summaryrefslogtreecommitdiffstats
path: root/debian/extra
diff options
context:
space:
mode:
Diffstat (limited to 'debian/extra')
-rwxr-xr-xdebian/extra/checkout-upstream147
-rw-r--r--debian/extra/dhclient-exit-hooks.d/timesyncd52
-rw-r--r--debian/extra/fbdev-blacklist.conf20
-rw-r--r--debian/extra/init-functions.d/40-systemd101
-rwxr-xr-xdebian/extra/initramfs-tools/hooks/udev55
-rwxr-xr-xdebian/extra/initramfs-tools/scripts/init-bottom/udev28
-rwxr-xr-xdebian/extra/initramfs-tools/scripts/init-top/udev31
-rwxr-xr-xdebian/extra/initramfs/post-update.d/systemd-boot11
-rw-r--r--debian/extra/journald.conf.d/syslog.conf5
-rwxr-xr-xdebian/extra/kernel-install.d/55-initrd.install26
-rwxr-xr-xdebian/extra/kernel/postinst.d/zz-systemd-boot11
-rwxr-xr-xdebian/extra/kernel/postrm.d/zz-systemd-boot11
-rwxr-xr-xdebian/extra/make-fbdev-blacklist52
-rwxr-xr-xdebian/extra/make-sysusers-basic18
-rw-r--r--debian/extra/modprobe.d-udeb/scsi-mod-scan-sync.conf4
-rw-r--r--debian/extra/network/73-usb-net-by-mac.link5
-rw-r--r--debian/extra/pam-configs/systemd7
-rw-r--r--debian/extra/pam-configs/systemd-homed15
-rw-r--r--debian/extra/pam.d/systemd-user13
-rw-r--r--debian/extra/rules-ubuntu/40-vm-hotadd.rules14
-rw-r--r--debian/extra/rules-ubuntu/61-persistent-storage-android.rules6
-rw-r--r--debian/extra/rules-ubuntu/71-power-switch-proliant.rules2
-rw-r--r--debian/extra/rules-ubuntu/78-graphics-card.rules30
-rw-r--r--debian/extra/rules/50-firmware.rules3
-rw-r--r--debian/extra/rules/73-special-net-names.rules14
-rw-r--r--debian/extra/rules/80-debian-compat.rules16
-rwxr-xr-xdebian/extra/start-udev23
-rw-r--r--debian/extra/systemd-oomd-defaults/-.slice.d/10-oomd-root-slice-defaults.conf2
-rw-r--r--debian/extra/systemd-oomd-defaults/oomd.conf.d/10-oomd-defaults.conf2
-rw-r--r--debian/extra/systemd-oomd-defaults/user@.service.d/10-oomd-user-service-defaults.conf3
-rwxr-xr-xdebian/extra/systemd-sysv-install56
-rw-r--r--debian/extra/systemd.py28
-rw-r--r--debian/extra/tmpfiles.d/debian.conf16
-rw-r--r--debian/extra/udev.py19
-rw-r--r--debian/extra/units-ubuntu/user@.service.d/timeout.conf4
-rw-r--r--debian/extra/units/getty-static.service10
-rw-r--r--debian/extra/units/rc-local.service.d/debian.conf10
-rw-r--r--debian/extra/units/systemd-localed.service.d/x11-keyboard.conf4
-rw-r--r--debian/extra/units/systemd-logind.service.d/dbus.conf9
-rw-r--r--debian/extra/units/systemd-udevd.service.d/syscall-architecture.conf7
40 files changed, 890 insertions, 0 deletions
diff --git a/debian/extra/checkout-upstream b/debian/extra/checkout-upstream
new file mode 100755
index 0000000..1724fea
--- /dev/null
+++ b/debian/extra/checkout-upstream
@@ -0,0 +1,147 @@
+#!/bin/sh
+# Prepare systemd source package in current directory for testing an upstream
+# commit, branch, or PR, without Debian patches. This replaces everything
+# except the debian/ directory with an upstream checkout.
+# NEVER run this in your actual packaging work directory! This is only meant
+# for upstream CI.
+#
+# Author: Martin Pitt <martin.pitt@ubuntu.com>
+
+set -eu
+test -x debian/rules
+case "${DEB_BUILD_PROFILES:-}" in
+ *pkg.systemd.upstream*) ;;
+ *)
+ echo "Not in upstream testing mode. Do *not* run this script unless you know what you are doing." >&2
+ exit 1
+esac
+if [ -n "${UPSTREAM_PULL_REQUEST:-}" ]; then
+ FETCH="git fetch -fu origin refs/pull/$UPSTREAM_PULL_REQUEST/head:pr"
+ CO='git checkout pr'
+ DESC="PR #$UPSTREAM_PULL_REQUEST"
+elif [ -n "${UPSTREAM_HEAD:-}" ]; then
+ FETCH=''
+ CO="git checkout $UPSTREAM_HEAD"
+ DESC="$UPSTREAM_HEAD"
+else
+ echo "WARNING: $0: Neither UPSTREAM_PULL_REQUEST nor UPSTREAM_HEAD set, ignoring" >&2
+ exit 0
+fi
+
+DUMMY_USER_NAME="Merge dummy user"
+DUMMY_USER_EMAIL="invalid@example.com"
+
+UPSTREAM_REPO="${UPSTREAM_REPO:-https://github.com/systemd/systemd.git}"
+BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)
+
+# Use git, if in a git repo
+if [ -d .git ]; then
+ # make sure user.name/user.email are set, git commit wants them
+ git config --get user.name || git config user.name "$DUMMY_USER_NAME"
+ git config --get user.email || git config user.email "$DUMMY_USER_EMAIL"
+fi
+
+if [ -n "${KEEP_DEBIAN_PATCHES:-}" ]; then
+ # set up pq branch if it does not exist
+ if [ "$BRANCH_NAME" = HEAD ]; then
+ echo "ERROR: $0 must be started from a branch when using KEEP_DEBIAN_PATCHES" >&2
+ exit 1
+ fi
+ gbp pq import 2> /dev/null && gbp pq switch || true
+ if ! git branch --contains "$BRANCH_NAME" | grep -q patch-queue/"$BRANCH_NAME"; then
+ echo "ERROR: patch-queue/$BRANCH_NAME exists but it is not rebased, please rebase it." >&2
+ exit 1
+ fi
+fi
+
+# switch to native instead of quilt
+echo '3.0 (native)' > debian/source/format
+
+# drop our patches
+rm -rf debian/patches
+
+# disable tests which are not for upstream
+[ -n "${KEEP_DEBIAN_TESTS:-}" ] || sed -i '/# NOUPSTREAM/ q' debian/tests/control
+
+# create new git commit with debian/ changes
+if [ -d .git -a -n "$(git status --short debian)" ]; then
+ git add debian
+ git commit -n -m "checkout-upstream: edit debian/ files for upstream testing"
+fi
+
+########
+# Everything below this changes only code outside debian/
+# besides temporary use of debian/tmp/
+# and the update to debian/changelog
+########
+
+mkdir -p debian/tmp
+(cd debian/tmp
+ git clone "${UPSTREAM_REPO}" upstream || (rm -rf upstream; sleep 60; git clone "${UPSTREAM_REPO}" upstream)
+ cd upstream
+ $FETCH
+ $CO
+ git config user.email "$DUMMY_USER_EMAIL"
+ git config user.name "$DUMMY_USER_NAME"
+ if [ -n "${UPSTREAM_PULL_REQUEST:-}" ] && [ "${UPSTREAM_REPO}" != "https://github.com/systemd/systemd-stable.git" ]; then
+ git rebase main
+ fi
+ git submodule update --init --recursive)
+UPSTREAM_VER=$(cd debian/tmp/upstream; git describe | sed 's/^v//;s/-/./g')
+
+# clean out original upstream sources
+find -mindepth 1 -maxdepth 1 -name debian -o -name .git -prune -o -print0 | xargs -0n1 rm -rf
+
+# These options changes are only needed for the upstream CI, and we don't want to pollute d/rules with them.
+# Also we want to ensure running on an older branch (e.g.: for the systemd-stable repository) doesn't break.
+if grep -q default-timeout-sec debian/tmp/upstream/meson_options.txt; then
+ sed -i "s/option('default-timeout-sec', type : 'integer', value : 90/option('default-timeout-sec', type : 'integer', value : 180/" debian/tmp/upstream/meson_options.txt
+fi
+if grep -q log-trace debian/tmp/upstream/meson_options.txt; then
+ sed -i "s/option('log-trace', type : 'boolean', value : false/option('log-trace', type : 'boolean', value : true/" debian/tmp/upstream/meson_options.txt
+fi
+# TODO: drop when Jammy is no longer used
+if grep -q sshdconfdir debian/tmp/upstream/meson_options.txt; then
+ sed -i "s/option('sshdconfdir',/option('sshdconfdir', value : 'no',/" debian/tmp/upstream/meson_options.txt
+fi
+
+# replace with checkout
+mv debian/tmp/upstream/* .
+rm -rf debian/tmp
+
+# create new git commit with upstream code
+if [ -d .git -a -n "$(git status --short)" ] ; then
+ git add .
+ git commit -n -m "checkout-upstream: replace with upstream code at version ${UPSTREAM_VER}"
+fi
+
+# import Debian patches which apply cleanly
+if [ -n "${KEEP_DEBIAN_PATCHES:-}" ]; then
+ for c in $(git log "$BRANCH_NAME"..patch-queue/"$BRANCH_NAME" --format='%H' --reverse); do
+ if ! git cherry-pick $c; then
+ git cherry-pick --abort
+ git reset --hard
+ git clean -dxf
+ fi
+ done
+fi
+
+if [ -z "${UPSTREAM_KEEP_CHANGELOG:-}" ] ; then
+ # craft changelog
+ cat << EOF > debian/changelog.new
+systemd (${UPSTREAM_VER}.0) UNRELEASED; urgency=low
+
+ * Automatic build from upstream $DESC
+
+ -- systemd test <pkg-systemd-maintainers@lists.alioth.debian.org> $(date -R)
+
+EOF
+ cat debian/changelog >> debian/changelog.new
+ mv debian/changelog.new debian/changelog
+
+ # create new git commit with changelog entry
+ if [ -d .git ] ; then
+ git add debian
+ git commit -n -m "checkout-upstream: update changelog to version ${UPSTREAM_VER}.0"
+ fi
+fi
diff --git a/debian/extra/dhclient-exit-hooks.d/timesyncd b/debian/extra/dhclient-exit-hooks.d/timesyncd
new file mode 100644
index 0000000..456deb2
--- /dev/null
+++ b/debian/extra/dhclient-exit-hooks.d/timesyncd
@@ -0,0 +1,52 @@
+TIMESYNCD_CONF=/run/systemd/timesyncd.conf.d/01-dhclient.conf
+
+timesyncd_servers_setup_remove() {
+ if [ ! -d /run/systemd/system ]; then
+ return
+ fi
+ if [ ! -x /usr/lib/systemd/systemd-timesyncd ]; then
+ return
+ fi
+
+ if [ -e $TIMESYNCD_CONF ]; then
+ rm -f $TIMESYNCD_CONF
+ systemctl try-restart systemd-timesyncd.service || true
+ fi
+}
+
+timesyncd_servers_setup_add() {
+ if [ ! -d /run/systemd/system ]; then
+ return
+ fi
+ if [ ! -x /usr/lib/systemd/systemd-timesyncd ]; then
+ return
+ fi
+
+ if [ -e $TIMESYNCD_CONF ] && [ "$new_ntp_servers" = "$old_ntp_servers" ]; then
+ return
+ fi
+
+ if [ -z "$new_ntp_servers" ]; then
+ timesyncd_servers_setup_remove
+ return
+ fi
+
+ mkdir -p $(dirname $TIMESYNCD_CONF)
+ cat <<EOF > ${TIMESYNCD_CONF}.new
+# NTP server entries received from DHCP server
+[Time]
+NTP=$new_ntp_servers
+EOF
+ mv ${TIMESYNCD_CONF}.new ${TIMESYNCD_CONF}
+ systemctl try-restart systemd-timesyncd.service || true
+}
+
+
+case $reason in
+ BOUND|RENEW|REBIND|REBOOT)
+ timesyncd_servers_setup_add
+ ;;
+ EXPIRE|FAIL|RELEASE|STOP)
+ timesyncd_servers_setup_remove
+ ;;
+esac
diff --git a/debian/extra/fbdev-blacklist.conf b/debian/extra/fbdev-blacklist.conf
new file mode 100644
index 0000000..00a9170
--- /dev/null
+++ b/debian/extra/fbdev-blacklist.conf
@@ -0,0 +1,20 @@
+# This file blacklists most old-style PCI framebuffer drivers.
+
+blacklist arkfb
+blacklist aty128fb
+blacklist atyfb
+blacklist radeonfb
+blacklist cirrusfb
+blacklist cyber2000fb
+blacklist kyrofb
+blacklist matroxfb_base
+blacklist mb862xxfb
+blacklist neofb
+blacklist pm2fb
+blacklist pm3fb
+blacklist s3fb
+blacklist savagefb
+blacklist sisfb
+blacklist tdfxfb
+blacklist tridentfb
+blacklist vt8623fb
diff --git a/debian/extra/init-functions.d/40-systemd b/debian/extra/init-functions.d/40-systemd
new file mode 100644
index 0000000..d1dc03e
--- /dev/null
+++ b/debian/extra/init-functions.d/40-systemd
@@ -0,0 +1,101 @@
+# -*-Shell-script-*-
+# /lib/lsb/init-functions
+
+_use_systemctl=0
+if [ -d /run/systemd/system ]; then
+
+ if [ -n "${__init_d_script_name:-}" ]; then # scripts run with new init-d-script
+ executable="$__init_d_script_name"
+ argument="$1"
+ elif [ "${0##*/}" = "init-d-script" ] ||
+ [ "${0##*/}" = "${1:-}" ]; then # scripts run with old init-d-script
+ executable="$1"
+ argument="$2"
+ else # plain old scripts
+ executable="$0"
+ argument="${1:-}"
+ fi
+
+ prog=${executable##*/}
+ service="${prog%.sh}.service"
+
+ # Don't try to run masked services. systemctl <= 230 always succeeds here,
+ # but later systemctls fail on nonexisting units; be compatible with both
+ state=$(systemctl -p LoadState --value show $service 2>/dev/null) || state="not-found"
+ [ "$state" = "masked" ] && exit 0
+
+ # Redirect SysV init scripts when executed by the user
+ if [ $PPID -ne 1 ] && [ -z "${SYSTEMCTL_SKIP_REDIRECT:-}" ]; then
+ case $(readlink -f "$executable") in
+ /etc/init.d/*)
+ # If the state is not-found, this might be a newly installed SysV init
+ # script where systemd-sysv-generator has not been run yet.
+ [ "$state" != "not-found" ] || [ "$(id -u)" != 0 ] || systemctl --no-ask-password daemon-reload
+
+ _use_systemctl=1
+ # Some services can't reload through the .service file,
+ # but can through the init script.
+ if [ "$(systemctl -p CanReload --value show $service 2>/dev/null)" = "no" ] && [ "${argument:-}" = "reload" ]; then
+ _use_systemctl=0
+ fi
+ ;;
+ esac
+ fi
+fi
+
+systemctl_redirect () {
+ local s
+ local rc
+ local prog=${1##*/}
+ local command=$2
+
+ case "$command" in
+ start)
+ s="Starting $prog (via systemctl)"
+ ;;
+ stop)
+ s="Stopping $prog (via systemctl)"
+ ;;
+ reload|force-reload)
+ s="Reloading $prog configuration (via systemctl)"
+ ;;
+ try-restart)
+ s="Restarting $prog if running (via systemctl)"
+ ;;
+ restart)
+ s="Restarting $prog (via systemctl)"
+ ;;
+ esac
+
+ service="${prog%.sh}.service"
+
+ # avoid deadlocks during bootup and shutdown from units/hooks
+ # which call "invoke-rc.d service reload" and similar, since
+ # the synchronous wait plus systemd's normal behaviour of
+ # transactionally processing all dependencies first easily
+ # causes dependency loops
+ if ! systemctl --quiet is-system-running && [ "$command" = "reload" ]; then
+ sctl_args="--no-block"
+ fi
+
+ [ "$command" = status ] || log_daemon_msg "$s" "$service"
+ systemctl --no-pager $sctl_args $command "$service"
+ rc=$?
+ [ "$command" = status ] || log_end_msg $rc
+
+ return $rc
+}
+
+if [ "$_use_systemctl" = "1" ]; then
+ # Some init scripts use "set -e" and "set -u", we don't want that
+ # here
+ set +e
+ set +u
+
+ case "$argument" in
+ start|stop|restart|reload|force-reload|try-restart|status)
+ systemctl_redirect $executable $argument
+ exit $?
+ ;;
+ esac
+fi
diff --git a/debian/extra/initramfs-tools/hooks/udev b/debian/extra/initramfs-tools/hooks/udev
new file mode 100755
index 0000000..4da5b28
--- /dev/null
+++ b/debian/extra/initramfs-tools/hooks/udev
@@ -0,0 +1,55 @@
+#!/bin/sh -e
+
+PREREQS=""
+
+prereqs() { echo "$PREREQS"; }
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+mkdir -p "$DESTDIR/usr/lib/systemd"
+copy_exec /usr/lib/systemd/systemd-udevd /usr/lib/systemd
+copy_exec /usr/bin/udevadm /usr/bin
+
+mkdir -p "$DESTDIR/etc/udev"
+cp -p /etc/udev/udev.conf "$DESTDIR/etc/udev/"
+
+# copy .link files containing interface naming definitions
+mkdir -p "$DESTDIR/usr/lib/systemd/network/"
+find -L /usr/lib/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/usr/lib/systemd/network/" '{}' +
+if [ -d /etc/systemd/network ]; then
+ find -L /etc/systemd/network -name '*.link' -execdir cp -pt "$DESTDIR/usr/lib/systemd/network/" '{}' +
+fi
+
+mkdir -p "$DESTDIR/usr/lib/udev/rules.d/"
+for rules in 50-firmware.rules 50-udev-default.rules \
+ 60-block.rules 60-persistent-storage.rules \
+ 61-persistent-storage-android.rules 71-seat.rules \
+ 73-special-net-names.rules 75-net-description.rules \
+ 80-net-setup-link.rules 80-drivers.rules; do
+ if [ -e /etc/udev/rules.d/$rules ]; then
+ cp -p /etc/udev/rules.d/$rules "$DESTDIR/usr/lib/udev/rules.d/"
+ elif [ -e /usr/lib/udev/rules.d/$rules ]; then
+ cp -p /usr/lib/udev/rules.d/$rules "$DESTDIR/usr/lib/udev/rules.d/"
+ fi
+done
+
+# now copy all custom udev rules which don't have an equivalent in /usr/lib (e. g.
+# 70-persistent-net.rules or similar); They might contain network names or
+# other bits which are relevant for the initramfs.
+for rules in /etc/udev/rules.d/*.rules; do
+ if [ -e "$rules" ] && [ ! -e "/usr/lib/${rules#/etc/}" ]; then
+ cp -p "$rules" "$DESTDIR/usr/lib/udev/rules.d/"
+ fi
+done
+
+for program in ata_id scsi_id; do
+ copy_exec /usr/lib/udev/$program /usr/lib/udev
+done
+copy_exec /sbin/blkid /sbin
diff --git a/debian/extra/initramfs-tools/scripts/init-bottom/udev b/debian/extra/initramfs-tools/scripts/init-bottom/udev
new file mode 100755
index 0000000..73887ea
--- /dev/null
+++ b/debian/extra/initramfs-tools/scripts/init-bottom/udev
@@ -0,0 +1,28 @@
+#!/bin/sh -e
+
+PREREQS=""
+
+prereqs() { echo "$PREREQS"; }
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+# Stop udevd, we'll miss a few events while we run init, but we catch up
+udevadm control --exit
+
+# move the /dev tmpfs to the rootfs; fall back to util-linux mount that does
+# not understand -o move
+mount -n -o move /dev "${rootmnt:?}/dev" || mount -n --move /dev "${rootmnt}/dev"
+
+# create a temporary symlink to the final /dev for other initramfs scripts
+if command -v nuke >/dev/null; then
+ nuke /dev
+else
+ # shellcheck disable=SC2114
+ rm -rf /dev
+fi
+ln -s "${rootmnt}/dev" /dev
diff --git a/debian/extra/initramfs-tools/scripts/init-top/udev b/debian/extra/initramfs-tools/scripts/init-top/udev
new file mode 100755
index 0000000..11ae72a
--- /dev/null
+++ b/debian/extra/initramfs-tools/scripts/init-top/udev
@@ -0,0 +1,31 @@
+#!/bin/sh -e
+
+PREREQS=""
+
+prereqs() { echo "$PREREQS"; }
+
+case "$1" in
+ prereqs)
+ prereqs
+ exit 0
+ ;;
+esac
+
+if [ -w /sys/kernel/uevent_helper ]; then
+ echo > /sys/kernel/uevent_helper
+fi
+
+if [ "${quiet:-n}" = "y" ]; then
+ log_level=notice
+else
+ log_level=info
+fi
+
+SYSTEMD_LOG_LEVEL=$log_level /usr/lib/systemd/systemd-udevd --daemon --resolve-names=never
+
+udevadm trigger --type=subsystems --action=add
+udevadm trigger --type=devices --action=add
+udevadm settle || true
+
+# Leave udev running to process events that come in out-of-band (like USB
+# connections)
diff --git a/debian/extra/initramfs/post-update.d/systemd-boot b/debian/extra/initramfs/post-update.d/systemd-boot
new file mode 100755
index 0000000..1cee51c
--- /dev/null
+++ b/debian/extra/initramfs/post-update.d/systemd-boot
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -eu
+
+test -x /usr/bin/bootctl || exit 0
+
+bootctl is-installed --quiet || exit 0
+
+echo "Updating kernel version $1 in systemd-boot..."
+
+kernel-install add "$1" "/boot/vmlinuz-$1" "$2"
diff --git a/debian/extra/journald.conf.d/syslog.conf b/debian/extra/journald.conf.d/syslog.conf
new file mode 100644
index 0000000..0f07c01
--- /dev/null
+++ b/debian/extra/journald.conf.d/syslog.conf
@@ -0,0 +1,5 @@
+# Undo upstream commit 46b131574fdd7d77 for now. For details see
+# http://lists.freedesktop.org/archives/systemd-devel/2014-November/025550.html
+
+[Journal]
+ForwardToSyslog=yes
diff --git a/debian/extra/kernel-install.d/55-initrd.install b/debian/extra/kernel-install.d/55-initrd.install
new file mode 100755
index 0000000..ecbed87
--- /dev/null
+++ b/debian/extra/kernel-install.d/55-initrd.install
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -eu
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+COMMAND="$1"
+KERNEL_VERSION="$2"
+
+INITRD_SRC="/boot/initrd.img-$KERNEL_VERSION"
+
+[ "$COMMAND" = add ] || exit 0
+
+if [ "$#" -ge 5 ]; then
+ # Explicit initrd paths were passed, fall through to default 90-loaderentry.install handling;
+ # we'd be either injecting an unwanted image or, worse, overriding a user-provided one
+ exit 0
+fi
+
+if [ -e "$INITRD_SRC" ]; then
+ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && echo "Installing '$INITRD_SRC'"
+ ln -fs "$INITRD_SRC" "$KERNEL_INSTALL_STAGING_AREA"
+else
+ echo "$INITRD_SRC does not exist, not installing an initrd"
+fi
+
+exit 0
diff --git a/debian/extra/kernel/postinst.d/zz-systemd-boot b/debian/extra/kernel/postinst.d/zz-systemd-boot
new file mode 100755
index 0000000..8901140
--- /dev/null
+++ b/debian/extra/kernel/postinst.d/zz-systemd-boot
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+test -x /usr/bin/bootctl || exit 0
+
+bootctl is-installed --quiet || exit 0
+
+echo "Installing kernel version $1 in systemd-boot..."
+
+kernel-install add "$1" "$2"
diff --git a/debian/extra/kernel/postrm.d/zz-systemd-boot b/debian/extra/kernel/postrm.d/zz-systemd-boot
new file mode 100755
index 0000000..4db5e51
--- /dev/null
+++ b/debian/extra/kernel/postrm.d/zz-systemd-boot
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+test -x /usr/bin/bootctl || exit 0
+
+bootctl is-installed --quiet || exit 0
+
+echo "Removing kernel version $1 from systemd-boot..."
+
+kernel-install remove "$1"
diff --git a/debian/extra/make-fbdev-blacklist b/debian/extra/make-fbdev-blacklist
new file mode 100755
index 0000000..071a9fd
--- /dev/null
+++ b/debian/extra/make-fbdev-blacklist
@@ -0,0 +1,52 @@
+#!/bin/sh
+# This script should be run before building the package every time a new
+# kernel is released.
+#
+# You should pass the name of the modules directory for a 486 flavour
+# kernel, as that has the most framebuffer modules.
+#
+# Also, obsolete modules should not be removed from the list until after
+# at least one stable release.
+
+set -e
+
+if [ $# = 0 ]; then
+ MODULES_DIR=/lib/modules/$(uname -r)
+else
+ MODULES_DIR="$1"
+fi
+
+BL='fbdev-blacklist.conf'
+
+if [ -e extra/$BL ]; then cd extra; fi
+
+{
+printf "# This file blacklists most old-style PCI framebuffer drivers.\n\n"
+
+find "$MODULES_DIR"/kernel/drivers/video -type f | sort | \
+while read file; do
+ name="$(basename $file .ko)"
+ case $name in
+ lxfb)
+ # This is needed for text consoles on OLPC XO-1, and it used to be
+ # built-in anyway.
+ ;;
+ viafb)
+ # Needed by OLPC XO-1.5.
+ ;;
+ hyperv_fb)
+ # Needed for graphical support on Hyper-V platforms, see LP: #1359933.
+ ;;
+ *)
+ /sbin/modinfo $file | grep -q '^alias: *pci:' \
+ && echo blacklist $name || true
+ ;;
+ esac
+done
+} > $BL.tmp
+
+if diff --unified=0 $BL $BL.tmp; then
+ rm $BL.tmp
+else
+ printf "\n\n\n$BL.tmp has changes!\n\n\n\n"
+fi
diff --git a/debian/extra/make-sysusers-basic b/debian/extra/make-sysusers-basic
new file mode 100755
index 0000000..8ff1b15
--- /dev/null
+++ b/debian/extra/make-sysusers-basic
@@ -0,0 +1,18 @@
+#!/bin/sh
+# generate a sysusers.d(5) file from Debian's static master passwd/group files
+set -eu
+
+echo '# generated from /usr/share/base-passwd/{passwd,group}.master'
+
+# only take groups whose name+gid != the corresponding user in passwd.master
+export IFS=:
+while read name _ id _; do
+ if ! grep -q "^$name:\*:$id:$id:" /usr/share/base-passwd/passwd.master; then
+ printf "g %-10s %-5s -\n" $name $id
+ fi
+done < /usr/share/base-passwd/group.master
+
+echo
+
+# treat "nobody:nogroup" specially: same ID, but different name, so prevent creating a "nobody" group
+awk -F: '{ i = ($3 == $4 && $4 != 65534) ? $3 : $3":"$4; printf("u %-10s %-7s - %-20s %s\n", $1,i,$6,$7) }' < /usr/share/base-passwd/passwd.master
diff --git a/debian/extra/modprobe.d-udeb/scsi-mod-scan-sync.conf b/debian/extra/modprobe.d-udeb/scsi-mod-scan-sync.conf
new file mode 100644
index 0000000..b5781d7
--- /dev/null
+++ b/debian/extra/modprobe.d-udeb/scsi-mod-scan-sync.conf
@@ -0,0 +1,4 @@
+# Use synchronous scanning, to block update-dev in d-i/hw-detect until after the scan is done
+# This ensures that partitioning stage has all the drives detected
+
+options scsi_mod scan=sync
diff --git a/debian/extra/network/73-usb-net-by-mac.link b/debian/extra/network/73-usb-net-by-mac.link
new file mode 100644
index 0000000..98800cd
--- /dev/null
+++ b/debian/extra/network/73-usb-net-by-mac.link
@@ -0,0 +1,5 @@
+[Match]
+Path=*-usb-*
+
+[Link]
+NamePolicy=mac
diff --git a/debian/extra/pam-configs/systemd b/debian/extra/pam-configs/systemd
new file mode 100644
index 0000000..5b56996
--- /dev/null
+++ b/debian/extra/pam-configs/systemd
@@ -0,0 +1,7 @@
+Name: Register user sessions in the systemd control group hierarchy
+Default: yes
+Priority: 0
+Session-Interactive-Only: yes
+Session-Type: Additional
+Session:
+ optional pam_systemd.so
diff --git a/debian/extra/pam-configs/systemd-homed b/debian/extra/pam-configs/systemd-homed
new file mode 100644
index 0000000..0613efc
--- /dev/null
+++ b/debian/extra/pam-configs/systemd-homed
@@ -0,0 +1,15 @@
+Name: Enable user management by systemd-homed
+Default: yes
+Priority: 257
+Auth-Type: Primary
+Auth:
+ [success=end default=ignore] pam_systemd_home.so
+Account-Type: Primary
+Account:
+ [success=end default=ignore] pam_systemd_home.so
+Session-Type: Additional
+Session:
+ optional pam_systemd_home.so
+Password-Type: Primary
+Password:
+ [success=end default=ignore] pam_systemd_home.so
diff --git a/debian/extra/pam.d/systemd-user b/debian/extra/pam.d/systemd-user
new file mode 100644
index 0000000..65279f9
--- /dev/null
+++ b/debian/extra/pam.d/systemd-user
@@ -0,0 +1,13 @@
+# This file is part of systemd.
+#
+# Used by systemd --user instances.
+
+@include common-account
+
+session required pam_selinux.so close
+session required pam_selinux.so nottys open
+session required pam_loginuid.so
+session required pam_limits.so
+@include common-session-noninteractive
+session optional pam_keyinit.so force revoke
+session optional pam_systemd.so
diff --git a/debian/extra/rules-ubuntu/40-vm-hotadd.rules b/debian/extra/rules-ubuntu/40-vm-hotadd.rules
new file mode 100644
index 0000000..7f2640b
--- /dev/null
+++ b/debian/extra/rules-ubuntu/40-vm-hotadd.rules
@@ -0,0 +1,14 @@
+# On Hyper-V and Xen Virtual Machines we want to add memory and cpus as soon as they appear
+ATTR{[dmi/id]sys_vendor}=="Microsoft Corporation", ATTR{[dmi/id]product_name}=="Virtual Machine", GOTO="vm_hotadd_apply"
+ATTR{[dmi/id]sys_vendor}=="Xen", GOTO="vm_hotadd_apply"
+GOTO="vm_hotadd_end"
+
+LABEL="vm_hotadd_apply"
+
+# Memory hotadd request
+SUBSYSTEM=="memory", ACTION=="add", DEVPATH=="/devices/system/memory/memory[0-9]*", TEST=="state", ATTR{state}!="online", ATTR{state}="online"
+
+# CPU hotadd request
+SUBSYSTEM=="cpu", ACTION=="add", DEVPATH=="/devices/system/cpu/cpu[0-9]*", TEST=="online", ATTR{online}!="1", ATTR{online}="1"
+
+LABEL="vm_hotadd_end"
diff --git a/debian/extra/rules-ubuntu/61-persistent-storage-android.rules b/debian/extra/rules-ubuntu/61-persistent-storage-android.rules
new file mode 100644
index 0000000..369d5a6
--- /dev/null
+++ b/debian/extra/rules-ubuntu/61-persistent-storage-android.rules
@@ -0,0 +1,6 @@
+# Android based kernel exports the uevent property PARTNAME, which can be
+# used to find out at run time the named partitions (e.g. boot) for the
+# device. This is specially useful for the Touch based images and flash-kernel,
+# to automatically update the kernel by writing at the correct partition
+# (independently of the hardware revision).
+ACTION!="remove", KERNEL=="mmcblk[0-9]p[0-9]", ENV{PARTNAME}=="?*", SYMLINK+="disk/by-partlabel/$env{PARTNAME}"
diff --git a/debian/extra/rules-ubuntu/71-power-switch-proliant.rules b/debian/extra/rules-ubuntu/71-power-switch-proliant.rules
new file mode 100644
index 0000000..022baeb
--- /dev/null
+++ b/debian/extra/rules-ubuntu/71-power-switch-proliant.rules
@@ -0,0 +1,2 @@
+ACTION!="remove", SUBSYSTEM=="input", KERNEL=="event*", SUBSYSTEMS=="platform", KERNELS=="gpio_keys.6|soc:gpio_keys", PROGRAM="/bin/cat /proc/device-tree/model", RESULT=="HP ProLiant m400 Server Cartridge", TAG+="power-switch"
+ACTION!="remove", SUBSYSTEM=="input", KERNEL=="event*", SUBSYSTEMS=="platform", KERNELS=="gpio_keys.12", ATTRS{keys}=="116", PROGRAM="/bin/cat /proc/device-tree/model", RESULT=="HP ProLiant m800 Server Cartridge", TAG+="power-switch"
diff --git a/debian/extra/rules-ubuntu/78-graphics-card.rules b/debian/extra/rules-ubuntu/78-graphics-card.rules
new file mode 100644
index 0000000..b3b906c
--- /dev/null
+++ b/debian/extra/rules-ubuntu/78-graphics-card.rules
@@ -0,0 +1,30 @@
+# do not edit this file, it will be overwritten on update
+
+ACTION!="add", GOTO="graphics_end"
+
+# Tag the drm device for KMS-supporting drivers as the primary device for
+# the display; for non-KMS drivers tag the framebuffer device instead.
+
+SUBSYSTEM!="drm", GOTO="drm_end"
+KERNEL!="card[0-9]*", GOTO="drm_end"
+ENV{DEVTYPE}!="drm_minor", GOTO="drm_end"
+
+DRIVERS=="i915", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+DRIVERS=="radeon", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+DRIVERS=="nouveau", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+DRIVERS=="vmwgfx", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+
+LABEL="drm_end"
+
+SUBSYSTEM!="graphics", GOTO="graphics_end"
+
+DRIVERS=="i915", GOTO="graphics_end"
+DRIVERS=="radeon", GOTO="graphics_end"
+DRIVERS=="nouveau", GOTO="graphics_end"
+DRIVERS=="efifb", GOTO="graphics_end"
+DRIVERS=="efi-framebuffer", GOTO="graphics_end"
+DRIVERS=="vesa-framebuffer", GOTO="graphics_end"
+
+KERNEL=="fb[0-9]*", ENV{PRIMARY_DEVICE_FOR_DISPLAY}="1"
+
+LABEL="graphics_end"
diff --git a/debian/extra/rules/50-firmware.rules b/debian/extra/rules/50-firmware.rules
new file mode 100644
index 0000000..f7a08ce
--- /dev/null
+++ b/debian/extra/rules/50-firmware.rules
@@ -0,0 +1,3 @@
+# stub for immediately telling the kernel that userspace firmware loading
+# failed; necessary to avoid long timeouts with CONFIG_FW_LOADER_USER_HELPER=y
+SUBSYSTEM=="firmware", ACTION=="add", ATTR{loading}="-1"
diff --git a/debian/extra/rules/73-special-net-names.rules b/debian/extra/rules/73-special-net-names.rules
new file mode 100644
index 0000000..3b145ed
--- /dev/null
+++ b/debian/extra/rules/73-special-net-names.rules
@@ -0,0 +1,14 @@
+# On Dell PowerEdge systems, the iDRAC7 and later support a USB Virtual NIC
+# which terminates in the iDRAC. Help identify this with 'idrac'
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", ATTRS{idVendor}=="413c", ATTRS{idProduct}=="a102", NAME="idrac"
+
+# On IBM systems the Integrated Management Module is reachable using a
+# # USB Virtual NIC.
+ACTION=="add", SUBSYSTEM=="net", SUBSYSTEMS=="usb", \
+ ATTRS{idVendor}=="04b3", ATTRS{idProduct}=="0325", NAME="ibmimm"
+
+# ibmveth devices' $DEVPATH number is tied to (virtual) hardware (slot id
+# selected in the HMC), thus this provides a reliable naming (e. g.
+# "/devices/vio/30000002/net/eth1"); we ignore the bus number, as
+# there should only ever be one bus, and then remove leading zeros
+ACTION=="add", SUBSYSTEM=="net", NAME=="", DRIVERS=="ibmveth", PROGRAM="/bin/sh -ec 'D=$${DEVPATH#*/vio/}; D=$${D%%%%/*}; D=$${D#????}; D=$${D#0}; D=$${D#0}; D=$${D#0}; D=$${D#0}; echo $${D:-0}'", NAME="ibmveth$result"
diff --git a/debian/extra/rules/80-debian-compat.rules b/debian/extra/rules/80-debian-compat.rules
new file mode 100644
index 0000000..1c4dbc5
--- /dev/null
+++ b/debian/extra/rules/80-debian-compat.rules
@@ -0,0 +1,16 @@
+# Debian specific udev rules for backwards compatibility
+
+# needed for old tape drivers, http://bugs.debian.org/657948
+SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="[module/sg]", RUN{builtin}+="kmod load sg"
+
+# device permissions
+KERNEL=="mISDNtimer", GROUP="dialout"
+KERNEL=="mwave", GROUP="dialout"
+KERNEL=="nvram", GROUP="kmem", MODE="0640"
+KERNEL=="pktcdvd", GROUP="cdrom", MODE="0644"
+KERNEL=="lirc[0-9]*", GROUP="video"
+KERNEL=="legousbtower*", MODE="0666"
+KERNEL=="sonypi", MODE="0666"
+KERNEL=="mmtimer", MODE="0644"
+KERNEL=="sgi_*", MODE="0666"
+KERNEL=="z90crypt", MODE="0666"
diff --git a/debian/extra/start-udev b/debian/extra/start-udev
new file mode 100755
index 0000000..1adfc52
--- /dev/null
+++ b/debian/extra/start-udev
@@ -0,0 +1,23 @@
+#!/bin/sh -e
+
+if [ -w /sys/kernel/uevent_helper ]; then
+ echo > /sys/kernel/uevent_helper
+fi
+
+if ! grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then
+ mount -n -o mode=0755 -t devtmpfs devtmpfs /dev
+ # Setup a few /dev symlinks, see #975018
+ [ ! -h /dev/fd ] && ln -s /proc/self/fd /dev/fd
+ [ ! -h /dev/stdin ] && ln -s /proc/self/fd/0 /dev/stdin
+ [ ! -h /dev/stdout ] && ln -s /proc/self/fd/1 /dev/stdout
+ [ ! -h /dev/stderr ] && ln -s /proc/self/fd/2 /dev/stderr
+fi
+
+SYSTEMD_LOG_LEVEL=notice /usr/lib/systemd/systemd-udevd --daemon --resolve-names=never
+
+udevadm trigger --action=add
+
+mkdir -p /dev/pts
+mount -t devpts -o noexec,nosuid,gid=5,mode=0620 devpts /dev/pts
+
+udevadm settle || true
diff --git a/debian/extra/systemd-oomd-defaults/-.slice.d/10-oomd-root-slice-defaults.conf b/debian/extra/systemd-oomd-defaults/-.slice.d/10-oomd-root-slice-defaults.conf
new file mode 100644
index 0000000..49958e8
--- /dev/null
+++ b/debian/extra/systemd-oomd-defaults/-.slice.d/10-oomd-root-slice-defaults.conf
@@ -0,0 +1,2 @@
+[Slice]
+ManagedOOMSwap=kill
diff --git a/debian/extra/systemd-oomd-defaults/oomd.conf.d/10-oomd-defaults.conf b/debian/extra/systemd-oomd-defaults/oomd.conf.d/10-oomd-defaults.conf
new file mode 100644
index 0000000..0254657
--- /dev/null
+++ b/debian/extra/systemd-oomd-defaults/oomd.conf.d/10-oomd-defaults.conf
@@ -0,0 +1,2 @@
+[OOM]
+DefaultMemoryPressureDurationSec=20s
diff --git a/debian/extra/systemd-oomd-defaults/user@.service.d/10-oomd-user-service-defaults.conf b/debian/extra/systemd-oomd-defaults/user@.service.d/10-oomd-user-service-defaults.conf
new file mode 100644
index 0000000..94d5c87
--- /dev/null
+++ b/debian/extra/systemd-oomd-defaults/user@.service.d/10-oomd-user-service-defaults.conf
@@ -0,0 +1,3 @@
+[Service]
+ManagedOOMMemoryPressure=kill
+ManagedOOMMemoryPressureLimit=50%
diff --git a/debian/extra/systemd-sysv-install b/debian/extra/systemd-sysv-install
new file mode 100755
index 0000000..7e90dc2
--- /dev/null
+++ b/debian/extra/systemd-sysv-install
@@ -0,0 +1,56 @@
+#!/bin/sh
+# This script is called by "systemctl enable/disable" when the given unit is a
+# SysV init.d script. It needs to call the distribution's mechanism for
+# enabling/disabling those, such as chkconfig, update-rc.d, or similar. This
+# can optionally take a --root argument for enabling a SysV init script
+# in a chroot or similar.
+set -eu
+
+usage() {
+ echo "Usage: $0 [--root=path] enable|disable|is-enabled <sysv script name>" >&2
+ exit 1
+}
+
+ROOT=
+
+# parse options
+eval set -- "$(getopt -o r: --long root: -- "$@")"
+while true; do
+ case "$1" in
+ -r|--root)
+ ROOT="$2"
+ shift 2 ;;
+ --) shift ; break ;;
+ *) usage ;;
+ esac
+done
+
+NAME="${2:-}"
+
+run() {
+ if [ -n "$ROOT" ] && [ "$ROOT" != "/" ]; then
+ _SKIP_SYSTEMD_NATIVE=1 chroot "$ROOT" /usr/sbin/update-rc.d "$@"
+ else
+ _SKIP_SYSTEMD_NATIVE=1 /usr/sbin/update-rc.d "$@"
+ fi
+}
+
+[ -n "$NAME" ] || usage
+
+case "$1" in
+ enable)
+ # call the command to enable SysV init script $NAME here..
+ run "$NAME" defaults
+ run "$NAME" enable
+ ;;
+ disable)
+ run "$NAME" defaults
+ run "$NAME" disable
+ ;;
+ is-enabled)
+ # exit with 0 if $NAME is enabled, non-zero if it is disabled
+ ls "$ROOT"/etc/rc[S5].d/S??"$NAME" >/dev/null 2>&1
+ ;;
+ *)
+ usage ;;
+esac
diff --git a/debian/extra/systemd.py b/debian/extra/systemd.py
new file mode 100644
index 0000000..d79e0eb
--- /dev/null
+++ b/debian/extra/systemd.py
@@ -0,0 +1,28 @@
+'''apport package hook for systemd
+
+(c) 2014 Canonical Ltd.
+Author: Martin Pitt <martin.pitt@ubuntu.com>
+'''
+
+import os.path
+import apport.hookutils
+
+def add_info(report):
+ apport.hookutils.attach_hardware(report)
+
+ report['SystemdDelta'] = apport.hookutils.command_output(['systemd-delta'])
+
+ if not os.path.exists('/run/systemd/system'):
+ return
+
+ # Add details about all failed units, if any
+ out = apport.hookutils.command_output(['systemctl', '--state=failed', '--full',
+ '--no-legend']).strip()
+ if out:
+ failed = ''
+ for line in out.splitlines():
+ unit = line.split()[0]
+ if failed:
+ failed += '------\n'
+ failed += apport.hookutils.command_output(['systemctl', 'status', '--full', unit])
+ report['SystemdFailedUnits'] = failed
diff --git a/debian/extra/tmpfiles.d/debian.conf b/debian/extra/tmpfiles.d/debian.conf
new file mode 100644
index 0000000..0f55da0
--- /dev/null
+++ b/debian/extra/tmpfiles.d/debian.conf
@@ -0,0 +1,16 @@
+# This file is part of the debianisation of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+# See tmpfiles.d(5) for details
+
+# Type Path Mode UID GID Age Argument
+L /run/shm - - - - /dev/shm
+d /run/sendsigs.omit.d 0755 root root -
+
+L+ /etc/mtab - - - - ../proc/self/mounts
+L+ /etc/default/locale - - - - ../locale.conf
+L+ /etc/vconsole.conf - - - - default/keyboard
diff --git a/debian/extra/udev.py b/debian/extra/udev.py
new file mode 100644
index 0000000..d8bc76f
--- /dev/null
+++ b/debian/extra/udev.py
@@ -0,0 +1,19 @@
+'''apport package hook for udev
+
+(c) 2009 Canonical Ltd.
+Author: Martin Pitt <martin.pitt@ubuntu.com>
+'''
+
+import os
+import apport.hookutils
+
+def add_info(report):
+ apport.hookutils.attach_hardware(report)
+
+ user_rules = []
+ for f in os.listdir('/etc/udev/rules.d'):
+ if not f.startswith('70-persistent-') and f != 'README':
+ user_rules.append(f)
+
+ if user_rules:
+ report['CustomUdevRuleFiles'] = ' '.join(user_rules)
diff --git a/debian/extra/units-ubuntu/user@.service.d/timeout.conf b/debian/extra/units-ubuntu/user@.service.d/timeout.conf
new file mode 100644
index 0000000..213eb65
--- /dev/null
+++ b/debian/extra/units-ubuntu/user@.service.d/timeout.conf
@@ -0,0 +1,4 @@
+# Avoid long hangs during shutdown if user services fail/hang due to X.org
+# going away too early
+[Service]
+TimeoutStopSec=5
diff --git a/debian/extra/units/getty-static.service b/debian/extra/units/getty-static.service
new file mode 100644
index 0000000..25c5c72
--- /dev/null
+++ b/debian/extra/units/getty-static.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=getty on tty2-tty6 if dbus and logind are not available
+ConditionPathExists=/dev/tty0
+ConditionPathExists=!/usr/bin/dbus-daemon
+ConditionPathExists=!/usr/bin/dbus-broker
+
+[Service]
+Type=oneshot
+ExecStart=systemctl --no-block start getty@tty2.service getty@tty3.service getty@tty4.service getty@tty5.service getty@tty6.service
+RemainAfterExit=true
diff --git a/debian/extra/units/rc-local.service.d/debian.conf b/debian/extra/units/rc-local.service.d/debian.conf
new file mode 100644
index 0000000..ec77220
--- /dev/null
+++ b/debian/extra/units/rc-local.service.d/debian.conf
@@ -0,0 +1,10 @@
+[Unit]
+# not specified by LSB, but has been behaving that way in Debian under SysV
+# init and upstart
+After=network-online.target
+
+# Often contains status messages which users expect to see on the console
+# during boot
+[Service]
+StandardOutput=journal+console
+StandardError=journal+console
diff --git a/debian/extra/units/systemd-localed.service.d/x11-keyboard.conf b/debian/extra/units/systemd-localed.service.d/x11-keyboard.conf
new file mode 100644
index 0000000..7c7f91f
--- /dev/null
+++ b/debian/extra/units/systemd-localed.service.d/x11-keyboard.conf
@@ -0,0 +1,4 @@
+[Service]
+# systemd-localed will try to write to /etc/X11/xorg.conf.d/00-keyboard.conf
+# if it can, but we don't use it. Make the path read-only so that it skips it.
+ReadOnlyPaths=-/etc/X11/xorg.conf.d/
diff --git a/debian/extra/units/systemd-logind.service.d/dbus.conf b/debian/extra/units/systemd-logind.service.d/dbus.conf
new file mode 100644
index 0000000..bd78263
--- /dev/null
+++ b/debian/extra/units/systemd-logind.service.d/dbus.conf
@@ -0,0 +1,9 @@
+# logind fails to start in minimal environments without dbus, such as LXC
+# containers or servers. Add a startup condition to avoid the very noisy
+# startup failure.
+# Consider both dbus-daemon (the reference implementation) and dbus-broker.
+# See https://bugs.debian.org/772700
+
+[Unit]
+ConditionPathExists=|/usr/bin/dbus-daemon
+ConditionPathExists=|/usr/bin/dbus-broker
diff --git a/debian/extra/units/systemd-udevd.service.d/syscall-architecture.conf b/debian/extra/units/systemd-udevd.service.d/syscall-architecture.conf
new file mode 100644
index 0000000..0395c2d
--- /dev/null
+++ b/debian/extra/units/systemd-udevd.service.d/syscall-architecture.conf
@@ -0,0 +1,7 @@
+# We can't really control what helper programs are run from other udev
+# rules. E.g. running i386 binaries under amd64 is a valid use case and
+# should not trigger a SIGSYS failure.
+# https://bugs.debian.org/869719
+
+[Service]
+SystemCallArchitectures=