-id-commit any more.
+ * Add debian/extra/rules/80-debian-compat.rules, replacing three of our
+ patches. These are independent udev rules to change device permissions and
+ add CD/DVD symlinks for compatibility with earlier Debian releases.
+
+ [ Michael Biebl ]
+ * Bump Depends on util-linux to make sure we have a sulogin implementation
+ which properly cleans up its children when emergency.service is restarted.
+ (Closes: #784238)
+ * Stop using /sbin/udevd and drop the compat symlink.
+ * Remove any vestiges of /dev/.udev/. This directory has been replaced by
+ /run/udev/ since wheezy.
+ * Drop udev migration code from pre-wheezy.
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 02 Jun 2015 08:16:36 +0200
+
+systemd (220-3) unstable; urgency=medium
+
+ * Fix ProtectSystem=yes to actually protect /usr, not /home.
+ (Closes: #787343)
+ * sd-device: fix device_get_properties_strv(). Fixes environment for
+ processes spawned by udev, in particular "allow-hoplug" ifupdown
+ interfaces via ifup@.service. (Closes: #787263)
+ * Ignore test failures on mipsel; the three failures are not reproducible on
+ the porter box (different kernel?). (See #787258)
+ * Add ifupdown-hotplug autopkgtest. Reproduces #787263.
+ * udev: Bring back persistent storage symlinks for bcache. Thanks David
+ Mohr! (Closes: #787367)
+ * sd-device: Fix invalid property strv pointers. This unbreaks the
+ environment of udev callouts.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 01 Jun 2015 12:58:20 +0200
+
+systemd (220-2) unstable; urgency=low
+
+ * 220-1 was meant to go to experimental, but was accidentally uploaded to
+ unstable. This was planned for next week anyway, just not on a Friday;
+ we don't revert, but keep an RC bug open for a few days to get broader
+ testing. Reupload 220-1 with its changelog actually pointing to unstable
+ and with all versions in the .changes.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 29 May 2015 18:54:09 +0200
+
+systemd (220-1) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Ship sdio.ids and ids-update.pl in upstream tarball. (Closes: #780650)
+ - Drop non-working "journalctl /dev/sda" example from manpage
+ (Closes: #781604)
+ - man systemd.network: Explain UseDomains a bit more (not used by
+ default). (Closes: #766413)
+ - Ignore comments in /etc/hostname (LP: #1053048)
+ - Drop all backported patches and port the others to new upstream release.
+ * Cherry-pick patch to fix udevd --daemon assertion regression.
+ * Cherry-pick patch to fix udevd worker hang.
+ * systemd.install: systemd.pc moved back into /usr/share/pkgconfig/.
+ * libsystemd0.symbols: Add new symbols from this release.
+ * Drop debian/extra/60-keyboard.hwdb for now. Upstream has a newer version,
+ and it's not nearly as often updated any more as it used to be.
+ * debian/rules: Remove shipped audit_type-to-name.h and
+ keyboard-keys-from-name.gperf and regenerate them during build (bug in
+ upstream 220 tarball).
+ * autopkgtest: Ship/use mock fsck from debian/tests, as it's missing in the
+ 220 tarball.
+ * Add libnss-mymachines binary package. (Closes: #784858)
+ * Add libnss-myhostname binary package, taking over from the very old and
+ unmaintained standalone source package as per its maintainer's request.
+ (Closes: #760514)
+ * Drop buildsys-Don-t-default-to-gold-as-the-linker.patch and set LD in
+ debian/rules on sparc only. This can be dropped entirely once we build
+ GUdev from a separate source.
+ * bootchart autopkgtest: Skip test if /proc/schedstat does not exist, i. e.
+ the kernel is missing CONFIG_SCHEDSTAT. Bootchart requires this.
+ * systemd-fsckd autopkgtest: On Debian plymouth-start stays running, adjust
+ was_running() for that.
+ * systemd-fsckd autopkgtest: In test_systemd_fsck_with_plymouth_failure(),
+ fix plymouthd status check to work under both Debian and Ubuntu.
+ * Replace almost all of Fix-paths-in-man-pages.patch with upstreamed
+ patches. (The remainder is planned to get fixed upstream as well.)
+ * Remove our update-rc.d patches, replace them with upstream patches for
+ /lib/systemd/systemd-sysv-install abstraction, and provide one for
+ update-rc.d. Also implement "is-enabled" command by directly checking for
+ the presence of rcS or rc5 symlinks. (Closes: #760616)
+ * Fix path_is_mount_point for files (regression in 220).
+ * debian/control: Drop obsolete XS-Testsuite:, dpkg adds it automatically.
+ * Use Ubuntu's default NTP server for timesyncd when building on Ubuntu.
+
+ [ Michael Biebl ]
+ * Remove /var/run and /var/lock migration code from debian-fixup. The /run
+ migration was completed in wheezy so this is no longer necessary.
+ * Drop our versioned Depends on initscripts. This was initially added for
+ the /run migration and later to ensure we have a mountnfs hook which
+ doesn't cause a deadlock under systemd. The /run migration was completed
+ in wheezy and jessie ships a fixed mountnfs hook. In addition we now use
+ the ignore-dependencies job mode in our lsb init-functions hook, so it's
+ safe to drop this dependency.
+ * Stop building gudev packages. Upstream has moved the gudev code into a
+ separate repository which is now managed on gnome.org. The gudev packages
+ will be built from src:libgudev from now on. See also
+ http://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 29 May 2015 10:37:40 +0200
+
+systemd (219-10) experimental; urgency=medium
+
+ * Fix assertion crash with empty Exec*= paths. (LP: #1454173)
+ * Drop Avoid-reload-and-re-start-requests-during-early-boot.patch
+ and Avoid-reloading-services-when-shutting-down.patch: This was fixed more
+ robustly in invoke-rc.d and service now, see #777113.
+ * debian/tests/boot-smoke: Allow 10 seconds for systemd jobs to settle down.
+ * Fix "tentative" state of devices which are not in /dev (mostly in
+ containers), and avoid overzealous cleanup unmounting of mounts from them.
+ (LP: #1444402)
+ * debian/extra/udev-helpers/net.agent: Eliminate cat and most grep calls.
+ * Drop Set-default-polling-interval-on-removable-devices-as.patch; it's long
+ obsolete, CD ejection with the hardware button works properly without it.
+ * Re-enable-journal-forwarding-to-syslog.patch: Update patch description,
+ journal.conf.d/ exists now.
+ * journal: Gracefully handle failure to bind to audit socket, which is known
+ to fail in namespaces (containers) with current kernels. Also
+ conditionalize systemd-journald-audit.socket on CAP_AUDIT_READ.
+ (LP: #1457054)
+ * Put back *.agent scripts and use net.agent in Ubuntu. This fixes escaping
+ of unit names, reduces the delta, and will make it easier to get a common
+ solution for integrating ifup.d/ scripts with networkd.
+ * When booting with "quiet", run the initramfs' udevd with "notice" log
+ level. (LP: #1432171)
+ * Add sigpwr-container-shutdown.service: Power off when receiving SIGPWR in
+ a container. This makes lxc-stop work for systemd containers.
+ (LP: #1457321)
+ * write_net_rules: Escape '{' and '}' characters as well, to make this work
+ with busybox grep. Thanks Faidon Liambotis! (Closes: #765577)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 21 May 2015 09:43:52 +0200
+
+systemd (219-9) experimental; urgency=medium
+
+ * 75-persistent-net-generator.rules: Fix rules for ibmveth (it's a driver,
+ not a subsystem). (LP: #1437375)
+ * debian/tests/unit-config: Add tests for systemctl enable/disable on a
+ SysV-only unit. Reproduces LP #1447807.
+ * Fix systemctl enable for SysV scripts without a native unit. We must not
+ try and enable the nonexisting unit then. (LP: #1447807)
+ * Drop Add-env-variable-for-machine-ID-path.patch. systemd should always
+ be installed via the essential "init" in buildd schroots now.
+ * debian/README.source: Update git-buildpackage commands for the renames in
+ 0.6.24.
+ * Make apparmor run before networking, to ensure that profiles apply to
+ e. g. dhclient (LP: #1438249):
+ - Rename networking.service.d/network-pre.conf to systemd.conf, and add
+ After=apparmor.service.
+ - ifup@.service: Add After=apparmor.service.
+ - Add Breaks: on apparmor << 2.9.2-1, which dropped its dependency to
+ $remote_fs.
+ * Drop login-don-t-overmount-run-user-UID-on-upgrades.patch and
+ login-don-t-overmount-run-user-UID-on-upgrades.patch, these were only
+ needed for upgrades from wheezy to jessie.
+ * systemd.{pre,post}inst: Clean up obsolete (pre-wheezy/jessie) upgrade
+ fixes.
+ * systemd-fsckd autopkgtest: Stop assuming that
+ /etc/default/grub.d/90-autopkgtest.cfg exists.
+ * systemd-fsckd autopkgtest: Add missing plymouth test dependency.
+ * Drop core-mount-ensure-that-we-parse-proc-self-mountinfo.patch, and bump
+ util-linux dependency to the version which enables
+ --enable-libmount-force-mountinfo.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 13 May 2015 12:27:21 +0200
+
+systemd (219-8) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * Skip filesystem check if already done by the initramfs. (Closes: #782522)
+ * Drop hard-coded versioned dependency on libapparmor1. Bump the
+ Build-Depends on libapparmor-dev instead. This ensures a proper versioned
+ dependency via Build-Depends-Package.
+ * Revert "Make apparmor run before networking". This causes dependency
+ cycles while apparmor still depends on $remote_fs.
+ * Cleanup hwclock-save.service symlinks when upgrading from the jessie
+ version.
+
+ [ Martin Pitt ]
+ * cryptsetup: Implement offset and skip options. (Closes: #751707,
+ LP: #953875)
+ * logind autopkgtest: Add test for suspending on lid switch close.
+ This reproduces LP #1444166 (lid switch not working in the first few
+ minutes after boot).
+ * Reduce the initial suspend supression time from 3 minutes to 30 seconds,
+ and make it configurable. (LP: #1444166)
+ * Fix double free crash in "systemctl enable" when calling update-rc.d and
+ the latter fails. (Closes: #764613, LP: #1426588)
+ * hwdb: Fix wireless switch on Dell Latitude (LP: #1441849)
+ * Fix assertion crash when reading a service file with missing ' and
+ trailing space. (LP: #1447243)
+ * ifup@.service: Set IgnoreOnIsolate, so that "systemctl default" does not
+ shut down network interfaces. (Closes: #762953, LP: #1449380).
+ Add PartOf=network.target, so that stopping network.target also stops
+ network interfaces (so that isolating emergency.target and similar work as
+ before).
+ * Revert upstream commit 743970d which immediately SIGKILLs units during
+ shutdown. This leads to problems like bash not being able to write its
+ history, mosh not saving its state, and similar failed cleanup actions.
+ (Closes: #784720, LP: #1448259)
+ * Drop the reversion of "journald: allow restarting journald without losing
+ stream connections", and replace with proper upstream fix for
+ sd_pid_notify_with_fds(). (See Debian #778970, LP #1423811; LP: #1437896)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 29 Apr 2015 17:13:41 +0200
+
+systemd (219-7) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * Make systemd-sysv's dependency to systemd unversioned. The package just
+ contains 6 symlinks and thus isn't sensitive at all against version
+ mismatches. This avoids running into circular dependencies when testing
+ local debs.
+ * Revert "udev: Drop hwdb-update dependency" and replace with upstream patch
+ which moves it to systemd-udev-trigger.service.
+ * display-managers autopkgtest: Properly wait until all jobs are finished.
+ * display-managers autopkgtest: Reset failed units between tests, to avoid
+ running into restart limits and for better test isolation.
+ * Enable timesyncd in virtual machines. (Closes: #762343)
+
+ [ Adam Conrad ]
+ * debian/systemd.{triggers,postinst}: Trigger a systemctl daemon-reload
+ when init scripts are installed or removed (Closes: #766429)
+
+ [ Didier Roche ]
+ * Squash all fsckd patches in one (as fsckd and such will be removed
+ soon upstream), containing various fixes from upstream git and refactor
+ the connection flow to upstream's suggestion. Modify the man pages to match
+ those modifications as well. Amongst others, this suppresses "Couldn't
+ connect to plymouth" errors if plymouth is not running.
+ (Closes: #782265, LP: #1429171)
+ * Keep plymouth localized messages in a separate patch for easier updates in
+ the future and refresh to latest upstream.
+ * display-managers autopkgtest: Use ExecStart=sleep instead of the actual
+ lightdm binary, to avoid errors from lightdm startup. Drop the now
+ unnecessary "needs-recommends" to speed up the test.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 10 Apr 2015 11:08:33 +0200
+
+systemd (219-6) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * Import patches from v219-stable branch (up to 85a6fab).
+ * boot-and-services autopkgtest: Add missing python3 test dependency.
+ * Make apparmor run before networking, to ensure that profiles apply to
+ e. g. dhclient (LP: #1438249):
+ - Rename networking.service.d/network-pre.conf to systemd.conf, and add
+ After=apparmor.service.
+ - ifup@.service: Add After=apparmor.service.
+ * udev: Drop hwdb-update dependency, which got introduced by the above
+ v219-stable branch. This causes udev and plymouth to start too late and
+ isn't really needed in Debian yet as we don't support stateless systems
+ yet and handle hwdb.bin updates through dpkg triggers. (LP: #1439301)
+
+ [ Didier Roche ]
+ * Fix mount point detection on overlayfs and similar file systems without
+ name_to_handle_at() and st_dev support. (LP: #1411140)
+
+ [ Christian Seiler ]
+ * Make the journald to syslog forwarding more robust by increasing the
+ maximum datagram queue length from 10 to 512. (Closes: #762700)
+
+ [ Marco d'Itri ]
+ * Avoid writing duplicate entries in 70-persistent-net.rules by double
+ checking if the new udev rule has already been written for the given
+ interface. This happens if multiple add events are generated before the
+ write_net_rules script returns and udevd renames the interface.
+ (Closes: #765577)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 02 Apr 2015 09:14:48 +0200
+
+systemd (219-5) experimental; urgency=medium
+
+ [ Didier Roche ]
+ * Add "systemd-fsckd" autopkgtest. (LP: #1427312)
+ * cmdline-upstart-boot autopkgtest: Update to Ubuntu's upstart-sysv split
+ (test gets skipped on Debian while upstart-sysv does not yet exist there).
+ * Cherry-pick a couple of upstream commits for adding transient state,
+ fixing a race where mounts become available before the device being
+ available.
+ * Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds
+ an After relationship. (Closes: #779902)
+
+ [ Martin Pitt ]
+ * journald: Suppress expected cases of "Failed to set file attributes"
+ errors. (LP: #1427899)
+ * Add systemd-sysv.postinst: Update grub on first installation, so that the
+ alternative init system boot entries get updated.
+ * debian/tests: Call /tmp/autopkgtest-reboot, to work with autopkgtest >=
+ 3.11.1.
+ * Check for correct architecture identifiers for SuperH. (Closes: #779710)
+ * Fix tmpfiles.d to only apply the first match again (regression in 219).
+ (LP: #1428540)
+ * /lib/lsb/init-functions.d/40-systemd: Don't ignore systemd unit
+ dependencies in "degraded" mode. (LP: #1429734)
+
+ [ Michael Biebl ]
+ * debian/udev.init: Recognize '!' flag with static device lists, to work
+ with kmod 20. (Closes: #780263)
+
+ [ Craig Magina ]
+ * rules-ubuntu/71-power-switch-proliant.rules: Add support for HP ProLiant
+ m400 Server Cartridge soft powerdown on Linux 3.16. (LP: #1428811)
+
+ [ Scott Wakeling ]
+ * Rework package description to be more accurate. (Closes: #740372)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 26 Mar 2015 16:31:04 +0100
+
+systemd (219-4) experimental; urgency=medium
+
+ * tmpfiles: Avoid creating duplicate ACL entries. Add postinst code to clean
+ them up on upgrade. (Closes: #778656)
+ * bootchart: Fix path to default init. (LP: #1423867)
+ * Add "bootchart" autopkgtest, to spot regressions like the above.
+ * autopkgtests: Factorize out "assert.sh" utility functions, and use them in
+ the tests for useful failure messages.
+ * Downgrade requirement for timedated, hostnamed, localed-locale, and
+ logind autopkgtests from machine to container isolation.
+ * boot-and-services and display-manager autopkgtest: Add systemd-sysv as
+ proper test dependency instead of apt-get installing it. This works now
+ also under Ubuntu 15.04.
+ * boot-and-services autopkgtest: Check cleanup of temporary files during
+ boot. Reproduces #779169.
+ * Clean up /tmp/ directory again. (Closes: #779169, LP: #1424992)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 27 Feb 2015 07:02:09 +0100
+
+systemd (219-3) experimental; urgency=medium
+
+ * sysv-generator: fix wrong "Overwriting existing symlink" warnings.
+ (Closes: #778700)
+ * Add systemd-fsckd multiplexer and feed its output to plymouth. This
+ provides an aggregate progress report of running file system checks and
+ also allows cancelling them with ^C, in both text mode and Plymouth.
+ (Closes: #775093, #758902; LP: #1316796)
+ * Revert "journald: allow restarting journald without losing stream
+ connections". This was a new feature in 219, but currently causes boot
+ failures due to logind and other services not starting up properly.
+ (Closes: #778970; LP: #1423811)
+ * Add "boot-smoke" autopkgtest: Test 20 successful reboots in a row, and
+ that there are no connection timeouts or stalled jobs. This reproduces the
+ above regression.
+ * debian/tests/localed-locale: Set up locale and keyboard default files on a
+ minimal unconfigured testbed.
+ * Add missing python3 test dependency to cmdline-upstart-boot and
+ display-managers autopkgtests.
+ * debian/tests/boot-and-services: Skip AppArmor test if AppArmor is not
+ enabled.
+ * debian/tests/boot-and-services: Reboot also if lightdm was just installed
+ but isn't running yet.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 23 Feb 2015 09:52:12 +0100
+
+systemd (219-2) experimental; urgency=medium
+
+ * Fix UTF-16 to UTF-8 conversion on big-endian machines. (Closes: #778654)
+ * Disable new new test-sigbus, it fails on some buildds due to too old
+ kernels. (part of #778654)
+ * debian/README.Debian, debian/systemd.postinst: Drop setfacl call for
+ /var/log/journal, this is now done automatically by tmpfiles.d/systemd.conf.
+ * Drop "acl" dependency, not necessary any more with the above.
+ * debian/tests/boot-and-services: Move to using /var/lib/machines/,
+ /var/lib/containers is deprecated.
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 18 Feb 2015 15:29:42 +0100
+
+systemd (219-1) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release:
+ - Fix spelling mistake in systemd.unit(5). (Closes: #773302)
+ - Fix timeouts with D-Bus, leading to SIGFPE. (Closes: #774012)
+ - Fix load/save of multiple rfkill states. (Closes: #759489)
+ - Non-persistent journal (/run/log/journal) is now readable by group adm.
+ (Closes: #771980)
+ - Read netdev user mount option to correctly order network mounts after
+ network.target. (Closes: #769186)
+ - Fix 60-keyboard.hwdb documentation and whitespace handling.
+ (Closes: #757367)
+ - Fix ThinkPad X1 Carbon 20BT trackpad buttons (LP: #1414930)
+ - Drop all backported patches and port the others to new upstream release.
+ * Bump libblkid-dev build dependency as per upstream configure.ac.
+ * debian/systemd.install: Add new language-fallback-map file.
+ * debian/udev.install: Add new systemd-hwdb tool.
+ * debian/libsystemd0.symbols: Add new symbols from this release.
+ * tmpfiles.d/systemd.conf: Drop "wheel" ACL (that group does not exist in
+ Debian) to make the ACL for "adm" actually work.
+ * debian/rules: Explicitly disable importd for now; it should still mature a
+ bit. Explicitly enable hwdb support.
+ * /lib/lsb/init-functions.d/40-systemd: Call systemctl is-system-running
+ with --quiet. (LP: #1421058)
+ * debian/systemd.postrm: Clean getty@tty1.service and remote-fs.target
+ enablement symlinks on purge. (Closes: #778499)
+ * Move all Debian specific units in the systemd package into
+ debian/extra/units/ and simplify debian/systemd.install.
+ * Enable timesyncd by default. Add a config drop-in to not start if ntp,
+ openntpd, or chrony is installed. (Closes: #755722)
+ * debian/systemd.links: Drop obsolete hwclockfirst.service mask link, this
+ was dropped in wheezy's util-linux already.
+ * debian/udev.postinst: Call systemd-hwdb instead of udevadm hwdb.
+
+ [ Michael Biebl ]
+ * Stop removing firstboot man pages. They are now installed conditionally.
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 17 Feb 2015 15:51:38 +0100
+
+systemd (218-10) experimental; urgency=medium
+
+ * Pull latest keymaps from upstream git. (LP: #1334968, #1409721)
+ * rules: Fix by-path of mmc RPMB partitions and don't blkid them. Avoids
+ kernel buffer I/O errors and timeouts. (LP: #1333140)
+ * Clean up stale mounts when ejecting CD drives with the hardware eject
+ button. (LP: #1168742)
+ * Document systemctl --failed option. (Closes: #767267)
+ * Quiesce confusing and irrelevant "failed to reset devices.list" warning.
+ (LP: #1413193)
+ * When booting with systemd-bootchart, default to run systemd rather than
+ /sbin/init (which might not be systemd). (LP: #1417059)
+ * boot-and-services autopkgtest: Add CgroupsTest to check cgroup
+ creation/cleanup behaviour. This reproduces #777601 and verifies the fix
+ for it.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 13 Feb 2015 12:25:06 +0100
+
+systemd (218-9) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/tests/logind: With dropped systemd-logind-launch we don't have a
+ visible /sys/fs/cgroup/systemd/ any more under cgmanager. So adjust the
+ test to check /proc/self/cgroup instead.
+ * Add unit-config autopkgtest to check systemd unit/sysv init enabling and
+ disabling via systemctl. This also reproduces #777613.
+ * systemctl: Always install/enable/disable native units, even if there is a
+ corresponding SysV script and we call update-rc.d; while the latter
+ handles WantedBy=, it does not handle Alias=. (Closes: #777613)
+ * cgroup: Don't trim cgroup trees created by someone else, just the ones
+ that systemd itself created. This avoids cleaning up empty cgroups from
+ e.g. LXC. (Closes: #777601)
+ * Don't parse /etc/mtab for current mounts, but /proc/self/mountinfo. If the
+ former is a file, it's most likely outdated on boot, leading to race
+ conditions and unmounts during boot. (LP: #1419623)
+
+ [ Michael Biebl ]
+ * Explicitly disable the features we don't want to build for those with
+ autodetection. This ensures reliable build results in dirty build
+ environments.
+ * Disable AppArmor support in the udeb build.
+ * core: Don't fail to run services in --user instances if $HOME is missing.
+ (Closes: #759320)
+
+ [ Didier Roche ]
+ * default-display-manager-generator: Avoid unnecessary /dev/null symlink and
+ warning if there is no display-manager.service unit.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 12 Feb 2015 18:45:12 +0100
+
+systemd (218-8) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * boot-and-services autopkgtest: Ensure that there are no failed units,
+ except possibly systemd-modules-load.service (as that notoriously fails
+ with cruft in /etc/modules).
+ * Revert "input" system group creation in systemd.postinst from 218-7. It's
+ already done in udev.postinst.
+ * ifup@.service: Revert checking for existance of ifupdown config for that
+ interface, net.agent already does that.
+ * Drop Also-redirect-to-update-rc.d-when-not-using-.service.patch; not
+ necessary any more with the current version (mangle_names() already takes
+ care of this).
+ * Merge into Add-support-for-rcS.d-init-scripts-to-the-sysv-gener.patch:
+ - Do-not-order-rcS.d-services-after-local-fs.target-if.patch, as it
+ partially reverts the above, and is just fixing it.
+ - Map-rcS.d-init-script-dependencies-to-their-systemd-.patch as it's just
+ adding some missing functionality for the same purpose.
+ * Merge Run-update-rc.d-defaults-before-update-rc.d-enable-d.patch into
+ Make-systemctl-enable-disable-call-update-rc.d-for-s.patch as the former
+ is fixing the latter and is not an independent change.
+ * Drop Launch-logind-via-a-shell-wrapper.patch and systemd-logind-launch
+ wrapper. The only remaining thing that we need from it is to create
+ /run/systemd/, move that into the D-BUS service file directly.
+ * /lib/lsb/init-functions.d/40-systemd: Avoid deadlocks during bootup and
+ shutdown. DHCP/ifupdown and similar hooks which call "/etc/init.d/foo
+ reload" can easily cause deadlocks, since the synchronous wait plus
+ systemd's normal behaviour of transactionally processing all dependencies
+ first easily causes dependency loops. Thus during boot/shutdown operate
+ only on the unit and not on its dependencies, just like SysV behaves.
+ (Closes: #777115, LP: #1417010)
+ * Only start logind if dbus is installed. This fixes the noisy startup
+ failure in environments without dbus, such as LXC containers or servers.
+ (part of #772700)
+ * Add getty-static.service unit which starts getty@.service on tty 2 to 6 if
+ dbus is not installed, and hence logind cannot auto-start them on demand.
+ (Closes: #772700)
+
+ [ Michael Biebl ]
+ * Update insserv-generator and map $x-display-manager to
+ display-manager.service, following the recent change in sysv-generator.
+ This avoids creating references to a no longer existing
+ x-display-manager.target unit.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 09 Feb 2015 18:07:22 +0100
+
+systemd (218-7) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * Don't attempt to mount the same swap partition twice through different
+ device node aliases. (Closes: #772182, LP: #1399595)
+ * logind: handle closing sessions over daemon restarts. (Closes: #759515,
+ LP: #1415104)
+ * logind: Fix sd_eviocrevoke ioctl call, to make forced input device release
+ after log out actually work.
+ * debian/rules: Drop obsolete --disable-multi-seat-x and
+ --with-firmware-path configure options.
+ * debian/udev.README.Debian: Trim the parts which are obsolete, wrong, or
+ described in manpages. Only keep the Debian specific bits.
+ (Part of #776546)
+ * Actually install udev's README.Debian when building for Debian.
+ (Closes: #776546)
+ * Create system group "input" which was introduced in 215. (LP: #1414409)
+ * ifup@.service: Don't fail if the interface is not configured in
+ /etc/network/interfaces at all. (LP: #1414426)
+
+ [ Michael Biebl ]
+ * Update Vcs-Browser URL to use cgit and https.
+ * Map $x-display-manager LSB facility to display-manager.service instead of
+ making it a target. Using a target had the downside that multiple display
+ managers could hook into it at the same time which could lead to several
+ failed start attempts for the non-default display manager.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 01 Feb 2015 20:48:49 +0100
+
+systemd (218-6) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * initramfs hook: Install 61-persistent-storage-android.rules if it exists.
+ * Generate POT file during package build, for translators.
+ * Pull latest keymaps from upstream git.
+ * Order ifup@.service and networking.service after network-pre.target.
+ (Closes: #766938)
+ * Tone down "Network interface NamePolicy= disabled on kernel commandline,
+ ignoring" info message to debug, as we expect this while we disable
+ net.ifnames by default. (Closes: #762101, LP: #1411992)
+
+ [ Michael Biebl ]
+ * Ship bash-completion for udevadm. (Closes: #776166)
+ * Drop rc-local generator in favor of statically enabling rc-local.service,
+ and drop halt-local.service which is unnecessary on Debian.
+ (Closes: #776170)
+ * Drop the obsolete libsystemd-* libraries, there are no reverse
+ dependencies left.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 26 Jan 2015 15:45:45 +0100
+
+systemd (218-5) experimental; urgency=medium
+
+ * Drop logger.agent. It hasn't been called from any udev rule for a long
+ time, and looks obsolete.
+ * debian/rules: Configure with --disable-firstboot to replace some manual
+ file removals.
+ * debian/rules: Remove manual file installation, move them to
+ debian/*.install. Move all Debian specific installed files to
+ debian/extra/.
+ * Merge some changes from the Ubuntu package to reduce the delta; these only
+ apply when building on/for Ubuntu:
+ - Add 40-hyperv-hotadd.rules: Workaround for LP: #1233466.
+ - Add 61-persistent-storage-android.rules to create persistent symlinks
+ for partitions with PARTNAME. By Ricardo Salveti.
+ - Add 71-power-switch-proliant.rules for supporting the power switches of
+ ProLiant Server Cartridges. By Dann Frazier.
+ - Add 78-graphics-card.rules: Mark KMS capable graphics devices as
+ PRIMARY_DEVICE_FOR_DISPLAY so that we can wait for those in plymouth.
+ By Scott James Remnant.
+ - Don't install the Debian *.agent scripts. Instead, have Ubuntu's
+ 80-networking.rules directly pull in ifup@.service, which is much easier
+ and more efficient.
+ * Make EPERM/EACCESS when applying OOM adjustment for forked processes
+ non-fatal. This happens in user namespaces like unprivileged LXC
+ containers.
+ * Fix assertion failure due to /dev/urandom being unmounted when shutting
+ down unprivileged containers. Thanks Stéphane Graber.
+ * Enable EFI support. This mostly auto-mounts /sys/firmware/efi/efivars, but
+ also provides a generator for auto-detecting the root and the /boot/efi
+ partition if they aren't in /etc/fstab. (Closes: #773533)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 22 Jan 2015 16:13:46 +0100
+
+systemd (218-4) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * sysv-generator: handle Provides: for non-virtual facility names.
+ (Closes: #774335)
+ * Fix systemd-remount-fs.service to not fail on remounting /usr if /usr
+ isn't mounted yet. This happens with initramfs-tools < 0.118 which we
+ might not get into Jessie any more. (Closes: #742048)
+
+ [ Martin Pitt ]
+ * fstab-generator: Handle mountall's non-standard "nobootwait" and
+ "optional" options. ("bootwait" is already the systemd default behaviour,
+ and "showthrough" is irrelevant here, so both can be ignored).
+ * Add autopkgtest for one-time boot with upstart when systemd-sysv is
+ installed. This test only works under Ubuntu which has a split out
+ upstart-bin package, and will be skipped under Debian.
+ * debian/ifup@.service: Check if ifup succeeds by calling ifquery, to
+ work around ifup not failing on invalid interfaces (see #773539)
+ * debian/ifup@.service: Set proper service type (oneshot).
+ * sysv-generator: Handle .sh suffixes when translating Provides:.
+ (Closes: #775889)
+ * sysv-generator: Make real units overwrite symlinks generated by Provides:
+ from other units. Fixes failures due to presence of backup or old init.d
+ scripts. (Closes: #775404)
+ * Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN.
+ (Closes: #775067)
+ * Re-enable AppArmor support, now that libapparmor1 moved to /lib. Add
+ versioned dependency as long as this is still only in experimental.
+ (Closes: #775331)
+ * Add some missing dpkg and ucf temp files to the "hidden file" filter, to
+ e. g. avoid creating units for them through the sysv-generator.
+ (Closes: #775903)
+ * Silence useless warning about /etc/localtime not being a symlink. This is
+ deliberate in Debian with /usr (possibly) being on a separate partition.
+ (LP: #1409594)
+
+ [ Christian Kastner ]
+ * Use common-session-noninteractive in systemd-user's PAM config, instead of
+ common-session. The latter can include PAM modules like libpam-mount which
+ expect to be called just once and/or interactively, which already happens
+ for login, ssh, or the display-manager. Add pam_systemd.so explicitly, as
+ it's not included in -noninteractive, but is always required (and
+ idempotent). There is no net change on systemd which don't use manually
+ installed PAM modules. (Closes: #739676)
+
+ [ Michael Biebl ]
+ * Make sure we run debian-fixup.service after /var has been mounted if /var
+ is on a separate partition. Otherwise we might end up creating the
+ /var/lock and /var/run symlink in the underlying root filesystem.
+ (Closes: #768644)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 21 Jan 2015 15:57:50 +0100
+
+systemd (218-3) experimental; urgency=medium
+
+ * build-logind autopkgtest: Re-enforce that sd_login_monitor_new() succeeds,
+ and restrict this test to isolation-container. (Reproduces LP #1400203)
+ * Bring back patch to make sd_login_monitor_new() work under other init
+ systems where /sys/fs/cgroup/systemd/machine does not exist.
+ (LP: #1400203)
+ * build-login autopkgtest: Build against libsystemd, not libsystemd-login
+ any more.
+ * Add debian/extra/systemd-vconsole-setup.service dependency shim for
+ the console-setup init script, to avoid breaking dependencies of
+ third-party packages. Install it for Ubuntu only for now, as in Debian
+ plymouth's unit got adjusted. (LP: #1392970, Debian #755194)
+ * Mark systemd{,-sysv} as M-A: foreign (thanks lintian).
+ * Quiesce maintainer-script-calls-systemctl lintian warning.
+ * Quiesce possibly-insecure-handling-of-tmp-files lintian warning, it's
+ wrong there (we are handling tmpfiles.d/ files which are not in a temp
+ dir).
+ * Use dh_installinit's --noscript instead of --no-start for the upstart
+ jobs without sysvinit scripts (thanks lintian).
+ * Put systemd.pc into arch specific pkgconfig dir, as it contains the arch
+ specific libdir value.
+ * Don't enable audit by default. It causes flooding of dmesg and syslog,
+ suppressing actually important messages. (Closes: #773528)
+ * Cherrypick various bug fixes in loopback device setup and netlink socket
+ communication. Fixes massive CPU usage due to tight retry loops in user
+ LXC containers.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 29 Dec 2014 14:55:35 +0100
+
+systemd (218-2) experimental; urgency=medium
+
+ * boot-and-services AppArmor autopkgtest: Stop checking the dmesg log; it is
+ racy as sometimes message bursts are suppressed.
+ * Fix crash in timedatectl with Etc/UTC.
+ * Prefer-etc-X11-default-display-manager-if-present.patch: Drop wrong
+ copy&paste'd comment, fix log strings. Thanks Adam D. Barratt.
+ * boot-and-services: Robustify Nspawn tests, and show systemd-nspawn output
+ on failure.
+ * Disable tests which fail on buildds, presumably due to too old kernels,
+ misconfigured /etc/hosts, and similar problems. Make failures of the test
+ suite fatal now.
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 16 Dec 2014 08:24:38 +0100
+
+systemd (218-1) experimental; urgency=medium
+
+ * New upstream release. Drop all cherry-picked patches and port the Debian
+ specific ones.
+ - Create /etc/machine-id on boot if missing. (LP: #1387090)
+ * Add new libmount-dev build dependency.
+ * Configure with --enable-split-usr.
+ * Merge some permanent Ubuntu changes, using dpkg-vendor:
+ - Don't symlink udev doc directories.
+ - Add epoch to gudev packages; Ubuntu packaged the standalone gudev before
+ it got merged into udev.
+ - Add Apport hooks for udev and systemd.
+ * udev-fallback-graphics upstart job: Guard the modprobe with || true to
+ avoid a failure when vesafb is compiled in. (LP: #1367241)
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 14 Dec 2014 13:58:39 +0100
+
+systemd (217-4) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * Reinstate a debian/extra/rules/50-firmware.rules which immediately tells
+ the kernel that userspace firmware loading failed. Otherwise it tries for a
+ minute to call the userspace helper (if CONFIG_FW_LOADER_USER_HELPER is
+ enabled) in vain, which causes long delays with devices which have a range
+ of possible firmware versions. (LP: #1398458)
+ * debian/systemd.postinst: Don't always restart journald, as this currently
+ can't be done without losing the current journal and breaking attached
+ processes. So only restart it from upgrades < 215-3 (where the socket
+ location got moved) as an one-time upgrade path from wheezy.
+ (Closes: #771122)
+ * Revert "Modify insserv generator to mask sysvinit-only display managers".
+ This is still under dispute, a bit risky, and might get a different
+ implementation. Also, nodm really needs to be fixed properly, working
+ around it is both too risky and also too hard to get right.
+
+ [ Didier Roche ]
+ * Add display managers autopkgtests.
+ * Reset display-manager symlink to match /e/X/d-d-m even if
+ display-manager.service was removed. Adapt the autopkgtests for it.
+ (LP: #1400680)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 11 Dec 2014 18:06:54 +0200
+
+systemd (217-3) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * systemd.bug-script: Really capture stderr of systemd-delta.
+ (Closes: #771498)
+ * boot-and-services autopkgtest: Give test apparmor job some time to
+ actually finish.
+
+ [ Didier Roche ]
+ * updated debian/patches/insserv.conf-generator.patch:
+ - if /etc/X11/default-display-manager doesn't match a systemd unit
+ (or doesn't exist), be less agressive about what to mask: we let
+ all sysvinit-only display-manager units enabled to fallback to previous
+ behavior and let them starting. (Closes: #771739)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 02 Dec 2014 16:53:36 +0100
+
+systemd (217-2) experimental; urgency=medium
+
+ * Re-enable journal forwarding to syslog, until Debian's sysloggers
+ can/do all read from the journal directly.
+ * Fix hostnamectl exit code on success.
+ * Fix "diff failed with error code 1" spew with systemd-delta.
+ (Closes: #771397)
+ * Re-enable systemd-resolved. This wasn't meant to break the entire
+ networkd, just disable the new NSS module. Remove that one manually
+ instead. (Closes: #771423, LP: #1397361)
+ * Import v217-stable patches (up to commit bfb4c47 from 2014-11-07).
+ * Disable AppArmor again. This first requires moving libapparmor to /lib
+ (see #771667). (Closes: #771652)
+ * systemd.bug-script: Capture stderr of systemd-{delta,analyze}.
+ (Closes: #771498)
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 01 Dec 2014 15:09:09 +0100
+
+systemd (217-1) experimental; urgency=medium
+
+ [ Martin Pitt ]
+ * New upstream release. Drop all cherry-picked patches and port the Debian
+ specific ones.
+ * Disable systemd-resolved for now. It still needs to mature, and
+ integration into Debian should be discussed first.
+ * Bump util-linux dependency to >= 2.25 as per NEWS.
+ * Drop installation of 50-firmware.rules, not shipped upstream any more.
+ Firmware loading is now exclusively done by the kernel.
+ * Drop installation of readahead related services and code, readahead got
+ dropped in this version.
+ * Ship new networkctl CLI tool.
+ * debian/libsystemd0.symbols: Add new symbols from this release.
+ * debian/rules: Call dpkg-gensymbols with -c4 to immediately spot
+ changed/missing symbols during build.
+ * boot-and-services autopkgtest: Test AppArmor confined units (LP #1396270)
+ * Create new "systemd-journal-remote" system group, for
+ systemd-tmpfiles-setup.service.
+
+ [ Marc Deslauriers ]
+ * Build-depend on libapparmor-dev to enable AppArmor support. (LP: #1396270)
+
+ [ Didier Roche ]
+ * Handle display-manager transitions: (Closes: #748668)
+ - Add a generator to ensure /etc/X11/default-display-manager is controlling
+ which display-manager is started.
+ - Modify insserv generator to mask of sysvinit-only dms with insserv
+ $x-display-manager tag if they don't match
+ /etc/X11/default-display-manager. This avoids starting multiple dms at
+ boot.
+ * Cherry-pick Shared-add-readlink_value.patch as using that function in the
+ generator.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 28 Nov 2014 10:53:58 +0100
+
+systemd (215-18) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * manager: Pass correct errno to strerror(), have_ask_password contains
+ negative error values which have to be negated when being passed to
+ strerror().
+
+ [ Martin Pitt ]
+ * Revert upstream commit 743970d which immediately SIGKILLs units during
+ shutdown. This leads to problems like bash not being able to write its
+ history, mosh not saving its state, and similar failed cleanup actions.
+ (Closes: #784720, LP: #1448259)
+ * write_net_rules: Escape '{' and '}' characters as well, to make this work
+ with busybox grep. Thanks Faidon Liambotis! (Closes: #765577)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 21 May 2015 15:49:30 +0200
+
+systemd (215-17) unstable; urgency=high
+
+ * cryptsetup: Implement offset and skip options. (Closes: #751707,
+ LP: #953875)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 16 Apr 2015 10:26:46 -0500
+
+systemd (215-16) unstable; urgency=medium
+
+ [ Christian Seiler ]
+ * Don't run hwclock-save.service in containers. (Closes: #782377)
+
+ [ Michael Biebl ]
+ * Do not print anything while passwords are being queried. This should make
+ password prompts without plymouth more usable. (Closes: #765013)
+ * Skip filesystem check if already done by the initramfs. (Closes: #782522)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 13 Apr 2015 19:42:32 +0200
+
+systemd (215-15) unstable; urgency=medium
+
+ [ Adam Conrad ]
+ * debian/systemd.{triggers,postinst}: Trigger a systemctl daemon-reload
+ when init scripts are installed or removed (Closes: #766429)
+
+ [ Martin Pitt ]
+ * Fix getty restart loop when PTS device is gone. (Closes: #780711)
+ * Run timesyncd in virtual machines. (Closes: #762343)
+ * Make logind work in environments without CAP_SYS_ADMIN (mostly
+ containers). Thanks Christian Seiler for the backporting!
+ (Closes: #778608)
+ * Check for correct signatures when setting properties. Fixes systemd
+ getting stuck on trying to set invalid property types. (Closes: #781602)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 09 Apr 2015 10:12:37 +0200
+
+systemd (215-14) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Map $x-display-manager LSB facility to display-manager.service instead of
+ making it a target. Using a target had the downside that multiple display
+ managers could hook into it at the same time which could lead to several
+ failed start attempts for the non-default display manager.
+ * Update insserv-generator and map $x-display-manager to
+ display-manager.service, following the recent change in sysv-generator.
+ This avoids creating references to a no longer existing
+ x-display-manager.target unit.
+ * Cherry-pick upstream fix to increase the SendBuffer of /dev/log to 8M.
+
+ [ Martin Pitt ]
+ * scope: Make attachment of initial PIDs more robust. Fixes crash with
+ processes that get started by an init.d script with a different (aliased)
+ name when the cgroup becomes empty. (Closes: #781210)
+ * boot-and-services, display-managers autopkgtests: Add missing python3 test
+ dependency.
+ * Don't attempt to mount the same swap partition twice through different
+ device node aliases. (Closes: #772182, LP: #1399595)
+
+ [ Christian Seiler ]
+ * Make the journald to syslog forwarding more robust by increasing the
+ maximum datagram queue length from 10 to 512. (Closes: #762700)
+
+ [ Marco d'Itri ]
+ * Avoid writing duplicate entries in 70-persistent-net.rules by double
+ checking if the new udev rule has already been written for the given
+ interface. This happens if multiple add events are generated before the
+ write_net_rules script returns and udevd renames the interface.
+ (Closes: #765577)
+
+ -- Michael Biebl <biebl@debian.org> Mon, 30 Mar 2015 13:26:52 +0200
+
+systemd (215-13) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Add hwclock-save.service to sync the system clock to the hardware clock on
+ shutdown, to provide monotonic time for reboots. (Note: this is a hack for
+ jessie; the next Debian release will enable timesyncd by default).
+ (Closes: #755722)
+ * Check for correct architecture identifiers for SuperH. (Closes: #779710)
+ * networkd: Fix stopping v4 dhcpclient when the carrier is lost. Thanks
+ Christos Trochalakis! (Closes: #779571)
+ * Fix segfault with units that depend on themselves. (Closes: #780675)
+ * tmpfiles-setup-dev: Call tmpfiles with --boot to allow unsafe device
+ creation. Fixes creation of static device nodes with kmod 20.
+ (Closes: #780263)
+
+ [ Christian Seiler ]
+ * core: Don't migrate PIDs for units that may contain subcgroups.
+ This stops messing up lxc/libvirt/other custom cgroup layouts after
+ daemon-reload. (Closes: #777164)
+ * sysv-generator: add support for /etc/insserv/overrides. (Closes: #759001)
+
+ [ Michael Biebl ]
+ * debian/udev.init: Recognize '!' flag with static device lists, to work
+ with kmod 20. (Closes: #780263)
+
+ [ Didier Roche ]
+ * Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds
+ an After relationship. (Closes: #779902)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 26 Mar 2015 14:23:35 +0100
+
+systemd (215-12) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * debian/udev.README.Debian: Trim the parts which are obsolete, wrong, or
+ described in manpages. Only keep the Debian specific bits.
+ (Part of #776546)
+ * Actually install udev's README.Debian when building for Debian.
+ (Closes: #776546)
+ * Only start logind if dbus is installed. This fixes the noisy startup
+ failure in environments without dbus such as LXC containers or servers.
+ (part of #772700)
+ * Add getty-static.service unit which starts getty@.service on tty 2 to 6 if
+ dbus is not installed, and hence logind cannot auto-start them on demand.
+ (Closes: #772700)
+ * Add unit-config autopkgtest to check systemd unit/sysv init enabling and
+ disabling via systemctl. This avoids bugs like #777613 (did not affect
+ unstable).
+ * cgroup: Don't trim cgroup trees created by someone else, just the ones
+ that systemd itself created. This avoids cleaning up empty cgroups from
+ e.g. LXC. (Closes: #777601)
+ * boot-and-services autopkgtest: Add CgroupsTest to check cgroup
+ creation/cleanup behaviour. This reproduces #777601 and verifies the fix
+ for it.
+ * rules: Fix by-path of mmc RPMB partitions and don't blkid them. Avoids
+ kernel buffer I/O errors and timeouts. (LP: #1333140)
+ * Document systemctl --failed option. (Closes: #767267)
+
+ [ Michael Biebl ]
+ * core: Don't fail to run services in --user instances if $HOME is missing.
+ (Closes: #759320)
+
+ [ Didier Roche ]
+ * default-display-manager-generator: Avoid unnecessary /dev/null symlink and
+ warning if there is no display-manager.service unit.
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 13 Feb 2015 12:08:31 +0100
+
+systemd (215-11) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * escape-beef-up-new-systemd-escape-tool.patch: Avoid creating a dangling
+ symlink, to work around regression in recent patch (see #776257).
+ * Order ifup@.service and networking.service after network-pre.target.
+ (Closes: #766938)
+ * Tone down "Network interface NamePolicy= disabled on kernel commandline,
+ ignoring" info message to debug, as we expect this while we disable
+ net.ifnames by default. (Closes: #762101, LP: #1411992)
+ * logind: handle closing sessions over daemon restarts. (Closes: #759515,
+ LP: #1415104)
+ * logind: Fix sd_eviocrevoke ioctl call, to make forced input device release
+ after log out actually work.
+ * debian/patches/series: Move upstreamed patches into the appropriate
+ section.
+
+ [ Michael Biebl ]
+ * Make sure we run debian-fixup.service after /var has been mounted if /var
+ is on a separate partition. Otherwise we might end up creating the
+ /var/lock and /var/run symlink in the underlying root filesystem.
+ (Closes: #768644)
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 29 Jan 2015 09:01:54 +0100
+
+systemd (215-10) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * sysv-generator: Handle .sh suffixes when translating Provides:.
+ (Closes: #775889)
+ * sysv-generator: Make real units overwrite symlinks generated by Provides:
+ from other units. Fixes failures due to presence of backup or old init.d
+ scripts. (Closes: #775404)
+ * Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN.
+ (Closes: #775067)
+
+ [ Christian Kastner ]
+ * Use common-session-noninteractive in systemd-user's PAM config, instead of
+ common-session. The latter can include PAM modules like libpam-mount which
+ expect to be called just once and/or interactively, which already happens
+ for login, ssh, or the display-manager. Add pam_systemd.so explicitly, as
+ it's not included in -noninteractive, but is always required (and
+ idempotent). There is no net change on systemd which don't use manually
+ installed PAM modules. (Closes: #739676)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 21 Jan 2015 13:18:05 +0100
+
+systemd (215-9) unstable; urgency=medium
+
+ [ Didier Roche ]
+ * Add display managers autopkgtests.
+ * Reset display-manager symlink to match /e/X/d-d-m even if
+ display-manager.service was removed. Adapt the autopkgtests for it.
+
+ [ Martin Pitt ]
+ * Prefer-etc-X11-default-display-manager-if-present.patch: Drop wrong
+ copy&paste'd comment, fix log strings. Thanks Adam D. Barratt.
+ * Log all members of cyclic dependencies (loops) even with quiet on the
+ kernel cmdline. (Closes: #770504)
+ * Don't auto-clean PrivateTmp dir in /var/tmp; in Debian we don't want to
+ clean /var/tmp/ automatically. (Closes: #773313)
+
+ [ Michael Biebl ]
+ * sysv-generator: handle Provides: for non-virtual facility names.
+ (Closes: #774335)
+ * Fix systemd-remount-fs.service to not fail on remounting /usr if /usr
+ isn't mounted yet. This happens with initramfs-tools < 0.118 which we
+ might not get into Jessie any more. (Closes: #742048)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 13 Jan 2015 11:24:43 +0100
+
+systemd (215-8) unstable; urgency=medium
+
+ [ Didier Roche ]
+ * Cherry-pick shared-add-readlink_value.patch, we will use that function in
+ the generator.
+ * Cherry-pick util-allow-strappenda-to-take-any-number-of-args.patch, we
+ will use that function in the generator.
+ * Handle multiple display managers which don't ship a systemd unit or the
+ corresponding postinst logic for updating display-manager.service: Add a
+ generator to ensure /etc/X11/default-display-manager is controlling which
+ display-manager is started. (Closes: #771287)
+
+ [ Sjoerd Simons ]
+ * d/p/core-Fix-bind-error-message.patch:
+ + Added. Fix error message on bind failure to print the full path
+ * d/p/core-Make-binding-notify-private-dbus-socket-more-ro.patch:
+ + Added. Be more robust when binding private unix sockets (Based on current
+ upstream logic) (Closes: #761306)
+
+ [ Martin Pitt ]
+ * Clean up ...journal~ files from unclean shutdowns. (Closes: #771707)
+ * debian/systemd.postinst: Don't always restart journald, as this currently
+ can't be done without losing the current journal and breaking attached
+ processes. So only restart it from upgrades < 215-3 (where the socket
+ location got moved) as an one-time upgrade path from wheezy.
+ (Closes: #771122)
+ * journalctl: Fix help text for --until. (Closes: #766598)
+ * Bump systemd's udev dependency to >= 208-8, so that on partial upgrades we
+ make sure that the udev package has appropriate Breaks:. In particular,
+ this avoids installing current udev with kmod << 14. (Closes: #771726)
+
+ [ Michael Biebl ]
+ * systemd.postinst: Move unit enablement after restarting systemd, so that
+ we don't fail to enable units with keywords that wheezy's systemd does not
+ understand yet. Fixes enabling getty units on wheezy upgrades with
+ systemd. (Closes: #771204)
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 05 Dec 2014 10:01:24 +0100
+
+systemd (215-7) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Add myself to Uploaders.
+ * Add boot-and-services autopkgtest: Check booting with systemd-sysv and
+ that the most crucial services behave as expected.
+ * logind autopkgtest: Fix stderr output in waiting loop for scsi_debug.
+ * Add nspawn test to boot-and-services autopkgtest.
+ * Make systemd-nspawn@.service work out of the box: (Closes: #770275)
+ - Pre-create /var/lib/container with a secure mode (0700) via tmpfiles.d.
+ - Add new try-{guest,host} modes for --link-journal to silently skip
+ setting up the guest journal if the host has no persistent journal.
+ - Extend boot-and-services autopkgtest to cover systemd-nspawn@.service.
+ * Cherry-pick upstream patch to fix SELinux unit access check (regression
+ in 215).
+ * sysv-generator: Avoid wrong dependencies for failing units. Thanks to
+ Michael Biebl for the patch! (Closes: #771118)
+ * Cherry-pick patches to recognize and respect the "discard" mount option
+ for swap devices. Thanks to Aurelien Jarno for finding and testing!
+ (Closes: #769734)
+
+ [ Jon Severinsson]
+ * Add /run/shm -> /dev/shm symlink in debian/tmpfiles.d/debian.conf. This
+ avoids breakage in Jessie for packages which still refer to /run/shm, and
+ while https://wiki.debian.org/ReleaseGoals/RunDirectory is still official.
+ (LP: #1320534, Closes: #674755).
+
+ -- Martin Pitt <mpitt@debian.org> Fri, 28 Nov 2014 06:43:15 +0100
+
+systemd (215-6) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Cherry-pick upstream patch to fix udev crash in link_config_get().
+ * Cherry-pick upstream patch to fix tests in limited schroot environments.
+ * Add d/p/Add-env-variable-for-machine-ID-path.patch: Allow specifying an
+ alternate /etc/machine-id location. This is necessary for running tests
+ as long as it isn't in our base images (see Debian #745876)
+ * Run tests during package build. For the first round don't make them fatal
+ for now (that will happen once we see results from all the architectures).
+ * Drop our Check-for-kmod-binary.patch as the upstream patch
+ units-conditionalize-static-device-node-logic-on-CAP.patch supersedes it.
+ * Drop Use-comment-systemd.-syntax-in-systemd.mount-man-pag.patch, as
+ our util-linux is now recent enough. Bump dependency to >= 2.21.
+ * Adjust timedated and hostnamed autopkgtests to current upstream version.
+ * Replace our Debian hwdb.bin location patch with what got committed
+ upstream. Run hwdb update with the new --usr option to keep current
+ behaviour.
+ * debian/README.Debian: Document how to debug boot or shutdown problems with
+ the debug shell. (Closes: #766039)
+ * Skip-99-systemd.rules-when-not-running-systemd-as-in.patch: Call path_id
+ under all init systems, to get consistent ID_PATH attributes. This is
+ required so that tools like systemd-rfkill can be used with SysVinit or
+ upstart scripts, too. (LP: #1387282)
+ * Switch libpam-systemd dependencies to prefer systemd-shim over
+ systemd-sysv, to implement the CTTE decision #746578. This is a no-op on
+ systems which already have systemd-sysv installed, but will prevent
+ installing that on upgrades. (Closes: #769747)
+ * Remove Tollef from Uploaders: as per his request. Thanks Tollef for all
+ you work!
+ * net.agent: Properly close stdout/err FDs, to avoid long hangs during udev
+ settle. Thanks to Ben Hutchings! (Closes: #754987)
+ * Bump Standards-Version to 3.9.6 (no changes necessary).
+
+ [ Didier Roche ]
+ * debian/ifup@.service: add a ConditionPath on /run/network, to avoid
+ failing the unit if /etc/init.d/networking is disabled. (Closes: #769528)
+
+ -- Martin Pitt <mpitt@debian.org> Tue, 18 Nov 2014 12:37:22 +0100
+
+systemd (215-5) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Unblacklist hyperv_fb again, it is needed for graphical support on Hyper-V
+ platforms. Thanks Andy Whitcroft! (LP: #1359933)
+ * Bump systemd-shim Depends/Breaks to 8-2 to ensure a lockstep upgrade.
+ (Closes: #761947)
+
+ [ Sjoerd Simons ]
+ * d/p/sd-bus-Accept-no-sender-as-the-destination-field.patch
+ + Fix compatibility between systemctl v215 and v208. Resolves issue when
+ reloads of services is requested before systemd is re-execed
+ (Closes: #762146)
+
+ [ Michael Biebl ]
+ * Don't overmount existing /run/user/<UID> directories with a per-user tmpfs
+ on upgrades. (Closes: #762041)
+ * Re-enable mount propagation for udevd. This avoids that broken software
+ like laptop-mode-tools, which runs mount from within udev rules, causes
+ the root file system to end up read-only. (Closes: #762018)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 27 Sep 2014 17:49:47 +0200
+
+systemd (215-4) unstable; urgency=medium
+
+ * Upload to unstable.
+
+ -- Michael Biebl <biebl@debian.org> Mon, 15 Sep 2014 17:38:30 +0200
+
+systemd (215-3) experimental; urgency=medium
+
+ [ Ben Howard ]
+ * 75-persistent-net-generator.rules: Fix matches of HyperV. (LP: #1361272)
+
+ [ Martin Pitt ]
+ * 75-persistent-net-generator.rules: Add new MS Azure MAC prefix 00:25:ae.
+ (LP: #1367883)
+
+ [ Michael Biebl ]
+ * Update upstream v215-stable patch series.
+ * The /dev/log socket and /dev/initctl FIFO have been moved to /run and
+ replaced by symlinks. Create the symlinks manually on upgrades as well.
+ (Closes: #761340)
+ * Fix incorrect paths in man pages. (LP: #1357782, Closes: #717491)
+ * Make systemd recommend dbus so it is installed on upgrades. The dbus
+ system bus is required to run systemd-logind and the autovt feature relies
+ on logind. (Closes: #758111)
+ * Bump dependency on systemd-shim to (>= 7-2) to ensure we have a version
+ which supports systemd >= 209.
+ * Rework bug-script to be more upfront about what kind of data is gathered
+ and ask the user for permission before attaching the information to the
+ bug report. (Closes: #756248)
+
+ [ Sjoerd Simons ]
+ * d/p/buildsys-Don-t-default-to-gold-as-the-linker.patch
+ + Don't explicitly pick gold as the default linker. Fixes FTBFS on sparc
+ (Closes: #760879)
+
+ -- Sjoerd Simons <sjoerd@debian.org> Sun, 14 Sep 2014 20:14:49 +0200
+
+systemd (215-2) experimental; urgency=medium
+
+ * debian/patches/always-check-for-__BYTE_ORDER-__BIG_ENDIAN-when-chec.patch
+ + Added. Fix checking of system endianness. Fixes FTBFS on powerpc
+ * debian/patches/timesyncd-when-we-don-t-know-anything-about-the-netw.patch:
+ + Let timesyncd go online even if networkd isn't running (from upstream
+ git) (Closes: #760087)
+ * debian/rules: add systemd-update-utmp-runlevel.service to
+ {poweroff, rescue, multi-user, graphical, reboot}.target.wants to trigger
+ the runlevel target to be loaded
+
+ -- Sjoerd Simons <sjoerd@debian.org> Sun, 07 Sep 2014 23:46:02 +0200
+
+systemd (215-1) experimental; urgency=medium
+
+ * New upstream release.
+ * Import upstream v215-stable patch series.
+ * Rebase remaining Debian patches on top of v215-stable.
+ * Drop our Debian-specific run-user.mount unit as upstream now creates a
+ per-user tmpfs via logind.
+ * Don't rely on new mount from experimental for now and re-add the patch
+ which updates the documentation accordingly.
+ * Cherry-pick upstream fix to use correct versions for the new symbols that
+ were introduced in libudev.
+ * Update symbols files
+ - Add two new symbols for libudev1.
+ - Remove private symbol from libgudev-1.0-0. This symbol was never part of
+ the public API and not used anywhere so we don't need a soname bump.
+ * Cherry-pick upstream commit to not install busname units if kdbus support
+ is disabled.
+ * Make /run/lock tmpfs an API fs so it is available during early boot.
+ (Closes: #751392)
+ * Install new systemd-path and systemd-escape binaries.
+ * Cherry-pick upstream commit which fixes the references to the systemctl
+ man page. (Closes: #760613)
+ * Use the new systemd-escape utility to properly escape the network
+ interface name when starting an ifup@.service instance for hotplugged
+ network interfaces. Make sure a recent enough systemd version is installed
+ by bumping the versioned Breaks accordingly. (Closes: #747044)
+ * Order ifup@.service after networking.service so we don't need to setup the
+ runtime directory ourselves and we have a defined point during boot when
+ hotplugged network interfaces are started.
+ * Disable factory-reset feature and remove files associated with it. This
+ feature needs more integration work first before it can be enabled in
+ Debian.
+ * Cherry-pick upstream commit to fix ProtectSystem=full and make the
+ ProtectSystem= option consider /bin, /sbin, /lib and /lib64 (if it exists)
+ on Debian systems. (Closes: #759689)
+ * Use adduser in quiet mode when creating the system users/groups to avoid
+ warning messages about the missing home directories. Those are created
+ dynamically during runtime. (Closes: #759175)
+ * Set the gecos field when creating the system users.
+ * Add systemd-bus-proxy system user so systemd-bus-proxyd can properly drop
+ its privileges.
+ * Re-exec systemd and restart services at the end of postinst.
+ * Cherry-pick upstream commit for sd-journal to properly convert
+ object->size on big endian which fixes a crash in journalctl --list-boots.
+ (Closes: #758392)
+
+ -- Michael Biebl <biebl@debian.org> Sun, 07 Sep 2014 09:58:48 +0200
+
+systemd (214-1) experimental; urgency=medium
+
+ * New upstream release v214.
+ (Closes: #750793, #749268, #747939)
+
+ [ Jon Severinsson ]
+ * Import upstream v214-stable patch series.
+ - Rebase remaining Debian patches on top of v214-stable.
+ - Drop modifications to the now-removed built-in sysvinit support.
+ * Install the new combined libsystemd0 library, this library combines all
+ functionality of the various libsystemd-* libraries.
+ - Deprecate the old libsystemd-* libraries as they've been bundled into
+ libsystemd0. The old -dev files now just carry a transitional .pc file.
+ - Add new symbols file for libsystemd0.
+ * Update symbols file for libgudev-1.0-0.
+ * Remove pre-generated rules and unit files in debian/rules clean target.
+ * Add new systemd service users in systemd postinst (systemd-timesync,
+ systemd-network, systemd-resolve)
+ * Add new system group "input" used by udev rules in udev postinst.
+ * Try-restart networkd, resolved, and timesyncd after an upgrade.
+ * Do not force-enable default-on services on every upgrade.
+ * Add support for rcS.d init scripts to the sysv-generator.
+ - Do not order rcS.d services after local-fs.target if they do not
+ explicitly depend on $local_fs.
+ - Map rcS.d init script dependencies to their systemd equivalent.
+ - Special-case some dependencies for sysv init scripts for better
+ backwards compatibility. (Closes: #726027, #738965).
+ * Add systemd depends on new mount. (Closes: #754411)
+ * Update /run/initctl symlink target in debian/tmpfiles.d/debian.conf.
+ * Remove stored backlog state, rfkill state, random-seed and clock
+ information from /var/lib/systemd on systemd purge.
+
+ [ Sjoerd Simons ]
+ * debian/patches/shared-include-stdbool.h-in-mkdir.h.patch
+ + Added. Include stdbool before using bool in function prototypes. Fixes
+ build of the insserv generator
+ * Add python-lxml to build-depends for python-systemd
+ * Turn on parallel build support
+ * Install the new busctl binary and translations
+ * Explicitly disable microhttp so the package build doesn't fail if the
+ required dependencies for it happen to be installed.
+ * debian/control: Make udev break plymouth (<< 0.9.0-7) as older plymouths
+ assume udev implementation details that have changed slightly since v213
+ * debian/control: Remove b-d on librwap0-dev
+ * debian/control: Bump libkmod-dev b-d to >= 15
+ * debian/rules: Drop outdated --enable-tcpwrap
+ * debian/rules: Explicitly turn off rfkill, networkd, timesyncd and resolved
+ for the udeb build
+ * debian/rules: Use the debian ntp pool as default ntp servers
+ * debian/rules: explicitely configure the maximum system uid/gids instead of
+ relying on autodetection
+
+ -- Sjoerd Simons <sjoerd@debian.org> Sun, 24 Aug 2014 14:54:27 +0200
+
+systemd (208-8) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Fix duplicate line in copyright. (Closes: #756899)
+ * Drop --disable-xattr configure option for udeb, does not exist any more.
+ * Add Turkish debconf translations. Thanks Mert Dirik! (Closes: #757498)
+ * Backport fix for lazy session-activation on non-seat0 seats.
+ (LP: #1355331)
+
+ [ Michael Biebl ]
+ * Use "kmod static-nodes --output=/proc/self/fd/1" in make_static_nodes() as
+ we can't rely on /dev/stdout to exist at this point during boot.
+ (Closes: #757830)
+ * Fix udev SysV init script and d-i start script to not write to
+ /sys/kernel/uevent_helper unconditionally to not fail on a kernel with
+ CONFIG_UEVENT_HELPER unset. (Closes: #756312)
+ * Add Breaks: kmod (<< 14) to udev to make sure we have a kmod version
+ supporting the static-nodes command.
+ * Add Breaks: systemd (<< 208) to udev to avoid partial upgrades. Newer udev
+ versions rely on kmod-static-nodes.service being provided by systemd.
+ (Closes: #757777)
+ * Updated upstream v208-stable patch series to 53b1b6c.
+ * Cherry-pick upstream fix to ignore temporary dpkg files. (Closes: #757302)
+ * Make emergency.service conflict with rescue.service.
+ Otherwise if rescue mode is selected during boot and the emergency mode
+ is triggered (e.g. via a broken fstab entry), we have two sulogin
+ processes fighting over the tty. (Closes: #757072)
+ * Stop syslog.socket when entering emergency mode as otherwise every log
+ message triggers the start of the syslog service and its dependencies
+ which conflicts with emergency.target. (Closes: #755581)
+
+ -- Michael Biebl <biebl@debian.org> Thu, 21 Aug 2014 00:14:21 +0200
+
+systemd (208-7) unstable; urgency=medium
+
+ [ Michael Biebl ]
+ * Mask remaining services provided by the initscripts package and document
+ in more detail why certain services have been masked. (Closes: #659264)
+ * Install zsh completions to the correct place. (Closes: #717540)
+
+ [ Jon Severinsson ]
+ * Cherry-pick upstream fix for journal file permissions. (Closes: #755062)
+ * Map some rcS.d init script dependencies to their systemd equivalent.
+ * Update Depends on initscripts to the version with a systemd-compatible
+ mountnfs ifup hook. (Closes: #746358)
+ * Add Breaks on lvm2 versions without native systemd support.
+ (Closes: #678438, #692120)
+ * Do not fail udev upgrades if the udev service is already runtime-masked
+ when the preinst script is run. (Closes: #755746)
+ * Add Pre-Depends on systemd to systemd-sysv, to avoid risking that the
+ sysv-compatible symlinks become dangling on a partial install.
+ * Ensure that systemctl is usable right after being unpacked, by adding the
+ required Pre-Depends to systemd and libsystemd-daemon0. (Closes: #753589)
+ * Add support for TuxOnIce hibernation. (Closes: #746463)
+
+ [ Martin Pitt ]
+ * Rename "api" autopkgtest to "build-login", and stop requiring that
+ sd_login_monitor_new() succeeds. It doesn't in many environments like
+ schroot or after upgrades from < 204, and the main point of the test is
+ to check that libsystemd-login-dev has correct contents and dependencies.
+ Drop "isolation-machine" requirement.
+ * Use glibc's xattr support instead of requiring libattr. Fixes FTBFS with
+ latest glibc and libattr. Cherrypicked from trunk. Drop libattr1-dev build
+ dependency. (Closes: #756097)
+ * Build python3-systemd for Python 3 bindings. Drop python-systemd; it does
+ not have any reverse dependencies, and we want to encourage moving to
+ Python 3. (LP: #1258089)
+ * Add simple autopkgtest for python3-systemd.
+ * Add dbus dependency to libpam-systemd. (Closes: #755968)
+ * Fix /dev/cdrom symlink to appear for all types of drives, not just for
+ pure CD-ROM ones. Also, fix the symlinks to stay after change events.
+ (LP: #1323777)
+ * 75-persistent-net-generator.rules: Adjust Ravello interfaces; they don't
+ violate the assignment schema, they should just not be persistent.
+ Thanks to Boris Figovsky. (Closes: #747475, LP: #1317776)
+ * Reinstate patches to make logind D-BUS activatable.
+ * Re-add systemd-shim alternative dependency to libpam-systemd. Version it
+ to ensure cgmanager support. (Closes: #754984, LP: #1343802)
+ * Convert udev-finish.upstart from a task to a job, to avoid hangs with
+ startpar. (Closes: #756631)
+ * Add debian/extra/60-keyboard.hwdb: Latest keymaps from upstream git.
+ This makes it trivial to backport keymap fixes to stable releases.
+ (Closes: #657809; LP: #1322770, #1339998)
+ * udev.init: Create static device nodes, as this moved out of udevd.
+ Thanks to Michael Biebl for the script! (Closes: #749021)
+
+ -- Martin Pitt <mpitt@debian.org> Wed, 06 Aug 2014 13:33:22 +0200
+
+systemd (208-6) unstable; urgency=medium
+
+ [ Jon Severinsson ]
+ * Add v208-stable patch series.
+ - Update Debian patches to apply on top of v208-stable.
+ - Move new manpages to libsystemd-*-dev as appropriate.
+
+ [ Michael Biebl ]
+ * Upload to unstable.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 16 Jul 2014 00:44:15 +0200
+
+systemd (208-5) experimental; urgency=medium
+
+ * Merge changes from unstable branch.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 13:41:32 +0200
+
+systemd (208-4) experimental; urgency=medium
+
+ * Merge changes from unstable branch.
+ * Drop alternative dependency on systemd-shim in libpam-systemd. The
+ systemd-shim package no longer provides an environment to run
+ systemd-logind standalone. See #752939 for further details.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 01:22:11 +0200
+
+systemd (208-3) experimental; urgency=medium
+
+ * Merge changes from unstable branch.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 25 Jun 2014 11:29:07 +0200
+
+systemd (208-2) experimental; urgency=medium
+
+ [ Sjoerd Simons ]
+ * Don't stop a running user manager from garbage collecting the users. Fixes
+ long shutdown times when using a systemd user session
+
+ [ Michael Stapelberg ]
+ * Fix bug-script: “systemctl dump” is now “systemd-analyze dump”
+ (Closes: #748311)
+
+ [ Michael Biebl ]
+ * Merge changes from unstable branch.
+ * Cherry-pick upstream fixes to make sd_session_get_vt() actually work.
+
+ -- Michael Biebl <biebl@debian.org> Tue, 24 Jun 2014 17:45:26 +0200
+
+systemd (208-1) experimental; urgency=medium
+
+ [ Michael Biebl ]
+ * New upstream release. (Closes: #729566)
+ * Update patches.
+ * Update symbols files for libsystemd-journal and libsystemd-login.
+ * Install new files and remove the ones we don't use.
+ * Install zsh completion files. (Closes: #717540)
+ * Create a compat symlink /etc/sysctl.d/99-sysctl.conf as systemd-sysctl no
+ longer reads /etc/sysctl.conf.
+ * Bump Build-Depends on kmod to (>= 14).
+ * Bump Build-Depends on libcryptsetup-dev to (>= 2:1.6.0) for tcrypt
+ support.
+ * Make kmod-static-nodes.service check for the kmod binary since we don't
+ want a hard dependency on kmod e.g. for container installations.
+ * Disable various features which aren't required for the udeb build.
+ * Move new sd_pid_get_slice and sd_session_get_vt man pages into
+ libsystemd-login-dev.
+ * Make no-patch-numbers the default for gbp-pq.
+ * Adjust systemd-user pam config file for Debian.
+ This pam config file is used by libpam-systemd/systemd-logind when
+ launching systemd user instances.
+ * Drop patches to make logind D-Bus activatable. The cgroup handling has
+ been reworked in v205 and logind no longer creates cgroup hierarchies on
+ its own. That means that the standalone logind is no longer functional
+ without support from systemd (or an equivalent cgroup manager).
+
+ [ Martin Pitt ]
+ * Explain patch management in debian/README.source.
+
+ -- Michael Biebl <biebl@debian.org> Mon, 28 Apr 2014 00:22:57 +0200
+
+systemd (204-14) unstable; urgency=medium
+
+ * Fix SIGABRT in insserv generator caused by incorrect usage of strcat().
+ (Closes: #752992)
+ * Mark -dev packages as Multi-Arch: same. (Closes: #720017)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 13:22:43 +0200
+
+systemd (204-13) unstable; urgency=medium
+
+ * Switch back to load the sg module via the kmod builtin. The problem was
+ not that the kmod builtin is faster then modprobe but rather the incorrect
+ usage of the "=" assignment operator. We need to use "+=" here, so the sg
+ module is loaded in addition to other scsi modules, which are loaded via
+ the modalias rule. Thanks to Tommaso Colombo for the analysis.
+ * Cherry-pick upstream fix which prevents systemd from entering an infinite
+ loop when trying to break an ordering cycle. (Closes: #752259)
+ * Update insserv generator to not create any drop-in files for services
+ where the corresponding SysV init script does not exist.
+ * Drop the check for /sys/kernel/uevent_helper from postinst and the SysV
+ init script and do not unconditionally overwrite it in the initramfs hook.
+ Since a long time now udev has been using the netlink interface to
+ communicate with the kernel and with Linux 3.16 it is possible to disable
+ CONFIG_UEVENT_HELPER completely. (Closes: #752742)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 28 Jun 2014 00:01:16 +0200
+
+systemd (204-12) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Change the sg loading rule (for Debian #657948) back to using modprobe.
+ kmod is too fast and then sg races with sd, causing the latter to not see
+ SCSI disks. (Closes: #752591, #752605)
+
+ [ Michael Biebl ]
+ * Update udev bug-script to attach instead of paste extra info if a new
+ enough reportbug version is available.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 25 Jun 2014 10:55:12 +0200
+
+systemd (204-11) unstable; urgency=medium
+
+ [ Martin Pitt ]
+ * Explain patch management in debian/README.source. (Closes: #739113)
+ * Replace "Always probe cpu support drivers" patch with cherry-picked
+ upstream fix which is more general.
+ * Advertise hibernation only if there's enough free swap. Patches backported
+ from current upstream. (LP: #1313522)
+ * Fix typo in sg loading rule to make it actually work.
+
+ [ Michael Biebl ]
+ * Make no-patch-numbers the default for gbp-pq.
+ * Cherry-pick upstream fix to properly handle multiline syslog messages.
+ (Closes: #746351)
+ * Cherry-pick upstream fix for libudev which fixes a memleak in
+ parent_add_child().
+ * Drop "-b debian" from Vcs-Git since we use the master branch for
+ packaging now.
+ * Drop Conflicts: sysvinit (<< 2.88dsf-44~) from systemd-sysv since this
+ breaks dist-upgrades from wheezy when switching from sysvinit to
+ systemd-sysv as default init. While downgrading the Pre-Depends in
+ sysvinit would have been an alternative, dropping the Conflicts and only
+ keeping the Replaces was deemed the lesser evil. (Closes: #748355)
+ * Use Conflicts instead of Breaks against sysvinit-core. This avoids
+ /sbin/init going missing when switching from systemd-sysv to sysvinit.
+ While at it, add a Replaces: upstart. (Closes: #751589)
+ * Make the SysV compat tools try both /run/initctl and /dev/initctl. This
+ makes them usable under sysvinit as PID 1 without requiring any symlinks.
+ * Various ifupdown integration fixes
+ - Use DefaultDependencies=no in ifup@.service so the service can be
+ started as early as possible.
+ - Create the ifupdown runtime directory in ifup@.service as we can no
+ longer rely on the networking service to do that for us.
+ - Don't stop ifup@.service on shutdown but let the networking service take
+ care of stopping all hotplugged interfaces.
+ - Only start ifup@.service for interfaces configured as allow-hotplug.
+
+ [ Michael Stapelberg ]
+ * Clarify that “systemd” does not influence init whereas “systemd-sysv” does
+ (Closes: #747741)
+
+ [ Ansgar Burchardt ]
+ * Don't use "set +e; set +u" unconditionally in the lsb init-functions hook
+ as this might change the behaviour of existing SysV init scripts.
+ (Closes: #751472)
+
+ -- Michael Biebl <biebl@debian.org> Tue, 24 Jun 2014 17:03:43 +0200
+
+systemd (204-10) unstable; urgency=medium
+
+ * In the udeb's udev.startup, make sure that /dev/pts exists.
+ * systemd-logind-launch: Set the #files ulimit, for unprivileged LXC
+ containers.
+ * Drop udev.NEWS, it only applies to pre-squeeze.
+ * Remove /var/log/udev on purge.
+ * Always probe cpu support drivers. (LP #1207705)
+ * On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC
+ for management. Name this interface "idrac" to avoid confusion with "real"
+ network interfaces.
+ * Drop numerical prefixes from patches, to avoid future diff noise when
+ removing, cherry-picking, and merging patches. From now on, always use
+ "gbp-pq export --no-patch-numbers" to update them.
+
+ -- Martin Pitt <mpitt@debian.org> Sun, 27 Apr 2014 11:53:52 +0200
+
+systemd (204-9) unstable; urgency=medium
+
+ * The "Flemish Beef and Beer Stew" release.
+
+ [ Steve Langasek ]
+ * Do proper refcounting of the PAM module package on prerm, so that we
+ don't drop the module from the PAM config when uninstalling a
+ foreign-arch package. Related to Ubuntu bug #1295521.
+
+ [ Martin Pitt ]
+ * debian/udev.udev-finish.upstart: Fix path to tmp-rules,
+ debian/extra/rule_generator.functions creates them in /run/udev/.
+ * rules: Remove the kernel-install bits; we don't want that in Debian and
+ thus it shouldn't appear in dh_install --list-missing output.
+ * Ship sd-shutdown.h in libsystemd-daemon-dev.
+ * Run dh_install with --fail-missing, to avoid forgetting files when we move
+ to new versions.
+ * Mount /dev/pts with the correct permissions in the udev, to avoid needing
+ pt_chown (not available on all architectures). Thanks Adam Conrad.
+ * Add new block of Windows Azure ethernet hardware address to
+ 75-persistent-net-generator.rules. (LP: #1274348, Closes: #739018)
+ * Drop our Debian specific 60-persistent-storage{,-tape}.rules and use the
+ upstream rules. They are compatible and do a superset of the
+ functionality. (Closes: #645466)
+ * Drop our Debian specific 80-drivers.rules and use the upstream rules with
+ a patch for the sg module (see #657948). These now stop calling modprobe
+ and use the kmod builtin, giving some nice boot speed improvement.
+ (Closes: #717404)
+ * Drop our Debian specific 50-udev-default.rules and 91-permissions.rules
+ and use the upstream rules with a patch for the remaining Debian specific
+ default device permissions. Many thanks to Marco d'Itri for researching
+ which Debian-specific rules are obsolete! Amongst other things, this now
+ also reads the hwdb info for USB devices (Closes: #717405) and gets rid of
+ some syntax errors (Closes: #706221)
+ * Set default polling interval on removable devices as well, for kernels
+ which have "block" built in instead of being a module. (Closes: #713877)
+ * Make sd_login_monitor_new() work for logind without systemd.
+ * Cherry-pick upstream fix for polkit permissions for rebooting with
+ multiple sessions.
+ * Kill /etc/udev/links.conf, create_static_nodes, and associated code. It's
+ obsolete with devtmpfs (which is required now), and doesn't run with
+ systemd or upstart anyway.
+ * Drop unnecessary udev.dirs.
+ * Add autopkgtests for smoke-testing logind, hostnamed, timedated, localed,
+ and a compile/link/run test against libsystemd-login-dev.
+
+ [ Marco d'Itri ]
+ * preinst: check for all the system calls required by modern releases
+ of udev. (Closes: #648325)
+ * Updated fbdev-blacklist.conf for recent kernels.
+ * Do not blacklist viafb because it is required on the OLPC XO-1.5.
+ (Closes: #705792)
+ * Remove write_cd_rules and the associated rules which create "persistent"
+ symlinks for CD/DVD devices and replace them with more rules in
+ 60-cdrom_id, which will create symlinks for one at random among the
+ devices installed. Since the common case is having a single device
+ then everything will work out just fine most of the times...
+ (Closes: #655924)
+ * Fix write_net_rules for systemd and sysvinit users by copying the
+ temporary rules from /run/udev/ to /etc/udev/. (Closes: #735563)
+ * Do not install sysctl.d/50-default.conf because the systemd package
+ should not change kernel policies, at least until it will become
+ the only supported init system.
+
+ [ Michael Stapelberg ]
+ * Add systemd-dbg package, thanks Daniel Schaal (Closes: #742724).
+ * Switch from gitpkg to git-buildpackage. Update README.source accordingly.
+ * Make libpam-systemd depend on systemd-sysv | systemd-shim. Packages that
+ need logind functionality should depend on libpam-systemd.
+
+ [ Michael Biebl ]
+ * Do not send potentially private fstab information without prior user
+ confirmation. (Closes: #743158)
+ * Add support for LSB facilities defined by insserv.
+ Parse /etc/insserv.conf.d content and /etc/insserv.conf and generate
+ systemd unit drop-in files to add corresponding dependencies. Also ship
+ targets for the Debian specific $x-display-manager and
+ $mail-transport-agent system facilities. (Closes: #690892)
+ * Do not accidentally re-enable /var/tmp cleaning when migrating the TMPTIME
+ setting from /etc/default/rcS. Fix up existing broken configurations.
+ (Closes: #738862)
+
+ -- Michael Biebl <biebl@debian.org> Sat, 26 Apr 2014 21:37:29 +0200
+
+systemd (204-8) unstable; urgency=low
+
+ [ Michael Stapelberg ]
+ * move manpages from systemd to libsystemd-*-dev as appropriate
+ (Closes: #738723)
+ * fix systemctl enable/disable/… error message “Failed to issue method call:
+ No such file or directory” (the previous upload did actually not contain
+ this fix due to a merge conflict) (Closes: #738843)
+ * add explicit “Depends: sysv-rc” so that initscript’s “Depends: sysv-rc |
+ file-rc” will not be satisfied with file-rc. We need the invoke-rc.d and
+ update-rc.d from sysv-rc, file-rc’s doesn’t have support for systemd.
+ (Closes: #739679)
+ * set capabilities cap_dac_override,cap_sys_ptrace=ep for
+ systemd-detect-virt, so that it works for unprivileged users.
+ (Closes: #739699)
+ * pam: Check $XDG_RUNTIME_DIR owner (Closes: #731300)
+ * Ignore chkconfig headers entirely, they are often broken in Debian
+ (Closes: #634472)
+
+ [ Michael Biebl ]
+ * do a one-time migration of RAMTMP= from /etc/default/rcS and
+ /etc/default/tmpfs, i.e. enable tmp.mount (Closes: #738687)
+ * Bump Standards-Version to 3.9.5.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 19 Mar 2014 18:57:35 +0100
+
+systemd (204-7) unstable; urgency=low
+
+ * fix systemctl enable/disable/… error message “Failed to issue method call:
+ No such file or directory” (Closes: #734809)
+ * bug-script: attach instead of paste extra info with reportbug ≥ 6.5.0
+ (Closes: #722530)
+ * add stage1 bootstrap support to avoid Build-Depends cycles (Thanks Daniel
+ Schepler)
+ * cherry-pick:
+ order remote mounts from mountinfo before remote-fs.target (77009452cfd)
+ (Closes: #719945)
+ Fix CPUShares configuration option (ccd90a976dba) (Closes: #737156)
+ fix reference in systemd-inhibit(1) (07b4b9b) (Closes: #738316)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 11 Feb 2014 23:34:42 +0100
+
+systemd (204-6) unstable; urgency=low
+
+ [ Michael Stapelberg ]
+ * Run update-rc.d defaults before update-rc.d <enable|disable>
+ (Closes: #722523)
+ * preinst: preserve var-{lock,run}.mount when upgrading from 44 to 204
+ (Closes: #723936)
+ * fstab-generator: don’t rely on /usr being mounted in the initrd
+ (Closes: #724797)
+ * systemctl: mangle names when avoiding dbus (Closes: #723855)
+ * allow group adm read access on /var/log/journal (Closes: #717386)
+ * add systemd-journal group (Thanks Guido Günther) (Closes: #724668)
+ * copy /etc/localtime instead of symlinking (Closes: #726256)
+ * don’t try to start autovt units when not running with systemd as pid 1
+ (Closes: #726466)
+ * Add breaks/replaces for the new sysvinit-core package (Thanks Alf Gaida)
+ (Closes: #733240)
+ * Add myself to uploaders
+
+ [ Tollef Fog Heen ]
+ * Make 99-systemd.rules check for /run/systemd/systemd instead of the
+ ill-named cgroups directory.
+
+ [ Martin Pitt ]
+ * debian/udev.upstart: Fix path to udevd, the /sbin/udevd compat symlink
+ should go away at some point.
+ * debian/udev-udeb.install: Add 64-btrfs.rules and 75-probe_mtd.rules, they
+ are potentially useful in a d-i environment.
+ * debian/shlibs.local: Drop libudev; this unnecessarily generates overly
+ strict dependencies, the libudev ABI is stable.
+ * debian/extra/rules/75-persistent-net-generator.rules: Add Ravello systems
+ (LP: #1099278)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 31 Dec 2013 14:39:44 +0100
+
+systemd (204-5) unstable; urgency=high
+
+ * Cherry-pick 72fd713 from upstream which fixes insecure calling of polkit
+ by avoiding a race condition in scraping /proc (CVE-2013-4327).
+ Closes: #723713
+
+ -- Michael Biebl <biebl@debian.org> Mon, 23 Sep 2013 11:59:53 +0200
+
+systemd (204-4) unstable; urgency=low
+
+ * Add preinst check to abort udev upgrade if the currently running kernel
+ lacks devtmpfs support. Since udev 176, devtmpfs is mandatory as udev no
+ longer creates any device nodes itself. This only affects self-compiled
+ kernels which now need CONFIG_DEVTMPFS=y. Closes: #722580
+ * Fix SysV init script to correctly mount a devtmpfs instead of tmpfs. This
+ only affects users without an initramfs, which usually is responsible for
+ mounting the devtmpfs. Closes: #722604
+ * Drop pre-squeeze upgrade code from maintainer scripts and simplify the
+ various upgrade checks.
+ * Suppress errors about unknown hwdb builtin. udev 196 introduced a new
+ "hwdb" builtin which is not understood by the old udev daemon.
+ * Add missing udeb line to shlibs.local. This ensures that udev-udeb gets a
+ proper dependency on libudev1-udeb and not libudev1. Closes: #722939
+ * Remove udev-udeb dependency from libudev1-udeb to avoid a circular
+ dependency between the two packages. This dependency was copied over from
+ the old udev-gtk-udeb package and no longer makes any sense since
+ libudev1-udeb only contains a library nowadays.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 18 Sep 2013 00:05:21 +0200
+
+systemd (204-3) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * Upload to unstable.
+ * Use /bin/bash in debug-shell.service as Debian doesn't have /sbin/sushell.
+ * Only import net.ifaces cmdline property for network devices.
+ * Generate strict dependencies between the binary packages using a
+ shlibs.local file and add an explicit versioned dependency on
+ libsystemd-login0 to systemd to ensure packages are upgraded in sync.
+ Closes: #719444
+ * Drop obsolete Replaces: libudev0 from udev package.
+ * Use correct paths for various binaries, like /sbin/quotaon, which are
+ installed in / and not /usr in Debian. Closes: #721347
+ * Don't install kernel-install(8) man page since we don't install the
+ corresponding binary either. Closes: #722180
+ * Cherry-pick upstream fixes to make switching runlevels and starting
+ reboot via ctrl-alt-del more robust.
+ * Cherry-pick upstream fix to properly apply ACLs to Journal files.
+ Closes: #717863
+
+ [ Michael Stapelberg ]
+ * Make systemctl enable|disable call update-rc.d for SysV init scripts.
+ Closes: #709780
+ * Don't mount /tmp as tmpfs by default and make it possible to enable this
+ feature via "systemctl enable tmp.mount". Closes: #718906
+
+ [ Daniel Schaal ]
+ * Add bug-script to systemd and udev. Closes: #711245
+
+ [ Ondrej Balaz ]
+ * Recognize discard option in /etc/crypttab. Closes: #719167
+
+ -- Michael Biebl <biebl@debian.org> Thu, 12 Sep 2013 00:13:11 +0200
+
+systemd (204-2) experimental; urgency=low
+
+ [ Daniel Schaal ]
+ * Enable verbose build logs. Closes: #717465
+ * Add handling of Message Catalog files to provide additional information
+ for log entries. Closes: #717427
+ * Remove leftover symlink to debian-enable-units.service. Closes: #717349
+
+ [ Michael Stapelberg ]
+ * Install 50-firmware.rules in the initramfs and udeb. Closes: #717635
+
+ [ Michael Biebl ]
+ * Don't pass static start priorities to dh_installinit anymore.
+ * Switch the hwdb trigger to interest-noawait.
+ * Remove obsolete support for configurable udev root from initramfs.
+ * Bind ifup@.service to the network device. This ensures that ifdown is run
+ when the device is removed and the service is stopped.
+ Closes: #660861, #703033
+ * Bump Standards-Version to 3.9.4. No further changes.
+ * Add Breaks against consolekit (<< 0.4.6-1) for udev-acl. Closes: #717385
+ * Make all packages Priority: optional, with the exception of udev and
+ libudev1, which remain Priority: important, and systemd-sysv, which
+ remains Priority: extra due to the conflict with sysvinit.
+ Closes: #717365
+ * Restart systemd-logind.service on upgrades due to changes in the
+ CreateSession D-Bus API between v44 and v204. Closes: #717403
+
+ -- Michael Biebl <biebl@debian.org> Wed, 24 Jul 2013 23:47:59 +0200
+
+systemd (204-1) experimental; urgency=low
+
+ * New upstream release. Closes: #675175, #675177
+ - In v183 the udev sources have been merged into the systemd source tree.
+ As a result, the udev binary packages will now be built from the systemd
+ source package. To align the version numbers 139 releases were skipped.
+ - For a complete list of changes, please refer to the NEWS file.
+ * Add Marco to Uploaders.
+ * Drop Suggests on the various python packages from systemd. The
+ systemd-analyze tool has been reimplemented in C.
+ * Add binary packages as found in the udev 175-7.2 source package.
+ * Wrap dependencies for better readability.
+ * Drop hard-coded Depends on libglib2.0-0 from gir1.2-gudev-1.0.
+ * Drop old Conflicts, Replaces and Breaks, which are no longer necessary.
+ * Make libgudev-1.0-dev depend on gir1.2-gudev-1.0 as per GObject
+ introspection mini-policy. Closes: #691313
+ * The hwdb builtin has replaced pci-db and usb-db in udev. Drop the
+ Recommends on pciutils and usbutils accordingly.
+ * Drop our faketime hack. Upstream uses a custom xsl style sheet now to
+ generate the man pages which no longer embeds the build date.
+ * Add Depends on libpam-runtime (>= 1.0.1-6) to libpam-systemd as we are
+ using pam-auth-update.
+ * Explicitly set Section and Priority for the udev binary package.
+ * Update Build-Depends:
+ - Drop libudev-dev, no longer required.
+ - Add gtk-doc-tools and libglib2.0-doc for the API documentation in
+ libudev and libgudev.
+ - Add libgirepository1.0-dev and gobject-introspection for GObject
+ introspection support in libgudev.
+ - Add libgcrypt11-dev for encryption support in the journal.
+ - Add libblkid-dev for the blkid udev builtin.
+ * Use gir dh addon to ensure ${gir:Depends} is properly set.
+ * Rename libudev0 → libudev1 for the SONAME bump.
+ * Update symbols files. libudev now uses symbols versioning as the other
+ libsystemd libraries. The libgudev-1.0-0 symbols file has been copied from
+ the old udev package.
+ * Run gtkdocize on autoreconf.
+ * Enable python bindings for the systemd libraries and ship them in a new
+ package named python-systemd.
+ * Tighten Depends on libsystemd-id128-dev for libsystemd-journal-dev as per
+ libsystemd-journal.pc.
+ * Remove obsolete bash-completion scripts on upgrades. Nowadays they are
+ installed in /usr/share/bash-completion/completions.
+ * Rename conffiles for logind and journald.
+ * Rename udev-gtk-udeb → libudev1-udeb to better reflect its actual contents.
+ * Build two flavours: a regular build and one for the udev udebs with
+ reduced features/dependencies.
+ * Create a few compat symlinks for the udev package, most notably
+ /sbin/udevadm and /sbin/udevd.
+ * Remove the dpkg-triggered debian-enable-units script. This was a temporary
+ workaround for wheezy. Packages should use dh-systemd now to properly
+ integrate service files with systemd.
+ * Update debian/copyright using the machine-readable copyright format 1.0.
+ * Integrate changes from udev 175-7 and acknowledge the 175-7.1 and 175-7.2
+ non-maintainer uploads.
+ * Keep the old persistent network interface naming scheme for now and make
+ the new one opt-in via net.ifnames=1 on the kernel command line.
+ * Drop the obsolete udev-mtab SysV init script and properly clean up on
+ upgrades.
+ * Simplify the udev SysV init script and remove experimental and obsolete
+ features.
+ * Revert upstream commits which dropped support for distro specific
+ features and config files.
+ * Make logind, hostnamed, localed and timedated D-Bus activatable and
+ usable when systemd is not running.
+ * Store hwdb binary database in /lib/udev, not /etc/udev. Create the file on
+ install and upgrades.
+ * Provide a dpkg file trigger for hwdb, so the database is automatically
+ updated when packages install files into /lib/udev/hwdb.d.
+
+ -- Michael Biebl <biebl@debian.org> Fri, 19 Jul 2013 00:32:36 +0200
+
+systemd (44-12) unstable; urgency=low
+
+ * Cherry-pick e17187 from upstream to fix build failures with newer glibc
+ where the clock_* symbols have been moved from librt to libc.
+ Closes: #701364
+ * If the new init-system-helpers package is installed, make the
+ debian-enable-units script a no-op. The auto-enabler was meant as a
+ temporary workaround and will be removed once all packages use the new
+ helper.
+ * Update the checks which test if systemd is the active init. The
+ recommended check is [ -d /run/systemd/system ] as this will also work
+ with a standalone systemd-logind.
+ * Set Maintainer to pkg-systemd-maintainers@lists.alioth.debian.org. Add
+ Tollef and myself as Uploaders.
+ * Stop building the GUI bits. They have been split into a separate source
+ package called systemd-ui.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 20 Jun 2013 01:32:16 +0200
+
+systemd (44-11) unstable; urgency=low
+
+ * Team upload.
+ * Run debian-enable-units.service after sysinit.target to ensure our tmp
+ files aren't nuked by systemd-tmpfiles.
+ * The mountoverflowtmp SysV init script no longer exists so remove that
+ from remount-rootfs.service to avoid an unnecessary diff to upstream.
+ * Do not fail on purge if /var/lib/systemd is empty and has been removed
+ by dpkg.
+
+ -- Michael Biebl <biebl@debian.org> Wed, 13 Mar 2013 08:03:06 +0100
+
+systemd (44-10) unstable; urgency=low
+
+ * Team upload.
+ * Using the return code of "systemctl is-enabled" to determine whether we
+ enable a service or not is unreliable since it also returns a non-zero
+ exit code for masked services. As we don't want to enable masked services,
+ grep for the string "disabled" instead.
+
+ -- Michael Biebl <biebl@debian.org> Fri, 15 Feb 2013 17:01:24 +0100
+
+systemd (44-9) unstable; urgency=low
+
+ * Team upload.
+ * Fix typo in systemd.socket man page. Closes: #700038
+ * Use color specification in "systemctl dot" which is actually
+ understood by dot. Closes: #643689
+ * Fix mounting of remote filesystems like NFS. Closes: #673309
+ * Use a file trigger to automatically enable service and socket units. A lot
+ of packages simply install systemd units but do not enable them. As a
+ result they will be inactive after the next boot. This is a workaround for
+ wheezy which will be removed again in jessie. Closes: #692150
+
+ -- Michael Biebl <biebl@debian.org> Fri, 15 Feb 2013 13:35:39 +0100
+
+systemd (44-8) unstable; urgency=low
+
+ * Team upload.
+ * Use comment=systemd.* syntax in systemd.mount man page. The
+ mount/util-linux version in wheezy is not recent enough to support the new
+ x-systemd* syntax. Closes: #697141
+ * Don't enable persistent storage of journal log files. The journal in v44
+ is not yet mature enough.
+
+ -- Michael Biebl <biebl@debian.org> Sat, 19 Jan 2013 20:05:05 +0100
+
+systemd (44-7) unstable; urgency=low
+
+ * Fix a regression in the init-functions hook wrt reload handling that was
+ introduced when dropping the X-Interactive hack. Closes: #696355
+
+ -- Michael Biebl <biebl@debian.org> Fri, 21 Dec 2012 00:00:12 +0100
+
+systemd (44-6) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * No longer ship the /sys directory in the systemd package since it is
+ provided by base-files nowadays.
+ * Don't run udev rules if systemd is not active.
+ * Converting /var/run, /var/lock and /etc/mtab to symlinks is a one-time
+ migration so don't run the debian-fixup script on every boot.
+
+ [ Tollef Fog Heen ]
+ * Prevent the systemd package from being removed if it's the active init
+ system, since that doesn't work.
+
+ [ Michael Biebl ]
+ * Use a separate tmpfs for /run/lock (size 5M) and /run/user (size 100M).
+ Those directories are user-writable which could lead to DoS by filling up
+ /run. Closes: #635131
+
+ -- Michael Biebl <biebl@debian.org> Sun, 16 Dec 2012 21:58:37 +0100
+
+systemd (44-5) unstable; urgency=low
+
+ * Team upload.
+
+ [ Tollef Fog Heen ]
+ * disable killing on entering START_PRE, START, thanks to Michael
+ Stapelberg for patch. This avoids killing VMs run through libvirt
+ when restarting libvirtd. Closes: #688635.
+ * Avoid reloading services when shutting down, since that won't work and
+ makes no sense. Thanks to Michael Stapelberg for the patch.
+ Closes: #635777.
+ * Try to determine which init scripts support the reload action
+ heuristically. Closes: #686115, #650382.
+
+ [ Michael Biebl ]
+ * Update Vcs-* fields, the Git repository is hosted on alioth now. Set the
+ default branch to "debian".
+ * Avoid reload and (re)start requests during early boot which can lead to
+ deadlocks. Closes: #624599
+ * Make systemd-cgroup work even if not all cgroup mounts are available on
+ startup. Closes: #690916
+ * Fix typos in the systemd.path and systemd.unit man page. Closes: #668344
+ * Add watch file to track new upstream releases.
+
+ -- Michael Biebl <biebl@debian.org> Thu, 25 Oct 2012 21:41:23 +0200
+
+systemd (44-4) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * Override timestamp for man page building, thereby avoiding skew
+ between architectures which caused problems for multi-arch.
+ Closes: #680011
+
+ [ Tollef Fog Heen ]
+ * Move diversion removal from postinst to preinst. Closes: #679728
+ * Prevent the journal from crashing when running out of disk space.
+ This is 499fb21 from upstream. Closes: #668047.
+ * Stop mounting a tmpfs on /media. Closes: #665943
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sun, 01 Jul 2012 08:17:50 +0200
+
+systemd (44-3) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * Bump to debhelper 9.
+ * Convert to Multi-Arch: same where possible. Closes: #676615
+
+ [ Tollef Fog Heen ]
+ * Cherry-pick d384c7 from upstream to stop journald from leaking
+ memory. Thanks to Andreas Henriksson for testing. Closes: #677701
+ * Ship lsb init script override/integration in /lib/lsb/init-functions.d
+ rather than diverting /lib/lsb/init-functions itself. Add appropriate
+ Breaks to ensure upgrades happen.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Fri, 29 Jun 2012 22:34:16 +0200
+
+systemd (44-2) unstable; urgency=low
+
+ [ Michael Biebl ]
+ * Tighten the versions in the maintscript file
+ * Ship the /sys directory in the package
+ * Re-add workaround for non-interactive PAM sessions
+ * Mask checkroot-bootclean (Closes: #670591)
+ * Don't ignore errores in systemd-sysv postinst
+
+ [ Tollef Fog Heen ]
+ * Bring tmpfiles.d/tmp.conf in line with Debian defaults. Closes: #675422
+ * Make sure /run/sensigs.omit.d exists.
+ * Add python-dbus and python-cairo to Suggests, for systemd-analyze.
+ Closes: #672965
+
+ -- Tollef Fog Heen <tfheen@debian.org> Tue, 08 May 2012 18:04:22 +0200
+
+systemd (44-1) unstable; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream version.
+ - Backport 3492207: journal: PAGE_SIZE is not known on ppc and other
+ archs
+ - Backport 5a2a2a1: journal: react with immediate rotation to a couple
+ of more errors
+ - Backport 693ce21: util: never follow symlinks in rm_rf_children()
+ Fixes CVE-2012-1174, closes: #664364
+ * Drop output message from init-functions hook, it's pointless.
+ * Only rmdir /lib/init/rw if it exists.
+ * Explicitly order debian-fixup before sysinit.target to prevent a
+ possible race condition with the creation of sockets. Thanks to
+ Michael Biebl for debugging this.
+ * Always restart the initctl socket on upgrades, to mask sysvinit
+ removing it.
+
+ [ Michael Biebl ]
+ * Remove workaround for non-interactive sessions from pam config again.
+ * Create compat /dev/initctl symlink in case we are upgrading from a system
+ running a newer version of sysvinit (using /run/initctl) and sysvinit is
+ replaced with systemd-sysv during the upgrade. Closes: #663219
+ * Install new man pages.
+ * Build-Depend on valac (>= 0.12) instead of valac-0.12. Closes: #663323
+
+ -- Tollef Fog Heen <tfheen@debian.org> Tue, 03 Apr 2012 19:59:17 +0200
+
+systemd (43-1) experimental; urgency=low
+
+ [ Tollef Fog Heen ]
+ * Target upload at experimental due to libkmod dependency
+ * New upstream release
+ - Update bash-completion for new verbs and arguments. Closes: #650739
+ - Fixes local DoS (CVE-2012-1101). Closes: #662029
+ - No longer complains if the kernel lacks audit support. Closes: #642503
+ * Fix up git-to-source package conversion script which makes gitpkg
+ happier.
+ * Add libkmod-dev to build-depends
+ * Add symlink from /bin/systemd to /lib/systemd/systemd.
+ * Add --with-distro=debian to configure flags, due to no /etc/os-release
+ yet.
+ * Add new symbols for libsystemd-login0 to symbols file.
+ * Install a tmpfiles.d file for the /dev/initctl → /run/initctl
+ migration. Closes: #657979
+ * Disable coredump handling, it's not ready yet.
+ * If /run is a symlink, don't try to do the /var/run → /run migration.
+ Ditto for /var/lock → /run/lock. Closes: #647495
+
+ [ Michael Biebl ]
+ * Add Build-Depends on liblzma-dev for journal log compression.
+ * Add Build-Depends on libgee-dev, required to build systemadm.
+ * Bump Standards-Version to 3.9.2. No further changes.
+ * Add versioned Build-Depends on automake and autoconf to ensure we have
+ recent enough versions. Closes: #657284
+ * Add packages for libsystemd-journal and libsystemd-id128.
+ * Update symbols file for libsystemd-login.
+ * Update configure flags, use rootprefix instead of rootdir.
+ * Copy intltool files instead of symlinking them.
+ * Re-indent init-functions script.
+ * Remove workarounds for services using X-Interactive. The LSB X-Interactive
+ support turned out to be broken and has been removed upstream so we no
+ longer need any special handling for those type of services.
+ * Install new systemd-journalctl, systemd-cat and systemd-cgtop binaries.
+ * Install /var/lib/systemd directory.
+ * Install /var/log/journal directory where the journal files are stored
+ persistently.
+ * Setup systemd-journald to not read from /proc/kmsg (ImportKernel=no).
+ * Avoid error messages from systemctl in postinst if systemd is not running
+ by checking for /sys/fs/cgroup/systemd before executing systemctl.
+ Closes: #642749
+ * Stop installing lib-init-rw (auto)mount units and try to cleanup
+ /lib/init/rw in postinst. Bump dependency on initscripts accordingly.
+ Closes: #643699
+ * Disable pam_systemd for non-interactive sessions to work around an issue
+ with sudo.
+ * Use new dh_installdeb maintscript facility to handle obsolete conffiles.
+ Bump Build-Depends on debhelper accordingly.
+ * Rename bash completion file systemctl-bash-completion.sh →
+ systemd-bash-completion.sh.
+ * Update /sbin/init symlink. The systemd binary was moved to $pkglibdir.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Tue, 07 Feb 2012 21:36:34 +0100
+
+systemd (37-1.1) unstable; urgency=low
+
+ * Non-maintainer upload with Tollef's consent.
+ * Remove --parallel to workaround a bug in automake 1.11.3 which doesn't
+ generate parallel-safe build rules. Closes: #661842
+ * Create a compat symlink /run/initctl → /dev/initctl to work with newer
+ versions of sysvinit. Closes: #657979
+
+ -- Michael Biebl <biebl@debian.org> Sat, 03 Mar 2012 17:42:10 +0100
+
+systemd (37-1) unstable; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream version
+ * Change the type of the debian-fixup service to oneshot.
+ Closes: #642961
+ * Add ConditionPathIsDirectory to lib-init-rw.automount and
+ lib-init-rw.mount so we only activate the unit if the directory
+ exists. Closes: #633059
+ * If a sysv service exists in both rcS and rcN.d runlevels, drop the
+ rcN.d ones to avoid loops. Closes: #637037
+ * Blacklist fuse init script, we do the same work already internally.
+ Closes: #643700
+ * Update README.Debian slightly for /run rather than /lib/init/rw
+
+ [ Josh Triplett ]
+ * Do a one-time migration of the $TMPTIME setting from /etc/default/rcS to
+ /etc/tmpfiles.d/tmp.conf. If /etc/default/rcS has a TMPTIME setting of
+ "infinite" or equivalent, migrate it to an /etc/tmpfiles.d/tmp.conf that
+ overrides the default /usr/lib/tmpfiles.d/tmp.conf and avoids clearing
+ /tmp. Closes: #643698
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 28 Sep 2011 20:04:13 +0200
+
+systemd (36-1) unstable; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream release. Closes: #634618
+ - Various man page fixes. Closes: #623521
+ * Add debian-fixup service that symlinks mtab to /proc/mounts and
+ migrates /var/run and /var/lock to symlinks to /run
+
+ [ Michael Biebl ]
+ * Build for libnotify 0.7.
+ * Bump Build-Depends on libudev to (>= 172).
+ * Add Build-Depends on libacl1-dev. Required for building systemd-logind
+ with ACL support.
+ * Split libsystemd-login and libsystemd-daemon into separate binary
+ packages.
+ * As autoreconf doesn't like intltool, override dh_autoreconf and call
+ intltoolize and autoreconf ourselves.
+ * Add Build-Depends on intltool.
+ * Do a one-time migration of the hwclock configuration. If UTC is set to
+ "no" in /etc/default/rcS, create /etc/adjtime and add the "LOCAL" setting.
+ * Remove /cgroup cleanup code from postinst.
+ * Add Build-Depends on gperf.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 14 Sep 2011 08:25:17 +0200
+
+systemd (29-1) unstable; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream version, Closes: #630510
+ - Includes typo fixes in documentation. Closes: #623520
+ * Fall back to the init script reload function if a native .service file
+ doesn't know how to reload. Closes: #628186
+ * Add hard dependency on udev. Closes: #627921
+
+ [ Michael Biebl ]
+ * hwclock-load.service is no longer installed, so we don't need to remove it
+ anymore in debian/rules.
+ * Install /usr/lib directory for binfmt.d, modules-load.d, tmpfiles.d and
+ sysctl.d.
+ * Remove obsolete conffiles from /etc/tmpfiles.d on upgrades. Those files
+ are installed in /usr/lib/tmpfiles.d now.
+ * Depend on util-linux (>= 2.19.1-2) which provides whole-disk locking
+ support in fsck and remove our revert patch.
+ * Don't choke when systemd was compiled with a different CAP_LAST_CAP then
+ what it is run with. Patch cherry-picked from upstream Git.
+ Closes: #628081
+ * Enable dev-hugepages.automount and dev-mqueue.automount only when enabled
+ in kernel. Patch cherry-picked from upstream Git. Closes: #624522
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 08 Jun 2011 16:14:31 +0200
+
+systemd (25-2) experimental; urgency=low
+
+ * Handle downgrades more gracefully by removing diversion of
+ /lib/lsb/init-functions on downgrades to << 25-1.
+ * Cherry-pick a133bf10d09f788079b82f63faa7058a27ba310b from upstream,
+ avoids assert when dumping properties. Closes: #624094
+ * Remove "local" in non-function context in init-functions wrapper.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 27 Apr 2011 22:20:04 +0200
+
+systemd (25-1) experimental; urgency=low
+
+ * New upstream release, target experimental due to initscripts
+ dependency.
+ - Fixes where to look for locale config. Closes: #619166
+ * Depend on initscripts >= 2.88dsf-13.4 for /run transition.
+ * Add Conflicts on klogd, since it doesn't work correctly with the
+ kmg→/dev/log bridge. Closes: #622555
+ * Add suggests on Python for systemd-analyze.
+ * Divert /lib/lsb/init-functions instead of (ab)using
+ /etc/lsb-base-logging.sh for diverting calls to /etc/init.d/*
+ * Remove obsolete conffile /etc/lsb-base-logging.sh. Closes: #619093
+ * Backport 3a90ae048233021833ae828c1fc6bf0eeab46197 from master:
+ mkdir /run/systemd/system when starting up
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sun, 24 Apr 2011 09:02:04 +0200
+
+systemd (20-1) unstable; urgency=low
+
+ * New upstream version
+ * Install systemd-machine-id-setup
+ * Call systemd-machine-id-setup in postinst
+ * Cherry-pick b8a021c9e276adc9bed5ebfa39c3cab0077113c6 from upstream to
+ prevent dbus assert error.
+ * Enable TCP wrapper support. Closes: #618409
+ * Enable SELinux support. Closes: #618412
+ * Make getty start after Apache2 and OpenVPN (which are the only two
+ known users of X-Interactive: yes). Closes: #618419
+
+ -- Tollef Fog Heen <tfheen@debian.org> Fri, 11 Mar 2011 19:14:21 +0100
+
+systemd (19-1) experimental; urgency=low
+
+ * New upstream release
+ * Add systemd-tmpfiles to systemd package.
+ * Add ifup@.service for handling hotplugged interfaces from
+ udev. Closes: #610871
+ * Mask mtab.service and udev-mtab.service as they are pointless when
+ /etc/mtab is a symlink to /proc/mounts
+ * Add breaks on lvm2 (<< 2.02.84-1) since older versions have udev rules
+ that don't work well with systemd causing delays on bootup.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Thu, 17 Feb 2011 07:36:22 +0100
+
+systemd (17-1) experimental; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream release
+ * Clarify ifupdown instructions in README.Debian somewhat.
+ Closes: #613320
+ * Silently skip masked services in lsb-base-logging.sh instead of
+ failing. Initial implementation by Michael Biebl. Closes: #612551
+ * Disable systemd-vconsole-setup.service for now.
+
+ [ Michael Biebl ]
+ * Bump build dependency on valac-0.10 to (>= 0.10.3).
+ * Improve regex in lsb-base-logging.sh for X-Interactive scripts.
+ Closes: #613325
+
+ -- Tollef Fog Heen <tfheen@debian.org> Wed, 16 Feb 2011 21:06:16 +0100
+
+systemd (16-1) experimental; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream release. Closes: #609611
+ * Get rid of now obsolete patches that are upstream.
+ * Use the built-in cryptsetup support in systemd, build-depend on
+ libcryptsetup-dev (>= 2:1.2.0-1) to get a libcryptsetup in /lib.
+ * Don't use systemctl redirect for init scripts with X-Interactive: true
+
+ [ Michael Biebl ]
+ * Update package description
+ * Use v8 debhelper syntax
+ * Make single-user mode work
+ * Run hwclock-save.service on shutdown
+ * Remove dependencies on legacy sysv mount scripts, as we use native
+ mounting.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sun, 16 Jan 2011 11:04:13 +0100
+
+systemd (15-1) UNRELEASED; urgency=low
+
+ [ Tollef Fog Heen ]
+ * New upstream version, thanks a lot to Michael Biebl for help with
+ preparing this version.
+ - This version handles cycle breaking better. Closes: #609225
+ * Add libaudit-dev to build-depends
+ * /usr/share/systemd/session has been renamed to /usr/share/systemd/user
+ upstream, adjust build system accordingly.
+ * Remove -s from getty serial console invocation.
+ * Add dependency on new util-linux to make sure /sbin/agetty exists
+ * Don't mount /var/lock with gid=lock (Debian has no such group).
+ * Document problem with ifupdown's /etc/network/run being a normal
+ directory.
+
+ [ Michael Biebl ]
+ * Revert upstream change which requires libnotify 0.7 (not yet available in
+ Debian).
+ * Use dh-autoreconf for updating the build system.
+ * Revert upstream commit which uses fsck -l (needs a newer version of
+ util-linux).
+ * Explicitly disable cryptsetup support to not accidentally pick up a
+ libcryptsetup dependency in a tainted build environment, as the library
+ is currently installed in /usr/lib.
+ * Remove autogenerated man pages and vala C sources, so they are rebuilt.
+ * Use native systemd mount support:
+ - Use MountAuto=yes and SwapAuto=yes (default) in system.conf
+ - Mask SysV init mount, check and cleanup scripts.
+ - Create an alias (symlink) for checkroot (→ remount-rootfs.service) as
+ synchronization point for SysV init scripts.
+ * Mask x11-common, rmnologin, hostname, bootmisc and bootlogd.
+ * Create an alias for procps (→ systemd-sysctl.service) and
+ urandom (→ systemd-random-seed-load.service).
+ * Create an alias for module-init-tools (→ systemd-modules-load.service) and
+ a symlink from /etc/modules-load.d/modules.conf → /etc/modules.
+ * Install lsb-base hook which redirects calls to SysV init scripts to
+ systemctl: /etc/init.d/<foo> <action> → systemctl <action> <foo.service>
+ * Install a (auto)mount unit to mount /lib/init/rw early during boot.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sat, 20 Nov 2010 09:28:01 +0100
+
+systemd (11-2) UNRELEASED; urgency=low
+
+ * Tighten depends from systemd-* on systemd to ensure they're upgraded
+ in lockstep. Thanks to Michael Biebl for the patch.
+ * Add missing #DEBHELPER# token to libpam-systemd
+ * Stop messing with runlevel5/multi-user.target symlink, this is handled
+ correctly upstream.
+ * Stop shipping /cgroup in the package.
+ * Remove tmpwatch services, Debian doesn't have or use tmpwatch.
+ * Make sure to enable GTK bits.
+ * Ship password agent
+ * Clean up cgroups properly on upgrades, thanks to Michael Biebl for the
+ patch. Closes: #599577
+
+ -- Tollef Fog Heen <tfheen@debian.org> Tue, 02 Nov 2010 21:47:10 +0100
+
+systemd (11-1) experimental; urgency=low
+
+ * New upstream version. Closes: #597284
+ * Add pam-auth-update calls to libpam-systemd's postinst and prerm
+ * Make systemd-sysv depend on systemd
+ * Now mounts the cgroup fs in /sys/fs/cgroup. Closes: #595966
+ * Add libnotify-dev to build-depends (needed for systemadm)
+
+ -- Tollef Fog Heen <tfheen@debian.org> Thu, 07 Oct 2010 22:01:19 +0200
+
+systemd (8-2) experimental; urgency=low
+
+ * Hardcode udev rules dir in configure call.
+ * Remove README.source as it's no longer accurate.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Mon, 30 Aug 2010 21:10:26 +0200
+
+systemd (8-1) experimental; urgency=low
+
+ * New upstream release
+ * Only ship the top /cgroup
+ * Pass --with-rootdir= to configure, to make it think / is / rather
+ than //
+ * Add PAM module package
+ * Fix up dependencies in local-fs.target. Closes: #594420
+ * Move systemadm to its own package. Closes: #588451
+ * Update standards-version (no changes needed)
+ * Update README.Debian to explain how to use systemd.
+ * Add systemd-sysv package that provides /sbin/init and friends.
+
+ -- Tollef Fog Heen <tfheen@debian.org> Sat, 07 Aug 2010 07:31:38 +0200
+
+systemd (0~git+20100605+dfd8ee-1) experimental; urgency=low
+
+ * Initial release, upload to experimental. Closes: #580814
+
+ -- Tollef Fog Heen <tfheen@debian.org> Fri, 30 Apr 2010 21:02:25 +0200
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..c0cc0dc
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,402 @@
+Source: systemd
+Section: admin
+Priority: optional
+Maintainer: Debian systemd Maintainers <pkg-systemd-maintainers@lists.alioth.debian.org>
+Uploaders: Michael Biebl <biebl@debian.org>,
+ Marco d'Itri <md@linux.it>,
+ Sjoerd Simons <sjoerd@debian.org>,
+ Martin Pitt <mpitt@debian.org>,
+ Felipe Sateler <fsateler@debian.org>
+Standards-Version: 4.5.1
+Rules-Requires-Root: no
+Vcs-Git: https://salsa.debian.org/systemd-team/systemd.git
+Vcs-Browser: https://salsa.debian.org/systemd-team/systemd
+Homepage: https://www.freedesktop.org/wiki/Software/systemd
+Build-Depends: debhelper-compat (= 13),
+ pkg-config,
+ xsltproc,
+ docbook-xsl,
+ docbook-xml,
+ m4,
+ meson (>= 0.52.1),
+ gettext,
+ gperf,
+ gnu-efi [amd64 i386 arm64 armhf],
+ libcap-dev (>= 1:2.24-9~),
+ libpam0g-dev,
+ libapparmor-dev (>= 2.13) <!stage1>,
+ libidn2-dev <!stage1>,
+ libiptc-dev <!stage1>,
+ libaudit-dev <!stage1>,
+ libdbus-1-dev (>= 1.3.2) <!nocheck> <!noinsttest>,
+ libcryptsetup-dev (>= 2:1.6.0) <!stage1>,
+ libselinux1-dev (>= 2.1.9),
+ libacl1-dev,
+ liblzma-dev,
+ liblz4-dev (>= 0.0~r125),
+ liblz4-tool <!nocheck>,
+ libbz2-dev <!stage1>,
+ zlib1g-dev <!stage1> | libz-dev <!stage1>,
+ libcurl4-gnutls-dev <!stage1> | libcurl-dev <!stage1>,
+ libmicrohttpd-dev <!stage1>,
+ libgnutls28-dev <!stage1>,
+ libpcre2-dev <!stage1>,
+ libgcrypt20-dev,
+ libkmod-dev (>= 15),
+ libblkid-dev (>= 2.24),
+ libmount-dev (>= 2.30),
+ libseccomp-dev (>= 2.3.1) [amd64 arm64 armel armhf i386 mips mipsel mips64 mips64el x32 powerpc ppc64 ppc64el riscv64 s390x],
+ libdw-dev (>= 0.158) <!stage1>,
+ libpolkit-gobject-1-dev <!stage1>,
+ libzstd-dev (>= 1.4.0),
+ linux-base <!nocheck>,
+ acl <!nocheck>,
+ python3:native,
+ python3-lxml:native,
+ python3-pyparsing <!nocheck>,
+ python3-evdev <!nocheck>,
+ tzdata <!nocheck>,
+ libcap2-bin <!nocheck>,
+ iproute2 <!nocheck>,
+ zstd <!nocheck>,
+
+Package: systemd
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: important
+Recommends: dbus,
+ systemd-timesyncd | time-daemon,
+Suggests: systemd-container,
+ policykit-1
+Pre-Depends: ${shlibs:Pre-Depends},
+ ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ libsystemd0 (= ${binary:Version}),
+ util-linux (>= 2.27.1),
+ mount (>= 2.26),
+ adduser,
+Conflicts: consolekit,
+ libpam-ck-connector,
+Breaks: systemd-shim (<< 10-4~),
+ python-dbusmock (<< 0.18),
+ python3-dbusmock (<< 0.18),
+ resolvconf (<< 1.83~),
+ udev (<< 247~),
+Description: system and service manager
+ systemd is a system and service manager for Linux. It provides aggressive
+ parallelization capabilities, uses socket and D-Bus activation for starting
+ services, offers on-demand starting of daemons, keeps track of processes using
+ Linux control groups, maintains mount and automount points and implements an
+ elaborate transactional dependency-based service control logic.
+ .
+ systemd is compatible with SysV and LSB init scripts and can work as a
+ drop-in replacement for sysvinit.
+ .
+ Installing the systemd package will not switch your init system unless you
+ boot with init=/lib/systemd/systemd or install systemd-sysv in addition.
+
+Package: systemd-sysv
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: important
+Conflicts: sysvinit-core,
+ upstart (<< 1.13.2-0ubuntu10~),
+ file-rc,
+ systemd-shim,
+Replaces: sysvinit-core,
+ upstart (<< 1.13.2-0ubuntu10~),
+Pre-Depends: systemd
+Depends: ${shlibs:Depends},
+ ${misc:Depends}
+Recommends: libpam-systemd,
+ libnss-systemd
+Description: system and service manager - SysV links
+ systemd is a system and service manager for Linux. It provides aggressive
+ parallelization capabilities, uses socket and D-Bus activation for starting
+ services, offers on-demand starting of daemons, keeps track of processes using
+ Linux control groups, maintains mount and automount points and implements an
+ elaborate transactional dependency-based service control logic.
+ .
+ systemd is compatible with SysV and LSB init scripts and can work as a
+ drop-in replacement for sysvinit.
+ .
+ This package provides the manual pages and links needed for systemd
+ to replace sysvinit. Installing systemd-sysv will overwrite /sbin/init with a
+ link to systemd.
+
+Package: systemd-container
+Build-Profiles: <!stage1>
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd,
+ dbus
+Recommends: libnss-mymachines,
+Description: systemd container/nspawn tools
+ This package provides systemd's tools for nspawn and container/VM management:
+ * systemd-nspawn
+ * systemd-machined and machinectl
+ * systemd-importd
+ * systemd-portabled and portablectl
+
+Package: systemd-journal-remote
+Build-Profiles: <!stage1>
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd,
+ adduser
+Breaks: systemd (<< 239-6)
+Replaces: systemd (<< 239-6)
+Description: tools for sending and receiving remote journal logs
+ This package provides tools for sending and receiving remote journal logs:
+ * systemd-journal-remote
+ * systemd-journal-upload
+ * systemd-journal-gatewayd
+
+Package: systemd-coredump
+Build-Profiles: <!stage1>
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ adduser,
+ systemd
+Conflicts: core-dump-handler
+Replaces: core-dump-handler
+Provides: core-dump-handler
+Description: tools for storing and retrieving coredumps
+ This package provides systemd tools for storing and retrieving coredumps:
+ * systemd-coredump
+ * coredumpctl
+
+Package: systemd-timesyncd
+Architecture: linux-any
+Multi-Arch: foreign
+Section: admin
+Priority: standard
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ adduser,
+ systemd
+Breaks: systemd (<< 245.4-2~),
+Conflicts: time-daemon
+Replaces: time-daemon,
+ systemd (<< 245.4-2~),
+Provides: time-daemon
+Description: minimalistic service to synchronize local time with NTP servers
+ The package contains the systemd-timesyncd system service that may be used to
+ synchronize the local system clock with a remote Network Time Protocol server.
+
+Package: systemd-tests
+Architecture: linux-any
+Section: admin
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd (= ${binary:Version}),
+ python3,
+Build-Profiles: <!noinsttest>
+Description: tests for systemd
+ This package contains the test binaries. Those binaries are primarily used
+ for autopkgtest and not meant to be installed on regular user systems.
+
+Package: libpam-systemd
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: standard
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd (= ${binary:Version}),
+ libpam-runtime (>= 1.0.1-6),
+ dbus,
+ systemd-sysv
+Provides: logind (= ${binary:Version}), default-logind (= ${binary:Version})
+Description: system and service manager - PAM module
+ This package contains the PAM module which registers user sessions in
+ the systemd control group hierarchy for logind.
+ .
+ If in doubt, do install this package.
+ .
+ Packages that depend on logind functionality need to depend on libpam-systemd.
+
+Package: libnss-myhostname
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: optional
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+Description: nss module providing fallback resolution for the current hostname
+ This package contains a plugin for the Name Service Switch, providing host
+ name resolution for the locally configured system hostname as returned by
+ gethostname(2). It returns all locally configured public IP addresses or -- if
+ none are configured, the IPv4 address 127.0.1.1 (which is on the local
+ loopback) and the IPv6 address ::1 (which is the local host).
+ .
+ A lot of software relies on that the local host name is resolvable. This
+ package provides an alternative to the fragile and error-prone manual editing
+ of /etc/hosts.
+ .
+ Installing this package automatically adds myhostname to /etc/nsswitch.conf.
+
+Package: libnss-mymachines
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: optional
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd-container (= ${binary:Version}),
+Description: nss module to resolve hostnames for local container instances
+ nss-mymachines is a plugin for the GNU Name Service Switch (NSS) functionality
+ of the GNU C Library (glibc) providing hostname resolution for local containers
+ that are registered with systemd-machined.service(8). The container names are
+ resolved to IP addresses of the specific container, ordered by their scope.
+ .
+ Installing this package automatically adds mymachines to /etc/nsswitch.conf.
+
+Package: libnss-resolve
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: optional
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd (= ${binary:Version}),
+Description: nss module to resolve names via systemd-resolved
+ nss-resolve is a plugin for the GNU Name Service Switch (NSS) functionality
+ of the GNU C Library (glibc) providing DNS and LLMNR resolution to programs via
+ the systemd-resolved daemon (provided in the systemd package).
+ .
+ Installing this package automatically adds resolve to /etc/nsswitch.conf.
+
+Package: libnss-systemd
+Architecture: linux-any
+Multi-Arch: same
+Section: admin
+Priority: standard
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ systemd (= ${binary:Version}),
+Description: nss module providing dynamic user and group name resolution
+ nss-systemd is a plug-in module for the GNU Name Service Switch (NSS)
+ functionality of the GNU C Library (glibc), providing UNIX user and group name
+ resolution for dynamic users and groups allocated through the DynamicUser=
+ option in systemd unit files. See systemd.exec(5) for details on this
+ option.
+ .
+ Installing this package automatically adds the module to /etc/nsswitch.conf.
+
+Package: libsystemd0
+Architecture: linux-any
+Multi-Arch: same
+Section: libs
+Priority: optional
+Pre-Depends: ${shlibs:Depends},
+ ${misc:Pre-Depends}
+Depends: ${misc:Depends}
+Description: systemd utility library
+ The libsystemd0 library provides interfaces to various systemd components.
+
+Package: libsystemd-dev
+Architecture: linux-any
+Multi-Arch: same
+Section: libdevel
+Priority: optional
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ libsystemd0 (= ${binary:Version})
+Description: systemd utility library - development files
+ The libsystemd0 library provides interfaces to various systemd components.
+ .
+ This package contains the development files.
+
+Package: udev
+Section: admin
+Priority: important
+Architecture: linux-any
+Multi-Arch: foreign
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ adduser,
+ dpkg (>= 1.19.3) | systemd-sysv,
+ libudev1 (= ${binary:Version}),
+ util-linux (>= 2.27.1),
+ s390-tools (>> 1.6.2) [s390],
+Conflicts: hal
+Breaks: systemd (<< 233-4),
+Replaces: systemd (<< 233-4)
+Description: /dev/ and hotplug management daemon
+ udev is a daemon which dynamically creates and removes device nodes from
+ /dev/, handles hotplug events and loads drivers at boot time.
+
+Package: libudev1
+Section: libs
+Priority: optional
+Architecture: linux-any
+Multi-Arch: same
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends}
+Description: libudev shared library
+ This library provides access to udev device information.
+
+Package: libudev-dev
+Section: libdevel
+Priority: optional
+Architecture: linux-any
+Multi-Arch: same
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ libudev1 (= ${binary:Version})
+Description: libudev development files
+ This package contains the files needed for developing applications that
+ use libudev.
+
+Package: udev-udeb
+Build-Profiles: <!noudeb>
+Package-Type: udeb
+Section: debian-installer
+Priority: optional
+Architecture: linux-any
+Depends: ${shlibs:Depends},
+ ${misc:Depends},
+ util-linux-udeb
+Description: /dev/ and hotplug management daemon
+ udev is a daemon which dynamically creates and removes device nodes from
+ /dev/, handles hotplug events and loads drivers at boot time.
+ .
+ This is a minimal version, only for use in the installation system.
+
+Package: libudev1-udeb
+Build-Profiles: <!noudeb>
+Package-Type: udeb
+Section: debian-installer
+Priority: optional
+Architecture: linux-any
+Depends: ${shlibs:Depends},
+ ${misc:Depends}
+Description: libudev shared library
+ This library provides access to udev device information.
+ .
+ This is a minimal version, only for use in the installation system.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..8dc9bd1
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,262 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: systemd
+Upstream-Contact: systemd-devel@lists.freedesktop.org
+Source: https://www.freedesktop.org/wiki/Software/systemd/
+
+Files: *
+Copyright: 2008-2015 Kay Sievers <kay@vrfy.org>
+ 2010-2015 Lennart Poettering
+ 2012-2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+ 2013-2015 Tom Gundersen <teg@jklm.no>
+ 2013-2015 Daniel Mack
+ 2010-2015 Harald Hoyer
+ 2013-2015 David Herrmann
+ 2013, 2014 Thomas H.P. Andersen
+ 2013, 2014 Daniel Buch
+ 2014 Susant Sahani
+ 2009-2015 Intel Corporation
+ 2000, 2005 Red Hat, Inc.
+ 2009 Alan Jenkins <alan-jenkins@tuffmail.co.uk>
+ 2010 ProFUSION embedded systems
+ 2010 Maarten Lankhorst
+ 1995-2004 Miquel van Smoorenburg
+ 1999 Tom Tromey
+ 2011 Michal Schmidt
+ 2012 B. Poettering
+ 2012 Holger Hans Peter Freyther
+ 2012 Dan Walsh
+ 2012 Roberto Sassu
+ 2013 David Strauss
+ 2013 Marius Vollmer
+ 2013 Jan Janssen
+ 2013 Simon Peeters
+License: LGPL-2.1+
+
+Files: src/basic/siphash24.h
+ src/basic/siphash24.c
+Copyright: 2012 Jean-Philippe Aumasson <jeanphilippe.aumasson@gmail.com>
+ 2012 Daniel J. Bernstein <djb@cr.yp.to>
+License: CC0-1.0
+
+Files: src/basic/ioprio.h
+Copyright: Jens Axboe <axboe@suse.de>
+License: GPL-2
+
+Files: src/shared/linux/*
+ src/basic/linux/*
+Copyright: 2004-2009 Red Hat, Inc.
+ 2011-2014 PLUMgrid
+ 2001-2003 Sistina Software (UK) Limited.
+ 2008 Ian Kent <raven@themaw.net>
+ 1998 David S. Miller >davem@redhat.com>
+ 2001 Jeff Garzik <jgarzik@pobox.com>
+ 2006-2010 Johannes Berg <johannes@sipsolutions.net
+ 2008 Michael Wu <flamingice@sourmilk.net>
+ 2008 Luis Carlos Cobo <luisca@cozybit.com>
+ 2008 Michael Buesch <m@bues.ch>
+ 2008, 2009 Luis R. Rodriguez <lrodriguez@atheros.com>
+ 2008 Jouni Malinen <jouni.malinen@atheros.com>
+ 2008 Colin McCabe <colin@cozybit.com>
+ 2018-2019 Intel Corporation
+ 2007 Oracle.
+ 2009 Wolfgang Grandegger <wg@grandegger.com>
+ 1999 Thomas Davis <tadavis@lbl.gov>
+ 2015 Sabrina Dubroca <sd@queasysnail.net>
+ 1999-2000 Maxim Krasnyansky <max_mk@yahoo.com>
+ 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>
+License: GPL-2 with Linux-syscall-note exception
+
+Files: src/basic/sparse-endian.h
+Copyright: 2012 Josh Triplett <josh@joshtriplett.org>
+License: Expat
+
+Files: src/journal/lookup3.c
+ src/journal/lookup3.h
+Copyright: none
+License: public-domain
+ You can use this free for any purpose. It's in the public domain. It has no
+ warranty.
+
+Files: src/udev/ata_id/ata_id.c
+ src/udev/cdrom_id/cdrom_id.c
+ src/udev/mtd_probe/mtd_probe.c
+ src/udev/mtd_probe/mtd_probe.h
+ src/udev/mtd_probe/probe_smartmedia.c
+ src/udev/scsi_id/scsi.h
+ src/udev/scsi_id/scsi_id.c
+ src/udev/scsi_id/scsi_id.h
+ src/udev/scsi_id/scsi_serial.c
+ src/udev/udevadm.c
+ src/udev/udevadm-control.c
+ src/udev/udevadm.h
+ src/udev/udevadm-info.c
+ src/udev/udevadm-monitor.c
+ src/udev/udevadm-settle.c
+ src/udev/udevadm-test-builtin.c
+ src/udev/udevadm-test.c
+ src/udev/udevadm-trigger.c
+ src/udev/udevadm-util.c
+ src/udev/udevadm-util.h
+ src/udev/udev-builtin-blkid.c
+ src/udev/udev-builtin.h
+ src/udev/udev-builtin-input_id.c
+ src/udev/udev-builtin-kmod.c
+ src/udev/udev-builtin-path_id.c
+ src/udev/udev-builtin-uaccess.c
+ src/udev/udev-builtin-usb_id.c
+ src/udev/udev-ctrl.h
+ src/udev/udevd.c
+ src/udev/udev-event.c
+ src/udev/udev-event.h
+ src/udev/udev-node.c
+ src/udev/udev-node.h
+ src/udev/udev-rules.c
+ src/udev/udev-rules.h
+ src/udev/udev-watch.c
+ src/udev/udev-watch.h
+ src/udev/v4l_id/v4l_id.c
+Copyright: 2003-2012 Kay Sievers <kay@vrfy.org>
+ 2003-2004 Greg Kroah-Hartman <greg@kroah.com>
+ 2004 Chris Friesen <chris_friesen@sympatico.ca>
+ 2004, 2009, 2010 David Zeuthen <david@fubar.dk>
+ 2005, 2006 SUSE Linux Products GmbH
+ 2003 IBM Corp.
+ 2007 Hannes Reinecke <hare@suse.de>
+ 2009 Canonical Ltd.
+ 2009 Scott James Remnant <scott@netsplit.com>
+ 2009 Martin Pitt <martin.pitt@ubuntu.com>
+ 2009 Piter Punk <piterpunk@slackware.com>
+ 2009, 2010 Lennart Poettering
+ 2009 Filippo Argiolas <filippo.argiolas@gmail.com>
+ 2010 Maxim Levitsky
+ 2011 ProFUSION embedded systems
+ 2011 Karel Zak <kzak@redhat.com>
+ 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+ 2014 David Herrmann <dh.herrmann@gmail.com>
+ 2014 Carlos Garnacho <carlosg@gnome.org>
+License: GPL-2+
+
+Files: src/udev/scsi_id/*
+Copyright: 2003 IBM Corp.
+License: GPL-2+
+
+Files: debian/*
+Copyright: 2010-2013 Tollef Fog Heen <tfheen@debian.org>
+ 2013-2018 Michael Biebl <biebl@debian.org>
+ 2013 Michael Stapelberg <stapelberg@debian.org>
+License: LGPL-2.1+
+
+License: Expat
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+ of this software and associated documentation files (the "Software"), to
+ deal in the Software without restriction, including without limitation the
+ rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ sell copies of the Software, and to permit persons to whom the Software is
+ furnished to do so, subject to the following conditions:
+ .
+ The above copyright notice and this permission notice shall be included in
+ all copies or substantial portions of the Software.
+ .
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ IN THE SOFTWARE.
+
+License: GPL-2
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+ .
+ On Debian and systems the full text of the GNU General Public
+ License version 2 can be found in the file
+ `/usr/share/common-licenses/GPL-2`
+
+License: GPL-2 with Linux-syscall-note exception
+ NOTE! This copyright does *not* cover user programs that use kernel services
+ by normal system calls - this is merely considered normal use of the kernel,
+ and does *not* fall under the heading of "derived work". Also note that the
+ GPL below is copyrighted by the Free Software Foundation, but the instance of
+ code that it refers to (the Linux kernel) is copyrighted by me and others who
+ actually wrote it.
+ .
+ Also note that the only valid version of the GPL as far as the kernel is
+ concerned is _this_ particular version of the license (ie v2, not v2.2 or v3.x
+ or whatever), unless explicitly otherwise stated.
+ .
+ Linus Torvalds
+ .
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+ .
+ On Debian and systems the full text of the GNU General Public
+ License version 2 can be found in the file
+ `/usr/share/common-licenses/GPL-2`
+
+License: GPL-2+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ .
+ On Debian systems, the complete text of the GNU General Public License
+ version 2 can be found in ‘/usr/share/common-licenses/GPL-2’.
+
+License: LGPL-2.1+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+ .
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ .
+ On Debian systems, the complete text of the GNU Lesser General Public
+ License version 2.1 can be found in ‘/usr/share/common-licenses/LGPL-2.1’.
+
+License: CC0-1.0
+ To the extent possible under law, the author(s) have dedicated all copyright
+ and related and neighboring rights to this software to the public domain
+ worldwide. This software is distributed without any warranty.
+ .
+ You should have received a copy of the CC0 Public Domain Dedication along with
+ this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+ .
+ On Debian systems, the complete text of the CC0 1.0 Universal license can be
+ found in ‘/usr/share/common-licenses/CC0-1.0’.
diff --git a/debian/extra/checkout-upstream b/debian/extra/checkout-upstream
new file mode 100755
index 0000000..2cf9409
--- /dev/null
+++ b/debian/extra/checkout-upstream
@@ -0,0 +1,132 @@
+#!/bin/sh
+# Prepare systemd source package in current directory for testing an upstream
+# commit, branch, or PR, without Debian patches. This replaces everything
+# except the debian/ directory with an upstream checkout.
+# NEVER run this in your actual packaging work directory! This is only meant
+# for upstream CI.
+#
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+set -eu
+test -x debian/rules
+if [ -z "${TEST_UPSTREAM:-}" ]; then
+ echo "Not in upstream testing mode. Do *not* run this script unless you know what you are doing." >&2
+ exit 1
+fi
+if [ -n "${UPSTREAM_PULL_REQUEST:-}" ]; then
+ FETCH="git fetch -fu origin refs/pull/$UPSTREAM_PULL_REQUEST/head:pr"
+ CO='git checkout pr'
+ DESC="PR #$UPSTREAM_PULL_REQUEST"
+elif [ -n "${UPSTREAM_HEAD:-}" ]; then
+ FETCH=''
+ CO="git checkout $UPSTREAM_HEAD"
+ DESC="$UPSTREAM_HEAD"
+else
+ echo "WARNING: $0: Neither UPSTREAM_PULL_REQUEST nor UPSTREAM_HEAD set, ignoring" >&2
+ exit 0
+fi
+
+DUMMY_USER_NAME="Merge dummy user"
+DUMMY_USER_EMAIL="invalid@example.com"
+
+UPSTREAM_REPO="${UPSTREAM_REPO:-https://github.com/systemd/systemd.git}"
+BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)
+
+# Use git, if in a git repo
+if [ -d .git ]; then
+ # make sure user.name/user.email are set, git commit wants them
+ git config --get user.name || git config user.name "$DUMMY_USER_NAME"
+ git config --get user.email || git config user.email "$DUMMY_USER_EMAIL"
+fi
+
+if [ -n "${KEEP_DEBIAN_PATCHES:-}" ]; then
+ # set up pq branch if it does not exist
+ if [ "$BRANCH_NAME" = HEAD ]; then
+ echo "ERROR: $0 must be started from a branch when using KEEP_DEBIAN_PATCHES" >&2
+ exit 1
+ fi
+ gbp pq import 2> /dev/null && gbp pq switch || true
+ if ! git branch --contains "$BRANCH_NAME" | grep -q patch-queue/"$BRANCH_NAME"; then
+ echo "ERROR: patch-queue/$BRANCH_NAME exists but it is not rebased, please rebase it." >&2
+ exit 1
+ fi
+fi
+
+# switch to native instead of quilt
+echo '3.0 (native)' > debian/source/format
+
+# drop our patches
+rm -rf debian/patches
+
+# disable tests which are not for upstream
+[ -n "${KEEP_DEBIAN_TESTS:-}" ] || sed -i '/# NOUPSTREAM/ q' debian/tests/control
+
+# create new git commit with debian/ changes
+if [ -d .git -a -n "$(git status --short debian)" ]; then
+ git add debian
+ git commit -n -m "checkout-upstream: edit debian/ files for upstream testing"
+fi
+
+########
+# Everything below this changes only code outside debian/
+# besides temporary use of debian/tmp/
+# and the update to debian/changelog
+########
+
+mkdir -p debian/tmp
+(cd debian/tmp
+ git clone "${UPSTREAM_REPO}" upstream || (rm -rf upstream; sleep 60; git clone "${UPSTREAM_REPO}" upstream)
+ cd upstream
+ $FETCH
+ $CO
+ git config user.email "$DUMMY_USER_EMAIL"
+ git config user.name "$DUMMY_USER_NAME"
+ if [ -n "${UPSTREAM_PULL_REQUEST:-}" ]; then
+ git rebase master
+ fi
+ git submodule update --init --recursive)
+UPSTREAM_VER=$(cd debian/tmp/upstream; git describe | sed 's/^v//;s/-/./g')
+
+# clean out original upstream sources
+find -mindepth 1 -maxdepth 1 -name debian -o -name .git -prune -o -print0 | xargs -0n1 rm -rf
+
+# replace with checkout
+mv debian/tmp/upstream/* .
+rm -rf debian/tmp
+
+# create new git commit with upstream code
+if [ -d .git -a -n "$(git status --short)" ] ; then
+ git add .
+ git commit -n -m "checkout-upstream: replace with upstream code at version ${UPSTREAM_VER}"
+fi
+
+# import Debian patches which apply cleanly
+if [ -n "${KEEP_DEBIAN_PATCHES:-}" ]; then
+ for c in $(git log "$BRANCH_NAME"..patch-queue/"$BRANCH_NAME" --format='%H' --reverse); do
+ if ! git cherry-pick $c; then
+ git cherry-pick --abort
+ git reset --hard
+ git clean -dxf
+ fi
+ done
+fi
+
+if [ -z "${UPSTREAM_KEEP_CHANGELOG:-}" ] ; then
+ # craft changelog
+ cat << EOF > debian/changelog.new
+systemd (${UPSTREAM_VER}.0) UNRELEASED; urgency=low
+
+ * Automatic build from upstream $DESC
+
+ -- systemd test <pkg-systemd-maintainers@lists.alioth.debian.org> $(date -R)
+
+EOF
+ cat debian/changelog >> debian/changelog.new
+ mv debian/changelog.new debian/changelog
+
+ # create new git commit with changelog entry
+ if [ -d .git ] ; then
+ git add debian
+ git commit -n -m "checkout-upstream: update changelog to version ${UPSTREAM_VER}.0"
+ fi
+fi
diff --git a/debian/extra/dhclient-exit-hooks.d/timesyncd b/debian/extra/dhclient-exit-hooks.d/timesyncd
new file mode 100644
index 0000000..bb98cab
--- /dev/null
+++ b/debian/extra/dhclient-exit-hooks.d/timesyncd
@@ -0,0 +1,52 @@
+TIMESYNCD_CONF=/run/systemd/timesyncd.conf.d/01-dhclient.conf
+
+timesyncd_servers_setup_remove() {
+ if [ ! -d /run/systemd/system ]; then
+ return
+ fi
+ if [ ! -x /lib/systemd/systemd-timesyncd ]; then
+ return
+ fi
+
+ if [ -e $TIMESYNCD_CONF ]; then
+ rm -f $TIMESYNCD_CONF
+ systemctl try-restart systemd-timesyncd.service || true
+ fi
+}
+
+timesyncd_servers_setup_add() {
+ if [ ! -d /run/systemd/system ]; then
+ return
+ fi
+ if [ ! -x /lib/systemd/systemd-timesyncd ]; then
+ return
+ fi
+
+ if [ -e $TIMESYNCD_CONF ] && [ "$new_ntp_servers" = "$old_ntp_servers" ]; then
+ return
+ fi
+
+ if [ -z "$new_ntp_servers" ]; then
+ timesyncd_servers_setup_remove
+ return
+ fi
+
+ mkdir -p $(dirname $TIMESYNCD_CONF)
+ cat <<EOF > ${TIMESYNCD_CONF}.new
+# NTP server entries received from DHCP server
+[Time]
+NTP=$new_ntp_servers
+EOF
+ mv ${TIMESYNCD_CONF}.new ${TIMESYNCD_CONF}
+ systemctl try-restart systemd-timesyncd.service || true
+}
+
+
+case $reason in
+ BOUND|RENEW|REBIND|REBOOT)
+ timesyncd_servers_setup_add
+ ;;
+ EXPIRE|FAIL|RELEASE|STOP)
+ timesyncd_servers_setup_remove
+ ;;
+esac
diff --git a/debian/extra/fbdev-blacklist.conf b/debian/extra/fbdev-blacklist.conf
new file mode 100644
index 0000000..00a9170
--- /dev/null
+++ b/debian/extra/fbdev-blacklist.conf
@@ -0,0 +1,20 @@
+# This file blacklists most old-style PCI framebuffer drivers.
+
+blacklist arkfb
+blacklist aty128fb
+blacklist atyfb
+blacklist radeonfb
+blacklist cirrusfb
+blacklist cyber2000fb
+blacklist kyrofb
+blacklist matroxfb_base
+blacklist mb862xxfb
+blacklist neofb
+blacklist pm2fb
+blacklist pm3fb
+blacklist s3fb
+blacklist savagefb
+blacklist sisfb
+blacklist tdfxfb
+blacklist tridentfb
+blacklist vt8623fb
diff --git a/debian/extra/init-functions.d/40-systemd b/debian/extra/init-functions.d/40-systemd
new file mode 100644
index 0000000..d1dc03e
--- /dev/null
+++ b/debian/extra/init-functions.d/40-systemd
@@ -0,0 +1,101 @@
+# -*-Shell-script-*-
+# /lib/lsb/init-functions
+
+_use_systemctl=0
+if [ -d /run/systemd/system ]; then
+
+ if [ -n "${__init_d_script_name:-}" ]; then # scripts run with new init-d-script
+ executable="$__init_d_script_name"
+ argument="$1"
+ elif [ "${0##*/}" = "init-d-script" ] ||
+ [ "${0##*/}" = "${1:-}" ]; then # scripts run with old init-d-script
+ executable="$1"
+ argument="$2"
+ else # plain old scripts
+ executable="$0"
+ argument="${1:-}"
+ fi
+
+ prog=${executable##*/}
+ service="${prog%.sh}.service"
+
+ # Don't try to run masked services. systemctl <= 230 always succeeds here,
+ # but later systemctls fail on nonexisting units; be compatible with both
+ state=$(systemctl -p LoadState --value show $service 2>/dev/null) || state="not-found"
+ [ "$state" = "masked" ] && exit 0
+
+ # Redirect SysV init scripts when executed by the user
+ if [ $PPID -ne 1 ] && [ -z "${SYSTEMCTL_SKIP_REDIRECT:-}" ]; then
+ case $(readlink -f "$executable") in
+ /etc/init.d/*)
+ # If the state is not-found, this might be a newly installed SysV init
+ # script where systemd-sysv-generator has not been run yet.
+ [ "$state" != "not-found" ] || [ "$(id -u)" != 0 ] || systemctl --no-ask-password daemon-reload
+
+ _use_systemctl=1
+ # Some services can't reload through the .service file,
+ # but can through the init script.
+ if [ "$(systemctl -p CanReload --value show $service 2>/dev/null)" = "no" ] && [ "${argument:-}" = "reload" ]; then
+ _use_systemctl=0
+ fi
+ ;;
+ esac
+ fi
+fi
+
+systemctl_redirect () {
+ local s
+ local rc
+ local prog=${1##*/}
+ local command=$2
+
+ case "$command" in
+ start)
+ s="Starting $prog (via systemctl)"
+ ;;
+ stop)
+ s="Stopping $prog (via systemctl)"
+ ;;
+ reload|force-reload)
+ s="Reloading $prog configuration (via systemctl)"
+ ;;
+ try-restart)
+ s="Restarting $prog if running (via systemctl)"
+ ;;
+ restart)
+ s="Restarting $prog (via systemctl)"
+ ;;
+ esac
+
+ service="${prog%.sh}.service"
+
+ # avoid deadlocks during bootup and shutdown from units/hooks
+ # which call "invoke-rc.d service reload" and similar, since
+ # the synchronous wait plus systemd's normal behaviour of
+ # transactionally processing all dependencies first easily
+ # causes dependency loops
+ if ! systemctl --quiet is-system-running && [ "$command" = "reload" ]; then
+ sctl_args="--no-block"
+ fi
+
+ [ "$command" = status ] || log_daemon_msg "$s" "$service"
+ systemctl --no-pager $sctl_args $command "$service"
+ rc=$?
+ [ "$command" = status ] || log_end_msg $rc
+
+ return $rc
+}
+
+if [ "$_use_systemctl" = "1" ]; then
+ # Some init scripts use "set -e" and "set -u", we don't want that
+ # here
+ set +e
+ set +u
+
+ case "$argument" in
+ start|stop|restart|reload|force-reload|try-restart|status)
+ systemctl_redirect $executable $argument
+ exit $?
+ ;;
+ esac
+fi
diff --git a/debian/extra/initramfs-tools/hooks/udev b/debian/extra/initramfs-tools/hooks/udev
new file mode 100755
index 0000000..d7f26c4
--- /dev/null
+++ b/debian/extra/initramfs-tools/hooks/udev
@@ -0,0 +1,55 @@
+#!/bin/sh -e
+
+PREREQS=""
+
+prereqs() { echo "$PREREQS"; }
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+mkdir -p "$DESTDIR/lib/systemd"
+copy_exec /lib/systemd/systemd-udevd /lib/systemd
+copy_exec /bin/udevadm /bin
+
+mkdir -p "$DESTDIR/etc/udev"
+cp -p /etc/udev/udev.conf "$DESTDIR/etc/udev/"
+
+# copy .link files containing interface naming definitions
+mkdir -p "$DESTDIR/lib/systemd/network/"
+find -L /lib/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' +
+if [ -d /etc/systemd/network ]; then
+ find -L /etc/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/lib/systemd/network/" '{}' +
+fi
+
+mkdir -p "$DESTDIR/lib/udev/rules.d/"
+for rules in 50-firmware.rules 50-udev-default.rules \
+ 60-block.rules 60-persistent-storage.rules \
+ 61-persistent-storage-android.rules 71-seat.rules \
+ 73-special-net-names.rules 75-net-description.rules \
+ 80-net-setup-link.rules 80-drivers.rules; do
+ if [ -e /etc/udev/rules.d/$rules ]; then
+ cp -p /etc/udev/rules.d/$rules "$DESTDIR/lib/udev/rules.d/"
+ elif [ -e /lib/udev/rules.d/$rules ]; then
+ cp -p /lib/udev/rules.d/$rules "$DESTDIR/lib/udev/rules.d/"
+ fi
+done
+
+# now copy all custom udev rules which don't have an equivalent in /lib (e. g.
+# 70-persistent-net.rules or similar); They might contain network names or
+# other bits which are relevant for the initramfs.
+for rules in /etc/udev/rules.d/*.rules; do
+ if [ -e "$rules" ] && [ ! -e "/lib/${rules#/etc/}" ]; then
+ cp -p "$rules" "$DESTDIR/lib/udev/rules.d/"
+ fi
+done
+
+for program in ata_id scsi_id; do
+ copy_exec /lib/udev/$program /lib/udev
+done
+copy_exec /sbin/blkid /sbin
diff --git a/debian/extra/initramfs-tools/scripts/init-bottom/udev b/debian/extra/initramfs-tools/scripts/init-bottom/udev
new file mode 100755
index 0000000..73887ea
--- /dev/null
+++ b/debian/extra/initramfs-tools/scripts/init-bottom/udev
@@ -0,0 +1,28 @@
+#!/bin/sh -e
+
+PREREQS=""
+
+prereqs() { echo "$PREREQS"; }
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+# Stop udevd, we'll miss a few events while we run init, but we catch up
+udevadm control --exit
+
+# move the /dev tmpfs to the rootfs; fall back to util-linux mount that does
+# not understand -o move
+mount -n -o move /dev "${rootmnt:?}/dev" || mount -n --move /dev "${rootmnt}/dev"
+
+# create a temporary symlink to the final /dev for other initramfs scripts
+if command -v nuke >/dev/null; then
+ nuke /dev
+else
+ # shellcheck disable=SC2114
+ rm -rf /dev
+fi
+ln -s "${rootmnt}/dev" /dev
diff --git a/debian/extra/initramfs-tools/scripts/init-top/udev b/debian/extra/initramfs-tools/scripts/init-top/udev
new file mode 100755
index 0000000..9bdfe86
--- /dev/null
+++ b/debian/extra/initramfs-tools/scripts/init-top/udev
@@ -0,0 +1,31 @@
+#!/bin/sh -e
+
+PREREQS=""
+
+prereqs() { echo "$PREREQS"; }
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+if [ -w /sys/kernel/uevent_helper ]; then
+ echo > /sys/kernel/uevent_helper
+fi
+
+if [ "${quiet:-n}" = "y" ]; then
+ log_level=notice
+else
+ log_level=info
+fi
+
+SYSTEMD_LOG_LEVEL=$log_level /lib/systemd/systemd-udevd --daemon --resolve-names=never
+
+udevadm trigger --type=subsystems --action=add
+udevadm trigger --type=devices --action=add
+udevadm settle || true
+
+# Leave udev running to process events that come in out-of-band (like USB
+# connections)
diff --git a/debian/extra/kernel-install.d/85-initrd.install b/debian/extra/kernel-install.d/85-initrd.install
new file mode 100755
index 0000000..4f8b101
--- /dev/null
+++ b/debian/extra/kernel-install.d/85-initrd.install
@@ -0,0 +1,38 @@
+#!/bin/sh
+set -eu
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+COMMAND="$1"
+KERNEL_VERSION="$2"
+BOOT_DIR_ABS="$3"
+
+INITRD_SRC="/boot/initrd.img-$KERNEL_VERSION"
+INITRD_DEST="$BOOT_DIR_ABS/initrd"
+
+if [ "$COMMAND" = remove ]; then
+ exec rm -f "$INITRD_DEST"
+fi
+
+if [ "$COMMAND" != add ]; then
+ echo "Invalid command $COMMAND" >&2
+ exit 1
+fi
+
+if [ "$#" -ge 5 ]; then
+ # An explicit initrd path was passed, 90-loaderentry.install knows how to handle this;
+ # copying here would just duplicate the file, since the basename is very likely different
+ exit 0
+fi
+
+if [ -e "$INITRD_SRC" ]; then
+ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Installing '$INITRD_SRC' as '$INITRD_DEST'"
+ install -m 0644 -o root -g root "$INITRD_SRC" "$INITRD_DEST" || {
+ echo "Could not copy '$INITRD_SRC' to '$INITRD_DEST'." >&2
+ exit 1
+ }
+else
+ echo "$INITRD_SRC does not exist, not installing an initrd"
+fi
+
+exit 0
diff --git a/debian/extra/make-fbdev-blacklist b/debian/extra/make-fbdev-blacklist
new file mode 100644
index 0000000..decdbbd
--- /dev/null
+++ b/debian/extra/make-fbdev-blacklist
@@ -0,0 +1,47 @@
+#!/bin/sh
+# This script should be run before building the package every time a new
+# kernel is released.
+#
+# You should pass the name of the modules directory for a 486 flavour
+# kernel, as that has the most framebuffer modules.
+#
+# Also, obsolete modules should not be removed from the list until after
+# at least one stable release.
+
+set -e
+
+if [ $# = 0 ]; then
+ MODULES_DIR=/lib/modules/$(uname -r)
+else
+ MODULES_DIR="$1"
+fi
+
+BL='fbdev-blacklist.conf'
+
+if [ -e extra/$BL ]; then cd extra; fi
+
+{
+printf "# This file blacklists most old-style PCI framebuffer drivers.\n\n"
+
+find "$MODULES_DIR"/kernel/drivers/video -type f | sort | \
+while read file; do
+ name="$(basename $file .ko)"
+ case $name in
+ lxfb)
+ # This is needed for text consoles on OLPC XO-1, and it used to be
+ # built-in anyway.
+ ;;
+ viafb) ;; # Needed by OLPC XO-1.5
+ *)
+ /sbin/modinfo $file | grep -q '^alias: *pci:' \
+ && echo blacklist $name || true
+ ;;
+ esac
+done
+} > $BL.tmp
+
+if diff --unified=0 $BL $BL.tmp; then
+ rm $BL.tmp
+else
+ printf "\n\n\n$BL.tmp has changes!\n\n\n\n"
+fi
diff --git a/debian/extra/make-sysusers-basic b/debian/extra/make-sysusers-basic
new file mode 100755
index 0000000..8ff1b15
--- /dev/null
+++ b/debian/extra/make-sysusers-basic
@@ -0,0 +1,18 @@
+#!/bin/sh
+# generate a sysusers.d(5) file from Debian's static master passwd/group files
+set -eu
+
+echo '# generated from /usr/share/base-passwd/{passwd,group}.master'
+
+# only take groups whose name+gid != the corresponding user in passwd.master
+export IFS=:
+while read name _ id _; do
+ if ! grep -q "^$name:\*:$id:$id:" /usr/share/base-passwd/passwd.master; then
+ printf "g %-10s %-5s -\n" $name $id
+ fi
+done < /usr/share/base-passwd/group.master
+
+echo
+
+# treat "nobody:nogroup" specially: same ID, but different name, so prevent creating a "nobody" group
+awk -F: '{ i = ($3 == $4 && $4 != 65534) ? $3 : $3":"$4; printf("u %-10s %-7s - %-20s %s\n", $1,i,$6,$7) }' < /usr/share/base-passwd/passwd.master
diff --git a/debian/extra/network/73-usb-net-by-mac.link b/debian/extra/network/73-usb-net-by-mac.link
new file mode 100644
index 0000000..98800cd
--- /dev/null
+++ b/debian/extra/network/73-usb-net-by-mac.link
@@ -0,0 +1,5 @@
+[Match]
+Path=*-usb-*
+
+[Link]
+NamePolicy=mac
diff --git a/debian/extra/pam-configs/systemd b/debian/extra/pam-configs/systemd
new file mode 100644
index 0000000..5b56996
--- /dev/null
+++ b/debian/extra/pam-configs/systemd
@@ -0,0 +1,7 @@
+Name: Register user sessions in the systemd control group hierarchy
+Default: yes
+Priority: 0
+Session-Interactive-Only: yes
+Session-Type: Additional
+Session:
+ optional pam_systemd.so
diff --git a/debian/extra/pam.d/systemd-user b/debian/extra/pam.d/systemd-user
new file mode 100644
index 0000000..65279f9
--- /dev/null
+++ b/debian/extra/pam.d/systemd-user
@@ -0,0 +1,13 @@
+# This file is part of systemd.
+#
+# Used by systemd --user instances.
+
+@include common-account
+
+session required pam_selinux.so close
+session required pam_selinux.so nottys open
+session required pam_loginuid.so
+session required pam_limits.so
+@include common-session-noninteractive
+session optional pam_keyinit.so force revoke
+session optional pam_systemd.so
diff --git a/debian/extra/rules-ubuntu/40-vm-hotadd.rules b/debian/extra/rules-ubuntu/40-vm-hotadd.rules
new file mode 100644
index 0000000..7f2640b
--- /dev/null
+++ b/debian/extra/rules-ubuntu/40-vm-hotadd.rules
@@ -0,0 +1,14 @@
+# On Hyper-V and Xen Virtual Machines we want to add memory and cpus as soon as they appear
+ATTR{[dmi/id]sys_vendor}=="Microsoft Corporation", ATTR{[dmi/id]product_name}=="Virtual Machine", GOTO="vm_hotadd_apply"
+ATTR{[dmi/id]sys_vendor}=="Xen", GOTO="vm_hotadd_apply"
+GOTO="vm_hotadd_end"
+
+LABEL="vm_hotadd_apply"
+
+# Memory hotadd request
+SUBSYSTEM=="memory", ACTION=="add", DEVPATH=="/devices/system/memory/memory[0-9]*", TEST=="state", ATTR{state}!="online", ATTR{state}="online"
+
+# CPU hotadd request
+SUBSYSTEM=="cpu", ACTION=="add", DEVPATH=="/devices/system/cpu/cpu[0-9]*", TEST=="online", ATTR{online}!="1", ATTR{online}="1"
+
+LABEL="vm_hotadd_end"
diff --git a/debian/extra/rules-ubuntu/61-persistent-storage-android.rules b/debian/extra/rules-ubuntu/61-persistent-storage-android.rules
new file mode 100644
index 0000000..369d5a6
--- /dev/null
+++ b/debian/extra/rules-ubuntu/61-persistent-storage-android.rules
@@ -0,0 +1,6 @@
+# Android based kernel exports the uevent property PARTNAME, which can be
+# used to find out at run time the named partitions (e.g. boot) for the
+# device. This is specially useful for the Touch based images and flash-kernel,
+# to automatically update the kernel by writing at the correct partition
+# (independently of the hardware revision).
+ACTION!="remove", KERNEL=="mmcblk[0-9]p[0-9]", ENV{PARTNAME}=="?*", SYMLINK+="disk/by-partlabel/$env{PARTNAME}"
diff --git a/debian/extra/rules-ubuntu/71-power-switch-proliant.rules b/debian/extra/rules-ubuntu/71-power-switch-proliant.rules
new file mode 100644
index 0000000..022baeb
--- /dev/null
+++ b/debian/extra/rules-ubuntu/71-power-switch-proliant.rules
@@ -0,0 +1,2 @@
+ACTION!="remove", SUBSYSTEM=="input", KERNEL=="event*", SUBSYSTEMS=="platform", KERNELS=="gpio_keys.6|soc:gpio_keys", PROGRAM="/bin/cat /proc/device-tree/model", RESULT=="HP ProLiant m400 Server Cartridge", TAG+="power-switch"
+ACTION!="remove", SUBSYSTEM=="input", KERNEL=="event*", SUBSYSTEMS=="platform", KERNELS=="gpio_keys.12", ATTRS{keys}=="116", PROGRAM="/bin/cat /proc/device-tree/model", RESULT=="HP ProLiant m800 Server Cartridge", TAG+="power-switch"
diff --git a/debian/extra/rules-ubuntu/78-graphics-card.rules b/debian/extra/rules-ubuntu/78-graphics-card.rules
new file mode 100644
index 0000000..b3b906c
--- /dev/null
+++ b/debian/extra/rules-ubuntu/78-graphics-card.rules
@@ -0,0 +1,30 @@
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add", GOTO="graphics_end"
+
+# Tag the drm device for KMS-supporting drivers as the primary device for
+# the display; for non-KMS drivers tag the framebuffer device instead.
+
+SUBSYSTEM!="drm", GOTO="drm_end"
+KERNEL!="card[0-9]*", GOTO="drm_end"
+ENV{DEVTYPE}!="drm_minor", GOTO="drm_end"
+
+DRIVERS=="i915", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+DRIVERS=="radeon", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+DRIVERS=="nouveau", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+DRIVERS=="vmwgfx", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+
+LABEL="drm_end"
+
+SUBSYSTEM!="graphics", GOTO="graphics_end"
+
+DRIVERS=="i915", GOTO="graphics_end"
+DRIVERS=="radeon", GOTO="graphics_end"
+DRIVERS=="nouveau", GOTO="graphics_end"
+DRIVERS=="efifb", GOTO="graphics_end"
+DRIVERS=="efi-framebuffer", GOTO="graphics_end"
+DRIVERS=="vesa-framebuffer", GOTO="graphics_end"
+
+KERNEL=="fb[0-9]*", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+
+LABEL="graphics_end"
diff --git a/debian/extra/rules/50-firmware.rules b/debian/extra/rules/50-firmware.rules
new file mode 100644
index 0000000..f7a08ce
--- /dev/null
+++ b/debian/extra/rules/50-firmware.rules
@@ -0,0 +1,3 @@
+# stub for immediately telling the kernel that userspace firmware loading
+# failed; necessary to avoid long timeouts with CONFIG_FW_LOADER_USER_HELPER=y
+SUBSYSTEM=="firmware", ACTION=="add", ATTR{loading}="-1"
diff --git a/debian/extra/rules/73-special-net-names.rules b/debian/extra/rules/73-special-net-names.rules
new file mode 100644
index 0000000..3b145ed
--- /dev/null
+++ b/debian/extra/rules/73-special-net-names.rules
@@ -0,0 +1,14 @@
+# On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC
+# which terminates in the iDRAC. Help identify this with 'idrac'
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", ATTRS{idVendor}=="413c", ATTRS{idProduct}=="a102", NAME="idrac"
+
+# On IBM systems the Integrated Management Module is reachable using a
+# # USB Virtual NIC.
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", \
+ ATTRS{idVendor}=="04b3", ATTRS{idProduct}=="0325", NAME="ibmimm"
+
+# ibmveth devices' $DEVPATH number is tied to (virtual) hardware (slot id
+# selected in the HMC), thus this provides a reliable naming (e. g.
+# "/devices/vio/30000002/net/eth1"); we ignore the bus number, as
+# there should only ever be one bus, and then remove leading zeros
+ACTION=="add", SUBSYSTEM=="net", NAME=="", DRIVERS=="ibmveth", PROGRAM="/bin/sh -ec 'D=$${DEVPATH#*/vio/}; D=$${D%%%%/*}; D=$${D#????}; D=$${D#0}; D=$${D#0}; D=$${D#0}; D=$${D#0}; echo $${D:-0}'", NAME="ibmveth$result"
diff --git a/debian/extra/rules/80-debian-compat.rules b/debian/extra/rules/80-debian-compat.rules
new file mode 100644
index 0000000..fb8477f
--- /dev/null
+++ b/debian/extra/rules/80-debian-compat.rules
@@ -0,0 +1,30 @@
+# Debian specific udev rules for backwards compatibility
+
+# needed for old tape drivers, http://bugs.debian.org/657948
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN{builtin}+="kmod load sg"
+
+# device permissions
+KERNEL=="mISDNtimer", GROUP="dialout"
+KERNEL=="mwave", GROUP="dialout"
+KERNEL=="nvram", GROUP="kmem", MODE="0640"
+KERNEL=="pktcdvd", GROUP="cdrom", MODE="0644"
+KERNEL=="lirc[0-9]*", GROUP="video"
+KERNEL=="legousbtower*", MODE="0666"
+KERNEL=="sonypi", MODE="0666"
+KERNEL=="mmtimer", MODE="0644"
+KERNEL=="sgi_*", MODE="0666"
+KERNEL=="z90crypt", MODE="0666"
+
+# These rules will create symlinks for CD/DVD drives, to help old
+# programs which are unable to automatically discover the devices.
+# The first detected device gets the symlink, but this is not stable across
+# reboots.
+ENV{ID_CDROM_CD_RW}=="?*", \
+ PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.cdrw 2>/dev/null; [ `readlink /run/udev/link.cdrw` = %k ]", \
+ SYMLINK+="cdrw", OPTIONS+="link_priority=-100"
+ENV{ID_CDROM_DVD}=="?*", \
+ PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.dvd 2>/dev/null; [ `readlink /run/udev/link.dvd` = %k ]", \
+ SYMLINK+="dvd", OPTIONS+="link_priority=-100"
+ENV{ID_CDROM_DVD_RW}=="?*", \
+ PROGRAM="/bin/sh -c 'ln -s %k /run/udev/link.dvdrw 2>/dev/null; [ `readlink /run/udev/link.dvdrw` = %k ]", \
+ SYMLINK+="dvdrw", OPTIONS+="link_priority=-100"
diff --git a/debian/extra/start-udev b/debian/extra/start-udev
new file mode 100755
index 0000000..0a8b284
--- /dev/null
+++ b/debian/extra/start-udev
@@ -0,0 +1,23 @@
+#!/bin/sh -e
+
+if [ -w /sys/kernel/uevent_helper ]; then
+ echo > /sys/kernel/uevent_helper
+fi
+
+if ! grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then
+ mount -n -o mode=0755 -t devtmpfs devtmpfs /dev
+ # Setup a few /dev symlinks, see #975018
+ [ ! -h /dev/fd ] && ln -s /proc/self/fd /dev/fd
+ [ ! -h /dev/stdin ] && ln -s /proc/self/fd/0 /dev/stdin
+ [ ! -h /dev/stdout ] && ln -s /proc/self/fd/1 /dev/stdout
+ [ ! -h /dev/stderr ] && ln -s /proc/self/fd/2 /dev/stderr
+fi
+
+SYSTEMD_LOG_LEVEL=notice /lib/systemd/systemd-udevd --daemon --resolve-names=never
+
+udevadm trigger --action=add
+
+mkdir -p /dev/pts
+mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts
+
+udevadm settle || true
diff --git a/debian/extra/systemd-sysv-install b/debian/extra/systemd-sysv-install
new file mode 100755
index 0000000..7e90dc2
--- /dev/null
+++ b/debian/extra/systemd-sysv-install
@@ -0,0 +1,56 @@
+#!/bin/sh
+# This script is called by "systemctl enable/disable" when the given unit is a
+# SysV init.d script. It needs to call the distribution's mechanism for
+# enabling/disabling those, such as chkconfig, update-rc.d, or similar. This
+# can optionally take a --root argument for enabling a SysV init script
+# in a chroot or similar.
+set -eu
+
+usage() {
+ echo "Usage: $0 [--root=path] enable|disable|is-enabled <sysv script name>" >&2
+ exit 1
+}
+
+ROOT=
+
+# parse options
+eval set -- "$(getopt -o r: --long root: -- "$@")"
+while true; do
+ case "$1" in
+ -r|--root)
+ ROOT="$2"
+ shift 2 ;;
+ --) shift ; break ;;
+ *) usage ;;
+ esac
+done
+
+NAME="${2:-}"
+
+run() {
+ if [ -n "$ROOT" ] && [ "$ROOT" != "/" ]; then
+ _SKIP_SYSTEMD_NATIVE=1 chroot "$ROOT" /usr/sbin/update-rc.d "$@"
+ else
+ _SKIP_SYSTEMD_NATIVE=1 /usr/sbin/update-rc.d "$@"
+ fi
+}
+
+[ -n "$NAME" ] || usage
+
+case "$1" in
+ enable)
+ # call the command to enable SysV init script $NAME here..
+ run "$NAME" defaults
+ run "$NAME" enable
+ ;;
+ disable)
+ run "$NAME" defaults
+ run "$NAME" disable
+ ;;
+ is-enabled)
+ # exit with 0 if $NAME is enabled, non-zero if it is disabled
+ ls "$ROOT"/etc/rc[S5].d/S??"$NAME" >/dev/null 2>&1
+ ;;
+ *)
+ usage ;;
+esac
diff --git a/debian/extra/systemd.py b/debian/extra/systemd.py
new file mode 100644
index 0000000..d79e0eb
--- /dev/null
+++ b/debian/extra/systemd.py
@@ -0,0 +1,28 @@
+'''apport package hook for systemd
+
+(c) 2014 Canonical Ltd.
+Author: Martin Pitt <martin.pitt@ubuntu.com>
+'''
+
+import os.path
+import apport.hookutils
+
+def add_info(report):
+ apport.hookutils.attach_hardware(report)
+
+ report['SystemdDelta'] = apport.hookutils.command_output(['systemd-delta'])
+
+ if not os.path.exists('/run/systemd/system'):
+ return
+
+ # Add details about all failed units, if any
+ out = apport.hookutils.command_output(['systemctl', '--state=failed', '--full',
+ '--no-legend']).strip()
+ if out:
+ failed = ''
+ for line in out.splitlines():
+ unit = line.split()[0]
+ if failed:
+ failed += '------\n'
+ failed += apport.hookutils.command_output(['systemctl', 'status', '--full', unit])
+ report['SystemdFailedUnits'] = failed
diff --git a/debian/extra/tmpfiles.d/debian.conf b/debian/extra/tmpfiles.d/debian.conf
new file mode 100644
index 0000000..9061084
--- /dev/null
+++ b/debian/extra/tmpfiles.d/debian.conf
@@ -0,0 +1,14 @@
+# This file is part of the debianisation of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+# See tmpfiles.d(5) for details
+
+# Type Path Mode UID GID Age Argument
+L /run/shm - - - - /dev/shm
+d /run/sendsigs.omit.d 0755 root root -
+
+L+ /etc/mtab - - - - ../proc/self/mounts
diff --git a/debian/extra/udev.py b/debian/extra/udev.py
new file mode 100644
index 0000000..d8bc76f
--- /dev/null
+++ b/debian/extra/udev.py
@@ -0,0 +1,19 @@
+'''apport package hook for udev
+
+(c) 2009 Canonical Ltd.
+Author: Martin Pitt <martin.pitt@ubuntu.com>
+'''
+
+import os
+import apport.hookutils
+
+def add_info(report):
+ apport.hookutils.attach_hardware(report)
+
+ user_rules = []
+ for f in os.listdir('/etc/udev/rules.d'):
+ if not f.startswith('70-persistent-') and f != 'README':
+ user_rules.append(f)
+
+ if user_rules:
+ report['CustomUdevRuleFiles'] = ' '.join(user_rules)
diff --git a/debian/extra/units-ubuntu/user@.service.d/timeout.conf b/debian/extra/units-ubuntu/user@.service.d/timeout.conf
new file mode 100644
index 0000000..213eb65
--- /dev/null
+++ b/debian/extra/units-ubuntu/user@.service.d/timeout.conf
@@ -0,0 +1,4 @@
+# Avoid long hangs during shutdown if user services fail/hang due to X.org
+# going away too early
+[Service]
+TimeoutStopSec=5
diff --git a/debian/extra/units/getty-static.service b/debian/extra/units/getty-static.service
new file mode 100644
index 0000000..25c5c72
--- /dev/null
+++ b/debian/extra/units/getty-static.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=getty on tty2-tty6 if dbus and logind are not available
+ConditionPathExists=/dev/tty0
+ConditionPathExists=!/usr/bin/dbus-daemon
+ConditionPathExists=!/usr/bin/dbus-broker
+
+[Service]
+Type=oneshot
+ExecStart=systemctl --no-block start getty@tty2.service getty@tty3.service getty@tty4.service getty@tty5.service getty@tty6.service
+RemainAfterExit=true
diff --git a/debian/extra/units/rc-local.service.d/debian.conf b/debian/extra/units/rc-local.service.d/debian.conf
new file mode 100644
index 0000000..ec77220
--- /dev/null
+++ b/debian/extra/units/rc-local.service.d/debian.conf
@@ -0,0 +1,10 @@
+[Unit]
+# not specified by LSB, but has been behaving that way in Debian under SysV
+# init and upstart
+After=network-online.target
+
+# Often contains status messages which users expect to see on the console
+# during boot
+[Service]
+StandardOutput=journal+console
+StandardError=journal+console
diff --git a/debian/extra/units/systemd-localed.service.d/locale-gen.conf b/debian/extra/units/systemd-localed.service.d/locale-gen.conf
new file mode 100644
index 0000000..7c09403
--- /dev/null
+++ b/debian/extra/units/systemd-localed.service.d/locale-gen.conf
@@ -0,0 +1,5 @@
+[Service]
+# systemd-localed may run locale-gen which writes to /etc as well as to
+# /usr/lib/locale. This change softens the service hardening a bit so
+# both of these paths are writable.
+ReadWritePaths=/usr/lib/locale/
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..a34c597
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,9 @@
+[DEFAULT]
+pristine-tar = True
+patch-numbers = False
+debian-branch = debian/bullseye
+upstream-branch = upstream/latest
+
+[dch]
+full = True
+multimaint-merge = True
diff --git a/debian/git-cherry-pick b/debian/git-cherry-pick
new file mode 100755
index 0000000..1fabd32
--- /dev/null
+++ b/debian/git-cherry-pick
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+set -e
+
+if [ -z "$*" ] ; then
+ echo "Usage: $0 [commit [commit ..]]"
+ exit 1
+fi
+
+
+curbranch=$(git rev-parse --abbrev-ref HEAD)
+
+# assert we got a branch
+[ -n "$curbranch" ]
+
+if [ $curbranch = HEAD ] ; then
+ echo "You are not currently on a branch, cannot cherry-pick"
+ exit 1
+fi
+
+case $curbranch in
+ patch-queue/*)
+ debbranch=${curbranch/patch-queue\/}
+ pqbranch=$curbranch
+ ;;
+ *)
+ debbranch=$curbranch
+ pqbranch=patch-queue/$curbranch
+ ;;
+esac
+
+commits=$(git rev-parse "$@")
+
+if git rev-parse $pqbranch &>/dev/null ; then
+ echo
+ echo "Will recreate patch-queue branch $pqbranch"
+ echo "It was pointing to" $(git rev-parse $pqbranch)
+ echo
+fi
+
+gbp pq import --force
+
+echo "Cherry-picking the following commits:"
+echo "$commits"
+
+picks=$(echo "$commits" | xargs echo exec git cherry-pick -x --no-edit --commit)
+
+# find the first debian commit
+firstdebian=$(git log -i --grep "topic.*debian" --pretty=%h --reverse $debbranch..$pqbranch | head -1)
+
+sedexpr="/$firstdebian/i$picks"
+
+GIT_EDITOR="sed -i -e '$sedexpr'" git rebase --interactive --no-autosquash $debbranch
diff --git a/debian/libnss-myhostname.install b/debian/libnss-myhostname.install
new file mode 100644
index 0000000..758fe00
--- /dev/null
+++ b/debian/libnss-myhostname.install
@@ -0,0 +1,3 @@
+usr/lib/*/libnss_myhostname*.so.*
+usr/share/man/man8/libnss_myhostname.so.2.8
+usr/share/man/man8/nss-myhostname.8
diff --git a/debian/libnss-myhostname.lintian-overrides b/debian/libnss-myhostname.lintian-overrides
new file mode 100644
index 0000000..ff4d266
--- /dev/null
+++ b/debian/libnss-myhostname.lintian-overrides
@@ -0,0 +1,2 @@
+# package is a NSS module, not a system library
+libnss-myhostname: package-name-doesnt-match-sonames
diff --git a/debian/libnss-myhostname.postinst b/debian/libnss-myhostname.postinst
new file mode 100644
index 0000000..1ee0c99
--- /dev/null
+++ b/debian/libnss-myhostname.postinst
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+# This code was taken from libnss-myhostname
+
+# try to insert myhostname entries to the "hosts" line in /etc/nsswitch.conf to
+# automatically enable libnss-myhostname support; do not change the
+# configuration if the "hosts" line already references some myhostname lookups
+insert_nss_entry() {
+ echo "Checking NSS setup..."
+ # abort if /etc/nsswitch.conf does not exist
+ if ! [ -e /etc/nsswitch.conf ]; then
+ echo "Could not find /etc/nsswitch.conf."
+ return
+ fi
+ perl -i -pe '
+ sub insert {
+ my $line = shift;
+ # this also splits on tab
+ my @bits=split(" ", $line);
+ # do not break configuration if the "hosts" line already references
+ # myhostname
+ if (grep { $_ eq "myhostname"} @bits) {
+ return $line;
+ }
+ # add myhostname at the end
+ return $line . " myhostname";
+ }
+ s/^(hosts:\s+)(.*)/$1.insert($2)/e;
+ ' /etc/nsswitch.conf
+}
+
+if [ "$1" = configure ] && [ -z "$2" ]; then
+ echo "First installation detected..."
+ # first install: setup the recommended configuration (unless
+ # nsswitch.conf already contains myhostname entries)
+ insert_nss_entry
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-myhostname.postrm b/debian/libnss-myhostname.postrm
new file mode 100644
index 0000000..90e3c38
--- /dev/null
+++ b/debian/libnss-myhostname.postrm
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+set -e
+
+remove_nss_entry() {
+ local file=$1
+ local pkg=$2
+ local module=$3
+ refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \
+ -W $pkg | grep '^i' | wc -l)
+ if [ "$refcount" -gt 0 ] ; then
+ # package is installed for other architectures still, do nothing
+ return
+ fi
+ echo "Checking NSS setup..."
+ # abort if file does not exist
+ if ! [ -e $file ]; then
+ echo "Could not find ${file}."
+ return
+ fi
+ # we must remove possible [foo=bar] options as well
+ sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file
+}
+
+if [ "$1" = remove ]; then
+ remove_nss_entry /etc/nsswitch.conf libnss-myhostname myhostname
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-mymachines.install b/debian/libnss-mymachines.install
new file mode 100644
index 0000000..1923505
--- /dev/null
+++ b/debian/libnss-mymachines.install
@@ -0,0 +1,3 @@
+usr/lib/*/libnss_mymachines*.so.*
+usr/share/man/man8/libnss_mymachines.so.2.8
+usr/share/man/man8/nss-mymachines.8
diff --git a/debian/libnss-mymachines.lintian-overrides b/debian/libnss-mymachines.lintian-overrides
new file mode 100644
index 0000000..c9661e8
--- /dev/null
+++ b/debian/libnss-mymachines.lintian-overrides
@@ -0,0 +1,2 @@
+# package is a NSS module, not a system library
+libnss-mymachines: package-name-doesnt-match-sonames
diff --git a/debian/libnss-mymachines.postinst b/debian/libnss-mymachines.postinst
new file mode 100644
index 0000000..165a80a
--- /dev/null
+++ b/debian/libnss-mymachines.postinst
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+# This code was taken from libnss-myhostname
+
+# try to insert mymachines entries to the "hosts" line in /etc/nsswitch.conf to
+# automatically enable libnss-mymachines support; do not change the
+# configuration if the "hosts" line already references some mymachines lookups
+insert_nss_entry() {
+ echo "Checking NSS setup..."
+ # abort if /etc/nsswitch.conf does not exist
+ if ! [ -e /etc/nsswitch.conf ]; then
+ echo "Could not find /etc/nsswitch.conf."
+ return
+ fi
+ perl -i -pe '
+ sub insert {
+ my $line = shift;
+ # this also splits on tab
+ my @bits=split(" ", $line);
+ # do not break configuration if the "hosts" line already references
+ # mymachines
+ if (grep { $_ eq "mymachines"} @bits) {
+ return $line;
+ }
+ # add mymachines at the end
+ return $line . " mymachines";
+ }
+ s/^(hosts:\s+)(.*)/$1.insert($2)/e;
+ ' /etc/nsswitch.conf
+}
+
+if [ "$1" = configure ] && [ -z "$2" ]; then
+ echo "First installation detected..."
+ # first install: setup the recommended configuration (unless
+ # nsswitch.conf already contains mymachines entries)
+ insert_nss_entry
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-mymachines.postrm b/debian/libnss-mymachines.postrm
new file mode 100644
index 0000000..c8fb09c
--- /dev/null
+++ b/debian/libnss-mymachines.postrm
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+set -e
+
+remove_nss_entry() {
+ local file=$1
+ local pkg=$2
+ local module=$3
+ refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \
+ -W $pkg | grep '^i' | wc -l)
+ if [ "$refcount" -gt 0 ] ; then
+ # package is installed for other architectures still, do nothing
+ return
+ fi
+ echo "Checking NSS setup..."
+ # abort if file does not exist
+ if ! [ -e $file ]; then
+ echo "Could not find ${file}."
+ return
+ fi
+ # we must remove possible [foo=bar] options as well
+ sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file
+}
+
+if [ "$1" = remove ]; then
+ remove_nss_entry /etc/nsswitch.conf libnss-mymachines mymachines
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-resolve.install b/debian/libnss-resolve.install
new file mode 100644
index 0000000..871aac0
--- /dev/null
+++ b/debian/libnss-resolve.install
@@ -0,0 +1,3 @@
+usr/lib/*/libnss_resolve*.so.*
+usr/share/man/man8/libnss_resolve.so.2.8
+usr/share/man/man8/nss-resolve.8
diff --git a/debian/libnss-resolve.lintian-overrides b/debian/libnss-resolve.lintian-overrides
new file mode 100644
index 0000000..dfd9ec4
--- /dev/null
+++ b/debian/libnss-resolve.lintian-overrides
@@ -0,0 +1,2 @@
+# package is a NSS module, not a system library
+libnss-resolve: package-name-doesnt-match-sonames
diff --git a/debian/libnss-resolve.postinst b/debian/libnss-resolve.postinst
new file mode 100644
index 0000000..382364e
--- /dev/null
+++ b/debian/libnss-resolve.postinst
@@ -0,0 +1,48 @@
+#!/bin/sh
+
+set -e
+
+# This code was taken from libnss-myhostname
+
+# try to insert resolve entries to the "hosts" line in /etc/nsswitch.conf to
+# automatically enable libnss-resolve support; do not change the
+# configuration if the "hosts" line already references some resolve lookups
+insert_nss_entry() {
+ echo "Checking NSS setup..."
+ # abort if /etc/nsswitch.conf does not exist
+ if ! [ -e /etc/nsswitch.conf ]; then
+ echo "Could not find /etc/nsswitch.conf."
+ return
+ fi
+ perl -i -pe '
+ sub insert {
+ my $line = shift;
+ # this also splits on tab
+ my @bits=split(" ", $line);
+ # do not break configuration if the "hosts" line already references
+ # resolve
+ if (grep { $_ eq "resolve"} @bits) {
+ return $line;
+ }
+ # add resolve before dns
+ return join " ", map {
+ $_ eq "dns" ? ("resolve [!UNAVAIL=return]", "$_") : $_
+ } @bits;
+ }
+ s/^(hosts:\s+)(.*)/$1.insert($2)/e;
+ ' /etc/nsswitch.conf
+}
+
+if [ "$1" = configure ] && [ -z "$2" ]; then
+ echo "First installation detected..."
+ # first install: setup the recommended configuration (unless
+ # nsswitch.conf already contains resolve entries)
+ insert_nss_entry
+ # ... and enable resolved
+ systemctl enable systemd-resolved.service
+ if [ -d /run/systemd/system ]; then
+ deb-systemd-invoke start systemd-resolved.service || true
+ fi
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-resolve.postrm b/debian/libnss-resolve.postrm
new file mode 100644
index 0000000..c951b86
--- /dev/null
+++ b/debian/libnss-resolve.postrm
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+set -e
+
+remove_nss_entry() {
+ local file=$1
+ local pkg=$2
+ local module=$3
+ refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \
+ -W $pkg | grep '^i' | wc -l)
+ if [ "$refcount" -gt 0 ] ; then
+ # package is installed for other architectures still, do nothing
+ return
+ fi
+ echo "Checking NSS setup..."
+ # abort if file does not exist
+ if ! [ -e $file ]; then
+ echo "Could not find ${file}."
+ return
+ fi
+ # we must remove possible [foo=bar] options as well
+ sed -i -r "/hosts:/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file
+}
+
+if [ "$1" = remove ]; then
+ remove_nss_entry /etc/nsswitch.conf libnss-resolve resolve
+ systemctl disable systemd-resolved.service
+ if [ -d /run/systemd/system ]; then
+ deb-systemd-invoke stop systemd-resolved.service || true
+ fi
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-systemd.install b/debian/libnss-systemd.install
new file mode 100644
index 0000000..858f307
--- /dev/null
+++ b/debian/libnss-systemd.install
@@ -0,0 +1,3 @@
+usr/lib/*/libnss_systemd*.so.*
+usr/share/man/man8/libnss_systemd*
+usr/share/man/man8/nss-systemd*
diff --git a/debian/libnss-systemd.lintian-overrides b/debian/libnss-systemd.lintian-overrides
new file mode 100644
index 0000000..8e9c4cb
--- /dev/null
+++ b/debian/libnss-systemd.lintian-overrides
@@ -0,0 +1,2 @@
+# package is a NSS module, not a system library
+libnss-systemd: package-name-doesnt-match-sonames
diff --git a/debian/libnss-systemd.postinst b/debian/libnss-systemd.postinst
new file mode 100644
index 0000000..16040bc
--- /dev/null
+++ b/debian/libnss-systemd.postinst
@@ -0,0 +1,39 @@
+#!/bin/sh
+
+set -e
+
+# try to insert the systemd entry to the "passwd" and "group" lines in
+# /etc/nsswitch.conf to automatically enable libnss-systemd support; do not
+# change the configuration if the lines already contain "systemd"
+insert_nss_entry() {
+ echo "Checking NSS setup..."
+ # abort if /etc/nsswitch.conf does not exist
+ if ! [ -e /etc/nsswitch.conf ]; then
+ echo "Could not find /etc/nsswitch.conf."
+ return
+ fi
+ perl -i -pe '
+ sub insert {
+ my $line = shift;
+ # this also splits on tab
+ my @bits=split(" ", $line);
+ # do not break configuration if the line already references
+ # systemd
+ if (grep { $_ eq "systemd"} @bits) {
+ return $line;
+ }
+ # add systemd at the end
+ return $line . " systemd";
+ }
+ s/^(passwd:\s+)(.*)/$1.insert($2)/e;
+ s/^(group:\s+)(.*)/$1.insert($2)/e;
+ ' /etc/nsswitch.conf
+}
+
+if [ "$1" = configure ] && [ -z "$2" ]; then
+ echo "First installation detected..."
+ # first install: setup the recommended configuration
+ insert_nss_entry
+fi
+
+#DEBHELPER#
diff --git a/debian/libnss-systemd.postrm b/debian/libnss-systemd.postrm
new file mode 100644
index 0000000..ce8e954
--- /dev/null
+++ b/debian/libnss-systemd.postrm
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+set -e
+
+remove_nss_entry() {
+ local file=$1
+ local pkg=$2
+ local module=$3
+ refcount=$(dpkg-query -f '${db:Status-Abbrev} ${binary:Package}\n' \
+ -W $pkg | grep '^i' | wc -l)
+ if [ "$refcount" -gt 0 ] ; then
+ # package is installed for other architectures still, do nothing
+ return
+ fi
+ echo "Checking NSS setup..."
+ # abort if file does not exist
+ if ! [ -e $file ]; then
+ echo "Could not find ${file}."
+ return
+ fi
+ # we must remove possible [foo=bar] options as well
+ sed -i -r "/(passwd|group):/ s/[[:space:]]+$module\b([[:space:]]*\[[^]]*\])*//" $file
+}
+
+if [ "$1" = remove ]; then
+ remove_nss_entry /etc/nsswitch.conf libnss-systemd systemd
+fi
+
+#DEBHELPER#
diff --git a/debian/libpam-systemd.install b/debian/libpam-systemd.install
new file mode 100644
index 0000000..df749da
--- /dev/null
+++ b/debian/libpam-systemd.install
@@ -0,0 +1,3 @@
+lib/*/security/pam_systemd.so
+usr/share/man/man8/pam_systemd.8
+../../extra/pam-configs usr/share/
diff --git a/debian/libpam-systemd.postinst b/debian/libpam-systemd.postinst
new file mode 100644
index 0000000..7e37590
--- /dev/null
+++ b/debian/libpam-systemd.postinst
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+pam-auth-update --package
+
+#DEBHELPER#
diff --git a/debian/libpam-systemd.prerm b/debian/libpam-systemd.prerm
new file mode 100644
index 0000000..15284c5
--- /dev/null
+++ b/debian/libpam-systemd.prerm
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -e
+
+# pam-auth-update --remove removes the named profile from the active config.
+# It arguably should be called during deconfigure as well, but deconfigure
+# can happen in some cases during a dist-upgrade and we don't want to
+# deconfigure all PAM modules in the middle of a dist-upgrade by accident.
+#
+# More importantly, with the current implementation, --remove also removes
+# all local preferences for the named config (such as whether it's enabled
+# or disabled), which we don't want to do on deconfigure.
+#
+# This may need to change later as pam-auth-update evolves.
+
+if [ "$1" = remove ] && [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then
+ pam-auth-update --package --remove systemd
+fi
+
+#DEBHELPER#
diff --git a/debian/libsystemd-dev.install b/debian/libsystemd-dev.install
new file mode 100644
index 0000000..a170141
--- /dev/null
+++ b/debian/libsystemd-dev.install
@@ -0,0 +1,5 @@
+usr/lib/*/libsystemd.so
+usr/lib/*/pkgconfig/libsystemd.pc
+usr/include/systemd/
+usr/share/man/man3/sd*
+usr/share/man/man3/SD*
diff --git a/debian/libsystemd0.install b/debian/libsystemd0.install
new file mode 100644
index 0000000..13c96e6
--- /dev/null
+++ b/debian/libsystemd0.install
@@ -0,0 +1 @@
+usr/lib/*/libsystemd.so.*
diff --git a/debian/libsystemd0.symbols b/debian/libsystemd0.symbols
new file mode 100644
index 0000000..fdd6ade
--- /dev/null
+++ b/debian/libsystemd0.symbols
@@ -0,0 +1,607 @@
+libsystemd.so.0 libsystemd0 #MINVER#
+* Build-Depends-Package: libsystemd-dev
+ LIBSYSTEMD_209@LIBSYSTEMD_209 0
+ LIBSYSTEMD_211@LIBSYSTEMD_211 211
+ LIBSYSTEMD_213@LIBSYSTEMD_213 213
+ LIBSYSTEMD_214@LIBSYSTEMD_214 214
+ LIBSYSTEMD_216@LIBSYSTEMD_216 217
+ LIBSYSTEMD_217@LIBSYSTEMD_217 217
+ LIBSYSTEMD_219@LIBSYSTEMD_219 219
+ LIBSYSTEMD_220@LIBSYSTEMD_220 220
+ LIBSYSTEMD_221@LIBSYSTEMD_221 221
+ LIBSYSTEMD_222@LIBSYSTEMD_222 222
+ LIBSYSTEMD_226@LIBSYSTEMD_226 226
+ LIBSYSTEMD_227@LIBSYSTEMD_227 227
+ LIBSYSTEMD_229@LIBSYSTEMD_229 229
+ LIBSYSTEMD_230@LIBSYSTEMD_230 230
+ LIBSYSTEMD_231@LIBSYSTEMD_231 231
+ LIBSYSTEMD_232@LIBSYSTEMD_232 232
+ LIBSYSTEMD_233@LIBSYSTEMD_233 233
+ LIBSYSTEMD_234@LIBSYSTEMD_234 234
+ LIBSYSTEMD_236@LIBSYSTEMD_236 236
+ LIBSYSTEMD_237@LIBSYSTEMD_237 237
+ LIBSYSTEMD_238@LIBSYSTEMD_238 238
+ LIBSYSTEMD_239@LIBSYSTEMD_239 239
+ LIBSYSTEMD_240@LIBSYSTEMD_240 240
+ LIBSYSTEMD_241@LIBSYSTEMD_241 241
+ LIBSYSTEMD_243@LIBSYSTEMD_243 243
+ LIBSYSTEMD_245@LIBSYSTEMD_245 245
+ LIBSYSTEMD_246@LIBSYSTEMD_246 246
+ LIBSYSTEMD_247@LIBSYSTEMD_247 247
+ sd_booted@LIBSYSTEMD_209 0
+ sd_bus_add_fallback@LIBSYSTEMD_221 221
+ sd_bus_add_fallback_vtable@LIBSYSTEMD_221 221
+ sd_bus_add_filter@LIBSYSTEMD_221 221
+ sd_bus_add_match@LIBSYSTEMD_221 221
+ sd_bus_add_match_async@LIBSYSTEMD_237 237
+ sd_bus_add_node_enumerator@LIBSYSTEMD_221 221
+ sd_bus_add_object@LIBSYSTEMD_221 221
+ sd_bus_add_object_manager@LIBSYSTEMD_221 221
+ sd_bus_add_object_vtable@LIBSYSTEMD_221 221
+ sd_bus_attach_event@LIBSYSTEMD_221 221
+ sd_bus_call@LIBSYSTEMD_221 221
+ sd_bus_call_async@LIBSYSTEMD_221 221
+ sd_bus_call_method@LIBSYSTEMD_221 221
+ sd_bus_call_method_async@LIBSYSTEMD_221 221
+ sd_bus_call_method_asyncv@LIBSYSTEMD_246 246
+ sd_bus_call_methodv@LIBSYSTEMD_246 246
+ sd_bus_can_send@LIBSYSTEMD_221 221
+ sd_bus_close@LIBSYSTEMD_221 221
+ sd_bus_close_unref@LIBSYSTEMD_241 241
+ sd_bus_creds_get_audit_login_uid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_audit_session_id@LIBSYSTEMD_221 221
+ sd_bus_creds_get_augmented_mask@LIBSYSTEMD_221 221
+ sd_bus_creds_get_cgroup@LIBSYSTEMD_221 221
+ sd_bus_creds_get_cmdline@LIBSYSTEMD_221 221
+ sd_bus_creds_get_comm@LIBSYSTEMD_221 221
+ sd_bus_creds_get_description@LIBSYSTEMD_221 221
+ sd_bus_creds_get_egid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_euid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_exe@LIBSYSTEMD_221 221
+ sd_bus_creds_get_fsgid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_fsuid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_gid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_mask@LIBSYSTEMD_221 221
+ sd_bus_creds_get_owner_uid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_pid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_ppid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_selinux_context@LIBSYSTEMD_221 221
+ sd_bus_creds_get_session@LIBSYSTEMD_221 221
+ sd_bus_creds_get_sgid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_slice@LIBSYSTEMD_221 221
+ sd_bus_creds_get_suid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_supplementary_gids@LIBSYSTEMD_221 221
+ sd_bus_creds_get_tid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_tid_comm@LIBSYSTEMD_221 221
+ sd_bus_creds_get_tty@LIBSYSTEMD_221 221
+ sd_bus_creds_get_uid@LIBSYSTEMD_221 221
+ sd_bus_creds_get_unique_name@LIBSYSTEMD_221 221
+ sd_bus_creds_get_unit@LIBSYSTEMD_221 221
+ sd_bus_creds_get_user_slice@LIBSYSTEMD_221 221
+ sd_bus_creds_get_user_unit@LIBSYSTEMD_221 221
+ sd_bus_creds_get_well_known_names@LIBSYSTEMD_221 221
+ sd_bus_creds_has_bounding_cap@LIBSYSTEMD_221 221
+ sd_bus_creds_has_effective_cap@LIBSYSTEMD_221 221
+ sd_bus_creds_has_inheritable_cap@LIBSYSTEMD_221 221
+ sd_bus_creds_has_permitted_cap@LIBSYSTEMD_221 221
+ sd_bus_creds_new_from_pid@LIBSYSTEMD_221 221
+ sd_bus_creds_ref@LIBSYSTEMD_221 221
+ sd_bus_creds_unref@LIBSYSTEMD_221 221
+ sd_bus_default@LIBSYSTEMD_221 221
+ sd_bus_default_flush_close@LIBSYSTEMD_227 227
+ sd_bus_default_system@LIBSYSTEMD_221 221
+ sd_bus_default_user@LIBSYSTEMD_221 221
+ sd_bus_detach_event@LIBSYSTEMD_221 221
+ sd_bus_emit_interfaces_added@LIBSYSTEMD_221 221
+ sd_bus_emit_interfaces_added_strv@LIBSYSTEMD_221 221
+ sd_bus_emit_interfaces_removed@LIBSYSTEMD_221 221
+ sd_bus_emit_interfaces_removed_strv@LIBSYSTEMD_221 221
+ sd_bus_emit_object_added@LIBSYSTEMD_222 222
+ sd_bus_emit_object_removed@LIBSYSTEMD_222 222
+ sd_bus_emit_properties_changed@LIBSYSTEMD_221 221
+ sd_bus_emit_properties_changed_strv@LIBSYSTEMD_221 221
+ sd_bus_emit_signal@LIBSYSTEMD_221 221
+ sd_bus_emit_signalv@LIBSYSTEMD_246 246
+ sd_bus_enqueue_for_read@LIBSYSTEMD_245 245
+ sd_bus_error_add_map@LIBSYSTEMD_221 221
+ sd_bus_error_copy@LIBSYSTEMD_221 221
+ sd_bus_error_free@LIBSYSTEMD_221 221
+ sd_bus_error_get_errno@LIBSYSTEMD_221 221
+ sd_bus_error_has_name@LIBSYSTEMD_221 221
+ sd_bus_error_has_names_sentinel@LIBSYSTEMD_247 247
+ sd_bus_error_is_set@LIBSYSTEMD_221 221
+ sd_bus_error_move@LIBSYSTEMD_240 240
+ sd_bus_error_set@LIBSYSTEMD_221 221
+ sd_bus_error_set_const@LIBSYSTEMD_221 221
+ sd_bus_error_set_errno@LIBSYSTEMD_221 221
+ sd_bus_error_set_errnof@LIBSYSTEMD_221 221
+ sd_bus_error_set_errnofv@LIBSYSTEMD_221 221
+ sd_bus_error_setf@LIBSYSTEMD_221 221
+ sd_bus_flush@LIBSYSTEMD_221 221
+ sd_bus_flush_close_unref@LIBSYSTEMD_222 222
+ sd_bus_get_address@LIBSYSTEMD_221 221
+ sd_bus_get_allow_interactive_authorization@LIBSYSTEMD_221 221
+ sd_bus_get_bus_id@LIBSYSTEMD_221 221
+ sd_bus_get_close_on_exit@LIBSYSTEMD_240 240
+ sd_bus_get_connected_signal@LIBSYSTEMD_237 237
+ sd_bus_get_creds_mask@LIBSYSTEMD_221 221
+ sd_bus_get_current_handler@LIBSYSTEMD_221 221
+ sd_bus_get_current_message@LIBSYSTEMD_221 221
+ sd_bus_get_current_slot@LIBSYSTEMD_221 221
+ sd_bus_get_current_userdata@LIBSYSTEMD_221 221
+ sd_bus_get_description@LIBSYSTEMD_221 221
+ sd_bus_get_event@LIBSYSTEMD_221 221
+ sd_bus_get_events@LIBSYSTEMD_221 221
+ sd_bus_get_exit_on_disconnect@LIBSYSTEMD_232 232
+ sd_bus_get_fd@LIBSYSTEMD_221 221
+ sd_bus_get_method_call_timeout@LIBSYSTEMD_240 240
+ sd_bus_get_n_queued_read@LIBSYSTEMD_238 238
+ sd_bus_get_n_queued_write@LIBSYSTEMD_238 238
+ sd_bus_get_name_creds@LIBSYSTEMD_221 221
+ sd_bus_get_name_machine_id@LIBSYSTEMD_221 221
+ sd_bus_get_owner_creds@LIBSYSTEMD_221 221
+ sd_bus_get_property@LIBSYSTEMD_221 221
+ sd_bus_get_property_string@LIBSYSTEMD_221 221
+ sd_bus_get_property_strv@LIBSYSTEMD_221 221
+ sd_bus_get_property_trivial@LIBSYSTEMD_221 221
+ sd_bus_get_scope@LIBSYSTEMD_221 221
+ sd_bus_get_sender@LIBSYSTEMD_237 237
+ sd_bus_get_tid@LIBSYSTEMD_221 221
+ sd_bus_get_timeout@LIBSYSTEMD_221 221
+ sd_bus_get_unique_name@LIBSYSTEMD_221 221
+ sd_bus_get_watch_bind@LIBSYSTEMD_237 237
+ sd_bus_interface_name_is_valid@LIBSYSTEMD_246 246
+ sd_bus_is_anonymous@LIBSYSTEMD_221 221
+ sd_bus_is_bus_client@LIBSYSTEMD_221 221
+ sd_bus_is_monitor@LIBSYSTEMD_221 221
+ sd_bus_is_open@LIBSYSTEMD_221 221
+ sd_bus_is_ready@LIBSYSTEMD_237 237
+ sd_bus_is_server@LIBSYSTEMD_221 221
+ sd_bus_is_trusted@LIBSYSTEMD_221 221
+ sd_bus_list_names@LIBSYSTEMD_221 221
+ sd_bus_match_signal@LIBSYSTEMD_237 237
+ sd_bus_match_signal_async@LIBSYSTEMD_237 237
+ sd_bus_member_name_is_valid@LIBSYSTEMD_246 246
+ sd_bus_message_append@LIBSYSTEMD_221 221
+ sd_bus_message_append_array@LIBSYSTEMD_221 221
+ sd_bus_message_append_array_iovec@LIBSYSTEMD_221 221
+ sd_bus_message_append_array_memfd@LIBSYSTEMD_221 221
+ sd_bus_message_append_array_space@LIBSYSTEMD_221 221
+ sd_bus_message_append_basic@LIBSYSTEMD_221 221
+ sd_bus_message_append_string_iovec@LIBSYSTEMD_221 221
+ sd_bus_message_append_string_memfd@LIBSYSTEMD_221 221
+ sd_bus_message_append_string_space@LIBSYSTEMD_221 221
+ sd_bus_message_append_strv@LIBSYSTEMD_221 221
+ sd_bus_message_appendv@LIBSYSTEMD_234 234
+ sd_bus_message_at_end@LIBSYSTEMD_221 221
+ sd_bus_message_close_container@LIBSYSTEMD_221 221
+ sd_bus_message_copy@LIBSYSTEMD_221 221
+ sd_bus_message_dump@LIBSYSTEMD_245 245
+ sd_bus_message_enter_container@LIBSYSTEMD_221 221
+ sd_bus_message_exit_container@LIBSYSTEMD_221 221
+ sd_bus_message_get_allow_interactive_authorization@LIBSYSTEMD_221 221
+ sd_bus_message_get_auto_start@LIBSYSTEMD_221 221
+ sd_bus_message_get_bus@LIBSYSTEMD_221 221
+ sd_bus_message_get_cookie@LIBSYSTEMD_221 221
+ sd_bus_message_get_creds@LIBSYSTEMD_221 221
+ sd_bus_message_get_destination@LIBSYSTEMD_221 221
+ sd_bus_message_get_errno@LIBSYSTEMD_221 221
+ sd_bus_message_get_error@LIBSYSTEMD_221 221
+ sd_bus_message_get_expect_reply@LIBSYSTEMD_221 221
+ sd_bus_message_get_interface@LIBSYSTEMD_221 221
+ sd_bus_message_get_member@LIBSYSTEMD_221 221
+ sd_bus_message_get_monotonic_usec@LIBSYSTEMD_221 221
+ sd_bus_message_get_path@LIBSYSTEMD_221 221
+ sd_bus_message_get_priority@LIBSYSTEMD_221 221
+ sd_bus_message_get_realtime_usec@LIBSYSTEMD_221 221
+ sd_bus_message_get_reply_cookie@LIBSYSTEMD_221 221
+ sd_bus_message_get_sender@LIBSYSTEMD_221 221
+ sd_bus_message_get_seqnum@LIBSYSTEMD_221 221
+ sd_bus_message_get_signature@LIBSYSTEMD_221 221
+ sd_bus_message_get_type@LIBSYSTEMD_221 221
+ sd_bus_message_has_signature@LIBSYSTEMD_221 221
+ sd_bus_message_is_empty@LIBSYSTEMD_221 221
+ sd_bus_message_is_method_call@LIBSYSTEMD_221 221
+ sd_bus_message_is_method_error@LIBSYSTEMD_221 221
+ sd_bus_message_is_signal@LIBSYSTEMD_221 221
+ sd_bus_message_new@LIBSYSTEMD_236 236
+ sd_bus_message_new_method_call@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_errno@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_errnof@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_error@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_errorf@LIBSYSTEMD_221 221
+ sd_bus_message_new_method_return@LIBSYSTEMD_221 221
+ sd_bus_message_new_signal@LIBSYSTEMD_221 221
+ sd_bus_message_open_container@LIBSYSTEMD_221 221
+ sd_bus_message_peek_type@LIBSYSTEMD_221 221
+ sd_bus_message_read@LIBSYSTEMD_221 221
+ sd_bus_message_read_array@LIBSYSTEMD_221 221
+ sd_bus_message_read_basic@LIBSYSTEMD_221 221
+ sd_bus_message_read_strv@LIBSYSTEMD_221 221
+ sd_bus_message_readv@LIBSYSTEMD_240 240
+ sd_bus_message_ref@LIBSYSTEMD_221 221
+ sd_bus_message_rewind@LIBSYSTEMD_221 221
+ sd_bus_message_seal@LIBSYSTEMD_236 236
+ sd_bus_message_sensitive@LIBSYSTEMD_245 245
+ sd_bus_message_set_allow_interactive_authorization@LIBSYSTEMD_221 221
+ sd_bus_message_set_auto_start@LIBSYSTEMD_221 221
+ sd_bus_message_set_destination@LIBSYSTEMD_221 221
+ sd_bus_message_set_expect_reply@LIBSYSTEMD_221 221
+ sd_bus_message_set_priority@LIBSYSTEMD_221 221
+ sd_bus_message_set_sender@LIBSYSTEMD_237 237
+ sd_bus_message_skip@LIBSYSTEMD_221 221
+ sd_bus_message_unref@LIBSYSTEMD_221 221
+ sd_bus_message_verify_type@LIBSYSTEMD_221 221
+ sd_bus_negotiate_creds@LIBSYSTEMD_221 221
+ sd_bus_negotiate_fds@LIBSYSTEMD_221 221
+ sd_bus_negotiate_timestamp@LIBSYSTEMD_221 221
+ sd_bus_new@LIBSYSTEMD_221 221
+ sd_bus_object_path_is_valid@LIBSYSTEMD_246 246
+ sd_bus_object_vtable_format@LIBSYSTEMD_243 243
+ sd_bus_open@LIBSYSTEMD_221 221
+ sd_bus_open_system@LIBSYSTEMD_221 221
+ sd_bus_open_system_machine@LIBSYSTEMD_221 221
+ sd_bus_open_system_remote@LIBSYSTEMD_221 221
+ sd_bus_open_system_with_description@LIBSYSTEMD_239 239
+ sd_bus_open_user@LIBSYSTEMD_221 221
+ sd_bus_open_user_with_description@LIBSYSTEMD_239 239
+ sd_bus_open_with_description@LIBSYSTEMD_239 239
+ sd_bus_path_decode@LIBSYSTEMD_221 221
+ sd_bus_path_decode_many@LIBSYSTEMD_227 227
+ sd_bus_path_encode@LIBSYSTEMD_221 221
+ sd_bus_path_encode_many@LIBSYSTEMD_227 227
+ sd_bus_process@LIBSYSTEMD_221 221
+ sd_bus_process_priority@LIBSYSTEMD_221 221
+ sd_bus_query_sender_creds@LIBSYSTEMD_221 221
+ sd_bus_query_sender_privilege@LIBSYSTEMD_221 221
+ sd_bus_ref@LIBSYSTEMD_221 221
+ sd_bus_release_name@LIBSYSTEMD_221 221
+ sd_bus_release_name_async@LIBSYSTEMD_237 237
+ sd_bus_reply_method_errno@LIBSYSTEMD_221 221
+ sd_bus_reply_method_errnof@LIBSYSTEMD_221 221
+ sd_bus_reply_method_errnofv@LIBSYSTEMD_246 246
+ sd_bus_reply_method_error@LIBSYSTEMD_221 221
+ sd_bus_reply_method_errorf@LIBSYSTEMD_221 221
+ sd_bus_reply_method_errorfv@LIBSYSTEMD_246 246
+ sd_bus_reply_method_return@LIBSYSTEMD_221 221
+ sd_bus_reply_method_returnv@LIBSYSTEMD_246 246
+ sd_bus_request_name@LIBSYSTEMD_221 221
+ sd_bus_request_name_async@LIBSYSTEMD_237 237
+ sd_bus_send@LIBSYSTEMD_221 221
+ sd_bus_send_to@LIBSYSTEMD_221 221
+ sd_bus_service_name_is_valid@LIBSYSTEMD_246 246
+ sd_bus_set_address@LIBSYSTEMD_221 221
+ sd_bus_set_allow_interactive_authorization@LIBSYSTEMD_221 221
+ sd_bus_set_anonymous@LIBSYSTEMD_221 221
+ sd_bus_set_bus_client@LIBSYSTEMD_221 221
+ sd_bus_set_close_on_exit@LIBSYSTEMD_240 240
+ sd_bus_set_connected_signal@LIBSYSTEMD_237 237
+ sd_bus_set_description@LIBSYSTEMD_221 221
+ sd_bus_set_exec@LIBSYSTEMD_221 221
+ sd_bus_set_exit_on_disconnect@LIBSYSTEMD_232 232
+ sd_bus_set_fd@LIBSYSTEMD_221 221
+ sd_bus_set_method_call_timeout@LIBSYSTEMD_240 240
+ sd_bus_set_monitor@LIBSYSTEMD_221 221
+ sd_bus_set_property@LIBSYSTEMD_221 221
+ sd_bus_set_propertyv@LIBSYSTEMD_246 246
+ sd_bus_set_sender@LIBSYSTEMD_237 237
+ sd_bus_set_server@LIBSYSTEMD_221 221
+ sd_bus_set_trusted@LIBSYSTEMD_221 221
+ sd_bus_set_watch_bind@LIBSYSTEMD_237 237
+ sd_bus_slot_get_bus@LIBSYSTEMD_221 221
+ sd_bus_slot_get_current_handler@LIBSYSTEMD_221 221
+ sd_bus_slot_get_current_message@LIBSYSTEMD_221 221
+ sd_bus_slot_get_current_userdata@LIBSYSTEMD_221 221
+ sd_bus_slot_get_description@LIBSYSTEMD_221 221
+ sd_bus_slot_get_destroy_callback@LIBSYSTEMD_239 239
+ sd_bus_slot_get_floating@LIBSYSTEMD_239 239
+ sd_bus_slot_get_userdata@LIBSYSTEMD_221 221
+ sd_bus_slot_ref@LIBSYSTEMD_221 221
+ sd_bus_slot_set_description@LIBSYSTEMD_221 221
+ sd_bus_slot_set_destroy_callback@LIBSYSTEMD_239 239
+ sd_bus_slot_set_floating@LIBSYSTEMD_239 239
+ sd_bus_slot_set_userdata@LIBSYSTEMD_221 221
+ sd_bus_slot_unref@LIBSYSTEMD_221 221
+ sd_bus_start@LIBSYSTEMD_221 221
+ sd_bus_track_add_name@LIBSYSTEMD_221 221
+ sd_bus_track_add_sender@LIBSYSTEMD_221 221
+ sd_bus_track_contains@LIBSYSTEMD_221 221
+ sd_bus_track_count@LIBSYSTEMD_221 221
+ sd_bus_track_count_name@LIBSYSTEMD_232 232
+ sd_bus_track_count_sender@LIBSYSTEMD_232 232
+ sd_bus_track_first@LIBSYSTEMD_221 221
+ sd_bus_track_get_bus@LIBSYSTEMD_221 221
+ sd_bus_track_get_destroy_callback@LIBSYSTEMD_239 239
+ sd_bus_track_get_recursive@LIBSYSTEMD_232 232
+ sd_bus_track_get_userdata@LIBSYSTEMD_221 221
+ sd_bus_track_new@LIBSYSTEMD_221 221
+ sd_bus_track_next@LIBSYSTEMD_221 221
+ sd_bus_track_ref@LIBSYSTEMD_221 221
+ sd_bus_track_remove_name@LIBSYSTEMD_221 221
+ sd_bus_track_remove_sender@LIBSYSTEMD_221 221
+ sd_bus_track_set_destroy_callback@LIBSYSTEMD_239 239
+ sd_bus_track_set_recursive@LIBSYSTEMD_232 232
+ sd_bus_track_set_userdata@LIBSYSTEMD_221 221
+ sd_bus_track_unref@LIBSYSTEMD_221 221
+ sd_bus_try_close@LIBSYSTEMD_221 221
+ sd_bus_unref@LIBSYSTEMD_221 221
+ sd_bus_wait@LIBSYSTEMD_221 221
+ sd_device_enumerator_add_match_parent@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_property@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_subsystem@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_sysattr@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_sysname@LIBSYSTEMD_240 240
+ sd_device_enumerator_add_match_tag@LIBSYSTEMD_240 240
+ sd_device_enumerator_allow_uninitialized@LIBSYSTEMD_240 240
+ sd_device_enumerator_get_device_first@LIBSYSTEMD_240 240
+ sd_device_enumerator_get_device_next@LIBSYSTEMD_240 240
+ sd_device_enumerator_get_subsystem_first@LIBSYSTEMD_240 240
+ sd_device_enumerator_get_subsystem_next@LIBSYSTEMD_240 240
+ sd_device_enumerator_new@LIBSYSTEMD_240 240
+ sd_device_enumerator_ref@LIBSYSTEMD_240 240
+ sd_device_enumerator_unref@LIBSYSTEMD_240 240
+ sd_device_get_current_tag_first@LIBSYSTEMD_247 247
+ sd_device_get_current_tag_next@LIBSYSTEMD_247 247
+ sd_device_get_devlink_first@LIBSYSTEMD_240 240
+ sd_device_get_devlink_next@LIBSYSTEMD_240 240
+ sd_device_get_devname@LIBSYSTEMD_240 240
+ sd_device_get_devnum@LIBSYSTEMD_240 240
+ sd_device_get_devpath@LIBSYSTEMD_240 240
+ sd_device_get_devtype@LIBSYSTEMD_240 240
+ sd_device_get_driver@LIBSYSTEMD_240 240
+ sd_device_get_ifindex@LIBSYSTEMD_240 240
+ sd_device_get_is_initialized@LIBSYSTEMD_240 240
+ sd_device_get_parent@LIBSYSTEMD_240 240
+ sd_device_get_parent_with_subsystem_devtype@LIBSYSTEMD_240 240
+ sd_device_get_property_first@LIBSYSTEMD_240 240
+ sd_device_get_property_next@LIBSYSTEMD_240 240
+ sd_device_get_property_value@LIBSYSTEMD_240 240
+ sd_device_get_subsystem@LIBSYSTEMD_240 240
+ sd_device_get_sysattr_first@LIBSYSTEMD_240 240
+ sd_device_get_sysattr_next@LIBSYSTEMD_240 240
+ sd_device_get_sysattr_value@LIBSYSTEMD_240 240
+ sd_device_get_sysname@LIBSYSTEMD_240 240
+ sd_device_get_sysnum@LIBSYSTEMD_240 240
+ sd_device_get_syspath@LIBSYSTEMD_240 240
+ sd_device_get_tag_first@LIBSYSTEMD_240 240
+ sd_device_get_tag_next@LIBSYSTEMD_240 240
+ sd_device_get_usec_since_initialized@LIBSYSTEMD_240 240
+ sd_device_has_current_tag@LIBSYSTEMD_247 247
+ sd_device_has_tag@LIBSYSTEMD_240 240
+ sd_device_monitor_attach_event@LIBSYSTEMD_240 240
+ sd_device_monitor_detach_event@LIBSYSTEMD_240 240
+ sd_device_monitor_filter_add_match_subsystem_devtype@LIBSYSTEMD_240 240
+ sd_device_monitor_filter_add_match_tag@LIBSYSTEMD_240 240
+ sd_device_monitor_filter_remove@LIBSYSTEMD_240 240
+ sd_device_monitor_filter_update@LIBSYSTEMD_240 240
+ sd_device_monitor_get_event@LIBSYSTEMD_240 240
+ sd_device_monitor_get_event_source@LIBSYSTEMD_240 240
+ sd_device_monitor_new@LIBSYSTEMD_240 240
+ sd_device_monitor_ref@LIBSYSTEMD_240 240
+ sd_device_monitor_set_receive_buffer_size@LIBSYSTEMD_240 240
+ sd_device_monitor_start@LIBSYSTEMD_240 240
+ sd_device_monitor_stop@LIBSYSTEMD_240 240
+ sd_device_monitor_unref@LIBSYSTEMD_240 240
+ sd_device_new_from_device_id@LIBSYSTEMD_240 240
+ sd_device_new_from_devnum@LIBSYSTEMD_240 240
+ sd_device_new_from_subsystem_sysname@LIBSYSTEMD_240 240
+ sd_device_new_from_syspath@LIBSYSTEMD_240 240
+ sd_device_ref@LIBSYSTEMD_240 240
+ sd_device_set_sysattr_value@LIBSYSTEMD_240 240
+ sd_device_set_sysattr_valuef@LIBSYSTEMD_247 247
+ sd_device_unref@LIBSYSTEMD_240 240
+ sd_event_add_child@LIBSYSTEMD_221 221
+ sd_event_add_child_pidfd@LIBSYSTEMD_245 245
+ sd_event_add_defer@LIBSYSTEMD_221 221
+ sd_event_add_exit@LIBSYSTEMD_221 221
+ sd_event_add_inotify@LIBSYSTEMD_239 239
+ sd_event_add_io@LIBSYSTEMD_221 221
+ sd_event_add_post@LIBSYSTEMD_221 221
+ sd_event_add_signal@LIBSYSTEMD_221 221
+ sd_event_add_time@LIBSYSTEMD_221 221
+ sd_event_add_time_relative@LIBSYSTEMD_247 247
+ sd_event_default@LIBSYSTEMD_221 221
+ sd_event_dispatch@LIBSYSTEMD_221 221
+ sd_event_exit@LIBSYSTEMD_221 221
+ sd_event_get_exit_code@LIBSYSTEMD_221 221
+ sd_event_get_fd@LIBSYSTEMD_221 221
+ sd_event_get_iteration@LIBSYSTEMD_231 231
+ sd_event_get_state@LIBSYSTEMD_221 221
+ sd_event_get_tid@LIBSYSTEMD_221 221
+ sd_event_get_watchdog@LIBSYSTEMD_221 221
+ sd_event_loop@LIBSYSTEMD_221 221
+ sd_event_new@LIBSYSTEMD_221 221
+ sd_event_now@LIBSYSTEMD_221 221
+ sd_event_prepare@LIBSYSTEMD_221 221
+ sd_event_ref@LIBSYSTEMD_221 221
+ sd_event_run@LIBSYSTEMD_221 221
+ sd_event_set_watchdog@LIBSYSTEMD_221 221
+ sd_event_source_disable_unref@LIBSYSTEMD_243 243
+ sd_event_source_get_child_pid@LIBSYSTEMD_221 221
+ sd_event_source_get_child_pidfd@LIBSYSTEMD_245 245
+ sd_event_source_get_child_pidfd_own@LIBSYSTEMD_245 245
+ sd_event_source_get_child_process_own@LIBSYSTEMD_245 245
+ sd_event_source_get_description@LIBSYSTEMD_221 221
+ sd_event_source_get_destroy_callback@LIBSYSTEMD_239 239
+ sd_event_source_get_enabled@LIBSYSTEMD_221 221
+ sd_event_source_get_event@LIBSYSTEMD_221 221
+ sd_event_source_get_exit_on_failure@LIBSYSTEMD_247 247
+ sd_event_source_get_floating@LIBSYSTEMD_240 240
+ sd_event_source_get_inotify_mask@LIBSYSTEMD_239 239
+ sd_event_source_get_io_events@LIBSYSTEMD_221 221
+ sd_event_source_get_io_fd@LIBSYSTEMD_221 221
+ sd_event_source_get_io_fd_own@LIBSYSTEMD_237 237
+ sd_event_source_get_io_revents@LIBSYSTEMD_221 221
+ sd_event_source_get_pending@LIBSYSTEMD_221 221
+ sd_event_source_get_priority@LIBSYSTEMD_221 221
+ sd_event_source_get_signal@LIBSYSTEMD_221 221
+ sd_event_source_get_time@LIBSYSTEMD_221 221
+ sd_event_source_get_time_accuracy@LIBSYSTEMD_221 221
+ sd_event_source_get_time_clock@LIBSYSTEMD_221 221
+ sd_event_source_get_userdata@LIBSYSTEMD_221 221
+ sd_event_source_ref@LIBSYSTEMD_221 221
+ sd_event_source_send_child_signal@LIBSYSTEMD_245 245
+ sd_event_source_set_child_pidfd_own@LIBSYSTEMD_245 245
+ sd_event_source_set_child_process_own@LIBSYSTEMD_245 245
+ sd_event_source_set_description@LIBSYSTEMD_221 221
+ sd_event_source_set_destroy_callback@LIBSYSTEMD_239 239
+ sd_event_source_set_enabled@LIBSYSTEMD_221 221
+ sd_event_source_set_exit_on_failure@LIBSYSTEMD_247 247
+ sd_event_source_set_floating@LIBSYSTEMD_240 240
+ sd_event_source_set_io_events@LIBSYSTEMD_221 221
+ sd_event_source_set_io_fd@LIBSYSTEMD_221 221
+ sd_event_source_set_io_fd_own@LIBSYSTEMD_237 237
+ sd_event_source_set_prepare@LIBSYSTEMD_221 221
+ sd_event_source_set_priority@LIBSYSTEMD_221 221
+ sd_event_source_set_time@LIBSYSTEMD_221 221
+ sd_event_source_set_time_accuracy@LIBSYSTEMD_221 221
+ sd_event_source_set_time_relative@LIBSYSTEMD_247 247
+ sd_event_source_set_userdata@LIBSYSTEMD_221 221
+ sd_event_source_unref@LIBSYSTEMD_221 221
+ sd_event_unref@LIBSYSTEMD_221 221
+ sd_event_wait@LIBSYSTEMD_221 221
+ sd_get_machine_names@LIBSYSTEMD_209 0
+ sd_get_seats@LIBSYSTEMD_209 0
+ sd_get_sessions@LIBSYSTEMD_209 0
+ sd_get_uids@LIBSYSTEMD_209 0
+ sd_hwdb_enumerate@LIBSYSTEMD_240 240
+ sd_hwdb_get@LIBSYSTEMD_240 240
+ sd_hwdb_new@LIBSYSTEMD_240 240
+ sd_hwdb_ref@LIBSYSTEMD_240 240
+ sd_hwdb_seek@LIBSYSTEMD_240 240
+ sd_hwdb_unref@LIBSYSTEMD_240 240
+ sd_id128_from_string@LIBSYSTEMD_209 0
+ sd_id128_get_boot@LIBSYSTEMD_209 0
+ sd_id128_get_boot_app_specific@LIBSYSTEMD_240 240
+ sd_id128_get_invocation@LIBSYSTEMD_232 232
+ sd_id128_get_machine@LIBSYSTEMD_209 0
+ sd_id128_get_machine_app_specific@LIBSYSTEMD_233 233
+ sd_id128_randomize@LIBSYSTEMD_209 0
+ sd_id128_to_string@LIBSYSTEMD_209 0
+ sd_is_fifo@LIBSYSTEMD_209 0
+ sd_is_mq@LIBSYSTEMD_209 0
+ sd_is_socket@LIBSYSTEMD_209 0
+ sd_is_socket_inet@LIBSYSTEMD_209 0
+ sd_is_socket_sockaddr@LIBSYSTEMD_233 233
+ sd_is_socket_unix@LIBSYSTEMD_209 0
+ sd_is_special@LIBSYSTEMD_209 0
+ sd_journal_add_conjunction@LIBSYSTEMD_209 0
+ sd_journal_add_disjunction@LIBSYSTEMD_209 0
+ sd_journal_add_match@LIBSYSTEMD_209 0
+ sd_journal_close@LIBSYSTEMD_209 0
+ sd_journal_enumerate_available_data@LIBSYSTEMD_246 246
+ sd_journal_enumerate_available_unique@LIBSYSTEMD_246 246
+ sd_journal_enumerate_data@LIBSYSTEMD_209 0
+ sd_journal_enumerate_fields@LIBSYSTEMD_229 229
+ sd_journal_enumerate_unique@LIBSYSTEMD_209 0
+ sd_journal_flush_matches@LIBSYSTEMD_209 0
+ sd_journal_get_catalog@LIBSYSTEMD_209 0
+ sd_journal_get_catalog_for_message_id@LIBSYSTEMD_209 0
+ sd_journal_get_cursor@LIBSYSTEMD_209 0
+ sd_journal_get_cutoff_monotonic_usec@LIBSYSTEMD_209 0
+ sd_journal_get_cutoff_realtime_usec@LIBSYSTEMD_209 0
+ sd_journal_get_data@LIBSYSTEMD_209 0
+ sd_journal_get_data_threshold@LIBSYSTEMD_209 0
+ sd_journal_get_events@LIBSYSTEMD_209 0
+ sd_journal_get_fd@LIBSYSTEMD_209 0
+ sd_journal_get_monotonic_usec@LIBSYSTEMD_209 0
+ sd_journal_get_realtime_usec@LIBSYSTEMD_209 0
+ sd_journal_get_timeout@LIBSYSTEMD_209 0
+ sd_journal_get_usage@LIBSYSTEMD_209 0
+ sd_journal_has_persistent_files@LIBSYSTEMD_229 229
+ sd_journal_has_runtime_files@LIBSYSTEMD_229 229
+ sd_journal_next@LIBSYSTEMD_209 0
+ sd_journal_next_skip@LIBSYSTEMD_209 0
+ sd_journal_open@LIBSYSTEMD_209 0
+ sd_journal_open_container@LIBSYSTEMD_209 0
+ sd_journal_open_directory@LIBSYSTEMD_209 0
+ sd_journal_open_directory_fd@LIBSYSTEMD_230 230
+ sd_journal_open_files@LIBSYSTEMD_209 0
+ sd_journal_open_files_fd@LIBSYSTEMD_230 230
+ sd_journal_open_namespace@LIBSYSTEMD_245 245
+ sd_journal_perror@LIBSYSTEMD_209 0
+ sd_journal_perror_with_location@LIBSYSTEMD_209 0
+ sd_journal_previous@LIBSYSTEMD_209 0
+ sd_journal_previous_skip@LIBSYSTEMD_209 0
+ sd_journal_print@LIBSYSTEMD_209 0
+ sd_journal_print_with_location@LIBSYSTEMD_209 0
+ sd_journal_printv@LIBSYSTEMD_209 0
+ sd_journal_printv_with_location@LIBSYSTEMD_209 0
+ sd_journal_process@LIBSYSTEMD_209 0
+ sd_journal_query_unique@LIBSYSTEMD_209 0
+ sd_journal_reliable_fd@LIBSYSTEMD_209 0
+ sd_journal_restart_data@LIBSYSTEMD_209 0
+ sd_journal_restart_fields@LIBSYSTEMD_229 229
+ sd_journal_restart_unique@LIBSYSTEMD_209 0
+ sd_journal_seek_cursor@LIBSYSTEMD_209 0
+ sd_journal_seek_head@LIBSYSTEMD_209 0
+ sd_journal_seek_monotonic_usec@LIBSYSTEMD_209 0
+ sd_journal_seek_realtime_usec@LIBSYSTEMD_209 0
+ sd_journal_seek_tail@LIBSYSTEMD_209 0
+ sd_journal_send@LIBSYSTEMD_209 0
+ sd_journal_send_with_location@LIBSYSTEMD_209 0
+ sd_journal_sendv@LIBSYSTEMD_209 0
+ sd_journal_sendv_with_location@LIBSYSTEMD_209 0
+ sd_journal_set_data_threshold@LIBSYSTEMD_209 0
+ sd_journal_stream_fd@LIBSYSTEMD_209 0
+ sd_journal_test_cursor@LIBSYSTEMD_209 0
+ sd_journal_wait@LIBSYSTEMD_209 0
+ sd_listen_fds@LIBSYSTEMD_209 0
+ sd_listen_fds_with_names@LIBSYSTEMD_227 227
+ sd_login_monitor_flush@LIBSYSTEMD_209 0
+ sd_login_monitor_get_events@LIBSYSTEMD_209 0
+ sd_login_monitor_get_fd@LIBSYSTEMD_209 0
+ sd_login_monitor_get_timeout@LIBSYSTEMD_209 0
+ sd_login_monitor_new@LIBSYSTEMD_209 0
+ sd_login_monitor_unref@LIBSYSTEMD_209 0
+ sd_machine_get_class@LIBSYSTEMD_211 211
+ sd_machine_get_ifindices@LIBSYSTEMD_216 217
+ sd_notify@LIBSYSTEMD_209 0
+ sd_notify_barrier@LIBSYSTEMD_246 246
+ sd_notifyf@LIBSYSTEMD_209 0
+ sd_path_lookup@LIBSYSTEMD_246 246
+ sd_path_lookup_strv@LIBSYSTEMD_246 246
+ sd_peer_get_cgroup@LIBSYSTEMD_226 226
+ sd_peer_get_machine_name@LIBSYSTEMD_211 211
+ sd_peer_get_owner_uid@LIBSYSTEMD_211 211
+ sd_peer_get_session@LIBSYSTEMD_211 211
+ sd_peer_get_slice@LIBSYSTEMD_211 211
+ sd_peer_get_unit@LIBSYSTEMD_211 211
+ sd_peer_get_user_slice@LIBSYSTEMD_220 220
+ sd_peer_get_user_unit@LIBSYSTEMD_211 211
+ sd_pid_get_cgroup@LIBSYSTEMD_226 226
+ sd_pid_get_machine_name@LIBSYSTEMD_209 0
+ sd_pid_get_owner_uid@LIBSYSTEMD_209 0
+ sd_pid_get_session@LIBSYSTEMD_209 0
+ sd_pid_get_slice@LIBSYSTEMD_209 0
+ sd_pid_get_unit@LIBSYSTEMD_209 0
+ sd_pid_get_user_slice@LIBSYSTEMD_220 220
+ sd_pid_get_user_unit@LIBSYSTEMD_209 0
+ sd_pid_notify@LIBSYSTEMD_214 214
+ sd_pid_notify_with_fds@LIBSYSTEMD_219 219
+ sd_pid_notifyf@LIBSYSTEMD_214 214
+ sd_seat_can_graphical@LIBSYSTEMD_209 0
+ sd_seat_can_multi_session@LIBSYSTEMD_209 0
+ sd_seat_can_tty@LIBSYSTEMD_209 0
+ sd_seat_get_active@LIBSYSTEMD_209 0
+ sd_seat_get_sessions@LIBSYSTEMD_209 0
+ sd_session_get_class@LIBSYSTEMD_209 0
+ sd_session_get_desktop@LIBSYSTEMD_217 217
+ sd_session_get_display@LIBSYSTEMD_209 0
+ sd_session_get_remote_host@LIBSYSTEMD_209 0
+ sd_session_get_remote_user@LIBSYSTEMD_209 0
+ sd_session_get_seat@LIBSYSTEMD_209 0
+ sd_session_get_service@LIBSYSTEMD_209 0
+ sd_session_get_state@LIBSYSTEMD_209 0
+ sd_session_get_tty@LIBSYSTEMD_209 0
+ sd_session_get_type@LIBSYSTEMD_209 0
+ sd_session_get_uid@LIBSYSTEMD_209 0
+ sd_session_get_vt@LIBSYSTEMD_209 0
+ sd_session_is_active@LIBSYSTEMD_209 0
+ sd_session_is_remote@LIBSYSTEMD_209 0
+ sd_uid_get_display@LIBSYSTEMD_213 213
+ sd_uid_get_seats@LIBSYSTEMD_209 0
+ sd_uid_get_sessions@LIBSYSTEMD_209 0
+ sd_uid_get_state@LIBSYSTEMD_209 0
+ sd_uid_is_on_seat@LIBSYSTEMD_209 0
+ sd_watchdog_enabled@LIBSYSTEMD_209 0
diff --git a/debian/libudev-dev.install b/debian/libudev-dev.install
new file mode 100644
index 0000000..2a6f929
--- /dev/null
+++ b/debian/libudev-dev.install
@@ -0,0 +1,5 @@
+usr/lib/*/libudev.so
+usr/include/libudev.h
+usr/lib/*/pkgconfig/libudev.pc
+usr/share/man/man3/udev*
+usr/share/man/man3/libudev*
diff --git a/debian/libudev1-udeb.install b/debian/libudev1-udeb.install
new file mode 100644
index 0000000..1b214e5
--- /dev/null
+++ b/debian/libudev1-udeb.install
@@ -0,0 +1 @@
+usr/lib/*/libudev.so.*
diff --git a/debian/libudev1.install b/debian/libudev1.install
new file mode 100644
index 0000000..1b214e5
--- /dev/null
+++ b/debian/libudev1.install
@@ -0,0 +1 @@
+usr/lib/*/libudev.so.*
diff --git a/debian/libudev1.symbols b/debian/libudev1.symbols
new file mode 100644
index 0000000..cd976ed
--- /dev/null
+++ b/debian/libudev1.symbols
@@ -0,0 +1,100 @@
+libudev.so.1 libudev1 #MINVER#
+* Build-Depends-Package: libudev-dev
+ LIBUDEV_183@LIBUDEV_183 183
+ LIBUDEV_189@LIBUDEV_189 189
+ LIBUDEV_196@LIBUDEV_196 196
+ LIBUDEV_199@LIBUDEV_199 199
+ LIBUDEV_215@LIBUDEV_215 215
+ LIBUDEV_247@LIBUDEV_247 247
+ udev_device_get_action@LIBUDEV_183 183
+ udev_device_get_current_tags_list_entry@LIBUDEV_247 247
+ udev_device_get_devlinks_list_entry@LIBUDEV_183 183
+ udev_device_get_devnode@LIBUDEV_183 183
+ udev_device_get_devnum@LIBUDEV_183 183
+ udev_device_get_devpath@LIBUDEV_183 183
+ udev_device_get_devtype@LIBUDEV_183 183
+ udev_device_get_driver@LIBUDEV_183 183
+ udev_device_get_is_initialized@LIBUDEV_183 183
+ udev_device_get_parent@LIBUDEV_183 183
+ udev_device_get_parent_with_subsystem_devtype@LIBUDEV_183 183
+ udev_device_get_properties_list_entry@LIBUDEV_183 183
+ udev_device_get_property_value@LIBUDEV_183 183
+ udev_device_get_seqnum@LIBUDEV_183 183
+ udev_device_get_subsystem@LIBUDEV_183 183
+ udev_device_get_sysattr_list_entry@LIBUDEV_183 183
+ udev_device_get_sysattr_value@LIBUDEV_183 183
+ udev_device_get_sysname@LIBUDEV_183 183
+ udev_device_get_sysnum@LIBUDEV_183 183
+ udev_device_get_syspath@LIBUDEV_183 183
+ udev_device_get_tags_list_entry@LIBUDEV_183 183
+ udev_device_get_udev@LIBUDEV_183 183
+ udev_device_get_usec_since_initialized@LIBUDEV_183 183
+ udev_device_has_current_tag@LIBUDEV_247 247
+ udev_device_has_tag@LIBUDEV_183 183
+ udev_device_new_from_device_id@LIBUDEV_189 189
+ udev_device_new_from_devnum@LIBUDEV_183 183
+ udev_device_new_from_environment@LIBUDEV_183 183
+ udev_device_new_from_subsystem_sysname@LIBUDEV_183 183
+ udev_device_new_from_syspath@LIBUDEV_183 183
+ udev_device_ref@LIBUDEV_183 183
+ udev_device_set_sysattr_value@LIBUDEV_199 199
+ udev_device_unref@LIBUDEV_183 183
+ udev_enumerate_add_match_is_initialized@LIBUDEV_183 183
+ udev_enumerate_add_match_parent@LIBUDEV_183 183
+ udev_enumerate_add_match_property@LIBUDEV_183 183
+ udev_enumerate_add_match_subsystem@LIBUDEV_183 183
+ udev_enumerate_add_match_sysattr@LIBUDEV_183 183
+ udev_enumerate_add_match_sysname@LIBUDEV_183 183
+ udev_enumerate_add_match_tag@LIBUDEV_183 183
+ udev_enumerate_add_nomatch_subsystem@LIBUDEV_183 183
+ udev_enumerate_add_nomatch_sysattr@LIBUDEV_183 183
+ udev_enumerate_add_syspath@LIBUDEV_183 183
+ udev_enumerate_get_list_entry@LIBUDEV_183 183
+ udev_enumerate_get_udev@LIBUDEV_183 183
+ udev_enumerate_new@LIBUDEV_183 183
+ udev_enumerate_ref@LIBUDEV_183 183
+ udev_enumerate_scan_devices@LIBUDEV_183 183
+ udev_enumerate_scan_subsystems@LIBUDEV_183 183
+ udev_enumerate_unref@LIBUDEV_183 183
+ udev_get_log_priority@LIBUDEV_183 183
+ udev_get_userdata@LIBUDEV_183 183
+ udev_hwdb_get_properties_list_entry@LIBUDEV_196 196
+ udev_hwdb_new@LIBUDEV_196 196
+ udev_hwdb_ref@LIBUDEV_196 196
+ udev_hwdb_unref@LIBUDEV_196 196
+ udev_list_entry_get_by_name@LIBUDEV_183 183
+ udev_list_entry_get_name@LIBUDEV_183 183
+ udev_list_entry_get_next@LIBUDEV_183 183
+ udev_list_entry_get_value@LIBUDEV_183 183
+ udev_monitor_enable_receiving@LIBUDEV_183 183
+ udev_monitor_filter_add_match_subsystem_devtype@LIBUDEV_183 183
+ udev_monitor_filter_add_match_tag@LIBUDEV_183 183
+ udev_monitor_filter_remove@LIBUDEV_183 183
+ udev_monitor_filter_update@LIBUDEV_183 183
+ udev_monitor_get_fd@LIBUDEV_183 183
+ udev_monitor_get_udev@LIBUDEV_183 183
+ udev_monitor_new_from_netlink@LIBUDEV_183 183
+ udev_monitor_receive_device@LIBUDEV_183 183
+ udev_monitor_ref@LIBUDEV_183 183
+ udev_monitor_set_receive_buffer_size@LIBUDEV_183 183
+ udev_monitor_unref@LIBUDEV_183 183
+ udev_new@LIBUDEV_183 183
+ udev_queue_flush@LIBUDEV_215 215
+ udev_queue_get_fd@LIBUDEV_215 215
+ udev_queue_get_kernel_seqnum@LIBUDEV_183 183
+ udev_queue_get_queue_is_empty@LIBUDEV_183 183
+ udev_queue_get_queued_list_entry@LIBUDEV_183 183
+ udev_queue_get_seqnum_is_finished@LIBUDEV_183 183
+ udev_queue_get_seqnum_sequence_is_finished@LIBUDEV_183 183
+ udev_queue_get_udev@LIBUDEV_183 183
+ udev_queue_get_udev_is_active@LIBUDEV_183 183
+ udev_queue_get_udev_seqnum@LIBUDEV_183 183
+ udev_queue_new@LIBUDEV_183 183
+ udev_queue_ref@LIBUDEV_183 183
+ udev_queue_unref@LIBUDEV_183 183
+ udev_ref@LIBUDEV_183 183
+ udev_set_log_fn@LIBUDEV_183 183
+ udev_set_log_priority@LIBUDEV_183 183
+ udev_set_userdata@LIBUDEV_183 183
+ udev_unref@LIBUDEV_183 183
+ udev_util_encode_string@LIBUDEV_183 183
diff --git a/debian/patches/Add-helper-for-case-independent-string-equality-checks.patch b/debian/patches/Add-helper-for-case-independent-string-equality-checks.patch
new file mode 100644
index 0000000..8e69db9
--- /dev/null
+++ b/debian/patches/Add-helper-for-case-independent-string-equality-checks.patch
@@ -0,0 +1,24 @@
+From: Matthias Klumpp <matthias@tenstral.net>
+Date: Sat, 10 Oct 2020 04:40:23 +0200
+Subject: Add helper for case-independent string equality checks
+
+(cherry picked from commit bd47b0dac4a1ff6e686c99b9958693e86d44007b)
+---
+ src/basic/string-util.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/basic/string-util.h b/src/basic/string-util.h
+index fdd3ce7..6c99335 100644
+--- a/src/basic/string-util.h
++++ b/src/basic/string-util.h
+@@ -33,6 +33,10 @@ static inline bool streq_ptr(const char *a, const char *b) {
+ return strcmp_ptr(a, b) == 0;
+ }
+
++static inline bool strcaseeq_ptr(const char *a, const char *b) {
++ return strcasecmp_ptr(a, b) == 0;
++}
++
+ static inline char* strstr_ptr(const char *haystack, const char *needle) {
+ if (!haystack || !needle)
+ return NULL;
diff --git a/debian/patches/Always-free-deserialized_subscribed-on-reload.patch b/debian/patches/Always-free-deserialized_subscribed-on-reload.patch
new file mode 100644
index 0000000..f0f6129
--- /dev/null
+++ b/debian/patches/Always-free-deserialized_subscribed-on-reload.patch
@@ -0,0 +1,25 @@
+From: Ali Abdallah <ali.abdallah@suse.com>
+Date: Thu, 21 Jan 2021 07:37:21 +0100
+Subject: Always free deserialized_subscribed on reload
+
+Otherwise, it will keep consuming memory on systemctl daemon-reload.
+
+(cherry picked from commit 3deed59afdc2c18ecb76fe90b9bba0cd66045dfa)
+---
+ src/core/manager.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/core/manager.c b/src/core/manager.c
+index a1d6f7c..6858950 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -3842,6 +3842,9 @@ int manager_reload(Manager *m) {
+ /* Clean up runtime objects no longer referenced */
+ manager_vacuum(m);
+
++ /* Clean up deserialized tracked clients */
++ m->deserialized_subscribed = strv_free(m->deserialized_subscribed);
++
+ /* Consider the reload process complete now. */
+ assert(m->n_reloading > 0);
+ m->n_reloading--;
diff --git a/debian/patches/Drop-bundled-copy-of-linux-if_arp.h.patch b/debian/patches/Drop-bundled-copy-of-linux-if_arp.h.patch
new file mode 100644
index 0000000..83a6f2c
--- /dev/null
+++ b/debian/patches/Drop-bundled-copy-of-linux-if_arp.h.patch
@@ -0,0 +1,219 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 15 Sep 2021 16:33:05 +0200
+Subject: Drop bundled copy of linux/if_arp.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+As far as I can see, we use this to get a list of ARPHRD_* defines (used in
+particular for Type= in .link files). If we drop our copy, and build against
+old kernel headers, the user will have a shorter list of types available. This
+seems OK, and I don't think it's worth carrying our own version of this file
+just to have newest possible entries.
+
+7c5b9952c4f6e2b72f90edbe439982528b7cf223 recently updated this file, but we'd
+have to update it every time the kernel adds new entries. But if we look at
+the failure carefully:
+
+src/basic/arphrd-from-name.gperf:65:16: error: ‘ARPHRD_MCTP’ undeclared (first use in this function); did you mean ‘ARPHRD_FCPP’?
+ 65 | MCTP, ARPHRD_MCTP
+ | ^~
+ | ARPHRD_FCPP
+
+we see that the list we were generating was from the system headers, so it was
+only as good as the system headers anyway, without the newer entries in our
+bundled copy, if there were any. So let's make things simpler by always using
+system headers.
+
+And if somebody wants to fix things so that we always have the newest list,
+then we should just generate and store the converted list, not the full header.
+
+(cherry picked from commit e7f46ee3ae1cc66a94b293957721d68dc09d7449)
+---
+ src/basic/linux/if_arp.h | 164 -----------------------------------------------
+ src/basic/meson.build | 1 -
+ 2 files changed, 165 deletions(-)
+ delete mode 100644 src/basic/linux/if_arp.h
+
+diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h
+deleted file mode 100644
+index c3cc5a9..0000000
+--- a/src/basic/linux/if_arp.h
++++ /dev/null
+@@ -1,164 +0,0 @@
+-/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+-/*
+- * INET An implementation of the TCP/IP protocol suite for the LINUX
+- * operating system. INET is implemented using the BSD Socket
+- * interface as the means of communication with the user level.
+- *
+- * Global definitions for the ARP (RFC 826) protocol.
+- *
+- * Version: @(#)if_arp.h 1.0.1 04/16/93
+- *
+- * Authors: Original taken from Berkeley UNIX 4.3, (c) UCB 1986-1988
+- * Portions taken from the KA9Q/NOS (v2.00m PA0GRI) source.
+- * Ross Biro
+- * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
+- * Florian La Roche,
+- * Jonathan Layes <layes@loran.com>
+- * Arnaldo Carvalho de Melo <acme@conectiva.com.br> ARPHRD_HWX25
+- *
+- * This program is free software; you can redistribute it and/or
+- * modify it under the terms of the GNU General Public License
+- * as published by the Free Software Foundation; either version
+- * 2 of the License, or (at your option) any later version.
+- */
+-#ifndef _UAPI_LINUX_IF_ARP_H
+-#define _UAPI_LINUX_IF_ARP_H
+-
+-#include <linux/netdevice.h>
+-
+-/* ARP protocol HARDWARE identifiers. */
+-#define ARPHRD_NETROM 0 /* from KA9Q: NET/ROM pseudo */
+-#define ARPHRD_ETHER 1 /* Ethernet 10Mbps */
+-#define ARPHRD_EETHER 2 /* Experimental Ethernet */
+-#define ARPHRD_AX25 3 /* AX.25 Level 2 */
+-#define ARPHRD_PRONET 4 /* PROnet token ring */
+-#define ARPHRD_CHAOS 5 /* Chaosnet */
+-#define ARPHRD_IEEE802 6 /* IEEE 802.2 Ethernet/TR/TB */
+-#define ARPHRD_ARCNET 7 /* ARCnet */
+-#define ARPHRD_APPLETLK 8 /* APPLEtalk */
+-#define ARPHRD_DLCI 15 /* Frame Relay DLCI */
+-#define ARPHRD_ATM 19 /* ATM */
+-#define ARPHRD_METRICOM 23 /* Metricom STRIP (new IANA id) */
+-#define ARPHRD_IEEE1394 24 /* IEEE 1394 IPv4 - RFC 2734 */
+-#define ARPHRD_EUI64 27 /* EUI-64 */
+-#define ARPHRD_INFINIBAND 32 /* InfiniBand */
+-
+-/* Dummy types for non ARP hardware */
+-#define ARPHRD_SLIP 256
+-#define ARPHRD_CSLIP 257
+-#define ARPHRD_SLIP6 258
+-#define ARPHRD_CSLIP6 259
+-#define ARPHRD_RSRVD 260 /* Notional KISS type */
+-#define ARPHRD_ADAPT 264
+-#define ARPHRD_ROSE 270
+-#define ARPHRD_X25 271 /* CCITT X.25 */
+-#define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */
+-#define ARPHRD_CAN 280 /* Controller Area Network */
+-#define ARPHRD_PPP 512
+-#define ARPHRD_CISCO 513 /* Cisco HDLC */
+-#define ARPHRD_HDLC ARPHRD_CISCO
+-#define ARPHRD_LAPB 516 /* LAPB */
+-#define ARPHRD_DDCMP 517 /* Digital's DDCMP protocol */
+-#define ARPHRD_RAWHDLC 518 /* Raw HDLC */
+-#define ARPHRD_RAWIP 519 /* Raw IP */
+-
+-#define ARPHRD_TUNNEL 768 /* IPIP tunnel */
+-#define ARPHRD_TUNNEL6 769 /* IP6IP6 tunnel */
+-#define ARPHRD_FRAD 770 /* Frame Relay Access Device */
+-#define ARPHRD_SKIP 771 /* SKIP vif */
+-#define ARPHRD_LOOPBACK 772 /* Loopback device */
+-#define ARPHRD_LOCALTLK 773 /* Localtalk device */
+-#define ARPHRD_FDDI 774 /* Fiber Distributed Data Interface */
+-#define ARPHRD_BIF 775 /* AP1000 BIF */
+-#define ARPHRD_SIT 776 /* sit0 device - IPv6-in-IPv4 */
+-#define ARPHRD_IPDDP 777 /* IP over DDP tunneller */
+-#define ARPHRD_IPGRE 778 /* GRE over IP */
+-#define ARPHRD_PIMREG 779 /* PIMSM register interface */
+-#define ARPHRD_HIPPI 780 /* High Performance Parallel Interface */
+-#define ARPHRD_ASH 781 /* Nexus 64Mbps Ash */
+-#define ARPHRD_ECONET 782 /* Acorn Econet */
+-#define ARPHRD_IRDA 783 /* Linux-IrDA */
+-/* ARP works differently on different FC media .. so */
+-#define ARPHRD_FCPP 784 /* Point to point fibrechannel */
+-#define ARPHRD_FCAL 785 /* Fibrechannel arbitrated loop */
+-#define ARPHRD_FCPL 786 /* Fibrechannel public loop */
+-#define ARPHRD_FCFABRIC 787 /* Fibrechannel fabric */
+- /* 787->799 reserved for fibrechannel media types */
+-#define ARPHRD_IEEE802_TR 800 /* Magic type ident for TR */
+-#define ARPHRD_IEEE80211 801 /* IEEE 802.11 */
+-#define ARPHRD_IEEE80211_PRISM 802 /* IEEE 802.11 + Prism2 header */
+-#define ARPHRD_IEEE80211_RADIOTAP 803 /* IEEE 802.11 + radiotap header */
+-#define ARPHRD_IEEE802154 804
+-#define ARPHRD_IEEE802154_MONITOR 805 /* IEEE 802.15.4 network monitor */
+-
+-#define ARPHRD_PHONET 820 /* PhoNet media type */
+-#define ARPHRD_PHONET_PIPE 821 /* PhoNet pipe header */
+-#define ARPHRD_CAIF 822 /* CAIF media type */
+-#define ARPHRD_IP6GRE 823 /* GRE over IPv6 */
+-#define ARPHRD_NETLINK 824 /* Netlink header */
+-#define ARPHRD_6LOWPAN 825 /* IPv6 over LoWPAN */
+-#define ARPHRD_VSOCKMON 826 /* Vsock monitor header */
+-
+-#define ARPHRD_VOID 0xFFFF /* Void type, nothing is known */
+-#define ARPHRD_NONE 0xFFFE /* zero header length */
+-
+-/* ARP protocol opcodes. */
+-#define ARPOP_REQUEST 1 /* ARP request */
+-#define ARPOP_REPLY 2 /* ARP reply */
+-#define ARPOP_RREQUEST 3 /* RARP request */
+-#define ARPOP_RREPLY 4 /* RARP reply */
+-#define ARPOP_InREQUEST 8 /* InARP request */
+-#define ARPOP_InREPLY 9 /* InARP reply */
+-#define ARPOP_NAK 10 /* (ATM)ARP NAK */
+-
+-
+-/* ARP ioctl request. */
+-struct arpreq {
+- struct sockaddr arp_pa; /* protocol address */
+- struct sockaddr arp_ha; /* hardware address */
+- int arp_flags; /* flags */
+- struct sockaddr arp_netmask; /* netmask (only for proxy arps) */
+- char arp_dev[IFNAMSIZ];
+-};
+-
+-struct arpreq_old {
+- struct sockaddr arp_pa; /* protocol address */
+- struct sockaddr arp_ha; /* hardware address */
+- int arp_flags; /* flags */
+- struct sockaddr arp_netmask; /* netmask (only for proxy arps) */
+-};
+-
+-/* ARP Flag values. */
+-#define ATF_COM 0x02 /* completed entry (ha valid) */
+-#define ATF_PERM 0x04 /* permanent entry */
+-#define ATF_PUBL 0x08 /* publish entry */
+-#define ATF_USETRAILERS 0x10 /* has requested trailers */
+-#define ATF_NETMASK 0x20 /* want to use a netmask (only
+- for proxy entries) */
+-#define ATF_DONTPUB 0x40 /* don't answer this addresses */
+-
+-/*
+- * This structure defines an ethernet arp header.
+- */
+-
+-struct arphdr {
+- __be16 ar_hrd; /* format of hardware address */
+- __be16 ar_pro; /* format of protocol address */
+- unsigned char ar_hln; /* length of hardware address */
+- unsigned char ar_pln; /* length of protocol address */
+- __be16 ar_op; /* ARP opcode (command) */
+-
+-#if 0
+- /*
+- * Ethernet looks like this : This bit is variable sized however...
+- */
+- unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */
+- unsigned char ar_sip[4]; /* sender IP address */
+- unsigned char ar_tha[ETH_ALEN]; /* target hardware address */
+- unsigned char ar_tip[4]; /* target IP address */
+-#endif
+-
+-};
+-
+-
+-#endif /* _UAPI_LINUX_IF_ARP_H */
+diff --git a/src/basic/meson.build b/src/basic/meson.build
+index 1183ea8..2c13cf4 100644
+--- a/src/basic/meson.build
++++ b/src/basic/meson.build
+@@ -98,7 +98,6 @@ basic_sources = files('''
+ linux/hdlc/ioctl.h
+ linux/if.h
+ linux/if_addr.h
+- linux/if_arp.h
+ linux/if_bonding.h
+ linux/if_bridge.h
+ linux/if_ether.h
diff --git a/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch b/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch
new file mode 100644
index 0000000..c9e3500
--- /dev/null
+++ b/debian/patches/LoadCredentials-do-not-assert-on-invalid-syntax.patch
@@ -0,0 +1,34 @@
+From: Luca Boccassi <luca.boccassi@microsoft.com>
+Date: Thu, 1 Apr 2021 22:18:29 +0100
+Subject: LoadCredentials: do not assert on invalid syntax
+
+LoadCredentials=foo causes an assertion to be triggered, as we
+are not checking that the rvalue's right hand side part is non-empty
+before using it in unit_full_printf.
+
+Fixes #19178
+
+# printf [Service]nLoadCredential=passwd.hashed-password.rootn > hello.service
+# systemd-analyze verify ./hello.service
+...
+Assertion 'format' failed at src/core/unit-printf.c:232, function unit_full_printf(). Aborting.
+Aborted (core dumped)
+
+(cherry picked from commit f7a6f1226e800f7695c2073675523062ea697aa4)
+---
+ src/core/load-fragment.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
+index 4964249..5b66fb1 100644
+--- a/src/core/load-fragment.c
++++ b/src/core/load-fragment.c
+@@ -4569,7 +4569,7 @@ int config_parse_load_credential(
+ r = extract_first_word(&p, &word, ":", EXTRACT_DONT_COALESCE_SEPARATORS);
+ if (r == -ENOMEM)
+ return log_oom();
+- if (r <= 0) {
++ if (r <= 0 || isempty(p)) {
+ log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
+ return 0;
+ }
diff --git a/debian/patches/Revert-udev-do-not-execute-hwdb-builtin-import-twice-or-t.patch b/debian/patches/Revert-udev-do-not-execute-hwdb-builtin-import-twice-or-t.patch
new file mode 100644
index 0000000..fa14d0d
--- /dev/null
+++ b/debian/patches/Revert-udev-do-not-execute-hwdb-builtin-import-twice-or-t.patch
@@ -0,0 +1,52 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 10 Mar 2021 10:17:23 +0100
+Subject: Revert "udev: do not execute hwdb builtin import twice or thrice"
+
+This reverts commit 876c75fe870846b09b54423a6b719d80bc879b27.
+
+The patch seems to cause usb devices to get some attributes set from the parent
+PCI device. 'hwdb' builtin has support for breaking iteration upwards on usb
+devices. But when '--subsystem=foo' is specified, iteration is continued. I'm
+sure it *could* be figured out, but it seems hard to get all the combinations
+correct. So let's revert to functional status quo ante, even if does the lookup
+more than once unnecessarily.
+
+Fixes #18125.
+
+(cherry picked from commit 451ba55fecd8b494add2001b3ca3c1915c8fd655)
+---
+ rules.d/50-udev-default.rules.in | 3 +--
+ rules.d/60-serial.rules | 5 ++---
+ 2 files changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
+index cef78f9..50747a1 100644
+--- a/rules.d/50-udev-default.rules.in
++++ b/rules.d/50-udev-default.rules.in
+@@ -10,9 +10,8 @@ SUBSYSTEM=="virtio-ports", KERNEL=="vport*", ATTR{name}=="?*", SYMLINK+="virtio-
+ SUBSYSTEM=="rtc", ATTR{hctosys}=="1", SYMLINK+="rtc"
+ SUBSYSTEM=="rtc", KERNEL=="rtc0", SYMLINK+="rtc", OPTIONS+="link_priority=-100"
+
+-SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", IMPORT{builtin}="usb_id", IMPORT{builtin}="hwdb --subsystem=usb", GOTO="default_hwdb_imported"
++SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", IMPORT{builtin}="usb_id", IMPORT{builtin}="hwdb --subsystem=usb"
+ ENV{MODALIAS}!="", IMPORT{builtin}="hwdb --subsystem=$env{SUBSYSTEM}"
+-LABEL="default_hwdb_imported"
+
+ ACTION!="add", GOTO="default_end"
+
+diff --git a/rules.d/60-serial.rules b/rules.d/60-serial.rules
+index b162665..f303e27 100644
+--- a/rules.d/60-serial.rules
++++ b/rules.d/60-serial.rules
+@@ -4,9 +4,8 @@ ACTION=="remove", GOTO="serial_end"
+ SUBSYSTEM!="tty", GOTO="serial_end"
+
+ SUBSYSTEMS=="pci", ENV{ID_BUS}="pci", ENV{ID_VENDOR_ID}="$attr{vendor}", ENV{ID_MODEL_ID}="$attr{device}"
+-# We already ran the hwdb builtin for devices with MODALIAS in 50-default.rules.
+-# Let's cover the remaining case here, where we walk up the tree to find a node with $MODALIAS.
+-ENV{MODALIAS}=="", SUBSYSTEMS=="pci", IMPORT{builtin}="hwdb --subsystem=pci"
++SUBSYSTEMS=="pci", IMPORT{builtin}="hwdb --subsystem=pci"
++SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id", IMPORT{builtin}="hwdb --subsystem=usb"
+
+ # /dev/serial/by-path/, /dev/serial/by-id/ for USB devices
+ KERNEL!="ttyUSB[0-9]*|ttyACM[0-9]*", GOTO="serial_end"
diff --git a/debian/patches/analyze-slightly-reword-PrivateTmp-message.patch b/debian/patches/analyze-slightly-reword-PrivateTmp-message.patch
new file mode 100644
index 0000000..e6d9f1a
--- /dev/null
+++ b/debian/patches/analyze-slightly-reword-PrivateTmp-message.patch
@@ -0,0 +1,26 @@
+From: Lennart Poettering <lennart@poettering.net>
+Date: Wed, 10 Feb 2021 10:50:23 +0100
+Subject: analyze: slightly reword PrivateTmp= message
+
+Apparently there way confusion about "does not apply". Let's say "is not
+appropriate".
+
+Fixes: #13095
+(cherry picked from commit 77552b9520ba0d47cbf33cdbe1ddedb9ce9b5bf3)
+---
+ src/analyze/analyze-security.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c
+index 8d94fbc..99ec7b5 100644
+--- a/src/analyze/analyze-security.c
++++ b/src/analyze/analyze-security.c
+@@ -1545,7 +1545,7 @@ static int assess(const struct security_info *info, Table *overview_table, Analy
+
+ if (a->default_dependencies_only && !info->default_dependencies) {
+ badness = UINT64_MAX;
+- d = strdup("Service runs in special boot phase, option does not apply");
++ d = strdup("Service runs in special boot phase, option is not appropriate");
+ if (!d)
+ return log_oom();
+ } else {
diff --git a/debian/patches/ata_id-Fixed-getting-Response-Code-from-SCSI-Sense-Data-2.patch b/debian/patches/ata_id-Fixed-getting-Response-Code-from-SCSI-Sense-Data-2.patch
new file mode 100644
index 0000000..de1b1f2
--- /dev/null
+++ b/debian/patches/ata_id-Fixed-getting-Response-Code-from-SCSI-Sense-Data-2.patch
@@ -0,0 +1,37 @@
+From: Aleksey Vasenev <margtu-fivt@ya.ru>
+Date: Wed, 5 Oct 2022 22:33:53 +0300
+Subject: ata_id: Fixed getting Response Code from SCSI Sense Data (#24921)
+
+The Response Code is contained in the first byte of the SCSI Sense Data.
+Bit number 7 is reserved or has a different meaning for some Response Codes
+and is set to 1 for some drives.
+
+(cherry picked from commit 2be1ae54badf7a3a12908a8094ebaba8f91887ca)
+---
+ src/udev/ata_id/ata_id.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/udev/ata_id/ata_id.c b/src/udev/ata_id/ata_id.c
+index ce0bf5d..c86e40b 100644
+--- a/src/udev/ata_id/ata_id.c
++++ b/src/udev/ata_id/ata_id.c
+@@ -162,8 +162,8 @@ static int disk_identify_command(
+ return ret;
+ }
+
+- if (!(sense[0] == 0x72 && desc[0] == 0x9 && desc[1] == 0x0c) &&
+- !(sense[0] == 0x70 && sense[12] == 0x00 && sense[13] == 0x1d)) {
++ if (!((sense[0] & 0x7f) == 0x72 && desc[0] == 0x9 && desc[1] == 0x0c) &&
++ !((sense[0] & 0x7f) == 0x70 && sense[12] == 0x00 && sense[13] == 0x1d)) {
+ errno = EIO;
+ return -1;
+ }
+@@ -240,7 +240,7 @@ static int disk_identify_packet_device_command(
+ return ret;
+ }
+
+- if (!(sense[0] == 0x72 && desc[0] == 0x9 && desc[1] == 0x0c)) {
++ if (!((sense[0] & 0x7f) == 0x72 && desc[0] == 0x9 && desc[1] == 0x0c)) {
+ errno = EIO;
+ return -1;
+ }
diff --git a/debian/patches/basic-add-make_mount_point_inode-helper.patch b/debian/patches/basic-add-make_mount_point_inode-helper.patch
new file mode 100644
index 0000000..49207c3
--- /dev/null
+++ b/debian/patches/basic-add-make_mount_point_inode-helper.patch
@@ -0,0 +1,239 @@
+From: Luca Boccassi <bluca@debian.org>
+Date: Sat, 19 Dec 2020 21:40:47 +0000
+Subject: basic: add make_mount_point_inode helper
+
+Creates a file or a directory depending on the source path, useful
+for creating mount points.
+
+(cherry picked from commit 8bab8029105e44ce78c5e11bffa203a1135fe201)
+---
+ src/basic/mountpoint-util.c | 25 +++++++++++++++++++++
+ src/basic/mountpoint-util.h | 4 ++++
+ src/core/namespace.c | 26 +++++++--------------
+ src/machine/machine-dbus.c | 14 ++++--------
+ src/test/test-mountpoint-util.c | 50 +++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 91 insertions(+), 28 deletions(-)
+
+diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c
+index a6602ad..ed7457f 100644
+--- a/src/basic/mountpoint-util.c
++++ b/src/basic/mountpoint-util.c
+@@ -8,14 +8,17 @@
+ #include "fd-util.h"
+ #include "fileio.h"
+ #include "fs-util.h"
++#include "label.h"
+ #include "missing_stat.h"
+ #include "missing_syscall.h"
++#include "mkdir.h"
+ #include "mountpoint-util.h"
+ #include "parse-util.h"
+ #include "path-util.h"
+ #include "stat-util.h"
+ #include "stdio-util.h"
+ #include "strv.h"
++#include "user-util.h"
+
+ /* This is the original MAX_HANDLE_SZ definition from the kernel, when the API was introduced. We use that in place of
+ * any more currently defined value to future-proof things: if the size is increased in the API headers, and our code
+@@ -509,3 +512,25 @@ int mount_propagation_flags_from_string(const char *name, unsigned long *ret) {
+ return -EINVAL;
+ return 0;
+ }
++
++int make_mount_point_inode_from_stat(const struct stat *st, const char *dest, mode_t mode) {
++ assert(st);
++ assert(dest);
++
++ if (S_ISDIR(st->st_mode))
++ return mkdir_label(dest, mode);
++ else
++ return mknod(dest, S_IFREG|(mode & ~0111), 0);
++}
++
++int make_mount_point_inode_from_path(const char *source, const char *dest, mode_t mode) {
++ struct stat st;
++
++ assert(source);
++ assert(dest);
++
++ if (stat(source, &st) < 0)
++ return -errno;
++
++ return make_mount_point_inode_from_stat(&st, dest, mode);
++}
+diff --git a/src/basic/mountpoint-util.h b/src/basic/mountpoint-util.h
+index aadb212..cebcec5 100644
+--- a/src/basic/mountpoint-util.h
++++ b/src/basic/mountpoint-util.h
+@@ -23,3 +23,7 @@ int dev_is_devtmpfs(void);
+
+ const char *mount_propagation_flags_to_string(unsigned long flags);
+ int mount_propagation_flags_from_string(const char *name, unsigned long *ret);
++
++/* Creates a mount point (not parents) based on the source path or stat - ie, a file or a directory */
++int make_mount_point_inode_from_stat(const struct stat *st, const char *dest, mode_t mode);
++int make_mount_point_inode_from_path(const char *source, const char *dest, mode_t mode);
+diff --git a/src/core/namespace.c b/src/core/namespace.c
+index cdf427a..02381da 100644
+--- a/src/core/namespace.c
++++ b/src/core/namespace.c
+@@ -1176,29 +1176,19 @@ static int apply_mount(
+ bool try_again = false;
+
+ if (r == -ENOENT && make) {
+- struct stat st;
++ int q;
+
+ /* Hmm, either the source or the destination are missing. Let's see if we can create
+ the destination, then try again. */
+
+- if (stat(what, &st) < 0)
+- log_error_errno(errno, "Mount point source '%s' is not accessible: %m", what);
+- else {
+- int q;
++ (void) mkdir_parents(mount_entry_path(m), 0755);
+
+- (void) mkdir_parents(mount_entry_path(m), 0755);
+-
+- if (S_ISDIR(st.st_mode))
+- q = mkdir(mount_entry_path(m), 0755) < 0 ? -errno : 0;
+- else
+- q = touch(mount_entry_path(m));
+-
+- if (q < 0)
+- log_error_errno(q, "Failed to create destination mount point node '%s': %m",
+- mount_entry_path(m));
+- else
+- try_again = true;
+- }
++ q = make_mount_point_inode_from_path(what, mount_entry_path(m), 0755);
++ if (q < 0)
++ log_error_errno(q, "Failed to create destination mount point node '%s': %m",
++ mount_entry_path(m));
++ else
++ try_again = true;
+ }
+
+ if (try_again)
+diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c
+index bb67beb..1105008 100644
+--- a/src/machine/machine-dbus.c
++++ b/src/machine/machine-dbus.c
+@@ -32,6 +32,7 @@
+ #include "missing_capability.h"
+ #include "mkdir.h"
+ #include "mount-util.h"
++#include "mountpoint-util.h"
+ #include "namespace-util.h"
+ #include "os-util.h"
+ #include "path-util.h"
+@@ -908,10 +909,7 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu
+
+ /* Second, we mount the source file or directory to a directory inside of our MS_SLAVE playground. */
+ mount_tmp = strjoina(mount_slave, "/mount");
+- if (S_ISDIR(st.st_mode))
+- r = mkdir_errno_wrapper(mount_tmp, 0700);
+- else
+- r = touch(mount_tmp);
++ r = make_mount_point_inode_from_stat(&st, mount_tmp, 0700);
+ if (r < 0) {
+ sd_bus_error_set_errnof(error, r, "Failed to create temporary mount point %s: %m", mount_tmp);
+ goto finish;
+@@ -1003,12 +1001,8 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu
+ }
+
+ if (make_file_or_directory) {
+- if (S_ISDIR(st.st_mode))
+- (void) mkdir_p(dest, 0755);
+- else {
+- (void) mkdir_parents(dest, 0755);
+- (void) mknod(dest, S_IFREG|0600, 0);
+- }
++ (void) mkdir_parents(dest, 0755);
++ (void) make_mount_point_inode_from_stat(&st, dest, 0700);
+ }
+
+ mount_inside = strjoina("/run/host/incoming/", basename(mount_outside));
+diff --git a/src/test/test-mountpoint-util.c b/src/test/test-mountpoint-util.c
+index 47fde5c..1ce3d5d 100644
+--- a/src/test/test-mountpoint-util.c
++++ b/src/test/test-mountpoint-util.c
+@@ -8,13 +8,16 @@
+ #include "def.h"
+ #include "fd-util.h"
+ #include "fileio.h"
++#include "fs-util.h"
+ #include "hashmap.h"
+ #include "log.h"
++#include "mkdir.h"
+ #include "mountpoint-util.h"
+ #include "path-util.h"
+ #include "rm-rf.h"
+ #include "string-util.h"
+ #include "tests.h"
++#include "tmpfile-util.h"
+
+ static void test_mount_propagation_flags(const char *name, int ret, unsigned long expected) {
+ long unsigned flags;
+@@ -287,6 +290,52 @@ static void test_fd_is_mount_point(void) {
+ assert_se(IN_SET(fd_is_mount_point(fd, "root/", 0), -ENOENT, 0));
+ }
+
++static void test_make_mount_point_inode(void) {
++ _cleanup_(rm_rf_physical_and_freep) char *d = NULL;
++ const char *src_file, *src_dir, *dst_file, *dst_dir;
++ struct stat st;
++
++ log_info("/* %s */", __func__);
++
++ assert_se(mkdtemp_malloc(NULL, &d) >= 0);
++
++ src_file = strjoina(d, "/src/file");
++ src_dir = strjoina(d, "/src/dir");
++ dst_file = strjoina(d, "/dst/file");
++ dst_dir = strjoina(d, "/dst/dir");
++
++ assert_se(mkdir_p(src_dir, 0755) >= 0);
++ assert_se(mkdir_parents(dst_file, 0755) >= 0);
++ assert_se(touch(src_file) >= 0);
++
++ assert_se(make_mount_point_inode_from_path(src_file, dst_file, 0755) >= 0);
++ assert_se(make_mount_point_inode_from_path(src_dir, dst_dir, 0755) >= 0);
++
++ assert_se(stat(dst_dir, &st) == 0);
++ assert_se(S_ISDIR(st.st_mode));
++ assert_se(stat(dst_file, &st) == 0);
++ assert_se(S_ISREG(st.st_mode));
++ assert_se(!(S_IXUSR & st.st_mode));
++ assert_se(!(S_IXGRP & st.st_mode));
++ assert_se(!(S_IXOTH & st.st_mode));
++
++ assert_se(unlink(dst_file) == 0);
++ assert_se(rmdir(dst_dir) == 0);
++
++ assert_se(stat(src_file, &st) == 0);
++ assert_se(make_mount_point_inode_from_stat(&st, dst_file, 0755) >= 0);
++ assert_se(stat(src_dir, &st) == 0);
++ assert_se(make_mount_point_inode_from_stat(&st, dst_dir, 0755) >= 0);
++
++ assert_se(stat(dst_dir, &st) == 0);
++ assert_se(S_ISDIR(st.st_mode));
++ assert_se(stat(dst_file, &st) == 0);
++ assert_se(S_ISREG(st.st_mode));
++ assert_se(!(S_IXUSR & st.st_mode));
++ assert_se(!(S_IXGRP & st.st_mode));
++ assert_se(!(S_IXOTH & st.st_mode));
++}
++
+ int main(int argc, char *argv[]) {
+ test_setup_logging(LOG_DEBUG);
+
+@@ -311,6 +360,7 @@ int main(int argc, char *argv[]) {
+ test_mnt_id();
+ test_path_is_mount_point();
+ test_fd_is_mount_point();
++ test_make_mount_point_inode();
+
+ return 0;
+ }
diff --git a/debian/patches/basic-unit-name-adjust-comments.patch b/debian/patches/basic-unit-name-adjust-comments.patch
new file mode 100644
index 0000000..d83b1d7
--- /dev/null
+++ b/debian/patches/basic-unit-name-adjust-comments.patch
@@ -0,0 +1,36 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 23 Jun 2021 11:52:56 +0200
+Subject: basic/unit-name: adjust comments
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+We already checked for "too long" right above…
+
+(cherry picked from commit 4e2544c30bfb95e7cb4d1551ba066b1a56520ad6)
+---
+ src/basic/unit-name.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
+index 9b6cacd..e286831 100644
+--- a/src/basic/unit-name.c
++++ b/src/basic/unit-name.c
+@@ -528,7 +528,7 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) {
+ if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
+ return -ENAMETOOLONG;
+
+- /* Refuse this if this got too long or for some other reason didn't result in a valid name */
++ /* Refuse if this for some other reason didn't result in a valid name */
+ if (!unit_name_is_valid(s, UNIT_NAME_PLAIN))
+ return -EINVAL;
+
+@@ -562,7 +562,7 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha
+ if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
+ return -ENAMETOOLONG;
+
+- /* Refuse this if this got too long or for some other reason didn't result in a valid name */
++ /* Refuse if this for some other reason didn't result in a valid name */
+ if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE))
+ return -EINVAL;
+
diff --git a/debian/patches/basic-unit-name-do-not-use-strdupa-on-a-path.patch b/debian/patches/basic-unit-name-do-not-use-strdupa-on-a-path.patch
new file mode 100644
index 0000000..b080d25
--- /dev/null
+++ b/debian/patches/basic-unit-name-do-not-use-strdupa-on-a-path.patch
@@ -0,0 +1,65 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Wed, 23 Jun 2021 11:46:41 +0200
+Subject: basic/unit-name: do not use strdupa() on a path
+
+The path may have unbounded length, for example through a fuse mount.
+
+CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
+ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
+and each mountpoint is passed to mount_setup_unit(), which calls
+unit_name_path_escape() underneath. A local attacker who is able to mount a
+filesystem with a very long path can crash systemd and the whole system.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1970887
+
+The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we
+can't easily check the length after simplification before doing the
+simplification, which in turns uses a copy of the string we can write to.
+So we can't reject paths that are too long before doing the duplication.
+Hence the most obvious solution is to switch back to strdup(), as before
+7410616cd9dbbec97cf98d75324da5cda2b2f7a2.
+
+(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9)
+(cherry picked from commit 764b74113e36ac5219a4b82a05f311b5a92136ce)
+(cherry picked from commit 4a1c5f34bd3e1daed4490e9d97918e504d19733b)
+(cherry picked from commit b00674347337b7531c92fdb65590ab253bb57538)
+---
+ src/basic/unit-name.c | 13 +++++--------
+ 1 file changed, 5 insertions(+), 8 deletions(-)
+
+diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
+index 5f595af..9b6cacd 100644
+--- a/src/basic/unit-name.c
++++ b/src/basic/unit-name.c
+@@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) {
+ }
+
+ int unit_name_path_escape(const char *f, char **ret) {
+- char *p, *s;
++ _cleanup_free_ char *p = NULL;
++ char *s;
+
+ assert(f);
+ assert(ret);
+
+- p = strdupa(f);
++ p = strdup(f);
+ if (!p)
+ return -ENOMEM;
+
+@@ -395,13 +396,9 @@ int unit_name_path_escape(const char *f, char **ret) {
+ if (!path_is_normalized(p))
+ return -EINVAL;
+
+- /* Truncate trailing slashes */
++ /* Truncate trailing slashes and skip leading slashes */
+ delete_trailing_chars(p, "/");
+-
+- /* Truncate leading slashes */
+- p = skip_leading_chars(p, "/");
+-
+- s = unit_name_escape(p);
++ s = unit_name_escape(skip_leading_chars(p, "/"));
+ }
+ if (!s)
+ return -ENOMEM;
diff --git a/debian/patches/btrfs-util-add-helper-that-abstracts-might-be-btrfs-subvo.patch b/debian/patches/btrfs-util-add-helper-that-abstracts-might-be-btrfs-subvo.patch
new file mode 100644
index 0000000..0dffcf3
--- /dev/null
+++ b/debian/patches/btrfs-util-add-helper-that-abstracts-might-be-btrfs-subvo.patch
@@ -0,0 +1,106 @@
+From: Lennart Poettering <lennart@poettering.net>
+Date: Fri, 26 Feb 2021 17:39:55 +0100
+Subject: btrfs-util: add helper that abstracts "might be btrfs subvol?" check
+
+Let#s not hardcode inode nr 256 everywhere, but abstract this check
+slightly.
+
+(cherry picked from commit 674b04ff1b6deab17f5d36c036c0275ba94e1ebc)
+(cherry picked from commit 190c6bcfc3518bec964ab740085ac88ccc86dcc7)
+---
+ src/basic/btrfs-util.c | 6 +++---
+ src/basic/btrfs-util.h | 10 ++++++++++
+ src/basic/rm-rf.c | 2 +-
+ src/import/export-tar.c | 2 +-
+ src/shared/machine-image.c | 3 +--
+ 5 files changed, 16 insertions(+), 7 deletions(-)
+
+diff --git a/src/basic/btrfs-util.c b/src/basic/btrfs-util.c
+index 2634659..f0df51a 100644
+--- a/src/basic/btrfs-util.c
++++ b/src/basic/btrfs-util.c
+@@ -91,7 +91,7 @@ int btrfs_is_subvol_fd(int fd) {
+ if (fstat(fd, &st) < 0)
+ return -errno;
+
+- if (!S_ISDIR(st.st_mode) || st.st_ino != 256)
++ if (!btrfs_might_be_subvol(&st))
+ return 0;
+
+ return btrfs_is_filesystem(fd);
+@@ -194,7 +194,7 @@ int btrfs_subvol_set_read_only_fd(int fd, bool b) {
+ if (fstat(fd, &st) < 0)
+ return -errno;
+
+- if (!S_ISDIR(st.st_mode) || st.st_ino != 256)
++ if (!btrfs_might_be_subvol(&st))
+ return -EINVAL;
+
+ if (ioctl(fd, BTRFS_IOC_SUBVOL_GETFLAGS, &flags) < 0)
+@@ -229,7 +229,7 @@ int btrfs_subvol_get_read_only_fd(int fd) {
+ if (fstat(fd, &st) < 0)
+ return -errno;
+
+- if (!S_ISDIR(st.st_mode) || st.st_ino != 256)
++ if (!btrfs_might_be_subvol(&st))
+ return -EINVAL;
+
+ if (ioctl(fd, BTRFS_IOC_SUBVOL_GETFLAGS, &flags) < 0)
+diff --git a/src/basic/btrfs-util.h b/src/basic/btrfs-util.h
+index c8b44f6..0f569b6 100644
+--- a/src/basic/btrfs-util.h
++++ b/src/basic/btrfs-util.h
+@@ -127,3 +127,13 @@ static inline int btrfs_log_dev_root(int level, int ret, const char *p) {
+ "File system behind %s is reported by btrfs to be backed by pseudo-device /dev/root, which is not a valid userspace accessible device node. "
+ "Cannot determine correct backing block device.", p);
+ }
++
++static inline bool btrfs_might_be_subvol(const struct stat *st) {
++ if (!st)
++ return false;
++
++ /* Returns true if this 'struct stat' looks like it could refer to a btrfs subvolume. To make a final
++ * decision, needs to be combined with an fstatfs() check to see if this is actually btrfs. */
++
++ return S_ISDIR(st->st_mode) && st->st_ino == 256;
++}
+diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c
+index b0d682f..4c39ce8 100644
+--- a/src/basic/rm-rf.c
++++ b/src/basic/rm-rf.c
+@@ -147,7 +147,7 @@ int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) {
+ if (r > 0)
+ continue;
+
+- if ((flags & REMOVE_SUBVOLUME) && st.st_ino == 256) {
++ if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) {
+
+ /* This could be a subvolume, try to remove it */
+
+diff --git a/src/import/export-tar.c b/src/import/export-tar.c
+index b8b650f..1e6b2c1 100644
+--- a/src/import/export-tar.c
++++ b/src/import/export-tar.c
+@@ -283,7 +283,7 @@ int tar_export_start(TarExport *e, const char *path, int fd, ImportCompressType
+
+ e->quota_referenced = (uint64_t) -1;
+
+- if (e->st.st_ino == 256) { /* might be a btrfs subvolume? */
++ if (btrfs_might_be_subvol(&e->st)) {
+ BtrfsQuotaInfo q;
+
+ r = btrfs_subvol_get_subtree_quota_fd(sfd, 0, &q);
+diff --git a/src/shared/machine-image.c b/src/shared/machine-image.c
+index 671a56b..c7cf5e9 100644
+--- a/src/shared/machine-image.c
++++ b/src/shared/machine-image.c
+@@ -248,8 +248,7 @@ static int image_make(
+ if (fd < 0)
+ return -errno;
+
+- /* btrfs subvolumes have inode 256 */
+- if (st->st_ino == 256) {
++ if (btrfs_might_be_subvol(st)) {
+
+ r = btrfs_is_filesystem(fd);
+ if (r < 0)
diff --git a/debian/patches/core-fix-mtime-calculation-of-dropin-files.patch b/debian/patches/core-fix-mtime-calculation-of-dropin-files.patch
new file mode 100644
index 0000000..4c6b1e8
--- /dev/null
+++ b/debian/patches/core-fix-mtime-calculation-of-dropin-files.patch
@@ -0,0 +1,100 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Thu, 4 Mar 2021 00:36:24 +0100
+Subject: core: fix mtime calculation of dropin files
+
+Nominally, the bug was in unit_load_dropin(), which just took the last mtime
+instead of calculating the maximum. But instead of adding code to wrap the
+loop, this patch goes in the other direction.
+
+All (correct) callers of config_parse() followed a very similar pattern to
+calculate the maximum mtime. So let's simplify things by making config_parse()
+assume that mtime is initialized and update it to the maximum. This makes all
+the callers that care about mtime simpler and also fixes the issue in
+unit_load_dropin().
+
+config_parse_many_nulstr() and config_parse_many() are different, because it
+makes sense to call them just once, and current ret_mtime behaviour make sense.
+
+Fixes #17730, https://bugzilla.redhat.com/show_bug.cgi?id=1933137.
+
+(cherry picked from commit da46a1bc3cd28ac36114002c216196dae004b05c)
+---
+ src/core/load-dropin.c | 1 +
+ src/shared/conf-parser.c | 15 +++++++--------
+ src/shared/conf-parser.h | 2 +-
+ 3 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/src/core/load-dropin.c b/src/core/load-dropin.c
+index d1c85e2..3bb4856 100644
+--- a/src/core/load-dropin.c
++++ b/src/core/load-dropin.c
+@@ -112,6 +112,7 @@ int unit_load_dropin(Unit *u) {
+ return log_oom();
+ }
+
++ u->dropin_mtime = 0;
+ STRV_FOREACH(f, u->dropin_paths)
+ (void) config_parse(
+ u->id, *f, NULL,
+diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
+index 35d301d..099c47a 100644
+--- a/src/shared/conf-parser.c
++++ b/src/shared/conf-parser.c
+@@ -259,7 +259,7 @@ int config_parse(const char *unit,
+ const void *table,
+ ConfigParseFlags flags,
+ void *userdata,
+- usec_t *ret_mtime) {
++ usec_t *latest_mtime) {
+
+ _cleanup_free_ char *section = NULL, *continuation = NULL;
+ _cleanup_fclose_ FILE *ours = NULL;
+@@ -271,6 +271,9 @@ int config_parse(const char *unit,
+ assert(filename);
+ assert(lookup);
+
++ /* latest_mtime is an input-output parameter: it will be updated if the mtime of the file we're
++ * looking at is later than the current *latest_mtime value. */
++
+ if (!f) {
+ f = ours = fopen(filename, "re");
+ if (!f) {
+@@ -413,8 +416,8 @@ int config_parse(const char *unit,
+ }
+ }
+
+- if (ret_mtime)
+- *ret_mtime = mtime;
++ if (latest_mtime)
++ *latest_mtime = MAX(*latest_mtime, mtime);
+
+ return 0;
+ }
+@@ -440,13 +443,9 @@ static int config_parse_many_files(
+ }
+
+ STRV_FOREACH(fn, files) {
+- usec_t t;
+-
+- r = config_parse(NULL, *fn, NULL, sections, lookup, table, flags, userdata, &t);
++ r = config_parse(NULL, *fn, NULL, sections, lookup, table, flags, userdata, &mtime);
+ if (r < 0)
+ return r;
+- if (t > mtime) /* Find the newest */
+- mtime = t;
+ }
+
+ if (ret_mtime)
+diff --git a/src/shared/conf-parser.h b/src/shared/conf-parser.h
+index f115cb2..84c9bf6 100644
+--- a/src/shared/conf-parser.h
++++ b/src/shared/conf-parser.h
+@@ -89,7 +89,7 @@ int config_parse(
+ const void *table,
+ ConfigParseFlags flags,
+ void *userdata,
+- usec_t *ret_mtime); /* possibly NULL */
++ usec_t *latest_mtime); /* input/output, possibly NULL */
+
+ int config_parse_many_nulstr(
+ const char *conf_file, /* possibly NULL */
diff --git a/debian/patches/coredump-do-not-allow-user-to-access-coredumps-with-chang.patch b/debian/patches/coredump-do-not-allow-user-to-access-coredumps-with-chang.patch
new file mode 100644
index 0000000..f1029d3
--- /dev/null
+++ b/debian/patches/coredump-do-not-allow-user-to-access-coredumps-with-chang.patch
@@ -0,0 +1,388 @@
+From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+Date: Mon, 28 Nov 2022 12:12:55 +0100
+Subject: coredump: do not allow user to access coredumps with changed
+ uid/gid/capabilities
+
+When the user starts a program which elevates its permissions via setuid,
+setgid, or capabilities set on the file, it may access additional information
+which would then be visible in the coredump. We shouldn't make the the coredump
+visible to the user in such cases.
+
+Reported-by: Matthias Gerstner <mgerstner@suse.de>
+
+This reads the /proc/<pid>/auxv file and attaches it to the process metadata as
+PROC_AUXV. Before the coredump is submitted, it is parsed and if either
+at_secure was set (which the kernel will do for processes that are setuid,
+setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file
+is not made accessible to the user. If we can't access this data, we assume the
+file should not be made accessible either. In principle we could also access
+the auxv data from a note in the core file, but that is much more complex and
+it seems better to use the stand-alone file that is provided by the kernel.
+
+Attaching auxv is both convient for this patch (because this way it's passed
+between the stages along with other fields), but I think it makes sense to save
+it in general.
+
+We use the information early in the core file to figure out if the program was
+32-bit or 64-bit and its endianness. This way we don't need heuristics to guess
+whether the format of the auxv structure. This test might reject some cases on
+fringe architecutes. But the impact would be limited: we just won't grant the
+user permissions to view the coredump file. If people report that we're missing
+some cases, we can always enhance this to support more architectures.
+
+I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and
+ppc64el, but not the whole coredump handling.
+
+(cherry picked from commit 3e4d0f6cf99f8677edd6a237382a65bfe758de03)
+(cherry picked from commit 9b75a3d0502d6741c8ecb7175794345f8eb3827c)
+(cherry picked from commit efca5283dc791a07171f80eef84e14fdb58fad57)
+(cherry picked from commit 1d5e0e9910500f3c3584485f77bfc35e601036e3)
+(cherry picked from commit 8215e1527d859e77dd1378fd7e42bbd32130edb3)
+(cherry picked from commit 786df410b1cb3a2294c9a5d118c958525e7439e6)
+---
+ src/basic/io-util.h | 9 +++
+ src/coredump/coredump.c | 200 ++++++++++++++++++++++++++++++++++++++++++++----
+ 2 files changed, 194 insertions(+), 15 deletions(-)
+
+diff --git a/src/basic/io-util.h b/src/basic/io-util.h
+index d817714..dacec71 100644
+--- a/src/basic/io-util.h
++++ b/src/basic/io-util.h
+@@ -85,7 +85,16 @@ struct iovec_wrapper *iovw_new(void);
+ struct iovec_wrapper *iovw_free(struct iovec_wrapper *iovw);
+ struct iovec_wrapper *iovw_free_free(struct iovec_wrapper *iovw);
+ void iovw_free_contents(struct iovec_wrapper *iovw, bool free_vectors);
++
+ int iovw_put(struct iovec_wrapper *iovw, void *data, size_t len);
++static inline int iovw_consume(struct iovec_wrapper *iovw, void *data, size_t len) {
++ /* Move data into iovw or free on error */
++ int r = iovw_put(iovw, data, len);
++ if (r < 0)
++ free(data);
++ return r;
++}
++
+ int iovw_put_string_field(struct iovec_wrapper *iovw, const char *field, const char *value);
+ int iovw_put_string_field_free(struct iovec_wrapper *iovw, const char *field, char *value);
+ void iovw_rebase(struct iovec_wrapper *iovw, char *old, char *new);
+diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
+index 0a1cb91..b60dff3 100644
+--- a/src/coredump/coredump.c
++++ b/src/coredump/coredump.c
+@@ -3,6 +3,7 @@
+ #include <errno.h>
+ #include <stdio.h>
+ #include <sys/prctl.h>
++#include <sys/auxv.h>
+ #include <sys/xattr.h>
+ #include <unistd.h>
+
+@@ -96,6 +97,7 @@ enum {
+
+ META_EXE = _META_MANDATORY_MAX,
+ META_UNIT,
++ META_PROC_AUXV,
+ _META_MAX
+ };
+
+@@ -110,10 +112,12 @@ static const char * const meta_field_names[_META_MAX] = {
+ [META_COMM] = "COREDUMP_COMM=",
+ [META_EXE] = "COREDUMP_EXE=",
+ [META_UNIT] = "COREDUMP_UNIT=",
++ [META_PROC_AUXV] = "COREDUMP_PROC_AUXV=",
+ };
+
+ typedef struct Context {
+ const char *meta[_META_MAX];
++ size_t meta_size[_META_MAX];
+ pid_t pid;
+ bool is_pid1;
+ bool is_journald;
+@@ -175,14 +179,17 @@ static uint64_t storage_size_max(void) {
+ return 0;
+ }
+
+-static int fix_acl(int fd, uid_t uid) {
+-
+-#if HAVE_ACL
+- int r;
+-
++static int fix_acl(int fd, uid_t uid, bool allow_user) {
+ assert(fd >= 0);
+ assert(uid_is_valid(uid));
+
++#if HAVE_ACL
++ int r;
++
++ /* We don't allow users to read coredumps if the uid or capabilities were changed. */
++ if (!allow_user)
++ return 0;
++
+ if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY)
+ return 0;
+
+@@ -242,7 +249,8 @@ static int fix_permissions(
+ const char *filename,
+ const char *target,
+ const Context *context,
+- uid_t uid) {
++ uid_t uid,
++ bool allow_user) {
+
+ int r;
+
+@@ -252,7 +260,7 @@ static int fix_permissions(
+
+ /* Ignore errors on these */
+ (void) fchmod(fd, 0640);
+- (void) fix_acl(fd, uid);
++ (void) fix_acl(fd, uid, allow_user);
+ (void) fix_xattr(fd, context);
+
+ if (fsync(fd) < 0)
+@@ -323,6 +331,153 @@ static int make_filename(const Context *context, char **ret) {
+ return 0;
+ }
+
++static int parse_auxv64(
++ const uint64_t *auxv,
++ size_t size_bytes,
++ int *at_secure,
++ uid_t *uid,
++ uid_t *euid,
++ gid_t *gid,
++ gid_t *egid) {
++
++ assert(auxv || size_bytes == 0);
++
++ if (size_bytes % (2 * sizeof(uint64_t)) != 0)
++ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes);
++
++ size_t words = size_bytes / sizeof(uint64_t);
++
++ /* Note that we set output variables even on error. */
++
++ for (size_t i = 0; i + 1 < words; i += 2)
++ switch (auxv[i]) {
++ case AT_SECURE:
++ *at_secure = auxv[i + 1] != 0;
++ break;
++ case AT_UID:
++ *uid = auxv[i + 1];
++ break;
++ case AT_EUID:
++ *euid = auxv[i + 1];
++ break;
++ case AT_GID:
++ *gid = auxv[i + 1];
++ break;
++ case AT_EGID:
++ *egid = auxv[i + 1];
++ break;
++ case AT_NULL:
++ if (auxv[i + 1] != 0)
++ goto error;
++ return 0;
++ }
++ error:
++ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA),
++ "AT_NULL terminator not found, cannot parse auxv structure.");
++}
++
++static int parse_auxv32(
++ const uint32_t *auxv,
++ size_t size_bytes,
++ int *at_secure,
++ uid_t *uid,
++ uid_t *euid,
++ gid_t *gid,
++ gid_t *egid) {
++
++ assert(auxv || size_bytes == 0);
++
++ size_t words = size_bytes / sizeof(uint32_t);
++
++ if (size_bytes % (2 * sizeof(uint32_t)) != 0)
++ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes);
++
++ /* Note that we set output variables even on error. */
++
++ for (size_t i = 0; i + 1 < words; i += 2)
++ switch (auxv[i]) {
++ case AT_SECURE:
++ *at_secure = auxv[i + 1] != 0;
++ break;
++ case AT_UID:
++ *uid = auxv[i + 1];
++ break;
++ case AT_EUID:
++ *euid = auxv[i + 1];
++ break;
++ case AT_GID:
++ *gid = auxv[i + 1];
++ break;
++ case AT_EGID:
++ *egid = auxv[i + 1];
++ break;
++ case AT_NULL:
++ if (auxv[i + 1] != 0)
++ goto error;
++ return 0;
++ }
++ error:
++ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA),
++ "AT_NULL terminator not found, cannot parse auxv structure.");
++}
++
++static int grant_user_access(int core_fd, const Context *context) {
++ int at_secure = -1;
++ uid_t uid = UID_INVALID, euid = UID_INVALID;
++ uid_t gid = GID_INVALID, egid = GID_INVALID;
++ int r;
++
++ assert(core_fd >= 0);
++ assert(context);
++
++ if (!context->meta[META_PROC_AUXV])
++ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), "No auxv data, not adjusting permissions.");
++
++ uint8_t elf[EI_NIDENT];
++ errno = 0;
++ if (pread(core_fd, &elf, sizeof(elf), 0) != sizeof(elf))
++ return log_warning_errno(errno_or_else(EIO),
++ "Failed to pread from coredump fd: %s", errno != 0 ? strerror_safe(errno) : "Unexpected EOF");
++
++ if (elf[EI_MAG0] != ELFMAG0 ||
++ elf[EI_MAG1] != ELFMAG1 ||
++ elf[EI_MAG2] != ELFMAG2 ||
++ elf[EI_MAG3] != ELFMAG3 ||
++ elf[EI_VERSION] != EV_CURRENT)
++ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN),
++ "Core file does not have ELF header, not adjusting permissions.");
++ if (!IN_SET(elf[EI_CLASS], ELFCLASS32, ELFCLASS64) ||
++ !IN_SET(elf[EI_DATA], ELFDATA2LSB, ELFDATA2MSB))
++ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN),
++ "Core file has strange ELF class, not adjusting permissions.");
++
++ if ((elf[EI_DATA] == ELFDATA2LSB) != (__BYTE_ORDER == __LITTLE_ENDIAN))
++ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN),
++ "Core file has non-native endianness, not adjusting permissions.");
++
++ if (elf[EI_CLASS] == ELFCLASS64)
++ r = parse_auxv64((const uint64_t*) context->meta[META_PROC_AUXV],
++ context->meta_size[META_PROC_AUXV],
++ &at_secure, &uid, &euid, &gid, &egid);
++ else
++ r = parse_auxv32((const uint32_t*) context->meta[META_PROC_AUXV],
++ context->meta_size[META_PROC_AUXV],
++ &at_secure, &uid, &euid, &gid, &egid);
++ if (r < 0)
++ return r;
++
++ /* We allow access if we got all the data and at_secure is not set and
++ * the uid/gid matches euid/egid. */
++ bool ret =
++ at_secure == 0 &&
++ uid != UID_INVALID && euid != UID_INVALID && uid == euid &&
++ gid != GID_INVALID && egid != GID_INVALID && gid == egid;
++ log_debug("Will %s access (uid="UID_FMT " euid="UID_FMT " gid="GID_FMT " egid="GID_FMT " at_secure=%s)",
++ ret ? "permit" : "restrict",
++ uid, euid, gid, egid, yes_no(at_secure));
++ return ret;
++}
++
+ static int save_external_coredump(
+ const Context *context,
+ int input_fd,
+@@ -403,6 +558,8 @@ static int save_external_coredump(
+ goto fail;
+ }
+
++ bool allow_user = grant_user_access(fd, context) > 0;
++
+ #if HAVE_COMPRESSION
+ /* If we will remove the coredump anyway, do not compress. */
+ if (arg_compress && !maybe_remove_external_coredump(NULL, st.st_size)) {
+@@ -428,7 +585,7 @@ static int save_external_coredump(
+ goto fail_compressed;
+ }
+
+- r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid);
++ r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid, allow_user);
+ if (r < 0)
+ goto fail_compressed;
+
+@@ -451,7 +608,7 @@ static int save_external_coredump(
+ uncompressed:
+ #endif
+
+- r = fix_permissions(fd, tmp, fn, context, uid);
++ r = fix_permissions(fd, tmp, fn, context, uid, allow_user);
+ if (r < 0)
+ goto fail;
+
+@@ -700,7 +857,7 @@ static int change_uid_gid(const Context *context) {
+ }
+
+ static int submit_coredump(
+- Context *context,
++ const Context *context,
+ struct iovec_wrapper *iovw,
+ int input_fd) {
+
+@@ -822,16 +979,15 @@ static int save_context(Context *context, const struct iovec_wrapper *iovw) {
+ struct iovec *iovec = iovw->iovec + n;
+
+ for (i = 0; i < ELEMENTSOF(meta_field_names); i++) {
+- char *p;
+-
+ /* Note that these strings are NUL terminated, because we made sure that a
+ * trailing NUL byte is in the buffer, though not included in the iov_len
+ * count (see process_socket() and gather_pid_metadata_*()) */
+ assert(((char*) iovec->iov_base)[iovec->iov_len] == 0);
+
+- p = startswith(iovec->iov_base, meta_field_names[i]);
++ const char *p = startswith(iovec->iov_base, meta_field_names[i]);
+ if (p) {
+ context->meta[i] = p;
++ context->meta_size[i] = iovec->iov_len - strlen(meta_field_names[i]);
+ count++;
+ break;
+ }
+@@ -1074,6 +1230,7 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) {
+ uid_t owner_uid;
+ pid_t pid;
+ char *t;
++ size_t size;
+ const char *p;
+ int r;
+
+@@ -1139,13 +1296,26 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) {
+ (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_LIMITS=", t);
+
+ p = procfs_file_alloca(pid, "cgroup");
+- if (read_full_file(p, &t, NULL) >=0)
++ if (read_full_file(p, &t, NULL) >= 0)
+ (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_CGROUP=", t);
+
+ p = procfs_file_alloca(pid, "mountinfo");
+- if (read_full_file(p, &t, NULL) >=0)
++ if (read_full_file(p, &t, NULL) >= 0)
+ (void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_MOUNTINFO=", t);
+
++ /* We attach /proc/auxv here. ELF coredumps also contain a note for this (NT_AUXV), see elf(5). */
++ p = procfs_file_alloca(pid, "auxv");
++ if (read_full_virtual_file(p, &t, &size) >= 0) {
++ char *buf = malloc(strlen("COREDUMP_PROC_AUXV=") + size + 1);
++ if (buf) {
++ /* Add a dummy terminator to make save_context() happy. */
++ *((uint8_t*) mempcpy(stpcpy(buf, "COREDUMP_PROC_AUXV="), t, size)) = '\0';
++ (void) iovw_consume(iovw, buf, size + strlen("COREDUMP_PROC_AUXV="));
++ }
++
++ free(t);
++ }
++
+ if (get_process_cwd(pid, &t) >= 0)
+ (void) iovw_put_string_field_free(iovw, "COREDUMP_CWD=", t);
+
diff --git a/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch b/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch
new file mode 100644
index 0000000..7645d97
--- /dev/null
+++ b/debian/patches/debian/Add-env-variable-for-machine-ID-path.patch
@@ -0,0 +1,77 @@
+From: Martin Pitt <mpitt@debian.org>
+Date: Wed, 18 Jan 2017 11:21:35 +0100
+Subject: Add env variable for machine ID path
+
+During package build, in minimal chroots, or other systems which do not already
+have an /etc/machine-id we get six test failures. Introduce a
+$SYSTEMD_MACHINE_ID_PATH environment variable which can specify a location
+other than /etc/machine-id, so that the unit tests are independent from the
+environment.
+
+Also adjust test-fs-util to not assume that /etc/machine-id exists. Use
+/etc/passwd instead which is created by base-files.
+
+Closes: #851445
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62344
+---
+ src/libsystemd/sd-id128/sd-id128.c | 2 +-
+ src/test/test-fs-util.c | 11 +++++++----
+ 2 files changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/src/libsystemd/sd-id128/sd-id128.c b/src/libsystemd/sd-id128/sd-id128.c
+index d5de935..78612a0 100644
+--- a/src/libsystemd/sd-id128/sd-id128.c
++++ b/src/libsystemd/sd-id128/sd-id128.c
+@@ -88,7 +88,7 @@ _public_ int sd_id128_get_machine(sd_id128_t *ret) {
+ assert_return(ret, -EINVAL);
+
+ if (sd_id128_is_null(saved_machine_id)) {
+- r = id128_read("/etc/machine-id", ID128_PLAIN, &saved_machine_id);
++ r = id128_read(getenv("SYSTEMD_MACHINE_ID_PATH") ?: "/etc/machine-id", ID128_PLAIN, &saved_machine_id);
+ if (r < 0)
+ return r;
+
+diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
+index d1f9252..4c93adb 100644
+--- a/src/test/test-fs-util.c
++++ b/src/test/test-fs-util.c
+@@ -211,7 +211,7 @@ static void test_chase_symlinks(void) {
+ assert_se(streq(result, "/test-chase.fsldajfl"));
+ result = mfree(result);
+
+- r = chase_symlinks("/etc/machine-id/foo", NULL, 0, &result, NULL);
++ r = chase_symlinks("/etc/passwd/foo", NULL, 0, &result, NULL);
+ assert_se(r == -ENOTDIR);
+ result = mfree(result);
+
+@@ -284,23 +284,26 @@ static void test_chase_symlinks(void) {
+ assert_se(chase_symlinks(q, NULL, CHASE_SAFE, NULL, NULL) >= 0);
+ }
+
+- p = strjoina(temp, "/machine-id-test");
+- assert_se(symlink("/usr/../etc/./machine-id", p) >= 0);
++ p = strjoina(temp, "/passwd-test");
++ assert_se(symlink("/usr/../etc/./passwd", p) >= 0);
+
+ r = chase_symlinks(p, NULL, 0, NULL, &pfd);
+ if (r != -ENOENT) {
+ _cleanup_close_ int fd = -1;
++/*
+ sd_id128_t a, b;
++*/
+
+ assert_se(pfd >= 0);
+
+ fd = fd_reopen(pfd, O_RDONLY|O_CLOEXEC);
+ assert_se(fd >= 0);
+ safe_close(pfd);
+-
++/*
+ assert_se(id128_read_fd(fd, ID128_PLAIN, &a) >= 0);
+ assert_se(sd_id128_get_machine(&b) >= 0);
+ assert_se(sd_id128_equal(a, b));
++*/
+ }
+
+ /* Test CHASE_NOFOLLOW */
diff --git a/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch b/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch
new file mode 100644
index 0000000..226dea2
--- /dev/null
+++ b/debian/patches/debian/Add-support-for-TuxOnIce-hibernation.patch
@@ -0,0 +1,30 @@
+From: Julien Muchembled <jm@jmuchemb.eu>
+Date: Tue, 29 Apr 2014 11:40:50 +0200
+Subject: Add support for TuxOnIce hibernation
+
+systemd does not support non-mainline kernel features so upstream rejected this
+patch.
+It is however required for systemd integration by tuxonice-userui package.
+
+Forwarded: http://lists.freedesktop.org/archives/systemd-devel/2014-April/018960.html
+---
+ src/shared/sleep-config.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c
+index cea5148..66e1675 100644
+--- a/src/shared/sleep-config.c
++++ b/src/shared/sleep-config.c
+@@ -471,6 +471,12 @@ static bool enough_swap_for_hibernation(void) {
+ if (getenv_bool("SYSTEMD_BYPASS_HIBERNATION_MEMORY_CHECK") > 0)
+ return true;
+
++ /* TuxOnIce is an alternate implementation for hibernation.
++ * It can be configured to compress the image to a file or an inactive
++ * swap partition, so there's nothing more we can do here. */
++ if (access("/sys/power/tuxonice", F_OK) == 0)
++ return true;
++
+ r = find_hibernate_location(&hibernate_location);
+ if (r < 0)
+ return false;
diff --git a/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch b/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
new file mode 100644
index 0000000..d99ea42
--- /dev/null
+++ b/debian/patches/debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
@@ -0,0 +1,21 @@
+From: Tollef Fog Heen <tfheen@err.no>
+Date: Tue, 5 Jun 2012 20:59:36 +0200
+Subject: Bring tmpfiles.d/tmp.conf in line with Debian defaults
+
+Closes: #675422
+---
+ tmpfiles.d/tmp.conf | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf
+index fe5225d..39cb5cc 100644
+--- a/tmpfiles.d/tmp.conf
++++ b/tmpfiles.d/tmp.conf
+@@ -8,5 +8,5 @@
+ # See tmpfiles.d(5) for details
+
+ # Clear tmp directories separately, to make them easier to override
+-q /tmp 1777 root root 10d
+-q /var/tmp 1777 root root 30d
++D /tmp 1777 root root -
++#q /var/tmp 1777 root root 30d
diff --git a/debian/patches/debian/Don-t-enable-audit-by-default.patch b/debian/patches/debian/Don-t-enable-audit-by-default.patch
new file mode 100644
index 0000000..b4cf902
--- /dev/null
+++ b/debian/patches/debian/Don-t-enable-audit-by-default.patch
@@ -0,0 +1,53 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Sun, 28 Dec 2014 12:49:35 +0100
+Subject: Don't enable audit by default
+
+It causes flooding of dmesg and syslog, suppressing actually important
+messages.
+
+Don't enable it for now, until a better solution is found:
+http://lists.freedesktop.org/archives/systemd-devel/2014-December/026591.html
+
+Bug-Debian: https://bugs.debian.org/773528
+---
+ man/journald.conf.xml | 2 +-
+ src/journal/journald-server.c | 2 +-
+ src/journal/journald.conf | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/man/journald.conf.xml b/man/journald.conf.xml
+index 2134a1d..a4a42a4 100644
+--- a/man/journald.conf.xml
++++ b/man/journald.conf.xml
+@@ -417,7 +417,7 @@
+ <command>systemd-journald</command> collects generated audit records, it just controls whether it
+ tells the kernel to generate them. This means if another tool turns on auditing even if
+ <command>systemd-journald</command> left it off, it will still collect the generated
+- messages. Defaults to on.</para></listitem>
++ messages. Defaults to off.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index ce15766..bd7fa8f 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -2188,7 +2188,7 @@ int server_init(Server *s, const char *namespace) {
+ .compress.threshold_bytes = (uint64_t) -1,
+ .seal = true,
+
+- .set_audit = true,
++ .set_audit = false,
+
+ .watchdog_usec = USEC_INFINITY,
+
+diff --git a/src/journal/journald.conf b/src/journal/journald.conf
+index d6cd5b1..5e4b0e2 100644
+--- a/src/journal/journald.conf
++++ b/src/journal/journald.conf
+@@ -41,4 +41,4 @@
+ #MaxLevelWall=emerg
+ #LineMax=48K
+ #ReadKMsg=yes
+-#Audit=yes
++#Audit=no
diff --git a/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch b/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch
new file mode 100644
index 0000000..1b5b03d
--- /dev/null
+++ b/debian/patches/debian/Downgrade-a-couple-of-warnings-to-debug.patch
@@ -0,0 +1,74 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Tue, 16 Feb 2021 00:18:50 +0100
+Subject: Downgrade a couple of warnings to debug
+
+If a package still ships only a SysV init script or if a service file or
+tmpfile uses /var/run, downgrade those messages to debug. We can use
+lintian to detect those issues.
+For service files and tmpfiles in /etc, keep the warning, as those files
+are typically added locally and aren't checked by lintian.
+
+Closes: #981407
+---
+ src/core/load-fragment.c | 4 +++-
+ src/sysv-generator/sysv-generator.c | 2 +-
+ src/tmpfiles/tmpfiles.c | 4 +++-
+ 3 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
+index 5b66fb1..df5669a 100644
+--- a/src/core/load-fragment.c
++++ b/src/core/load-fragment.c
+@@ -372,6 +372,7 @@ static int patch_var_run(
+
+ const char *e;
+ char *z;
++ int log_level;
+
+ e = path_startswith(*path, "/var/run/");
+ if (!e)
+@@ -381,7 +382,8 @@ static int patch_var_run(
+ if (!z)
+ return log_oom();
+
+- log_syntax(unit, LOG_NOTICE, filename, line, 0,
++ log_level = path_startswith(filename, "/etc") ? LOG_NOTICE : LOG_DEBUG;
++ log_syntax(unit, log_level, filename, line, 0,
+ "%s= references a path below legacy directory /var/run/, updating %s → %s; "
+ "please update the unit file accordingly.", lvalue, *path, z);
+
+diff --git a/src/sysv-generator/sysv-generator.c b/src/sysv-generator/sysv-generator.c
+index 008a825..ab0054e 100644
+--- a/src/sysv-generator/sysv-generator.c
++++ b/src/sysv-generator/sysv-generator.c
+@@ -787,7 +787,7 @@ static int enumerate_sysv(const LookupPaths *lp, Hashmap *all_services) {
+ if (!fpath)
+ return log_oom();
+
+- log_warning("SysV service '%s' lacks a native systemd unit file. "
++ log_debug("SysV service '%s' lacks a native systemd unit file. "
+ "Automatically generating a unit file for compatibility. "
+ "Please update package to include a native systemd unit file, in order to make it more safe and robust.", fpath);
+
+diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
+index 9906c70..31e5707 100644
+--- a/src/tmpfiles/tmpfiles.c
++++ b/src/tmpfiles/tmpfiles.c
+@@ -2538,6 +2538,7 @@ static int specifier_expansion_from_arg(Item *i) {
+ static int patch_var_run(const char *fname, unsigned line, char **path) {
+ const char *k;
+ char *n;
++ int log_level;
+
+ assert(path);
+ assert(*path);
+@@ -2563,7 +2564,8 @@ static int patch_var_run(const char *fname, unsigned line, char **path) {
+ /* Also log about this briefly. We do so at LOG_NOTICE level, as we fixed up the situation automatically, hence
+ * there's no immediate need for action by the user. However, in the interest of making things less confusing
+ * to the user, let's still inform the user that these snippets should really be updated. */
+- log_syntax(NULL, LOG_NOTICE, fname, line, 0, "Line references path below legacy directory /var/run/, updating %s → %s; please update the tmpfiles.d/ drop-in file accordingly.", *path, n);
++ log_level = path_startswith(fname, "/etc") ? LOG_NOTICE : LOG_DEBUG;
++ log_syntax(NULL, log_level, fname, line, 0, "Line references path below legacy directory /var/run/, updating %s → %s; please update the tmpfiles.d/ drop-in file accordingly.", *path, n);
+
+ free_and_replace(*path, n);
+
diff --git a/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch b/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch
new file mode 100644
index 0000000..4ce4884
--- /dev/null
+++ b/debian/patches/debian/Drop-seccomp-system-call-filter-for-udev.patch
@@ -0,0 +1,31 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Wed, 18 Jul 2018 23:49:16 +0200
+Subject: Drop seccomp system call filter for udev
+
+The seccomp based system call whitelist requires at least systemd 239 to
+be the active init and during a dist-upgrade we can't guarantee that
+systemd has been fully configured before udev is restarted.
+
+This partially reverts upstream commit
+ee8f26180d01e3ddd4e5f20b03b81e5e737657ae.
+
+Once buster is released, this patch can be dropped.
+
+Closes: #903224
+---
+ units/systemd-udevd.service.in | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
+index f3458d9..225eac2 100644
+--- a/units/systemd-udevd.service.in
++++ b/units/systemd-udevd.service.in
+@@ -35,8 +35,6 @@ MemoryDenyWriteExecute=yes
+ RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
+ RestrictRealtime=yes
+ RestrictSUIDSGID=yes
+-SystemCallFilter=@system-service @module @raw-io
+-SystemCallErrorNumber=EPERM
+ SystemCallArchitectures=native
+ LockPersonality=yes
+ IPAddressDeny=any
diff --git a/debian/patches/debian/Keep-journal-files-compatible-with-older-versions.patch b/debian/patches/debian/Keep-journal-files-compatible-with-older-versions.patch
new file mode 100644
index 0000000..3e9aa5a
--- /dev/null
+++ b/debian/patches/debian/Keep-journal-files-compatible-with-older-versions.patch
@@ -0,0 +1,69 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Mon, 17 Aug 2020 22:11:19 +0200
+Subject: Keep journal files compatible with older versions
+
+Disable the KEYED-HASH journal feature by default and keep LZ4 (instead
+of ZSTD) as default compression for new journal files. Otherwise journal
+files are incompatible and can't be read by older journalctl
+implementations.
+
+This patch can be dropped in bullseye+1, as journalctl from bullseye
+will then be able to read journal files with those features.
+
+Closes: #968055
+---
+ src/journal/compress.h | 10 +++++-----
+ src/journal/journal-file.c | 8 ++++----
+ 2 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/src/journal/compress.h b/src/journal/compress.h
+index db7f399..6cd9290 100644
+--- a/src/journal/compress.h
++++ b/src/journal/compress.h
+@@ -18,14 +18,14 @@ int compress_blob_zstd(const void *src, uint64_t src_size,
+ static inline int compress_blob(const void *src, uint64_t src_size,
+ void *dst, size_t dst_alloc_size, size_t *dst_size) {
+ int r;
+-#if HAVE_ZSTD
+- r = compress_blob_zstd(src, src_size, dst, dst_alloc_size, dst_size);
+- if (r == 0)
+- return OBJECT_COMPRESSED_ZSTD;
+-#elif HAVE_LZ4
++#if HAVE_LZ4
+ r = compress_blob_lz4(src, src_size, dst, dst_alloc_size, dst_size);
+ if (r == 0)
+ return OBJECT_COMPRESSED_LZ4;
++#elif HAVE_ZSTD
++ r = compress_blob_zstd(src, src_size, dst, dst_alloc_size, dst_size);
++ if (r == 0)
++ return OBJECT_COMPRESSED_ZSTD;
+ #elif HAVE_XZ
+ r = compress_blob_xz(src, src_size, dst, dst_alloc_size, dst_size);
+ if (r == 0)
+diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
+index 15336be..6ce18c9 100644
+--- a/src/journal/journal-file.c
++++ b/src/journal/journal-file.c
+@@ -3411,10 +3411,10 @@ int journal_file_open(
+ .prot = prot_from_flags(flags),
+ .writable = (flags & O_ACCMODE) != O_RDONLY,
+
+-#if HAVE_ZSTD
+- .compress_zstd = compress,
+-#elif HAVE_LZ4
++#if HAVE_LZ4
+ .compress_lz4 = compress,
++#elif HAVE_ZSTD
++ .compress_zstd = compress,
+ #elif HAVE_XZ
+ .compress_xz = compress,
+ #endif
+@@ -3432,7 +3432,7 @@ int journal_file_open(
+ if (r < 0) {
+ if (r != -ENXIO)
+ log_debug_errno(r, "Failed to parse $SYSTEMD_JOURNAL_KEYED_HASH environment variable, ignoring.");
+- f->keyed_hash = true;
++ f->keyed_hash = false;
+ } else
+ f->keyed_hash = r;
+
diff --git a/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch b/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch
new file mode 100644
index 0000000..cf8db56
--- /dev/null
+++ b/debian/patches/debian/Let-graphical-session-pre.target-be-manually-started.patch
@@ -0,0 +1,22 @@
+From: Iain Lane <iain@orangesquash.org.uk>
+Date: Mon, 22 Aug 2016 07:03:27 +0200
+Subject: Let graphical-session-pre.target be manually started
+
+This is needed until https://github.com/systemd/systemd/issues/3750 is fixed.
+
+Forwarded: not-needed
+Bug-Ubuntu: https://launchpad.net/bugs/1615341
+---
+ units/user/graphical-session-pre.target | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/units/user/graphical-session-pre.target b/units/user/graphical-session-pre.target
+index 4b9e3dc..dffaf85 100644
+--- a/units/user/graphical-session-pre.target
++++ b/units/user/graphical-session-pre.target
+@@ -12,5 +12,4 @@ Description=Session services which should run early before the graphical session
+ Documentation=man:systemd.special(7)
+ Requires=basic.target
+ Before=graphical-session.target
+-RefuseManualStart=yes
+ StopWhenUnneeded=yes
diff --git a/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch b/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch
new file mode 100644
index 0000000..a596b7a
--- /dev/null
+++ b/debian/patches/debian/Make-run-lock-tmpfs-an-API-fs.patch
@@ -0,0 +1,42 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Fri, 5 Sep 2014 01:15:16 +0200
+Subject: Make /run/lock tmpfs an API fs
+
+The /run/lock directory is world-writable in Debian due to historic
+reasons. To avoid user processes filling up /run, we mount a separate
+tmpfs for /run/lock. As this directory needs to be available during
+early boot, we make it an API fs.
+
+Drop it from tmpfiles.d/legacy.conf to not clobber the permissions.
+
+Closes: #751392
+---
+ src/core/mount-setup.c | 2 ++
+ tmpfiles.d/legacy.conf | 1 -
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
+index 915b101..7a330dd 100644
+--- a/src/core/mount-setup.c
++++ b/src/core/mount-setup.c
+@@ -86,6 +86,8 @@ static const MountPoint mount_table[] = {
+ #endif
+ { "tmpfs", "/run", "tmpfs", "mode=755" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
+ NULL, MNT_FATAL|MNT_IN_CONTAINER },
++ { "tmpfs", "/run/lock", "tmpfs", "mode=1777,size=5242880", MS_NOSUID|MS_NOEXEC|MS_NODEV,
++ NULL, MNT_FATAL|MNT_IN_CONTAINER },
+ { "cgroup2", "/sys/fs/cgroup", "cgroup2", "nsdelegate,memory_recursiveprot", MS_NOSUID|MS_NOEXEC|MS_NODEV,
+ cg_is_unified_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE },
+ { "cgroup2", "/sys/fs/cgroup", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV,
+diff --git a/tmpfiles.d/legacy.conf b/tmpfiles.d/legacy.conf
+index 62e2ae0..ea5e735 100644
+--- a/tmpfiles.d/legacy.conf
++++ b/tmpfiles.d/legacy.conf
+@@ -10,7 +10,6 @@
+ # These files are considered legacy and are unnecessary on legacy-free
+ # systems.
+
+-d /run/lock 0755 root root -
+ L /var/lock - - - - ../run/lock
+
+ # /run/lock/subsys is used for serializing SysV service execution, and
diff --git a/debian/patches/debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch b/debian/patches/debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch
new file mode 100644
index 0000000..ae0bb3f
--- /dev/null
+++ b/debian/patches/debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch
@@ -0,0 +1,68 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Thu, 15 Oct 2020 23:11:01 +0200
+Subject: Move sysusers.d/sysctl.d/binfmt.d/modules-load.d back to /usr
+
+In Debian, late mounting of /usr is no longer supported, so it is safe
+to install those files in /usr.
+We want those facilities in /usr, not /, as this will make an eventual
+switch to a merged-usr setup easier.
+
+Closes: #971282
+---
+ src/core/systemd.pc.in | 8 ++++----
+ src/libsystemd/sd-path/sd-path.c | 8 ++++----
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in
+index b5cc8f9..21dbf30 100644
+--- a/src/core/systemd.pc.in
++++ b/src/core/systemd.pc.in
+@@ -65,16 +65,16 @@ systemdshutdowndir=${systemd_shutdown_dir}
+ tmpfiles_dir=${prefix}/lib/tmpfiles.d
+ tmpfilesdir=${tmpfiles_dir}
+
+-sysusers_dir=${rootprefix}/lib/sysusers.d
++sysusers_dir=${prefix}/lib/sysusers.d
+ sysusersdir=${sysusers_dir}
+
+-sysctl_dir=${rootprefix}/lib/sysctl.d
++sysctl_dir=${prefix}/lib/sysctl.d
+ sysctldir=${sysctl_dir}
+
+-binfmt_dir=${rootprefix}/lib/binfmt.d
++binfmt_dir=${prefix}/lib/binfmt.d
+ binfmtdir=${binfmt_dir}
+
+-modules_load_dir=${rootprefix}/lib/modules-load.d
++modules_load_dir=${prefix}/lib/modules-load.d
+ modulesloaddir=${modules_load_dir}
+
+ catalog_dir=${prefix}/lib/systemd/catalog
+diff --git a/src/libsystemd/sd-path/sd-path.c b/src/libsystemd/sd-path/sd-path.c
+index 61ed7cb..682e3f1 100644
+--- a/src/libsystemd/sd-path/sd-path.c
++++ b/src/libsystemd/sd-path/sd-path.c
+@@ -369,19 +369,19 @@ static int get_path(uint64_t type, char **buffer, const char **ret) {
+ return 0;
+
+ case SD_PATH_SYSUSERS:
+- *ret = ROOTPREFIX_NOSLASH "/lib/sysusers.d";
++ *ret = "/usr/lib/sysusers.d";
+ return 0;
+
+ case SD_PATH_SYSCTL:
+- *ret = ROOTPREFIX_NOSLASH "/lib/sysctl.d";
++ *ret = "/usr/lib/sysctl.d";
+ return 0;
+
+ case SD_PATH_BINFMT:
+- *ret = ROOTPREFIX_NOSLASH "/lib/binfmt.d";
++ *ret = "/usr/lib/binfmt.d";
+ return 0;
+
+ case SD_PATH_MODULES_LOAD:
+- *ret = ROOTPREFIX_NOSLASH "/lib/modules-load.d";
++ *ret = "/usr/lib/modules-load.d";
+ return 0;
+
+ case SD_PATH_CATALOG:
diff --git a/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch b/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch
new file mode 100644
index 0000000..4683aae
--- /dev/null
+++ b/debian/patches/debian/Only-start-logind-if-dbus-is-installed.patch
@@ -0,0 +1,24 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Mon, 9 Feb 2015 10:53:43 +0100
+Subject: Only start logind if dbus is installed
+
+logind fails to start in environments without dbus, such as LXC containers or
+servers. Add a startup condition to avoid the very noisy startup failure.
+
+Part of #772700
+---
+ units/systemd-logind.service.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
+index f131b60..952a07c 100644
+--- a/units/systemd-logind.service.in
++++ b/units/systemd-logind.service.in
+@@ -16,6 +16,7 @@ Documentation=man:org.freedesktop.login1(5)
+
+ Wants=user.slice modprobe@drm.service
+ After=nss-user-lookup.target user.slice modprobe@drm.service
++ConditionPathExists=/lib/systemd/system/dbus.service
+
+ # Ask for the dbus socket.
+ Wants=dbus.socket
diff --git a/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch b/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch
new file mode 100644
index 0000000..68b08a0
--- /dev/null
+++ b/debian/patches/debian/Re-enable-journal-forwarding-to-syslog.patch
@@ -0,0 +1,56 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Fri, 28 Nov 2014 14:43:25 +0100
+Subject: Re-enable journal forwarding to syslog
+
+Revert upstream commit 46b131574fdd7d77 for now, until Debian's sysloggers
+can/do all read from the journal directly. See
+
+ http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html
+
+for details. Once we grow a journal.conf.d/ directory, sysloggers can be moved
+to pulling from the journal one by one and disable forwarding again in such a
+conf.d snippet.
+---
+ man/journald.conf.xml | 2 +-
+ src/journal/journald-server.c | 1 +
+ src/journal/journald.conf | 2 +-
+ 3 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/man/journald.conf.xml b/man/journald.conf.xml
+index 959815a..2134a1d 100644
+--- a/man/journald.conf.xml
++++ b/man/journald.conf.xml
+@@ -344,7 +344,7 @@
+ traditional syslog daemon, to the kernel log buffer (kmsg), to the system console, or sent as wall
+ messages to all logged-in users. These options take boolean arguments. If forwarding to syslog is
+ enabled but nothing reads messages from the socket, forwarding to syslog has no effect. By default,
+- only forwarding to wall is enabled. These settings may be overridden at boot time with the kernel
++ only forwarding to syslog and wall is enabled. These settings may be overridden at boot time with the kernel
+ command line options <literal>systemd.journald.forward_to_syslog</literal>,
+ <literal>systemd.journald.forward_to_kmsg</literal>,
+ <literal>systemd.journald.forward_to_console</literal>, and
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index 10ebc3e..ce15766 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -2198,6 +2198,7 @@ int server_init(Server *s, const char *namespace) {
+ .ratelimit_interval = DEFAULT_RATE_LIMIT_INTERVAL,
+ .ratelimit_burst = DEFAULT_RATE_LIMIT_BURST,
+
++ .forward_to_syslog = true,
+ .forward_to_wall = true,
+
+ .max_file_usec = DEFAULT_MAX_FILE_USEC,
+diff --git a/src/journal/journald.conf b/src/journal/journald.conf
+index 2e1aacd..d6cd5b1 100644
+--- a/src/journal/journald.conf
++++ b/src/journal/journald.conf
+@@ -29,7 +29,7 @@
+ #RuntimeMaxFiles=100
+ #MaxRetentionSec=
+ #MaxFileSec=1month
+-#ForwardToSyslog=no
++#ForwardToSyslog=yes
+ #ForwardToKMsg=no
+ #ForwardToConsole=no
+ #ForwardToWall=yes
diff --git a/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch b/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch
new file mode 100644
index 0000000..3346001
--- /dev/null
+++ b/debian/patches/debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch
@@ -0,0 +1,37 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Mon, 27 Apr 2015 15:29:13 +0200
+Subject: Revert "core: one step back again,
+ for nspawn we actually can't wait for cgroups running empty since systemd
+ will get exactly zero notifications about it"
+
+This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7.
+
+Bug-Debian: https://bugs.debian.org/784720
+Bug-Ubuntu: https://launchpad.net/bugs/1448259
+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1141137
+---
+ src/core/unit.c | 11 +----------
+ 1 file changed, 1 insertion(+), 10 deletions(-)
+
+diff --git a/src/core/unit.c b/src/core/unit.c
+index 45a417a..811e038 100644
+--- a/src/core/unit.c
++++ b/src/core/unit.c
+@@ -5106,16 +5106,7 @@ int unit_kill_context(
+
+ } else if (r > 0) {
+
+- /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if
+- * we are running in a container or if this is a delegation unit, simply because cgroup
+- * notification is unreliable in these cases. It doesn't work at all in containers, and outside
+- * of containers it can be confused easily by left-over directories in the cgroup — which
+- * however should not exist in non-delegated units. On the unified hierarchy that's different,
+- * there we get proper events. Hence rely on them. */
+-
+- if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 ||
+- (detect_container() == 0 && !unit_cgroup_delegate(u)))
+- wait_for_exit = true;
++ wait_for_exit = true;
+
+ if (send_sighup) {
+ set_free(pid_set);
diff --git a/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch b/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch
new file mode 100644
index 0000000..7ed358b
--- /dev/null
+++ b/debian/patches/debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch
@@ -0,0 +1,46 @@
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Sat, 27 Feb 2016 12:27:06 +0100
+Subject: Revert "core: set RLIMIT_CORE to unlimited by default"
+
+Partially revert commit 15a900327ab as this completely breaks core dumps
+without systemd-coredump. It's also contradicting core(8), and it's not
+systemd's place to redefine the kernel definitions of core files.
+
+Commit bdfd7b2c now honours the process' RLIMIT_CORE for systemd-coredump. This
+isn't what RLIMIT_CORE is supposed to do (it limits the size of the core
+*file*, but the kernel deliberately ignores it for piping), so set a static
+2^63 core size limit for systemd-coredump to go back to the previous behaviour
+(otherwise the change above would break systemd-coredump).
+
+Bug-Debian: https://bugs.debian.org/815020
+---
+ src/core/main.c | 2 --
+ sysctl.d/50-coredump.conf.in | 2 +-
+ 2 files changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/src/core/main.c b/src/core/main.c
+index a280b75..5c2a73a 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -2669,8 +2669,6 @@ int main(int argc, char *argv[]) {
+ kernel_timestamp = DUAL_TIMESTAMP_NULL;
+ }
+
+- initialize_coredump(skip_setup);
+-
+ r = fixup_environment();
+ if (r < 0) {
+ log_emergency_errno(r, "Failed to fix up PID 1 environment: %m");
+diff --git a/sysctl.d/50-coredump.conf.in b/sysctl.d/50-coredump.conf.in
+index 4338756..8e501c4 100644
+--- a/sysctl.d/50-coredump.conf.in
++++ b/sysctl.d/50-coredump.conf.in
+@@ -13,7 +13,7 @@
+ # the core dump.
+ #
+ # See systemd-coredump(8) and core(5).
+-kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %h
++kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t 9223372036854775808 %h
+
+ # Allow that 16 coredumps are dispatched in parallel by the kernel. We want to
+ # be able to collect process metadata from /proc/%P/ while processing
diff --git a/debian/patches/debian/Revert-udev-fix-memleak.patch b/debian/patches/debian/Revert-udev-fix-memleak.patch
new file mode 100644
index 0000000..ed90a10
--- /dev/null
+++ b/debian/patches/debian/Revert-udev-fix-memleak.patch
@@ -0,0 +1,30 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Sat, 25 Sep 2021 21:07:17 +0200
+Subject: Revert "udev: fix memleak"
+
+This reverts commit 5dd2b56443e2ed81c238094f516a622804b35518.
+---
+ src/udev/udev-node.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
+index b8b93ee..2cc78c9 100644
+--- a/src/udev/udev-node.c
++++ b/src/udev/udev-node.c
+@@ -194,7 +194,7 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir,
+
+ /* manage "stack of names" with possibly specified device priorities */
+ static int link_update(sd_device *dev, const char *slink, bool add) {
+- _cleanup_free_ char *filename = NULL, *dirname = NULL;
++ _cleanup_free_ char *target = NULL, *filename = NULL, *dirname = NULL;
+ char name_enc[PATH_MAX];
+ const char *id_filename;
+ int i, r, retries;
+@@ -237,7 +237,6 @@ static int link_update(sd_device *dev, const char *slink, bool add) {
+ retries = sd_device_get_is_initialized(dev) > 0 ? LINK_UPDATE_MAX_RETRIES : 1;
+
+ for (i = 0; i < retries; i++) {
+- _cleanup_free_ char *target = NULL;
+ struct stat st1 = {}, st2 = {};
+
+ r = stat(dirname, &st1);
diff --git a/debian/patches/debian/Revert-udev-link_update-should-fail-if-the-entry-in-symli.patch b/debian/patches/debian/Revert-udev-link_update-should-fail-if-the-entry-in-symli.patch
new file mode 100644
index 0000000..e3f1c64
--- /dev/null
+++ b/debian/patches/debian/Revert-udev-link_update-should-fail-if-the-entry-in-symli.patch
@@ -0,0 +1,47 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Sat, 25 Sep 2021 21:08:26 +0200
+Subject: Revert "udev: link_update() should fail if the entry in symlink dir
+ couldn't have been created"
+
+This reverts commit c07dc6cedc6e6fbc28a0da3e8c8b12900423b409.
+---
+ src/udev/udev-node.c | 21 +++++++++------------
+ 1 file changed, 9 insertions(+), 12 deletions(-)
+
+diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
+index 2cc78c9..bde18f7 100644
+--- a/src/udev/udev-node.c
++++ b/src/udev/udev-node.c
+@@ -214,23 +214,20 @@ static int link_update(sd_device *dev, const char *slink, bool add) {
+ if (!filename)
+ return log_oom();
+
+- if (!add) {
+- if (unlink(filename) == 0)
+- (void) rmdir(dirname);
+- } else
+- for (;;) {
++ if (!add && unlink(filename) == 0)
++ (void) rmdir(dirname);
++
++ if (add)
++ do {
+ _cleanup_close_ int fd = -1;
+
+ r = mkdir_parents(filename, 0755);
+ if (!IN_SET(r, 0, -ENOENT))
+- return r;
+-
+- fd = open(filename, O_WRONLY|O_CREAT|O_CLOEXEC|O_TRUNC|O_NOFOLLOW, 0444);
+- if (fd >= 0)
+ break;
+- if (errno != ENOENT)
+- return -errno;
+- }
++ fd = open(filename, O_WRONLY|O_CREAT|O_CLOEXEC|O_TRUNC|O_NOFOLLOW, 0444);
++ if (fd < 0)
++ r = -errno;
++ } while (r == -ENOENT);
+
+ /* If the database entry is not written yet we will just do one iteration and possibly wrong symlink
+ * will be fixed in the second invocation. */
diff --git a/debian/patches/debian/Revert-udev-make-algorithm-that-selects-highest-priority-.patch b/debian/patches/debian/Revert-udev-make-algorithm-that-selects-highest-priority-.patch
new file mode 100644
index 0000000..36bdbb5
--- /dev/null
+++ b/debian/patches/debian/Revert-udev-make-algorithm-that-selects-highest-priority-.patch
@@ -0,0 +1,163 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Sat, 25 Sep 2021 21:08:36 +0200
+Subject: Revert "udev: make algorithm that selects highest priority devlink
+ less susceptible to race conditions"
+
+This reverts commit 30f6dce62cb3a738b20253f2192270607c31b55b.
+---
+ src/udev/udev-event.c | 7 -----
+ src/udev/udev-node.c | 75 +++++++++++----------------------------------------
+ 2 files changed, 15 insertions(+), 67 deletions(-)
+
+diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
+index 5159d19..9cf5190 100644
+--- a/src/udev/udev-event.c
++++ b/src/udev/udev-event.c
+@@ -1041,13 +1041,6 @@ int udev_event_execute_rules(UdevEvent *event,
+ if (r < 0)
+ return log_device_debug_errno(dev, r, "Failed to update database under /run/udev/data/: %m");
+
+- /* Yes, we run update_devnode() twice, because in the first invocation, that is before update of udev database,
+- * it could happen that two contenders are replacing each other's symlink. Hence we run it again to make sure
+- * symlinks point to devices that claim them with the highest priority. */
+- r = update_devnode(event);
+- if (r < 0)
+- return r;
+-
+ device_set_is_initialized(dev);
+
+ return 0;
+diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c
+index bde18f7..9d4b7d9 100644
+--- a/src/udev/udev-node.c
++++ b/src/udev/udev-node.c
+@@ -20,15 +20,12 @@
+ #include "path-util.h"
+ #include "selinux-util.h"
+ #include "smack-util.h"
+-#include "stat-util.h"
+ #include "stdio-util.h"
+ #include "string-util.h"
+ #include "strxcpyx.h"
+ #include "udev-node.h"
+ #include "user-util.h"
+
+-#define LINK_UPDATE_MAX_RETRIES 128
+-
+ static int node_symlink(sd_device *dev, const char *node, const char *slink) {
+ _cleanup_free_ char *slink_dirname = NULL, *target = NULL;
+ const char *id_filename, *slink_tmp;
+@@ -102,9 +99,7 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) {
+ if (rename(slink_tmp, slink) < 0) {
+ r = log_device_error_errno(dev, errno, "Failed to rename '%s' to '%s': %m", slink_tmp, slink);
+ (void) unlink(slink_tmp);
+- } else
+- /* Tell caller that we replaced already existing symlink. */
+- r = 1;
++ }
+
+ return r;
+ }
+@@ -197,7 +192,7 @@ static int link_update(sd_device *dev, const char *slink, bool add) {
+ _cleanup_free_ char *target = NULL, *filename = NULL, *dirname = NULL;
+ char name_enc[PATH_MAX];
+ const char *id_filename;
+- int i, r, retries;
++ int r;
+
+ assert(dev);
+ assert(slink);
+@@ -217,6 +212,14 @@ static int link_update(sd_device *dev, const char *slink, bool add) {
+ if (!add && unlink(filename) == 0)
+ (void) rmdir(dirname);
+
++ r = link_find_prioritized(dev, add, dirname, &target);
++ if (r < 0) {
++ log_device_debug(dev, "No reference left, removing '%s'", slink);
++ if (unlink(slink) == 0)
++ (void) rmdir_parents(slink, "/");
++ } else
++ (void) node_symlink(dev, target, slink);
++
+ if (add)
+ do {
+ _cleanup_close_ int fd = -1;
+@@ -229,49 +232,7 @@ static int link_update(sd_device *dev, const char *slink, bool add) {
+ r = -errno;
+ } while (r == -ENOENT);
+
+- /* If the database entry is not written yet we will just do one iteration and possibly wrong symlink
+- * will be fixed in the second invocation. */
+- retries = sd_device_get_is_initialized(dev) > 0 ? LINK_UPDATE_MAX_RETRIES : 1;
+-
+- for (i = 0; i < retries; i++) {
+- struct stat st1 = {}, st2 = {};
+-
+- r = stat(dirname, &st1);
+- if (r < 0 && errno != ENOENT)
+- return -errno;
+-
+- r = link_find_prioritized(dev, add, dirname, &target);
+- if (r == -ENOENT) {
+- log_device_debug(dev, "No reference left, removing '%s'", slink);
+- if (unlink(slink) == 0)
+- (void) rmdir_parents(slink, "/");
+-
+- break;
+- } else if (r < 0)
+- return log_device_error_errno(dev, r, "Failed to determine highest priority symlink: %m");
+-
+- r = node_symlink(dev, target, slink);
+- if (r < 0) {
+- (void) unlink(filename);
+- break;
+- } else if (r == 1)
+- /* We have replaced already existing symlink, possibly there is some other device trying
+- * to claim the same symlink. Let's do one more iteration to give us a chance to fix
+- * the error if other device actually claims the symlink with higher priority. */
+- continue;
+-
+- /* Skip the second stat() if the first failed, stat_inode_unmodified() would return false regardless. */
+- if ((st1.st_mode & S_IFMT) != 0) {
+- r = stat(dirname, &st2);
+- if (r < 0 && errno != ENOENT)
+- return -errno;
+-
+- if (stat_inode_unmodified(&st1, &st2))
+- break;
+- }
+- }
+-
+- return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP;
++ return r;
+ }
+
+ int udev_node_update_old_links(sd_device *dev, sd_device *dev_old) {
+@@ -490,11 +451,8 @@ int udev_node_add(sd_device *dev, bool apply,
+ (void) node_symlink(dev, devnode, filename);
+
+ /* create/update symlinks, add symlinks to name index */
+- FOREACH_DEVICE_DEVLINK(dev, devlink) {
+- r = link_update(dev, devlink, true);
+- if (r < 0)
+- log_device_info_errno(dev, r, "Failed to update device symlinks: %m");
+- }
++ FOREACH_DEVICE_DEVLINK(dev, devlink)
++ (void) link_update(dev, devlink, true);
+
+ return 0;
+ }
+@@ -507,11 +465,8 @@ int udev_node_remove(sd_device *dev) {
+ assert(dev);
+
+ /* remove/update symlinks, remove symlinks from name index */
+- FOREACH_DEVICE_DEVLINK(dev, devlink) {
+- r = link_update(dev, devlink, false);
+- if (r < 0)
+- log_device_info_errno(dev, r, "Failed to update device symlinks: %m");
+- }
++ FOREACH_DEVICE_DEVLINK(dev, devlink)
++ (void) link_update(dev, devlink, false);
+
+ r = xsprintf_dev_num_path_from_sd_device(dev, &filename);
+ if (r < 0)
diff --git a/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch b/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch
new file mode 100644
index 0000000..659692f
--- /dev/null
+++ b/debian/patches/debian/Skip-filesystem-check-if-already-done-by-the-initram.patch
@@ -0,0 +1,57 @@
+From: Nis Martensen <nis.martensen@web.de>
+Date: Tue, 19 Jan 2016 22:01:43 +0100
+Subject: Skip filesystem check if already done by the initramfs
+
+Newer versions of initramfs-tools already fsck and mount / and /usr in
+the initramfs. Skip the filesystem check in this case.
+
+Based on a previous patch by Michael Biebl <biebl@debian.org>.
+
+Closes: #782522
+Closes: #810748
+---
+ src/fstab-generator/fstab-generator.c | 11 ++++++++---
+ units/systemd-fsck-root.service.in | 1 +
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
+index 15f5892..e38d9a9 100644
+--- a/src/fstab-generator/fstab-generator.c
++++ b/src/fstab-generator/fstab-generator.c
+@@ -357,6 +357,7 @@ static int add_mount(
+ _cleanup_strv_free_ char **wanted_by = NULL, **required_by = NULL;
+ _cleanup_fclose_ FILE *f = NULL;
+ int r;
++ struct stat sb;
+
+ assert(what);
+ assert(where);
+@@ -434,9 +435,13 @@ static int add_mount(
+ return r;
+
+ if (passno != 0) {
+- r = generator_write_fsck_deps(f, dest, what, where, fstype);
+- if (r < 0)
+- return r;
++ if (streq(where, "/usr") && stat("/run/initramfs/fsck-usr", &sb) == 0)
++ ; /* skip /usr fsck if it has already been checked in the initramfs */
++ else {
++ r = generator_write_fsck_deps(f, dest, what, where, fstype);
++ if (r < 0)
++ return r;
++ }
+ }
+
+ r = generator_write_blockdev_dependency(f, what);
+diff --git a/units/systemd-fsck-root.service.in b/units/systemd-fsck-root.service.in
+index 1dce176..908d931 100644
+--- a/units/systemd-fsck-root.service.in
++++ b/units/systemd-fsck-root.service.in
+@@ -16,6 +16,7 @@ Before=local-fs.target shutdown.target
+ Wants=systemd-fsckd.socket
+ After=systemd-fsckd.socket
+ ConditionPathIsReadWrite=!/
++ConditionPathExists=!/run/initramfs/fsck-root
+
+ [Service]
+ Type=oneshot
diff --git a/debian/patches/debian/Use-Debian-specific-config-files.patch b/debian/patches/debian/Use-Debian-specific-config-files.patch
new file mode 100644
index 0000000..0c0a82a
--- /dev/null
+++ b/debian/patches/debian/Use-Debian-specific-config-files.patch
@@ -0,0 +1,459 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Thu, 18 Jul 2013 20:11:02 +0200
+Subject: Use Debian specific config files
+
+Use /etc/default/locale instead of /etc/locale.conf for locale settings.
+
+Use /etc/default/keyboard instead of /etc/X11/xorg.conf.d/00-keyboard.conf for
+keyboard configuration.
+
+Read/write /etc/timezone if /etc/localtime does not exist.
+---
+ src/basic/time-util.c | 34 ++++++--
+ src/core/locale-setup.c | 21 +++++
+ src/locale/keymap-util.c | 208 ++++++++++++++++++++++++-----------------------
+ src/timedate/timedated.c | 21 ++++-
+ 4 files changed, 173 insertions(+), 111 deletions(-)
+
+diff --git a/src/basic/time-util.c b/src/basic/time-util.c
+index 5318d63..fa3409d 100644
+--- a/src/basic/time-util.c
++++ b/src/basic/time-util.c
+@@ -1456,19 +1456,43 @@ int get_timezone(char **ret) {
+ const char *e;
+ char *z;
+ int r;
++ bool use_utc_fallback = false;
+
+ r = readlink_malloc("/etc/localtime", &t);
+- if (r == -ENOENT) {
+- /* If the symlink does not exist, assume "UTC", like glibc does*/
+- z = strdup("UTC");
++ if (r < 0) {
++ if (r == -ENOENT)
++ use_utc_fallback = true;
++ else if (r != -EINVAL)
++ return r; /* returns EINVAL if not a symlink */
++
++ r = read_one_line_file("/etc/timezone", &t);
++ if (r < 0) {
++ if (r != -ENOENT)
++ log_warning_errno(r, "Failed to read /etc/timezone: %m");
++
++ if (use_utc_fallback) {
++ /* If the /etc/localtime symlink does not exist and we failed
++ * to read /etc/timezone, assume "UTC", like glibc does. */
++ z = strdup("UTC");
++ if (!z)
++ return -ENOMEM;
++
++ *ret = z;
++ return 0;
++ }
++
++ return -EINVAL;
++ }
++
++ if (!timezone_is_valid(t, LOG_DEBUG))
++ return -EINVAL;
++ z = strdup(t);
+ if (!z)
+ return -ENOMEM;
+
+ *ret = z;
+ return 0;
+ }
+- if (r < 0)
+- return r; /* returns EINVAL if not a symlink */
+
+ e = PATH_STARTSWITH_SET(t, "/usr/share/zoneinfo/", "../usr/share/zoneinfo/");
+ if (!e)
+diff --git a/src/core/locale-setup.c b/src/core/locale-setup.c
+index 64761dd..b4ea9e2 100644
+--- a/src/core/locale-setup.c
++++ b/src/core/locale-setup.c
+@@ -58,6 +58,27 @@ int locale_setup(char ***environment) {
+ log_warning_errno(r, "Failed to read /etc/locale.conf: %m");
+ }
+
++ if (r <= 0) {
++ r = parse_env_file(NULL, "/etc/default/locale",
++ "LANG", &variables[VARIABLE_LANG],
++ "LANGUAGE", &variables[VARIABLE_LANGUAGE],
++ "LC_CTYPE", &variables[VARIABLE_LC_CTYPE],
++ "LC_NUMERIC", &variables[VARIABLE_LC_NUMERIC],
++ "LC_TIME", &variables[VARIABLE_LC_TIME],
++ "LC_COLLATE", &variables[VARIABLE_LC_COLLATE],
++ "LC_MONETARY", &variables[VARIABLE_LC_MONETARY],
++ "LC_MESSAGES", &variables[VARIABLE_LC_MESSAGES],
++ "LC_PAPER", &variables[VARIABLE_LC_PAPER],
++ "LC_NAME", &variables[VARIABLE_LC_NAME],
++ "LC_ADDRESS", &variables[VARIABLE_LC_ADDRESS],
++ "LC_TELEPHONE", &variables[VARIABLE_LC_TELEPHONE],
++ "LC_MEASUREMENT", &variables[VARIABLE_LC_MEASUREMENT],
++ "LC_IDENTIFICATION", &variables[VARIABLE_LC_IDENTIFICATION]);
++
++ if (r < 0 && r != -ENOENT)
++ log_warning_errno(r, "Failed to read /etc/default/locale: %m");
++ }
++
+ for (i = 0; i < _VARIABLE_LC_MAX; i++) {
+ char *s;
+
+diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c
+index 697133a..4e1fedb 100644
+--- a/src/locale/keymap-util.c
++++ b/src/locale/keymap-util.c
+@@ -95,6 +95,7 @@ void locale_simplify(char *locale[_VARIABLE_LC_MAX]) {
+ int locale_read_data(Context *c, sd_bus_message *m) {
+ struct stat st;
+ int r;
++ const char *path = "/etc/locale.conf";
+
+ /* Do not try to re-read the file within single bus operation. */
+ if (m) {
+@@ -105,7 +106,11 @@ int locale_read_data(Context *c, sd_bus_message *m) {
+ c->locale_cache = sd_bus_message_ref(m);
+ }
+
+- r = stat("/etc/locale.conf", &st);
++ r = stat(path, &st);
++ if (r < 0 && errno == ENOENT) {
++ path = "/etc/default/locale";
++ r = stat(path, &st);
++ }
+ if (r < 0 && errno != ENOENT)
+ return -errno;
+
+@@ -120,7 +125,7 @@ int locale_read_data(Context *c, sd_bus_message *m) {
+ c->locale_mtime = t;
+ context_free_locale(c);
+
+- r = parse_env_file(NULL, "/etc/locale.conf",
++ r = parse_env_file(NULL, path,
+ "LANG", &c->locale[VARIABLE_LANG],
+ "LANGUAGE", &c->locale[VARIABLE_LANGUAGE],
+ "LC_CTYPE", &c->locale[VARIABLE_LC_CTYPE],
+@@ -201,8 +206,6 @@ int vconsole_read_data(Context *c, sd_bus_message *m) {
+ }
+
+ int x11_read_data(Context *c, sd_bus_message *m) {
+- _cleanup_fclose_ FILE *f = NULL;
+- bool in_section = false;
+ struct stat st;
+ usec_t t;
+ int r;
+@@ -216,7 +219,7 @@ int x11_read_data(Context *c, sd_bus_message *m) {
+ c->x11_cache = sd_bus_message_ref(m);
+ }
+
+- if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) < 0) {
++ if (stat("/etc/default/keyboard", &st) < 0) {
+ if (errno != ENOENT)
+ return -errno;
+
+@@ -233,60 +236,14 @@ int x11_read_data(Context *c, sd_bus_message *m) {
+ c->x11_mtime = t;
+ context_free_x11(c);
+
+- f = fopen("/etc/X11/xorg.conf.d/00-keyboard.conf", "re");
+- if (!f)
+- return -errno;
+-
+- for (;;) {
+- _cleanup_free_ char *line = NULL;
+- char *l;
+-
+- r = read_line(f, LONG_LINE_MAX, &line);
+- if (r < 0)
+- return r;
+- if (r == 0)
+- break;
+-
+- l = strstrip(line);
+- if (IN_SET(l[0], 0, '#'))
+- continue;
+-
+- if (in_section && first_word(l, "Option")) {
+- _cleanup_strv_free_ char **a = NULL;
+-
+- r = strv_split_full(&a, l, WHITESPACE, EXTRACT_UNQUOTE);
+- if (r < 0)
+- return r;
+-
+- if (strv_length(a) == 3) {
+- char **p = NULL;
+-
+- if (streq(a[1], "XkbLayout"))
+- p = &c->x11_layout;
+- else if (streq(a[1], "XkbModel"))
+- p = &c->x11_model;
+- else if (streq(a[1], "XkbVariant"))
+- p = &c->x11_variant;
+- else if (streq(a[1], "XkbOptions"))
+- p = &c->x11_options;
+-
+- if (p)
+- free_and_replace(*p, a[2]);
+- }
+-
+- } else if (!in_section && first_word(l, "Section")) {
+- _cleanup_strv_free_ char **a = NULL;
++ r = parse_env_file(NULL, "/etc/default/keyboard",
++ "XKBMODEL", &c->x11_model,
++ "XKBLAYOUT", &c->x11_layout,
++ "XKBVARIANT", &c->x11_variant,
++ "XKBOPTIONS", &c->x11_options);
+
+- r = strv_split_full(&a, l, WHITESPACE, EXTRACT_UNQUOTE);
+- if (r < 0)
+- return -ENOMEM;
+-
+- if (strv_length(a) == 2 && streq(a[1], "InputClass"))
+- in_section = true;
+-
+- } else if (in_section && first_word(l, "EndSection"))
+- in_section = false;
+- }
++ if (r < 0)
++ return r;
+
+ return 0;
+ }
+@@ -295,9 +252,18 @@ int locale_write_data(Context *c, char ***settings) {
+ _cleanup_strv_free_ char **l = NULL;
+ struct stat st;
+ int r, p;
++ const char *path = "/etc/locale.conf";
+
+ /* Set values will be returned as strv in *settings on success. */
+
++ r = load_env_file(NULL, path, &l);
++ if (r < 0 && r == -ENOENT) {
++ path = "/etc/default/locale";
++ r = load_env_file(NULL, path, &l);
++ }
++ if (r < 0 && r != -ENOENT)
++ return r;
++
+ for (p = 0; p < _VARIABLE_LC_MAX; p++) {
+ _cleanup_free_ char *t = NULL;
+ char **u;
+@@ -320,20 +286,20 @@ int locale_write_data(Context *c, char ***settings) {
+ }
+
+ if (strv_isempty(l)) {
+- if (unlink("/etc/locale.conf") < 0)
++ if (unlink(path) < 0)
+ return errno == ENOENT ? 0 : -errno;
+
+ c->locale_mtime = USEC_INFINITY;
+ return 0;
+ }
+
+- r = write_env_file_label("/etc/locale.conf", l);
++ r = write_env_file_label(path, l);
+ if (r < 0)
+ return r;
+
+ *settings = TAKE_PTR(l);
+
+- if (stat("/etc/locale.conf", &st) >= 0)
++ if (stat(path, &st) >= 0)
+ c->locale_mtime = timespec_load(&st.st_mtim);
+
+ return 0;
+@@ -401,68 +367,104 @@ int vconsole_write_data(Context *c) {
+ }
+
+ int x11_write_data(Context *c) {
+- _cleanup_fclose_ FILE *f = NULL;
+- _cleanup_free_ char *temp_path = NULL;
+ struct stat st;
+ int r;
++ char *t, **u, **l = NULL;
+
+- if (isempty(c->x11_layout) &&
+- isempty(c->x11_model) &&
+- isempty(c->x11_variant) &&
+- isempty(c->x11_options)) {
++ r = load_env_file(NULL, "/etc/default/keyboard", &l);
++ if (r < 0 && r != -ENOENT)
++ return r;
+
+- if (unlink("/etc/X11/xorg.conf.d/00-keyboard.conf") < 0)
+- return errno == ENOENT ? 0 : -errno;
++ /* This could perhaps be done more elegantly using an array
++ * like we do for the locale, instead of struct
++ */
++ if (isempty(c->x11_layout)) {
++ l = strv_env_unset(l, "XKBLAYOUT");
++ } else {
++ if (asprintf(&t, "XKBLAYOUT=%s", c->x11_layout) < 0) {
++ strv_free(l);
++ return -ENOMEM;
++ }
+
+- c->vc_mtime = USEC_INFINITY;
+- return 0;
++ u = strv_env_set(l, t);
++ free(t);
++ strv_free(l);
++
++ if (!u)
++ return -ENOMEM;
++
++ l = u;
+ }
+
+- (void) mkdir_p_label("/etc/X11/xorg.conf.d", 0755);
+- r = fopen_temporary("/etc/X11/xorg.conf.d/00-keyboard.conf", &f, &temp_path);
+- if (r < 0)
+- return r;
++ if (isempty(c->x11_model)) {
++ l = strv_env_unset(l, "XKBMODEL");
++ } else {
++ if (asprintf(&t, "XKBMODEL=%s", c->x11_model) < 0) {
++ strv_free(l);
++ return -ENOMEM;
++ }
+
+- (void) fchmod(fileno(f), 0644);
++ u = strv_env_set(l, t);
++ free(t);
++ strv_free(l);
+
+- fputs("# Written by systemd-localed(8), read by systemd-localed and Xorg. It's\n"
+- "# probably wise not to edit this file manually. Use localectl(1) to\n"
+- "# instruct systemd-localed to update it.\n"
+- "Section \"InputClass\"\n"
+- " Identifier \"system-keyboard\"\n"
+- " MatchIsKeyboard \"on\"\n", f);
++ if (!u)
++ return -ENOMEM;
++
++ l = u;
++ }
++
++ if (isempty(c->x11_variant)) {
++ l = strv_env_unset(l, "XKBVARIANT");
++ } else {
++ if (asprintf(&t, "XKBVARIANT=%s", c->x11_variant) < 0) {
++ strv_free(l);
++ return -ENOMEM;
++ }
+
+- if (!isempty(c->x11_layout))
+- fprintf(f, " Option \"XkbLayout\" \"%s\"\n", c->x11_layout);
++ u = strv_env_set(l, t);
++ free(t);
++ strv_free(l);
+
+- if (!isempty(c->x11_model))
+- fprintf(f, " Option \"XkbModel\" \"%s\"\n", c->x11_model);
++ if (!u)
++ return -ENOMEM;
+
+- if (!isempty(c->x11_variant))
+- fprintf(f, " Option \"XkbVariant\" \"%s\"\n", c->x11_variant);
++ l = u;
++ }
+
+- if (!isempty(c->x11_options))
+- fprintf(f, " Option \"XkbOptions\" \"%s\"\n", c->x11_options);
++ if (isempty(c->x11_options)) {
++ l = strv_env_unset(l, "XKBOPTIONS");
++ } else {
++ if (asprintf(&t, "XKBOPTIONS=%s", c->x11_options) < 0) {
++ strv_free(l);
++ return -ENOMEM;
++ }
+
+- fputs("EndSection\n", f);
++ u = strv_env_set(l, t);
++ free(t);
++ strv_free(l);
+
+- r = fflush_sync_and_check(f);
+- if (r < 0)
+- goto fail;
++ if (!u)
++ return -ENOMEM;
+
+- if (rename(temp_path, "/etc/X11/xorg.conf.d/00-keyboard.conf") < 0) {
+- r = -errno;
+- goto fail;
++ l = u;
+ }
+
+- if (stat("/etc/X11/xorg.conf.d/00-keyboard.conf", &st) >= 0)
+- c->x11_mtime = timespec_load(&st.st_mtim);
++ if (strv_isempty(l)) {
++ strv_free(l);
+
+- return 0;
++ if (unlink("/etc/default/keyboard") < 0)
++ return errno == ENOENT ? 0 : -errno;
+
+-fail:
+- if (temp_path)
+- (void) unlink(temp_path);
++ c->vc_mtime = USEC_INFINITY;
++ return 0;
++ }
++
++ r = write_env_file("/etc/default/keyboard", l);
++ strv_free(l);
++
++ if (r >= 0 && stat("/etc/default/keyboard", &st) >= 0)
++ c->x11_mtime = timespec_load(&st.st_mtim);
+
+ return r;
+ }
+diff --git a/src/timedate/timedated.c b/src/timedate/timedated.c
+index 8149fac..42c8277 100644
+--- a/src/timedate/timedated.c
++++ b/src/timedate/timedated.c
+@@ -283,6 +283,8 @@ static int context_read_data(Context *c) {
+ static int context_write_data_timezone(Context *c) {
+ _cleanup_free_ char *p = NULL;
+ const char *source;
++ int r = 0;
++ struct stat st;
+
+ assert(c);
+
+@@ -296,9 +298,12 @@ static int context_write_data_timezone(Context *c) {
+ if (access("/usr/share/zoneinfo/UTC", F_OK) < 0) {
+
+ if (unlink("/etc/localtime") < 0 && errno != ENOENT)
+- return -errno;
++ r = -errno;
+
+- return 0;
++ if (unlink("/etc/timezone") < 0 && errno != ENOENT)
++ r = -errno;
++
++ return r;
+ }
+
+ source = "../usr/share/zoneinfo/UTC";
+@@ -310,7 +315,17 @@ static int context_write_data_timezone(Context *c) {
+ source = p;
+ }
+
+- return symlink_atomic(source, "/etc/localtime");
++ r = symlink_atomic(source, "/etc/localtime");
++ if (r < 0)
++ return r;
++
++ if (stat("/etc/timezone", &st) == 0 && S_ISREG(st.st_mode)) {
++ r = write_string_file("/etc/timezone", c->zone, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
++ if (r < 0)
++ return r;
++ }
++
++ return 0;
+ }
+
+ static int context_write_data_local_rtc(Context *c) {
diff --git a/debian/patches/debian/deny-list-upstream-test-02-ppc64el.patch b/debian/patches/debian/deny-list-upstream-test-02-ppc64el.patch
new file mode 100644
index 0000000..ee49d27
--- /dev/null
+++ b/debian/patches/debian/deny-list-upstream-test-02-ppc64el.patch
@@ -0,0 +1,17 @@
+From: Dan Streetman <ddstreet@canonical.com>
+Date: Wed, 6 Nov 2019 09:14:54 -0500
+Subject: deny-list-upstream-test-02-ppc64el
+
+Bug: https://github.com/systemd/systemd/issues/11612
+---
+ test/TEST-02-UNITTESTS/deny-list-upstream-ci-ppc64el | 1 +
+ 1 file changed, 1 insertion(+)
+ create mode 100644 test/TEST-02-UNITTESTS/deny-list-upstream-ci-ppc64el
+
+diff --git a/test/TEST-02-UNITTESTS/deny-list-upstream-ci-ppc64el b/test/TEST-02-UNITTESTS/deny-list-upstream-ci-ppc64el
+new file mode 100644
+index 0000000..52877fc
+--- /dev/null
++++ b/test/TEST-02-UNITTESTS/deny-list-upstream-ci-ppc64el
+@@ -0,0 +1 @@
++# unknown reason for failing, tracked in https://github.com/systemd/systemd/issues/11612
diff --git a/debian/patches/debian/deny-list-upstream-test-25.patch b/debian/patches/debian/deny-list-upstream-test-25.patch
new file mode 100644
index 0000000..ec6c211
--- /dev/null
+++ b/debian/patches/debian/deny-list-upstream-test-25.patch
@@ -0,0 +1,17 @@
+From: Dan Streetman <ddstreet@canonical.com>
+Date: Wed, 6 Nov 2019 09:14:50 -0500
+Subject: deny-list-upstream-test-25
+
+Bug: https://github.com/systemd/systemd/issues/13973
+---
+ test/TEST-25-IMPORT/deny-list-upstream-ci | 1 +
+ 1 file changed, 1 insertion(+)
+ create mode 100644 test/TEST-25-IMPORT/deny-list-upstream-ci
+
+diff --git a/test/TEST-25-IMPORT/deny-list-upstream-ci b/test/TEST-25-IMPORT/deny-list-upstream-ci
+new file mode 100644
+index 0000000..47a5f15
+--- /dev/null
++++ b/test/TEST-25-IMPORT/deny-list-upstream-ci
+@@ -0,0 +1 @@
++# unknown failure; tracked in https://github.com/systemd/systemd/issues/13973
diff --git a/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch b/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch
new file mode 100644
index 0000000..6e61355
--- /dev/null
+++ b/debian/patches/debian/fsckd-daemon-for-inter-fsckd-communication.patch
@@ -0,0 +1,1065 @@
+From: Didier Roche <didrocks@ubuntu.com>
+Date: Fri, 22 May 2015 13:04:38 +0200
+Subject: fsckd daemon for inter-fsckd communication
+
+Global logic:
+Add systemd-fsckd multiplexer which accepts multiple (via systemd-fsck's
+/run/systemd/fsck.progress socket) fsck instances to connect to it and sends
+progress report. systemd-fsckd then computes and writes to /dev/console the
+number of devices currently being checked and the minimum fsck progress.
+
+Plymouth and user interaction:
+Forward the progress to plymouth and support canellation of in progress fsck.
+Try to connect and send to plymouth (if running) some checked report progress,
+using direct plymouth protocole.
+
+Update message is the following:
+fsckd:<num_devices>:<progress>:<string>
+* num_devices corresponds to the current number of devices being checked (int)
+* progress corresponds to the current minimum percentage of all devices being
+ checked (float, from 0 to 100)
+* string is a translated message ready to be displayed by the plymouth theme
+ displaying the information above. It can be overridden by plymouth themes
+ supporting i18n.
+
+Grab in fsckd plymouth watch key Control+C, and propagate this cancel request
+to systemd-fsck which will terminate fsck.
+
+Send a message to signal to user what key we are grabbing for fsck cancel.
+
+Message is: fsckd-cancel-msg:<string>
+Where string is a translated string ready to be displayed by the plymouth theme
+indicating that Control+C can be used to cancel current checks. It can be
+overridden (matching only fsckd-cancel-msg prefix) for themes supporting i18n.
+
+Misc:
+systemd-fsckd stops on idle when no fsck is connected.
+Add man page explaining the plymouth theme protocol, usage of the daemon
+as well as the socket activation part. Adapt existing fsck man page.
+
+Note that fsckd had lived in the upstream tree for a while, but was removed.
+More information at
+http://lists.freedesktop.org/archives/systemd-devel/2015-April/030175.html
+-
+---
+ man/rules/meson.build | 1 +
+ man/systemd-fsckd.service.xml | 162 +++++++++
+ meson.build | 9 +
+ po/POTFILES.in | 1 +
+ src/fsckd/fsckd.c | 699 +++++++++++++++++++++++++++++++++++++
+ units/meson.build | 2 +
+ units/systemd-fsck-root.service.in | 2 +
+ units/systemd-fsck@.service.in | 3 +-
+ units/systemd-fsckd.service.in | 17 +
+ units/systemd-fsckd.socket | 15 +
+ 10 files changed, 910 insertions(+), 1 deletion(-)
+ create mode 100644 man/systemd-fsckd.service.xml
+ create mode 100644 src/fsckd/fsckd.c
+ create mode 100644 units/systemd-fsckd.service.in
+ create mode 100644 units/systemd-fsckd.socket
+
+diff --git a/man/rules/meson.build b/man/rules/meson.build
+index cacbbd7..285f5b8 100644
+--- a/man/rules/meson.build
++++ b/man/rules/meson.build
+@@ -840,6 +840,7 @@ manpages = [
+ '8',
+ ['systemd-fsck', 'systemd-fsck-root.service'],
+ ''],
++ ['systemd-fsckd.service', '8', ['systemd-fsckd.socket', 'systemd-fsckd'], ''],
+ ['systemd-fstab-generator', '8', [], ''],
+ ['systemd-getty-generator', '8', [], ''],
+ ['systemd-gpt-auto-generator', '8', [], 'HAVE_BLKID'],
+diff --git a/man/systemd-fsckd.service.xml b/man/systemd-fsckd.service.xml
+new file mode 100644
+index 0000000..b7ad58d
+--- /dev/null
++++ b/man/systemd-fsckd.service.xml
+@@ -0,0 +1,162 @@
++<?xml version="1.0"?>
++<!--*-nxml-*-->
++<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
++<!--
++ This file is part of systemd.
++
++ Copyright 2015 Canonical
++
++ systemd is free software; you can redistribute it and/or modify it
++ under the terms of the GNU Lesser General Public License as published by
++ the Free Software Foundation; either version 2.1 of the License, or
++ (at your option) any later version.
++
++ systemd is distributed in the hope that it will be useful, but
++ WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public License
++ along with systemd; If not, see <http://www.gnu.org/licenses/>.
++-->
++<refentry id="systemd-fsckd.service" xmlns:xi="http://www.w3.org/2001/XInclude">
++
++ <refentryinfo>
++ <title>systemd-fsckd.service</title>
++ <productname>systemd</productname>
++
++ <authorgroup>
++ <author>
++ <contrib>Developer</contrib>
++ <firstname>Didier</firstname>
++ <surname>Roche</surname>
++ <email>didrocks@ubuntu.com</email>
++ </author>
++ </authorgroup>
++ </refentryinfo>
++
++ <refmeta>
++ <refentrytitle>systemd-fsckd.service</refentrytitle>
++ <manvolnum>8</manvolnum>
++ </refmeta>
++
++ <refnamediv>
++ <refname>systemd-fsckd.service</refname>
++ <refname>systemd-fsckd.socket</refname>
++ <refname>systemd-fsckd</refname>
++ <refpurpose>File system check progress reporting</refpurpose>
++ </refnamediv>
++
++ <refsynopsisdiv>
++ <para><filename>systemd-fsckd.service</filename></para>
++ <para><filename>systemd-fsckd.socket</filename></para>
++ <para><filename>/usr/lib/systemd/systemd-fsckd</filename></para>
++ </refsynopsisdiv>
++
++ <refsect1>
++ <title>Description</title>
++
++ <para><filename>systemd-fsckd.service</filename> is a service responsible
++ for receiving file system check progress, and communicating some
++ consolidated data to console and plymouth (if running). It also handles
++ possible check cancellations.</para>
++
++ <para><command>systemd-fsckd</command> receives messages about file
++ system check progress from <command>fsck</command> through an
++ UNIX domain socket. It can display the progress of the least advanced
++ fsck as well as the total number of devices being checked in parallel
++ to the console. It will also send progress messages to plymouth.
++ Both the raw data and translated messages are sent, so compiled
++ plymouth themes can use the raw data to display custom messages, and
++ scripted themes, not supporting i18n, can display the translated
++ versions.</para>
++
++ <para><command>systemd-fsckd</command> will instruct plymouth to grab
++ Control+C keypresses. When the key is pressed, running checks will be
++ terminated. It will also cancel any newly connected fsck instances for
++ the lifetime of <filename>systemd-fsckd</filename>.</para>
++ </refsect1>
++
++ <refsect1>
++ <title>Protocol for communication with plymouth</title>
++
++ <para><filename>systemd-fsckd</filename> passes the
++ following messages to the theme:</para>
++
++ <para>Progress update, sent as a plymouth update message:
++ <literal>fsckd:&lt;num_devices&gt;:&lt;progress&gt;:&lt;string&gt;</literal>
++ <variablelist>
++ <varlistentry>
++ <term><literal>&lt;num_devices&gt;</literal></term>
++ <listitem><para>the current number of devices
++ being checked (int)</para></listitem>
++ </varlistentry>
++ <varlistentry>
++ <term><literal>&lt;progress&gt;</literal></term>
++ <listitem><para>the current minimum percentage of
++ all devices being checking (float, from 0 to 100)</para></listitem>
++ </varlistentry>
++ <varlistentry>
++ <term><literal>&lt;string&gt;</literal></term>
++ <listitem><para>a translated message ready to be displayed
++ by the plymouth theme displaying the data above. It can be overridden
++ by themes supporting i18n.</para></listitem>
++ </varlistentry>
++ </variablelist>
++ </para>
++
++ <para>Cancel message, sent as a traditional plymouth message:
++ <literal>fsckd-cancel-msg:&lt;string&gt;</literal>
++ <variablelist>
++ <varlistentry>
++ <term><literal>&lt;strings&gt;</literal></term>
++ <listitem><para>a translated string ready to be displayed
++ by the plymouth theme indicating that Control+C can be used to cancel
++ current checks. It can be overridden (matching only
++ <literal>fsckd-cancel-msg</literal> prefix)
++ by themes supporting i18n.</para></listitem>
++ </varlistentry>
++ </variablelist>
++ </para>
++ </refsect1>
++
++ <refsect1>
++ <title>Options</title>
++
++ <para>The following options are understood:</para>
++
++ <variablelist>
++ <xi:include href="standard-options.xml" xpointer="help" />
++ <xi:include href="standard-options.xml" xpointer="version" />
++ </variablelist>
++
++ </refsect1>
++
++ <refsect1>
++ <title>Exit status</title>
++
++ <para>On success, 0 is returned, a non-zero failure
++ code otherwise. Note that the daemon stays idle for
++ a while to accept new <filename>fsck</filename>
++ connections before exiting.</para>
++ </refsect1>
++
++ <refsect1>
++ <title>See Also</title>
++ <para>
++ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
++ <citerefentry><refentrytitle>systemd-fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry><refentrytitle>systemd-quotacheck.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.btrfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.cramfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.ext4</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.fat</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.hfsplus</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.minix</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.ntfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
++ <citerefentry project='man-pages'><refentrytitle>fsck.xfs</refentrytitle><manvolnum>8</manvolnum></citerefentry>
++ </para>
++ </refsect1>
++
++</refentry>
+diff --git a/meson.build b/meson.build
+index cf93f38..e33b729 100644
+--- a/meson.build
++++ b/meson.build
+@@ -2895,6 +2895,15 @@ executable(
+ install : true,
+ install_dir : rootlibexecdir)
+
++executable(
++ 'systemd-fsckd',
++ 'src/fsckd/fsckd.c',
++ include_directories : includes,
++ link_with : [libshared],
++ install_rpath : rootlibexecdir,
++ install : true,
++ install_dir : rootlibexecdir)
++
+ executable(
+ 'systemd-sleep',
+ 'src/sleep/sleep.c',
+diff --git a/po/POTFILES.in b/po/POTFILES.in
+index 0346a19..5ea2444 100644
+--- a/po/POTFILES.in
++++ b/po/POTFILES.in
+@@ -10,3 +10,4 @@ src/portable/org.freedesktop.portable1.policy
+ src/resolve/org.freedesktop.resolve1.policy
+ src/timedate/org.freedesktop.timedate1.policy
+ src/core/dbus-unit.c
++src/fsckd/fsckd.c
+diff --git a/src/fsckd/fsckd.c b/src/fsckd/fsckd.c
+new file mode 100644
+index 0000000..4af8e45
+--- /dev/null
++++ b/src/fsckd/fsckd.c
+@@ -0,0 +1,699 @@
++/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
++
++/***
++ This file is part of systemd.
++
++ Copyright 2015 Canonical
++
++ Author:
++ Didier Roche <didrocks@ubuntu.com>
++
++ systemd is free software; you can redistribute it and/or modify it
++ under the terms of the GNU Lesser General Public License as published by
++ the Free Software Foundation; either version 2.1 of the License, or
++ (at your option) any later version.
++
++ systemd is distributed in the hope that it will be useful, but
++ WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public License
++ along with systemd; If not, see <http://www.gnu.org/licenses/>.
++***/
++
++#include <getopt.h>
++#include <errno.h>
++#include <libintl.h>
++#include <math.h>
++#include <stdbool.h>
++#include <stdlib.h>
++#include <stdio.h>
++#include <sys/socket.h>
++#include <sys/types.h>
++#include <sys/un.h>
++#include <unistd.h>
++
++#include "sd-daemon.h"
++#include "build.h"
++#include "def.h"
++#include "sd-event.h"
++#include "log.h"
++#include "list.h"
++#include "macro.h"
++#include "socket-netlink.h"
++#include "socket-util.h"
++#include "fd-util.h"
++#include "string-util.h"
++#include "io-util.h"
++#include "util.h"
++#include "alloc-util.h"
++#include "locale-util.h"
++
++#define FSCKD_SOCKET_PATH "/run/systemd/fsck.progress"
++#define IDLE_TIME_SECONDS 30
++#define PLYMOUTH_REQUEST_KEY "K\2\2\3"
++#define CLIENTS_MAX 128
++
++struct Manager;
++
++typedef struct Client {
++ struct Manager *manager;
++ char *device_name;
++ /* device id refers to "fd <fd>" until it gets a name as "device_name" */
++ char *device_id;
++
++ pid_t fsck_pid;
++ FILE *fsck_f;
++
++ size_t cur;
++ size_t max;
++ int pass;
++
++ double percent;
++
++ bool cancelled;
++ bool bad_input;
++
++ sd_event_source *event_source;
++
++ LIST_FIELDS(struct Client, clients);
++} Client;
++
++typedef struct Manager {
++ sd_event *event;
++
++ LIST_HEAD(Client, clients);
++ unsigned n_clients;
++
++ size_t clear;
++
++ int connection_fd;
++ sd_event_source *connection_event_source;
++
++ bool show_status_console;
++
++ double percent;
++ int numdevices;
++
++ int plymouth_fd;
++ sd_event_source *plymouth_event_source;
++ bool plymouth_cancel_sent;
++
++ bool cancel_requested;
++} Manager;
++
++static void client_free(Client *c);
++static void manager_free(Manager *m);
++
++DEFINE_TRIVIAL_CLEANUP_FUNC(Client*, client_free);
++DEFINE_TRIVIAL_CLEANUP_FUNC(Manager*, manager_free);
++
++static bool plymouth_running(void) {
++ return access("/run/plymouth/pid", F_OK) >= 0;
++}
++
++static int manager_write_console(Manager *m, const char *message) {
++ _cleanup_fclose_ FILE *console = NULL;
++ int l;
++ size_t j;
++
++ assert(m);
++
++ if (!m->show_status_console)
++ return 0;
++
++ /* Nothing to display, and nothing to clear: return now. */
++ if (message == NULL && m->clear == 0) {
++ return 0;
++ }
++
++ /* Reduce the SAK window by opening and closing console on every request */
++ console = fopen("/dev/console", "we");
++ if (!console)
++ return -errno;
++
++ if (message) {
++ fprintf(console, "\r%s\r%n", message, &l);
++ if (m->clear < (size_t)l)
++ m->clear = (size_t)l;
++ } else {
++ fputc('\r', console);
++ for (j = 0; j < m->clear; j++)
++ fputc(' ', console);
++ fputc('\r', console);
++ }
++ fflush(console);
++
++ return 0;
++}
++
++static double compute_percent(int pass, size_t cur, size_t max) {
++ /* Values stolen from e2fsck */
++
++ static const double pass_table[] = {
++ 0, 70, 90, 92, 95, 100
++ };
++
++ if (pass <= 0)
++ return 0.0;
++
++ if ((unsigned) pass >= ELEMENTSOF(pass_table) || max == 0)
++ return 100.0;
++
++ return pass_table[pass-1] +
++ (pass_table[pass] - pass_table[pass-1]) *
++ (double) cur / max;
++}
++
++static int client_request_cancel(Client *c) {
++ assert(c);
++
++ if (c->cancelled)
++ return 0;
++
++ log_info("Request to cancel fsck for %s from fsckd", c->device_id);
++ if (kill(c->fsck_pid, SIGTERM) < 0) {
++ /* ignore the error and consider that cancel was sent if fsck just exited */
++ if (errno != ESRCH)
++ return log_error_errno(errno, "Cannot send cancel to fsck for %s: %m", c->device_id);
++ }
++
++ c->cancelled = true;
++ return 1;
++}
++
++static void client_free(Client *c) {
++ assert(c);
++
++ if (c->manager) {
++ LIST_REMOVE(clients, c->manager->clients, c);
++ c->manager->n_clients--;
++ }
++
++ sd_event_source_unref(c->event_source);
++ fclose(c->fsck_f);
++ if (c->device_name)
++ free(c->device_name);
++ if (c->device_id)
++ free(c->device_id);
++ free(c);
++}
++
++static void manager_disconnect_plymouth(Manager *m) {
++ assert(m);
++
++ m->plymouth_event_source = sd_event_source_unref(m->plymouth_event_source);
++ m->plymouth_fd = safe_close(m->plymouth_fd);
++ m->plymouth_cancel_sent = false;
++}
++
++static int manager_plymouth_feedback_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
++ Manager *m = userdata;
++ Client *current;
++ char buffer[6];
++ ssize_t l;
++
++ assert(m);
++
++ l = read(m->plymouth_fd, buffer, sizeof(buffer));
++ if (l < 0) {
++ log_warning_errno(errno, "Got error while reading from plymouth: %m");
++ manager_disconnect_plymouth(m);
++ return -errno;
++ }
++ if (l == 0) {
++ manager_disconnect_plymouth(m);
++ return 0;
++ }
++
++ if (l > 1 && buffer[0] == '\15')
++ log_error("Message update to plymouth wasn't delivered successfully");
++
++ /* the only answer support type we requested is a key interruption */
++ if (l > 2 && buffer[0] == '\2' && buffer[5] == '\3') {
++ m->cancel_requested = true;
++
++ /* cancel all connected clients */
++ LIST_FOREACH(clients, current, m->clients)
++ client_request_cancel(current);
++ }
++
++ return 0;
++}
++
++static int manager_connect_plymouth(Manager *m) {
++ union sockaddr_union sa = PLYMOUTH_SOCKET;
++ int r;
++
++ if (!plymouth_running())
++ return 0;
++
++ /* try to connect or reconnect if sending a message */
++ if (m->plymouth_fd >= 0)
++ return 1;
++
++ m->plymouth_fd = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
++ if (m->plymouth_fd < 0)
++ return log_warning_errno(errno, "Connection to plymouth socket failed: %m");
++
++ if (connect(m->plymouth_fd, &sa.sa, offsetof(struct sockaddr_un, sun_path) + 1 + strlen(sa.un.sun_path+1)) < 0) {
++ r = log_warning_errno(errno, "Couldn't connect to plymouth: %m");
++ goto fail;
++ }
++
++ r = sd_event_add_io(m->event, &m->plymouth_event_source, m->plymouth_fd, EPOLLIN, manager_plymouth_feedback_handler, m);
++ if (r < 0) {
++ log_warning_errno(r, "Can't listen to plymouth socket: %m");
++ goto fail;
++ }
++
++ return 1;
++
++fail:
++ manager_disconnect_plymouth(m);
++ return r;
++}
++
++static int plymouth_send_message(int plymouth_fd, const char *message, bool update) {
++ _cleanup_free_ char *packet = NULL;
++ int n;
++ char mode = 'M';
++
++ if (update)
++ mode = 'U';
++
++ if (asprintf(&packet, "%c\002%c%s%n", mode, (int) (strlen(message) + 1), message, &n) < 0)
++ return log_oom();
++
++ return loop_write(plymouth_fd, packet, n + 1, true);
++}
++
++static int manager_send_plymouth_message(Manager *m, const char *message) {
++ const char *plymouth_cancel_message = NULL, *l10n_cancel_message = NULL;
++ int r;
++
++ r = manager_connect_plymouth(m);
++ if (r < 0)
++ return r;
++ /* 0 means that plymouth isn't running, do not send any message yet */
++ else if (r == 0)
++ return 0;
++
++ if (!m->plymouth_cancel_sent) {
++
++ /* Indicate to plymouth that we listen to Ctrl+C */
++ r = loop_write(m->plymouth_fd, PLYMOUTH_REQUEST_KEY, sizeof(PLYMOUTH_REQUEST_KEY), true);
++ if (r < 0)
++ return log_warning_errno(r, "Can't send to plymouth cancel key: %m");
++
++ m->plymouth_cancel_sent = true;
++
++ l10n_cancel_message = _("Press Ctrl+C to cancel all filesystem checks in progress");
++ plymouth_cancel_message = strjoina("fsckd-cancel-msg:", l10n_cancel_message);
++
++ r = plymouth_send_message(m->plymouth_fd, plymouth_cancel_message, false);
++ if (r < 0)
++ log_warning_errno(r, "Can't send filesystem cancel message to plymouth: %m");
++
++ } else if (m->numdevices == 0) {
++
++ m->plymouth_cancel_sent = false;
++
++ r = plymouth_send_message(m->plymouth_fd, "", false);
++ if (r < 0)
++ log_warning_errno(r, "Can't clear plymouth filesystem cancel message: %m");
++ }
++
++ r = plymouth_send_message(m->plymouth_fd, message, true);
++ if (r < 0)
++ return log_warning_errno(r, "Couldn't send \"%s\" to plymouth: %m", message);
++
++ return 0;
++}
++
++static int manager_update_global_progress(Manager *m) {
++ Client *current = NULL;
++ _cleanup_free_ char *console_message = NULL;
++ _cleanup_free_ char *fsck_message = NULL;
++ int current_numdevices = 0, r;
++ double current_percent = 100;
++
++ /* get the overall percentage */
++ LIST_FOREACH(clients, current, m->clients) {
++ current_numdevices++;
++
++ /* right now, we only keep the minimum % of all fsckd processes. We could in the future trying to be
++ linear, but max changes and corresponds to the pass. We have all the informations into fsckd
++ already if we can treat that in a smarter way. */
++ current_percent = MIN(current_percent, current->percent);
++ }
++
++ /* update if there is anything user-visible to update */
++ if (fabs(current_percent - m->percent) > 0.001 || current_numdevices != m->numdevices) {
++ m->numdevices = current_numdevices;
++ m->percent = current_percent;
++
++ if (asprintf(&console_message,
++ ngettext("Checking in progress on %d disk (%3.1f%% complete)",
++ "Checking in progress on %d disks (%3.1f%% complete)", m->numdevices),
++ m->numdevices, m->percent) < 0)
++ return -ENOMEM;
++
++ if (asprintf(&fsck_message, "fsckd:%d:%3.1f:%s", m->numdevices, m->percent, console_message) < 0)
++ return -ENOMEM;
++
++ r = manager_write_console(m, console_message);
++ if (r < 0)
++ return r;
++
++ /* try to connect to plymouth and send message */
++ r = manager_send_plymouth_message(m, fsck_message);
++ if (r < 0)
++ return r;
++ }
++ return 0;
++}
++
++static int client_progress_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
++ Client *client = userdata;
++ char line[LINE_MAX];
++ Manager *m;
++
++ assert(client);
++ m = client->manager;
++
++ /* check first if we need to cancel this client */
++ if (m->cancel_requested)
++ client_request_cancel(client);
++
++ while (fgets(line, sizeof(line), client->fsck_f) != NULL) {
++ int pass;
++ size_t cur, max;
++ _cleanup_free_ char *device = NULL, *old_device_id = NULL;
++
++ if (sscanf(line, "%i %zu %zu %ms", &pass, &cur, &max, &device) == 4) {
++ if (!client->device_name) {
++ client->device_name = strdup(device);
++ if (!client->device_name) {
++ log_oom();
++ continue;
++ }
++ old_device_id = client->device_id;
++ client->device_id = strdup(device);
++ if (!client->device_id) {
++ log_oom();
++ client->device_id = old_device_id;
++ old_device_id = NULL;
++ continue;
++ }
++ }
++ client->pass = pass;
++ client->cur = cur;
++ client->max = max;
++ client->bad_input = false;
++ client->percent = compute_percent(client->pass, client->cur, client->max);
++ log_debug("Getting progress for %s (%zu, %zu, %d) : %3.1f%%", client->device_id,
++ client->cur, client->max, client->pass, client->percent);
++ } else {
++ if (errno == ENOMEM) {
++ log_oom();
++ continue;
++ }
++
++ /* if previous input was already garbage, kick it off from progress report */
++ if (client->bad_input) {
++ log_warning("Closing connection on incorrect input of fsck connection for %s", client->device_id);
++ client_free(client);
++ manager_update_global_progress(m);
++ return 0;
++ }
++ client->bad_input = true;
++ }
++
++ }
++
++ if (feof(client->fsck_f)) {
++ log_debug("Fsck client %s disconnected", client->device_id);
++ client_free(client);
++ }
++
++ manager_update_global_progress(m);
++ return 0;
++}
++
++static int manager_new_connection_handler(sd_event_source *s, int fd, uint32_t revents, void *userdata) {
++ _cleanup_(client_freep) Client *c = NULL;
++ _cleanup_close_ int new_fsck_fd = -1;
++ _cleanup_fclose_ FILE *new_fsck_f = NULL;
++ struct ucred ucred = {};
++ Manager *m = userdata;
++ int r;
++
++ assert(m);
++
++ /* Initialize and list new clients */
++ new_fsck_fd = accept4(m->connection_fd, NULL, NULL, SOCK_CLOEXEC|SOCK_NONBLOCK);
++ if (new_fsck_fd < 0) {
++ log_error_errno(errno, "Couldn't accept a new connection: %m");
++ return 0;
++ }
++
++ if (m->n_clients >= CLIENTS_MAX) {
++ log_error("Too many clients, refusing connection.");
++ return 0;
++ }
++
++
++ new_fsck_f = fdopen(new_fsck_fd, "r");
++ if (!new_fsck_f) {
++ log_error_errno(errno, "Couldn't fdopen new connection for fd %d: %m", new_fsck_fd);
++ return 0;
++ }
++ new_fsck_fd = -1;
++
++ r = getpeercred(fileno(new_fsck_f), &ucred);
++ if (r < 0) {
++ log_error_errno(r, "Couldn't get credentials for fsck: %m");
++ return 0;
++ }
++
++ c = new0(Client, 1);
++ if (!c) {
++ log_oom();
++ return 0;
++ }
++
++ c->fsck_pid = ucred.pid;
++ c->fsck_f = new_fsck_f;
++ new_fsck_f = NULL;
++
++ if (asprintf(&(c->device_id), "fd %d", fileno(c->fsck_f)) < 0) {
++ log_oom();
++ return 0;
++ }
++
++ r = sd_event_add_io(m->event, &c->event_source, fileno(c->fsck_f), EPOLLIN, client_progress_handler, c);
++ if (r < 0) {
++ log_oom();
++ return 0;
++ }
++
++ LIST_PREPEND(clients, m->clients, c);
++ m->n_clients++;
++ c->manager = m;
++
++ log_debug("New fsck client connected: %s", c->device_id);
++
++ /* only request the client to cancel now in case the request is dropped by the client (chance to recancel) */
++ if (m->cancel_requested)
++ client_request_cancel(c);
++
++ c = NULL;
++ return 0;
++}
++
++static void manager_free(Manager *m) {
++ if (!m)
++ return;
++
++ /* clear last line */
++ manager_write_console(m, NULL);
++
++ sd_event_source_unref(m->connection_event_source);
++ safe_close(m->connection_fd);
++
++ while (m->clients)
++ client_free(m->clients);
++
++ manager_disconnect_plymouth(m);
++
++ sd_event_unref(m->event);
++
++ free(m);
++}
++
++static int manager_new(Manager **ret, int fd) {
++ _cleanup_(manager_freep) Manager *m = NULL;
++ int r;
++
++ assert(ret);
++
++ m = new0(Manager, 1);
++ if (!m)
++ return -ENOMEM;
++
++ m->plymouth_fd = -1;
++ m->connection_fd = fd;
++ m->percent = 100;
++
++ r = sd_event_default(&m->event);
++ if (r < 0)
++ return r;
++
++ if (access("/run/systemd/show-status", F_OK) >= 0)
++ m->show_status_console = true;
++
++ r = sd_event_add_io(m->event, &m->connection_event_source, fd, EPOLLIN, manager_new_connection_handler, m);
++ if (r < 0)
++ return r;
++
++ *ret = m;
++ m = NULL;
++
++ return 0;
++}
++
++static int run_event_loop_with_timeout(Manager *m, usec_t timeout) {
++ int r, code;
++ sd_event *e = m->event;
++
++ assert(e);
++
++ for (;;) {
++ r = sd_event_get_state(e);
++ if (r < 0)
++ return r;
++ if (r == SD_EVENT_FINISHED)
++ break;
++
++ r = sd_event_run(e, timeout);
++ if (r < 0)
++ return r;
++
++ /* Exit if we reached the idle timeout and no more clients are
++ connected. If there is still an fsck process running but
++ simply slow to send us progress updates, exiting would mean
++ that this fsck process receives SIGPIPE resulting in an
++ aborted file system check. */
++ if (r == 0 && m->n_clients == 0) {
++ sd_event_exit(e, 0);
++ break;
++ }
++ }
++
++ r = sd_event_get_exit_code(e, &code);
++ if (r < 0)
++ return r;
++
++ return code;
++}
++
++static void help(void) {
++ printf("%s [OPTIONS...]\n\n"
++ "Capture fsck progress and forward one stream to plymouth\n\n"
++ " -h --help Show this help\n"
++ " --version Show package version\n",
++ program_invocation_short_name);
++}
++
++static int parse_argv(int argc, char *argv[]) {
++
++ enum {
++ ARG_VERSION = 0x100,
++ ARG_ROOT,
++ };
++
++ static const struct option options[] = {
++ { "help", no_argument, NULL, 'h' },
++ { "version", no_argument, NULL, ARG_VERSION },
++ {}
++ };
++
++ int c;
++
++ assert(argc >= 0);
++ assert(argv);
++
++ while ((c = getopt_long(argc, argv, "hv", options, NULL)) >= 0)
++ switch (c) {
++
++ case 'h':
++ help();
++ return 0;
++
++ case ARG_VERSION:
++ version();
++ return 0;
++
++ case '?':
++ return -EINVAL;
++
++ default:
++ assert_not_reached("Unhandled option");
++ }
++
++ if (optind < argc) {
++ log_error("Extraneous arguments");
++ return -EINVAL;
++ }
++
++ return 1;
++}
++
++int main(int argc, char *argv[]) {
++ _cleanup_(manager_freep) Manager *m = NULL;
++ int fd = -1;
++ int r, n;
++
++ log_set_target(LOG_TARGET_AUTO);
++ log_parse_environment();
++ log_open();
++ init_gettext();
++
++ r = parse_argv(argc, argv);
++ if (r <= 0)
++ goto finish;
++
++ n = sd_listen_fds(0);
++ if (n > 1) {
++ log_error("Too many file descriptors received.");
++ r = -EINVAL;
++ goto finish;
++ } else if (n == 1)
++ fd = SD_LISTEN_FDS_START + 0;
++ else {
++ fd = make_socket_fd(LOG_DEBUG, FSCKD_SOCKET_PATH, SOCK_STREAM, SOCK_CLOEXEC);
++ if (fd < 0) {
++ r = log_error_errno(fd, "Couldn't create listening socket fd on %s: %m", FSCKD_SOCKET_PATH);
++ goto finish;
++ }
++ }
++
++ r = manager_new(&m, fd);
++ if (r < 0) {
++ log_error_errno(r, "Failed to allocate manager: %m");
++ goto finish;
++ }
++
++ r = run_event_loop_with_timeout(m, IDLE_TIME_SECONDS * USEC_PER_SEC);
++ if (r < 0) {
++ log_error_errno(r, "Failed to run event loop: %m");
++ goto finish;
++ }
++
++ sd_event_get_exit_code(m->event, &r);
++
++finish:
++ return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
++}
+diff --git a/units/meson.build b/units/meson.build
+index ba60eb7..95d7eda 100644
+--- a/units/meson.build
++++ b/units/meson.build
+@@ -103,6 +103,7 @@ units = [
+ ['systemd-exit.service', ''],
+ ['systemd-firstboot.service', 'ENABLE_FIRSTBOOT',
+ 'sysinit.target.wants/'],
++ ['systemd-fsckd.socket', ''],
+ ['systemd-halt.service', ''],
+ ['systemd-homed-activate.service', 'ENABLE_HOMED'],
+ ['systemd-initctl.socket', 'HAVE_SYSV_COMPAT',
+@@ -174,6 +175,7 @@ in_units = [
+ ['systemd-pstore.service', 'ENABLE_PSTORE'],
+ ['systemd-fsck-root.service', ''],
+ ['systemd-fsck@.service', ''],
++ ['systemd-fsckd.service', ''],
+ ['systemd-hibernate-resume@.service', 'ENABLE_HIBERNATE'],
+ ['systemd-hibernate.service', 'ENABLE_HIBERNATE'],
+ ['systemd-hybrid-sleep.service', 'ENABLE_HIBERNATE'],
+diff --git a/units/systemd-fsck-root.service.in b/units/systemd-fsck-root.service.in
+index c4a2948..1dce176 100644
+--- a/units/systemd-fsck-root.service.in
++++ b/units/systemd-fsck-root.service.in
+@@ -13,6 +13,8 @@ Documentation=man:systemd-fsck-root.service(8)
+ DefaultDependencies=no
+ Conflicts=shutdown.target
+ Before=local-fs.target shutdown.target
++Wants=systemd-fsckd.socket
++After=systemd-fsckd.socket
+ ConditionPathIsReadWrite=!/
+
+ [Service]
+diff --git a/units/systemd-fsck@.service.in b/units/systemd-fsck@.service.in
+index 6d9c9ab..48d5f29 100644
+--- a/units/systemd-fsck@.service.in
++++ b/units/systemd-fsck@.service.in
+@@ -13,7 +13,8 @@ Documentation=man:systemd-fsck@.service(8)
+ DefaultDependencies=no
+ BindsTo=%i.device
+ Conflicts=shutdown.target
+-After=%i.device systemd-fsck-root.service local-fs-pre.target
++Wants=systemd-fsckd.socket
++After=%i.device systemd-fsck-root.service local-fs-pre.target systemd-fsckd.socket
+ Before=systemd-quotacheck.service shutdown.target
+
+ [Service]
+diff --git a/units/systemd-fsckd.service.in b/units/systemd-fsckd.service.in
+new file mode 100644
+index 0000000..9c7ed51
+--- /dev/null
++++ b/units/systemd-fsckd.service.in
+@@ -0,0 +1,17 @@
++# This file is part of systemd.
++#
++# systemd is free software; you can redistribute it and/or modify it
++# under the terms of the GNU Lesser General Public License as published by
++# the Free Software Foundation; either version 2.1 of the License, or
++# (at your option) any later version.
++
++[Unit]
++Description=File System Check Daemon to report status
++Documentation=man:systemd-fsckd.service(8)
++DefaultDependencies=no
++Requires=systemd-fsckd.socket
++Before=shutdown.target
++
++[Service]
++ExecStart=@rootlibexecdir@/systemd-fsckd
++StandardOutput=journal+console
+diff --git a/units/systemd-fsckd.socket b/units/systemd-fsckd.socket
+new file mode 100644
+index 0000000..61fec97
+--- /dev/null
++++ b/units/systemd-fsckd.socket
+@@ -0,0 +1,15 @@
++# This file is part of systemd.
++#
++# systemd is free software; you can redistribute it and/or modify it
++# under the terms of the GNU Lesser General Public License as published by
++# the Free Software Foundation; either version 2.1 of the License, or
++# (at your option) any later version.
++
++[Unit]
++Description=fsck to fsckd communication Socket
++Documentation=man:systemd-fsckd.service(8) man:systemd-fsck@.service(8) man:systemd-fsck-root.service(8)
++DefaultDependencies=no
++
++[Socket]
++ListenStream=/run/systemd/fsck.progress
++SocketMode=0600
diff --git a/debian/patches/debian/systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch b/debian/patches/debian/systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch
new file mode 100644
index 0000000..68fca31
--- /dev/null
+++ b/debian/patches/debian/systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch
@@ -0,0 +1,52 @@
+From: Ioanna Alifieraki <ioanna-maria.alifieraki@canonical.com>
+Date: Thu, 17 Dec 2020 14:52:07 +0000
+Subject: systemctl: do not shutdown immediately on scheduled shutdown
+
+When, for whatever reason, a scheduled shutdown fails to be set, systemd
+will proceed with immediate shutdown without allowing the user to react.
+This is counterintuitive because when a scheduled shutdown is issued,
+it means the user wants to shutdown at a specified time in the future,
+not immediately. This patch prevents the immediate shutdown and informs
+the user that no action will be taken.
+
+Fixes: #17575
+---
+ src/systemctl/systemctl-compat-halt.c | 8 ++++----
+ src/systemctl/systemctl-logind.c | 3 ++-
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/src/systemctl/systemctl-compat-halt.c b/src/systemctl/systemctl-compat-halt.c
+index 8e41bd6..239a780 100644
+--- a/src/systemctl/systemctl-compat-halt.c
++++ b/src/systemctl/systemctl-compat-halt.c
+@@ -149,11 +149,11 @@ int halt_main(void) {
+ if (r < 0)
+ return r;
+
+- /* Delayed shutdown requested, and was successful */
+- if (arg_when > 0 && logind_schedule_shutdown() == 0)
+- return 0;
++ /* Delayed shutdown requested */
++ if (arg_when > 0)
++ return logind_schedule_shutdown();
+
+- /* No delay, or logind failed or is not at all available */
++ /* No delay, or logind is not at all available */
+ if (geteuid() != 0) {
+ if (arg_dry_run || arg_force > 0) {
+ (void) must_be_root();
+diff --git a/src/systemctl/systemctl-logind.c b/src/systemctl/systemctl-logind.c
+index 405f12a..fd0b143 100644
+--- a/src/systemctl/systemctl-logind.c
++++ b/src/systemctl/systemctl-logind.c
+@@ -315,8 +315,9 @@ int logind_schedule_shutdown(void) {
+ (void) logind_set_wall_message();
+
+ r = bus_call_method(bus, bus_login_mgr, "ScheduleShutdown", &error, NULL, "st", action, arg_when);
++ /* logind fails, cannot schedule reboot, do nothing */
+ if (r < 0)
+- return log_warning_errno(r, "Failed to call ScheduleShutdown in logind, proceeding with immediate shutdown: %s", bus_error_message(&error, r));
++ return log_warning_errno(r, "Failed to call ScheduleShutdown in logind, no action will be taken: %s", bus_error_message(&error, r));
+
+ if (!arg_quiet)
+ log_info("%s scheduled for %s, use 'shutdown -c' to cancel.", log_action, format_timestamp_style(date, sizeof(date), arg_when, arg_timestamp_style));
diff --git a/debian/patches/debian/test-disable-DnsmasqClientTest.test_resolved_etc_hosts-in.patch b/debian/patches/debian/test-disable-DnsmasqClientTest.test_resolved_etc_hosts-in.patch
new file mode 100644
index 0000000..0a48308
--- /dev/null
+++ b/debian/patches/debian/test-disable-DnsmasqClientTest.test_resolved_etc_hosts-in.patch
@@ -0,0 +1,131 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Mon, 18 Jan 2021 13:33:10 +0100
+Subject: test: disable DnsmasqClientTest.test_resolved_etc_hosts in
+ networkd-test.py
+
+This test appears to be flaky.
+
+See: #979716
+---
+ test/networkd-test.py | 108 +++++++++++++++++++++++++-------------------------
+ 1 file changed, 54 insertions(+), 54 deletions(-)
+
+diff --git a/test/networkd-test.py b/test/networkd-test.py
+index 8496ec8..ca158bf 100755
+--- a/test/networkd-test.py
++++ b/test/networkd-test.py
+@@ -674,60 +674,60 @@ Domains= ~company ~lab''')
+ self.assertRegex(general_log, 'query.*megasearch.net')
+ self.assertNotIn('megasearch.net', vpn_log)
+
+- def test_resolved_etc_hosts(self):
+- '''resolved queries to /etc/hosts'''
+-
+- # FIXME: -t MX query fails with enabled DNSSEC (even when using
+- # the known negative trust anchor .internal instead of .example.com)
+- conf = '/run/systemd/resolved.conf.d/test-disable-dnssec.conf'
+- os.makedirs(os.path.dirname(conf), exist_ok=True)
+- with open(conf, 'w') as f:
+- f.write('[Resolve]\nDNSSEC=no\nLLMNR=no\nMulticastDNS=no\n')
+- self.addCleanup(os.remove, conf)
+-
+- # create /etc/hosts bind mount which resolves my.example.com for IPv4
+- hosts = os.path.join(self.workdir, 'hosts')
+- with open(hosts, 'w') as f:
+- f.write('172.16.99.99 my.example.com\n')
+- subprocess.check_call(['mount', '--bind', hosts, '/etc/hosts'])
+- self.addCleanup(subprocess.call, ['umount', '/etc/hosts'])
+- subprocess.check_call(['systemctl', 'stop', 'systemd-resolved.service'])
+-
+- # note: different IPv4 address here, so that it's easy to tell apart
+- # what resolved the query
+- self.create_iface(dnsmasq_opts=['--host-record=my.example.com,172.16.99.1,2600::99:99',
+- '--host-record=other.example.com,172.16.0.42,2600::42',
+- '--mx-host=example.com,mail.example.com'],
+- ipv6=True)
+- self.do_test(coldplug=None, ipv6=True)
+-
+- try:
+- # family specific queries
+- out = subprocess.check_output(['resolvectl', 'query', '-4', 'my.example.com'])
+- self.assertIn(b'my.example.com: 172.16.99.99', out)
+- # we don't expect an IPv6 answer; if /etc/hosts has any IP address,
+- # it's considered a sufficient source
+- self.assertNotEqual(subprocess.call(['resolvectl', 'query', '-6', 'my.example.com']), 0)
+- # "any family" query; IPv4 should come from /etc/hosts
+- out = subprocess.check_output(['resolvectl', 'query', 'my.example.com'])
+- self.assertIn(b'my.example.com: 172.16.99.99', out)
+- # IP → name lookup; again, takes the /etc/hosts one
+- out = subprocess.check_output(['resolvectl', 'query', '172.16.99.99'])
+- self.assertIn(b'172.16.99.99: my.example.com', out)
+-
+- # non-address RRs should fall back to DNS
+- out = subprocess.check_output(['resolvectl', 'query', '--type=MX', 'example.com'])
+- self.assertIn(b'example.com IN MX 1 mail.example.com', out)
+-
+- # other domains query DNS
+- out = subprocess.check_output(['resolvectl', 'query', 'other.example.com'])
+- self.assertIn(b'172.16.0.42', out)
+- out = subprocess.check_output(['resolvectl', 'query', '172.16.0.42'])
+- self.assertIn(b'172.16.0.42: other.example.com', out)
+- except (AssertionError, subprocess.CalledProcessError):
+- self.show_journal('systemd-resolved.service')
+- self.print_server_log()
+- raise
++# def test_resolved_etc_hosts(self):
++# '''resolved queries to /etc/hosts'''
++#
++# # FIXME: -t MX query fails with enabled DNSSEC (even when using
++# # the known negative trust anchor .internal instead of .example.com)
++# conf = '/run/systemd/resolved.conf.d/test-disable-dnssec.conf'
++# os.makedirs(os.path.dirname(conf), exist_ok=True)
++# with open(conf, 'w') as f:
++# f.write('[Resolve]\nDNSSEC=no\nLLMNR=no\nMulticastDNS=no\n')
++# self.addCleanup(os.remove, conf)
++#
++# # create /etc/hosts bind mount which resolves my.example.com for IPv4
++# hosts = os.path.join(self.workdir, 'hosts')
++# with open(hosts, 'w') as f:
++# f.write('172.16.99.99 my.example.com\n')
++# subprocess.check_call(['mount', '--bind', hosts, '/etc/hosts'])
++# self.addCleanup(subprocess.call, ['umount', '/etc/hosts'])
++# subprocess.check_call(['systemctl', 'stop', 'systemd-resolved.service'])
++#
++# # note: different IPv4 address here, so that it's easy to tell apart
++# # what resolved the query
++# self.create_iface(dnsmasq_opts=['--host-record=my.example.com,172.16.99.1,2600::99:99',
++# '--host-record=other.example.com,172.16.0.42,2600::42',
++# '--mx-host=example.com,mail.example.com'],
++# ipv6=True)
++# self.do_test(coldplug=None, ipv6=True)
++#
++# try:
++# # family specific queries
++# out = subprocess.check_output(['resolvectl', 'query', '-4', 'my.example.com'])
++# self.assertIn(b'my.example.com: 172.16.99.99', out)
++# # we don't expect an IPv6 answer; if /etc/hosts has any IP address,
++# # it's considered a sufficient source
++# self.assertNotEqual(subprocess.call(['resolvectl', 'query', '-6', 'my.example.com']), 0)
++# # "any family" query; IPv4 should come from /etc/hosts
++# out = subprocess.check_output(['resolvectl', 'query', 'my.example.com'])
++# self.assertIn(b'my.example.com: 172.16.99.99', out)
++# # IP → name lookup; again, takes the /etc/hosts one
++# out = subprocess.check_output(['resolvectl', 'query', '172.16.99.99'])
++# self.assertIn(b'172.16.99.99: my.example.com', out)
++#
++# # non-address RRs should fall back to DNS
++# out = subprocess.check_output(['resolvectl', 'query', '--type=MX', 'example.com'])
++# self.assertIn(b'example.com IN MX 1 mail.example.com', out)
++#
++# # other domains query DNS
++# out = subprocess.check_output(['resolvectl', 'query', 'other.example.com'])
++# self.assertIn(b'172.16.0.42', out)
++# out = subprocess.check_output(['resolvectl', 'query', '172.16.0.42'])
++# self.assertIn(b'172.16.0.42: other.example.com', out)
++# except (AssertionError, subprocess.CalledProcessError):
++# self.show_journal('systemd-resolved.service')
++# self.print_server_log()
++# raise
+
+ def test_transient_hostname(self):
+ '''networkd sets transient hostname from DHCP'''
diff --git a/debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch b/debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch
new file mode 100644
index 0000000..f5432e8
--- /dev/null
+++ b/debian/patches/debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch
@@ -0,0 +1,25 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Tue, 19 Nov 2019 09:10:23 +0100
+Subject: udev: drop SystemCallArchitectures=native from systemd-udevd.service
+
+We can't really control what helper programs are run from other udev
+rules. E.g. running i386 binaries under amd64 is a valid use case and
+should not trigger a SIGSYS failure.
+
+Closes: #869719
+---
+ units/systemd-udevd.service.in | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
+index 225eac2..f541ff6 100644
+--- a/units/systemd-udevd.service.in
++++ b/units/systemd-udevd.service.in
+@@ -35,7 +35,6 @@ MemoryDenyWriteExecute=yes
+ RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
+ RestrictRealtime=yes
+ RestrictSUIDSGID=yes
+-SystemCallArchitectures=native
+ LockPersonality=yes
+ IPAddressDeny=any
+ @SERVICE_WATCHDOG@
diff --git a/debian/patches/localed-Run-locale-gen-if-available-to-generate-missing-l.patch b/debian/patches/localed-Run-locale-gen-if-available-to-generate-missing-l.patch
new file mode 100644
index 0000000..6752b9d
--- /dev/null
+++ b/debian/patches/localed-Run-locale-gen-if-available-to-generate-missing-l.patch
@@ -0,0 +1,448 @@
+From: Matthias Klumpp <matthias@tenstral.net>
+Date: Fri, 8 Jan 2021 23:59:38 +0100
+Subject: localed: Run locale-gen if available to generate missing locale
+
+This change improves integration with distributions using locale-gen to
+generate missing locale on-demand, like Debian-based distributions
+(Debian/Ubuntu/PureOS/Tanglu/...) and Arch Linux.
+We only ever enable new locales for generation, and never disable them.
+Furthermore, we only generate UTF-8 locale.
+
+This feature is only used if explicitly enabled at compile-time, and
+will also be inert at runtime if the locale-gen binary is missing.
+
+(cherry picked from commit 8f20232fcb52dbe6255f3df6101fc057af90bcfa)
+---
+ meson.build | 8 ++
+ meson_options.txt | 2 +
+ src/locale/keymap-util.c | 211 +++++++++++++++++++++++++++++++++++++++++++++++
+ src/locale/keymap-util.h | 4 +
+ src/locale/localectl.c | 6 +-
+ src/locale/localed.c | 59 ++++++++++++-
+ 6 files changed, 286 insertions(+), 4 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 580964c..cf93f38 100644
+--- a/meson.build
++++ b/meson.build
+@@ -833,6 +833,14 @@ if default_locale == ''
+ endif
+ conf.set_quoted('SYSTEMD_DEFAULT_LOCALE', default_locale)
+
++localegen_path = get_option('localegen-path')
++have = false
++if localegen_path != ''
++ conf.set_quoted('LOCALEGEN_PATH', localegen_path)
++ have = true
++endif
++conf.set10('HAVE_LOCALEGEN', have)
++
+ conf.set_quoted('GETTEXT_PACKAGE', meson.project_name())
+
+ service_watchdog = get_option('service-watchdog')
+diff --git a/meson_options.txt b/meson_options.txt
+index 2435cce..4ffdf7f 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -238,6 +238,8 @@ option('gshadow', type : 'boolean',
+ description : 'support for shadow group')
+ option('default-locale', type : 'string', value : '',
+ description : 'default locale used when /etc/locale.conf does not exist')
++option('localegen-path', type : 'string', value : '',
++ description : 'absolute path to the locale-gen binary in case the system is using locale-gen')
+ option('service-watchdog', type : 'string', value : '3min',
+ description : 'default watchdog setting for systemd services')
+
+diff --git a/src/locale/keymap-util.c b/src/locale/keymap-util.c
+index cb8153f..697133a 100644
+--- a/src/locale/keymap-util.c
++++ b/src/locale/keymap-util.c
+@@ -6,18 +6,21 @@
+ #include <unistd.h>
+
+ #include "bus-polkit.h"
++#include "copy.h"
+ #include "env-file-label.h"
+ #include "env-file.h"
+ #include "env-util.h"
+ #include "fd-util.h"
+ #include "fileio-label.h"
+ #include "fileio.h"
++#include "fs-util.h"
+ #include "kbd-util.h"
+ #include "keymap-util.h"
+ #include "locale-util.h"
+ #include "macro.h"
+ #include "mkdir.h"
+ #include "nulstr-util.h"
++#include "process-util.h"
+ #include "string-util.h"
+ #include "strv.h"
+ #include "tmpfile-util.h"
+@@ -780,3 +783,211 @@ int x11_convert_to_vconsole(Context *c) {
+
+ return modified;
+ }
++
++bool locale_gen_check_available(void) {
++#if HAVE_LOCALEGEN
++ if (access(LOCALEGEN_PATH, X_OK) < 0) {
++ if (errno != ENOENT)
++ log_warning_errno(errno, "Unable to determine whether " LOCALEGEN_PATH " exists and is executable, assuming it is not: %m");
++ return false;
++ }
++ if (access("/etc/locale.gen", F_OK) < 0) {
++ if (errno != ENOENT)
++ log_warning_errno(errno, "Unable to determine whether /etc/locale.gen exists, assuming it does not: %m");
++ return false;
++ }
++ return true;
++#else
++ return false;
++#endif
++}
++
++#if HAVE_LOCALEGEN
++static bool locale_encoding_is_utf8_or_unspecified(const char *locale) {
++ const char *c = strchr(locale, '.');
++ return !c || strcaseeq(c, ".UTF-8") || strcasestr(locale, ".UTF-8@");
++}
++
++static int locale_gen_locale_supported(const char *locale_entry) {
++ /* Returns an error valus <= 0 if the locale-gen entry is invalid or unsupported,
++ * 1 in case the locale entry is valid, and -EOPNOTSUPP specifically in case
++ * the distributor has not provided us with a SUPPORTED file to check
++ * locale for validity. */
++
++ _cleanup_fclose_ FILE *f = NULL;
++ int r;
++
++ assert(locale_entry);
++
++ /* Locale templates without country code are never supported */
++ if (!strstr(locale_entry, "_"))
++ return -EINVAL;
++
++ f = fopen("/usr/share/i18n/SUPPORTED", "re");
++ if (!f) {
++ if (errno == ENOENT)
++ return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
++ "Unable to check validity of locale entry %s: /usr/share/i18n/SUPPORTED does not exist",
++ locale_entry);
++ return -errno;
++ }
++
++ for (;;) {
++ _cleanup_free_ char *line = NULL;
++
++ r = read_line(f, LONG_LINE_MAX, &line);
++ if (r < 0)
++ return log_debug_errno(r, "Failed to read /usr/share/i18n/SUPPORTED: %m");
++ if (r == 0)
++ return 0;
++
++ line = strstrip(line);
++ if (strcaseeq_ptr(line, locale_entry))
++ return 1;
++ }
++}
++#endif
++
++int locale_gen_enable_locale(const char *locale) {
++#if HAVE_LOCALEGEN
++ _cleanup_fclose_ FILE *fr = NULL, *fw = NULL;
++ _cleanup_(unlink_and_freep) char *temp_path = NULL;
++ _cleanup_free_ char *locale_entry = NULL;
++ bool locale_enabled = false, first_line = false;
++ bool write_new = false;
++ int r;
++
++ if (isempty(locale))
++ return 0;
++
++ if (locale_encoding_is_utf8_or_unspecified(locale)) {
++ locale_entry = strjoin(locale, " UTF-8");
++ if (!locale_entry)
++ return -ENOMEM;
++ } else
++ return -ENOEXEC; /* We do not process non-UTF-8 locale */
++
++ r = locale_gen_locale_supported(locale_entry);
++ if (r == 0)
++ return -EINVAL;
++ if (r < 0 && r != -EOPNOTSUPP)
++ return r;
++
++ fr = fopen("/etc/locale.gen", "re");
++ if (!fr) {
++ if (errno != ENOENT)
++ return -errno;
++ write_new = true;
++ }
++
++ r = fopen_temporary("/etc/locale.gen", &fw, &temp_path);
++ if (r < 0)
++ return r;
++
++ if (write_new)
++ (void) fchmod(fileno(fw), 0644);
++ else {
++ /* apply mode & xattrs of the original file to new file */
++ r = copy_access(fileno(fr), fileno(fw));
++ if (r < 0)
++ return r;
++ r = copy_xattr(fileno(fr), fileno(fw));
++ if (r < 0)
++ return r;
++ }
++
++ if (!write_new) {
++ /* The config file ends with a line break, which we do not want to include before potentially appending a new locale
++ * instead of uncommenting an existing line. By prepending linebreaks, we can avoid buffering this file but can still write
++ * a nice config file without empty lines */
++ first_line = true;
++ for (;;) {
++ _cleanup_free_ char *line = NULL;
++ char *line_locale;
++
++ r = read_line(fr, LONG_LINE_MAX, &line);
++ if (r < 0)
++ return r;
++ if (r == 0)
++ break;
++
++ if (locale_enabled) {
++ /* Just complete writing the file if the new locale was already enabled */
++ if (!first_line)
++ fputc('\n', fw);
++ fputs(line, fw);
++ first_line = false;
++ continue;
++ }
++
++ line = strstrip(line);
++ if (isempty(line)) {
++ fputc('\n', fw);
++ first_line = false;
++ continue;
++ }
++
++ line_locale = line;
++ if (line_locale[0] == '#')
++ line_locale = strstrip(line_locale + 1);
++ else if (strcaseeq_ptr(line_locale, locale_entry))
++ return 0; /* the file already had our locale activated, so skip updating it */
++
++ if (strcaseeq_ptr(line_locale, locale_entry)) {
++ /* Uncomment existing line for new locale */
++ if (!first_line)
++ fputc('\n', fw);
++ fputs(locale_entry, fw);
++ locale_enabled = true;
++ first_line = false;
++ continue;
++ }
++
++ /* The line was not for the locale we want to enable, just copy it */
++ if (!first_line)
++ fputc('\n', fw);
++ fputs(line, fw);
++ first_line = false;
++ }
++ }
++
++ /* Add locale to enable to the end of the file if it was not found as commented line */
++ if (!locale_enabled) {
++ if (!write_new)
++ fputc('\n', fw);
++ fputs(locale_entry, fw);
++ }
++ fputc('\n', fw);
++
++ r = fflush_sync_and_check(fw);
++ if (r < 0)
++ return r;
++
++ if (rename(temp_path, "/etc/locale.gen") < 0)
++ return -errno;
++ temp_path = mfree(temp_path);
++
++ return 0;
++#else
++ return -EOPNOTSUPP;
++#endif
++}
++
++int locale_gen_run(void) {
++#if HAVE_LOCALEGEN
++ pid_t pid;
++ int r;
++
++ r = safe_fork("(sd-localegen)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_CLOSE_ALL_FDS|FORK_LOG|FORK_WAIT, &pid);
++ if (r < 0)
++ return r;
++ if (r == 0) {
++ execl(LOCALEGEN_PATH, LOCALEGEN_PATH, NULL);
++ _exit(EXIT_FAILURE);
++ }
++
++ return 0;
++#else
++ return -EOPNOTSUPP;
++#endif
++}
+diff --git a/src/locale/keymap-util.h b/src/locale/keymap-util.h
+index 4997647..c087dbc 100644
+--- a/src/locale/keymap-util.h
++++ b/src/locale/keymap-util.h
+@@ -42,3 +42,7 @@ int x11_convert_to_vconsole(Context *c);
+ int x11_write_data(Context *c);
+ void locale_simplify(char *locale[_VARIABLE_LC_MAX]);
+ int locale_write_data(Context *c, char ***settings);
++
++bool locale_gen_check_available(void);
++int locale_gen_enable_locale(const char *locale);
++int locale_gen_run(void);
+diff --git a/src/locale/localectl.c b/src/locale/localectl.c
+index 7d2e887..7d3d3f8 100644
+--- a/src/locale/localectl.c
++++ b/src/locale/localectl.c
+@@ -26,6 +26,9 @@
+ #include "verbs.h"
+ #include "virt.h"
+
++/* Enough time for locale-gen to finish server-side (in case it is in use) */
++#define LOCALE_SLOW_BUS_CALL_TIMEOUT_USEC (2*USEC_PER_MINUTE)
++
+ static PagerFlags arg_pager_flags = 0;
+ static bool arg_ask_password = true;
+ static BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
+@@ -176,7 +179,8 @@ static int set_locale(int argc, char **argv, void *userdata) {
+ if (r < 0)
+ return bus_log_create_error(r);
+
+- r = sd_bus_call(bus, m, 0, &error, NULL);
++ /* We use a longer timeout for the method call in case localed is running locale-gen */
++ r = sd_bus_call(bus, m, LOCALE_SLOW_BUS_CALL_TIMEOUT_USEC, &error, NULL);
+ if (r < 0)
+ return log_error_errno(r, "Failed to issue method call: %s", bus_error_message(&error, r));
+
+diff --git a/src/locale/localed.c b/src/locale/localed.c
+index 736dacd..12073bd 100644
+--- a/src/locale/localed.c
++++ b/src/locale/localed.c
+@@ -262,6 +262,7 @@ static int property_get_xkb(
+ static int process_locale_list_item(
+ const char *assignment,
+ char *new_locale[static _VARIABLE_LC_MAX],
++ bool use_localegen,
+ sd_bus_error *error) {
+
+ assert(assignment);
+@@ -283,7 +284,7 @@ static int process_locale_list_item(
+
+ if (!locale_is_valid(e))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Locale %s is not valid, refusing.", e);
+- if (locale_is_installed(e) <= 0)
++ if (!use_localegen && locale_is_installed(e) <= 0)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Locale %s not installed, refusing.", e);
+ if (new_locale[p])
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Locale variable %s set twice, refusing.", name);
+@@ -298,6 +299,47 @@ static int process_locale_list_item(
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Locale assignment %s not valid, refusing.", assignment);
+ }
+
++static int locale_gen_process_locale(char *new_locale[static _VARIABLE_LC_MAX],
++ sd_bus_error *error) {
++ int r;
++ assert(new_locale);
++
++ for (LocaleVariable p = 0; p < _VARIABLE_LC_MAX; p++) {
++ if (p == VARIABLE_LANGUAGE)
++ continue;
++ if (isempty(new_locale[p]))
++ continue;
++ if (locale_is_installed(new_locale[p]))
++ continue;
++
++ r = locale_gen_enable_locale(new_locale[p]);
++ if (r == -ENOEXEC) {
++ log_error_errno(r, "Refused to enable locale for generation: %m");
++ return sd_bus_error_setf(error,
++ SD_BUS_ERROR_INVALID_ARGS,
++ "Specified locale is not installed and non-UTF-8 locale will not be auto-generated: %s",
++ new_locale[p]);
++ } else if (r == -EINVAL) {
++ log_error_errno(r, "Failed to enable invalid locale %s for generation.", new_locale[p]);
++ return sd_bus_error_setf(error,
++ SD_BUS_ERROR_INVALID_ARGS,
++ "Can not enable locale generation for invalid locale: %s",
++ new_locale[p]);
++ } else if (r < 0) {
++ log_error_errno(r, "Failed to enable locale for generation: %m");
++ return sd_bus_error_set_errnof(error, r, "Failed to enable locale generation: %m");
++ }
++
++ r = locale_gen_run();
++ if (r < 0) {
++ log_error_errno(r, "Failed to generate locale: %m");
++ return sd_bus_error_set_errnof(error, r, "Failed to generate locale: %m");
++ }
++ }
++
++ return 0;
++}
++
+ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+ _cleanup_(locale_variables_freep) char *new_locale[_VARIABLE_LC_MAX] = {};
+ _cleanup_strv_free_ char **settings = NULL, **l = NULL;
+@@ -305,6 +347,7 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er
+ bool modified = false;
+ int interactive, r;
+ char **i;
++ bool use_localegen;
+
+ assert(m);
+ assert(c);
+@@ -317,11 +360,13 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er
+ if (r < 0)
+ return r;
+
++ use_localegen = locale_gen_check_available();
++
+ /* If single locale without variable name is provided, then we assume it is LANG=. */
+ if (strv_length(l) == 1 && !strchr(l[0], '=')) {
+ if (!locale_is_valid(l[0]))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Invalid locale specification: %s", l[0]);
+- if (locale_is_installed(l[0]) <= 0)
++ if (!use_localegen && locale_is_installed(l[0]) <= 0)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Specified locale is not installed: %s", l[0]);
+
+ new_locale[VARIABLE_LANG] = strdup(l[0]);
+@@ -333,7 +378,7 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er
+
+ /* Check whether a variable is valid */
+ STRV_FOREACH(i, l) {
+- r = process_locale_list_item(*i, new_locale, error);
++ r = process_locale_list_item(*i, new_locale, use_localegen, error);
+ if (r < 0)
+ return r;
+ }
+@@ -392,9 +437,17 @@ static int method_set_locale(sd_bus_message *m, void *userdata, sd_bus_error *er
+ if (r == 0)
+ return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
+
++ /* Generate locale in case it is missing and the system is using locale-gen */
++ if (use_localegen) {
++ r = locale_gen_process_locale(new_locale, error);
++ if (r < 0)
++ return r;
++ }
++
+ for (LocaleVariable p = 0; p < _VARIABLE_LC_MAX; p++)
+ free_and_replace(c->locale[p], new_locale[p]);
+
++ /* Write locale configuration */
+ r = locale_write_data(c, &settings);
+ if (r < 0) {
+ log_error_errno(r, "Failed to set locale: %m");
diff --git a/debian/patches/logind-fix-getting-property-OnExternalPower-via-D-Bus.patch b/debian/patches/logind-fix-getting-property-OnExternalPower-via-D-Bus.patch
new file mode 100644
index 0000000..509dfc7
--- /dev/null
+++ b/debian/patches/logind-fix-getting-property-OnExternalPower-via-D-Bus.patch
@@ -0,0 +1,36 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Wed, 12 Oct 2022 11:07:57 +0200
+Subject: logind: fix getting property OnExternalPower via D-Bus
+
+The BUS_DEFINE_PROPERTY_GET_GLOBAL macro requires a value as third
+argument, so we need to call manager_is_on_external_power(). Otherwise
+the function pointer is interpreted as a boolean and always returns
+true:
+
+```
+$ busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager OnExternalPower
+b true
+$ /lib/systemd/systemd-ac-power --verbose
+no
+```
+
+Thanks: Helmut Grohne <helmut@subdivi.de>
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021644
+(cherry picked from commit 63168cb517a556b2f4f175b365f5a4b4c7e85150)
+---
+ src/login/logind-dbus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
+index b95af1a..cf2be79 100644
+--- a/src/login/logind-dbus.c
++++ b/src/login/logind-dbus.c
+@@ -352,7 +352,7 @@ static int property_get_scheduled_shutdown(
+ static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_handle_action, handle_action, HandleAction);
+ static BUS_DEFINE_PROPERTY_GET(property_get_docked, "b", Manager, manager_is_docked_or_external_displays);
+ static BUS_DEFINE_PROPERTY_GET(property_get_lid_closed, "b", Manager, manager_is_lid_closed);
+-static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power);
++static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power());
+ static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_compat_user_tasks_max, "t", CGROUP_LIMIT_MAX);
+ static BUS_DEFINE_PROPERTY_GET_REF(property_get_hashmap_size, "t", Hashmap *, (uint64_t) hashmap_size);
+
diff --git a/debian/patches/machine-adjust-error-message-to-use-normalized-instead-of.patch b/debian/patches/machine-adjust-error-message-to-use-normalized-instead-of.patch
new file mode 100644
index 0000000..50ae974
--- /dev/null
+++ b/debian/patches/machine-adjust-error-message-to-use-normalized-instead-of.patch
@@ -0,0 +1,28 @@
+From: Luca Boccassi <luca.boccassi@microsoft.com>
+Date: Tue, 15 Dec 2020 18:26:34 +0000
+Subject: machine: adjust error message to use 'normalized' instead of ../
+
+(cherry picked from commit 724e689715c8d9f23d035ab20d8c87b6b6c06e33)
+---
+ src/machine/machine-dbus.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c
+index 3c8f4fd..5ed892f 100644
+--- a/src/machine/machine-dbus.c
++++ b/src/machine/machine-dbus.c
+@@ -827,12 +827,12 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu
+ return r;
+
+ if (!path_is_absolute(src) || !path_is_normalized(src))
+- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Source path must be absolute and not contain ../.");
++ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Source path must be absolute and normalized.");
+
+ if (isempty(dest))
+ dest = src;
+ else if (!path_is_absolute(dest) || !path_is_normalized(dest))
+- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute and not contain ../.");
++ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Destination path must be absolute and normalized.");
+
+ r = bus_verify_polkit_async(
+ message,
diff --git a/debian/patches/machine-basic-factor-out-helper-function-to-add-airlocked.patch b/debian/patches/machine-basic-factor-out-helper-function-to-add-airlocked.patch
new file mode 100644
index 0000000..965e925
--- /dev/null
+++ b/debian/patches/machine-basic-factor-out-helper-function-to-add-airlocked.patch
@@ -0,0 +1,499 @@
+From: Luca Boccassi <luca.boccassi@microsoft.com>
+Date: Thu, 13 Aug 2020 14:01:34 +0100
+Subject: machine/basic: factor out helper function to add airlocked mount to
+ namespace
+
+(cherry picked from commit 6af52c3a458691b016bedeba34c1e72294a67c81)
+---
+ src/machine/machine-dbus.c | 214 ++------------------------------------------
+ src/shared/mount-util.c | 217 +++++++++++++++++++++++++++++++++++++++++++++
+ src/shared/mount-util.h | 2 +
+ 3 files changed, 227 insertions(+), 206 deletions(-)
+
+diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c
+index 1105008..3c8f4fd 100644
+--- a/src/machine/machine-dbus.c
++++ b/src/machine/machine-dbus.c
+@@ -810,17 +810,9 @@ int bus_machine_method_open_shell(sd_bus_message *message, void *userdata, sd_bu
+ }
+
+ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+- _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
+- char mount_slave[] = "/tmp/propagate.XXXXXX", *mount_tmp, *mount_outside, *p;
+- bool mount_slave_created = false, mount_slave_mounted = false,
+- mount_tmp_created = false, mount_tmp_mounted = false,
+- mount_outside_created = false, mount_outside_mounted = false;
+- _cleanup_free_ char *chased_src = NULL;
+ int read_only, make_file_or_directory;
+- const char *dest, *src;
++ const char *dest, *src, *propagate_directory;
+ Machine *m = userdata;
+- struct stat st;
+- pid_t child;
+ uid_t uid;
+ int r;
+
+@@ -862,205 +854,15 @@ int bus_machine_method_bind_mount(sd_bus_message *message, void *userdata, sd_bu
+ if (uid != 0)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Can't bind mount on container with user namespacing applied.");
+
+- /* One day, when bind mounting /proc/self/fd/n works across
+- * namespace boundaries we should rework this logic to make
+- * use of it... */
+-
+- p = strjoina("/run/systemd/nspawn/propagate/", m->name, "/");
+- if (laccess(p, F_OK) < 0)
+- return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Container does not allow propagation of mount points.");
+-
+- r = chase_symlinks(src, NULL, CHASE_TRAIL_SLASH, &chased_src, NULL);
++ propagate_directory = strjoina("/run/systemd/nspawn/propagate/", m->name);
++ r = bind_mount_in_namespace(m->leader,
++ propagate_directory,
++ "/run/host/incoming/",
++ src, dest, read_only, make_file_or_directory);
+ if (r < 0)
+- return sd_bus_error_set_errnof(error, r, "Failed to resolve source path: %m");
+-
+- if (lstat(chased_src, &st) < 0)
+- return sd_bus_error_set_errnof(error, errno, "Failed to stat() source path: %m");
+- if (S_ISLNK(st.st_mode)) /* This shouldn't really happen, given that we just chased the symlinks above, but let's better be safe… */
+- return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Source directory can't be a symbolic link");
+-
+- /* Our goal is to install a new bind mount into the container,
+- possibly read-only. This is irritatingly complex
+- unfortunately, currently.
+-
+- First, we start by creating a private playground in /tmp,
+- that we can mount MS_SLAVE. (Which is necessary, since
+- MS_MOVE cannot be applied to mounts with MS_SHARED parent
+- mounts.) */
+-
+- if (!mkdtemp(mount_slave))
+- return sd_bus_error_set_errnof(error, errno, "Failed to create playground %s: %m", mount_slave);
+-
+- mount_slave_created = true;
+-
+- r = mount_nofollow_verbose(LOG_DEBUG, mount_slave, mount_slave, NULL, MS_BIND, NULL);
+- if (r < 0) {
+- sd_bus_error_set_errnof(error, r, "Failed to make bind mount %s: %m", mount_slave);
+- goto finish;
+- }
+-
+- mount_slave_mounted = true;
+-
+- r = mount_nofollow_verbose(LOG_DEBUG, NULL, mount_slave, NULL, MS_SLAVE, NULL);
+- if (r < 0) {
+- sd_bus_error_set_errnof(error, r, "Failed to remount slave %s: %m", mount_slave);
+- goto finish;
+- }
+-
+- /* Second, we mount the source file or directory to a directory inside of our MS_SLAVE playground. */
+- mount_tmp = strjoina(mount_slave, "/mount");
+- r = make_mount_point_inode_from_stat(&st, mount_tmp, 0700);
+- if (r < 0) {
+- sd_bus_error_set_errnof(error, r, "Failed to create temporary mount point %s: %m", mount_tmp);
+- goto finish;
+- }
+-
+- mount_tmp_created = true;
+-
+- r = mount_nofollow_verbose(LOG_DEBUG, chased_src, mount_tmp, NULL, MS_BIND, NULL);
+- if (r < 0) {
+- sd_bus_error_set_errnof(error, r, "Failed to mount %s: %m", chased_src);
+- goto finish;
+- }
+-
+- mount_tmp_mounted = true;
+-
+- /* Third, we remount the new bind mount read-only if requested. */
+- if (read_only) {
+- r = mount_nofollow_verbose(LOG_DEBUG, NULL, mount_tmp, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL);
+- if (r < 0) {
+- sd_bus_error_set_errnof(error, r, "Failed to remount read-only %s: %m", mount_tmp);
+- goto finish;
+- }
+- }
+-
+- /* Fourth, we move the new bind mount into the propagation directory. This way it will appear there read-only
+- * right-away. */
+-
+- mount_outside = strjoina("/run/systemd/nspawn/propagate/", m->name, "/XXXXXX");
+- if (S_ISDIR(st.st_mode))
+- r = mkdtemp(mount_outside) ? 0 : -errno;
+- else {
+- r = mkostemp_safe(mount_outside);
+- safe_close(r);
+- }
+- if (r < 0) {
+- sd_bus_error_set_errnof(error, r, "Cannot create propagation file or directory %s: %m", mount_outside);
+- goto finish;
+- }
+-
+- mount_outside_created = true;
+-
+- r = mount_nofollow_verbose(LOG_DEBUG, mount_tmp, mount_outside, NULL, MS_MOVE, NULL);
+- if (r < 0) {
+- sd_bus_error_set_errnof(error, r, "Failed to move %s to %s: %m", mount_tmp, mount_outside);
+- goto finish;
+- }
+-
+- mount_outside_mounted = true;
+- mount_tmp_mounted = false;
+-
+- if (S_ISDIR(st.st_mode))
+- (void) rmdir(mount_tmp);
+- else
+- (void) unlink(mount_tmp);
+- mount_tmp_created = false;
+-
+- (void) umount_verbose(LOG_DEBUG, mount_slave, UMOUNT_NOFOLLOW);
+- mount_slave_mounted = false;
+-
+- (void) rmdir(mount_slave);
+- mount_slave_created = false;
+-
+- if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0) {
+- r = sd_bus_error_set_errnof(error, errno, "Failed to create pipe: %m");
+- goto finish;
+- }
+-
+- r = safe_fork("(sd-bindmnt)", FORK_RESET_SIGNALS, &child);
+- if (r < 0) {
+- sd_bus_error_set_errnof(error, r, "Failed to fork(): %m");
+- goto finish;
+- }
+- if (r == 0) {
+- const char *mount_inside, *q;
+- int mntfd;
+-
+- errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
+-
+- q = procfs_file_alloca(m->leader, "ns/mnt");
+- mntfd = open(q, O_RDONLY|O_NOCTTY|O_CLOEXEC);
+- if (mntfd < 0) {
+- r = log_error_errno(errno, "Failed to open mount namespace of leader: %m");
+- goto child_fail;
+- }
+-
+- if (setns(mntfd, CLONE_NEWNS) < 0) {
+- r = log_error_errno(errno, "Failed to join namespace of leader: %m");
+- goto child_fail;
+- }
+-
+- if (make_file_or_directory) {
+- (void) mkdir_parents(dest, 0755);
+- (void) make_mount_point_inode_from_stat(&st, dest, 0700);
+- }
+-
+- mount_inside = strjoina("/run/host/incoming/", basename(mount_outside));
+- r = mount_nofollow_verbose(LOG_ERR, mount_inside, dest, NULL, MS_MOVE, NULL);
+- if (r < 0)
+- goto child_fail;
+-
+- _exit(EXIT_SUCCESS);
+-
+- child_fail:
+- (void) write(errno_pipe_fd[1], &r, sizeof(r));
+- errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
+-
+- _exit(EXIT_FAILURE);
+- }
+-
+- errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
++ return sd_bus_error_set_errnof(error, r, "Failed to mount %s on %s in machine's namespace: %m", src, dest);
+
+- r = wait_for_terminate_and_check("(sd-bindmnt)", child, 0);
+- if (r < 0) {
+- r = sd_bus_error_set_errnof(error, r, "Failed to wait for child: %m");
+- goto finish;
+- }
+- if (r != EXIT_SUCCESS) {
+- if (read(errno_pipe_fd[0], &r, sizeof(r)) == sizeof(r))
+- r = sd_bus_error_set_errnof(error, r, "Failed to mount: %m");
+- else
+- r = sd_bus_error_setf(error, SD_BUS_ERROR_FAILED, "Child failed.");
+- goto finish;
+- }
+-
+- r = sd_bus_reply_method_return(message, NULL);
+-
+-finish:
+- if (mount_outside_mounted)
+- (void) umount_verbose(LOG_DEBUG, mount_outside, UMOUNT_NOFOLLOW);
+- if (mount_outside_created) {
+- if (S_ISDIR(st.st_mode))
+- (void) rmdir(mount_outside);
+- else
+- (void) unlink(mount_outside);
+- }
+-
+- if (mount_tmp_mounted)
+- (void) umount_verbose(LOG_DEBUG, mount_tmp, UMOUNT_NOFOLLOW);
+- if (mount_tmp_created) {
+- if (S_ISDIR(st.st_mode))
+- (void) rmdir(mount_tmp);
+- else
+- (void) unlink(mount_tmp);
+- }
+-
+- if (mount_slave_mounted)
+- (void) umount_verbose(LOG_DEBUG, mount_slave, UMOUNT_NOFOLLOW);
+- if (mount_slave_created)
+- (void) rmdir(mount_slave);
+-
+- return r;
++ return sd_bus_reply_method_return(message, NULL);
+ }
+
+ int bus_machine_method_copy(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c
+index b19b384..4cfbb55 100644
+--- a/src/shared/mount-util.c
++++ b/src/shared/mount-util.c
+@@ -14,15 +14,18 @@
+ #include "fs-util.h"
+ #include "hashmap.h"
+ #include "libmount-util.h"
++#include "mkdir.h"
+ #include "mount-util.h"
+ #include "mountpoint-util.h"
+ #include "parse-util.h"
+ #include "path-util.h"
++#include "process-util.h"
+ #include "set.h"
+ #include "stat-util.h"
+ #include "stdio-util.h"
+ #include "string-util.h"
+ #include "strv.h"
++#include "tmpfile-util.h"
+
+ int mount_fd(const char *source,
+ int target_fd,
+@@ -742,3 +745,217 @@ int mount_option_mangle(
+
+ return 0;
+ }
++
++int bind_mount_in_namespace(
++ pid_t target,
++ const char *propagate_path,
++ const char *incoming_path,
++ const char *src,
++ const char *dest,
++ bool read_only,
++ bool make_file_or_directory) {
++
++ _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
++ char mount_slave[] = "/tmp/propagate.XXXXXX", *mount_tmp, *mount_outside, *p;
++ bool mount_slave_created = false, mount_slave_mounted = false,
++ mount_tmp_created = false, mount_tmp_mounted = false,
++ mount_outside_created = false, mount_outside_mounted = false;
++ _cleanup_free_ char *chased_src = NULL;
++ struct stat st;
++ pid_t child;
++ int r;
++
++ assert(target > 0);
++ assert(propagate_path);
++ assert(incoming_path);
++ assert(src);
++ assert(dest);
++
++ /* One day, when bind mounting /proc/self/fd/n works across
++ * namespace boundaries we should rework this logic to make
++ * use of it... */
++
++ p = strjoina(propagate_path, "/");
++ r = laccess(p, F_OK);
++ if (r < 0)
++ return log_debug_errno(r == -ENOENT ? SYNTHETIC_ERRNO(EOPNOTSUPP) : r, "Target does not allow propagation of mount points");
++
++ r = chase_symlinks(src, NULL, CHASE_TRAIL_SLASH, &chased_src, NULL);
++ if (r < 0)
++ return log_debug_errno(r, "Failed to resolve source path of %s: %m", src);
++
++ if (lstat(chased_src, &st) < 0)
++ return log_debug_errno(errno, "Failed to stat() resolved source path %s: %m", chased_src);
++ if (S_ISLNK(st.st_mode)) /* This shouldn't really happen, given that we just chased the symlinks above, but let's better be safe… */
++ return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Source directory %s can't be a symbolic link", chased_src);
++
++ /* Our goal is to install a new bind mount into the container,
++ possibly read-only. This is irritatingly complex
++ unfortunately, currently.
++
++ First, we start by creating a private playground in /tmp,
++ that we can mount MS_SLAVE. (Which is necessary, since
++ MS_MOVE cannot be applied to mounts with MS_SHARED parent
++ mounts.) */
++
++ if (!mkdtemp(mount_slave))
++ return log_debug_errno(errno, "Failed to create playground %s: %m", mount_slave);
++
++ mount_slave_created = true;
++
++ r = mount_nofollow_verbose(LOG_DEBUG, mount_slave, mount_slave, NULL, MS_BIND, NULL);
++ if (r < 0)
++ goto finish;
++
++ mount_slave_mounted = true;
++
++ r = mount_nofollow_verbose(LOG_DEBUG, NULL, mount_slave, NULL, MS_SLAVE, NULL);
++ if (r < 0)
++ goto finish;
++
++ /* Second, we mount the source file or directory to a directory inside of our MS_SLAVE playground. */
++ mount_tmp = strjoina(mount_slave, "/mount");
++ r = make_mount_point_inode_from_stat(&st, mount_tmp, 0700);
++ if (r < 0) {
++ log_debug_errno(r, "Failed to create temporary mount point %s: %m", mount_tmp);
++ goto finish;
++ }
++
++ mount_tmp_created = true;
++
++ r = mount_nofollow_verbose(LOG_DEBUG, chased_src, mount_tmp, NULL, MS_BIND, NULL);
++ if (r < 0)
++ goto finish;
++
++ mount_tmp_mounted = true;
++
++ /* Third, we remount the new bind mount read-only if requested. */
++ if (read_only) {
++ r = mount_nofollow_verbose(LOG_DEBUG, NULL, mount_tmp, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL);
++ if (r < 0)
++ goto finish;
++ }
++
++ /* Fourth, we move the new bind mount into the propagation directory. This way it will appear there read-only
++ * right-away. */
++
++ mount_outside = strjoina(propagate_path, "/XXXXXX");
++ if (S_ISDIR(st.st_mode))
++ r = mkdtemp(mount_outside) ? 0 : -errno;
++ else {
++ r = mkostemp_safe(mount_outside);
++ safe_close(r);
++ }
++ if (r < 0) {
++ log_debug_errno(r, "Cannot create propagation file or directory %s: %m", mount_outside);
++ goto finish;
++ }
++
++ mount_outside_created = true;
++
++ r = mount_nofollow_verbose(LOG_DEBUG, mount_tmp, mount_outside, NULL, MS_MOVE, NULL);
++ if (r < 0)
++ goto finish;
++
++ mount_outside_mounted = true;
++ mount_tmp_mounted = false;
++
++ if (S_ISDIR(st.st_mode))
++ (void) rmdir(mount_tmp);
++ else
++ (void) unlink(mount_tmp);
++ mount_tmp_created = false;
++
++ (void) umount_verbose(LOG_DEBUG, mount_slave, UMOUNT_NOFOLLOW);
++ mount_slave_mounted = false;
++
++ (void) rmdir(mount_slave);
++ mount_slave_created = false;
++
++ if (pipe2(errno_pipe_fd, O_CLOEXEC|O_NONBLOCK) < 0) {
++ log_debug_errno(errno, "Failed to create pipe: %m");
++ goto finish;
++ }
++
++ r = safe_fork("(sd-bindmnt)", FORK_RESET_SIGNALS, &child);
++ if (r < 0)
++ goto finish;
++ if (r == 0) {
++ const char *mount_inside, *q;
++ int mntfd;
++
++ errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
++
++ q = procfs_file_alloca(target, "ns/mnt");
++ mntfd = open(q, O_RDONLY|O_NOCTTY|O_CLOEXEC);
++ if (mntfd < 0) {
++ r = log_error_errno(errno, "Failed to open mount namespace of leader: %m");
++ goto child_fail;
++ }
++
++ if (setns(mntfd, CLONE_NEWNS) < 0) {
++ r = log_error_errno(errno, "Failed to join namespace of leader: %m");
++ goto child_fail;
++ }
++
++ if (make_file_or_directory) {
++ (void) mkdir_parents(dest, 0755);
++ (void) make_mount_point_inode_from_stat(&st, dest, 0700);
++ }
++
++ /* Fifth, move the mount to the right place inside */
++ mount_inside = strjoina(incoming_path, basename(mount_outside));
++ r = mount_nofollow_verbose(LOG_ERR, mount_inside, dest, NULL, MS_MOVE, NULL);
++ if (r < 0)
++ goto child_fail;
++
++ _exit(EXIT_SUCCESS);
++
++ child_fail:
++ (void) write(errno_pipe_fd[1], &r, sizeof(r));
++ errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
++
++ _exit(EXIT_FAILURE);
++ }
++
++ errno_pipe_fd[1] = safe_close(errno_pipe_fd[1]);
++
++ r = wait_for_terminate_and_check("(sd-bindmnt)", child, 0);
++ if (r < 0) {
++ log_debug_errno(r, "Failed to wait for child: %m");
++ goto finish;
++ }
++ if (r != EXIT_SUCCESS) {
++ if (read(errno_pipe_fd[0], &r, sizeof(r)) == sizeof(r))
++ log_debug_errno(r, "Failed to mount: %m");
++ else
++ log_debug("Child failed.");
++ goto finish;
++ }
++
++finish:
++ if (mount_outside_mounted)
++ (void) umount_verbose(LOG_DEBUG, mount_outside, UMOUNT_NOFOLLOW);
++ if (mount_outside_created) {
++ if (S_ISDIR(st.st_mode))
++ (void) rmdir(mount_outside);
++ else
++ (void) unlink(mount_outside);
++ }
++
++ if (mount_tmp_mounted)
++ (void) umount_verbose(LOG_DEBUG, mount_tmp, UMOUNT_NOFOLLOW);
++ if (mount_tmp_created) {
++ if (S_ISDIR(st.st_mode))
++ (void) rmdir(mount_tmp);
++ else
++ (void) unlink(mount_tmp);
++ }
++
++ if (mount_slave_mounted)
++ (void) umount_verbose(LOG_DEBUG, mount_slave, UMOUNT_NOFOLLOW);
++ if (mount_slave_created)
++ (void) rmdir(mount_slave);
++
++ return r;
++}
+diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h
+index 6202008..c3500a0 100644
+--- a/src/shared/mount-util.h
++++ b/src/shared/mount-util.h
+@@ -97,3 +97,5 @@ static inline char* umount_and_rmdir_and_free(char *p) {
+ return NULL;
+ }
+ DEFINE_TRIVIAL_CLEANUP_FUNC(char*, umount_and_rmdir_and_free);
++
++int bind_mount_in_namespace(pid_t target, const char *propagate_path, const char *incoming_path, const char *src, const char *dest, bool read_only, bool make_file_or_directory);
diff --git a/debian/patches/machine-enter-target-PID-namespace-when-adding-a-live-mou.patch b/debian/patches/machine-enter-target-PID-namespace-when-adding-a-live-mou.patch
new file mode 100644
index 0000000..e9cd9dd
--- /dev/null
+++ b/debian/patches/machine-enter-target-PID-namespace-when-adding-a-live-mou.patch
@@ -0,0 +1,105 @@
+From: Luca Boccassi <bluca@debian.org>
+Date: Wed, 13 Jan 2021 23:52:00 +0000
+Subject: machine: enter target PID namespace when adding a live mount
+
+machinectl fails since 21935150a0c42b91a322105f6a9129116bfc8e2e as it's now
+mounting onto a file descriptor in a target namespace, without joining the
+target's PID namespace.
+Note that it's not enough to setns CLONE_NEWPID, but a double-fork is required
+as well, as implemented by namespace_fork().
+
+Add a test case to TEST-13-NSPAWN to cover this use case.
+
+(cherry picked from commit 98f654fdeab1e1b6df2be76e29e4ccbb6624898d)
+---
+ src/shared/mount-util.c | 6 +++---
+ test/create-busybox-container | 3 +++
+ test/units/testsuite-13.sh | 25 +++++++++++++++++++++++++
+ 3 files changed, 31 insertions(+), 3 deletions(-)
+
+diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c
+index 368c5f0..2e374cc 100644
+--- a/src/shared/mount-util.c
++++ b/src/shared/mount-util.c
+@@ -757,7 +757,7 @@ int bind_mount_in_namespace(
+ bool make_file_or_directory) {
+
+ _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
+- _cleanup_close_ int self_mntns_fd = -1, mntns_fd = -1, root_fd = -1;
++ _cleanup_close_ int self_mntns_fd = -1, mntns_fd = -1, root_fd = -1, pidns_fd = -1;
+ char mount_slave[] = "/tmp/propagate.XXXXXX", *mount_tmp, *mount_outside, *p;
+ bool mount_slave_created = false, mount_slave_mounted = false,
+ mount_tmp_created = false, mount_tmp_mounted = false,
+@@ -773,7 +773,7 @@ int bind_mount_in_namespace(
+ assert(src);
+ assert(dest);
+
+- r = namespace_open(target, NULL, &mntns_fd, NULL, NULL, &root_fd);
++ r = namespace_open(target, &pidns_fd, &mntns_fd, NULL, NULL, &root_fd);
+ if (r < 0)
+ return log_debug_errno(r, "Failed to retrieve FDs of the target process' namespace: %m");
+
+@@ -898,7 +898,7 @@ int bind_mount_in_namespace(
+ }
+
+ r = namespace_fork("(sd-bindmnt)", "(sd-bindmnt-inner)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG,
+- -1, mntns_fd, -1, -1, root_fd, &child);
++ pidns_fd, mntns_fd, -1, -1, root_fd, &child);
+ if (r < 0)
+ goto finish;
+ if (r == 0) {
+diff --git a/test/create-busybox-container b/test/create-busybox-container
+index 5ded429..b2b7b26 100755
+--- a/test/create-busybox-container
++++ b/test/create-busybox-container
+@@ -28,6 +28,9 @@ ln -s busybox "$root/bin/cat"
+ ln -s busybox "$root/bin/tr"
+ ln -s busybox "$root/bin/ps"
+ ln -s busybox "$root/bin/ip"
++ln -s busybox "$root/bin/seq"
++ln -s busybox "$root/bin/sleep"
++ln -s busybox "$root/bin/test"
+
+ mkdir -p "$root/sbin"
+ cat <<'EOF' >"$root/sbin/init"
+diff --git a/test/units/testsuite-13.sh b/test/units/testsuite-13.sh
+index 969ca4a..1844323 100755
+--- a/test/units/testsuite-13.sh
++++ b/test/units/testsuite-13.sh
+@@ -93,6 +93,29 @@ if echo test >> /run/host/os-release; then exit 1; fi
+ fi
+ }
+
++function check_machinectl_bind {
++ local _cmd='for i in $(seq 1 20); do if test -f /tmp/marker; then exit 0; fi; sleep 0.5; done; exit 1;'
++
++ cat <<EOF > /run/systemd/system/nspawn_machinectl_bind.service
++[Service]
++Type=notify
++ExecStart=systemd-nspawn $SUSE_OPTS -D /testsuite-13.nc-container --notify-ready=no /bin/sh -x -e -c "$_cmd"
++EOF
++
++ systemctl start nspawn_machinectl_bind.service
++
++ touch /tmp/marker
++
++ machinectl bind --mkdir testsuite-13.nc-container /tmp/marker
++
++ while systemctl show -P SubState nspawn_machinectl_bind.service | grep -q running
++ do
++ sleep 0.1
++ done
++
++ return $(systemctl show -P ExecMainStatus nspawn_machinectl_bind.service)
++}
++
+ function run {
+ if [[ "$1" = "yes" && "$is_v2_supported" = "no" ]]; then
+ printf "Unified cgroup hierarchy is not supported. Skipping.\n" >&2
+@@ -186,4 +209,6 @@ for api_vfs_writable in yes no network; do
+ run yes yes $api_vfs_writable
+ done
+
++check_machinectl_bind
++
+ touch /testok
diff --git a/debian/patches/machined-varlink-fix-double-free.patch b/debian/patches/machined-varlink-fix-double-free.patch
new file mode 100644
index 0000000..80ccaca
--- /dev/null
+++ b/debian/patches/machined-varlink-fix-double-free.patch
@@ -0,0 +1,22 @@
+From: David Tardon <dtardon@redhat.com>
+Date: Mon, 2 Aug 2021 13:31:04 +0200
+Subject: machined-varlink: fix double free
+
+Fixes: #18599
+---
+ src/machine/machined-varlink.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c
+index 2d6c199..8c2e456 100644
+--- a/src/machine/machined-varlink.c
++++ b/src/machine/machined-varlink.c
+@@ -297,7 +297,7 @@ static int group_lookup_name(Manager *m, const char *name, gid_t *ret_gid, char
+ desc = mfree(desc);
+
+ *ret_gid = converted_gid;
+- *ret_description = desc;
++ *ret_description = TAKE_PTR(desc);
+ return 0;
+ }
+
diff --git a/debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch b/debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch
new file mode 100644
index 0000000..055c598
--- /dev/null
+++ b/debian/patches/network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch
@@ -0,0 +1,86 @@
+From: "Kevin P. Fleming" <kevin@km6g.us>
+Date: Sat, 6 Feb 2021 10:58:43 -0500
+Subject: network: Delay addition of IPv6 Proxy NDP addresses
+
+Setting of IPv6 Proxy NDP addresses must be done at the same
+time as static addresses, static routes, and other link attributes
+that must be configured when the link is up. Doing this ensures
+that they are reconfigured on the link if the link goes down
+and returns to service.
+
+(cherry picked from commit 12f7469bbe0142d7f360a29ca2b407ce7f5ff096)
+
+Fixes https://github.com/systemd/systemd-stable/issues/89
+
+(cherry picked from commit d5ea028e46673ef627843e90c3d01ebac8fe0e62)
+---
+ src/network/networkd-address.c | 11 +++++++++++
+ src/network/networkd-link.c | 5 -----
+ 2 files changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
+index 961b248..ef47af4 100644
+--- a/src/network/networkd-address.c
++++ b/src/network/networkd-address.c
+@@ -9,6 +9,7 @@
+ #include "netlink-util.h"
+ #include "networkd-address-pool.h"
+ #include "networkd-address.h"
++#include "networkd-ipv6-proxy-ndp.h"
+ #include "networkd-manager.h"
+ #include "networkd-network.h"
+ #include "parse-util.h"
+@@ -903,6 +904,7 @@ int address_configure(
+ static int static_address_ready_callback(Address *address) {
+ Address *a;
+ Link *link;
++ int r;
+
+ assert(address);
+ assert(address->link);
+@@ -927,6 +929,10 @@ static int static_address_ready_callback(Address *address) {
+
+ link->addresses_ready = true;
+
++ r = link_set_ipv6_proxy_ndp_addresses(link);
++ if (r < 0)
++ return r;
++
+ return link_set_routes(link);
+ }
+
+@@ -1046,6 +1052,11 @@ int link_set_addresses(Link *link) {
+ if (link->address_messages == 0) {
+ link->addresses_configured = true;
+ link->addresses_ready = true;
++
++ r = link_set_ipv6_proxy_ndp_addresses(link);
++ if (r < 0)
++ return r;
++
+ r = link_set_routes(link);
+ if (r < 0)
+ return r;
+diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c
+index 8120343..e8a7223 100644
+--- a/src/network/networkd-link.c
++++ b/src/network/networkd-link.c
+@@ -28,7 +28,6 @@
+ #include "networkd-dhcp6.h"
+ #include "networkd-fdb.h"
+ #include "networkd-ipv4ll.h"
+-#include "networkd-ipv6-proxy-ndp.h"
+ #include "networkd-link-bus.h"
+ #include "networkd-link.h"
+ #include "networkd-lldp-tx.h"
+@@ -2056,10 +2055,6 @@ int link_configure(Link *link) {
+ if (r < 0)
+ return r;
+
+- r = link_set_ipv6_proxy_ndp_addresses(link);
+- if (r < 0)
+- return r;
+-
+ r = link_set_mac(link);
+ if (r < 0)
+ return r;
diff --git a/debian/patches/pkg-config-make-prefix-overridable-again.patch b/debian/patches/pkg-config-make-prefix-overridable-again.patch
new file mode 100644
index 0000000..68e50bc
--- /dev/null
+++ b/debian/patches/pkg-config-make-prefix-overridable-again.patch
@@ -0,0 +1,75 @@
+From: Jan Tojnar <jtojnar@gmail.com>
+Date: Sat, 2 Jan 2021 02:46:33 +0100
+Subject: pkg-config: make prefix overridable again
+
+While we don't support prefix being != /usr, and this is hardcoded
+all over the place, variables in pkg-config file are expected
+to have overridable base directory.
+
+This is important for at least the following two use cases:
+
+- Installing projects to non-FHS package-specific prefixes for Nix-style
+ package managers. Of course, it is then their responsibility
+ to ensure systemd can find the service files.
+- Installing to local path for development purposes.
+ This is a compromise between running a program from a build directory,
+ and running it fully installed to system prefix.
+
+You will not want to write to system prefix in either case.
+
+For more information, see also
+https://www.bassi.io/articles/2018/03/15/pkg-config-and-paths/
+
+Fixes https://github.com/systemd/systemd/issues/18082
+
+Partially reverts 6e65df89c348242dbd10036abc7dd5e8181cf733
+
+(cherry picked from commit 60bce7c6d9606185114df1bdcd5ea100407688b8)
+---
+ src/core/systemd.pc.in | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in
+index f2c0455..b5cc8f9 100644
+--- a/src/core/systemd.pc.in
++++ b/src/core/systemd.pc.in
+@@ -26,10 +26,10 @@ systemdsystemunitdir=${systemd_system_unit_dir}
+ systemd_system_preset_dir=${rootprefix}/lib/systemd/system-preset
+ systemdsystempresetdir=${systemd_system_preset_dir}
+
+-systemd_user_unit_dir=/usr/lib/systemd/user
++systemd_user_unit_dir=${prefix}/lib/systemd/user
+ systemduserunitdir=${systemd_user_unit_dir}
+
+-systemd_user_preset_dir=/usr/lib/systemd/user-preset
++systemd_user_preset_dir=${prefix}/lib/systemd/user-preset
+ systemduserpresetdir=${systemd_user_preset_dir}
+
+ systemd_system_conf_dir=${sysconfdir}/systemd/system
+@@ -47,7 +47,7 @@ systemduserunitpath=${systemd_user_unit_path}
+ systemd_system_generator_dir=${root_prefix}/lib/systemd/system-generators
+ systemdsystemgeneratordir=${systemd_system_generator_dir}
+
+-systemd_user_generator_dir=/usr/lib/systemd/user-generators
++systemd_user_generator_dir=${prefix}/lib/systemd/user-generators
+ systemdusergeneratordir=${systemd_user_generator_dir}
+
+ systemd_system_generator_path=/run/systemd/system-generators:/etc/systemd/system-generators:/usr/local/lib/systemd/system-generators:${systemd_system_generator_dir}
+@@ -62,7 +62,7 @@ systemdsleepdir=${systemd_sleep_dir}
+ systemd_shutdown_dir=${root_prefix}/lib/systemd/system-shutdown
+ systemdshutdowndir=${systemd_shutdown_dir}
+
+-tmpfiles_dir=/usr/lib/tmpfiles.d
++tmpfiles_dir=${prefix}/lib/tmpfiles.d
+ tmpfilesdir=${tmpfiles_dir}
+
+ sysusers_dir=${rootprefix}/lib/sysusers.d
+@@ -77,7 +77,7 @@ binfmtdir=${binfmt_dir}
+ modules_load_dir=${rootprefix}/lib/modules-load.d
+ modulesloaddir=${modules_load_dir}
+
+-catalog_dir=/usr/lib/systemd/catalog
++catalog_dir=${prefix}/lib/systemd/catalog
+ catalogdir=${catalog_dir}
+
+ system_uid_max=@SYSTEM_UID_MAX@
diff --git a/debian/patches/rm-rf-fstatat-might-fail-if-containing-dir-has-limited-ac.patch b/debian/patches/rm-rf-fstatat-might-fail-if-containing-dir-has-limited-ac.patch
new file mode 100644
index 0000000..67d959c
--- /dev/null
+++ b/debian/patches/rm-rf-fstatat-might-fail-if-containing-dir-has-limited-ac.patch
@@ -0,0 +1,128 @@
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 26 Jan 2021 16:47:07 +0100
+Subject: rm-rf: fstatat() might fail if containing dir has limited access
+ mode, patch that too
+
+(cherry picked from commit 1b55621dabf741dd963f59ac706ea62cd6e3e95c)
+(cherry picked from commit ce53b81a600e2162ee86e2f4d202e7f28eceb2c6)
+---
+ src/basic/rm-rf.c | 82 ++++++++++++++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 66 insertions(+), 16 deletions(-)
+
+diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c
+index 4c39ce8..2f2ebc3 100644
+--- a/src/basic/rm-rf.c
++++ b/src/basic/rm-rf.c
+@@ -23,13 +23,38 @@ static bool is_physical_fs(const struct statfs *sfs) {
+ return !is_temporary_fs(sfs) && !is_cgroup_fs(sfs);
+ }
+
++static int patch_dirfd_mode(
++ int dfd,
++ mode_t *ret_old_mode) {
++
++ struct stat st;
++
++ assert(dfd >= 0);
++ assert(ret_old_mode);
++
++ if (fstat(dfd, &st) < 0)
++ return -errno;
++ if (!S_ISDIR(st.st_mode))
++ return -ENOTDIR;
++ if (FLAGS_SET(st.st_mode, 0700)) /* Already set? */
++ return -EACCES; /* original error */
++ if (st.st_uid != geteuid()) /* this only works if the UID matches ours */
++ return -EACCES;
++
++ if (fchmod(dfd, (st.st_mode | 0700) & 07777) < 0)
++ return -errno;
++
++ *ret_old_mode = st.st_mode;
++ return 0;
++}
++
+ static int unlinkat_harder(
+ int dfd,
+ const char *filename,
+ int unlink_flags,
+ RemoveFlags remove_flags) {
+
+- struct stat st;
++ mode_t old_mode;
+ int r;
+
+ /* Like unlinkat(), but tries harder: if we get EACCESS we'll try to set the r/w/x bits on the
+@@ -41,22 +66,46 @@ static int unlinkat_harder(
+ if (errno != EACCES || !FLAGS_SET(remove_flags, REMOVE_CHMOD))
+ return -errno;
+
+- if (fstat(dfd, &st) < 0)
+- return -errno;
+- if (!S_ISDIR(st.st_mode))
+- return -ENOTDIR;
+- if (FLAGS_SET(st.st_mode, 0700)) /* Already set? */
+- return -EACCES; /* original error */
+- if (st.st_uid != geteuid()) /* this only works if the UID matches ours */
+- return -EACCES;
+-
+- if (fchmod(dfd, (st.st_mode | 0700) & 07777) < 0)
+- return -errno;
++ r = patch_dirfd_mode(dfd, &old_mode);
++ if (r < 0)
++ return r;
+
+ if (unlinkat(dfd, filename, unlink_flags) < 0) {
+ r = -errno;
+ /* Try to restore the original access mode if this didn't work */
+- (void) fchmod(dfd, st.st_mode & 07777);
++ (void) fchmod(dfd, old_mode);
++ return r;
++ }
++
++ /* If this worked, we won't reset the old mode, since we'll need it for other entries too, and we
++ * should destroy the whole thing */
++ return 0;
++}
++
++static int fstatat_harder(
++ int dfd,
++ const char *filename,
++ struct stat *ret,
++ int fstatat_flags,
++ RemoveFlags remove_flags) {
++
++ mode_t old_mode;
++ int r;
++
++ /* Like unlink_harder() but does the same for fstatat() */
++
++ if (fstatat(dfd, filename, ret, fstatat_flags) >= 0)
++ return 0;
++ if (errno != EACCES || !FLAGS_SET(remove_flags, REMOVE_CHMOD))
++ return -errno;
++
++ r = patch_dirfd_mode(dfd, &old_mode);
++ if (r < 0)
++ return r;
++
++ if (fstatat(dfd, filename, ret, fstatat_flags) < 0) {
++ r = -errno;
++ (void) fchmod(dfd, old_mode);
+ return r;
+ }
+
+@@ -112,9 +161,10 @@ int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) {
+
+ if (de->d_type == DT_UNKNOWN ||
+ (de->d_type == DT_DIR && (root_dev || (flags & REMOVE_SUBVOLUME)))) {
+- if (fstatat(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
+- if (ret == 0 && errno != ENOENT)
+- ret = -errno;
++ r = fstatat_harder(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW, flags);
++ if (r < 0) {
++ if (ret == 0 && r != -ENOENT)
++ ret = r;
+ continue;
+ }
+
diff --git a/debian/patches/rm-rf-optionally-fsync-after-removing-directory-tree.patch b/debian/patches/rm-rf-optionally-fsync-after-removing-directory-tree.patch
new file mode 100644
index 0000000..66a1ef5
--- /dev/null
+++ b/debian/patches/rm-rf-optionally-fsync-after-removing-directory-tree.patch
@@ -0,0 +1,39 @@
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 5 Oct 2021 10:32:56 +0200
+Subject: rm-rf: optionally fsync() after removing directory tree
+
+(cherry picked from commit bdfe7ada0d4d66e6d6e65f2822acbb1ec230f9c2)
+(cherry picked from commit 2426beacca09d84091759be45b25c88116302184)
+(cherry picked from commit 0e180f8e9c25c707b0465ad1b9447a4360f785f1)
+(cherry picked from commit 9a9c2220cd3cb61c2de9c482f8ed7fa60807b14a)
+---
+ src/basic/rm-rf.c | 3 +++
+ src/basic/rm-rf.h | 1 +
+ 2 files changed, 4 insertions(+)
+
+diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c
+index f1b8445..cf671c2 100644
+--- a/src/basic/rm-rf.c
++++ b/src/basic/rm-rf.c
+@@ -249,6 +249,9 @@ int rm_rf_children(
+ ret = r;
+ }
+
++ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0)
++ ret = -errno;
++
+ return ret;
+ }
+
+diff --git a/src/basic/rm-rf.h b/src/basic/rm-rf.h
+index b0d5b63..2619fc5 100644
+--- a/src/basic/rm-rf.h
++++ b/src/basic/rm-rf.h
+@@ -12,6 +12,7 @@ typedef enum RemoveFlags {
+ REMOVE_SUBVOLUME = 1 << 3, /* Drop btrfs subvolumes in the tree too */
+ REMOVE_MISSING_OK = 1 << 4, /* If the top-level directory is missing, ignore the ENOENT for it */
+ REMOVE_CHMOD = 1 << 5, /* chmod() for write access if we cannot delete something */
++ REMOVE_SYNCFS = 1 << 6, /* syncfs() the root of the specified directory after removing everything in it */
+ } RemoveFlags;
+
+ int rm_rf_children(int fd, RemoveFlags flags, const struct stat *root_dev);
diff --git a/debian/patches/rm-rf-refactor-rm_rf_children-split-out-body-of-directory.patch b/debian/patches/rm-rf-refactor-rm_rf_children-split-out-body-of-directory.patch
new file mode 100644
index 0000000..8692c2f
--- /dev/null
+++ b/debian/patches/rm-rf-refactor-rm_rf_children-split-out-body-of-directory.patch
@@ -0,0 +1,320 @@
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 26 Jan 2021 16:30:06 +0100
+Subject: rm-rf: refactor rm_rf_children(),
+ split out body of directory iteration loop
+
+This splits out rm_rf_children_inner() as body of the loop. We can use
+that to implement rm_rf_child() for deleting one specific entry in a
+directory.
+
+(cherry picked from commit 1f0fb7d544711248cba34615e43c5a76bc902d74)
+(cherry picked from commit ca4a0e7d41f0b2a1fe2f99dbc3763187c16cf7ab)
+(cherry picked from commit 85ccac3393e78d4bf2776ffb8c3a1d8a2a909a2a)
+(cherry picked from commit a87d7ff1a60fe359978e12eb34224255a8f33e27)
+---
+ src/basic/rm-rf.c | 223 +++++++++++++++++++++++++++++++-----------------------
+ src/basic/rm-rf.h | 3 +-
+ 2 files changed, 131 insertions(+), 95 deletions(-)
+
+diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c
+index 2f2ebc3..f1b8445 100644
+--- a/src/basic/rm-rf.c
++++ b/src/basic/rm-rf.c
+@@ -19,6 +19,9 @@
+ #include "stat-util.h"
+ #include "string-util.h"
+
++/* We treat tmpfs/ramfs + cgroupfs as non-physical file sytems. cgroupfs is similar to tmpfs in a way after
++ * all: we can create arbitrary directory hierarchies in it, and hence can also use rm_rf() on it to remove
++ * those again. */
+ static bool is_physical_fs(const struct statfs *sfs) {
+ return !is_temporary_fs(sfs) && !is_cgroup_fs(sfs);
+ }
+@@ -112,133 +115,145 @@ static int fstatat_harder(
+ return 0;
+ }
+
+-int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) {
+- _cleanup_closedir_ DIR *d = NULL;
+- struct dirent *de;
+- int ret = 0, r;
+- struct statfs sfs;
++static int rm_rf_children_inner(
++ int fd,
++ const char *fname,
++ int is_dir,
++ RemoveFlags flags,
++ const struct stat *root_dev) {
+
+- assert(fd >= 0);
++ struct stat st;
++ int r;
+
+- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed
+- * fd, in all cases, including on failure.. */
++ assert(fd >= 0);
++ assert(fname);
+
+- if (!(flags & REMOVE_PHYSICAL)) {
++ if (is_dir < 0 || (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) {
+
+- r = fstatfs(fd, &sfs);
+- if (r < 0) {
+- safe_close(fd);
+- return -errno;
+- }
++ r = fstatat_harder(fd, fname, &st, AT_SYMLINK_NOFOLLOW, flags);
++ if (r < 0)
++ return r;
+
+- if (is_physical_fs(&sfs)) {
+- /* We refuse to clean physical file systems with this call,
+- * unless explicitly requested. This is extra paranoia just
+- * to be sure we never ever remove non-state data. */
+- _cleanup_free_ char *path = NULL;
++ is_dir = S_ISDIR(st.st_mode);
++ }
+
+- (void) fd_get_path(fd, &path);
+- log_error("Attempted to remove disk file system under \"%s\", and we can't allow that.",
+- strna(path));
++ if (is_dir) {
++ _cleanup_close_ int subdir_fd = -1;
++ int q;
+
+- safe_close(fd);
+- return -EPERM;
+- }
+- }
++ /* if root_dev is set, remove subdirectories only if device is same */
++ if (root_dev && st.st_dev != root_dev->st_dev)
++ return 0;
+
+- d = fdopendir(fd);
+- if (!d) {
+- safe_close(fd);
+- return errno == ENOENT ? 0 : -errno;
+- }
++ /* Stop at mount points */
++ r = fd_is_mount_point(fd, fname, 0);
++ if (r < 0)
++ return r;
++ if (r > 0)
++ return 0;
+
+- FOREACH_DIRENT_ALL(de, d, return -errno) {
+- bool is_dir;
+- struct stat st;
++ if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) {
+
+- if (dot_or_dot_dot(de->d_name))
+- continue;
++ /* This could be a subvolume, try to remove it */
+
+- if (de->d_type == DT_UNKNOWN ||
+- (de->d_type == DT_DIR && (root_dev || (flags & REMOVE_SUBVOLUME)))) {
+- r = fstatat_harder(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW, flags);
++ r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
+ if (r < 0) {
+- if (ret == 0 && r != -ENOENT)
+- ret = r;
+- continue;
+- }
++ if (!IN_SET(r, -ENOTTY, -EINVAL))
++ return r;
+
+- is_dir = S_ISDIR(st.st_mode);
+- } else
+- is_dir = de->d_type == DT_DIR;
++ /* ENOTTY, then it wasn't a btrfs subvolume, continue below. */
++ } else
++ /* It was a subvolume, done. */
++ return 1;
++ }
+
+- if (is_dir) {
+- _cleanup_close_ int subdir_fd = -1;
++ subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
++ if (subdir_fd < 0)
++ return -errno;
+
+- /* if root_dev is set, remove subdirectories only if device is same */
+- if (root_dev && st.st_dev != root_dev->st_dev)
+- continue;
++ /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type
++ * again for each directory */
++ q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev);
+
+- subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
+- if (subdir_fd < 0) {
+- if (ret == 0 && errno != ENOENT)
+- ret = -errno;
+- continue;
+- }
++ r = unlinkat_harder(fd, fname, AT_REMOVEDIR, flags);
++ if (r < 0)
++ return r;
++ if (q < 0)
++ return q;
+
+- /* Stop at mount points */
+- r = fd_is_mount_point(fd, de->d_name, 0);
+- if (r < 0) {
+- if (ret == 0 && r != -ENOENT)
+- ret = r;
++ return 1;
+
+- continue;
+- }
+- if (r > 0)
+- continue;
++ } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) {
++ r = unlinkat_harder(fd, fname, 0, flags);
++ if (r < 0)
++ return r;
+
+- if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) {
++ return 1;
++ }
+
+- /* This could be a subvolume, try to remove it */
++ return 0;
++}
+
+- r = btrfs_subvol_remove_fd(fd, de->d_name, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
+- if (r < 0) {
+- if (!IN_SET(r, -ENOTTY, -EINVAL)) {
+- if (ret == 0)
+- ret = r;
++int rm_rf_children(
++ int fd,
++ RemoveFlags flags,
++ const struct stat *root_dev) {
+
+- continue;
+- }
++ _cleanup_closedir_ DIR *d = NULL;
++ struct dirent *de;
++ int ret = 0, r;
+
+- /* ENOTTY, then it wasn't a btrfs subvolume, continue below. */
+- } else
+- /* It was a subvolume, continue. */
+- continue;
+- }
++ assert(fd >= 0);
++
++ /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed
++ * fd, in all cases, including on failure. */
++
++ d = fdopendir(fd);
++ if (!d) {
++ safe_close(fd);
++ return -errno;
++ }
+
+- /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file
+- * system type again for each directory */
+- r = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev);
+- if (r < 0 && ret == 0)
+- ret = r;
++ if (!(flags & REMOVE_PHYSICAL)) {
++ struct statfs sfs;
+
+- r = unlinkat_harder(fd, de->d_name, AT_REMOVEDIR, flags);
+- if (r < 0 && r != -ENOENT && ret == 0)
+- ret = r;
++ if (fstatfs(dirfd(d), &sfs) < 0)
++ return -errno;
++
++ if (is_physical_fs(&sfs)) {
++ /* We refuse to clean physical file systems with this call, unless explicitly
++ * requested. This is extra paranoia just to be sure we never ever remove non-state
++ * data. */
+
+- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) {
++ _cleanup_free_ char *path = NULL;
+
+- r = unlinkat_harder(fd, de->d_name, 0, flags);
+- if (r < 0 && r != -ENOENT && ret == 0)
+- ret = r;
++ (void) fd_get_path(fd, &path);
++ return log_error_errno(SYNTHETIC_ERRNO(EPERM),
++ "Attempted to remove disk file system under \"%s\", and we can't allow that.",
++ strna(path));
+ }
+ }
++
++ FOREACH_DIRENT_ALL(de, d, return -errno) {
++ int is_dir;
++
++ if (dot_or_dot_dot(de->d_name))
++ continue;
++
++ is_dir =
++ de->d_type == DT_UNKNOWN ? -1 :
++ de->d_type == DT_DIR;
++
++ r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev);
++ if (r < 0 && r != -ENOENT && ret == 0)
++ ret = r;
++ }
++
+ return ret;
+ }
+
+ int rm_rf(const char *path, RemoveFlags flags) {
+ int fd, r;
+- struct statfs s;
+
+ assert(path);
+
+@@ -283,9 +298,10 @@ int rm_rf(const char *path, RemoveFlags flags) {
+ if (FLAGS_SET(flags, REMOVE_ROOT)) {
+
+ if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) {
++ struct statfs s;
++
+ if (statfs(path, &s) < 0)
+ return -errno;
+-
+ if (is_physical_fs(&s))
+ return log_error_errno(SYNTHETIC_ERRNO(EPERM),
+ "Attempted to remove files from a disk file system under \"%s\", refusing.",
+@@ -313,3 +329,22 @@ int rm_rf(const char *path, RemoveFlags flags) {
+
+ return r;
+ }
++
++int rm_rf_child(int fd, const char *name, RemoveFlags flags) {
++
++ /* Removes one specific child of the specified directory */
++
++ if (fd < 0)
++ return -EBADF;
++
++ if (!filename_is_valid(name))
++ return -EINVAL;
++
++ if ((flags & (REMOVE_ROOT|REMOVE_MISSING_OK)) != 0) /* Doesn't really make sense here, we are not supposed to remove 'fd' anyway */
++ return -EINVAL;
++
++ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME))
++ return -EINVAL;
++
++ return rm_rf_children_inner(fd, name, -1, flags, NULL);
++}
+diff --git a/src/basic/rm-rf.h b/src/basic/rm-rf.h
+index ec56232..b0d5b63 100644
+--- a/src/basic/rm-rf.h
++++ b/src/basic/rm-rf.h
+@@ -14,7 +14,8 @@ typedef enum RemoveFlags {
+ REMOVE_CHMOD = 1 << 5, /* chmod() for write access if we cannot delete something */
+ } RemoveFlags;
+
+-int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev);
++int rm_rf_children(int fd, RemoveFlags flags, const struct stat *root_dev);
++int rm_rf_child(int fd, const char *name, RemoveFlags flags);
+ int rm_rf(const char *path, RemoveFlags flags);
+
+ /* Useful for usage with _cleanup_(), destroys a directory and frees the pointer */
diff --git a/debian/patches/rules-Move-ID_SMARTCARD_READER-definition-to-a-70-configu.patch b/debian/patches/rules-Move-ID_SMARTCARD_READER-definition-to-a-70-configu.patch
new file mode 100644
index 0000000..d338f49
--- /dev/null
+++ b/debian/patches/rules-Move-ID_SMARTCARD_READER-definition-to-a-70-configu.patch
@@ -0,0 +1,41 @@
+From: Vincent Pelletier <plr.vincent@gmail.com>
+Date: Sat, 27 Feb 2021 00:17:06 +0000
+Subject: rules: Move ID_SMARTCARD_READER definition to a <70 configuration.
+
+70-uaccess.rules sets the uaccess tag on devices with ID_SMARTCARD_READER
+set, but it is set in 99-systemd.rules .
+Move this to a 60-*.rules which already matches USB CCID class, factorising
+the matching, so 70-uaccess.rules sets up these devices as expected.
+
+(cherry picked from commit dbdcd51f78bde5e9033d98d61bbb750c868bde9d)
+---
+ rules.d/60-fido-id.rules | 3 ++-
+ rules.d/99-systemd.rules.in | 1 -
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/rules.d/60-fido-id.rules b/rules.d/60-fido-id.rules
+index c7d5d2f..48c259e 100644
+--- a/rules.d/60-fido-id.rules
++++ b/rules.d/60-fido-id.rules
+@@ -7,7 +7,8 @@ SUBSYSTEM=="hidraw", IMPORT{program}="fido_id"
+ # Tag any form of security token as such
+ ENV{ID_SECURITY_TOKEN}=="1", TAG+="security-device"
+
++SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0b????:*", ENV{ID_SMARTCARD_READER}="1"
+ # Tag any CCID device (i.e. Smartcard Reader) as security token
+-SUBSYSTEM=="usb", ATTR{bInterfaceClass}=="0b", TAG+="security-device"
++ENV{ID_SMARTCARD_READER}=="1", TAG+="security-device"
+
+ LABEL="fido_id_end"
+diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in
+index 7c22eef..0abca6e 100644
+--- a/rules.d/99-systemd.rules.in
++++ b/rules.d/99-systemd.rules.in
+@@ -49,7 +49,6 @@ SUBSYSTEM=="net", KERNEL!="lo", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsys
+ SUBSYSTEM=="bluetooth", TAG+="systemd", ENV{SYSTEMD_ALIAS}+="/sys/subsystem/bluetooth/devices/%k", \
+ ENV{SYSTEMD_WANTS}+="bluetooth.target", ENV{SYSTEMD_USER_WANTS}+="bluetooth.target"
+
+-SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0b????:*", ENV{ID_SMARTCARD_READER}="1"
+ ENV{ID_SMARTCARD_READER}=="?*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="smartcard.target", ENV{SYSTEMD_USER_WANTS}+="smartcard.target"
+ SUBSYSTEM=="sound", KERNEL=="controlC*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="sound.target", ENV{SYSTEMD_USER_WANTS}+="sound.target"
+
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..f81d7b4
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,66 @@
+Add-helper-for-case-independent-string-equality-checks.patch
+localed-Run-locale-gen-if-available-to-generate-missing-l.patch
+core-fix-mtime-calculation-of-dropin-files.patch
+analyze-slightly-reword-PrivateTmp-message.patch
+rules-Move-ID_SMARTCARD_READER-definition-to-a-70-configu.patch
+table-drop-trailing-white-spaces-of-the-last-cell-in-row.patch
+pkg-config-make-prefix-overridable-again.patch
+LoadCredentials-do-not-assert-on-invalid-syntax.patch
+network-Delay-addition-of-IPv6-Proxy-NDP-addresses.patch
+unit-name-generate-a-clear-error-code-when-convertin.patch
+basic-unit-name-do-not-use-strdupa-on-a-path.patch
+basic-unit-name-adjust-comments.patch
+udevadm-trigger-do-not-return-immediately-on-EACCES.patch
+btrfs-util-add-helper-that-abstracts-might-be-btrfs-subvo.patch
+rm-rf-fstatat-might-fail-if-containing-dir-has-limited-ac.patch
+rm-rf-refactor-rm_rf_children-split-out-body-of-directory.patch
+rm-rf-optionally-fsync-after-removing-directory-tree.patch
+tmpfiles-st-may-have-been-used-uninitialized.patch
+shared-rm_rf-refactor-rm_rf_children_inner-to-shorten-cod.patch
+shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
+shared-rm-rf-loop-over-nested-directories-instead-of-inst.patch
+basic-add-make_mount_point_inode-helper.patch
+machine-basic-factor-out-helper-function-to-add-airlocked.patch
+machine-adjust-error-message-to-use-normalized-instead-of.patch
+shared-mount-util-use-namespace_fork-utils.patch
+machine-enter-target-PID-namespace-when-adding-a-live-mou.patch
+Drop-bundled-copy-of-linux-if_arp.h.patch
+virt-Support-detection-for-ARM64-Hyper-V-guests.patch
+virt-Fix-the-detection-for-Hyper-V-VMs.patch
+virt-detect-OpenStack-Nova-instance.patch
+ata_id-Fixed-getting-Response-Code-from-SCSI-Sense-Data-2.patch
+udev-always-create-device-symlinks-for-USB-disks.patch
+Revert-udev-do-not-execute-hwdb-builtin-import-twice-or-t.patch
+udev-first-set-properties-based-on-usb-subsystem.patch
+logind-fix-getting-property-OnExternalPower-via-D-Bus.patch
+coredump-do-not-allow-user-to-access-coredumps-with-chang.patch
+time-util-fix-buffer-over-run.patch
+machined-varlink-fix-double-free.patch
+Always-free-deserialized_subscribed-on-reload.patch
+shared-calendarspec-abort-calculation-after-1000-iteratio.patch
+shared-calendarspec-when-mktime-moves-us-backwards-jump-f.patch
+debian/Use-Debian-specific-config-files.patch
+debian/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch
+debian/Make-run-lock-tmpfs-an-API-fs.patch
+debian/Add-support-for-TuxOnIce-hibernation.patch
+debian/Re-enable-journal-forwarding-to-syslog.patch
+debian/Don-t-enable-audit-by-default.patch
+debian/Only-start-logind-if-dbus-is-installed.patch
+debian/fsckd-daemon-for-inter-fsckd-communication.patch
+debian/Skip-filesystem-check-if-already-done-by-the-initram.patch
+debian/Revert-core-one-step-back-again-for-nspawn-we-actual.patch
+debian/Revert-core-set-RLIMIT_CORE-to-unlimited-by-default.patch
+debian/Let-graphical-session-pre.target-be-manually-started.patch
+debian/Add-env-variable-for-machine-ID-path.patch
+debian/Drop-seccomp-system-call-filter-for-udev.patch
+debian/deny-list-upstream-test-25.patch
+debian/deny-list-upstream-test-02-ppc64el.patch
+debian/udev-drop-SystemCallArchitectures-native-from-systemd-ude.patch
+debian/Keep-journal-files-compatible-with-older-versions.patch
+debian/Move-sysusers.d-sysctl.d-binfmt.d-modules-load.d-back-to-.patch
+debian/systemctl-do-not-shutdown-immediately-on-scheduled-shutdo.patch
+debian/test-disable-DnsmasqClientTest.test_resolved_etc_hosts-in.patch
+debian/Downgrade-a-couple-of-warnings-to-debug.patch
+debian/Revert-udev-fix-memleak.patch
+debian/Revert-udev-link_update-should-fail-if-the-entry-in-symli.patch
+debian/Revert-udev-make-algorithm-that-selects-highest-priority-.patch
diff --git a/debian/patches/shared-calendarspec-abort-calculation-after-1000-iteratio.patch b/debian/patches/shared-calendarspec-abort-calculation-after-1000-iteratio.patch
new file mode 100644
index 0000000..49562a7
--- /dev/null
+++ b/debian/patches/shared-calendarspec-abort-calculation-after-1000-iteratio.patch
@@ -0,0 +1,55 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Sun, 21 Mar 2021 20:59:32 +0100
+Subject: shared/calendarspec: abort calculation after 1000 iterations
+
+We have a bug where we seem to enter an infinite loop when running in the
+Europe/Dublin timezone. The timezone is "special" because it has negative SAVE
+values. The handling of this should obviously be fixed, but let's use a
+belt-and-suspenders approach, and gracefully fail if we fail to find an answer
+within a specific number of attempts. The code in this function is rather
+complex, and it's hard to rule out another bug in the future.
+
+(cherry picked from commit 169615c9a8cdc54d748d4dfc8279be9b3c2bec44)
+---
+ src/shared/calendarspec.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/shared/calendarspec.c b/src/shared/calendarspec.c
+index 7162592..80acc57 100644
+--- a/src/shared/calendarspec.c
++++ b/src/shared/calendarspec.c
+@@ -1211,6 +1211,10 @@ static bool matches_weekday(int weekdays_bits, const struct tm *tm, bool utc) {
+ return (weekdays_bits & (1 << k));
+ }
+
++/* A safety valve: if we get stuck in the calculation, return an error.
++ * C.f. https://bugzilla.redhat.com/show_bug.cgi?id=1941335. */
++#define MAX_CALENDAR_ITERATIONS 1000
++
+ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) {
+ struct tm c;
+ int tm_usec;
+@@ -1224,7 +1228,7 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) {
+ c = *tm;
+ tm_usec = *usec;
+
+- for (;;) {
++ for (unsigned iteration = 0; iteration < MAX_CALENDAR_ITERATIONS; iteration++) {
+ /* Normalize the current date */
+ (void) mktime_or_timegm(&c, spec->utc);
+ c.tm_isdst = spec->dst;
+@@ -1321,6 +1325,14 @@ static int find_next(const CalendarSpec *spec, struct tm *tm, usec_t *usec) {
+ *usec = tm_usec;
+ return 0;
+ }
++
++ /* It seems we entered an infinite loop. Let's gracefully return an error instead of hanging or
++ * aborting. This code is also exercised when timers.target is brought up during early boot, so
++ * aborting here is problematic and hard to diagnose for users. */
++ _cleanup_free_ char *s = NULL;
++ (void) calendar_spec_to_string(spec, &s);
++ return log_warning_errno(SYNTHETIC_ERRNO(EDEADLK),
++ "Infinite loop in calendar calculation: %s", strna(s));
+ }
+
+ static int calendar_spec_next_usec_impl(const CalendarSpec *spec, usec_t usec, usec_t *ret_next) {
diff --git a/debian/patches/shared-calendarspec-when-mktime-moves-us-backwards-jump-f.patch b/debian/patches/shared-calendarspec-when-mktime-moves-us-backwards-jump-f.patch
new file mode 100644
index 0000000..9503c1e
--- /dev/null
+++ b/debian/patches/shared-calendarspec-when-mktime-moves-us-backwards-jump-f.patch
@@ -0,0 +1,105 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Mon, 22 Mar 2021 12:51:47 +0100
+Subject: shared/calendarspec: when mktime() moves us backwards, jump forward
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+When trying to calculate the next firing of 'Sun *-*-* 01:00:00', we'd fall
+into an infinite loop, because mktime() moves us "backwards":
+
+Before this patch:
+tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00
+tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00
+tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00
+...
+
+We rely on mktime() normalizing the time. The man page does not say that it'll
+move the time forward, but our algorithm relies on this. So let's catch this
+case explicitly.
+
+With this patch:
+$ TZ=Europe/Dublin faketime 2021-03-21 build/systemd-analyze calendar --iterations=5 'Sun *-*-* 01:00:00'
+Normalized form: Sun *-*-* 01:00:00
+ Next elapse: Sun 2021-03-21 01:00:00 GMT
+ (in UTC): Sun 2021-03-21 01:00:00 UTC
+ From now: 59min left
+ Iter. #2: Sun 2021-04-04 01:00:00 IST
+ (in UTC): Sun 2021-04-04 00:00:00 UTC
+ From now: 1 weeks 6 days left <---- note the 2 week jump here
+ Iter. #3: Sun 2021-04-11 01:00:00 IST
+ (in UTC): Sun 2021-04-11 00:00:00 UTC
+ From now: 2 weeks 6 days left
+ Iter. #4: Sun 2021-04-18 01:00:00 IST
+ (in UTC): Sun 2021-04-18 00:00:00 UTC
+ From now: 3 weeks 6 days left
+ Iter. #5: Sun 2021-04-25 01:00:00 IST
+ (in UTC): Sun 2021-04-25 00:00:00 UTC
+ From now: 1 months 4 days left
+
+Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1941335.
+
+(cherry picked from commit 129cb6e249bef30dc33e08f98f0b27a6de976f6f)
+---
+ src/shared/calendarspec.c | 19 +++++++++++--------
+ src/test/test-calendarspec.c | 3 +++
+ test/test-functions | 1 +
+ 3 files changed, 15 insertions(+), 8 deletions(-)
+
+diff --git a/src/shared/calendarspec.c b/src/shared/calendarspec.c
+index 80acc57..c8d97c3 100644
+--- a/src/shared/calendarspec.c
++++ b/src/shared/calendarspec.c
+@@ -1185,15 +1185,18 @@ static int tm_within_bounds(struct tm *tm, bool utc) {
+ return negative_errno();
+
+ /* Did any normalization take place? If so, it was out of bounds before */
+- bool good = t.tm_year == tm->tm_year &&
+- t.tm_mon == tm->tm_mon &&
+- t.tm_mday == tm->tm_mday &&
+- t.tm_hour == tm->tm_hour &&
+- t.tm_min == tm->tm_min &&
+- t.tm_sec == tm->tm_sec;
+- if (!good)
++ int cmp = CMP(t.tm_year, tm->tm_year) ?:
++ CMP(t.tm_mon, tm->tm_mon) ?:
++ CMP(t.tm_mday, tm->tm_mday) ?:
++ CMP(t.tm_hour, tm->tm_hour) ?:
++ CMP(t.tm_min, tm->tm_min) ?:
++ CMP(t.tm_sec, tm->tm_sec);
++
++ if (cmp < 0)
++ return -EDEADLK; /* Refuse to go backward */
++ if (cmp > 0)
+ *tm = t;
+- return good;
++ return cmp == 0;
+ }
+
+ static bool matches_weekday(int weekdays_bits, const struct tm *tm, bool utc) {
+diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c
+index e0b7f22..1b04186 100644
+--- a/src/test/test-calendarspec.c
++++ b/src/test/test-calendarspec.c
+@@ -218,6 +218,9 @@ int main(int argc, char* argv[]) {
+ // Confirm that timezones in the Spec work regardless of current timezone
+ test_next("2017-09-09 20:42:00 Pacific/Auckland", "", 12345, 1504946520000000);
+ test_next("2017-09-09 20:42:00 Pacific/Auckland", "EET", 12345, 1504946520000000);
++ /* Check that we don't start looping if mktime() moves us backwards */
++ test_next("Sun *-*-* 01:00:00 Europe/Dublin", "", 1616412478000000, 1617494400000000);
++ test_next("Sun *-*-* 01:00:00 Europe/Dublin", "IST", 1616412478000000, 1617494400000000);
+
+ assert_se(calendar_spec_from_string("test", &c) < 0);
+ assert_se(calendar_spec_from_string(" utc", &c) < 0);
+diff --git a/test/test-functions b/test/test-functions
+index 52b52bf..beaf4fa 100644
+--- a/test/test-functions
++++ b/test/test-functions
+@@ -1120,6 +1120,7 @@ install_zoneinfo() {
+ inst_any /usr/share/zoneinfo/Asia/Vladivostok
+ inst_any /usr/share/zoneinfo/Australia/Sydney
+ inst_any /usr/share/zoneinfo/Europe/Berlin
++ inst_any /usr/share/zoneinfo/Europe/Dublin
+ inst_any /usr/share/zoneinfo/Europe/Kiev
+ inst_any /usr/share/zoneinfo/Pacific/Auckland
+ inst_any /usr/share/zoneinfo/Pacific/Honolulu
diff --git a/debian/patches/shared-mount-util-use-namespace_fork-utils.patch b/debian/patches/shared-mount-util-use-namespace_fork-utils.patch
new file mode 100644
index 0000000..f870a3e
--- /dev/null
+++ b/debian/patches/shared-mount-util-use-namespace_fork-utils.patch
@@ -0,0 +1,92 @@
+From: Luca Boccassi <luca.boccassi@microsoft.com>
+Date: Thu, 13 Aug 2020 14:47:01 +0100
+Subject: shared/mount-util: use namespace_fork utils
+
+(cherry picked from commit 2338a175fdec3859eab03115ca82a0d58453f5d7)
+---
+ src/shared/mount-util.c | 40 ++++++++++++++++++++++++----------------
+ 1 file changed, 24 insertions(+), 16 deletions(-)
+
+diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c
+index 4cfbb55..368c5f0 100644
+--- a/src/shared/mount-util.c
++++ b/src/shared/mount-util.c
+@@ -17,6 +17,7 @@
+ #include "mkdir.h"
+ #include "mount-util.h"
+ #include "mountpoint-util.h"
++#include "namespace-util.h"
+ #include "parse-util.h"
+ #include "path-util.h"
+ #include "process-util.h"
+@@ -756,12 +757,13 @@ int bind_mount_in_namespace(
+ bool make_file_or_directory) {
+
+ _cleanup_close_pair_ int errno_pipe_fd[2] = { -1, -1 };
++ _cleanup_close_ int self_mntns_fd = -1, mntns_fd = -1, root_fd = -1;
+ char mount_slave[] = "/tmp/propagate.XXXXXX", *mount_tmp, *mount_outside, *p;
+ bool mount_slave_created = false, mount_slave_mounted = false,
+ mount_tmp_created = false, mount_tmp_mounted = false,
+ mount_outside_created = false, mount_outside_mounted = false;
+ _cleanup_free_ char *chased_src = NULL;
+- struct stat st;
++ struct stat st, self_mntns_st;
+ pid_t child;
+ int r;
+
+@@ -771,6 +773,24 @@ int bind_mount_in_namespace(
+ assert(src);
+ assert(dest);
+
++ r = namespace_open(target, NULL, &mntns_fd, NULL, NULL, &root_fd);
++ if (r < 0)
++ return log_debug_errno(r, "Failed to retrieve FDs of the target process' namespace: %m");
++
++ if (fstat(mntns_fd, &st) < 0)
++ return log_debug_errno(errno, "Failed to fstat mount namespace FD of target process: %m");
++
++ r = namespace_open(0, NULL, &self_mntns_fd, NULL, NULL, NULL);
++ if (r < 0)
++ return log_debug_errno(r, "Failed to retrieve FDs of systemd's namespace: %m");
++
++ if (fstat(self_mntns_fd, &self_mntns_st) < 0)
++ return log_debug_errno(errno, "Failed to fstat mount namespace FD of systemd: %m");
++
++ /* We can't add new mounts at runtime if the process wasn't started in a namespace */
++ if (st.st_ino == self_mntns_st.st_ino && st.st_dev == self_mntns_st.st_dev)
++ return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to activate bind mount in target, not running in a mount namespace");
++
+ /* One day, when bind mounting /proc/self/fd/n works across
+ * namespace boundaries we should rework this logic to make
+ * use of it... */
+@@ -877,27 +897,15 @@ int bind_mount_in_namespace(
+ goto finish;
+ }
+
+- r = safe_fork("(sd-bindmnt)", FORK_RESET_SIGNALS, &child);
++ r = namespace_fork("(sd-bindmnt)", "(sd-bindmnt-inner)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG,
++ -1, mntns_fd, -1, -1, root_fd, &child);
+ if (r < 0)
+ goto finish;
+ if (r == 0) {
+- const char *mount_inside, *q;
+- int mntfd;
++ const char *mount_inside;
+
+ errno_pipe_fd[0] = safe_close(errno_pipe_fd[0]);
+
+- q = procfs_file_alloca(target, "ns/mnt");
+- mntfd = open(q, O_RDONLY|O_NOCTTY|O_CLOEXEC);
+- if (mntfd < 0) {
+- r = log_error_errno(errno, "Failed to open mount namespace of leader: %m");
+- goto child_fail;
+- }
+-
+- if (setns(mntfd, CLONE_NEWNS) < 0) {
+- r = log_error_errno(errno, "Failed to join namespace of leader: %m");
+- goto child_fail;
+- }
+-
+ if (make_file_or_directory) {
+ (void) mkdir_parents(dest, 0755);
+ (void) make_mount_point_inode_from_stat(&st, dest, 0700);
diff --git a/debian/patches/shared-rm-rf-loop-over-nested-directories-instead-of-inst.patch b/debian/patches/shared-rm-rf-loop-over-nested-directories-instead-of-inst.patch
new file mode 100644
index 0000000..5ab54bf
--- /dev/null
+++ b/debian/patches/shared-rm-rf-loop-over-nested-directories-instead-of-inst.patch
@@ -0,0 +1,264 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 30 Nov 2021 22:29:05 +0100
+Subject: shared/rm-rf: loop over nested directories instead of instead of
+ recursing
+
+To remove directory structures, we need to remove the innermost items first,
+and then recursively remove higher-level directories. We would recursively
+descend into directories and invoke rm_rf_children and rm_rm_children_inner.
+This is problematic when too many directories are nested.
+
+Instead, let's create a "TODO" queue. In the the queue, for each level we
+hold the DIR* object we were working on, and the name of the directory. This
+allows us to leave a partially-processed directory, and restart the removal
+loop one level down. When done with the inner directory, we use the name to
+unlinkat() it from the parent, and proceed with the removal of other items.
+
+Because the nesting is increased by one level, it is best to view this patch
+with -b/--ignore-space-change.
+
+This fixes CVE-2021-3997, https://bugzilla.redhat.com/show_bug.cgi?id=2024639.
+The issue was reported and patches reviewed by Qualys Team.
+Mauro Matteo Cascella and Riccardo Schirone from Red Hat handled the disclosure.
+
+(cherry picked from commit 5b1cf7a9be37e20133c0208005274ce4a5b5c6a1)
+(cherry picked from commit 911516e1614e435755814ada5fc6064fa107a105)
+(cherry picked from commit 6a28f8b55904c818b25e4db2e1511faac79fd471)
+(cherry picked from commit c752f27b7647c99b4a17477c99d84fd8c950ddf0)
+(cherry picked from commit 921810ea23357988ce67f49190f43abef1788a9c)
+---
+ src/basic/rm-rf.c | 160 ++++++++++++++++++++++++++++++++++++++----------------
+ 1 file changed, 113 insertions(+), 47 deletions(-)
+
+diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c
+index 2901307..77ffed9 100644
+--- a/src/basic/rm-rf.c
++++ b/src/basic/rm-rf.c
+@@ -115,12 +115,13 @@ static int fstatat_harder(
+ return 0;
+ }
+
+-static int rm_rf_children_inner(
++static int rm_rf_inner_child(
+ int fd,
+ const char *fname,
+ int is_dir,
+ RemoveFlags flags,
+- const struct stat *root_dev) {
++ const struct stat *root_dev,
++ bool allow_recursion) {
+
+ struct stat st;
+ int r, q = 0;
+@@ -140,9 +141,7 @@ static int rm_rf_children_inner(
+ }
+
+ if (is_dir) {
+- _cleanup_close_ int subdir_fd = -1;
+-
+- /* if root_dev is set, remove subdirectories only if device is same */
++ /* If root_dev is set, remove subdirectories only if device is same */
+ if (root_dev && st.st_dev != root_dev->st_dev)
+ return 0;
+
+@@ -154,7 +153,6 @@ static int rm_rf_children_inner(
+ return 0;
+
+ if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) {
+-
+ /* This could be a subvolume, try to remove it */
+
+ r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
+@@ -168,13 +166,16 @@ static int rm_rf_children_inner(
+ return 1;
+ }
+
+- subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
++ if (!allow_recursion)
++ return -EISDIR;
++
++ int subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
+ if (subdir_fd < 0)
+ return -errno;
+
+ /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type
+ * again for each directory */
+- q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev);
++ q = rm_rf_children(subdir_fd, flags | REMOVE_PHYSICAL, root_dev);
+
+ } else if (flags & REMOVE_ONLY_DIRECTORIES)
+ return 0;
+@@ -187,63 +188,128 @@ static int rm_rf_children_inner(
+ return 1;
+ }
+
++typedef struct TodoEntry {
++ DIR *dir; /* A directory that we were operating on. */
++ char *dirname; /* The filename of that directory itself. */
++} TodoEntry;
++
++static void free_todo_entries(TodoEntry **todos) {
++ for (TodoEntry *x = *todos; x && x->dir; x++) {
++ closedir(x->dir);
++ free(x->dirname);
++ }
++
++ freep(todos);
++}
++
+ int rm_rf_children(
+ int fd,
+ RemoveFlags flags,
+ const struct stat *root_dev) {
+
+- _cleanup_closedir_ DIR *d = NULL;
+- struct dirent *de;
++ _cleanup_(free_todo_entries) TodoEntry *todos = NULL;
++ size_t n_todo = 0, n_todo_alloc = 0;
++ _cleanup_free_ char *dirname = NULL; /* Set when we are recursing and want to delete ourselves */
+ int ret = 0, r;
+
+- assert(fd >= 0);
++ /* Return the first error we run into, but nevertheless try to go on.
++ * The passed fd is closed in all cases, including on failure. */
++
++ for (;;) { /* This loop corresponds to the directory nesting level. */
++ _cleanup_closedir_ DIR *d = NULL;
++
++ if (n_todo > 0) {
++ /* We know that we are in recursion here, because n_todo is set.
++ * We need to remove the inner directory we were operating on. */
++ assert(dirname);
++ r = unlinkat_harder(dirfd(todos[n_todo-1].dir), dirname, AT_REMOVEDIR, flags);
++ if (r < 0 && r != -ENOENT && ret == 0)
++ ret = r;
++ dirname = mfree(dirname);
++
++ /* And now let's back out one level up */
++ n_todo --;
++ d = TAKE_PTR(todos[n_todo].dir);
++ dirname = TAKE_PTR(todos[n_todo].dirname);
++
++ assert(d);
++ fd = dirfd(d); /* Retrieve the file descriptor from the DIR object */
++ assert(fd >= 0);
++ } else {
++ next_fd:
++ assert(fd >= 0);
++ d = fdopendir(fd);
++ if (!d) {
++ safe_close(fd);
++ return -errno;
++ }
++ fd = dirfd(d); /* We donated the fd to fdopendir(). Let's make sure we sure we have
++ * the right descriptor even if it were to internally invalidate the
++ * one we passed. */
++
++ if (!(flags & REMOVE_PHYSICAL)) {
++ struct statfs sfs;
++
++ if (fstatfs(fd, &sfs) < 0)
++ return -errno;
++
++ if (is_physical_fs(&sfs)) {
++ /* We refuse to clean physical file systems with this call, unless
++ * explicitly requested. This is extra paranoia just to be sure we
++ * never ever remove non-state data. */
++
++ _cleanup_free_ char *path = NULL;
++
++ (void) fd_get_path(fd, &path);
++ return log_error_errno(SYNTHETIC_ERRNO(EPERM),
++ "Attempted to remove disk file system under \"%s\", and we can't allow that.",
++ strna(path));
++ }
++ }
++ }
+
+- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed
+- * fd, in all cases, including on failure. */
++ struct dirent *de;
++ FOREACH_DIRENT_ALL(de, d, return -errno) {
++ int is_dir;
+
+- d = fdopendir(fd);
+- if (!d) {
+- safe_close(fd);
+- return -errno;
+- }
++ if (dot_or_dot_dot(de->d_name))
++ continue;
+
+- if (!(flags & REMOVE_PHYSICAL)) {
+- struct statfs sfs;
++ is_dir = de->d_type == DT_UNKNOWN ? -1 : de->d_type == DT_DIR;
+
+- if (fstatfs(dirfd(d), &sfs) < 0)
+- return -errno;
++ r = rm_rf_inner_child(fd, de->d_name, is_dir, flags, root_dev, false);
++ if (r == -EISDIR) {
++ /* Push the current working state onto the todo list */
+
+- if (is_physical_fs(&sfs)) {
+- /* We refuse to clean physical file systems with this call, unless explicitly
+- * requested. This is extra paranoia just to be sure we never ever remove non-state
+- * data. */
++ if (!GREEDY_REALLOC0(todos, n_todo_alloc, n_todo + 2))
++ return log_oom();
+
+- _cleanup_free_ char *path = NULL;
++ _cleanup_free_ char *newdirname = strdup(de->d_name);
++ if (!newdirname)
++ return log_oom();
+
+- (void) fd_get_path(fd, &path);
+- return log_error_errno(SYNTHETIC_ERRNO(EPERM),
+- "Attempted to remove disk file system under \"%s\", and we can't allow that.",
+- strna(path));
+- }
+- }
++ int newfd = openat(fd, de->d_name,
++ O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
++ if (newfd >= 0) {
++ todos[n_todo++] = (TodoEntry) { TAKE_PTR(d), TAKE_PTR(dirname) };
++ fd = newfd;
++ dirname = TAKE_PTR(newdirname);
+
+- FOREACH_DIRENT_ALL(de, d, return -errno) {
+- int is_dir;
++ goto next_fd;
+
+- if (dot_or_dot_dot(de->d_name))
+- continue;
++ } else if (errno != -ENOENT && ret == 0)
++ ret = -errno;
+
+- is_dir =
+- de->d_type == DT_UNKNOWN ? -1 :
+- de->d_type == DT_DIR;
++ } else if (r < 0 && r != -ENOENT && ret == 0)
++ ret = r;
++ }
+
+- r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev);
+- if (r < 0 && r != -ENOENT && ret == 0)
+- ret = r;
+- }
++ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(fd) < 0 && ret >= 0)
++ ret = -errno;
+
+- if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0)
+- ret = -errno;
++ if (n_todo == 0)
++ break;
++ }
+
+ return ret;
+ }
+@@ -336,5 +402,5 @@ int rm_rf_child(int fd, const char *name, RemoveFlags flags) {
+ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME))
+ return -EINVAL;
+
+- return rm_rf_children_inner(fd, name, -1, flags, NULL);
++ return rm_rf_inner_child(fd, name, -1, flags, NULL, true);
+ }
diff --git a/debian/patches/shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch b/debian/patches/shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
new file mode 100644
index 0000000..6f1d1c0
--- /dev/null
+++ b/debian/patches/shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
@@ -0,0 +1,99 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 23 Nov 2021 16:56:42 +0100
+Subject: shared/rm_rf: refactor rm_rf() to shorten code a bit
+
+(cherry picked from commit 84ced330020c0bae57bd4628f1f44eec91304e69)
+(cherry picked from commit 664529efa9431edc043126013ea54e6c399ae2d3)
+(cherry picked from commit 811b137d6137cc3e8932599e6ef9254ba43ff5eb)
+(cherry picked from commit 39a53d4f1445a8981efd0adcc1734dfad46647c5)
+(cherry picked from commit aaad978868bd6ac84d463a94357ddcbc43b24248)
+---
+ src/basic/rm-rf.c | 54 ++++++++++++++++++++++++------------------------------
+ 1 file changed, 24 insertions(+), 30 deletions(-)
+
+diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c
+index 343a097..2901307 100644
+--- a/src/basic/rm-rf.c
++++ b/src/basic/rm-rf.c
+@@ -249,7 +249,7 @@ int rm_rf_children(
+ }
+
+ int rm_rf(const char *path, RemoveFlags flags) {
+- int fd, r;
++ int fd, r, q = 0;
+
+ assert(path);
+
+@@ -281,49 +281,43 @@ int rm_rf(const char *path, RemoveFlags flags) {
+ }
+
+ fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
+- if (fd < 0) {
++ if (fd >= 0) {
++ /* We have a dir */
++ r = rm_rf_children(fd, flags, NULL);
++
++ if (FLAGS_SET(flags, REMOVE_ROOT) && rmdir(path) < 0)
++ q = -errno;
++ } else {
+ if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT)
+ return 0;
+
+ if (!IN_SET(errno, ENOTDIR, ELOOP))
+ return -errno;
+
+- if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES))
++ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) || !FLAGS_SET(flags, REMOVE_ROOT))
+ return 0;
+
+- if (FLAGS_SET(flags, REMOVE_ROOT)) {
+-
+- if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) {
+- struct statfs s;
+-
+- if (statfs(path, &s) < 0)
+- return -errno;
+- if (is_physical_fs(&s))
+- return log_error_errno(SYNTHETIC_ERRNO(EPERM),
+- "Attempted to remove files from a disk file system under \"%s\", refusing.",
+- path);
+- }
+-
+- if (unlink(path) < 0) {
+- if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT)
+- return 0;
++ if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) {
++ struct statfs s;
+
++ if (statfs(path, &s) < 0)
+ return -errno;
+- }
++ if (is_physical_fs(&s))
++ return log_error_errno(SYNTHETIC_ERRNO(EPERM),
++ "Attempted to remove files from a disk file system under \"%s\", refusing.",
++ path);
+ }
+
+- return 0;
++ r = 0;
++ if (unlink(path) < 0)
++ q = -errno;
+ }
+
+- r = rm_rf_children(fd, flags, NULL);
+-
+- if (FLAGS_SET(flags, REMOVE_ROOT) &&
+- rmdir(path) < 0 &&
+- r >= 0 &&
+- (!FLAGS_SET(flags, REMOVE_MISSING_OK) || errno != ENOENT))
+- r = -errno;
+-
+- return r;
++ if (r < 0)
++ return r;
++ if (q < 0 && (q != -ENOENT || !FLAGS_SET(flags, REMOVE_MISSING_OK)))
++ return q;
++ return 0;
+ }
+
+ int rm_rf_child(int fd, const char *name, RemoveFlags flags) {
diff --git a/debian/patches/shared-rm_rf-refactor-rm_rf_children_inner-to-shorten-cod.patch b/debian/patches/shared-rm_rf-refactor-rm_rf_children_inner-to-shorten-cod.patch
new file mode 100644
index 0000000..7a7f85a
--- /dev/null
+++ b/debian/patches/shared-rm_rf-refactor-rm_rf_children_inner-to-shorten-cod.patch
@@ -0,0 +1,66 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 23 Nov 2021 15:55:45 +0100
+Subject: shared/rm_rf: refactor rm_rf_children_inner() to shorten code a bit
+
+(cherry picked from commit 3bac86abfa1b1720180840ffb9d06b3d54841c11)
+(cherry picked from commit 47741ff9eae6311a03e4d3d837128191826a4a3a)
+(cherry picked from commit 89395b63f04f1acc0db533c32637ea20379f97c0)
+(cherry picked from commit 3976f244990aa1210ebe018647f32ab060e1c3d3)
+(cherry picked from commit 988e43630bb7592947c75fe530a6f7dfebc00c4f)
+---
+ src/basic/rm-rf.c | 27 +++++++++------------------
+ 1 file changed, 9 insertions(+), 18 deletions(-)
+
+diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c
+index a78aa4f..343a097 100644
+--- a/src/basic/rm-rf.c
++++ b/src/basic/rm-rf.c
+@@ -123,7 +123,7 @@ static int rm_rf_children_inner(
+ const struct stat *root_dev) {
+
+ struct stat st;
+- int r;
++ int r, q = 0;
+
+ assert(fd >= 0);
+ assert(fname);
+@@ -141,7 +141,6 @@ static int rm_rf_children_inner(
+
+ if (is_dir) {
+ _cleanup_close_ int subdir_fd = -1;
+- int q;
+
+ /* if root_dev is set, remove subdirectories only if device is same */
+ if (root_dev && st.st_dev != root_dev->st_dev)
+@@ -177,23 +176,15 @@ static int rm_rf_children_inner(
+ * again for each directory */
+ q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev);
+
+- r = unlinkat_harder(fd, fname, AT_REMOVEDIR, flags);
+- if (r < 0)
+- return r;
+- if (q < 0)
+- return q;
+-
+- return 1;
+-
+- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) {
+- r = unlinkat_harder(fd, fname, 0, flags);
+- if (r < 0)
+- return r;
+-
+- return 1;
+- }
++ } else if (flags & REMOVE_ONLY_DIRECTORIES)
++ return 0;
+
+- return 0;
++ r = unlinkat_harder(fd, fname, is_dir ? AT_REMOVEDIR : 0, flags);
++ if (r < 0)
++ return r;
++ if (q < 0)
++ return q;
++ return 1;
+ }
+
+ int rm_rf_children(
diff --git a/debian/patches/table-drop-trailing-white-spaces-of-the-last-cell-in-row.patch b/debian/patches/table-drop-trailing-white-spaces-of-the-last-cell-in-row.patch
new file mode 100644
index 0000000..fea1aec
--- /dev/null
+++ b/debian/patches/table-drop-trailing-white-spaces-of-the-last-cell-in-row.patch
@@ -0,0 +1,167 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Tue, 2 Feb 2021 01:47:58 +0900
+Subject: table: drop trailing white spaces of the last cell in row
+
+Fixes #18415.
+
+(cherry picked from commit 71894e18313e41a72cecdc77fea5037f95d6903f)
+---
+ src/shared/format-table.c | 6 ++++++
+ src/test/test-format-table.c | 40 ++++++++++++++++++++--------------------
+ 2 files changed, 26 insertions(+), 20 deletions(-)
+
+diff --git a/src/shared/format-table.c b/src/shared/format-table.c
+index a13a198..2dc95e9 100644
+--- a/src/shared/format-table.c
++++ b/src/shared/format-table.c
+@@ -2155,6 +2155,12 @@ int table_print(Table *t, FILE *f) {
+ if (!aligned)
+ return -ENOMEM;
+
++ /* Drop trailing white spaces of last column when no cosmetics is set. */
++ if (j == display_columns - 1 &&
++ (!colors_enabled() || !table_data_color(d)) &&
++ (!urlify_enabled() || !d->url))
++ delete_trailing_chars(aligned, NULL);
++
+ free_and_replace(buffer, aligned);
+ field = buffer;
+ }
+diff --git a/src/test/test-format-table.c b/src/test/test-format-table.c
+index 24ee1df..b2943e6 100644
+--- a/src/test/test-format-table.c
++++ b/src/test/test-format-table.c
+@@ -29,7 +29,7 @@ static void test_issue_9549(void) {
+
+ printf("%s\n", formatted);
+ assert_se(streq(formatted,
+- "NAME TYPE RO USAGE CREATED MODIFIED \n"
++ "NAME TYPE RO USAGE CREATED MODIFIED\n"
+ "foooo raw no 673.6M Wed 2018-07-11 00:10:33 J… Wed 2018-07-11 00:16:00 JST\n"
+ ));
+ }
+@@ -72,7 +72,7 @@ static void test_multiline(void) {
+ "FOO BAR\n"
+ "three two\n"
+ "different lines\n"
+- "lines \n"));
++ "lines \n"));
+ formatted = mfree(formatted);
+
+ table_set_cell_height_max(table, (size_t) -1);
+@@ -82,7 +82,7 @@ static void test_multiline(void) {
+ "FOO BAR\n"
+ "three two\n"
+ "different lines\n"
+- "lines \n"));
++ "lines \n"));
+ formatted = mfree(formatted);
+
+ assert_se(table_add_many(table,
+@@ -123,7 +123,7 @@ static void test_multiline(void) {
+ "FOO BAR\n"
+ "three two\n"
+ "different lines\n"
+- "lines \n"
++ "lines \n"
+ "short a\n"
+ " pair\n"
+ "short2 a\n"
+@@ -138,7 +138,7 @@ static void test_multiline(void) {
+ "FOO BAR\n"
+ "three two\n"
+ "different lines\n"
+- "lines \n"
++ "lines \n"
+ "short a\n"
+ " pair\n"
+ "short2 a\n"
+@@ -186,7 +186,7 @@ static void test_strv(void) {
+ "FOO BAR\n"
+ "three two\n"
+ "different lines\n"
+- "lines \n"));
++ "lines \n"));
+ formatted = mfree(formatted);
+
+ table_set_cell_height_max(table, (size_t) -1);
+@@ -196,7 +196,7 @@ static void test_strv(void) {
+ "FOO BAR\n"
+ "three two\n"
+ "different lines\n"
+- "lines \n"));
++ "lines \n"));
+ formatted = mfree(formatted);
+
+ assert_se(table_add_many(table,
+@@ -237,7 +237,7 @@ static void test_strv(void) {
+ "FOO BAR\n"
+ "three two\n"
+ "different lines\n"
+- "lines \n"
++ "lines \n"
+ "short a\n"
+ " pair\n"
+ "short2 a\n"
+@@ -252,7 +252,7 @@ static void test_strv(void) {
+ "FOO BAR\n"
+ "three two\n"
+ "different lines\n"
+- "lines \n"
++ "lines \n"
+ "short a\n"
+ " pair\n"
+ "short2 a\n"
+@@ -333,7 +333,7 @@ static void test_strv_wrapped(void) {
+ assert_se(streq(formatted,
+ "FOO BAR\n"
+ "three different two lines\n"
+- "lines \n"
++ "lines \n"
+ "short a pair\n"
+ "short2 a eight line ćęłł\n"
+ " ___5___ ___6___…\n"));
+@@ -345,7 +345,7 @@ static void test_strv_wrapped(void) {
+ assert_se(streq(formatted,
+ "FOO BAR\n"
+ "three different two lines\n"
+- "lines \n"
++ "lines \n"
+ "short a pair\n"
+ "short2 a eight line ćęłł\n"
+ " ___5___ ___6___\n"
+@@ -358,7 +358,7 @@ static void test_strv_wrapped(void) {
+ assert_se(streq(formatted,
+ "FOO BAR\n"
+ "three different two lines\n"
+- "lines \n"
++ "lines \n"
+ "short a pair\n"
+ "short2 a eight line ćęłł\n"
+ " ___5___ ___6___\n"
+@@ -493,17 +493,17 @@ int main(int argc, char *argv[]) {
+ if (isatty(STDOUT_FILENO))
+ assert_se(streq(formatted,
+ " no a long f… no a long f… a long fi…\n"
+- " no fäää no fäää fäää \n"
+- " yes fäää yes fäää fäää \n"
+- " yes xxx yes xxx xxx \n"
+- "5min 5min \n"));
++ " no fäää no fäää fäää\n"
++ " yes fäää yes fäää fäää\n"
++ " yes xxx yes xxx xxx\n"
++ "5min 5min \n"));
+ else
+ assert_se(streq(formatted,
+ " no a long field no a long field a long field\n"
+- " no fäää no fäää fäää \n"
+- " yes fäää yes fäää fäää \n"
+- " yes xxx yes xxx xxx \n"
+- "5min 5min \n"));
++ " no fäää no fäää fäää\n"
++ " yes fäää yes fäää fäää\n"
++ " yes xxx yes xxx xxx\n"
++ "5min 5min \n"));
+
+ test_issue_9549();
+ test_multiline();
diff --git a/debian/patches/time-util-fix-buffer-over-run.patch b/debian/patches/time-util-fix-buffer-over-run.patch
new file mode 100644
index 0000000..65a6ed0
--- /dev/null
+++ b/debian/patches/time-util-fix-buffer-over-run.patch
@@ -0,0 +1,55 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 7 Jul 2022 18:27:02 +0900
+Subject: time-util: fix buffer-over-run
+
+Fixes #23928.
+
+(cherry picked from commit 9102c625a673a3246d7e73d8737f3494446bad4e)
+(cherry picked from commit 72d4c15a946d20143cd4c6783c802124bc894dc7)
+(cherry picked from commit c32530f5bdd11c74e8f5a86eecd7c36b3bae739f)
+(cherry picked from commit b2a25b5e64345bd0bb7697a956d33afd6980286a)
+(cherry picked from commit 858dc1ad609290cc4ca288acf87046ee295c3d51)
+---
+ src/basic/time-util.c | 2 +-
+ src/test/test-time-util.c | 8 ++++++++
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/basic/time-util.c b/src/basic/time-util.c
+index 5318d63..1909710 100644
+--- a/src/basic/time-util.c
++++ b/src/basic/time-util.c
+@@ -574,7 +574,7 @@ char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) {
+ t = b;
+ }
+
+- n = MIN((size_t) k, l);
++ n = MIN((size_t) k, l-1);
+
+ l -= n;
+ p += n;
+diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c
+index cc391e8..877b24c 100644
+--- a/src/test/test-time-util.c
++++ b/src/test/test-time-util.c
+@@ -243,6 +243,13 @@ static void test_format_timespan(usec_t accuracy) {
+ test_format_timespan_one(USEC_INFINITY, accuracy);
+ }
+
++static void test_format_timespan2(void) {
++ /* See issue #23928. */
++ _cleanup_free_ char *buf;
++ assert_se(buf = new(char, 5));
++ assert_se(buf == format_timespan(buf, 5, 100005, 1000));
++}
++
+ static void test_timezone_is_valid(void) {
+ log_info("/* %s */", __func__);
+
+@@ -533,6 +540,7 @@ int main(int argc, char *argv[]) {
+ test_format_timespan(1);
+ test_format_timespan(USEC_PER_MSEC);
+ test_format_timespan(USEC_PER_SEC);
++ test_format_timespan2();
+ test_timezone_is_valid();
+ test_get_timezones();
+ test_usec_add();
diff --git a/debian/patches/tmpfiles-st-may-have-been-used-uninitialized.patch b/debian/patches/tmpfiles-st-may-have-been-used-uninitialized.patch
new file mode 100644
index 0000000..a8877b3
--- /dev/null
+++ b/debian/patches/tmpfiles-st-may-have-been-used-uninitialized.patch
@@ -0,0 +1,27 @@
+From: =?utf-8?q?Zbigniew_J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
+Date: Tue, 23 Nov 2021 15:05:58 +0100
+Subject: tmpfiles: 'st' may have been used uninitialized
+
+(cherry picked from commit 160dadc0350c77d612aa9d5569f57d9bc84c3dca)
+(cherry picked from commit 7563de501246dccf5a9ea229933481aa1e7bd5c9)
+(cherry picked from commit f54b97b1d05052bfee824ecc03ae9f07f6c37be8)
+(cherry picked from commit ab927db9a7698ee1eceae14ecef7ab43ee3f104e)
+---
+ src/basic/rm-rf.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/basic/rm-rf.c b/src/basic/rm-rf.c
+index cf671c2..a78aa4f 100644
+--- a/src/basic/rm-rf.c
++++ b/src/basic/rm-rf.c
+@@ -128,7 +128,9 @@ static int rm_rf_children_inner(
+ assert(fd >= 0);
+ assert(fname);
+
+- if (is_dir < 0 || (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) {
++ if (is_dir < 0 ||
++ root_dev ||
++ (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) {
+
+ r = fstatat_harder(fd, fname, &st, AT_SYMLINK_NOFOLLOW, flags);
+ if (r < 0)
diff --git a/debian/patches/udev-always-create-device-symlinks-for-USB-disks.patch b/debian/patches/udev-always-create-device-symlinks-for-USB-disks.patch
new file mode 100644
index 0000000..f373b68
--- /dev/null
+++ b/debian/patches/udev-always-create-device-symlinks-for-USB-disks.patch
@@ -0,0 +1,111 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sun, 30 Oct 2022 09:43:05 +0900
+Subject: udev: always create device symlinks for USB disks
+
+Previously, ata_id might not be able to retrieve attributes correctly,
+and properties from usb_id were used as a fallback. See issue #24921
+and PR #24923. To keep backward compatibility, still we need to create
+symlinks based on USB serial.
+
+Fixes #25179.
+---
+ rules.d/60-persistent-storage.rules | 10 +++++--
+ src/udev/udev-builtin-usb_id.c | 55 +++++++++++++++++++++++++++++--------
+ 2 files changed, 51 insertions(+), 14 deletions(-)
+
+diff --git a/rules.d/60-persistent-storage.rules b/rules.d/60-persistent-storage.rules
+index fc7f733..99e0c9a 100644
+--- a/rules.d/60-persistent-storage.rules
++++ b/rules.d/60-persistent-storage.rules
+@@ -59,14 +59,20 @@ KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="scsi", ATTRS{type}==
+ # Run ata_id on non-removable USB Mass Storage (SATA/PATA disks in enclosures)
+ KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", ATTR{removable}=="0", SUBSYSTEMS=="usb", IMPORT{program}="ata_id --export $devnode"
+
+-# Fall back usb_id for USB devices
+-KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id"
++# Also import properties from usb_id for USB devices
++KERNEL=="sd*[!0-9]|sr*", SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id"
+
+ # SCSI devices
+ KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*", IMPORT{program}="scsi_id --export --whitelisted -d $devnode", ENV{ID_BUS}="scsi"
+ KERNEL=="cciss*", ENV{DEVTYPE}=="disk", ENV{ID_SERIAL}!="?*", IMPORT{program}="scsi_id --export --whitelisted -d $devnode", ENV{ID_BUS}="cciss"
+ KERNEL=="sd*|sr*|cciss*", ENV{DEVTYPE}=="disk", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}"
+ KERNEL=="sd*|cciss*", ENV{DEVTYPE}=="partition", ENV{ID_SERIAL}=="?*", SYMLINK+="disk/by-id/$env{ID_BUS}-$env{ID_SERIAL}-part%n"
++# Previously, ata_id in the above might not be able to retrieve attributes correctly,
++# and properties from usb_id were used as a fallback. See issue #24921 and PR #24923.
++# To keep backward compatibility, still we need to create symlinks based on USB serial.
++# See issue #25179.
++KERNEL=="sd*|sr*|cciss*", ENV{DEVTYPE}=="disk", ENV{ID_USB_SERIAL}=="?*", SYMLINK+="disk/by-id/usb-$env{ID_USB_SERIAL}"
++KERNEL=="sd*|cciss*", ENV{DEVTYPE}=="partition", ENV{ID_USB_SERIAL}=="?*", SYMLINK+="disk/by-id/usb-$env{ID_USB_SERIAL}-part%n"
+
+ # PMEM devices
+ KERNEL=="pmem*", ENV{DEVTYPE}=="disk", ATTRS{uuid}=="?*", SYMLINK+="disk/by-id/pmem-$attr{uuid}"
+diff --git a/src/udev/udev-builtin-usb_id.c b/src/udev/udev-builtin-usb_id.c
+index fa554e7..3910ffa 100644
+--- a/src/udev/udev-builtin-usb_id.c
++++ b/src/udev/udev-builtin-usb_id.c
+@@ -430,21 +430,52 @@ fallback:
+ if (!isempty(instance_str))
+ strpcpyl(&s, l, "-", instance_str, NULL);
+
+- udev_builtin_add_property(dev, test, "ID_VENDOR", vendor_str);
+- udev_builtin_add_property(dev, test, "ID_VENDOR_ENC", vendor_str_enc);
+- udev_builtin_add_property(dev, test, "ID_VENDOR_ID", vendor_id);
+- udev_builtin_add_property(dev, test, "ID_MODEL", model_str);
+- udev_builtin_add_property(dev, test, "ID_MODEL_ENC", model_str_enc);
+- udev_builtin_add_property(dev, test, "ID_MODEL_ID", product_id);
+- udev_builtin_add_property(dev, test, "ID_REVISION", revision_str);
+- udev_builtin_add_property(dev, test, "ID_SERIAL", serial);
++ if (sd_device_get_property_value(dev, "ID_BUS", NULL) >= 0)
++ log_device_debug(dev, "ID_BUS property is already set, setting only properties prefixed with \"ID_USB_\".");
++ else {
++ udev_builtin_add_property(dev, test, "ID_BUS", "usb");
++
++ udev_builtin_add_property(dev, test, "ID_MODEL", model_str);
++ udev_builtin_add_property(dev, test, "ID_MODEL_ENC", model_str_enc);
++ udev_builtin_add_property(dev, test, "ID_MODEL_ID", product_id);
++
++ udev_builtin_add_property(dev, test, "ID_SERIAL", serial);
++ if (!isempty(serial_str))
++ udev_builtin_add_property(dev, test, "ID_SERIAL_SHORT", serial_str);
++
++ udev_builtin_add_property(dev, test, "ID_VENDOR", vendor_str);
++ udev_builtin_add_property(dev, test, "ID_VENDOR_ENC", vendor_str_enc);
++ udev_builtin_add_property(dev, test, "ID_VENDOR_ID", vendor_id);
++
++ udev_builtin_add_property(dev, test, "ID_REVISION", revision_str);
++
++ if (!isempty(type_str))
++ udev_builtin_add_property(dev, test, "ID_TYPE", type_str);
++
++ if (!isempty(instance_str))
++ udev_builtin_add_property(dev, test, "ID_INSTANCE", instance_str);
++ }
++
++ /* Also export the same values in the above by prefixing ID_USB_. */
++ udev_builtin_add_property(dev, test, "ID_USB_MODEL", model_str);
++ udev_builtin_add_property(dev, test, "ID_USB_MODEL_ENC", model_str_enc);
++ udev_builtin_add_property(dev, test, "ID_USB_MODEL_ID", product_id);
++ udev_builtin_add_property(dev, test, "ID_USB_SERIAL", serial);
+ if (!isempty(serial_str))
+- udev_builtin_add_property(dev, test, "ID_SERIAL_SHORT", serial_str);
++ udev_builtin_add_property(dev, test, "ID_USB_SERIAL_SHORT", serial_str);
++
++ udev_builtin_add_property(dev, test, "ID_USB_VENDOR", vendor_str);
++ udev_builtin_add_property(dev, test, "ID_USB_VENDOR_ENC", vendor_str_enc);
++ udev_builtin_add_property(dev, test, "ID_USB_VENDOR_ID", vendor_id);
++
++ udev_builtin_add_property(dev, test, "ID_USB_REVISION", revision_str);
++
+ if (!isempty(type_str))
+- udev_builtin_add_property(dev, test, "ID_TYPE", type_str);
++ udev_builtin_add_property(dev, test, "ID_USB_TYPE", type_str);
++
+ if (!isempty(instance_str))
+- udev_builtin_add_property(dev, test, "ID_INSTANCE", instance_str);
+- udev_builtin_add_property(dev, test, "ID_BUS", "usb");
++ udev_builtin_add_property(dev, test, "ID_USB_INSTANCE", instance_str);
++
+ if (!isempty(packed_if_str))
+ udev_builtin_add_property(dev, test, "ID_USB_INTERFACES", packed_if_str);
+ if (ifnum)
diff --git a/debian/patches/udev-first-set-properties-based-on-usb-subsystem.patch b/debian/patches/udev-first-set-properties-based-on-usb-subsystem.patch
new file mode 100644
index 0000000..0aee515
--- /dev/null
+++ b/debian/patches/udev-first-set-properties-based-on-usb-subsystem.patch
@@ -0,0 +1,34 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Thu, 3 Nov 2022 09:39:36 +0900
+Subject: udev: first set properties based on usb subsystem
+
+After 479da1107a0d4e2f7ef5cd938512b87a0e45f180, the usb_id builtin
+command does not set ID_SERIAL if ID_BUS is already set.
+Before the commit, all properties set based on pci bus were overwritten
+by the usb_id, hence now it is sufficient setting them only when ID_BUS is
+not set yet.
+
+Fixes #25238.
+
+(cherry picked from commit 01e704eba982fbc1517287cd261d229ff8e0a779)
+---
+ rules.d/60-serial.rules | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/rules.d/60-serial.rules b/rules.d/60-serial.rules
+index f303e27..c133f26 100644
+--- a/rules.d/60-serial.rules
++++ b/rules.d/60-serial.rules
+@@ -3,9 +3,10 @@
+ ACTION=="remove", GOTO="serial_end"
+ SUBSYSTEM!="tty", GOTO="serial_end"
+
+-SUBSYSTEMS=="pci", ENV{ID_BUS}="pci", ENV{ID_VENDOR_ID}="$attr{vendor}", ENV{ID_MODEL_ID}="$attr{device}"
+-SUBSYSTEMS=="pci", IMPORT{builtin}="hwdb --subsystem=pci"
+ SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id", IMPORT{builtin}="hwdb --subsystem=usb"
++SUBSYSTEMS=="pci", ENV{ID_BUS}=="", ENV{ID_BUS}="pci", \
++ ENV{ID_VENDOR_ID}="$attr{vendor}", ENV{ID_MODEL_ID}="$attr{device}", \
++ IMPORT{builtin}="hwdb --subsystem=pci"
+
+ # /dev/serial/by-path/, /dev/serial/by-id/ for USB devices
+ KERNEL!="ttyUSB[0-9]*|ttyACM[0-9]*", GOTO="serial_end"
diff --git a/debian/patches/udevadm-trigger-do-not-return-immediately-on-EACCES.patch b/debian/patches/udevadm-trigger-do-not-return-immediately-on-EACCES.patch
new file mode 100644
index 0000000..cabec71
--- /dev/null
+++ b/debian/patches/udevadm-trigger-do-not-return-immediately-on-EACCES.patch
@@ -0,0 +1,58 @@
+From: Yu Watanabe <watanabe.yu+github@gmail.com>
+Date: Sat, 20 Feb 2021 16:30:23 +0900
+Subject: udevadm-trigger: do not return immediately on EACCES
+
+Prompted by https://github.com/systemd/systemd/pull/18559.
+
+(cherry picked from commit 0e789e6d48046d43c50dd949a71ac56f1127bb96)
+---
+ src/udev/udevadm-trigger.c | 32 +++++++++++++++++++++++++++++---
+ 1 file changed, 29 insertions(+), 3 deletions(-)
+
+diff --git a/src/udev/udevadm-trigger.c b/src/udev/udevadm-trigger.c
+index 5c74184..da9b89a 100644
+--- a/src/udev/udevadm-trigger.c
++++ b/src/udev/udevadm-trigger.c
+@@ -45,13 +45,39 @@ static int exec_list(sd_device_enumerator *e, const char *action, Set **settle_s
+
+ r = write_string_file(filename, action, WRITE_STRING_FILE_DISABLE_BUFFER);
+ if (r < 0) {
++ /* ENOENT may be returned when a device does not have /uevent or is already
++ * removed. Hence, this is logged at debug level and ignored.
++ *
++ * ENODEV may be returned by some buggy device drivers e.g. /sys/devices/vio.
++ * See,
++ * https://github.com/systemd/systemd/issues/13652#issuecomment-535129791 and
++ * https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1845319.
++ * So, this error is ignored, but logged at warning level to encourage people to
++ * fix the driver.
++ *
++ * EROFS is returned when /sys is read only. In that case, all subsequent
++ * writes will also fail, hence return immediately.
++ *
++ * EACCES or EPERM may be returned when this is invoked by non-priviledged user.
++ * We do NOT return immediately, but continue operation and propagate the error.
++ * Why? Some device can be owned by a user, e.g., network devices configured in
++ * a network namespace. See, https://github.com/systemd/systemd/pull/18559 and
++ * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ebb4a4bf76f164457184a3f43ebc1552416bc823
++ *
++ * All other errors are logged at error level, but let's continue the operation,
++ * and propagate the error.
++ */
++
+ bool ignore = IN_SET(r, -ENOENT, -ENODEV);
++ int level =
++ r == -ENOENT ? LOG_DEBUG :
++ r == -ENODEV ? LOG_WARNING : LOG_ERR;
+
+- log_full_errno(ignore ? LOG_DEBUG : LOG_ERR, r,
++ log_full_errno(level, r,
+ "Failed to write '%s' to '%s'%s: %m",
+ action, filename, ignore ? ", ignoring" : "");
+- if (IN_SET(r, -EACCES, -EROFS))
+- /* Inovoked by unpriviledged user, or read only filesystem. Return earlier. */
++
++ if (r == -EROFS)
+ return r;
+ if (ret == 0 && !ignore)
+ ret = r;
diff --git a/debian/patches/unit-name-generate-a-clear-error-code-when-convertin.patch b/debian/patches/unit-name-generate-a-clear-error-code-when-convertin.patch
new file mode 100644
index 0000000..c28266b
--- /dev/null
+++ b/debian/patches/unit-name-generate-a-clear-error-code-when-convertin.patch
@@ -0,0 +1,59 @@
+From: Lennart Poettering <lennart@poettering.net>
+Date: Tue, 1 Jun 2021 19:43:55 +0200
+Subject: unit-name: generate a clear error code when converting an overly
+ long fs path to a unit name
+
+(cherry picked from commit 9d5acfab20c5f1177d877d0bec18063c0a6c5929)
+(cherry picked from commit 1579dce2c2a162bb09afb9a8a46fd4f7e8fbf1d5)
+(cherry picked from commit 0488b743e9c6ab1e885933eebda4ba9232003a2a)
+---
+ src/basic/unit-name.c | 6 ++++++
+ src/test/test-unit-name.c | 4 ++--
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
+index c1529bb..5f595af 100644
+--- a/src/basic/unit-name.c
++++ b/src/basic/unit-name.c
+@@ -528,6 +528,9 @@ int unit_name_from_path(const char *path, const char *suffix, char **ret) {
+ if (!s)
+ return -ENOMEM;
+
++ if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
++ return -ENAMETOOLONG;
++
+ /* Refuse this if this got too long or for some other reason didn't result in a valid name */
+ if (!unit_name_is_valid(s, UNIT_NAME_PLAIN))
+ return -EINVAL;
+@@ -559,6 +562,9 @@ int unit_name_from_path_instance(const char *prefix, const char *path, const cha
+ if (!s)
+ return -ENOMEM;
+
++ if (strlen(s) >= UNIT_NAME_MAX) /* Return a slightly more descriptive error for this specific condition */
++ return -ENAMETOOLONG;
++
+ /* Refuse this if this got too long or for some other reason didn't result in a valid name */
+ if (!unit_name_is_valid(s, UNIT_NAME_INSTANCE))
+ return -EINVAL;
+diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
+index ece78aa..c0b7971 100644
+--- a/src/test/test-unit-name.c
++++ b/src/test/test-unit-name.c
+@@ -130,7 +130,7 @@ static void test_unit_name_from_path(void) {
+ test_unit_name_from_path_one("///", ".mount", "-.mount", 0);
+ test_unit_name_from_path_one("/foo/../bar", ".mount", NULL, -EINVAL);
+ test_unit_name_from_path_one("/foo/./bar", ".mount", NULL, -EINVAL);
+- test_unit_name_from_path_one("/waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", ".mount", NULL, -EINVAL);
++ test_unit_name_from_path_one("/waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", ".mount", NULL, -ENAMETOOLONG);
+ }
+
+ static void test_unit_name_from_path_instance_one(const char *pattern, const char *path, const char *suffix, const char *expected, int ret) {
+@@ -160,7 +160,7 @@ static void test_unit_name_from_path_instance(void) {
+ test_unit_name_from_path_instance_one("waldo", "..", ".mount", NULL, -EINVAL);
+ test_unit_name_from_path_instance_one("waldo", "/foo", ".waldi", NULL, -EINVAL);
+ test_unit_name_from_path_instance_one("wa--ldo", "/--", ".mount", "wa--ldo@\\x2d\\x2d.mount", 0);
+- test_unit_name_from_path_instance_one("waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "/waldo", ".mount", NULL, -EINVAL);
++ test_unit_name_from_path_instance_one("waldoaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "/waldo", ".mount", NULL, -ENAMETOOLONG);
+ }
+
+ static void test_unit_name_to_path_one(const char *unit, const char *path, int ret) {
diff --git a/debian/patches/virt-Fix-the-detection-for-Hyper-V-VMs.patch b/debian/patches/virt-Fix-the-detection-for-Hyper-V-VMs.patch
new file mode 100644
index 0000000..9757987
--- /dev/null
+++ b/debian/patches/virt-Fix-the-detection-for-Hyper-V-VMs.patch
@@ -0,0 +1,38 @@
+From: Boqun Feng <boqun.feng@gmail.com>
+Date: Tue, 23 Nov 2021 15:09:26 +0800
+Subject: virt: Fix the detection for Hyper-V VMs
+
+Use product_version instead of product_name in DMI table and the string
+"Hyper-V" to avoid misdetection.
+
+Fixes: #21468
+
+Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
+(cherry picked from commit 76eec0649936d9ae2f9087769f463feaf0cf5cb4)
+---
+ src/basic/virt.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/virt.c b/src/basic/virt.c
+index 0d45ee6..54befd9 100644
+--- a/src/basic/virt.c
++++ b/src/basic/virt.c
+@@ -140,7 +140,8 @@ static int detect_vm_dmi(void) {
+ "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */
+ "/sys/class/dmi/id/sys_vendor",
+ "/sys/class/dmi/id/board_vendor",
+- "/sys/class/dmi/id/bios_vendor"
++ "/sys/class/dmi/id/bios_vendor",
++ "/sys/class/dmi/id/product_version" /* For Hyper-V VMs test */
+ };
+
+ static const struct {
+@@ -158,7 +159,7 @@ static int detect_vm_dmi(void) {
+ { "Parallels", VIRTUALIZATION_PARALLELS },
+ /* https://wiki.freebsd.org/bhyve */
+ { "BHYVE", VIRTUALIZATION_BHYVE },
+- { "Microsoft", VIRTUALIZATION_MICROSOFT },
++ { "Hyper-V", VIRTUALIZATION_MICROSOFT },
+ };
+ unsigned i;
+ int r;
diff --git a/debian/patches/virt-Support-detection-for-ARM64-Hyper-V-guests.patch b/debian/patches/virt-Support-detection-for-ARM64-Hyper-V-guests.patch
new file mode 100644
index 0000000..373a77f
--- /dev/null
+++ b/debian/patches/virt-Support-detection-for-ARM64-Hyper-V-guests.patch
@@ -0,0 +1,28 @@
+From: Boqun Feng <boqun.feng@gmail.com>
+Date: Wed, 13 Oct 2021 11:32:09 +0800
+Subject: virt: Support detection for ARM64 Hyper-V guests
+
+The detection of Microsoft Hyper-V VMs is done by cpuid currently,
+however there is no cpuid on ARM64. And since ARM64 is now a supported
+architecture for Microsoft Hyper-V guests[1], then use DMI tables to
+detect a Hyper-V guest, which is more generic and works for ARM64.
+
+[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7aff79e297ee1aa0126924921fd87a4ae59d2467
+
+(cherry picked from commit 506bbc8569014253ea8614b680ccbc4fc2513a87)
+---
+ src/basic/virt.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/basic/virt.c b/src/basic/virt.c
+index 7d78a40..0d45ee6 100644
+--- a/src/basic/virt.c
++++ b/src/basic/virt.c
+@@ -158,6 +158,7 @@ static int detect_vm_dmi(void) {
+ { "Parallels", VIRTUALIZATION_PARALLELS },
+ /* https://wiki.freebsd.org/bhyve */
+ { "BHYVE", VIRTUALIZATION_BHYVE },
++ { "Microsoft", VIRTUALIZATION_MICROSOFT },
+ };
+ unsigned i;
+ int r;
diff --git a/debian/patches/virt-detect-OpenStack-Nova-instance.patch b/debian/patches/virt-detect-OpenStack-Nova-instance.patch
new file mode 100644
index 0000000..87686b2
--- /dev/null
+++ b/debian/patches/virt-detect-OpenStack-Nova-instance.patch
@@ -0,0 +1,21 @@
+From: Michael Biebl <biebl@debian.org>
+Date: Sun, 7 Aug 2022 15:21:12 +0200
+Subject: virt: detect OpenStack Nova instance
+
+(cherry picked from commit 01d9fbccddd694bc584aed24eaa0543f831dc929)
+---
+ src/basic/virt.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/basic/virt.c b/src/basic/virt.c
+index 54befd9..78ee1b8 100644
+--- a/src/basic/virt.c
++++ b/src/basic/virt.c
+@@ -149,6 +149,7 @@ static int detect_vm_dmi(void) {
+ int id;
+ } dmi_vendor_table[] = {
+ { "KVM", VIRTUALIZATION_KVM },
++ { "OpenStack", VIRTUALIZATION_KVM }, /* Detect OpenStack instance as KVM in non x86 architecture */
+ { "QEMU", VIRTUALIZATION_QEMU },
+ { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */
+ { "VMW", VIRTUALIZATION_VMWARE },
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..b67f29a
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,315 @@
+#! /usr/bin/make -f
+
+#export DH_VERBOSE = 1
+#export DEB_BUILD_OPTIONS = nostrip
+
+export LC_ALL = C.UTF-8
+
+include /usr/share/dpkg/default.mk
+
+ifeq ($(DEB_VENDOR),Ubuntu)
+ DEFAULT_NTP_SERVERS = ntp.ubuntu.com
+ SUPPORT_URL = http://www.ubuntu.com/support
+ CONFFLAGS_DISTRO =
+else
+ DEFAULT_NTP_SERVERS = 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org
+ SUPPORT_URL = https://www.debian.org/support
+ CONFFLAGS_DISTRO =
+endif
+
+TEST_TIMEOUT_MULTIPLIER = "-t 10"
+
+# fail on missing files and symbols changes on distro builds, but not if we
+# build/test upstream master
+ifeq ($(TEST_UPSTREAM),)
+ DH_MISSING = --fail-missing
+ GENSYMBOLS_LEVEL = 4
+else
+ DH_MISSING = --list-missing
+ GENSYMBOLS_LEVEL = 1
+endif
+
+ifneq (, $(filter noudeb, $(DEB_BUILD_OPTIONS)))
+export DEB_BUILD_PROFILES += noudeb
+endif
+
+CONFFLAGS = \
+ -Db_lto=true \
+ -Db_pie=true \
+ -Dmode=release \
+ -Drootlibdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
+ -Dsplit-usr=true \
+ -Dversion-tag="$(DEB_VERSION)" \
+ -Dquotaon-path=/sbin/quotaon \
+ -Dquotacheck-path=/sbin/quotacheck \
+ -Dkmod-path=/bin/kmod \
+ -Dkexec-path=/sbin/kexec \
+ -Dsulogin-path=/sbin/sulogin \
+ -Dmount-path=/bin/mount \
+ -Dumount-path=/bin/umount \
+ -Dloadkeys-path=/bin/loadkeys \
+ -Dsetfont-path=/bin/setfont \
+ -Dnologin-path=/usr/sbin/nologin \
+ -Dtelinit-path=/lib/sysvinit/telinit \
+ -Dsysvinit-path=/etc/init.d \
+ -Dsysvrcnd-path=/etc \
+ -Dlocalegen-path=/usr/sbin/locale-gen \
+ -Ddebug-shell=/bin/bash \
+ -Dzshcompletiondir=/usr/share/zsh/vendor-completions \
+ -Ddbuspolicydir=/usr/share/dbus-1/system.d/ \
+ -Dsupport-url=$(SUPPORT_URL) \
+ -Ddefault-kill-user-processes=false \
+ -Ddefault-hierarchy=unified \
+ -Ddefault-dnssec=no \
+ -Dpamconfdir=no \
+ -Dpamlibdir=/lib/$(DEB_HOST_MULTIARCH)/security \
+ -Drpmmacrosdir=no \
+ -Dqrencode=false \
+ -Dvconsole=false \
+ -Dfirstboot=false \
+ -Dxkbcommon=false \
+ -Dwheel-group=false \
+ -Drepart=false \
+ -Duserdb=false \
+ -Dhomed=false \
+ -Dlibfido2=false \
+ -Dfdisk=false \
+ -Dpwquality=false \
+ -Dp11kit=false \
+ -Doomd=false \
+ -Dntp-servers="$(DEFAULT_NTP_SERVERS)" \
+ -Ddns-servers='' \
+ -Dlink-udev-shared=false \
+ -Dsystem-uid-max=999 \
+ -Dsystem-gid-max=999 \
+ -Dnobody-user=nobody \
+ -Dnobody-group=nogroup \
+ -Dbump-proc-sys-fs-nr-open=false \
+ -Ddev-kvm-mode=0660 \
+ -Dgroup-render-mode=0660
+
+CONFFLAGS_deb = \
+ -Dselinux=true \
+ -Dhwdb=true \
+ -Dsysusers=true \
+ -Dinstall-tests=$(if $(filter noinsttest,$(DEB_BUILD_PROFILES)),false,true) \
+ -Defi=true \
+ -Dman=true \
+ -Dnss-myhostname=true \
+ -Dnss-mymachines=true \
+ -Dnss-resolve=true \
+ -Dnss-systemd=true \
+ -Dresolve=true \
+ -Dlink-systemctl-shared=false
+
+ifeq (, $(filter stage1, $(DEB_BUILD_PROFILES)))
+CONFFLAGS_deb += \
+ -Daudit=true \
+ -Dlibcryptsetup=true \
+ -Dcoredump=true \
+ -Delfutils=true \
+ -Dapparmor=true \
+ -Dlibidn2=true \
+ -Dlibiptc=true \
+ -Dlibcurl=true \
+ -Dimportd=true \
+ -Dmicrohttpd=true \
+ -Dgnutls=true \
+ -Dpcre2=true
+else
+CONFFLAGS_deb += \
+ -Daudit=false \
+ -Dlibcryptsetup=false \
+ -Dcoredump=false \
+ -Delfutils=false \
+ -Dapparmor=false \
+ -Dlibidn2=false \
+ -Dlibiptc=false \
+ -Dlibcurl=false \
+ -Dimportd=false \
+ -Dmicrohttpd=false \
+ -Dgnutls=false \
+ -Dpcre2=false
+endif
+
+CONFFLAGS_udeb = \
+ -Dlibcryptsetup=false \
+ -Dcoredump=false \
+ -Delfutils=false \
+ -Dpam=false \
+ -Daudit=false \
+ -Dselinux=false\
+ -Dapparmor=false \
+ -Dlibidn2=false \
+ -Dlibiptc=false \
+ -Dsmack=false \
+ -Dima=false \
+ -Dbinfmt=false \
+ -Dquotacheck=false \
+ -Dtmpfiles=false \
+ -Drandomseed=false \
+ -Dbacklight=false \
+ -Dlogind=false \
+ -Dmachined=false \
+ -Dlibcurl=false \
+ -Dimportd=false \
+ -Dmicrohttpd=false \
+ -Dgnutls=false \
+ -Dhostnamed=false \
+ -Dtimedated=false \
+ -Dnetworkd=false \
+ -Dtimesyncd=false \
+ -Dlocaled=false \
+ -Dnss-myhostname=false \
+ -Dnss-mymachines=false \
+ -Dnss-resolve=false \
+ -Dnss-systemd=false \
+ -Dresolve=false \
+ -Dportabled=false \
+ -Dpolkit=false \
+ -Dacl=false \
+ -Dgcrypt=false \
+ -Drfkill=false \
+ -Dhwdb=false \
+ -Dman=false \
+ -Defi=false \
+ -Dseccomp=false \
+ -Dsysusers=false \
+ -Dpcre2=false
+
+override_dh_auto_configure:
+ dh_auto_configure --builddirectory=build-deb \
+ -- $(CONFFLAGS) $(CONFFLAGS_DISTRO) $(CONFFLAGS_deb) $(CONFFLAGS_UPSTREAM)
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_auto_configure --builddirectory=build-udeb \
+ -- $(CONFFLAGS) $(CONFFLAGS_DISTRO) $(CONFFLAGS_udeb) $(CONFFLAGS_UPSTREAM)
+endif
+
+override_dh_auto_build:
+ dh_auto_build --builddirectory=build-deb
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_auto_build --builddirectory=build-udeb
+endif
+ # generate POT file for translators
+ ninja -C build-deb/ systemd-pot
+
+override_dh_auto_install:
+ dh_auto_install --builddirectory=build-deb \
+ --destdir=debian/install/deb
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_auto_install --builddirectory=build-udeb \
+ --destdir=debian/install/udeb
+endif
+ # fix paths in manpages; manually check the remaining /usr occurrences
+ # occasionally, with filtering out paths which are known to be in /usr:
+ # grep -r /usr debian/install/deb/usr/share/man/|egrep -v '/usr/local|os.*release|factory|zoneinfo|tmpfiles|kernel|foo|machines|sysctl|dbus|include|binfmt'
+ find debian/install/deb/usr/share/man/ -type f | xargs sed -ri 's_/usr(/lib/systemd/system|/lib/systemd/network|/lib/udev|/lib[^/]|/lib/[^a-z])_\1_g'
+
+override_dh_auto_clean:
+ifneq (, $(TEST_UPSTREAM))
+ debian/extra/checkout-upstream
+endif
+ dh_auto_clean --builddirectory=build-deb
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_auto_clean --builddirectory=build-udeb
+endif
+ rm -rf debian/install/ debian/shlibs.local
+ # remove Python byte code files
+ rm -rf tools/__pycache__/
+ rm -rf tools/chromiumos/__pycache__/
+ rm -f po/systemd.pot
+
+override_dh_install:
+ # remove unnecessary / unused files
+ rm -f debian/install/*/usr/share/doc/systemd/LICENSE.*
+ rm -f debian/install/*/var/log/README
+ rm -f debian/install/*/etc/init.d/README
+ rm -f debian/install/*/usr/lib/sysctl.d/50-default.conf
+ rm -f debian/install/*/etc/X11/xinit/xinitrc.d/50-systemd-user.sh
+ rmdir -p --ignore-fail-on-non-empty debian/install/*/etc/X11/xinit/xinitrc.d/
+ # remove files related to factory-reset feature
+ find debian/install/ \( -name 'systemd-update-done*' -o \
+ -name systemd-journal-catalog-update.service -o \
+ -name systemd-udev-hwdb-update.service -o \
+ -name ldconfig.service -o \
+ -name etc.conf \) -delete
+ rm -rf debian/install/*/usr/share/factory/
+ # replace upstream sysusers.d/basic.conf with proper users for Debian
+ debian/extra/make-sysusers-basic > debian/install/deb/usr/lib/sysusers.d/basic.conf
+ # remove resolvconf compat symlink
+ rm -f debian/install/*/sbin/resolvconf
+ifeq (, $(filter noudeb, $(DEB_BUILD_PROFILES)))
+ dh_install -pudev-udeb -plibudev1-udeb --sourcedir=debian/install/udeb
+endif
+
+ dh_install --remaining-packages --sourcedir=debian/install/deb
+
+ # we don't want /tmp to be a tmpfs by default
+ mv debian/systemd/lib/systemd/system/tmp.mount debian/systemd/usr/share/systemd/
+ printf '\n[Install]\nWantedBy=local-fs.target\n' >> debian/systemd/usr/share/systemd/tmp.mount
+ rm debian/systemd/lib/systemd/system/local-fs.target.wants/tmp.mount
+
+ # files shipped by cryptsetup
+ifeq (, $(filter stage1, $(DEB_BUILD_PROFILES)))
+ rm debian/systemd/usr/share/man/man5/crypttab.5
+endif
+
+ # files shipped by systemd
+ rm debian/udev/lib/udev/rules.d/70-uaccess.rules
+ rm debian/udev/lib/udev/rules.d/73-seat-late.rules
+ rm debian/udev/lib/udev/rules.d/71-seat.rules
+ rm debian/udev/lib/udev/rules.d/99-systemd.rules
+
+ # remove duplicate files shipped by systemd-*/udev
+ echo "Removing duplicate files in systemd package:"
+ set -e; for pkg in $(shell dh_listpackages -Nudev-udeb -Nlibudev1-udeb -Nsystemd); do \
+ echo "... from $$pkg..."; \
+ (cd debian/$$pkg; find -type f -o -type l) | (cd debian/systemd; xargs rm -f --verbose); \
+ (cd debian/$$pkg; find -mindepth 1 -type d | sort -r) | (cd debian/systemd; xargs rmdir --ignore-fail-on-non-empty --verbose || true); \
+ done
+
+ # Ubuntu specific files
+ifeq ($(DEB_VENDOR),Ubuntu)
+ install -D --mode=644 debian/extra/udev.py debian/udev/usr/share/apport/package-hooks/udev.py
+ install -D --mode=644 debian/extra/systemd.py debian/systemd/usr/share/apport/package-hooks/systemd.py
+ install --mode=644 debian/extra/rules-ubuntu/*.rules debian/udev/lib/udev/rules.d/
+ cp -a debian/extra/units-ubuntu/* debian/systemd/lib/systemd/system/
+endif
+
+override_dh_missing:
+ dh_missing --sourcedir debian/install/deb $(DH_MISSING)
+
+override_dh_installinit:
+ dh_installinit --no-start
+
+override_dh_installsystemd:
+ dh_installsystemd -psystemd-timesyncd
+
+override_dh_installsystemduser:
+
+PROJECT_VERSION ?= $(shell awk '/(PROJECT|PACKAGE)_VERSION/ {print $$3}' build-deb/config.h | tr -d \")
+
+# The SysV compat tools (which are symlinks to systemctl) are
+# quasi-essential, so add their dependencies to Pre-Depends
+# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753589
+override_dh_shlibdeps:
+ dh_shlibdeps -psystemd -- -dPre-Depends \
+ -edebian/systemd/bin/systemctl \
+ -dDepends
+ dh_shlibdeps --remaining-packages -Lsystemd
+
+override_dh_makeshlibs:
+ sed 's/SHARED_LIB_VERSION/$(PROJECT_VERSION)/' debian/shlibs.local.in > debian/shlibs.local
+ dh_makeshlibs -plibudev1 --add-udeb=libudev1-udeb -- -c$(GENSYMBOLS_LEVEL)
+ dh_makeshlibs -psystemd -Xlibsystemd-shared -- -c$(GENSYMBOLS_LEVEL)
+ dh_makeshlibs --remaining-packages -- -c$(GENSYMBOLS_LEVEL)
+
+override_dh_auto_test:
+ifeq (, $(filter nocheck, $(DEB_BUILD_OPTIONS)))
+ echo "01234567890123456789012345678901" > build-deb/machine-id
+ # some tests hang under fakeroot, so disable fakeroot
+ env -u LD_PRELOAD SYSTEMD_MACHINE_ID_PATH=$(CURDIR)/build-deb/machine-id meson test -C build-deb --print-errorlogs $(TEST_TIMEOUT_MULTIPLIER)
+endif
+
+%:
+ dh $@ --without autoreconf --buildsystem=meson
diff --git a/debian/shlibs.local.in b/debian/shlibs.local.in
new file mode 100644
index 0000000..432b726
--- /dev/null
+++ b/debian/shlibs.local.in
@@ -0,0 +1,3 @@
+udeb: libudev 1 libudev1-udeb
+libsystemd 0 libsystemd0 (= ${binary:Version})
+libsystemd-shared SHARED_LIB_VERSION systemd (= ${binary:Version})
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..163aaf8
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (quilt)
diff --git a/debian/systemd-container.install b/debian/systemd-container.install
new file mode 100644
index 0000000..a092998
--- /dev/null
+++ b/debian/systemd-container.install
@@ -0,0 +1,44 @@
+bin/machinectl
+bin/portablectl
+lib/systemd/import-pubring.gpg
+lib/systemd/portable
+lib/systemd/systemd-machined
+lib/systemd/systemd-export
+lib/systemd/systemd-import*
+lib/systemd/systemd-portabled
+lib/systemd/systemd-pull
+lib/systemd/system/systemd-nspawn@.service
+lib/systemd/system/systemd-importd.service
+lib/systemd/system/systemd-machined.service
+lib/systemd/system/systemd-portabled.service
+lib/systemd/system/var-lib-machines.mount
+lib/systemd/system/machines.target
+lib/systemd/system/*.target.wants/var-lib-machines.mount
+lib/systemd/system/dbus-org.freedesktop.import1.service
+lib/systemd/system/dbus-org.freedesktop.machine1.service
+lib/systemd/system/dbus-org.freedesktop.portable1.service
+usr/bin/systemd-dissect
+usr/bin/systemd-nspawn
+usr/lib/tmpfiles.d/portables.conf
+usr/lib/tmpfiles.d/systemd-nspawn.conf
+usr/share/dbus-1/system.d/org.freedesktop.import1.conf
+usr/share/dbus-1/system.d/org.freedesktop.machine1.conf
+usr/share/dbus-1/system.d/org.freedesktop.portable1.conf
+usr/share/dbus-1/system-services/org.freedesktop.import1.service
+usr/share/dbus-1/system-services/org.freedesktop.machine1.service
+usr/share/dbus-1/system-services/org.freedesktop.portable1.service
+usr/share/man/man*/*nspawn*
+usr/share/man/man*/machinectl*
+usr/share/man/man*/portablectl*
+usr/share/man/man*/systemd-dissect*
+usr/share/man/man*/systemd-machined*
+usr/share/man/man*/systemd-portabled*
+usr/share/polkit-1/actions/org.freedesktop.import1.policy
+usr/share/polkit-1/actions/org.freedesktop.machine1.policy
+usr/share/polkit-1/actions/org.freedesktop.portable1.policy
+usr/share/zsh/vendor-completions/_systemd-nspawn
+usr/share/zsh/vendor-completions/_sd_machines
+usr/share/zsh/vendor-completions/_machinectl
+usr/share/bash-completion/completions/machinectl
+usr/share/bash-completion/completions/portablectl
+usr/share/bash-completion/completions/systemd-nspawn
diff --git a/debian/systemd-container.lintian-overrides b/debian/systemd-container.lintian-overrides
new file mode 100644
index 0000000..c9665ff
--- /dev/null
+++ b/debian/systemd-container.lintian-overrides
@@ -0,0 +1,2 @@
+# False positive: nspawn containers are supposed to be started via machines.target
+systemd-container: systemd-service-file-refers-to-unusual-wantedby-target lib/systemd/system/systemd-nspawn@.service machines.target
diff --git a/debian/systemd-container.maintscript b/debian/systemd-container.maintscript
new file mode 100644
index 0000000..470978c
--- /dev/null
+++ b/debian/systemd-container.maintscript
@@ -0,0 +1,2 @@
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.import1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.machine1.conf 233-3~
diff --git a/debian/systemd-container.postinst b/debian/systemd-container.postinst
new file mode 100644
index 0000000..3d1c8b6
--- /dev/null
+++ b/debian/systemd-container.postinst
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+# Enable machines.target by default on new installs
+if [ -z "$2" ]; then
+ systemctl enable machines.target || true
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd-container.postrm b/debian/systemd-container.postrm
new file mode 100644
index 0000000..2140680
--- /dev/null
+++ b/debian/systemd-container.postrm
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+ purge)
+ # clean up after manually enabled units in postinst
+ rm -f /etc/systemd/system/multi-user.target.wants/machines.target
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/systemd-coredump.install b/debian/systemd-coredump.install
new file mode 100644
index 0000000..3efcecb
--- /dev/null
+++ b/debian/systemd-coredump.install
@@ -0,0 +1,11 @@
+usr/bin/coredumpctl
+lib/systemd/systemd-coredump
+lib/systemd/system/systemd-coredump*
+lib/systemd/system/*/systemd-coredump*
+usr/share/man/man1/coredumpctl*
+usr/share/man/man5/coredump.conf*
+usr/share/man/man8/systemd-coredump*
+usr/share/bash-completion/completions/coredumpctl
+usr/share/zsh/vendor-completions/_coredumpctl
+usr/lib/sysctl.d/50-coredump.conf
+etc/systemd/coredump.conf
diff --git a/debian/systemd-coredump.postinst b/debian/systemd-coredump.postinst
new file mode 100644
index 0000000..1b93506
--- /dev/null
+++ b/debian/systemd-coredump.postinst
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -e
+
+if [ "$1" = configure ]; then
+ adduser --quiet --system --group --no-create-home --home /run/systemd \
+ --gecos "systemd Core Dumper" systemd-coredump
+
+ # enable systemd-coredump right after package installation
+ if [ -d /run/systemd/system ]; then
+ systemctl daemon-reload && systemctl start systemd-coredump.socket || true
+ fi
+ /lib/systemd/systemd-sysctl /usr/lib/sysctl.d/50-coredump.conf || true
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd-coredump.prerm b/debian/systemd-coredump.prerm
new file mode 100644
index 0000000..16fbf69
--- /dev/null
+++ b/debian/systemd-coredump.prerm
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+if [ "$1" = remove ]; then
+ # disable systemd-coredump on removal
+ if [ -w /proc/sys/kernel/core_pattern ] && grep -q '^|.*systemd-coredump' /proc/sys/kernel/core_pattern; then
+ echo core > /proc/sys/kernel/core_pattern
+ fi
+ if [ -d /run/systemd/system ]; then
+ systemctl stop systemd-coredump.socket || true
+ fi
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd-journal-remote.install b/debian/systemd-journal-remote.install
new file mode 100644
index 0000000..188628b
--- /dev/null
+++ b/debian/systemd-journal-remote.install
@@ -0,0 +1,29 @@
+# systemd-journal-upload
+etc/systemd/journal-upload.conf
+lib/systemd/systemd-journal-upload
+lib/systemd/system/systemd-journal-upload.service
+usr/share/man/man5/journal-upload.conf.d.5
+usr/share/man/man5/journal-upload.conf.5
+usr/share/man/man8/systemd-journal-upload.8
+usr/share/man/man8/systemd-journal-upload.service.8
+
+# systemd-journal-remote
+etc/systemd/journal-remote.conf
+lib/systemd/systemd-journal-remote
+lib/systemd/system/systemd-journal-remote.service
+lib/systemd/system/systemd-journal-remote.socket
+usr/lib/sysusers.d/systemd-remote.conf
+usr/share/man/man5/journal-remote.conf.d.5
+usr/share/man/man5/journal-remote.conf.5
+usr/share/man/man8/systemd-journal-remote.service.8
+usr/share/man/man8/systemd-journal-remote.socket.8
+usr/share/man/man8/systemd-journal-remote.8
+
+# systemd-journal-gatewayd
+lib/systemd/systemd-journal-gatewayd
+lib/systemd/system/systemd-journal-gatewayd.service
+lib/systemd/system/systemd-journal-gatewayd.socket
+usr/share/systemd/gatewayd/
+usr/share/man/man8/systemd-journal-gatewayd.service.8
+usr/share/man/man8/systemd-journal-gatewayd.socket.8
+usr/share/man/man8/systemd-journal-gatewayd.8
diff --git a/debian/systemd-journal-remote.postinst b/debian/systemd-journal-remote.postinst
new file mode 100644
index 0000000..8ef91ad
--- /dev/null
+++ b/debian/systemd-journal-remote.postinst
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+adduser --quiet --system \
+ --home /run/systemd --no-create-home \
+ --gecos "systemd Journal Remote" \
+ --group systemd-journal-remote
+
+#DEBHELPER#
diff --git a/debian/systemd-sysv.install b/debian/systemd-sysv.install
new file mode 100644
index 0000000..9c104a9
--- /dev/null
+++ b/debian/systemd-sysv.install
@@ -0,0 +1,14 @@
+usr/share/man/man1/init.1
+usr/share/man/man8/telinit.8
+usr/share/man/man8/runlevel.8
+usr/share/man/man8/shutdown.8
+usr/share/man/man8/poweroff.8
+usr/share/man/man8/reboot.8
+usr/share/man/man8/halt.8
+sbin/init
+sbin/telinit
+sbin/runlevel
+sbin/shutdown
+sbin/poweroff
+sbin/reboot
+sbin/halt
diff --git a/debian/systemd-sysv.postinst b/debian/systemd-sysv.postinst
new file mode 100644
index 0000000..a67eddb
--- /dev/null
+++ b/debian/systemd-sysv.postinst
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+# update grub on first install, so that the alternative init system boot
+# entries get updated
+if [ "$1" = configure ] && [ -z "$2" ] && [ -e /boot/grub/grub.cfg ] && which update-grub >/dev/null 2>&1; then
+ update-grub || true
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd-tests.install b/debian/systemd-tests.install
new file mode 100644
index 0000000..28b745c
--- /dev/null
+++ b/debian/systemd-tests.install
@@ -0,0 +1 @@
+usr/lib/systemd/tests
diff --git a/debian/systemd-tests.lintian-overrides b/debian/systemd-tests.lintian-overrides
new file mode 100644
index 0000000..9784f46
--- /dev/null
+++ b/debian/systemd-tests.lintian-overrides
@@ -0,0 +1,2 @@
+# test programs only, need to link against internal library
+systemd-tests: binary-or-shlib-defines-rpath usr/lib/systemd/tests/*
diff --git a/debian/systemd-timesyncd.install b/debian/systemd-timesyncd.install
new file mode 100644
index 0000000..7d978ba
--- /dev/null
+++ b/debian/systemd-timesyncd.install
@@ -0,0 +1,7 @@
+../../extra/dhclient-exit-hooks.d/ etc/dhcp/
+etc/systemd/timesyncd.conf
+lib/systemd/ntp-units.d/80-systemd-timesync.list
+lib/systemd/systemd-timesyncd
+lib/systemd/system/systemd-timesyncd.service
+usr/share/dbus-1/*/*timesync*
+usr/share/man/man*/*timesyncd*
diff --git a/debian/systemd-timesyncd.postinst b/debian/systemd-timesyncd.postinst
new file mode 100644
index 0000000..c098216
--- /dev/null
+++ b/debian/systemd-timesyncd.postinst
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+set -e
+
+_adopt_conffile() {
+ conffile=$1
+ pkg=$2
+
+ [ -f ${conffile}.dpkg-bak ] || return 0
+
+ md5sum="$(md5sum ${conffile} | sed -e 's/ .*//')"
+ old_md5sum="$(dpkg-query -W -f='${Conffiles}' $pkg | \
+ sed -n -e "\' ${conffile} ' { s/ obsolete$//; s/.* //; p }")"
+ # On new installs, if the policy file was preserved on systemd upgrade
+ # by dpkg-maintscript helper, copy it back if the new file has not been modified yet
+ if [ "$md5sum" = "$old_md5sum" ]; then
+ mv ${conffile}.dpkg-bak ${conffile}
+ fi
+}
+
+adduser --quiet --system --group --no-create-home --home /run/systemd \
+ --gecos "systemd Time Synchronization" systemd-timesync
+
+if [ "$1" = configure ] && [ -z "$2" ]; then
+ _adopt_conffile /etc/dhcp/dhclient-exit-hooks.d/timesyncd systemd-timesyncd
+ _adopt_conffile /etc/systemd/timesyncd.conf systemd-timesyncd
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd-timesyncd.postrm b/debian/systemd-timesyncd.postrm
new file mode 100644
index 0000000..b333c6c
--- /dev/null
+++ b/debian/systemd-timesyncd.postrm
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+ purge)
+ rm -rf /var/lib/systemd/timesync/
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/systemd.NEWS b/debian/systemd.NEWS
new file mode 100644
index 0000000..cc72643
--- /dev/null
+++ b/debian/systemd.NEWS
@@ -0,0 +1,65 @@
+systemd (247.2-2) unstable; urgency=medium
+
+ systemd now defaults to the "unified" cgroup hierarchy (i.e. cgroupv2).
+ This change reflects the fact that cgroupsv2 support has matured
+ substantially in both systemd and in the kernel.
+ All major container tools nowadays should support cgroupv2.
+ If you run into problems with cgroupv2, you can switch back to the previous,
+ hybrid setup by adding "systemd.unified_cgroup_hierarchy=false" to the
+ kernel command line.
+ You can read more about the benefits of cgroupv2 at
+ https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html
+
+ -- Michael Biebl <biebl@debian.org> Mon, 21 Dec 2020 18:40:10 +0100
+
+systemd (247.2-1) unstable; urgency=medium
+
+ KERNEL API INCOMPATIBILITY: Linux 4.14 introduced two new uevents
+ "bind" and "unbind" to the Linux device model. When this kernel
+ change was made, systemd-udevd was only minimally updated to handle
+ and propagate these new event types. The introduction of these new
+ uevents (which are typically generated for USB devices and devices
+ needing a firmware upload before being functional) resulted in a
+ number of issues which we so far didn't address. We hoped the kernel
+ maintainers would themselves address these issues in some form, but
+ that did not happen. To handle them properly, many (if not most) udev
+ rules files shipped in various packages need updating, and so do many
+ programs that monitor or enumerate devices with libudev or sd-device,
+ or otherwise process uevents. Please note that this incompatibility
+ is not fault of systemd or udev, but caused by an incompatible kernel
+ change that happened back in Linux 4.14, but is becoming more and
+ more visible as the new uevents are generated by more kernel drivers.
+
+ To learn more about the required udev rules changes please check the
+ "CHANGES WITH 247" section of /usr/share/doc/systemd/NEWS.gz.
+
+ -- Balint Reczey <rbalint@ubuntu.com> Fri, 11 Dec 2020 18:22:42 +0100
+
+systemd (236-1) unstable; urgency=medium
+
+ DynamicUser=yes has been enabled for systemd-journal-upload.service and
+ systemd-journal-gatewayd.service.
+ This means we no longer need to statically allocate a systemd-journal-upload
+ and systemd-journal-gateway user and you can now safely remove those system
+ users along with their associated groups.
+
+ -- Michael Biebl <biebl@debian.org> Sun, 17 Dec 2017 21:17:32 +0100
+
+systemd (231-1) unstable; urgency=low
+
+ This version drops support for running /etc/rcS.d SysV init scripts.
+ These are prone to cause dependency loops, and almost all Debian packages
+ with rcS scripts now ship a native systemd service. If you have custom or
+ third-party rcS scripts you need to convert them or change them to run
+ in rc2.d/ - rc5.d/; see this page for details:
+ <https://wiki.debian.org/Teams/pkg-systemd/rcSMigration>.
+
+ -- Martin Pitt <mpitt@debian.org> Thu, 14 Jul 2016 12:54:34 +0200
+
+systemd (224-2) unstable; urgency=medium
+
+ This version splits out systemd-nspawn, systemd-machined, and machinectl
+ into the new "systemd-container" package. That now also enables
+ systemd-importd.
+
+ -- Martin Pitt <mpitt@debian.org> Sat, 22 Aug 2015 15:58:43 +0200
diff --git a/debian/systemd.bug-control b/debian/systemd.bug-control
new file mode 100644
index 0000000..c7c3850
--- /dev/null
+++ b/debian/systemd.bug-control
@@ -0,0 +1 @@
+package-status: udev dracut initramfs-tools libpam-systemd libnss-systemd
diff --git a/debian/systemd.bug-script b/debian/systemd.bug-script
new file mode 100644
index 0000000..b1099e7
--- /dev/null
+++ b/debian/systemd.bug-script
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+cat <<EOF
+
+Providing additional information can help diagnose problems with systemd.
+Specifically, this would include:
+- fstab configuration (copy of /etc/fstab).
+- local modifications of unit files (output of systemd-delta).
+- state of running services and units (output of systemd-analyze dump).
+- enabled/disabled state of installed services.
+If this information is not relevant for your bug report or you have privacy
+concerns, please choose no.
+
+EOF
+
+yesno "Do you want to provide additional information [Y|n]? " yep
+[ "$REPLY" = yep ] || exit 0
+
+# We don’t clean up this directory because there is no way to know when
+# reportbug finished running, and reportbug needs the files around.
+# Given that those are just a couple of kilobytes in size and people
+# generally don’t file a lot of bugs, I don’t think it’s a big deal.
+DIR=$(mktemp -d)
+
+echo "-- BEGIN ATTACHMENTS --" >&3
+
+# remove highlighting escape codes from systemd-delta output
+systemd-delta --no-pager 2>&1 |sed "s%\x1b[^m]*m%%g" >$DIR/systemd-delta.txt
+echo "$DIR/systemd-delta.txt" >&3
+
+if [ -d /run/systemd/system ]; then
+ systemd-analyze --no-pager dump >$DIR/systemd-analyze-dump.txt 2>&1
+ echo "$DIR/systemd-analyze-dump.txt" >&3
+fi
+
+if [ -d /var/lib/systemd/deb-systemd-helper-enabled ]; then
+ head -n100 $(find /var/lib/systemd/deb-systemd-helper-enabled -type f | tr '\n' ' ') >$DIR/dsh-enabled.txt
+ echo "$DIR/dsh-enabled.txt" >&3
+fi
+
+echo "/etc/fstab" >&3
+
+echo "-- END ATTACHMENTS --" >&3
diff --git a/debian/systemd.dirs b/debian/systemd.dirs
new file mode 100644
index 0000000..fac35d6
--- /dev/null
+++ b/debian/systemd.dirs
@@ -0,0 +1 @@
+var/lib/systemd
diff --git a/debian/systemd.install b/debian/systemd.install
new file mode 100644
index 0000000..1e51051
--- /dev/null
+++ b/debian/systemd.install
@@ -0,0 +1,71 @@
+etc/
+bin/systemctl
+bin/journalctl
+bin/loginctl
+bin/machinectl
+bin/networkctl
+bin/systemd-notify
+bin/systemd-tty-ask-password-agent
+bin/systemd-ask-password
+bin/systemd-machine-id-setup
+bin/systemd-tmpfiles
+bin/systemd-inhibit
+bin/systemd-escape
+bin/systemd-sysusers
+lib/modprobe.d/
+lib/systemd/
+lib/udev/rules.d/70-uaccess.rules
+lib/udev/rules.d/73-seat-late.rules
+lib/udev/rules.d/71-seat.rules
+lib/udev/rules.d/99-systemd.rules
+usr/bin/systemd-cgls
+usr/bin/systemd-cgtop
+usr/bin/systemd-nspawn
+usr/bin/systemd-stdio-bridge
+usr/bin/systemd-analyze
+usr/bin/systemd-cat
+usr/bin/systemd-detect-virt
+usr/bin/systemd-delta
+usr/bin/systemd-run
+usr/bin/systemd-path
+usr/bin/systemd-socket-activate
+usr/bin/systemd-mount
+usr/bin/systemd-umount
+usr/bin/systemd-id128
+usr/bin/kernel-install
+usr/bin/bootctl
+usr/bin/busctl
+usr/bin/timedatectl
+usr/bin/localectl
+usr/bin/hostnamectl
+usr/bin/resolvectl
+usr/bin/systemd-resolve
+usr/share/man/man1/
+usr/share/man/man5/
+usr/share/man/man7/
+usr/share/man/man8/
+usr/share/bash-completion/
+usr/share/zsh/vendor-completions/
+usr/share/dbus-1/
+usr/share/doc/
+usr/share/pkgconfig/systemd.pc
+usr/share/polkit-1/
+usr/share/systemd/kbd-model-map
+usr/share/systemd/language-fallback-map
+usr/lib/binfmt.d/
+usr/lib/environment.d/
+usr/lib/modules-load.d/
+usr/lib/sysctl.d/
+usr/lib/sysusers.d/basic.conf
+usr/lib/sysusers.d/systemd.conf
+usr/lib/systemd/
+usr/lib/tmpfiles.d/
+usr/lib/kernel
+usr/share/locale/
+var/lib
+../../extra/init-functions.d lib/lsb/
+../../extra/tmpfiles.d/*.conf usr/lib/tmpfiles.d/
+../../extra/systemd-sysv-install lib/systemd/
+../../extra/units/* lib/systemd/system/
+../../extra/kernel-install.d/* usr/lib/kernel/install.d
+../../extra/pam.d/* usr/lib/pam.d/
diff --git a/debian/systemd.links b/debian/systemd.links
new file mode 100644
index 0000000..f43cc94
--- /dev/null
+++ b/debian/systemd.links
@@ -0,0 +1,32 @@
+# These are all services which have native implementations
+# So we mask them by linking against /dev/null or create an alias
+/lib/systemd/system/systemd-sysctl.service /lib/systemd/system/procps.service
+
+/lib/systemd/system/systemd-modules-load.service /lib/systemd/system/kmod.service
+/etc/modules /etc/modules-load.d/modules.conf
+
+# X server and ICE socket directories are created by /usr/lib/tmpfiles.d/x11.conf
+/dev/null /lib/systemd/system/x11-common.service
+
+# Don't set the hwclock, as the kernel does that on its own when using NTP
+# Without NTP, we shouldn't store the time either
+# https://github.com/systemd/systemd/commit/da2617378523e007ec0c6efe99d0cebb2be994e1
+/dev/null /lib/systemd/system/hwclock.service
+
+# We use the built-in cryptsetup support
+/dev/null /lib/systemd/system/cryptdisks.service
+/dev/null /lib/systemd/system/cryptdisks-early.service
+
+# Those services are useless under systemd. Mask them so they can't
+# be run manually by accident.
+/dev/null /lib/systemd/system/rc.service
+/dev/null /lib/systemd/system/rcS.service
+
+# Enable Debian specific units
+/lib/systemd/system/getty-static.service /lib/systemd/system/getty.target.wants/getty-static.service
+
+# Compat symlink
+/lib/systemd/systemd /bin/systemd
+
+# Create a compat symlink as systemd-sysctl no longer reads /etc/sysctl.conf
+/etc/sysctl.conf /etc/sysctl.d/99-sysctl.conf
diff --git a/debian/systemd.lintian-overrides b/debian/systemd.lintian-overrides
new file mode 100644
index 0000000..e38976a
--- /dev/null
+++ b/debian/systemd.lintian-overrides
@@ -0,0 +1 @@
+systemd: maintainer-script-calls-systemctl
diff --git a/debian/systemd.maintscript b/debian/systemd.maintscript
new file mode 100644
index 0000000..fb0ce62
--- /dev/null
+++ b/debian/systemd.maintscript
@@ -0,0 +1,12 @@
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.hostname1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.locale1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.login1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.machine1.conf 228-5~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.network1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.resolve1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.systemd1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.timedate1.conf 233-3~
+rm_conffile /etc/dbus-1/system.d/org.freedesktop.systemd-shim.conf 239-15~ systemd-shim
+rm_conffile /etc/dhcp/dhclient-exit-hooks.d/timesyncd 245.4-2~
+rm_conffile /etc/systemd/timesyncd.conf 245.4-2~
+rm_conffile /etc/pam.d/systemd-user 247~rc2-3~
diff --git a/debian/systemd.postinst b/debian/systemd.postinst
new file mode 100644
index 0000000..d706588
--- /dev/null
+++ b/debian/systemd.postinst
@@ -0,0 +1,148 @@
+#!/bin/sh
+
+set -e
+
+_systemctl() {
+ if [ -d /run/systemd/system ]; then
+ systemctl "$@"
+ fi
+}
+
+_update_catalog() {
+ journalctl --update-catalog || true
+}
+
+# Update Message Catalogs database in response to dpkg trigger
+if [ "$1" = "triggered" ]; then
+ _update_catalog
+ exit 0
+fi
+
+# Enable getty and remote-fs.target by default on new installs
+if [ -z "$2" ]; then
+ systemctl enable getty@tty1.service || true
+ systemctl enable remote-fs.target || true
+fi
+
+# Enable systemd-pstore by default on new installs and upgrades, see #952767
+if dpkg --compare-versions "$2" lt "245.4-4~"; then
+ systemctl enable systemd-pstore.service || true
+fi
+
+# Do a one-time migration of the local time setting
+if [ -z "$2" ]; then
+ if [ -f /etc/default/rcS ]; then
+ . /etc/default/rcS
+ fi
+ if [ "$UTC" = "no" ] && [ ! -e /etc/adjtime ]; then
+ printf "0.0 0 0.0\n0\nLOCAL\n" > /etc/adjtime
+ fi
+fi
+
+# Do a one-time migration of the TMPTIME setting
+if [ -z "$2" ]; then
+ if [ -f /etc/default/rcS ]; then
+ . /etc/default/rcS
+ fi
+ if [ ! -e /etc/tmpfiles.d/tmp.conf ]; then
+ case "$TMPTIME" in
+ -*|infinite|infinity)
+ cat > /etc/tmpfiles.d/tmp.conf <<EOF
+# Avoid clearing /tmp by shipping an empty /etc/tmpfiles.d/tmp.conf file
+# which overrides /usr/lib/tmpfiles.d/tmp.conf.
+# This file was automatically created because of local modifications in
+# /etc/default/rcS where TMPTIME was set to infinite.
+EOF
+ ;;
+ esac
+ fi
+fi
+
+# Do a one-time migration of the RAMTMP setting
+if [ -z "$2" ]; then
+ if [ -f /etc/default/rcS ]; then
+ . /etc/default/rcS
+ fi
+ if [ -f /etc/default/tmpfs ]; then
+ . /etc/default/tmpfs
+ fi
+ if [ "$RAMTMP" = "yes" ]; then
+ # systemctl enable will work even when systemd is not the active PID 1.
+ if [ ! -e /etc/systemd/system/tmp.mount ]; then
+ cp /usr/share/systemd/tmp.mount /etc/systemd/system/tmp.mount
+ systemctl enable tmp.mount || true
+ fi
+ fi
+fi
+
+# Create /etc/machine-id
+systemd-machine-id-setup
+
+# Setup system users and groups
+addgroup --quiet --system systemd-journal
+
+adduser --quiet --system --group --no-create-home --home /run/systemd \
+ --gecos "systemd Network Management" systemd-network
+adduser --quiet --system --group --no-create-home --home /run/systemd \
+ --gecos "systemd Resolver" systemd-resolve
+
+# Enable persistent journal, in auto-mode, by default on new installs and upgrades
+if dpkg --compare-versions "$2" lt "244.1-2~"; then
+ mkdir -p /var/log/journal
+ # Applying ACLs requires a mounted /proc and systemd-tmpfiles will fail if
+ # /proc is not available. Skip systemd-tmpfiles in this case. This should
+ # be fine, as this typically means we are inside a chroot and systemd is
+ # not currently active. The permissions will be applied on the next boot.
+ # https://github.com/systemd/systemd/issues/14745
+ if mountpoint -q /proc; then
+ systemd-tmpfiles --create --prefix /var/log/journal
+ fi
+fi
+
+# Initial update of the Message Catalogs database
+_update_catalog
+
+if [ -n "$2" ]; then
+ _systemctl daemon-reexec || true
+ # don't restart logind; this can be done again once this gets implemented:
+ # https://github.com/systemd/systemd/issues/1163
+ if dpkg --compare-versions "$2" lt-nl "246.2-2~"; then
+ # the socket configuration changed
+ _systemctl stop systemd-networkd.socket || true
+ fi
+ _systemctl try-restart systemd-networkd.service || true
+ _systemctl try-restart systemd-resolved.service || true
+ _systemctl try-restart systemd-journald.service || true
+fi
+
+if dpkg --compare-versions "$2" lt-nl "235-3~"; then
+ # systemd-bus-proxyd got dropped before stretch, and never created any file
+ deluser --system systemd-bus-proxy || true
+fi
+
+if dpkg --compare-versions "$2" lt-nl "236-1~"; then
+ # Clean up old /var/lib/systemd/clock on upgrade.
+ # The clock file used by systemd-timesyncd is now stored in
+ # StateDirectory=systemd/timesync.
+ rm -f /var/lib/systemd/clock
+fi
+
+if dpkg --compare-versions "$2" lt-nl "239-12~"; then
+ # clean up bogus "nobody" group from #912525; ensure that it's a system group
+ if getent group nobody >/dev/null; then
+ delgroup --system nobody || true
+ fi
+fi
+
+if dpkg --compare-versions "$2" lt-nl "245.4-4~"; then
+ # systemd-pstore.service is now enabled via sysinit.target
+ rm -f /etc/systemd/system/systemd-remount-fs.service.wants/systemd-pstore.service
+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/systemd-remount-fs.service.wants 2> /dev/null || true
+fi
+
+if dpkg --compare-versions "$2" lt-nl "245.4-5~"; then
+ # Clean up removed ondemand service
+ rm -f /etc/systemd/system/multi-user.target.wants/ondemand.service
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd.postrm b/debian/systemd.postrm
new file mode 100644
index 0000000..8599864
--- /dev/null
+++ b/debian/systemd.postrm
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+ purge)
+ # clean up after manually enabled units in postinst
+ rm -f /etc/systemd/system/getty.target.wants/getty@tty1.service
+ rm -f /etc/systemd/system/multi-user.target.wants/remote-fs.target
+ rm -f /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
+ rm -f /etc/systemd/system/dbus-org.freedesktop.timesync1.service
+ rm -f /etc/systemd/system/sysinit.target.wants/systemd-pstore.service
+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/getty.target.wants 2> /dev/null || true
+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/multi-user.target.wants 2> /dev/null || true
+ rmdir --ignore-fail-on-non-empty /etc/systemd/system/sysinit.target.wants 2> /dev/null || true
+
+ rm -f /var/lib/systemd/catalog/database
+ rmdir --ignore-fail-on-non-empty /var/lib/systemd/catalog 2> /dev/null || true
+
+ rm -rf /var/lib/systemd/backlight/
+ rm -rf /var/lib/systemd/rfkill/
+ rm -rf /var/lib/systemd/timesync/
+
+ rm -f /var/lib/systemd/random-seed
+
+ rmdir --ignore-fail-on-non-empty /var/log/journal 2> /dev/null || true
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/systemd.preinst b/debian/systemd.preinst
new file mode 100644
index 0000000..122ee31
--- /dev/null
+++ b/debian/systemd.preinst
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+_systemctl() {
+ if [ -d /run/systemd/system ]; then
+ systemctl "$@"
+ fi
+}
+
+#DEBHELPER#
+
+# Clean up after package split. If the new systemd-timesyncd package is
+# installed, it will enable and start the service again.
+if [ "$1" = "upgrade" ] && dpkg --compare-versions "$2" lt-nl "245.4-2~"; then
+ if _systemctl -q is-active systemd-timesyncd.service; then
+ _systemctl stop systemd-timesyncd.service || true
+ fi
+ rm -f /etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service
+ # Don't bother with cleaning up the systemd-timesync group
+fi
diff --git a/debian/systemd.prerm b/debian/systemd.prerm
new file mode 100644
index 0000000..b08c895
--- /dev/null
+++ b/debian/systemd.prerm
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+#
+# Prevent systemd from being removed if it's the active init. That
+# will not work.
+#
+
+if [ "$1" = "remove" ] && [ -d /run/systemd/system ]; then
+ echo "systemd is the active init system, please switch to another before removing systemd."
+ exit 1
+fi
+
+#DEBHELPER#
diff --git a/debian/systemd.triggers b/debian/systemd.triggers
new file mode 100644
index 0000000..69246ec
--- /dev/null
+++ b/debian/systemd.triggers
@@ -0,0 +1 @@
+interest-noawait /usr/lib/systemd/catalog
diff --git a/debian/tests/assert.sh b/debian/tests/assert.sh
new file mode 100644
index 0000000..1d47bf4
--- /dev/null
+++ b/debian/tests/assert.sh
@@ -0,0 +1,34 @@
+# utility functions for shell tests
+
+assert_true() {
+ if ! $1; then
+ echo "FAIL: command '$1' failed with exit code $?" >&2
+ exit 1
+ fi
+}
+
+
+assert_eq() {
+ if [ "$1" != "$2" ]; then
+ echo "FAIL: expected: '$2' actual: '$1'" >&2
+ exit 1
+ fi
+}
+
+assert_in() {
+ if ! echo "$2" | grep -q "$1"; then
+ echo "FAIL: '$1' not found in:" >&2
+ echo "$2" >&2
+ exit 1
+ fi
+}
+
+assert_rc() {
+ local exp=$1
+ shift
+ set +e
+ $@
+ RC=$?
+ set -e
+ assert_eq $RC $exp
+}
diff --git a/debian/tests/boot-and-services b/debian/tests/boot-and-services
new file mode 100755
index 0000000..5ab9135
--- /dev/null
+++ b/debian/tests/boot-and-services
@@ -0,0 +1,558 @@
+#!/usr/bin/python3
+# autopkgtest check: Boot with systemd and check critical desktop services
+# (C) 2014 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+import sys
+import os
+import unittest
+import subprocess
+import tempfile
+import shutil
+import time
+import re
+from glob import glob
+
+is_container = subprocess.call(['systemd-detect-virt', '--container']) == 0
+
+
+def wait_unit_stop(unit, timeout=10):
+ '''Wait until given unit is not running any more
+
+ Raise RuntimeError on timeout.
+ '''
+ for i in range(timeout):
+ if subprocess.call(['systemctl', 'is-active', '--quiet', unit]) != 0:
+ return
+ time.sleep(1)
+
+ raise RuntimeError('Timed out waiting for %s to stop' % unit)
+
+
+class ServicesTest(unittest.TestCase):
+ '''Check that expected services are running'''
+
+ def test_0_init(self):
+ '''Verify that init is systemd'''
+
+ self.assertIn('systemd', os.readlink('/proc/1/exe'))
+
+ def test_no_failed(self):
+ '''No failed units'''
+
+ out = subprocess.check_output(['systemctl', '--state=failed', '--no-legend'],
+ universal_newlines=True)
+ failed = out.splitlines()
+ # ignore /etc/modules failure as stuff that we put there by default
+ # often fails
+ failed = [f for f in failed if 'systemd-modules-load' not in f]
+ # apparmor fails if not enabled in the kernel
+ if not os.path.exists('/sys/kernel/security/apparmor'):
+ failed = [f for f in failed if 'apparmor.service' not in f]
+ # ignore thermald as it doesn't start in most virtual envs
+ failed = [f for f in failed if 'thermald' not in f]
+ # console-setup.service fails on devices without keyboard (LP: #1516591)
+ failed = [f for f in failed if 'console-setup' not in f]
+ # cpi.service fails on s390x
+ failed = [f for f in failed if 'cpi.service' not in f]
+ # https://bugs.debian.org/926138
+ if is_container:
+ failed = [f for f in failed if 'e2scrub_reap.service' not in f]
+ if failed:
+ for f in failed:
+ f = f.split()[0]
+ print('-------- journal for failed service %s -----------' % f)
+ sys.stdout.flush()
+ subprocess.call(['journalctl', '-b', '-u', f])
+ self.assertEqual(failed, [])
+
+ @unittest.skipUnless(shutil.which('gdm3') is not None, 'gdm3 not found')
+ def test_gdm3(self):
+ subprocess.check_call(['pgrep', '-af', '/gdm[-3]'])
+ self.active_unit('gdm')
+
+ def test_dbus(self):
+ out = subprocess.check_output(
+ ['dbus-send', '--print-reply', '--system',
+ '--dest=org.freedesktop.DBus', '/', 'org.freedesktop.DBus.GetId'])
+ self.assertIn(b'string "', out)
+ self.active_unit('dbus')
+
+ def test_network_manager(self):
+ # 0.9.10 changed the command name
+ _help = subprocess.check_output(['nmcli', '--help'],
+ stderr=subprocess.STDOUT)
+ if b' g[eneral]' in _help:
+ out = subprocess.check_output(['nmcli', 'general'])
+ else:
+ out = subprocess.check_output(['nmcli', 'nm'])
+ self.assertIn(b'enabled', out)
+ self.active_unit('NetworkManager')
+
+ def test_cron(self):
+ out = subprocess.check_output(['ps', 'u', '-C', 'cron'])
+ self.assertIn(b'root', out)
+ self.active_unit('cron')
+
+ def test_logind(self):
+ out = subprocess.check_output(['loginctl'])
+ self.assertNotEqual(b'', out)
+ self.active_unit('systemd-logind')
+
+ @unittest.skipIf('TEST_UPSTREAM' in os.environ,
+ 'Forwarding to rsyslog is a Debian patch')
+ def test_rsyslog(self):
+ out = subprocess.check_output(['ps', 'u', '-C', 'rsyslogd'])
+ self.assertIn(b'bin/rsyslogd', out)
+ self.active_unit('rsyslog')
+ with open('/var/log/syslog') as f:
+ log = f.read()
+ if not is_container:
+ # has kernel messages
+ self.assertRegex(log, 'kernel:.*')
+ # has init messages
+ self.assertRegex(log, 'systemd.*Reached target Graphical Interface')
+ # has other services
+ self.assertRegex(log, 'NetworkManager.*:')
+
+ @unittest.skipIf(is_container, 'udev does not work in containers')
+ def test_udev(self):
+ out = subprocess.check_output(['udevadm', 'info', '--export-db'])
+ self.assertIn(b'\nP: /devices/', out)
+ self.active_unit('systemd-udevd')
+
+ def test_tmp_mount(self):
+ # check if we want to mount /tmp in fstab
+ want_tmp_mount = False
+ try:
+ with open('/etc/fstab') as f:
+ for l in f:
+ try:
+ if not l.startswith('#') and l.split()[1] in ('/tmp', '/tmp/'):
+ want_tmp_mount = True
+ break
+ except IndexError:
+ pass
+ except FileNotFoundError:
+ pass
+
+ # ensure that we actually do/don't have a /tmp mount
+ (status, status_out) = subprocess.getstatusoutput('systemctl status tmp.mount')
+ findmnt = subprocess.call(['findmnt', '-n', '/tmp'], stdout=subprocess.PIPE)
+ if want_tmp_mount:
+ self.assertEqual(status, 0, status_out)
+ self.assertEqual(findmnt, 0)
+ else:
+ # 4 is correct (since upstream commit ca473d57), accept 3 for systemd <= 230
+ self.assertIn(status, [3, 4], status_out)
+ self.assertNotEqual(findmnt, 0)
+
+ @unittest.skipIf('TEST_UPSTREAM' in os.environ,
+ 'Debian specific configuration, N/A for upstream')
+ def test_tmp_cleanup(self):
+ # systemd-tmpfiles-clean.timer only runs 15 mins after boot, shortcut
+ # it
+ self.assertEqual(subprocess.call(
+ ['systemctl', 'status', 'systemd-tmpfiles-clean.timer'],
+ stdout=subprocess.PIPE), 0)
+ subprocess.check_call(['systemctl', 'start', 'systemd-tmpfiles-clean'])
+ if not is_container:
+ # all files in /tmp/ should get cleaned up on boot
+ self.assertFalse(os.path.exists('/tmp/oldfile.test'))
+ self.assertFalse(os.path.exists('/tmp/newfile.test'))
+ # files in /var/tmp/ older than 30d should get cleaned up
+ # XXX FIXME: /var/tmp/ cleanup was disabled in #675422
+ # if not is_container:
+ # self.assertFalse(os.path.exists('/var/tmp/oldfile.test'))
+ self.assertTrue(os.path.exists('/var/tmp/newfile.test'))
+
+ # next run should leave the recent ones
+ os.close(os.open('/tmp/newfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ subprocess.check_call(['systemctl', 'start', 'systemd-tmpfiles-clean'])
+ wait_unit_stop('systemd-tmpfiles-clean')
+ self.assertTrue(os.path.exists('/tmp/newfile.test'))
+
+ # Helper methods
+
+ def active_unit(self, unit):
+ '''Check that given unit is active'''
+
+ out = subprocess.check_output(['systemctl', 'status', unit])
+ self.assertIn(b'active (running)', out)
+
+
+class JournalTest(unittest.TestCase):
+ '''Check journal functionality'''
+
+ def test_no_options(self):
+ out = subprocess.check_output(['journalctl'])
+ if not is_container:
+ # has kernel messages
+ self.assertRegex(out, b'kernel:.*')
+ # has init messages
+ self.assertRegex(out, b'systemd.*Reached target Graphical Interface')
+ # has other services
+ self.assertRegex(out, b'NetworkManager.*:.*starting')
+
+ def test_log_for_service(self):
+ out = subprocess.check_output(
+ ['journalctl', '_SYSTEMD_UNIT=NetworkManager.service'])
+ self.assertRegex(out, b'NetworkManager.*:.*starting')
+ self.assertNotIn(b'kernel:', out)
+ self.assertNotIn(b'systemd:', out)
+
+
+@unittest.skipIf(is_container, 'nspawn does not work in most containers')
+class NspawnTest(unittest.TestCase):
+ '''Check nspawn'''
+
+ @classmethod
+ def setUpClass(kls):
+ '''Build a bootable busybox mini-container'''
+
+ kls.td_c_busybox = tempfile.TemporaryDirectory(prefix='c_busybox.')
+ kls.c_busybox = kls.td_c_busybox.name
+ for d in ['etc/init.d', 'bin', 'sbin']:
+ os.makedirs(os.path.join(kls.c_busybox, d))
+ shutil.copy('/bin/busybox', os.path.join(kls.c_busybox, 'bin'))
+ shutil.copy('/etc/os-release', os.path.join(kls.c_busybox, 'etc'))
+ os.symlink('busybox', os.path.join(kls.c_busybox, 'bin', 'sh'))
+ os.symlink('../bin/busybox', os.path.join(kls.c_busybox, 'sbin/init'))
+ with open(os.path.join(kls.c_busybox, 'etc/init.d/rcS'), 'w') as f:
+ f.write('''#!/bin/sh
+echo fake container started
+ps aux
+poweroff\n''')
+ os.fchmod(f.fileno(), 0o755)
+ subprocess.check_call(['systemd-machine-id-setup', '--root',
+ kls.c_busybox], stderr=subprocess.PIPE)
+
+ def setUp(self):
+ self.workdir = tempfile.TemporaryDirectory()
+
+ def test_boot(self):
+ cont = os.path.join(self.workdir.name, 'c1')
+ shutil.copytree(self.c_busybox, cont, symlinks=True)
+ os.sync()
+ nspawn = subprocess.Popen(['systemd-nspawn', '-D', cont, '-b'],
+ stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ out = nspawn.communicate(timeout=60)[0]
+ self.assertIn(b'Spawning container c1', out)
+ self.assertIn(b'fake container started', out)
+ self.assertRegex(out, b'\n\s+1\s+0\s+init[\r\n]')
+ self.assertRegex(out, b'\n\s+2+\s+0\s.*rcS[\r\n]')
+ self.assertRegex(out, b'Container c1.*shut down')
+ self.assertEqual(nspawn.returncode, 0)
+
+ def test_service(self):
+ self.assertTrue(os.path.isdir('/var/lib/machines'))
+ cont = '/var/lib/machines/c1'
+ shutil.copytree(self.c_busybox, cont, symlinks=True)
+ self.addCleanup(shutil.rmtree, cont)
+ os.sync()
+ subprocess.check_call(['systemctl', 'start', 'systemd-nspawn@c1'])
+ wait_unit_stop('systemd-nspawn@c1')
+
+ subprocess.call(['journalctl', '--sync'])
+ systemctl = subprocess.Popen(
+ ['systemctl', 'status', '-overbose', '-l', 'systemd-nspawn@c1'],
+ stdout=subprocess.PIPE)
+ out = systemctl.communicate()[0].decode('UTF-8', 'replace')
+ self.assertEqual(systemctl.returncode, 3, out)
+ self.assertNotIn('failed', out)
+
+
+@unittest.skipUnless(os.path.exists('/sys/kernel/security/apparmor'),
+ 'AppArmor not enabled')
+class AppArmorTest(unittest.TestCase):
+ def test_profile(self):
+ '''AppArmor confined unit'''
+
+ # create AppArmor profile
+ aa_profile = tempfile.NamedTemporaryFile(prefix='aa_violator.')
+ aa_profile.write(b'''#include <tunables/global>
+
+profile "violator-test" {
+ #include <abstractions/base>
+
+ /{usr/,}bin/** rix,
+ /etc/machine-id r,
+}
+''')
+ aa_profile.flush()
+ subprocess.check_call(['apparmor_parser', '-r', '-v', aa_profile.name])
+
+ # create confined unit
+ with open('/run/systemd/system/violator.service', 'w') as f:
+ f.write('''[Unit]
+Description=AppArmor test
+
+[Service]
+ExecStart=/bin/sh -euc 'echo CP1; cat /etc/machine-id; echo CP2; if cat /etc/passwd; then exit 1; fi; echo CP3'
+AppArmorProfile=violator-test
+''')
+ self.addCleanup(os.unlink, '/run/systemd/system/violator.service')
+
+ # launch
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+ subprocess.check_call(['systemctl', 'start', 'violator.service'])
+ wait_unit_stop('violator.service')
+
+ # check status
+ st = subprocess.Popen(['systemctl', 'status', '-l',
+ 'violator.service'], stdout=subprocess.PIPE,
+ universal_newlines=True)
+ out = st.communicate()[0]
+ # unit should be stopped
+ self.assertEqual(st.returncode, 3)
+
+ self.assertIn('inactive', out)
+ self.assertIn('CP1', out)
+ self.assertIn('CP2', out)
+ self.assertIn('CP3', out)
+ with open('/etc/machine-id') as f:
+ self.assertIn(f.read().strip(), out)
+ self.assertNotIn('root:x', out, 'unit can read /etc/passwd')
+
+
+@unittest.skipIf(os.path.exists('/sys/fs/cgroup/cgroup.controllers'),
+ 'test needs to be reworked on unified cgroup hierarchy')
+class CgroupsTest(unittest.TestCase):
+ '''Check cgroup setup'''
+
+ @classmethod
+ def setUpClass(kls):
+ kls.controllers = []
+ for controller in glob('/sys/fs/cgroup/*'):
+ if not os.path.islink(controller):
+ kls.controllers.append(controller)
+
+ def setUp(self):
+ self.service = 'testsrv.service'
+ self.service_file = '/run/systemd/system/' + self.service
+
+ def tearDown(self):
+ subprocess.call(['systemctl', 'stop', self.service],
+ stderr=subprocess.PIPE)
+ try:
+ os.unlink(self.service_file)
+ except OSError:
+ pass
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ def create_service(self, extra_service=''):
+ '''Create test service unit'''
+
+ with open(self.service_file, 'w') as f:
+ f.write('''[Unit]
+Description=test service
+[Service]
+ExecStart=/bin/sleep 500
+%s
+''' % extra_service)
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ def assertNoControllers(self):
+ '''Assert that no cgroup controllers exist for test service'''
+
+ cs = glob('/sys/fs/cgroup/*/system.slice/%s' % self.service)
+ self.assertEqual(cs, [])
+
+ def assertController(self, name):
+ '''Assert that cgroup controller exists for test service'''
+
+ c = '/sys/fs/cgroup/%s/system.slice/%s' % (name, self.service)
+ self.assertTrue(os.path.isdir(c))
+
+ def assertNoController(self, name):
+ '''Assert that cgroup controller does not exist for test service'''
+
+ c = '/sys/fs/cgroup/%s/system.slice/%s' % (name, self.service)
+ self.assertFalse(os.path.isdir(c))
+
+ def test_simple(self):
+ '''simple service'''
+
+ self.create_service()
+ self.assertNoControllers()
+ subprocess.check_call(['systemctl', 'start', self.service])
+ self.assertController('systemd')
+ subprocess.check_call(['systemctl', 'stop', self.service])
+ self.assertNoControllers()
+
+ def test_cpushares(self):
+ '''service with CPUShares'''
+
+ self.create_service('CPUShares=1000')
+ self.assertNoControllers()
+ subprocess.check_call(['systemctl', 'start', self.service])
+ self.assertController('systemd')
+ self.assertController('cpu,cpuacct')
+ subprocess.check_call(['systemctl', 'stop', self.service])
+ self.assertNoControllers()
+
+
+class SeccompTest(unittest.TestCase):
+ '''Check seccomp syscall filtering'''
+
+ def test_failing(self):
+ with open('/run/systemd/system/scfail.service', 'w') as f:
+ f.write('''[Unit]
+Description=seccomp test
+[Service]
+ExecStart=/bin/cat /etc/machine-id
+SystemCallFilter=access
+''')
+ self.addCleanup(os.unlink, '/run/systemd/system/scfail.service')
+
+ # launch
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+ subprocess.check_call(['systemctl', 'start', 'scfail.service'])
+ wait_unit_stop('scfail.service')
+
+ # check status
+ st = subprocess.Popen(['systemctl', 'status', '-l',
+ 'scfail.service'], stdout=subprocess.PIPE)
+ out = st.communicate()[0]
+ # unit should be stopped
+ self.assertEqual(st.returncode, 3)
+
+ subprocess.check_call(['systemctl', 'reset-failed', 'scfail.service'])
+
+ self.assertIn(b'failed', out)
+ self.assertRegex(out, b'code=(killed|dumped), signal=SYS')
+ with open('/etc/machine-id') as f:
+ self.assertNotIn(f.read().strip().encode('ASCII'), out)
+
+
+@unittest.skipIf(is_container, 'systemd-coredump does not work in containers')
+class CoredumpTest(unittest.TestCase):
+ '''Check systemd-coredump'''
+
+ def test_bash_crash(self):
+ subprocess.call("ulimit -c unlimited; bash -c 'kill -SEGV $$'", shell=True,
+ cwd='/tmp', stderr=subprocess.DEVNULL)
+
+ # with systemd-coredump installed we should get the core dumps in
+ # systemd's dir
+ for timeout in range(50):
+ cores = glob('/var/lib/systemd/coredump/core.bash.*')
+ if cores:
+ break
+ time.sleep(1)
+ self.assertNotEqual(cores, [])
+ self.assertEqual(glob('/tmp/core*'), [])
+
+ # we should also get a message and stack trace in journal
+ for timeout in range(10):
+ subprocess.call(['journalctl', '--sync'])
+ journal = subprocess.check_output(['journalctl', '-t', 'systemd-coredump'])
+ if re.search(b'Process.*bash.*dumped core', journal) and \
+ re.search(b'#[0-9] .*bash', journal):
+ break
+ time.sleep(1)
+ self.assertRegex(journal, b'Process.*bash.*dumped core')
+ self.assertIn(b'Stack trace', journal)
+ self.assertRegex(journal, b'#[0-9] .*bash')
+
+
+class CLITest(unittest.TestCase):
+ def setUp(self):
+ self.programs = []
+ for line in subprocess.check_output(['dpkg', '-L', 'systemd', 'systemd-container', 'systemd-coredump', 'udev'],
+ universal_newlines=True).splitlines():
+ if '/bin/' in line:
+ self.programs.append(line.strip())
+
+ def test_help(self):
+ '--help works and succeeds'''
+
+ for program in self.programs:
+ p = subprocess.Popen([program, '--help'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
+ (out, err) = p.communicate()
+ try:
+ self.assertEqual(err, '')
+ self.assertEqual(p.returncode, 0)
+ self.assertIn(os.path.basename(program), out)
+ self.assertTrue('--help' in out or 'Usage' in out, out)
+ except AssertionError:
+ print('Failed program: %s' % program)
+ raise
+
+ def test_version(self):
+ '--version works and succeeds'''
+
+ version = subprocess.check_output(['pkg-config', '--modversion', 'systemd'],
+ universal_newlines=True).strip()
+
+ for program in self.programs:
+ # known to not respond to --version
+ if os.path.basename(program) in ['kernel-install', 'systemd-ask-password', 'systemd-stdio-bridge']:
+ continue
+ p = subprocess.Popen([program, '--version'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
+ (out, err) = p.communicate()
+ try:
+ self.assertEqual(err, '')
+ self.assertEqual(p.returncode, 0)
+ self.assertIn(version, out)
+ except AssertionError:
+ print('Failed program: %s' % program)
+ raise
+
+ def test_invalid_option(self):
+ '''Calling with invalid option fails'''
+
+ for program in self.programs:
+ p = subprocess.Popen([program, '--invalid-option'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True)
+ (out, err) = p.communicate()
+ try:
+ # kernel-install is an unique snowflake
+ if not program.endswith('/kernel-install'):
+ self.assertIn('--invalid-option', err)
+ self.assertNotEqual(p.returncode, 0)
+ except AssertionError:
+ print('Failed program: %s' % program)
+ raise
+
+
+def pre_boot_setup():
+ '''Test setup before rebooting testbed'''
+
+ subprocess.check_call(['systemctl', 'set-default', 'graphical.target'],
+ stderr=subprocess.STDOUT)
+
+ # create a few temporary files to ensure that they get cleaned up on boot
+ os.close(os.open('/tmp/newfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ os.close(os.open('/var/tmp/newfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ # we can't use utime() here, as systemd looks for ctime
+ if not is_container:
+ cur_time = time.clock_gettime(time.CLOCK_REALTIME)
+ time.clock_settime(time.CLOCK_REALTIME, cur_time - 2 * 30 * 86400)
+ try:
+ os.close(os.open('/tmp/oldfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ os.close(os.open('/var/tmp/oldfile.test',
+ os.O_CREAT | os.O_EXCL | os.O_WRONLY))
+ finally:
+ time.clock_settime(time.CLOCK_REALTIME, cur_time)
+
+ # allow X to start even on headless machines
+ os.makedirs('/etc/X11/xorg.conf.d/', exist_ok=True)
+ with open('/etc/X11/xorg.conf.d/dummy.conf', 'w') as f:
+ f.write('''Section "Device"
+ Identifier "test"
+ Driver "dummy"
+EndSection''')
+
+
+if __name__ == '__main__':
+ if not os.getenv('AUTOPKGTEST_REBOOT_MARK'):
+ pre_boot_setup()
+ print('Rebooting...')
+ subprocess.check_call(['/tmp/autopkgtest-reboot', 'boot1'])
+
+ unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
+ verbosity=2))
diff --git a/debian/tests/boot-smoke b/debian/tests/boot-smoke
new file mode 100755
index 0000000..821c842
--- /dev/null
+++ b/debian/tests/boot-smoke
@@ -0,0 +1,86 @@
+#!/bin/sh
+# test 20 successful reboots in a row
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+# For bisecting/testing you can replace individual binaries in /lib/systemd
+# with --copy /host/path/systemd-foo:/tmp/systemd-replace/systemd-foo
+set -e
+
+. `dirname $0`/assert.sh
+
+fail() {
+ [ -n "$1" ] && echo "$1"
+ set +e
+ journalctl --sync
+ journalctl -a > "$AUTOPKGTEST_ARTIFACTS/boot-smoke-journal.txt"
+ systemctl --no-pager --no-legend list-jobs > "$AUTOPKGTEST_ARTIFACTS/boot-smoke-running-jobs.txt"
+ udevadm info --export-db > "$AUTOPKGTEST_ARTIFACTS/boot-smoke-udevdb.txt"
+ exit 1
+}
+
+if [ -z "$AUTOPKGTEST_REBOOT_MARK" ]; then
+ # enable persistent journal
+ mkdir -p /var/log/journal
+ # allow X to start even on headless machines
+ mkdir -p /etc/X11/xorg.conf.d/
+ cat << EOF > /etc/X11/xorg.conf.d/dummy.conf
+Section "Device"
+ Identifier "test"
+ Driver "dummy"
+EndSection
+EOF
+
+
+ AUTOPKGTEST_REBOOT_MARK=0
+ if [ -d /tmp/systemd-replace/ ]; then
+ for f in /tmp/systemd-replace/*; do
+ echo "Installing $f..."
+ rm -f /lib/systemd/$(basename $f)
+ cp $f /lib/systemd/
+ done
+ fi
+else
+ echo "waiting to boot..."
+ TIMEOUT=35
+ while [ $TIMEOUT -ge 0 ]; do
+ state="$(systemctl is-system-running || true)"
+ case $state in
+ running|degraded)
+ break
+ ;;
+ *)
+ sleep 1
+ TIMEOUT=$((TIMEOUT - 1))
+ ;;
+ esac
+ done
+
+ echo "checking for running system"
+ if [ "$state" = "degraded" ]; then
+ systemctl --no-pager --no-legend --failed list-units > "$AUTOPKGTEST_ARTIFACTS/boot-smoke-failed-units.txt" || true
+ echo "systemctl is-system-running: degraded (non-fatal)"
+ elif [ "$state" != "running" ]; then
+ fail "system not running after timeout $RUNNING_TIMEOUT, state: $state"
+ fi
+
+ echo "checking for failed unmounts for user systemd"
+ # grep complete journal to catch shutdown messages
+ if journalctl | grep -E "systemd\[([2-9]|[1-9][0-9]+)\].*Failed unmounting"; then
+ fail "found failed unmount in journal"
+ fi
+
+ # grep only this boot's journal, earlier ones complain about missing "render" group
+ echo "checking for connection timeouts"
+ if journalctl -b | grep "Connection timed out"; then
+ fail "found connection timeout in journal for this boot"
+ fi
+
+ echo "checking that NetworkManager runs"
+ pidof NetworkManager || fail "NetworkManager was not running"
+fi
+
+if [ "$AUTOPKGTEST_REBOOT_MARK" -ge 5 ]; then
+ exit 0
+fi
+
+echo "reboot #$AUTOPKGTEST_REBOOT_MARK"
+/tmp/autopkgtest-reboot $(($AUTOPKGTEST_REBOOT_MARK + 1))
diff --git a/debian/tests/build-login b/debian/tests/build-login
new file mode 100755
index 0000000..def83b1
--- /dev/null
+++ b/debian/tests/build-login
@@ -0,0 +1,38 @@
+#!/bin/sh
+# autopkgtest check: Test build against libsystemd-login-dev
+# (C) 2014 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+set -e
+
+WORKDIR=$(mktemp -d)
+trap "rm -rf $WORKDIR" 0 INT QUIT ABRT PIPE TERM
+cd $WORKDIR
+cat <<EOF > loginmonitor.c
+#include <assert.h>
+#include <stdio.h>
+#include <systemd/sd-login.h>
+
+int main(int argc, char **argv)
+{
+ sd_login_monitor* mon = NULL;
+ int res;
+
+ res = sd_login_monitor_new(NULL, &mon);
+ if (res < 0) {
+ fprintf(stderr, "sd_login_monitor_new failed with value %i\n", res);
+ return 1;
+ }
+
+ assert(sd_login_monitor_get_fd(mon) > 0);
+ sd_login_monitor_unref(mon);
+
+ return 0;
+}
+EOF
+
+gcc -Wall -Werror -o loginmonitor loginmonitor.c `pkg-config --cflags --libs libsystemd`
+echo "build: OK"
+[ -x loginmonitor ]
+./loginmonitor
+echo "run: OK"
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 0000000..9c5f282
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,199 @@
+Tests: timedated, hostnamed, localed-locale, localed-x11-keymap
+Depends: systemd,
+ systemd-timesyncd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+Restrictions: needs-root, isolation-container
+
+Tests: logind
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+Restrictions: needs-root, isolation-container
+
+Tests: unit-config
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+ python3,
+ pkg-config,
+Restrictions: needs-root, allow-stderr
+
+Tests: storage
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+ python3,
+ pkg-config,
+ cryptsetup-bin,
+Restrictions: needs-root, isolation-machine
+
+Tests: networkd-test.py
+Tests-Directory: test
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+ python3,
+ pkg-config,
+ cryptsetup-bin,
+ systemd-sysv,
+ policykit-1,
+ dnsmasq-base
+Restrictions: needs-root, isolation-container
+
+Tests: build-login
+Depends: systemd,
+ libpam-systemd,
+ libnss-systemd,
+ acl,
+ locales,
+ evemu-tools,
+ python3,
+ pkg-config,
+ cryptsetup-bin,
+ systemd-sysv,
+ policykit-1,
+ dnsmasq-base,
+ build-essential,
+ libsystemd-dev,
+Restrictions: isolation-container
+
+Tests: boot-and-services
+Depends: systemd-sysv,
+ systemd-container,
+ systemd-coredump,
+ libpam-systemd,
+ xserver-xorg-video-dummy,
+ xserver-xorg,
+ gdm3 [!s390x],
+ cron,
+ network-manager,
+ busybox-static,
+ rsyslog,
+ apparmor,
+ pkg-config,
+ python3
+Restrictions: needs-root, isolation-container, breaks-testbed
+
+Tests: udev
+Depends: systemd-tests,
+ python3,
+ tree,
+ perl,
+ xz-utils,
+Restrictions: needs-root, allow-stderr, isolation-container, skippable
+
+Tests: root-unittests
+Depends: systemd-tests,
+ libpam-systemd,
+ tree,
+ perl,
+ xz-utils,
+ libcap2-bin,
+ iproute2,
+ liblz4-tool,
+ acl,
+ iputils-ping,
+ dbus-user-session,
+ zstd,
+Restrictions: needs-root, allow-stderr, isolation-container, breaks-testbed
+
+Tests: upstream
+Depends: libsystemd-dev,
+ tree,
+ perl,
+ xz-utils,
+ libcap2-bin,
+ iproute2,
+ liblz4-tool,
+ acl,
+ dmeventd,
+ kbd,
+ cryptsetup-bin,
+ net-tools,
+ isc-dhcp-client,
+ iputils-ping,
+ strace,
+ qemu-system-x86 [amd64 i386],
+ qemu-system-arm [arm64 armhf],
+ qemu-system-ppc [ppc64el],
+ qemu-system-s390x [s390x],
+ seabios,
+ less,
+ pkg-config,
+ gcc,
+ libc6-dev | libc-dev,
+ make,
+ quota,
+ systemd-journal-remote,
+ systemd-container,
+ systemd-coredump,
+ fdisk | util-linux (<< 2.29.2-3~),
+ netcat-openbsd,
+ socat,
+ busybox-static,
+ plymouth,
+ e2fsprogs,
+ zstd,
+ squashfs-tools,
+Restrictions: needs-root, allow-stderr, isolation-machine
+
+Tests: boot-smoke
+Depends: libsystemd-dev,
+ tree,
+ perl,
+ xz-utils,
+ libcap2-bin,
+ iproute2,
+ liblz4-tool,
+ acl,
+ kbd,
+ cryptsetup-bin,
+ net-tools,
+ isc-dhcp-client,
+ iputils-ping,
+ strace,
+ qemu-system-x86 [amd64 i386],
+ qemu-system-arm [arm64 armhf],
+ qemu-system-s390x [s390x],
+ less,
+ pkg-config,
+ gcc,
+ libc6-dev | libc-dev,
+ make,
+ quota,
+ systemd-journal-remote,
+ systemd-container,
+ systemd-coredump,
+ systemd-sysv,
+ fdisk | util-linux (<< 2.29.2-3~),
+ netcat-openbsd,
+ busybox-static,
+ plymouth,
+ network-manager,
+ policykit-1,
+ gdm3 [!s390x],
+ xserver-xorg-video-dummy,
+Restrictions: needs-root, isolation-container, allow-stderr, breaks-testbed
+
+# NOUPSTREAM: Do not run these tests for upstream builds
+
+Tests: systemd-fsckd
+Depends: systemd-sysv,
+ python3,
+ plymouth
+Restrictions: needs-root, isolation-machine, breaks-testbed
diff --git a/debian/tests/fsck b/debian/tests/fsck
new file mode 100755
index 0000000..77b50d7
--- /dev/null
+++ b/debian/tests/fsck
@@ -0,0 +1,27 @@
+#!/bin/bash
+fd=0
+
+OPTIND=1
+while getopts "C:aTlM" opt; do
+ case "$opt" in
+ C)
+ fd=$OPTARG
+ ;;
+ \?);;
+ esac
+done
+
+shift "$((OPTIND-1))"
+device=$1
+
+echo "Running fake fsck on $device"
+
+declare -a maxpass=(30 5 2 30 60)
+
+for pass in {1..5}; do
+ maxprogress=${maxpass[$((pass-1))]}
+ for (( current=0; current<=${maxprogress}; current++)); do
+ echo "$pass $current $maxprogress $device">&$fd
+ sleep 0.1
+ done
+done
diff --git a/debian/tests/hostnamed b/debian/tests/hostnamed
new file mode 100755
index 0000000..1b22869
--- /dev/null
+++ b/debian/tests/hostnamed
@@ -0,0 +1,22 @@
+#!/bin/sh
+set -e
+
+. `dirname $0`/assert.sh
+
+ORIG_HOST=`cat /etc/hostname`
+echo "original hostname: $ORIG_HOST"
+
+# should activate daemon and work
+STATUS="`hostnamectl`"
+assert_in "Static hostname: $ORIG_HOST" "$STATUS"
+assert_in "Kernel:.* `uname -r`" "$STATUS"
+
+# change hostname
+assert_eq "`hostnamectl set-hostname testhost 2>&1`" ""
+assert_eq "`cat /etc/hostname`" "testhost"
+assert_in "Static hostname: testhost" "`hostnamectl`"
+
+# reset to original
+assert_eq "`hostnamectl set-hostname $ORIG_HOST 2>&1`" ""
+assert_eq "`cat /etc/hostname`" "$ORIG_HOST"
+assert_in "Static hostname: $ORIG_HOST" "`hostnamectl`"
diff --git a/debian/tests/lidswitch.evemu b/debian/tests/lidswitch.evemu
new file mode 100644
index 0000000..de1d590
--- /dev/null
+++ b/debian/tests/lidswitch.evemu
@@ -0,0 +1,34 @@
+# EVEMU 1.2
+# Input device name: "Lid Switch"
+# Input device ID: bus 0x19 vendor 0000 product 0x05 version 0000
+# Supported events:
+# Event type 0 (EV_SYN)
+# Event code 0 (SYN_REPORT)
+# Event code 5 (FF_STATUS_MAX)
+# Event type 5 (EV_SW)
+# Event code 0 (SW_LID)
+# Properties:
+N: Fake Lid Switch
+I: 0019 0000 0005 0000
+P: 00 00 00 00 00 00 00 00
+B: 00 21 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 01 00 00 00 00 00 00 00 00
+B: 02 00 00 00 00 00 00 00 00
+B: 03 00 00 00 00 00 00 00 00
+B: 04 00 00 00 00 00 00 00 00
+B: 05 01 00 00 00 00 00 00 00
+B: 11 00 00 00 00 00 00 00 00
+B: 12 00 00 00 00 00 00 00 00
+B: 15 00 00 00 00 00 00 00 00
+B: 15 00 00 00 00 00 00 00 00
diff --git a/debian/tests/localed-locale b/debian/tests/localed-locale
new file mode 100755
index 0000000..472518f
--- /dev/null
+++ b/debian/tests/localed-locale
@@ -0,0 +1,63 @@
+#!/bin/sh
+set -e
+
+. `dirname $0`/assert.sh
+
+if [ -n "$TEST_UPSTREAM" ]; then
+ LOCALE_CONF=/etc/locale.conf
+else
+ LOCALE_CONF=/etc/default/locale
+fi
+
+if [ -f "$LOCALE_CONF" ]; then
+ cp "$LOCALE_CONF" "${LOCALE_CONF}.orig"
+fi
+
+# ensure tested locale exist
+mv /etc/locale.gen /etc/locale.gen.orig
+echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
+locale-gen en_US.UTF-8
+
+if ! [ -e /etc/default/keyboard ]; then
+ /bin/echo -e 'XKBMODEL=us\nXKBLAYOUT=pc105' > /etc/default/keyboard
+fi
+
+# should activate daemon and work
+assert_in "System Locale:" "`localectl --no-pager`"
+
+# change locale
+assert_eq "`localectl --no-pager set-locale LANG=C LC_CTYPE=en_US.UTF-8 2>&1`" ""
+sync
+assert_eq "`cat $LOCALE_CONF`" "LANG=C
+LC_CTYPE=en_US.UTF-8"
+
+if [ -z "$TEST_UPSTREAM" ]; then
+ ! [ -f /etc/locale.conf ]
+fi
+
+STATUS=`localectl`
+assert_in "System Locale: LANG=C" "$STATUS"
+assert_in "LC_CTYPE=en_US.UTF-8" "$STATUS"
+
+# test if localed auto-runs locale-gen
+
+# ensure tested locale does not exist
+assert_rc 1 validlocale de_DE.UTF-8 2>&1
+
+# change locale
+assert_eq "`localectl --no-pager set-locale de_DE.UTF-8 2>&1`" ""
+sync
+assert_eq "`cat $LOCALE_CONF`" "LANG=de_DE.UTF-8
+LC_CTYPE=en_US.UTF-8"
+
+# ensure tested locale exists and works now
+assert_rc 0 validlocale de_DE.UTF-8 2>&1
+
+# reset locale to original
+if [ -f "${LOCALE_CONF}.orig" ]; then
+ mv "${LOCALE_CONF}.orig" "$LOCALE_CONF"
+else
+ rm "$LOCALE_CONF"
+fi
+mv /etc/locale.gen.orig /etc/locale.gen
+locale-gen
diff --git a/debian/tests/localed-x11-keymap b/debian/tests/localed-x11-keymap
new file mode 100755
index 0000000..34f4808
--- /dev/null
+++ b/debian/tests/localed-x11-keymap
@@ -0,0 +1,52 @@
+#!/bin/sh
+set -e
+
+. `dirname $0`/assert.sh
+
+if [ -f /etc/default/keyboard ]; then
+ ORIG_KBD=`cat /etc/default/keyboard`
+else
+ ORIG_KBD=""
+fi
+
+cleanup() {
+ # reset locale to original
+ if [ -n "ORIG_KBD" ]; then
+ echo "$ORIG_KBD" > /etc/default/keyboard
+ else
+ rm -f /etc/default/keyboard
+ fi
+ rm -f /etc/X11/xorg.conf.d/00-keyboard.conf
+}
+trap cleanup EXIT INT QUIT PIPE
+
+# should activate daemon and work
+STATUS=`localectl`
+assert_in "X11 Layout:" "`localectl --no-pager`"
+
+# change layout
+assert_eq "`localectl --no-pager set-x11-keymap et pc101 2>&1`" ""
+sync
+
+if [ -n "$TEST_UPSTREAM" ]; then
+ # Upstream writes xorg.conf.d file
+ assert_in 'Option "XkbLayout" "et' "`cat /etc/X11/xorg.conf.d/00-keyboard.conf`"
+ assert_in 'Option "XkbModel" "pc101"' "`cat /etc/X11/xorg.conf.d/00-keyboard.conf`"
+else
+ # Debian console-setup config file
+ assert_in 'XKBLAYOUT="\?et"\?' "`cat /etc/default/keyboard`"
+ assert_in 'XKBMODEL="\?pc101"\?' "`cat /etc/default/keyboard`"
+
+ ! [ -f /etc/X11/xorg.conf.d/00-keyboard.conf ]
+fi
+
+STATUS=`localectl --no-pager`
+assert_in "X11 Layout: et" "$STATUS"
+assert_in "X11 Model: pc101" "$STATUS"
+
+# gets along without config file
+if [ -z "$TEST_UPSTREAM" ]; then
+ rm /etc/default/keyboard
+ systemctl stop systemd-localed
+ assert_in "X11 Layout: n/a" "`localectl --no-pager`"
+fi
diff --git a/debian/tests/logind b/debian/tests/logind
new file mode 100755
index 0000000..28877ff
--- /dev/null
+++ b/debian/tests/logind
@@ -0,0 +1,204 @@
+#!/bin/sh
+set -e
+
+test_started() {
+ # ensure the *old* logind from before the upgrade isn't running
+ echo " * try-restarting systemd-logind"
+ systemctl try-restart systemd-logind
+
+ echo " * daemon is started"
+ # should start at boot, not with D-BUS activation
+ LOGINDPID=$(pidof systemd-logind)
+
+ # loginctl should succeed
+ echo " * loginctl succeeds"
+ LOGINCTL_OUT=`loginctl`
+}
+
+test_properties() {
+ # Default KillUserProcesses should be off for debian/ubuntu builds
+ r=$(busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager KillUserProcesses)
+ [ "$r" = "b false" ]
+}
+
+# args: <timeout>
+wait_suspend() {
+ timeout=$1
+ while [ $timeout -gt 0 ] && [ ! -e /run/suspend.flag ]; do
+ sleep 1
+ timeout=$((timeout - 1))
+ [ $(($timeout % 5)) -ne 0 ] || echo " waiting for suspend, ${timeout}s remaining..."
+ done
+ if [ ! -e /run/suspend.flag ]; then
+ echo "closing lid did not cause suspend" >&2
+ exit 1
+ fi
+ rm /run/suspend.flag
+ echo " * closing lid caused suspend"
+}
+
+test_suspend_on_lid() {
+ if systemd-detect-virt --quiet --container; then
+ echo " * Skipping suspend test in container"
+ return
+ fi
+ if ! grep -s -q mem /sys/power/state; then
+ echo " * suspend not supported on this testbed, skipping"
+ return
+ fi
+
+ # cleanup handler
+ trap 'rm -f /run/udev/rules.d/70-logindtest-*.rules; udevadm control --reload;
+ kill $KILL_PID;
+ rm /run/systemd/system/systemd-suspend.service;
+ if [ -d /sys/module/scsi_debug ]; then rmmod scsi_debug 2>/dev/null || (sleep 2; rmmod scsi_debug ) || true; fi' \
+ EXIT INT QUIT TERM PIPE
+
+ # watch what's going on
+ journalctl -f -u systemd-logind.service &
+ KILL_PID="$KILL_PID $!"
+
+ # create fake suspend
+ UNIT=$(systemctl show -pFragmentPath --value systemd-suspend.service)
+ sed '/^ExecStart=/ s_=.*$_=/bin/touch /run/suspend.flag_' $UNIT > /run/systemd/system/systemd-suspend.service
+ sync
+ systemctl daemon-reload
+
+ # create fake lid switch
+ mkdir -p /run/udev/rules.d
+ echo 'SUBSYSTEM=="input", KERNEL=="event*", ATTRS{name}=="Fake Lid Switch", TAG+="power-switch"' \
+ > /run/udev/rules.d/70-logindtest-lid.rules
+ sync
+ udevadm control --reload
+ evemu-device $(dirname $0)/lidswitch.evemu &
+ KILL_PID="$KILL_PID $!"
+ while [ -z "$O" ]; do
+ sleep 0.1
+ O=$(grep -l '^Fake Lid Switch' /sys/class/input/*/device/name)
+ done
+ O=${O%/device/name}
+ LID_DEV=/dev/${O#/sys/class/}
+
+ # close lid
+ evemu-event $LID_DEV --sync --type 5 --code 0 --value 1
+ # need to wait for 30s suspend inhibition after boot
+ wait_suspend 31
+ # open lid again
+ evemu-event $LID_DEV --sync --type 5 --code 0 --value 0
+
+ echo " * waiting for 30s inhibition time between suspends"
+ sleep 30
+
+ # now closing lid should cause instant suspend
+ evemu-event $LID_DEV --sync --type 5 --code 0 --value 1
+ wait_suspend 2
+ evemu-event $LID_DEV --sync --type 5 --code 0 --value 0
+
+ P=$(pidof systemd-logind)
+ [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; }
+}
+
+test_shutdown() {
+ echo " * scheduled shutdown with wall message"
+ shutdown 2>&1
+ sleep 5
+ shutdown -c || true
+ # logind should still be running
+ P=$(pidof systemd-logind)
+ [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; }
+
+ echo " * scheduled shutdown without wall message"
+ shutdown --no-wall 2>&1
+ sleep 5
+ shutdown -c --no-wall || true
+ P=$(pidof systemd-logind)
+ [ "$P" = "$LOGINDPID" ] || { echo "logind crashed" >&2; exit 1; }
+}
+
+test_in_logind_session() {
+ echo " * XDG_SESSION_ID=$XDG_SESSION_ID"
+ # cgroup v1: "1:name=systemd:/user.slice/..."; unified hierarchy: "0::/user.slice"
+ if grep -E '(name=systemd|^0:):.*session.*scope' /proc/self/cgroup; then
+ echo " * process is in session cgroup"
+ else
+ echo "FAIL: process is not in session cgroup"
+ echo "/proc/self/cgroup:"
+ cat /proc/self/cgroup
+ loginctl
+ loginctl show-session "$XDG_SESSION_ID"
+ exit 1
+ fi
+}
+
+test_acl() {
+ # ACL tests
+ if ! echo "$LOGINCTL_OUT" | grep -q "seat0"; then
+ echo " * Skipping ACL tests, as there is no seat"
+ return
+ fi
+ if systemd-detect-virt --quiet --container; then
+ echo " * Skipping ACL tests in container"
+ return
+ fi
+
+ # determine user
+ USER=`echo "$OUT" | grep seat0 | awk '{print $3}'`
+ echo "seat user: $USER"
+
+ # scsi_debug should not be loaded yet
+ ! test -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block
+
+ # we use scsi_debug to create new devices which we can put ACLs on
+ # tell udev about the tagging, so that logind can pick it up
+ cat <<EOF > /run/udev/rules.d/70-logindtest-scsi_debug-user.rules
+SUBSYSTEM=="block", ATTRS{model}=="scsi_debug*", TAG+="uaccess"
+EOF
+ sync
+ udevadm control --reload
+
+ echo " * coldplug: logind started with existing device"
+ killall systemd-logind
+ modprobe scsi_debug
+ while ! dev=/dev/`ls /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block 2>/dev/null`; do sleep 0.1; done
+ test -b $dev
+ echo "got block device $dev"
+ udevadm settle
+ # trigger logind
+ loginctl > /dev/null
+ sleep 1
+ if getfacl -p $dev | grep -q "user:$USER:rw-"; then
+ echo "$dev has ACL for user $USER"
+ else
+ echo "$dev has no ACL for user $USER:" >&2
+ getfacl -p $dev >&2
+ exit 1
+ fi
+
+ rmmod scsi_debug
+
+ echo " * hotplug: new device appears while logind is running"
+ modprobe scsi_debug
+ while ! dev=/dev/`ls /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*:*/block`; do sleep 0.1; done
+ test -b $dev
+ echo "got block device $dev"
+ udevadm settle
+ sleep 1
+ if getfacl -p $dev | grep -q "user:$USER:rw-"; then
+ echo "$dev has ACL for user $USER"
+ else
+ echo "$dev has no ACL for user $USER:" >&2
+ getfacl -p $dev >&2
+ exit 1
+ fi
+}
+
+#
+# main
+#
+
+test_started
+test_properties
+test_in_logind_session
+test_suspend_on_lid
+test_shutdown
+test_acl
diff --git a/debian/tests/process-killer b/debian/tests/process-killer
new file mode 100755
index 0000000..6ca10b8
--- /dev/null
+++ b/debian/tests/process-killer
@@ -0,0 +1,9 @@
+#!/bin/sh
+# loop until we can kill the process given in arg
+
+while :
+do
+ /usr/bin/pkill -x $*
+ [ $? -eq 0 ] && break
+ sleep 1
+done
diff --git a/debian/tests/root-unittests b/debian/tests/root-unittests
new file mode 100644
index 0000000..96416e2
--- /dev/null
+++ b/debian/tests/root-unittests
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -eu
+
+EXFAIL=""
+
+res=0
+for t in /usr/lib/systemd/tests/test-*; do
+ tname=$(basename $t)
+ # test-udev needs special prep and has its own test
+ [ "$tname" != test-udev ] || continue
+ echo "====== $tname ======="
+ # exit code 77 means "skip"
+ rc=0
+ $t || rc=$?
+ if [ "$rc" = 0 ]; then
+ echo "PASS: $tname"
+ elif [ "$rc" = 77 ]; then
+ echo "SKIP: $tname"
+ elif [ "${EXFAIL%$tname*}" != "$EXFAIL" ]; then
+ echo "EXFAIL: $tname"
+ else
+ echo "FAIL: $tname (code: $rc)"
+ res=$rc
+ fi
+done
+exit $res
diff --git a/debian/tests/storage b/debian/tests/storage
new file mode 100755
index 0000000..b64cd63
--- /dev/null
+++ b/debian/tests/storage
@@ -0,0 +1,271 @@
+#!/usr/bin/env python3
+# systemd integration test: Handling of storage devices
+# (C) 2015 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+import os
+import random
+import subprocess
+import sys
+import time
+import unittest
+
+from glob import glob
+from threading import Thread
+
+
+TIMEOUT_SERVICE_START = 10
+TIMEOUT_PASSWORD_AGENT_STOP = 10
+TIMEOUT_PLAINTEXT_DEV = 30
+TIMEOUT_SCSI_DEBUG_ADD_HOST = 5
+
+SCSI_DEBUG_DIR = '/sys/bus/pseudo/drivers/scsi_debug'
+
+class FakeDriveTestBase(unittest.TestCase):
+ @classmethod
+ def setUpClass(cls):
+ if os.path.isdir(SCSI_DEBUG_DIR):
+ return
+
+ # Consider missing scsi_debug module a test failure
+ subprocess.check_call(['modprobe', 'scsi_debug', 'dev_size_mb=32'])
+ assert os.path.isdir(SCSI_DEBUG_DIR)
+
+ def setUp(self):
+ existing_adapters = set(glob(os.path.join(SCSI_DEBUG_DIR, 'adapter*')))
+ with open(os.path.join(SCSI_DEBUG_DIR, 'add_host'), 'w') as f:
+ f.write('1')
+ new_adapters = set(glob(os.path.join(SCSI_DEBUG_DIR, 'adapter*'))) - existing_adapters
+ self.assertEqual(len(new_adapters), 1)
+ self.adapter = new_adapters.pop()
+ for timeout in range(TIMEOUT_SCSI_DEBUG_ADD_HOST):
+ devices = set(glob(os.path.join(self.adapter, 'host*/target*/*:*/block/*')))
+ if len(devices) > 0:
+ break
+ time.sleep(1)
+ else:
+ self.fail('Timed out waiting for scsi_debug block device name')
+ self.assertEqual(len(devices), 1)
+ self.device = os.path.join('/dev/', os.path.basename(devices.pop()))
+
+ def tearDown(self):
+ existing_adapters = set(glob(os.path.join(SCSI_DEBUG_DIR, 'adapter*')))
+ with open(os.path.join(SCSI_DEBUG_DIR, 'add_host'), 'w') as f:
+ f.write('-1')
+ removed_adapters = existing_adapters - set(glob(os.path.join(SCSI_DEBUG_DIR, 'adapter*')))
+ self.assertEqual(len(removed_adapters), 1)
+ adapter = removed_adapters.pop()
+ self.assertEqual(self.adapter, adapter)
+ self.adapter = None
+ self.device = None
+
+
+class CryptsetupTest(FakeDriveTestBase):
+ def setUp(self):
+ testname = self.id().split('.')[-1]
+ self.plaintext_name = 'testcrypt_%s' % testname
+ self.plaintext_dev = '/dev/mapper/' + self.plaintext_name
+ self.service_name = 'systemd-cryptsetup@%s.service' % self.plaintext_name
+ if os.path.exists(self.plaintext_dev):
+ self.fail('%s exists already' % self.plaintext_dev)
+
+ super().setUp()
+
+ if os.path.exists('/etc/crypttab'):
+ os.rename('/etc/crypttab', '/etc/crypttab.systemdtest')
+ self.password = 'pwd%i' % random.randint(1000, 10000)
+ self.password_agent = None
+ self.password_agent_stop = False
+
+ def tearDown(self):
+ if self.password_agent:
+ self.password_agent_stop = True
+ self.password_agent.join(timeout=TIMEOUT_PASSWORD_AGENT_STOP)
+ self.assertFalse(self.password_agent.is_alive())
+ self.password_agent = None
+ for timeout in range(TIMEOUT_SERVICE_START):
+ state = subprocess.run(['systemctl', 'show', '--no-pager', self.service_name, '--property', 'ActiveState'],
+ stdout=subprocess.PIPE, universal_newlines=True).stdout
+ state = state.strip().replace('ActiveState=', '', 1)
+ if state in ['active', 'failed']:
+ break
+ time.sleep(1)
+ else:
+ self.fail('Timed out waiting for %s to start (or fail)' % self.service_name)
+ subprocess.call(['umount', self.plaintext_dev], stderr=subprocess.DEVNULL)
+ if state == 'active':
+ subprocess.call(['systemctl', 'stop', self.service_name], stderr=subprocess.STDOUT)
+ if os.path.exists('/etc/crypttab'):
+ os.unlink('/etc/crypttab')
+ if os.path.exists('/etc/crypttab.systemdtest'):
+ os.rename('/etc/crypttab.systemdtest', '/etc/crypttab')
+ if os.path.exists(self.plaintext_dev):
+ subprocess.call(['dmsetup', 'remove', self.plaintext_dev],
+ stderr=subprocess.STDOUT)
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ super().tearDown()
+
+ def format_luks(self):
+ '''Format test device with LUKS'''
+
+ p = subprocess.Popen(['cryptsetup', '--batch-mode', 'luksFormat', self.device, '-'],
+ stdin=subprocess.PIPE)
+ p.communicate(self.password.encode())
+ self.assertEqual(p.returncode, 0)
+ os.sync()
+ subprocess.check_call(['udevadm', 'settle'])
+
+ def start_password_agent(self):
+ '''Run password agent to answer passphrase request for crypt device'''
+
+ # wait for incoming request
+ found = False
+ while not found:
+ for ask in glob('/run/systemd/ask-password/ask.*'):
+ with open(ask) as f:
+ contents = f.read()
+ if self.plaintext_name in contents:
+ found = True
+ break
+ if not found:
+ if self.password_agent_stop:
+ return
+ time.sleep(0.5)
+
+ # parse Socket=
+ for line in contents.splitlines():
+ if line.startswith('Socket='):
+ socket = line.split('=', 1)[1]
+ break
+ else:
+ self.fail('Could not find socket')
+
+ # send reply
+ p = subprocess.Popen(['/lib/systemd/systemd-reply-password', '1', socket],
+ stdin=subprocess.PIPE)
+ p.communicate(self.password.encode())
+ self.assertEqual(p.returncode, 0)
+
+ def apply(self, target):
+ '''Tell systemd to generate and run the cryptsetup units'''
+
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ self.password_agent = Thread(target=self.start_password_agent);
+ self.password_agent.start()
+ subprocess.check_call(['systemctl', '--no-ask-password', 'restart', target])
+ for timeout in range(TIMEOUT_PLAINTEXT_DEV):
+ if os.path.exists(self.plaintext_dev):
+ break
+ time.sleep(1)
+ else:
+ self.fail('Timed out waiting for %s to appear' % self.plaintext_dev)
+
+ def test_luks_by_devname(self):
+ '''LUKS device by plain device name, empty'''
+
+ self.format_luks()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s %s none luks\n' % (self.plaintext_name, self.device))
+ self.apply('cryptsetup.target')
+
+ # should not be mounted
+ with open('/proc/mounts') as f:
+ self.assertNotIn(self.plaintext_name, f.read())
+
+ # device should not have anything on it
+ p = subprocess.Popen(['blkid', self.plaintext_dev], stdout=subprocess.PIPE)
+ out = p.communicate()[0]
+ self.assertEqual(out, b'')
+ self.assertNotEqual(p.returncode, 0)
+
+ def test_luks_by_uuid(self):
+ '''LUKS device by UUID, empty'''
+
+ self.format_luks()
+ uuid = subprocess.check_output(['blkid', '-ovalue', '-sUUID', self.device],
+ universal_newlines=True).strip()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s UUID=%s none luks\n' % (self.plaintext_name, uuid))
+ self.apply('cryptsetup.target')
+
+ # should not be mounted
+ with open('/proc/mounts') as f:
+ self.assertNotIn(self.plaintext_name, f.read())
+
+ # device should not have anything on it
+ p = subprocess.Popen(['blkid', self.plaintext_dev], stdout=subprocess.PIPE)
+ out = p.communicate()[0]
+ self.assertEqual(out, b'')
+ self.assertNotEqual(p.returncode, 0)
+
+ def test_luks_swap(self):
+ '''LUKS device with "swap" option'''
+
+ self.format_luks()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s %s none luks,swap\n' % (self.plaintext_name, self.device))
+ self.apply('cryptsetup.target')
+
+ # should not be mounted
+ with open('/proc/mounts') as f:
+ self.assertNotIn(self.plaintext_name, f.read())
+
+ # device should be formatted with swap
+ out = subprocess.check_output(['blkid', '-ovalue', '-sTYPE', self.plaintext_dev])
+ self.assertEqual(out, b'swap\n')
+
+ def test_luks_tmp(self):
+ '''LUKS device with "tmp" option'''
+
+ self.format_luks()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s %s none luks,tmp\n' % (self.plaintext_name, self.device))
+ self.apply('cryptsetup.target')
+
+ # should not be mounted
+ with open('/proc/mounts') as f:
+ self.assertNotIn(self.plaintext_name, f.read())
+
+ # device should be formatted with ext2 or (with newer systemd) ext4
+ out = subprocess.check_output(['blkid', '-ovalue', '-sTYPE', self.plaintext_dev])
+ self.assertRegex(out, b'ext[24]')
+
+ def test_luks_fstab(self):
+ '''LUKS device in /etc/fstab'''
+
+ self.format_luks()
+ with open('/etc/crypttab', 'w') as f:
+ f.write('%s %s none luks,tmp\n' % (self.plaintext_name, self.device))
+
+ mountpoint = '/run/crypt1.systemdtest'
+ os.mkdir(mountpoint)
+ self.addCleanup(os.rmdir, mountpoint)
+ os.rename('/etc/fstab', '/etc/fstab.systemdtest')
+ self.addCleanup(os.rename, '/etc/fstab.systemdtest', '/etc/fstab')
+ with open('/etc/fstab', 'a') as f:
+ with open('/etc/fstab.systemdtest') as forig:
+ f.write(forig.read())
+ f.write('%s %s auto defaults 0 0\n' % (self.plaintext_dev, mountpoint))
+
+ # this should now be a requirement of local-fs.target
+ self.apply('local-fs.target')
+
+ # should be mounted
+ found = False
+ with open('/proc/mounts') as f:
+ for line in f:
+ fields = line.split()
+ if fields[0] == self.plaintext_dev:
+ self.assertEqual(fields[1], mountpoint)
+ self.assertRegex(fields[2], 'ext[24]')
+ found = True
+ break
+ if not found:
+ self.fail('%s is not mounted' % self.plaintext_dev)
+
+
+if __name__ == '__main__':
+ unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
+ verbosity=2))
diff --git a/debian/tests/systemd-fsckd b/debian/tests/systemd-fsckd
new file mode 100755
index 0000000..09d68f5
--- /dev/null
+++ b/debian/tests/systemd-fsckd
@@ -0,0 +1,297 @@
+#!/usr/bin/python3
+# autopkgtest check: Ensure that systemd-fsckd can report progress and cancel
+# (C) 2015 Canonical Ltd.
+# Author: Didier Roche <didrocks@ubuntu.com>
+
+from contextlib import suppress
+import inspect
+import fileinput
+import os
+import subprocess
+import shutil
+import stat
+import sys
+import unittest
+from time import sleep, time
+
+GRUB_AUTOPKGTEST_CONFIG_PATH = "/etc/default/grub.d/50-cloudimg-settings.cfg"
+TEST_AUTOPKGTEST_CONFIG_PATH = "/etc/default/grub.d/99-fsckdtest.cfg"
+
+SYSTEMD_ETC_SYSTEM_UNIT_DIR = "/etc/systemd/system/"
+SYSTEMD_PROCESS_KILLER_PATH = os.path.join(SYSTEMD_ETC_SYSTEM_UNIT_DIR, "process-killer.service")
+
+SYSTEMD_FSCK_ROOT_PATH = "/lib/systemd/system/systemd-fsck-root.service"
+SYSTEMD_FSCK_ROOT_ENABLE_PATH = os.path.join(SYSTEMD_ETC_SYSTEM_UNIT_DIR, 'local-fs.target.wants/systemd-fsck-root.service')
+
+SYSTEM_FSCK_PATH = '/sbin/fsck'
+PROCESS_KILLER_PATH = '/sbin/process-killer'
+SAVED_FSCK_PATH = "{}.real".format(SYSTEM_FSCK_PATH)
+
+FSCKD_TIMEOUT = 30
+
+
+class FsckdTest(unittest.TestCase):
+ '''Check that we run, report and can cancel fsck'''
+
+ def __init__(self, test_name, after_reboot, return_code):
+ super().__init__(test_name)
+ self._test_name = test_name
+ self._after_reboot = after_reboot
+ self._return_code = return_code
+
+ def setUp(self):
+ super().setUp()
+ # ensure we have our root fsck enabled by default (it detects it runs in a vm and doesn't pull the target)
+ # note that it can already exists in case of a reboot (as there was no tearDown as we wanted)
+ os.makedirs(os.path.dirname(SYSTEMD_FSCK_ROOT_ENABLE_PATH), exist_ok=True)
+ with suppress(FileExistsError):
+ os.symlink(SYSTEMD_FSCK_ROOT_PATH, SYSTEMD_FSCK_ROOT_ENABLE_PATH)
+ enable_plymouth()
+
+ # note that the saved real fsck can still exists in case of a reboot (as there was no tearDown as we wanted)
+ if not os.path.isfile(SAVED_FSCK_PATH):
+ os.rename(SYSTEM_FSCK_PATH, SAVED_FSCK_PATH)
+
+ # install mock fsck and killer
+ self.install_bin(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'fsck'),
+ SYSTEM_FSCK_PATH)
+ self.install_bin(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'process-killer'),
+ PROCESS_KILLER_PATH)
+
+ self.files_to_clean = [SYSTEMD_FSCK_ROOT_ENABLE_PATH, SYSTEM_FSCK_PATH, SYSTEMD_PROCESS_KILLER_PATH, PROCESS_KILLER_PATH]
+
+ def tearDown(self):
+ # tearDown is only called once the test really ended (not while rebooting during tests)
+ for f in self.files_to_clean:
+ with suppress(FileNotFoundError):
+ os.remove(f)
+ os.rename(SAVED_FSCK_PATH, SYSTEM_FSCK_PATH)
+ super().tearDown()
+
+ def test_fsckd_run(self):
+ '''Ensure we can reboot after a fsck was processed'''
+ if not self._after_reboot:
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertFsckProceeded()
+ self.assertSystemRunning()
+
+ def test_fsckd_run_without_plymouth(self):
+ '''Ensure we can reboot without plymouth after a fsck was processed'''
+ if not self._after_reboot:
+ enable_plymouth(enable=False)
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertFsckProceeded(with_plymouth=False)
+ self.assertSystemRunning()
+
+ def test_fsck_with_failure(self):
+ '''Ensure that a failing fsck doesn't prevent fsckd to stop'''
+ if not self._after_reboot:
+ self.install_process_killer_unit('fsck')
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertWasRunning('process-killer')
+ self.assertFalse(self.is_failed_unit('process-killer'))
+ self.assertFsckProceeded()
+ self.assertSystemRunning()
+
+ def test_systemd_fsck_with_failure(self):
+ '''Ensure that a failing systemd-fsck doesn't prevent fsckd to stop'''
+ if not self._after_reboot:
+ self.install_process_killer_unit('systemd-fsck', kill=True)
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertProcessKilled()
+ self.assertTrue(self.is_failed_unit('systemd-fsck-root'))
+ self.assertWasRunning('systemd-fsckd')
+ self.assertWasRunning('plymouth-start')
+ self.assertSystemRunning()
+
+ def test_systemd_fsckd_with_failure(self):
+ '''Ensure that a failing systemd-fsckd doesn't prevent system to boot'''
+ if not self._after_reboot:
+ self.install_process_killer_unit('systemd-fsckd', kill=True)
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertProcessKilled()
+ self.assertFalse(self.is_failed_unit('systemd-fsck-root'))
+ self.assertTrue(self.is_failed_unit('systemd-fsckd'))
+ self.assertWasRunning('plymouth-start')
+ self.assertSystemRunning()
+
+ def test_systemd_fsck_with_plymouth_failure(self):
+ '''Ensure that a failing plymouth doesn't prevent fsckd to reconnect/exit'''
+ if not self._after_reboot:
+ self.install_process_killer_unit('plymouthd', kill=True)
+ self.reboot()
+ else:
+ self.assertFsckdStop()
+ self.assertWasRunning('process-killer')
+ self.assertFsckProceeded()
+ self.assertFalse(self.is_active_unit('plymouth-start'))
+ self.assertSystemRunning()
+
+ def install_bin(self, source, dest):
+ '''install mock fsck'''
+ shutil.copy2(source, dest)
+ st = os.stat(dest)
+ os.chmod(dest, st.st_mode | stat.S_IEXEC)
+
+ def is_active_unit(self, unit):
+ '''Check that given unit is active'''
+
+ return subprocess.call(['systemctl', 'status', unit],
+ stdout=subprocess.PIPE) == 0
+
+ def is_failed_unit(self, unit):
+ '''Check that given unit failed'''
+
+ p = subprocess.Popen(['systemctl', 'is-active', unit], stdout=subprocess.PIPE)
+ out, err = p.communicate()
+ if b'failed' in out:
+ return True
+ return False
+
+ def assertWasRunning(self, unit, expect_running=True):
+ '''Assert that a given unit has been running'''
+ p = subprocess.Popen(['systemctl', 'status', '--no-pager', unit],
+ stdout=subprocess.PIPE, universal_newlines=True)
+ out = p.communicate()[0].strip()
+ if expect_running:
+ self.assertRegex(out, 'Active:.*since')
+ else:
+ self.assertNotRegex(out, 'Active:.*since')
+ self.assertIn(p.returncode, (0, 3))
+
+ def assertFsckdStop(self):
+ '''Ensure systemd-fsckd stops, which indicates no more fsck activity'''
+ timeout = time() + FSCKD_TIMEOUT
+ while time() < timeout:
+ if not self.is_active_unit('systemd-fsckd'):
+ return
+ sleep(1)
+ raise Exception("systemd-fsckd still active after {}s".format(FSCKD_TIMEOUT))
+
+ def assertFsckProceeded(self, with_plymouth=True):
+ '''Assert we executed most of the fsck-related services successfully'''
+ self.assertWasRunning('systemd-fsckd')
+ self.assertFalse(self.is_failed_unit('systemd-fsckd'))
+ self.assertTrue(self.is_active_unit('systemd-fsck-root')) # remains active after exit
+ if with_plymouth:
+ self.assertWasRunning('plymouth-start')
+ else:
+ self.assertWasRunning('plymouth-start', expect_running=False)
+
+ def assertSystemRunning(self):
+ '''Assert that the system is running'''
+
+ self.assertTrue(self.is_active_unit('default.target'))
+
+ def assertProcessKilled(self):
+ '''Assert the targeted process was killed successfully'''
+ self.assertWasRunning('process-killer')
+ self.assertFalse(self.is_failed_unit('process-killer'))
+
+ def reboot(self):
+ '''Reboot the system with the current test marker'''
+ subprocess.check_call(['/tmp/autopkgtest-reboot', "{}:{}".format(self._test_name, self._return_code)])
+
+ def install_process_killer_unit(self, process_name, kill=False):
+ '''Create a systemd unit which will kill process_name'''
+ with open(SYSTEMD_PROCESS_KILLER_PATH, 'w') as f:
+ f.write('''[Unit]
+DefaultDependencies=no
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/timeout 10 {} {}
+
+[Install]
+WantedBy=systemd-fsck-root.service'''.format(PROCESS_KILLER_PATH,
+ '--signal SIGKILL {}'.format(process_name) if kill else process_name))
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+ subprocess.check_call(['systemctl', 'enable', 'process-killer'], stderr=subprocess.DEVNULL)
+
+
+def enable_plymouth(enable=True):
+ '''ensure plymouth is enabled in grub config (doesn't reboot)'''
+ plymouth_enabled = 'splash' in open('/boot/grub/grub.cfg').read()
+ if enable and not plymouth_enabled:
+ if os.path.exists(GRUB_AUTOPKGTEST_CONFIG_PATH):
+ shutil.copy2(GRUB_AUTOPKGTEST_CONFIG_PATH, TEST_AUTOPKGTEST_CONFIG_PATH)
+ for line in fileinput.input([TEST_AUTOPKGTEST_CONFIG_PATH], inplace=True):
+ if line.startswith("GRUB_CMDLINE_LINUX_DEFAULT"):
+ print(line[:line.rfind('"')] + ' splash quiet"\n')
+ else:
+ os.makedirs(os.path.dirname(TEST_AUTOPKGTEST_CONFIG_PATH), exist_ok=True)
+ with open(TEST_AUTOPKGTEST_CONFIG_PATH, 'w') as f:
+ f.write('GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0 splash quiet"\n')
+ elif not enable and plymouth_enabled:
+ with suppress(FileNotFoundError):
+ os.remove(TEST_AUTOPKGTEST_CONFIG_PATH)
+ subprocess.check_call(['update-grub'], stderr=subprocess.DEVNULL)
+
+
+def boot_with_systemd_distro():
+ '''Reboot with systemd as init and distro setup for grub'''
+ enable_plymouth()
+ subprocess.check_call(['/tmp/autopkgtest-reboot', 'systemd-started'])
+
+
+def getAllTests(unitTestClass):
+ '''get all test names in predictable sorted order from unitTestClass'''
+ return sorted([test[0] for test in inspect.getmembers(unitTestClass, predicate=inspect.isfunction)
+ if test[0].startswith('test_')])
+
+
+# AUTOPKGTEST_REBOOT_MARK contains the test name to pursue after reboot
+# (to check results and states after reboot, mostly).
+# we append the previous global return code (0 or 1) to it.
+# Example: AUTOPKGTEST_REBOOT_MARK=test_foo:0
+if __name__ == '__main__':
+ if os.path.exists('/run/initramfs/fsck-root'):
+ print('SKIP: root file system is being checked by initramfs already')
+ sys.exit(0)
+
+ all_tests = getAllTests(FsckdTest)
+ reboot_marker = os.getenv('AUTOPKGTEST_REBOOT_MARK')
+
+ current_test_after_reboot = ""
+ if not reboot_marker:
+ boot_with_systemd_distro()
+
+ # first test
+ if reboot_marker == "systemd-started":
+ current_test = all_tests[0]
+ return_code = 0
+ else:
+ (current_test_after_reboot, return_code) = reboot_marker.split(':')
+ current_test = current_test_after_reboot
+ return_code = int(return_code)
+
+ # loop on remaining tests to run
+ try:
+ remaining_tests = all_tests[all_tests.index(current_test):]
+ except ValueError:
+ print("Invalid value for AUTOPKGTEST_REBOOT_MARK, {} is not a valid test name".format(reboot_marker))
+ sys.exit(2)
+
+ # run all remaining tests
+ for test_name in remaining_tests:
+ after_reboot = False
+ # if this tests needed a reboot (and it has been performed), executes second part of it
+ if test_name == current_test_after_reboot:
+ after_reboot = True
+ suite = unittest.TestSuite()
+ suite.addTest(FsckdTest(test_name, after_reboot, return_code))
+ result = unittest.TextTestRunner(stream=sys.stdout, verbosity=2).run(suite)
+ if len(result.failures) != 0 or len(result.errors) != 0:
+ return_code = 1
+
+ sys.exit(return_code)
diff --git a/debian/tests/timedated b/debian/tests/timedated
new file mode 100755
index 0000000..0d973df
--- /dev/null
+++ b/debian/tests/timedated
@@ -0,0 +1,188 @@
+#!/bin/sh
+set -e
+
+. `dirname $0`/assert.sh
+
+ORIG_TZ=`grep -v '^#' /etc/timezone`
+echo "original tz: $ORIG_TZ"
+
+echo 'timedatectl works'
+assert_in "Local time:" "`timedatectl --no-pager`"
+
+echo 'change timezone'
+assert_eq "`timedatectl --no-pager set-timezone Europe/Moscow 2>&1`" ""
+assert_eq "`readlink /etc/localtime | sed 's#^.*zoneinfo/##'`" "Europe/Moscow"
+[ -n "$TEST_UPSTREAM" ] || assert_eq "`cat /etc/timezone`" "Europe/Moscow"
+assert_in "Time.*zone: Europe/Moscow (MSK, +" "`timedatectl --no-pager`"
+
+echo 'reset timezone to original'
+assert_eq "`timedatectl --no-pager set-timezone $ORIG_TZ 2>&1`" ""
+assert_eq "`readlink /etc/localtime | sed 's#^.*zoneinfo/##'`" "$ORIG_TZ"
+[ -n "$TEST_UPSTREAM" ] || assert_eq "`cat /etc/timezone`" "$ORIG_TZ"
+
+# test setting UTC vs. LOCAL in /etc/adjtime
+if [ -e /etc/adjtime ]; then
+ ORIG_ADJTIME=`cat /etc/adjtime`
+ trap "echo '$ORIG_ADJTIME' > /etc/adjtime" EXIT INT QUIT PIPE
+else
+ trap "rm -f /etc/adjtime" EXIT INT QUIT PIPE
+fi
+
+echo 'no adjtime file'
+rm -f /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+
+echo 'UTC set in adjtime file'
+printf '0.0 0 0\n0\nUTC\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+UTC"
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'non-zero values in adjtime file'
+printf '0.1 123 0\n0\nLOCAL\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_eq "`cat /etc/adjtime`" "0.1 123 0
+0
+UTC"
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.1 123 0
+0
+LOCAL"
+
+echo 'fourth line adjtime file'
+printf '0.0 0 0\n0\nLOCAL\nsomethingelse\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+UTC
+somethingelse"
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL
+somethingelse"
+
+echo 'no final newline in adjtime file'
+printf '0.0 0 0\n0\nUTC' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n0\nUTC' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'only one line in adjtime file'
+printf '0.0 0 0\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'only one line in adjtime file, no final newline'
+printf '0.0 0 0' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'only two lines in adjtime file'
+printf '0.0 0 0\n0\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n0\n' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+
+echo 'only two lines in adjtime file, no final newline'
+printf '0.0 0 0\n0' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n0' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+echo 'unknown value in 3rd line of adjtime file'
+printf '0.0 0 0\n0\nFOO\n' > /etc/adjtime
+timedatectl set-local-rtc 0
+assert_true '[ ! -e /etc/adjtime ]'
+printf '0.0 0 0\n0\nFOO\n' > /etc/adjtime
+timedatectl set-local-rtc 1
+assert_eq "`cat /etc/adjtime`" "0.0 0 0
+0
+LOCAL"
+
+# timesyncd has ConditionVirtualization=!container by default; drop/mock that for testing
+if systemd-detect-virt --container --quiet; then
+ systemctl disable --quiet --now systemd-timesyncd
+ mkdir -p /run/systemd/system/systemd-timesyncd.service.d
+ printf '[Unit]\nConditionVirtualization=\n[Service]\nType=simple\nAmbientCapabilities=\nExecStart=\nExecStart=/bin/sleep infinity' > /run/systemd/system/systemd-timesyncd.service.d/container.conf
+ systemctl daemon-reload
+fi
+
+mon=$(mktemp -t dbusmon.XXXXXX)
+trap "rm -f $mon" EXIT INT QUIT PIPE
+
+assert_ntp() {
+ V=$(busctl get-property org.freedesktop.timedate1 /org/freedesktop/timedate1 org.freedesktop.timedate1 NTP)
+ assert_eq "$V" "b $1"
+}
+
+start_mon() {
+ dbus-monitor --system "type='signal', member='PropertiesChanged', path='/org/freedesktop/timedate1'" > $mon &
+ MONPID=$!
+}
+
+wait_mon() {
+ for retry in $(seq 10); do
+ grep -q "$1" $mon && break
+ sleep 1
+ done
+ assert_in "$2" "$(cat $mon)"
+ kill $MONPID
+ wait $MONPID 2>/dev/null || true
+}
+
+echo 'disable NTP'
+timedatectl set-ntp false
+while [ "$(systemctl --no-pager show systemd-timesyncd --property ActiveState)" != "ActiveState=inactive" ]; do sleep 1; done
+assert_ntp false
+assert_rc 3 systemctl is-active --quiet systemd-timesyncd
+
+echo 'enable NTP'
+start_mon
+timedatectl set-ntp true
+wait_mon "NTP" "boolean true"
+assert_ntp true
+while [ "$(systemctl --no-pager show systemd-timesyncd --property ActiveState)" != "ActiveState=active" ]; do sleep 1; done
+assert_rc 0 systemctl is-active --quiet systemd-timesyncd
+
+echo 're-disable NTP'
+start_mon
+timedatectl set-ntp false
+wait_mon "NTP" "boolean false"
+assert_ntp false
+assert_rc 3 systemctl is-active --quiet systemd-timesyncd
diff --git a/debian/tests/udev b/debian/tests/udev
new file mode 100755
index 0000000..b294cfb
--- /dev/null
+++ b/debian/tests/udev
@@ -0,0 +1,13 @@
+#!/bin/sh
+# autopkgtest check: Run upstream udev test script
+# (C) 2016 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+set -euC
+
+TEST_DIR=${AUTOPKGTEST_TMP:=$(mktemp -d)}
+mkdir -p $TEST_DIR/test
+test/sys-script.py $TEST_DIR/test
+cp test/udev-test.pl $TEST_DIR
+cp /usr/lib/systemd/tests/manual/test-udev $TEST_DIR
+cd $TEST_DIR
+./udev-test.pl
diff --git a/debian/tests/unit-config b/debian/tests/unit-config
new file mode 100755
index 0000000..1cfa4d4
--- /dev/null
+++ b/debian/tests/unit-config
@@ -0,0 +1,369 @@
+#!/usr/bin/python3
+# autopkgtest check: enable/disable/configure units
+# (C) 2015 Canonical Ltd.
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+import unittest
+import subprocess
+import os
+import sys
+import tempfile
+from glob import glob
+
+system_unit_dir = subprocess.check_output(
+ ['pkg-config', '--variable=systemdsystemunitdir', 'systemd'],
+ universal_newlines=True).strip()
+systemd_sysv_install = os.path.join(os.path.dirname(system_unit_dir),
+ 'systemd-sysv-install')
+
+
+class EnableTests(unittest.TestCase):
+ def tearDown(self):
+ # remove all traces from our test unit
+ f = glob(system_unit_dir + '/test_enable*.service')
+ f += glob(system_unit_dir + '/*/test_enable*.service')
+ f += glob('/etc/systemd/system/test_enable*.service')
+ f += glob('/etc/systemd/system/*/test_enable*.service')
+ f += glob('/etc/init.d/test_enable*')
+ f += glob('/etc/rc?.d/???test_enable*')
+ [os.unlink(i) for i in f]
+ subprocess.check_call(['systemctl', 'daemon-reload'])
+
+ def create_unit(self, suffix='', enable=False):
+ '''Create a test unit'''
+
+ unit = os.path.join(system_unit_dir,
+ 'test_enable%s.service' % suffix)
+ with open(unit, 'w') as f:
+ f.write('''[Unit]
+Description=Testsuite unit %s
+[Service]
+ExecStart=/bin/echo hello
+[Install]
+WantedBy=multi-user.target
+''' % suffix)
+
+ if enable:
+ os.symlink(unit, '/etc/systemd/system/multi-user.target.wants/' +
+ os.path.basename(unit))
+
+ return unit
+
+ def create_sysv(self, suffix='', enable=False):
+ '''Create a test SysV script'''
+
+ script = '/etc/init.d/test_enable%s' % suffix
+ with open(script, 'w') as f:
+ f.write('''/bin/sh
+### BEGIN INIT INFO
+# Provides: test_enable%s
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Testsuite script%s
+### END INIT INFO
+
+echo hello
+''' % (suffix, suffix))
+ os.chmod(script, 0o755)
+
+ if enable:
+ subprocess.check_call(
+ [systemd_sysv_install, 'enable', os.path.basename(script)])
+
+ def assertEnabled(self, enabled, unit='test_enable.service'):
+ '''assert that given unit has expected state'''
+
+ systemctl = subprocess.Popen(['systemctl', 'is-enabled', unit],
+ stdout=subprocess.PIPE,
+ universal_newlines=True)
+ out = systemctl.communicate()[0].strip()
+ if enabled:
+ self.assertEqual(systemctl.returncode, 0)
+ self.assertEqual(out, 'enabled')
+ else:
+ self.assertEqual(systemctl.returncode, 1)
+ self.assertEqual(out, 'disabled')
+
+ def test_unit_enable(self):
+ '''no sysv: enable unit'''
+
+ self.create_unit()
+ self.assertEnabled(False)
+ # also works without .service suffix
+ self.assertEnabled(False, unit='test_enable')
+
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ self.assertEnabled(True)
+ # also works without .service suffix
+ self.assertEnabled(True, unit='test_enable')
+
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # enable should be idempotent
+ subprocess.check_call(['systemctl', 'enable', 'test_enable.service'])
+ self.assertEnabled(True)
+
+ def test_unit_disable(self):
+ '''no sysv: disable unit'''
+
+ self.create_unit(enable=True)
+ self.assertEnabled(True)
+ # also works without .service suffix
+ self.assertEnabled(True, unit='test_enable')
+
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ self.assertEnabled(False)
+ # also works without .service suffix
+ self.assertEnabled(False, unit='test_enable')
+
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertFalse(os.path.islink(l))
+
+ # disable should be idempotent
+ subprocess.check_call(['systemctl', 'disable', 'test_enable.service'])
+ self.assertEnabled(False)
+
+ def test_unit_sysv_enable(self):
+ '''with sysv: enable unit'''
+
+ self.create_unit()
+ self.create_sysv()
+ self.assertEnabled(False)
+ # also works without .service suffix
+ self.assertEnabled(False, unit='test_enable')
+
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ self.assertEnabled(True)
+ # also works without .service suffix
+ self.assertEnabled(True, unit='test_enable')
+
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # enabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l))
+ self.assertEqual(os.readlink(l[0]), '../init.d/test_enable')
+
+ # enable should be idempotent
+ subprocess.check_call(['systemctl', 'enable', 'test_enable.service'])
+ self.assertEnabled(True)
+
+ def test_unit_sysv_disable(self):
+ '''with sysv: disable unit'''
+
+ self.create_unit(enable=True)
+ self.create_sysv(enable=True)
+ self.assertEnabled(True)
+ # also works without .service suffix
+ self.assertEnabled(True, unit='test_enable')
+
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ self.assertEnabled(False)
+ # also works without .service suffix
+ self.assertEnabled(False, unit='test_enable')
+
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertFalse(os.path.islink(l))
+
+ # disabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(l, [])
+
+ # disable should be idempotent
+ subprocess.check_call(['systemctl', 'enable', 'test_enable.service'])
+ self.assertEnabled(True)
+
+ def test_unit_alias_enable(self):
+ '''no sysv: enable unit with an alias'''
+
+ u = self.create_unit()
+ with open(u, 'a') as f:
+ f.write('Alias=test_enablea.service\n')
+
+ self.assertEnabled(False)
+
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ self.assertEnabled(True)
+
+ # enablement symlink
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # alias symlink
+ l = '/etc/systemd/system/test_enablea.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ def test_unit_alias_disable(self):
+ '''no sysv: disable unit with an alias'''
+
+ u = self.create_unit()
+ with open(u, 'a') as f:
+ f.write('Alias=test_enablea.service\n')
+ os.symlink(system_unit_dir + '/test_enable.service',
+ '/etc/systemd/system/test_enablea.service')
+
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ self.assertEnabled(False)
+
+ # enablement symlink
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertFalse(os.path.islink(l))
+
+ # alias symlink
+ l = '/etc/systemd/system/test_enablea.service'
+ self.assertFalse(os.path.islink(l))
+
+ def test_unit_sysv_alias_enable(self):
+ '''with sysv: enable unit with an alias'''
+
+ u = self.create_unit()
+ with open(u, 'a') as f:
+ f.write('Alias=test_enablea.service\n')
+ self.create_sysv()
+
+ self.assertEnabled(False)
+
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ # enablement symlink
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # alias symlink
+ l = '/etc/systemd/system/test_enablea.service'
+ self.assertTrue(os.path.islink(l))
+ self.assertEqual(os.readlink(l),
+ system_unit_dir + '/test_enable.service')
+
+ # enabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l))
+ self.assertEqual(os.readlink(l[0]), '../init.d/test_enable')
+
+ self.assertEnabled(True)
+
+ def test_unit_sysv_alias_disable(self):
+ '''with sysv: disable unit with an alias'''
+
+ u = self.create_unit(enable=True)
+ with open(u, 'a') as f:
+ f.write('Alias=test_enablea.service\n')
+ os.symlink(system_unit_dir + '/test_enable.service',
+ '/etc/systemd/system/test_enablea.service')
+ self.create_sysv(enable=True)
+
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ # enablement symlink
+ l = '/etc/systemd/system/multi-user.target.wants/test_enable.service'
+ self.assertFalse(os.path.islink(l))
+
+ # alias symlink
+ l = '/etc/systemd/system/test_enablea.service'
+ self.assertFalse(os.path.islink(l))
+
+ # disabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(l, [])
+
+ self.assertEnabled(False)
+
+ def test_sysv_enable(self):
+ '''only sysv: enable'''
+
+ self.create_sysv()
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+
+ # enabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(len(l), 1, 'expect one symlink in %s' % repr(l))
+ self.assertEqual(os.readlink(l[0]), '../init.d/test_enable')
+
+ # enable should be idempotent
+ subprocess.check_call(['systemctl', 'enable', 'test_enable'])
+ self.assertEnabled(True)
+
+ def test_sysv_disable(self):
+ '''only sysv: disable'''
+
+ self.create_sysv(enable=True)
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+
+ # disabled the sysv script
+ l = glob('/etc/rc2.d/S??test_enable')
+ self.assertEqual(l, [])
+
+ # disable should be idempotent
+ subprocess.check_call(['systemctl', 'disable', 'test_enable'])
+ self.assertEnabled(False)
+
+ def test_unit_link(self):
+ '''systemctl link'''
+
+ with tempfile.NamedTemporaryFile(suffix='.service') as f:
+ f.write(b'[Unit]\n')
+ f.flush()
+ subprocess.check_call(['systemctl', 'link', f.name])
+
+ unit = os.path.basename(f.name)
+ l = os.path.join('/etc/systemd/system', unit)
+ self.assertEqual(os.readlink(l), f.name)
+
+ # disable it again
+ subprocess.check_call(['systemctl', 'disable', unit])
+ # this should also remove the unit symlink
+ self.assertFalse(os.path.islink(l))
+
+ def test_unit_enable_full_path(self):
+ '''systemctl enable a unit in a non-default path'''
+
+ with tempfile.NamedTemporaryFile(suffix='.service') as f:
+ f.write(b'''[Unit]
+Description=test
+[Service]
+ExecStart=/bin/true
+[Install]
+WantedBy=multi-user.target''')
+ f.flush()
+ unit = os.path.basename(f.name)
+
+ # now enable it
+ subprocess.check_call(['systemctl', 'enable', f.name])
+ self.assertEnabled(True, unit=unit)
+ l = os.path.join('/etc/systemd/system', unit)
+ self.assertEqual(os.readlink(l), f.name)
+ enable_l = '/etc/systemd/system/multi-user.target.wants/' + unit
+ self.assertEqual(os.readlink(enable_l), f.name)
+
+ # disable it again
+ subprocess.check_call(['systemctl', 'disable', unit])
+ # self.assertEnabled(False) does not work as now systemd does not
+ # know about the unit at all any more
+ self.assertFalse(os.path.islink(enable_l))
+ # this should also remove the unit symlink
+ self.assertFalse(os.path.islink(l))
+
+
+if __name__ == '__main__':
+ unittest.main(testRunner=unittest.TextTestRunner(stream=sys.stdout,
+ verbosity=2))
diff --git a/debian/tests/upstream b/debian/tests/upstream
new file mode 100755
index 0000000..04be11a
--- /dev/null
+++ b/debian/tests/upstream
@@ -0,0 +1,65 @@
+#!/bin/sh
+# run upstream system integration tests
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+set -e
+
+DPKGARCH=$(dpkg --print-architecture)
+
+# quiesce Makefile.guess; not really relevant as systemd/nspawn run from
+# installed packages
+export BUILD_DIR=.
+
+# modify the image build scripts to install systemd from the debs instead of
+# from a "make/ninja install" as we don't have a built tree here. Also call
+# systemd-nspawn from the system.
+sed -i '/DESTDIR.* install/ s%^.*$% for p in `grep ^Package: '`pwd`'/debian/control | cut -f2 -d\\ |grep -Ev -- "-(udeb|dev)"`; do (cd /tmp; apt-get download $p \&\& dpkg-deb --fsys-tarfile ${p}[._]*deb | tar -C $initdir --dereference -x); done%; s_[^" ]*/systemd-nspawn_systemd-nspawn_g; s/\(_ninja_bin=\).*/\1dummy-ninja/' test/test-functions
+
+# adjust path
+sed -i 's_/usr/libexec/selinux/hll/pp_/usr/lib/selinux/hll/pp_' test/TEST-06-SELINUX/test.sh
+
+FAILED=""
+
+# Because this test is used both by upstream and by Debian, we use different deny-list filenames.
+# For more details see https://salsa.debian.org/systemd-team/systemd/merge_requests/52
+# The naming is transitioning from blacklist to deny-list, so currently both are supported
+# More details in https://github.com/systemd/systemd/pull/16262
+if [ -n "$TEST_UPSTREAM" ]; then
+ DENY_LIST="deny-list-ubuntu-ci"
+ BLACKLIST="blacklist-ubuntu-ci"
+else
+ DENY_LIST="deny-list-upstream-ci"
+ BLACKLIST="blacklist-upstream-ci"
+fi
+
+for t in test/TEST*; do
+ testname=$(basename $t)
+ if [ -f "$t/${DENY_LIST}" -o -f "$t/${BLACKLIST}" ]; then
+ echo "========== DENY-LISTED: $testname =========="
+ continue
+ elif [ -f "$t/${DENY_LIST}-$DPKGARCH" -o -f "$t/${BLACKLIST}-$DPKGARCH" ]; then
+ echo "========== DENY-LISTED (for arch $DPKGARCH): $testname =========="
+ continue
+ fi
+ echo "========== START: $testname =========="
+ rm -rf /var/tmp/systemd-test.*
+ if ! make -C $t clean setup run; then
+ for j in /var/tmp/systemd-test.*/journal/* /var/tmp/systemd-test.*/system.journal; do
+ [ -e "$j" ] || continue
+ # keep the entire journal in artifacts, in case one needs the debug messages
+ cp -r "$j" "$AUTOPKGTEST_ARTIFACTS/${testname}-$(basename $j)"
+ echo "---- $j ----"
+ [ -d "$j" ] && journalctl --priority=warning --directory=$j
+ [ -f "$j" ] && journalctl --priority=warning --file=$j
+ done
+ FAILED="$FAILED $testname"
+ fi
+ echo
+ # always cleanup each test run
+ make -C $t clean-again
+ echo "========== END: $testname =========="
+done
+
+if [ -n "$FAILED" ]; then
+ echo FAILED TESTS: "$FAILED"
+ exit 1
+fi
diff --git a/debian/udev-udeb.dirs b/debian/udev-udeb.dirs
new file mode 100644
index 0000000..eeba23d
--- /dev/null
+++ b/debian/udev-udeb.dirs
@@ -0,0 +1 @@
+/etc/udev/rules.d/
diff --git a/debian/udev-udeb.install b/debian/udev-udeb.install
new file mode 100644
index 0000000..d0995bb
--- /dev/null
+++ b/debian/udev-udeb.install
@@ -0,0 +1,21 @@
+lib/systemd/network/99-default.link
+lib/systemd/systemd-udevd
+bin/udevadm
+lib/udev/ata_id
+lib/udev/scsi_id
+lib/udev/cdrom_id
+lib/udev/rules.d/50-udev-default.rules
+lib/udev/rules.d/60-block.rules
+lib/udev/rules.d/60-cdrom_id.rules
+lib/udev/rules.d/60-input-id.rules
+lib/udev/rules.d/60-persistent-input.rules
+lib/udev/rules.d/60-persistent-storage.rules
+lib/udev/rules.d/64-btrfs.rules
+lib/udev/rules.d/75-net-description.rules
+lib/udev/rules.d/75-probe_mtd.rules
+lib/udev/rules.d/80-drivers.rules
+lib/udev/rules.d/80-net-setup-link.rules
+../../extra/network/73-usb-net-by-mac.link lib/systemd/network/
+../../extra/rules/50-firmware.rules lib/udev/rules.d/
+../../extra/rules/73-special-net-names.rules lib/udev/rules.d/
+../../extra/start-udev lib/debian-installer/
diff --git a/debian/udev.NEWS b/debian/udev.NEWS
new file mode 100644
index 0000000..5a0194e
--- /dev/null
+++ b/debian/udev.NEWS
@@ -0,0 +1,25 @@
+systemd (241-4) unstable; urgency=medium
+
+ DRM render nodes (/dev/dri/renderD*) are now owned by group "render"
+ (previously group "video"). Dynamic ACLs via the "uaccess" udev tag are still
+ applied, so in the common case things should just continue to work.
+ If you rely on static permissions to access those devices, you need to update
+ group memberships accordingly to use group "render" now.
+
+ -- Michael Biebl <biebl@debian.org> Fri, 17 May 2019 19:15:32 +0200
+
+systemd (220-7) unstable; urgency=medium
+
+ The mechanism for providing stable network interface names changed.
+ Previously they were kept in /etc/udev/rules.d/70-persistent-net.rules
+ which mapped device MAC addresses to the (arbitrary) name they got when
+ they first appeared (i. e. mostly at the time of installation). As this
+ had several problems and is not supported any more, this is deprecated in
+ favor of the "net.ifnames" mechanism. With this most of your network
+ interfaces will get location-based names. If you have ifupdown, firewall,
+ or other configuration that relies on the old names, you need to update
+ these by Debian 10/Ubuntu 18.04 LTS, and then remove
+ /etc/udev/rules.d/70-persistent-net.rules. Please see
+ /usr/share/doc/udev/README.Debian.gz for details about this.
+
+ -- Martin Pitt <mpitt@debian.org> Mon, 15 Jun 2015 15:30:29 +0200
diff --git a/debian/udev.README.Debian b/debian/udev.README.Debian
new file mode 100644
index 0000000..dfe1fb4
--- /dev/null
+++ b/debian/udev.README.Debian
@@ -0,0 +1,150 @@
+This documents udev integration Debian specifics. Please see man udev(7) and
+its referenced manpages for general documentation.
+
+Network interface naming
+~~~~~~~~~~~~~~~~~~~~~~~~
+Since version 197 udev has a builtin persistent name generator which checks
+firmware/BIOS provided index numbers or slot names (similar to biosdevname),
+falls back to slot names (PCI numbers, etc., in the spirit of
+/dev/disks/by-path/), and then optionally falls back to MAC address, and
+generates names based on these properties. This provides "location oriented"
+names for PCI cards such as "enp0s1" for ethernet, or wlp1s0" for a WIFI card
+so that replacing a broken network card does not change the name (as long
+as the new card is fitted into the bus in the old card's slot.) As location
+based naming does not work well for USB devices, these use a MAC based naming
+schema (see /lib/systemd/network/73-usb-net-by-mac.link).
+
+This has been enabled by default since udev 220-7, which affects new
+installations/hardware. Existing installations/hardware which already got
+covered by the old 75-persistent-net-generator.rules may keep their existing
+interface names until the release of Debian 10 / Ubuntu 18.04 LTS; see
+below.
+
+You can disable these stable names and go back to the kernel-provided ones
+(which don't have a stable order) in one of two ways:
+
+ - Put "net.ifnames=0" into the kernel command line (e. g. in
+ /etc/default/grub's GRUB_CMDLINE_LINUX_DEFAULT, then run "update-grub").
+
+ - Disable the default *.link rules with
+ "ln -s /dev/null /etc/systemd/network/99-default.link"
+ "ln -s /dev/null /etc/systemd/network/73-usb-net-by-mac.link"
+ and rebuild the initrd with "update-initramfs -u".
+
+See this page for more information:
+http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/
+
+Legacy persistent network interface naming
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Debian releases up to 8 ("Jessie") and Ubuntu up to 15.04 had an udev rule
+/lib/udev/rules.d/75-persistent-net-generator.rules which fixed the name of a
+network interface that it got when its MAC address first appeared in a
+dynamically created /etc/udev/rules.d/70-persistent-net.rules file.
+
+This had inherent race conditions (which sometimes caused collisions and
+interface names like "rename1"), required having to write state into /etc
+(which isn't possible for read-only root), and did not work in virtualized
+environments.
+
+This old schema is deprecated in Debian 9 ("Stretch"), and will not
+be supported any more in Debian 10.
+
+Migration to the current network interface naming scheme
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Interface names must be be manually migrated to the new naming scheme before
+upgrading to Debian 10 / Ubuntu 18.04 LTS. If you rely on the old names in
+custom ifupdown stanzas, firewall scripts, or other networking configuration,
+these will eventually need to be updated to the new names.
+
+WARNING: This process may render your machine inaccessible through ssh. Be sure
+to have physical or serial console access to the machine or a way to revert to
+your existing configuration.
+
+First, determine all relevant network interface names: those in
+/etc/udev/rules.d/70-persistent-net.rules, or if that does not exist (in
+the case of virtual machines), in "ip link" or /sys/class/net/.
+
+Then for every interface name use a command like
+
+ grep -r eth0 /etc
+
+to find out where it is being used.
+
+Then on "real hardware" machines, rename the file to
+70-persistent-net.rules.old; alternately, if you have multiple interfaces,
+instead of renaming you may wish to comment out specific lines to convert a
+single interface at a time.
+
+On VMs remove the files /etc/systemd/network/99-default.link and
+/etc/systemd/network/50-virtio-kernel-names.link (the latter only exists on VMs
+that use virtio network devices).
+
+Rebuild the initrd with
+
+ update-initramfs -u
+
+and reboot. Then your system should have a new network interface name (or
+names). Adjust configuration files as discovered with the grep above, and test
+your system.
+
+Repeat for each network interface name, as necessary.
+
+Custom net interface naming
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+In some cases it is convenient to define your own specific names for network
+interfaces. These can be customized in two different ways:
+
+ * You can create your own names via *.link files (see systemd.link(5)) based
+ on hardware properties. For example, /etc/systemd/network/10-dmz.link:
+
+ ------------ snip ------------
+ [Match]
+ MACAddress=11:22:aa:bb:cc:33
+
+ [Link]
+ Name=eth-dmz
+ ------------ snip ------------
+
+ * If you need attributes that link files don't expose, or you need more
+ powerful pattern matching, you can create udev rules (see udev(7))
+ like /etc/udev/rules.d/76-netnames.rules:
+
+ ------------ snip ------------
+ # identify by vendor/model ID
+ SUBSYSTEM=="net", ACTION=="add", ENV{ID_VENDOR_ID}=="0x8086", \
+ ENV{ID_MODEL_ID}=="0x1502", NAME="eth-intel-gb"
+
+ # USB device by path
+ # get ID_PATH if not present yet
+ ENV{ID_PATH}=="", IMPORT{builtin}="path_id"
+ SUBSYSTEM=="net", ACTION=="add", ENV{ID_PATH}=="*-usb-0:3:1*", NAME="eth-blue-hub"
+ ------------ snip ----------
+
+ The name of the rules file needs to have a prefix smaller than "80" so that
+ it runs before /lib/udev/rules.d/80-net-setup-link.rules, and should have a
+ prefix bigger than "75" so that it runs after 75-net-description.rules and
+ thus you can use matches on ID_VENDOR and similar properties.
+
+ * Unless you disabled net.ifnames, you can change the policy
+ (kernel/bios/path/MAC based naming) in an /etc/systemd/network/*.link file,
+ for individual devices or entire device classes. See man systemd.link(5) for
+ details about this. /lib/systemd/network/99-default.link is the default
+ policy. Note that /lib/systemd/network/73-usb-net-by-mac.link uses MAC based
+ names for USB devices.
+
+Any of the above changes require an initrd update with "update-initramfs -u" to
+get effective.
+
+Using udev with LDAP or NIS
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+If the rules files reference usernames or groups not present in the
+/etc/{passwd,group} files and the system is configured to use a
+network-based database like LDAP or NIS then udev may fail at boot time
+because users and groups are looked up well before the network has been
+initialized.
+A possible solution is to configure /etc/nsswitch.conf like this:
+
+ passwd: files ldap [UNAVAIL=return]
+ group: files ldap [UNAVAIL=return]
+
+The nsswitch.conf syntax is documented in the glibc manual.
diff --git a/debian/udev.bug-control b/debian/udev.bug-control
new file mode 100644
index 0000000..3134261
--- /dev/null
+++ b/debian/udev.bug-control
@@ -0,0 +1 @@
+package-status: systemd
diff --git a/debian/udev.bug-script b/debian/udev.bug-script
new file mode 100644
index 0000000..97f56f1
--- /dev/null
+++ b/debian/udev.bug-script
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# We don’t clean up this directory because there is no way to know when
+# reportbug finished running, and reportbug needs the files around.
+# Given that those are just a couple of kilobytes in size and people
+# generally don’t file a lot of bugs, I don’t think it’s a big deal.
+DIR=$(mktemp -d)
+
+echo "-- BEGIN ATTACHMENTS --" >&3
+
+udevadm info --export-db >$DIR/udev-database.txt
+echo "$DIR/udev-database.txt" >&3
+
+echo "-- END ATTACHMENTS --" >&3
diff --git a/debian/udev.init b/debian/udev.init
new file mode 100644
index 0000000..bb54f61
--- /dev/null
+++ b/debian/udev.init
@@ -0,0 +1,255 @@
+#!/bin/sh -e
+### BEGIN INIT INFO
+# Provides: udev
+# Required-Start: mountkernfs
+# Required-Stop: umountroot
+# Default-Start: S
+# Default-Stop: 0 6
+# Short-Description: Start systemd-udevd, populate /dev and load drivers.
+### END INIT INFO
+
+PATH="/sbin:/bin"
+NAME="systemd-udevd"
+DAEMON="/lib/systemd/systemd-udevd"
+DESC="hotplug events dispatcher"
+PIDFILE="/run/udev.pid"
+CTRLFILE="/run/udev/control"
+OMITDIR="/run/sendsigs.omit.d"
+
+# we need to unmount /dev/pts/ and remount it later over the devtmpfs
+unmount_devpts() {
+ if mountpoint -q /dev/pts/; then
+ umount -n -l /dev/pts/
+ fi
+
+ if mountpoint -q /dev/shm/; then
+ umount -n -l /dev/shm/
+ fi
+}
+
+# mount a devtmpfs over /dev, if somebody did not already do it
+mount_devtmpfs() {
+ if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then
+ mount -n -o remount,nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev
+ return
+ fi
+
+ if ! mount -n -o nosuid,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev; then
+ log_failure_msg "udev requires devtmpfs support, not started"
+ log_end_msg 1
+ fi
+
+ return 0
+}
+
+create_dev_makedev() {
+ if [ -e /sbin/MAKEDEV ]; then
+ ln -sf /sbin/MAKEDEV /dev/MAKEDEV
+ else
+ ln -sf /bin/true /dev/MAKEDEV
+ fi
+}
+
+# shell version of /usr/bin/tty
+my_tty() {
+ [ -x /bin/readlink ] || return 0
+ [ -e /proc/self/fd/0 ] || return 0
+ readlink --silent /proc/self/fd/0 || true
+}
+
+warn_if_interactive() {
+ if [ "$RUNLEVEL" = "S" -a "$PREVLEVEL" = "N" ]; then
+ return
+ fi
+
+ TTY=$(my_tty)
+ if [ -z "$TTY" -o "$TTY" = "/dev/console" -o "$TTY" = "/dev/null" ]; then
+ return
+ fi
+
+ printf "\n\n\nIt has been detected that the command\n\n\t$0 $*\n\n"
+ printf "has been run from an interactive shell.\n"
+ printf "It will probably not do what you expect, so this script will wait\n"
+ printf "60 seconds before continuing. Press ^C to stop it.\n"
+ printf "RUNNING THIS COMMAND IS HIGHLY DISCOURAGED!\n\n\n\n"
+ sleep 60
+}
+
+make_static_nodes() {
+ [ -e /lib/modules/$(uname -r)/modules.devname ] || return 0
+ [ -x /bin/kmod ] || return 0
+
+ /bin/kmod static-nodes --format=tmpfiles --output=/proc/self/fd/1 | \
+ while read type name mode uid gid age arg; do
+ [ -e $name ] && continue
+ case "$type" in
+ c|b|c!|b!) mknod -m $mode $name $type $(echo $arg | sed 's/:/ /') ;;
+ d|d!) mkdir $name ;;
+ *) echo "unparseable line ($type $name $mode $uid $gid $age $arg)" >&2 ;;
+ esac
+
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon $name
+ fi
+ done
+}
+
+
+##############################################################################
+
+
+[ -x $DAEMON ] || exit 0
+
+# defaults
+tmpfs_size="10M"
+
+if [ -e /etc/udev/udev.conf ]; then
+ . /etc/udev/udev.conf
+fi
+
+. /lib/lsb/init-functions
+
+if [ ! -e /proc/filesystems ]; then
+ log_failure_msg "udev requires a mounted procfs, not started"
+ log_end_msg 1
+fi
+
+if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then
+ log_failure_msg "udev requires devtmpfs support, not started"
+ log_end_msg 1
+fi
+
+if [ ! -d /sys/class/ ]; then
+ log_failure_msg "udev requires a mounted sysfs, not started"
+ log_end_msg 1
+fi
+
+if [ ! -w /sys ]; then
+ log_warning_msg "udev does not support containers, not started"
+ exit 0
+fi
+
+if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] || \
+ [ -e /sys/block -a ! -e /sys/class/block ]; then
+ log_warning_msg "CONFIG_SYSFS_DEPRECATED must not be selected"
+ log_warning_msg "Booting will continue in 30 seconds but many things will be broken"
+ sleep 30
+fi
+
+# When modifying this script, do not forget that between the time that the
+# new /dev has been mounted and udevadm trigger has been run there will be
+# no /dev/null. This also means that you cannot use the "&" shell command.
+
+case "$1" in
+ start)
+ if [ ! -e "/run/udev/" ]; then
+ warn_if_interactive
+ fi
+
+ if [ -w /sys/kernel/uevent_helper ]; then
+ echo > /sys/kernel/uevent_helper
+ fi
+
+ if ! mountpoint -q /dev/; then
+ unmount_devpts
+ mount_devtmpfs
+ [ -d /proc/1 ] || mount -n /proc
+ fi
+
+ make_static_nodes
+
+ # clean up parts of the database created by the initramfs udev
+ udevadm info --cleanup-db
+
+ # set the SELinux context for devices created in the initramfs
+ [ -x /sbin/restorecon ] && /sbin/restorecon -R /dev
+
+ log_daemon_msg "Starting $DESC" "$NAME"
+ if start-stop-daemon --start --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile \
+ --notify-await; then
+ # prevents udevd to be killed by sendsigs (see #791944)
+ mkdir -p $OMITDIR
+ ln -sf $PIDFILE $OMITDIR/$NAME
+ log_end_msg $?
+ else
+ log_warning_msg $?
+ log_warning_msg "Waiting 15 seconds and trying to continue anyway"
+ sleep 15
+ fi
+
+ log_action_begin_msg "Synthesizing the initial hotplug events (subsystems)"
+ if udevadm trigger --type=subsystems --action=add; then
+ log_action_end_msg $?
+ else
+ log_action_end_msg $?
+ fi
+ log_action_begin_msg "Synthesizing the initial hotplug events (devices)"
+ if udevadm trigger --type=devices --action=add; then
+ log_action_end_msg $?
+ else
+ log_action_end_msg $?
+ fi
+
+ create_dev_makedev
+
+ # wait for the systemd-udevd childs to finish
+ log_action_begin_msg "Waiting for /dev to be fully populated"
+ if udevadm settle; then
+ log_action_end_msg 0
+ else
+ log_action_end_msg 0 'timeout'
+ fi
+ ;;
+
+ stop)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ if start-stop-daemon --stop --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then
+ # prevents cryptsetup/dmsetup hangs (see #791944)
+ rm -f $CTRLFILE
+ log_end_msg $?
+ else
+ log_end_msg $?
+ fi
+ ;;
+
+ restart)
+ log_daemon_msg "Stopping $DESC" "$NAME"
+ if start-stop-daemon --stop --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then
+ # prevents cryptsetup/dmsetup hangs (see #791944)
+ rm -f $CTRLFILE
+ log_end_msg $?
+ else
+ log_end_msg $? || true
+ fi
+
+ log_daemon_msg "Starting $DESC" "$NAME"
+ if start-stop-daemon --start --name $NAME --user root --quiet \
+ --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile \
+ --notify-await; then
+ # prevents udevd to be killed by sendsigs (see #791944)
+ mkdir -p $OMITDIR
+ ln -sf $PIDFILE $OMITDIR/$NAME
+ log_end_msg $?
+ else
+ log_end_msg $?
+ fi
+ ;;
+
+ reload|force-reload)
+ udevadm control --reload-rules
+ ;;
+
+ status)
+ status_of_proc $DAEMON $NAME && exit 0 || exit $?
+ ;;
+
+ *)
+ echo "Usage: /etc/init.d/udev {start|stop|restart|reload|force-reload|status}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/debian/udev.install b/debian/udev.install
new file mode 100644
index 0000000..51323f1
--- /dev/null
+++ b/debian/udev.install
@@ -0,0 +1,26 @@
+etc/udev/
+lib/udev/*
+lib/systemd/network/*.link
+lib/systemd/system/systemd-udev*
+lib/systemd/system/systemd-hwdb*
+lib/systemd/system/*.target.wants/systemd-udev*
+lib/systemd/system/*.target.wants/*hwdb*
+lib/systemd/systemd-udevd
+bin/udevadm
+bin/systemd-hwdb
+usr/lib/tmpfiles.d/static-nodes-permissions.conf
+usr/share/man/man5/udev.conf.5
+usr/share/man/man5/systemd.link.5
+usr/share/man/man7/hwdb.7
+usr/share/man/man7/udev.7
+usr/share/man/man8/systemd-hwdb*
+usr/share/man/man8/systemd-udevd*
+usr/share/man/man8/udevadm.8
+usr/share/bash-completion/completions/udevadm
+usr/share/zsh/vendor-completions/_udevadm
+usr/share/pkgconfig/udev.pc
+../../extra/initramfs-tools usr/share/
+../../extra/rules/*.rules lib/udev/rules.d/
+../../extra/network/*.link lib/systemd/network/
+#../../extra/*.hwdb lib/udev/hwdb.d/
+../../extra/fbdev-blacklist.conf lib/modprobe.d/
diff --git a/debian/udev.links b/debian/udev.links
new file mode 100644
index 0000000..e2ba1e4
--- /dev/null
+++ b/debian/udev.links
@@ -0,0 +1 @@
+/lib/systemd/system/systemd-udevd.service /lib/systemd/system/udev.service
diff --git a/debian/udev.lintian-overrides b/debian/udev.lintian-overrides
new file mode 100644
index 0000000..0372d75
--- /dev/null
+++ b/debian/udev.lintian-overrides
@@ -0,0 +1,3 @@
+# False positive: SUBSYSTEM is tested at the beginning of the rules file.
+# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945934
+udev: udev-rule-missing-subsystem lib/udev/rules.d/60-autosuspend-chromiumos.rules:*
diff --git a/debian/udev.maintscript b/debian/udev.maintscript
new file mode 100644
index 0000000..298b2a9
--- /dev/null
+++ b/debian/udev.maintscript
@@ -0,0 +1,3 @@
+rm_conffile /etc/init/udev.conf 233-1~
+rm_conffile /etc/init/udevmonitor.conf 233-1~
+rm_conffile /etc/init/udevtrigger.conf 233-1~
diff --git a/debian/udev.postinst b/debian/udev.postinst
new file mode 100644
index 0000000..4206321
--- /dev/null
+++ b/debian/udev.postinst
@@ -0,0 +1,88 @@
+#!/bin/sh
+
+set -e
+
+chrooted() {
+ if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ];
+ then
+ # the devicenumber/inode pair of / is the same as that of /sbin/init's
+ # root, so we're *not* in a chroot and hence return false.
+ return 1
+ fi
+ echo "A chroot environment has been detected, udev not started."
+ return 0
+}
+
+in_debootstrap() {
+ # debootstrap --second-stage may be run in an emulator instead of a chroot,
+ # we need to check for this special case because start-stop-daemon would
+ # not be available. (#520742)
+ if [ -d /debootstrap/ ]; then
+ echo "Being installed by debootstrap, udev not started."
+ return 0
+ fi
+ return 1
+}
+
+can_start_udevd() {
+ if [ ! -d /sys/class/ ]; then
+ echo "udev requires a mounted sysfs, not started."
+ return 1
+ fi
+ return 0
+}
+
+enable_udev() {
+ can_start_udevd || return 0
+ invoke-rc.d udev start
+}
+
+upgrade_fixes() {
+ # new Default-Stop (see #791944)
+ if dpkg --compare-versions "$2" lt-nl "239-8"; then
+ update-rc.d -f udev remove
+ fi
+}
+
+update_hwdb() {
+ systemd-hwdb --usr update || true
+}
+
+case "$1" in
+ configure)
+ # update/create hwdb before we (re)start udev
+ update_hwdb
+
+ # Add new system group used by udev rules
+ addgroup --quiet --system input
+
+ # Make /dev/kvm accessible to kvm group
+ addgroup --quiet --system kvm
+
+ # Make /dev/dri/renderD* accessible to render group
+ addgroup --quiet --system render
+
+ if [ -z "$2" ]; then # first install
+ if ! chrooted && ! in_debootstrap; then
+ enable_udev
+ fi
+ else # upgrades
+ upgrade_fixes "$@"
+ if ! chrooted; then
+ if can_start_udevd; then
+ if [ -d /run/systemd/system ] ; then
+ systemctl daemon-reload || true
+ fi
+ invoke-rc.d udev restart
+ fi
+ fi
+ fi
+ ;;
+
+ triggered)
+ update_hwdb
+ exit 0
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/udev.postrm b/debian/udev.postrm
new file mode 100644
index 0000000..24a5a4f
--- /dev/null
+++ b/debian/udev.postrm
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+ purge)
+ rm -f /etc/udev/rules.d/70-persistent-*.rules
+ rmdir --ignore-fail-on-non-empty /etc/udev/rules.d/ 2> /dev/null || true
+ rm -f /lib/udev/hwdb.bin
+ rm -f /var/log/udev
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/udev.preinst b/debian/udev.preinst
new file mode 100644
index 0000000..7af4e94
--- /dev/null
+++ b/debian/udev.preinst
@@ -0,0 +1,83 @@
+#!/bin/sh
+
+set -e
+
+# adapted from postinst
+chrooted() {
+ if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ];
+ then
+ return 1
+ fi
+ return 0
+}
+
+check_kernel_features() {
+ # skip the check if udev is not already active
+ [ -d /run/udev/ ] || return 0
+
+ if [ -e /proc/kallsyms ]; then
+
+ local needed_symbols='inotify_init signalfd accept4 open_by_handle_at timerfd_create epoll_create'
+ for symbol in $needed_symbols; do
+ if ! egrep -q "^[a-fA-F0-9]+ T \.?sys_${symbol}$" /proc/kallsyms; then
+ cat <<END
+Since release 198, udev requires support for the following features in
+the running kernel:
+
+- inotify(2) (CONFIG_INOTIFY_USER)
+- signalfd(2) (CONFIG_SIGNALFD)
+- accept4(2)
+- open_by_handle_at(2) (CONFIG_FHANDLE)
+- timerfd_create(2) (CONFIG_TIMERFD)
+- epoll_create(2) (CONFIG_EPOLL)
+END
+ exit 1
+ fi
+ done
+
+ fi
+
+ if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then
+ cat <<END
+Since release 176, udev requires support for the following features in
+the running kernel:
+
+- devtmpfs (CONFIG_DEVTMPFS)
+END
+ exit 1
+ fi
+
+ if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] ||
+ [ -e /sys/block -a ! -e /sys/class/block ]; then
+ cat <<END
+The currently running kernel has the CONFIG_SYSFS_DEPRECATED option
+enabled, which is incompatible with udev.
+END
+ exit 1
+ fi
+}
+
+check_version() {
+ # $2 is non-empty when installing from the "config-files" state
+ [ -n "$2" ] || return 0
+
+ if dpkg --compare-versions $2 lt 204-4; then
+ # these must be checked first to allow aborting before changing anything
+ if chrooted; then
+ echo 'Running in a chroot, skipping the kernel versions checks!'
+ else
+ check_kernel_features
+ # suppress errors when the new rules files contain options not supported by
+ # the old daemon
+ udevadm control --log-priority=0 || true
+ fi
+ fi # 204-4
+}
+
+case "$1" in
+ install|upgrade|abort-upgrade)
+ check_version "$@"
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/udev.prerm b/debian/udev.prerm
new file mode 100644
index 0000000..bf65db6
--- /dev/null
+++ b/debian/udev.prerm
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+set -e
+
+# adapted from postinst
+chrooted() {
+ if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ];
+ then
+ return 1
+ fi
+ return 0
+}
+
+kill_udevd() {
+ if [ -d /run/systemd/system ]; then
+ systemctl stop systemd-udevd-control.socket systemd-udevd-kernel.socket
+ systemctl stop systemd-udevd.service
+ else
+ invoke-rc.d udev stop
+ fi
+}
+
+case "$1" in
+ remove)
+ if ! chrooted; then
+ kill_udevd
+ fi
+ ;;
+esac
+
+#DEBHELPER#
diff --git a/debian/udev.triggers b/debian/udev.triggers
new file mode 100644
index 0000000..7f814f0
--- /dev/null
+++ b/debian/udev.triggers
@@ -0,0 +1 @@
+interest-noawait /lib/udev/hwdb.d
diff --git a/debian/upstream/metadata b/debian/upstream/metadata
new file mode 100644
index 0000000..a400b84
--- /dev/null
+++ b/debian/upstream/metadata
@@ -0,0 +1,4 @@
+Bug-Database: https://github.com/systemd/systemd/issues
+Bug-Submit: https://github.com/systemd/systemd/issues/new
+Repository: https://github.com/systemd/systemd.git
+Repository-Browse: https://github.com/systemd/systemd
diff --git a/debian/watch b/debian/watch
new file mode 100644
index 0000000..01dc560
--- /dev/null
+++ b/debian/watch
@@ -0,0 +1,3 @@
+version=3
+opts=uversionmangle=s/-rc/~rc/,filenamemangle=s/.+\/v?(\d\S*)\.tar\.gz/systemd-$1\.tar\.gz/ \
+ https://github.com/systemd/systemd-stable/tags .*/v?(\d\S*)\.tar\.gz